From f5c500cf6b8654398d78d2fe1eeeb1b247e57d07 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 23 Jul 2024 13:22:20 +0200 Subject: [PATCH 001/172] Fix typo --- libcrux-sha3/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-sha3/README.md b/libcrux-sha3/README.md index c2b98d18a..e6c263cc6 100644 --- a/libcrux-sha3/README.md +++ b/libcrux-sha3/README.md @@ -4,7 +4,7 @@ This crate implements [SHA3] (FIPS 202). -It is provides +It provides - a portable implementation - an AVX2 optimised implementation - a Neon optimised implementation From 5237bffaa324ece0fd5a5d26b2b6103a23db6780 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 23 Jul 2024 13:22:45 +0200 Subject: [PATCH 002/172] CAVP crate Readme --- cavp/README.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 cavp/README.md diff --git a/cavp/README.md b/cavp/README.md new file mode 100644 index 000000000..c90cd1f02 --- /dev/null +++ b/cavp/README.md @@ -0,0 +1,9 @@ +# Libcrux CAVP Utilities + +> The NIST Cryptographic Algorithm Validation Program (CAVP) provides validation testing of Approved (i.e., FIPS-approved and NIST-recommended) cryptographic algorithms and their individual components. + +- [NIST: Cryptographic Algorithm Validation + Program](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program) + + This crate provides tooling around parsing and handling of CAVP test + vectors for `libcrux` crates. From 6042f03af2ea93af04c5e26b97f4bd76ce16e9f4 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 29 Jul 2024 16:20:17 +0200 Subject: [PATCH 003/172] Rename CAVP Readme to conform to workspace --- cavp/{README.md => Readme.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename cavp/{README.md => Readme.md} (100%) diff --git a/cavp/README.md b/cavp/Readme.md similarity index 100% rename from cavp/README.md rename to cavp/Readme.md From db8fa55bd029b57005f75249a998e250f4e883aa Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 29 Jul 2024 16:32:29 +0200 Subject: [PATCH 004/172] Basic ECDH Readme --- libcrux-ecdh/Readme.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 libcrux-ecdh/Readme.md diff --git a/libcrux-ecdh/Readme.md b/libcrux-ecdh/Readme.md new file mode 100644 index 000000000..a31ac3195 --- /dev/null +++ b/libcrux-ecdh/Readme.md @@ -0,0 +1,24 @@ +# Elliptic Curve Diffie-Hellman (ECDH) + +![pre-verification] + +This crate provides an API for performing elliptic curve +Diffie-Hellman. Currently supported curves are Curve 25519 and NIST +curve P256. + +Depending on the platform and available features the most +efficient implementation is chosen. + +While the underlying implementations in HACL and libjade are verified, +the API built on top is not, yet. + +## x25519 +For x25519 the portable HACL implementation is used unless running on an x64 +CPU with BMI2 and ADX support. In this case the libjade implementation is +used. + +## P256 +For P256 the portable HACL implementation is used. + +[verified]: https://img.shields.io/badge/verified-brightgreen.svg?style=for-the-badge&logo=data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IS0tIFVwbG9hZGVkIHRvOiBTVkcgUmVwbywgd3d3LnN2Z3JlcG8uY29tLCBHZW5lcmF0b3I6IFNWRyBSZXBvIE1peGVyIFRvb2xzIC0tPg0KPHN2ZyB3aWR0aD0iODAwcHgiIGhlaWdodD0iODAwcHgiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4NCjxwYXRoIGQ9Ik05IDEyTDExIDE0TDE1IDkuOTk5OTlNMjAgMTJDMjAgMTYuNDYxMSAxNC41NCAxOS42OTM3IDEyLjY0MTQgMjAuNjgzQzEyLjQzNjEgMjAuNzkgMTIuMzMzNCAyMC44NDM1IDEyLjE5MSAyMC44NzEyQzEyLjA4IDIwLjg5MjggMTEuOTIgMjAuODkyOCAxMS44MDkgMjAuODcxMkMxMS42NjY2IDIwLjg0MzUgMTEuNTYzOSAyMC43OSAxMS4zNTg2IDIwLjY4M0M5LjQ1OTk2IDE5LjY5MzcgNCAxNi40NjExIDQgMTJWOC4yMTc1OUM0IDcuNDE4MDggNCA3LjAxODMzIDQuMTMwNzYgNi42NzQ3QzQuMjQ2MjcgNi4zNzExMyA0LjQzMzk4IDYuMTAwMjcgNC42Nzc2NiA1Ljg4NTUyQzQuOTUzNSA1LjY0MjQzIDUuMzI3OCA1LjUwMjA3IDYuMDc2NCA1LjIyMTM0TDExLjQzODIgMy4yMTA2N0MxMS42NDYxIDMuMTMyNzEgMTEuNzUgMy4wOTM3MyAxMS44NTcgMy4wNzgyN0MxMS45NTE4IDMuMDY0NTcgMTIuMDQ4MiAzLjA2NDU3IDEyLjE0MyAzLjA3ODI3QzEyLjI1IDMuMDkzNzMgMTIuMzUzOSAzLjEzMjcxIDEyLjU2MTggMy4yMTA2N0wxNy45MjM2IDUuMjIxMzRDMTguNjcyMiA1LjUwMjA3IDE5LjA0NjUgNS42NDI0MyAxOS4zMjIzIDUuODg1NTJDMTkuNTY2IDYuMTAwMjcgMTkuNzUzNyA2LjM3MTEzIDE5Ljg2OTIgNi42NzQ3QzIwIDcuMDE4MzMgMjAgNy40MTgwOCAyMCA4LjIxNzU5VjEyWiIgc3Ryb2tlPSIjMDAwMDAwIiBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIvPg0KPC9zdmc+ +[pre-verification]: https://img.shields.io/badge/pre_verification-orange.svg?style=for-the-badge&logo=data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IS0tIFVwbG9hZGVkIHRvOiBTVkcgUmVwbywgd3d3LnN2Z3JlcG8uY29tLCBHZW5lcmF0b3I6IFNWRyBSZXBvIE1peGVyIFRvb2xzIC0tPg0KPHN2ZyB3aWR0aD0iODAwcHgiIGhlaWdodD0iODAwcHgiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4NCjxwYXRoIGQ9Ik05IDEySDE1TTIwIDEyQzIwIDE2LjQ2MTEgMTQuNTQgMTkuNjkzNyAxMi42NDE0IDIwLjY4M0MxMi40MzYxIDIwLjc5IDEyLjMzMzQgMjAuODQzNSAxMi4xOTEgMjAuODcxMkMxMi4wOCAyMC44OTI4IDExLjkyIDIwLjg5MjggMTEuODA5IDIwLjg3MTJDMTEuNjY2NiAyMC44NDM1IDExLjU2MzkgMjAuNzkgMTEuMzU4NiAyMC42ODNDOS40NTk5NiAxOS42OTM3IDQgMTYuNDYxMSA0IDEyVjguMjE3NTlDNCA3LjQxODA4IDQgNy4wMTgzMyA0LjEzMDc2IDYuNjc0N0M0LjI0NjI3IDYuMzcxMTMgNC40MzM5OCA2LjEwMDI3IDQuNjc3NjYgNS44ODU1MkM0Ljk1MzUgNS42NDI0MyA1LjMyNzggNS41MDIwNyA2LjA3NjQgNS4yMjEzNEwxMS40MzgyIDMuMjEwNjdDMTEuNjQ2MSAzLjEzMjcxIDExLjc1IDMuMDkzNzMgMTEuODU3IDMuMDc4MjdDMTEuOTUxOCAzLjA2NDU3IDEyLjA0ODIgMy4wNjQ1NyAxMi4xNDMgMy4wNzgyN0MxMi4yNSAzLjA5MzczIDEyLjM1MzkgMy4xMzI3MSAxMi41NjE4IDMuMjEwNjdMMTcuOTIzNiA1LjIyMTM0QzE4LjY3MjIgNS41MDIwNyAxOS4wNDY1IDUuNjQyNDMgMTkuMzIyMyA1Ljg4NTUyQzE5LjU2NiA2LjEwMDI3IDE5Ljc1MzcgNi4zNzExMyAxOS44NjkyIDYuNjc0N0MyMCA3LjAxODMzIDIwIDcuNDE4MDggMjAgOC4yMTc1OVYxMloiIHN0cm9rZT0iIzAwMDAwMCIgc3Ryb2tlLXdpZHRoPSIyIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiLz4NCjwvc3ZnPg== From cbf91a4e869c55e463fa7d5ccdb0b168f62a5042 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 29 Jul 2024 16:34:32 +0200 Subject: [PATCH 005/172] Add verification status to KEM crate Readme --- libcrux-kem/README.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libcrux-kem/README.md b/libcrux-kem/README.md index 527642d53..df9c0dee6 100644 --- a/libcrux-kem/README.md +++ b/libcrux-kem/README.md @@ -1,6 +1,8 @@ -# Key Encapsulation Mechanism +# Key Encapsulation Mechanism (KEM) -A KEM interface. +![pre-verification] + +This crate provides a KEM interface. Available algorithms: @@ -29,3 +31,5 @@ assert_eq!(ss_b.encode(), ss_a.encode()); ``` [FIPS 203]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.ipd.pdf +[verified]: https://img.shields.io/badge/verified-brightgreen.svg?style=for-the-badge&logo=data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IS0tIFVwbG9hZGVkIHRvOiBTVkcgUmVwbywgd3d3LnN2Z3JlcG8uY29tLCBHZW5lcmF0b3I6IFNWRyBSZXBvIE1peGVyIFRvb2xzIC0tPg0KPHN2ZyB3aWR0aD0iODAwcHgiIGhlaWdodD0iODAwcHgiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4NCjxwYXRoIGQ9Ik05IDEyTDExIDE0TDE1IDkuOTk5OTlNMjAgMTJDMjAgMTYuNDYxMSAxNC41NCAxOS42OTM3IDEyLjY0MTQgMjAuNjgzQzEyLjQzNjEgMjAuNzkgMTIuMzMzNCAyMC44NDM1IDEyLjE5MSAyMC44NzEyQzEyLjA4IDIwLjg5MjggMTEuOTIgMjAuODkyOCAxMS44MDkgMjAuODcxMkMxMS42NjY2IDIwLjg0MzUgMTEuNTYzOSAyMC43OSAxMS4zNTg2IDIwLjY4M0M5LjQ1OTk2IDE5LjY5MzcgNCAxNi40NjExIDQgMTJWOC4yMTc1OUM0IDcuNDE4MDggNCA3LjAxODMzIDQuMTMwNzYgNi42NzQ3QzQuMjQ2MjcgNi4zNzExMyA0LjQzMzk4IDYuMTAwMjcgNC42Nzc2NiA1Ljg4NTUyQzQuOTUzNSA1LjY0MjQzIDUuMzI3OCA1LjUwMjA3IDYuMDc2NCA1LjIyMTM0TDExLjQzODIgMy4yMTA2N0MxMS42NDYxIDMuMTMyNzEgMTEuNzUgMy4wOTM3MyAxMS44NTcgMy4wNzgyN0MxMS45NTE4IDMuMDY0NTcgMTIuMDQ4MiAzLjA2NDU3IDEyLjE0MyAzLjA3ODI3QzEyLjI1IDMuMDkzNzMgMTIuMzUzOSAzLjEzMjcxIDEyLjU2MTggMy4yMTA2N0wxNy45MjM2IDUuMjIxMzRDMTguNjcyMiA1LjUwMjA3IDE5LjA0NjUgNS42NDI0MyAxOS4zMjIzIDUuODg1NTJDMTkuNTY2IDYuMTAwMjcgMTkuNzUzNyA2LjM3MTEzIDE5Ljg2OTIgNi42NzQ3QzIwIDcuMDE4MzMgMjAgNy40MTgwOCAyMCA4LjIxNzU5VjEyWiIgc3Ryb2tlPSIjMDAwMDAwIiBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIvPg0KPC9zdmc+ +[pre-verification]: https://img.shields.io/badge/pre_verification-orange.svg?style=for-the-badge&logo=data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IS0tIFVwbG9hZGVkIHRvOiBTVkcgUmVwbywgd3d3LnN2Z3JlcG8uY29tLCBHZW5lcmF0b3I6IFNWRyBSZXBvIE1peGVyIFRvb2xzIC0tPg0KPHN2ZyB3aWR0aD0iODAwcHgiIGhlaWdodD0iODAwcHgiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4NCjxwYXRoIGQ9Ik05IDEySDE1TTIwIDEyQzIwIDE2LjQ2MTEgMTQuNTQgMTkuNjkzNyAxMi42NDE0IDIwLjY4M0MxMi40MzYxIDIwLjc5IDEyLjMzMzQgMjAuODQzNSAxMi4xOTEgMjAuODcxMkMxMi4wOCAyMC44OTI4IDExLjkyIDIwLjg5MjggMTEuODA5IDIwLjg3MTJDMTEuNjY2NiAyMC44NDM1IDExLjU2MzkgMjAuNzkgMTEuMzU4NiAyMC42ODNDOS40NTk5NiAxOS42OTM3IDQgMTYuNDYxMSA0IDEyVjguMjE3NTlDNCA3LjQxODA4IDQgNy4wMTgzMyA0LjEzMDc2IDYuNjc0N0M0LjI0NjI3IDYuMzcxMTMgNC40MzM5OCA2LjEwMDI3IDQuNjc3NjYgNS44ODU1MkM0Ljk1MzUgNS42NDI0MyA1LjMyNzggNS41MDIwNyA2LjA3NjQgNS4yMjEzNEwxMS40MzgyIDMuMjEwNjdDMTEuNjQ2MSAzLjEzMjcxIDExLjc1IDMuMDkzNzMgMTEuODU3IDMuMDc4MjdDMTEuOTUxOCAzLjA2NDU3IDEyLjA0ODIgMy4wNjQ1NyAxMi4xNDMgMy4wNzgyN0MxMi4yNSAzLjA5MzczIDEyLjM1MzkgMy4xMzI3MSAxMi41NjE4IDMuMjEwNjdMMTcuOTIzNiA1LjIyMTM0QzE4LjY3MjIgNS41MDIwNyAxOS4wNDY1IDUuNjQyNDMgMTkuMzIyMyA1Ljg4NTUyQzE5LjU2NiA2LjEwMDI3IDE5Ljc1MzcgNi4zNzExMyAxOS44NjkyIDYuNjc0N0MyMCA3LjAxODMzIDIwIDcuNDE4MDggMjAgOC4yMTc1OVYxMloiIHN0cm9rZT0iIzAwMDAwMCIgc3Ryb2tlLXdpZHRoPSIyIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiLz4NCjwvc3ZnPg== From 0a53841eb09dc9fe96244cd2979441d77f85a2dc Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 29 Jul 2024 16:35:17 +0200 Subject: [PATCH 006/172] Add verification status to PSQ crate Readme --- libcrux-psq/README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libcrux-psq/README.md b/libcrux-psq/README.md index 7656963b7..0ed7430d5 100644 --- a/libcrux-psq/README.md +++ b/libcrux-psq/README.md @@ -1,5 +1,7 @@ # Post-Quantum Pre-Shared-Key Protocol (PSQ) # +![pre-verification] + This crate implements a protocol for agreeing on a pre-shared key such that the protocol messages are secure against harvest-now-decrypt-later (HNDL) passive quantum attackers. @@ -45,3 +47,6 @@ To get a comparison of public key and message sizes in bytes run ```sh cargo run --example sizes ``` + +[verified]: https://img.shields.io/badge/verified-brightgreen.svg?style=for-the-badge&logo=data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IS0tIFVwbG9hZGVkIHRvOiBTVkcgUmVwbywgd3d3LnN2Z3JlcG8uY29tLCBHZW5lcmF0b3I6IFNWRyBSZXBvIE1peGVyIFRvb2xzIC0tPg0KPHN2ZyB3aWR0aD0iODAwcHgiIGhlaWdodD0iODAwcHgiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4NCjxwYXRoIGQ9Ik05IDEyTDExIDE0TDE1IDkuOTk5OTlNMjAgMTJDMjAgMTYuNDYxMSAxNC41NCAxOS42OTM3IDEyLjY0MTQgMjAuNjgzQzEyLjQzNjEgMjAuNzkgMTIuMzMzNCAyMC44NDM1IDEyLjE5MSAyMC44NzEyQzEyLjA4IDIwLjg5MjggMTEuOTIgMjAuODkyOCAxMS44MDkgMjAuODcxMkMxMS42NjY2IDIwLjg0MzUgMTEuNTYzOSAyMC43OSAxMS4zNTg2IDIwLjY4M0M5LjQ1OTk2IDE5LjY5MzcgNCAxNi40NjExIDQgMTJWOC4yMTc1OUM0IDcuNDE4MDggNCA3LjAxODMzIDQuMTMwNzYgNi42NzQ3QzQuMjQ2MjcgNi4zNzExMyA0LjQzMzk4IDYuMTAwMjcgNC42Nzc2NiA1Ljg4NTUyQzQuOTUzNSA1LjY0MjQzIDUuMzI3OCA1LjUwMjA3IDYuMDc2NCA1LjIyMTM0TDExLjQzODIgMy4yMTA2N0MxMS42NDYxIDMuMTMyNzEgMTEuNzUgMy4wOTM3MyAxMS44NTcgMy4wNzgyN0MxMS45NTE4IDMuMDY0NTcgMTIuMDQ4MiAzLjA2NDU3IDEyLjE0MyAzLjA3ODI3QzEyLjI1IDMuMDkzNzMgMTIuMzUzOSAzLjEzMjcxIDEyLjU2MTggMy4yMTA2N0wxNy45MjM2IDUuMjIxMzRDMTguNjcyMiA1LjUwMjA3IDE5LjA0NjUgNS42NDI0MyAxOS4zMjIzIDUuODg1NTJDMTkuNTY2IDYuMTAwMjcgMTkuNzUzNyA2LjM3MTEzIDE5Ljg2OTIgNi42NzQ3QzIwIDcuMDE4MzMgMjAgNy40MTgwOCAyMCA4LjIxNzU5VjEyWiIgc3Ryb2tlPSIjMDAwMDAwIiBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIvPg0KPC9zdmc+ +[pre-verification]: https://img.shields.io/badge/pre_verification-orange.svg?style=for-the-badge&logo=data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IS0tIFVwbG9hZGVkIHRvOiBTVkcgUmVwbywgd3d3LnN2Z3JlcG8uY29tLCBHZW5lcmF0b3I6IFNWRyBSZXBvIE1peGVyIFRvb2xzIC0tPg0KPHN2ZyB3aWR0aD0iODAwcHgiIGhlaWdodD0iODAwcHgiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4NCjxwYXRoIGQ9Ik05IDEySDE1TTIwIDEyQzIwIDE2LjQ2MTEgMTQuNTQgMTkuNjkzNyAxMi42NDE0IDIwLjY4M0MxMi40MzYxIDIwLjc5IDEyLjMzMzQgMjAuODQzNSAxMi4xOTEgMjAuODcxMkMxMi4wOCAyMC44OTI4IDExLjkyIDIwLjg5MjggMTEuODA5IDIwLjg3MTJDMTEuNjY2NiAyMC44NDM1IDExLjU2MzkgMjAuNzkgMTEuMzU4NiAyMC42ODNDOS40NTk5NiAxOS42OTM3IDQgMTYuNDYxMSA0IDEyVjguMjE3NTlDNCA3LjQxODA4IDQgNy4wMTgzMyA0LjEzMDc2IDYuNjc0N0M0LjI0NjI3IDYuMzcxMTMgNC40MzM5OCA2LjEwMDI3IDQuNjc3NjYgNS44ODU1MkM0Ljk1MzUgNS42NDI0MyA1LjMyNzggNS41MDIwNyA2LjA3NjQgNS4yMjEzNEwxMS40MzgyIDMuMjEwNjdDMTEuNjQ2MSAzLjEzMjcxIDExLjc1IDMuMDkzNzMgMTEuODU3IDMuMDc4MjdDMTEuOTUxOCAzLjA2NDU3IDEyLjA0ODIgMy4wNjQ1NyAxMi4xNDMgMy4wNzgyN0MxMi4yNSAzLjA5MzczIDEyLjM1MzkgMy4xMzI3MSAxMi41NjE4IDMuMjEwNjdMMTcuOTIzNiA1LjIyMTM0QzE4LjY3MjIgNS41MDIwNyAxOS4wNDY1IDUuNjQyNDMgMTkuMzIyMyA1Ljg4NTUyQzE5LjU2NiA2LjEwMDI3IDE5Ljc1MzcgNi4zNzExMyAxOS44NjkyIDYuNjc0N0MyMCA3LjAxODMzIDIwIDcuNDE4MDggMjAgOC4yMTc1OVYxMloiIHN0cm9rZT0iIzAwMDAwMCIgc3Ryb2tlLXdpZHRoPSIyIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiLz4NCjwvc3ZnPg== From f1cb0de20d02b2a0d0023cc569c602a875eb6ecd Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 29 Jul 2024 16:42:50 +0200 Subject: [PATCH 007/172] HMAC crate basic Readme --- libcrux-hmac/Readme.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 libcrux-hmac/Readme.md diff --git a/libcrux-hmac/Readme.md b/libcrux-hmac/Readme.md new file mode 100644 index 000000000..2817bb6a1 --- /dev/null +++ b/libcrux-hmac/Readme.md @@ -0,0 +1,9 @@ +# HMAC + +![pre-verification] + +This crate implements HMAC on SHA 1 and SHA 2 (except for SHA 224). + +[verified]: https://img.shields.io/badge/verified-brightgreen.svg?style=for-the-badge&logo=data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IS0tIFVwbG9hZGVkIHRvOiBTVkcgUmVwbywgd3d3LnN2Z3JlcG8uY29tLCBHZW5lcmF0b3I6IFNWRyBSZXBvIE1peGVyIFRvb2xzIC0tPg0KPHN2ZyB3aWR0aD0iODAwcHgiIGhlaWdodD0iODAwcHgiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4NCjxwYXRoIGQ9Ik05IDEyTDExIDE0TDE1IDkuOTk5OTlNMjAgMTJDMjAgMTYuNDYxMSAxNC41NCAxOS42OTM3IDEyLjY0MTQgMjAuNjgzQzEyLjQzNjEgMjAuNzkgMTIuMzMzNCAyMC44NDM1IDEyLjE5MSAyMC44NzEyQzEyLjA4IDIwLjg5MjggMTEuOTIgMjAuODkyOCAxMS44MDkgMjAuODcxMkMxMS42NjY2IDIwLjg0MzUgMTEuNTYzOSAyMC43OSAxMS4zNTg2IDIwLjY4M0M5LjQ1OTk2IDE5LjY5MzcgNCAxNi40NjExIDQgMTJWOC4yMTc1OUM0IDcuNDE4MDggNCA3LjAxODMzIDQuMTMwNzYgNi42NzQ3QzQuMjQ2MjcgNi4zNzExMyA0LjQzMzk4IDYuMTAwMjcgNC42Nzc2NiA1Ljg4NTUyQzQuOTUzNSA1LjY0MjQzIDUuMzI3OCA1LjUwMjA3IDYuMDc2NCA1LjIyMTM0TDExLjQzODIgMy4yMTA2N0MxMS42NDYxIDMuMTMyNzEgMTEuNzUgMy4wOTM3MyAxMS44NTcgMy4wNzgyN0MxMS45NTE4IDMuMDY0NTcgMTIuMDQ4MiAzLjA2NDU3IDEyLjE0MyAzLjA3ODI3QzEyLjI1IDMuMDkzNzMgMTIuMzUzOSAzLjEzMjcxIDEyLjU2MTggMy4yMTA2N0wxNy45MjM2IDUuMjIxMzRDMTguNjcyMiA1LjUwMjA3IDE5LjA0NjUgNS42NDI0MyAxOS4zMjIzIDUuODg1NTJDMTkuNTY2IDYuMTAwMjcgMTkuNzUzNyA2LjM3MTEzIDE5Ljg2OTIgNi42NzQ3QzIwIDcuMDE4MzMgMjAgNy40MTgwOCAyMCA4LjIxNzU5VjEyWiIgc3Ryb2tlPSIjMDAwMDAwIiBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIvPg0KPC9zdmc+ +[pre-verification]: https://img.shields.io/badge/pre_verification-orange.svg?style=for-the-badge&logo=data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IS0tIFVwbG9hZGVkIHRvOiBTVkcgUmVwbywgd3d3LnN2Z3JlcG8uY29tLCBHZW5lcmF0b3I6IFNWRyBSZXBvIE1peGVyIFRvb2xzIC0tPg0KPHN2ZyB3aWR0aD0iODAwcHgiIGhlaWdodD0iODAwcHgiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4NCjxwYXRoIGQ9Ik05IDEySDE1TTIwIDEyQzIwIDE2LjQ2MTEgMTQuNTQgMTkuNjkzNyAxMi42NDE0IDIwLjY4M0MxMi40MzYxIDIwLjc5IDEyLjMzMzQgMjAuODQzNSAxMi4xOTEgMjAuODcxMkMxMi4wOCAyMC44OTI4IDExLjkyIDIwLjg5MjggMTEuODA5IDIwLjg3MTJDMTEuNjY2NiAyMC44NDM1IDExLjU2MzkgMjAuNzkgMTEuMzU4NiAyMC42ODNDOS40NTk5NiAxOS42OTM3IDQgMTYuNDYxMSA0IDEyVjguMjE3NTlDNCA3LjQxODA4IDQgNy4wMTgzMyA0LjEzMDc2IDYuNjc0N0M0LjI0NjI3IDYuMzcxMTMgNC40MzM5OCA2LjEwMDI3IDQuNjc3NjYgNS44ODU1MkM0Ljk1MzUgNS42NDI0MyA1LjMyNzggNS41MDIwNyA2LjA3NjQgNS4yMjEzNEwxMS40MzgyIDMuMjEwNjdDMTEuNjQ2MSAzLjEzMjcxIDExLjc1IDMuMDkzNzMgMTEuODU3IDMuMDc4MjdDMTEuOTUxOCAzLjA2NDU3IDEyLjA0ODIgMy4wNjQ1NyAxMi4xNDMgMy4wNzgyN0MxMi4yNSAzLjA5MzczIDEyLjM1MzkgMy4xMzI3MSAxMi41NjE4IDMuMjEwNjdMMTcuOTIzNiA1LjIyMTM0QzE4LjY3MjIgNS41MDIwNyAxOS4wNDY1IDUuNjQyNDMgMTkuMzIyMyA1Ljg4NTUyQzE5LjU2NiA2LjEwMDI3IDE5Ljc1MzcgNi4zNzExMyAxOS44NjkyIDYuNjc0N0MyMCA3LjAxODMzIDIwIDcuNDE4MDggMjAgOC4yMTc1OVYxMloiIHN0cm9rZT0iIzAwMDAwMCIgc3Ryb2tlLXdpZHRoPSIyIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiLz4NCjwvc3ZnPg== + From b5aa98d435156690eb3e97be0ba6a115467a7540 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 29 Jul 2024 16:43:03 +0200 Subject: [PATCH 008/172] HKDF crate basic Readme --- libcrux-hkdf/Readme.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 libcrux-hkdf/Readme.md diff --git a/libcrux-hkdf/Readme.md b/libcrux-hkdf/Readme.md new file mode 100644 index 000000000..f6121c7b3 --- /dev/null +++ b/libcrux-hkdf/Readme.md @@ -0,0 +1,8 @@ +# HKDF + +![pre-verification] + +This crate implements HKDF on SHA 1 and SHA 2 (except for SHA 224). + +[verified]: https://img.shields.io/badge/verified-brightgreen.svg?style=for-the-badge&logo=data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IS0tIFVwbG9hZGVkIHRvOiBTVkcgUmVwbywgd3d3LnN2Z3JlcG8uY29tLCBHZW5lcmF0b3I6IFNWRyBSZXBvIE1peGVyIFRvb2xzIC0tPg0KPHN2ZyB3aWR0aD0iODAwcHgiIGhlaWdodD0iODAwcHgiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4NCjxwYXRoIGQ9Ik05IDEyTDExIDE0TDE1IDkuOTk5OTlNMjAgMTJDMjAgMTYuNDYxMSAxNC41NCAxOS42OTM3IDEyLjY0MTQgMjAuNjgzQzEyLjQzNjEgMjAuNzkgMTIuMzMzNCAyMC44NDM1IDEyLjE5MSAyMC44NzEyQzEyLjA4IDIwLjg5MjggMTEuOTIgMjAuODkyOCAxMS44MDkgMjAuODcxMkMxMS42NjY2IDIwLjg0MzUgMTEuNTYzOSAyMC43OSAxMS4zNTg2IDIwLjY4M0M5LjQ1OTk2IDE5LjY5MzcgNCAxNi40NjExIDQgMTJWOC4yMTc1OUM0IDcuNDE4MDggNCA3LjAxODMzIDQuMTMwNzYgNi42NzQ3QzQuMjQ2MjcgNi4zNzExMyA0LjQzMzk4IDYuMTAwMjcgNC42Nzc2NiA1Ljg4NTUyQzQuOTUzNSA1LjY0MjQzIDUuMzI3OCA1LjUwMjA3IDYuMDc2NCA1LjIyMTM0TDExLjQzODIgMy4yMTA2N0MxMS42NDYxIDMuMTMyNzEgMTEuNzUgMy4wOTM3MyAxMS44NTcgMy4wNzgyN0MxMS45NTE4IDMuMDY0NTcgMTIuMDQ4MiAzLjA2NDU3IDEyLjE0MyAzLjA3ODI3QzEyLjI1IDMuMDkzNzMgMTIuMzUzOSAzLjEzMjcxIDEyLjU2MTggMy4yMTA2N0wxNy45MjM2IDUuMjIxMzRDMTguNjcyMiA1LjUwMjA3IDE5LjA0NjUgNS42NDI0MyAxOS4zMjIzIDUuODg1NTJDMTkuNTY2IDYuMTAwMjcgMTkuNzUzNyA2LjM3MTEzIDE5Ljg2OTIgNi42NzQ3QzIwIDcuMDE4MzMgMjAgNy40MTgwOCAyMCA4LjIxNzU5VjEyWiIgc3Ryb2tlPSIjMDAwMDAwIiBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIvPg0KPC9zdmc+ +[pre-verification]: https://img.shields.io/badge/pre_verification-orange.svg?style=for-the-badge&logo=data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IS0tIFVwbG9hZGVkIHRvOiBTVkcgUmVwbywgd3d3LnN2Z3JlcG8uY29tLCBHZW5lcmF0b3I6IFNWRyBSZXBvIE1peGVyIFRvb2xzIC0tPg0KPHN2ZyB3aWR0aD0iODAwcHgiIGhlaWdodD0iODAwcHgiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4NCjxwYXRoIGQ9Ik05IDEySDE1TTIwIDEyQzIwIDE2LjQ2MTEgMTQuNTQgMTkuNjkzNyAxMi42NDE0IDIwLjY4M0MxMi40MzYxIDIwLjc5IDEyLjMzMzQgMjAuODQzNSAxMi4xOTEgMjAuODcxMkMxMi4wOCAyMC44OTI4IDExLjkyIDIwLjg5MjggMTEuODA5IDIwLjg3MTJDMTEuNjY2NiAyMC44NDM1IDExLjU2MzkgMjAuNzkgMTEuMzU4NiAyMC42ODNDOS40NTk5NiAxOS42OTM3IDQgMTYuNDYxMSA0IDEyVjguMjE3NTlDNCA3LjQxODA4IDQgNy4wMTgzMyA0LjEzMDc2IDYuNjc0N0M0LjI0NjI3IDYuMzcxMTMgNC40MzM5OCA2LjEwMDI3IDQuNjc3NjYgNS44ODU1MkM0Ljk1MzUgNS42NDI0MyA1LjMyNzggNS41MDIwNyA2LjA3NjQgNS4yMjEzNEwxMS40MzgyIDMuMjEwNjdDMTEuNjQ2MSAzLjEzMjcxIDExLjc1IDMuMDkzNzMgMTEuODU3IDMuMDc4MjdDMTEuOTUxOCAzLjA2NDU3IDEyLjA0ODIgMy4wNjQ1NyAxMi4xNDMgMy4wNzgyN0MxMi4yNSAzLjA5MzczIDEyLjM1MzkgMy4xMzI3MSAxMi41NjE4IDMuMjEwNjdMMTcuOTIzNiA1LjIyMTM0QzE4LjY3MjIgNS41MDIwNyAxOS4wNDY1IDUuNjQyNDMgMTkuMzIyMyA1Ljg4NTUyQzE5LjU2NiA2LjEwMDI3IDE5Ljc1MzcgNi4zNzExMyAxOS44NjkyIDYuNjc0N0MyMCA3LjAxODMzIDIwIDcuNDE4MDggMjAgOC4yMTc1OVYxMloiIHN0cm9rZT0iIzAwMDAwMCIgc3Ryb2tlLXdpZHRoPSIyIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiLz4NCjwvc3ZnPg== From b4baef24983b3c0bdf9ee7cf56ff4019e11565d1 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 29 Jul 2024 16:48:49 +0200 Subject: [PATCH 009/172] Add verification status to ML-KEM crate --- libcrux-ml-kem/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libcrux-ml-kem/README.md b/libcrux-ml-kem/README.md index d0ff7b35d..ffb704662 100644 --- a/libcrux-ml-kem/README.md +++ b/libcrux-ml-kem/README.md @@ -1,5 +1,7 @@ # ML-KEM +![verified] + This crate implements all three ML-KEM ([FIPS 203](https://csrc.nist.gov/pubs/fips/203/ipd) (Initial Public Draft)) variants 512, 768, and 1024. It is formally verified using [hax](https://cryspen.com/hax) and [F*](https://fstar-lang.org). @@ -7,6 +9,7 @@ formally verified using [hax](https://cryspen.com/hax) and Functions in this crate use CPU feature detection to pick the most efficient version on each platform. To use a specific version with your own feature detection use e.g. one of the following + - `mlkem768::avx2::generate_key_pair`, - `mlkem768::neon::generate_key_pair`, - `mlkem768::portable::generate_key_pair`, @@ -43,7 +46,6 @@ analogously for encapsulation and decapsulation. let shared_secret_decapsulated = mlkem768::decapsulate(key_pair.private_key(), &ciphertext); ``` - ## Features By default, all ML-KEM parameter sets are enabled. If required, they are @@ -55,7 +57,9 @@ feature flag `pre-verification` gives access to, as yet, unverified implementations of ML-KEM that are optimized for SIMD instruction sets. ### Kyber Round 3 + The `kyber` flag (in combination with `pre-verification`) also gives access to an, as yet, unverified implementation of Kyber as submitted in Round 3 of the NIST PQ competition. +[verified]: https://img.shields.io/badge/verified-brightgreen.svg?style=for-the-badge&logo=data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IS0tIFVwbG9hZGVkIHRvOiBTVkcgUmVwbywgd3d3LnN2Z3JlcG8uY29tLCBHZW5lcmF0b3I6IFNWRyBSZXBvIE1peGVyIFRvb2xzIC0tPg0KPHN2ZyB3aWR0aD0iODAwcHgiIGhlaWdodD0iODAwcHgiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4NCjxwYXRoIGQ9Ik05IDEyTDExIDE0TDE1IDkuOTk5OTlNMjAgMTJDMjAgMTYuNDYxMSAxNC41NCAxOS42OTM3IDEyLjY0MTQgMjAuNjgzQzEyLjQzNjEgMjAuNzkgMTIuMzMzNCAyMC44NDM1IDEyLjE5MSAyMC44NzEyQzEyLjA4IDIwLjg5MjggMTEuOTIgMjAuODkyOCAxMS44MDkgMjAuODcxMkMxMS42NjY2IDIwLjg0MzUgMTEuNTYzOSAyMC43OSAxMS4zNTg2IDIwLjY4M0M5LjQ1OTk2IDE5LjY5MzcgNCAxNi40NjExIDQgMTJWOC4yMTc1OUM0IDcuNDE4MDggNCA3LjAxODMzIDQuMTMwNzYgNi42NzQ3QzQuMjQ2MjcgNi4zNzExMyA0LjQzMzk4IDYuMTAwMjcgNC42Nzc2NiA1Ljg4NTUyQzQuOTUzNSA1LjY0MjQzIDUuMzI3OCA1LjUwMjA3IDYuMDc2NCA1LjIyMTM0TDExLjQzODIgMy4yMTA2N0MxMS42NDYxIDMuMTMyNzEgMTEuNzUgMy4wOTM3MyAxMS44NTcgMy4wNzgyN0MxMS45NTE4IDMuMDY0NTcgMTIuMDQ4MiAzLjA2NDU3IDEyLjE0MyAzLjA3ODI3QzEyLjI1IDMuMDkzNzMgMTIuMzUzOSAzLjEzMjcxIDEyLjU2MTggMy4yMTA2N0wxNy45MjM2IDUuMjIxMzRDMTguNjcyMiA1LjUwMjA3IDE5LjA0NjUgNS42NDI0MyAxOS4zMjIzIDUuODg1NTJDMTkuNTY2IDYuMTAwMjcgMTkuNzUzNyA2LjM3MTEzIDE5Ljg2OTIgNi42NzQ3QzIwIDcuMDE4MzMgMjAgNy40MTgwOCAyMCA4LjIxNzU5VjEyWiIgc3Ryb2tlPSIjMDAwMDAwIiBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIvPg0KPC9zdmc+ \ No newline at end of file From fb28a670600f22818b79e6d52bf2ba5d8e05e6a9 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 29 Jul 2024 16:49:14 +0200 Subject: [PATCH 010/172] Add verification status to ML-DSA crate --- libcrux-ml-dsa/README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libcrux-ml-dsa/README.md b/libcrux-ml-dsa/README.md index 1e6587ac0..fcda92cd1 100644 --- a/libcrux-ml-dsa/README.md +++ b/libcrux-ml-dsa/README.md @@ -1,4 +1,6 @@ -# ML-KEM +# ML-DSA + +![pre-verification] This crate implements all three ML-DSA ([FIPS 204](https://csrc.nist.gov/pubs/fips/204/ipd) (Initial Public Draft)) variants 44, 65, and 87. @@ -36,3 +38,6 @@ Currenly, these implementations are unverified and do not contain any architectu // Verify the signature and assert that it is indeed valid assert!(ml_dsa_65::verify(key_pair.verification_key, &message, signature).is_ok()); ``` + +[verified]: https://img.shields.io/badge/verified-brightgreen.svg?style=for-the-badge&logo=data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IS0tIFVwbG9hZGVkIHRvOiBTVkcgUmVwbywgd3d3LnN2Z3JlcG8uY29tLCBHZW5lcmF0b3I6IFNWRyBSZXBvIE1peGVyIFRvb2xzIC0tPg0KPHN2ZyB3aWR0aD0iODAwcHgiIGhlaWdodD0iODAwcHgiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4NCjxwYXRoIGQ9Ik05IDEyTDExIDE0TDE1IDkuOTk5OTlNMjAgMTJDMjAgMTYuNDYxMSAxNC41NCAxOS42OTM3IDEyLjY0MTQgMjAuNjgzQzEyLjQzNjEgMjAuNzkgMTIuMzMzNCAyMC44NDM1IDEyLjE5MSAyMC44NzEyQzEyLjA4IDIwLjg5MjggMTEuOTIgMjAuODkyOCAxMS44MDkgMjAuODcxMkMxMS42NjY2IDIwLjg0MzUgMTEuNTYzOSAyMC43OSAxMS4zNTg2IDIwLjY4M0M5LjQ1OTk2IDE5LjY5MzcgNCAxNi40NjExIDQgMTJWOC4yMTc1OUM0IDcuNDE4MDggNCA3LjAxODMzIDQuMTMwNzYgNi42NzQ3QzQuMjQ2MjcgNi4zNzExMyA0LjQzMzk4IDYuMTAwMjcgNC42Nzc2NiA1Ljg4NTUyQzQuOTUzNSA1LjY0MjQzIDUuMzI3OCA1LjUwMjA3IDYuMDc2NCA1LjIyMTM0TDExLjQzODIgMy4yMTA2N0MxMS42NDYxIDMuMTMyNzEgMTEuNzUgMy4wOTM3MyAxMS44NTcgMy4wNzgyN0MxMS45NTE4IDMuMDY0NTcgMTIuMDQ4MiAzLjA2NDU3IDEyLjE0MyAzLjA3ODI3QzEyLjI1IDMuMDkzNzMgMTIuMzUzOSAzLjEzMjcxIDEyLjU2MTggMy4yMTA2N0wxNy45MjM2IDUuMjIxMzRDMTguNjcyMiA1LjUwMjA3IDE5LjA0NjUgNS42NDI0MyAxOS4zMjIzIDUuODg1NTJDMTkuNTY2IDYuMTAwMjcgMTkuNzUzNyA2LjM3MTEzIDE5Ljg2OTIgNi42NzQ3QzIwIDcuMDE4MzMgMjAgNy40MTgwOCAyMCA4LjIxNzU5VjEyWiIgc3Ryb2tlPSIjMDAwMDAwIiBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIvPg0KPC9zdmc+ +[pre-verification]: https://img.shields.io/badge/pre_verification-orange.svg?style=for-the-badge&logo=data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IS0tIFVwbG9hZGVkIHRvOiBTVkcgUmVwbywgd3d3LnN2Z3JlcG8uY29tLCBHZW5lcmF0b3I6IFNWRyBSZXBvIE1peGVyIFRvb2xzIC0tPg0KPHN2ZyB3aWR0aD0iODAwcHgiIGhlaWdodD0iODAwcHgiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4NCjxwYXRoIGQ9Ik05IDEySDE1TTIwIDEyQzIwIDE2LjQ2MTEgMTQuNTQgMTkuNjkzNyAxMi42NDE0IDIwLjY4M0MxMi40MzYxIDIwLjc5IDEyLjMzMzQgMjAuODQzNSAxMi4xOTEgMjAuODcxMkMxMi4wOCAyMC44OTI4IDExLjkyIDIwLjg5MjggMTEuODA5IDIwLjg3MTJDMTEuNjY2NiAyMC44NDM1IDExLjU2MzkgMjAuNzkgMTEuMzU4NiAyMC42ODNDOS40NTk5NiAxOS42OTM3IDQgMTYuNDYxMSA0IDEyVjguMjE3NTlDNCA3LjQxODA4IDQgNy4wMTgzMyA0LjEzMDc2IDYuNjc0N0M0LjI0NjI3IDYuMzcxMTMgNC40MzM5OCA2LjEwMDI3IDQuNjc3NjYgNS44ODU1MkM0Ljk1MzUgNS42NDI0MyA1LjMyNzggNS41MDIwNyA2LjA3NjQgNS4yMjEzNEwxMS40MzgyIDMuMjEwNjdDMTEuNjQ2MSAzLjEzMjcxIDExLjc1IDMuMDkzNzMgMTEuODU3IDMuMDc4MjdDMTEuOTUxOCAzLjA2NDU3IDEyLjA0ODIgMy4wNjQ1NyAxMi4xNDMgMy4wNzgyN0MxMi4yNSAzLjA5MzczIDEyLjM1MzkgMy4xMzI3MSAxMi41NjE4IDMuMjEwNjdMMTcuOTIzNiA1LjIyMTM0QzE4LjY3MjIgNS41MDIwNyAxOS4wNDY1IDUuNjQyNDMgMTkuMzIyMyA1Ljg4NTUyQzE5LjU2NiA2LjEwMDI3IDE5Ljc1MzcgNi4zNzExMyAxOS44NjkyIDYuNjc0N0MyMCA3LjAxODMzIDIwIDcuNDE4MDggMjAgOC4yMTc1OVYxMloiIHN0cm9rZT0iIzAwMDAwMCIgc3Ryb2tlLXdpZHRoPSIyIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiLz4NCjwvc3ZnPg== From de72e52f030781c3d749b7cf035abc18601e4cf6 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 29 Jul 2024 16:49:40 +0200 Subject: [PATCH 011/172] Add explanation of verification badges to main readme --- Readme.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/Readme.md b/Readme.md index 7c24acaa5..ab8a2e28b 100644 --- a/Readme.md +++ b/Readme.md @@ -52,6 +52,20 @@ libcrux uses the following configurations for its hardware abstractions libcrux provides a DRBG implementation that can be used standalone (`drbg::Drbg`) or through the `Rng` traits. +## Verification status + +As a quick indicator of overall verification status, subcrates in this workspace include the following badges: + +- ![pre-verification] to indicate that most (or all) of the code that is contained in default features of that crate is not (yet) verified. +- ![verified] to indicate that most (or all) of the code that is contained in the default feature set is verified. + +In both cases, please refer to the more detailed notes on verification in each +sub-crate to learn more about what has (or has not) been verified in the +particular case. + [architecture]: ./Architecture.md [hacspec]: https://hacspec.org [formal verification]: ./formal_verification + +[verified]: https://img.shields.io/badge/verified-brightgreen.svg?style=for-the-badge&logo=data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IS0tIFVwbG9hZGVkIHRvOiBTVkcgUmVwbywgd3d3LnN2Z3JlcG8uY29tLCBHZW5lcmF0b3I6IFNWRyBSZXBvIE1peGVyIFRvb2xzIC0tPg0KPHN2ZyB3aWR0aD0iODAwcHgiIGhlaWdodD0iODAwcHgiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4NCjxwYXRoIGQ9Ik05IDEyTDExIDE0TDE1IDkuOTk5OTlNMjAgMTJDMjAgMTYuNDYxMSAxNC41NCAxOS42OTM3IDEyLjY0MTQgMjAuNjgzQzEyLjQzNjEgMjAuNzkgMTIuMzMzNCAyMC44NDM1IDEyLjE5MSAyMC44NzEyQzEyLjA4IDIwLjg5MjggMTEuOTIgMjAuODkyOCAxMS44MDkgMjAuODcxMkMxMS42NjY2IDIwLjg0MzUgMTEuNTYzOSAyMC43OSAxMS4zNTg2IDIwLjY4M0M5LjQ1OTk2IDE5LjY5MzcgNCAxNi40NjExIDQgMTJWOC4yMTc1OUM0IDcuNDE4MDggNCA3LjAxODMzIDQuMTMwNzYgNi42NzQ3QzQuMjQ2MjcgNi4zNzExMyA0LjQzMzk4IDYuMTAwMjcgNC42Nzc2NiA1Ljg4NTUyQzQuOTUzNSA1LjY0MjQzIDUuMzI3OCA1LjUwMjA3IDYuMDc2NCA1LjIyMTM0TDExLjQzODIgMy4yMTA2N0MxMS42NDYxIDMuMTMyNzEgMTEuNzUgMy4wOTM3MyAxMS44NTcgMy4wNzgyN0MxMS45NTE4IDMuMDY0NTcgMTIuMDQ4MiAzLjA2NDU3IDEyLjE0MyAzLjA3ODI3QzEyLjI1IDMuMDkzNzMgMTIuMzUzOSAzLjEzMjcxIDEyLjU2MTggMy4yMTA2N0wxNy45MjM2IDUuMjIxMzRDMTguNjcyMiA1LjUwMjA3IDE5LjA0NjUgNS42NDI0MyAxOS4zMjIzIDUuODg1NTJDMTkuNTY2IDYuMTAwMjcgMTkuNzUzNyA2LjM3MTEzIDE5Ljg2OTIgNi42NzQ3QzIwIDcuMDE4MzMgMjAgNy40MTgwOCAyMCA4LjIxNzU5VjEyWiIgc3Ryb2tlPSIjMDAwMDAwIiBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIvPg0KPC9zdmc+ +[pre-verification]: https://img.shields.io/badge/pre_verification-orange.svg?style=for-the-badge&logo=data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IS0tIFVwbG9hZGVkIHRvOiBTVkcgUmVwbywgd3d3LnN2Z3JlcG8uY29tLCBHZW5lcmF0b3I6IFNWRyBSZXBvIE1peGVyIFRvb2xzIC0tPg0KPHN2ZyB3aWR0aD0iODAwcHgiIGhlaWdodD0iODAwcHgiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4NCjxwYXRoIGQ9Ik05IDEySDE1TTIwIDEyQzIwIDE2LjQ2MTEgMTQuNTQgMTkuNjkzNyAxMi42NDE0IDIwLjY4M0MxMi40MzYxIDIwLjc5IDEyLjMzMzQgMjAuODQzNSAxMi4xOTEgMjAuODcxMkMxMi4wOCAyMC44OTI4IDExLjkyIDIwLjg5MjggMTEuODA5IDIwLjg3MTJDMTEuNjY2NiAyMC44NDM1IDExLjU2MzkgMjAuNzkgMTEuMzU4NiAyMC42ODNDOS40NTk5NiAxOS42OTM3IDQgMTYuNDYxMSA0IDEyVjguMjE3NTlDNCA3LjQxODA4IDQgNy4wMTgzMyA0LjEzMDc2IDYuNjc0N0M0LjI0NjI3IDYuMzcxMTMgNC40MzM5OCA2LjEwMDI3IDQuNjc3NjYgNS44ODU1MkM0Ljk1MzUgNS42NDI0MyA1LjMyNzggNS41MDIwNyA2LjA3NjQgNS4yMjEzNEwxMS40MzgyIDMuMjEwNjdDMTEuNjQ2MSAzLjEzMjcxIDExLjc1IDMuMDkzNzMgMTEuODU3IDMuMDc4MjdDMTEuOTUxOCAzLjA2NDU3IDEyLjA0ODIgMy4wNjQ1NyAxMi4xNDMgMy4wNzgyN0MxMi4yNSAzLjA5MzczIDEyLjM1MzkgMy4xMzI3MSAxMi41NjE4IDMuMjEwNjdMMTcuOTIzNiA1LjIyMTM0QzE4LjY3MjIgNS41MDIwNyAxOS4wNDY1IDUuNjQyNDMgMTkuMzIyMyA1Ljg4NTUyQzE5LjU2NiA2LjEwMDI3IDE5Ljc1MzcgNi4zNzExMyAxOS44NjkyIDYuNjc0N0MyMCA3LjAxODMzIDIwIDcuNDE4MDggMjAgOC4yMTc1OVYxMloiIHN0cm9rZT0iIzAwMDAwMCIgc3Ryb2tlLXdpZHRoPSIyIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiLz4NCjwvc3ZnPg== From f34493bb7bb2359d83e6d8f45bcaa3fcf8a12400 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 22 Jul 2024 17:11:26 +0200 Subject: [PATCH 012/172] wip; not working like this --- libcrux-sha3/src/generic_keccak.rs | 302 +++++++++++++++++++++++++++- libcrux-sha3/src/lib.rs | 7 +- libcrux-sha3/src/portable_keccak.rs | 22 ++ libcrux-sha3/src/simd/arm64.rs | 8 + libcrux-sha3/src/traits.rs | 2 + libcrux-sha3/tests/cavp.rs | 3 + 6 files changed, 340 insertions(+), 4 deletions(-) diff --git a/libcrux-sha3/src/generic_keccak.rs b/libcrux-sha3/src/generic_keccak.rs index 1ccdf4933..908ceecf0 100644 --- a/libcrux-sha3/src/generic_keccak.rs +++ b/libcrux-sha3/src/generic_keccak.rs @@ -6,7 +6,7 @@ use core::ops::Index; use crate::traits::*; #[cfg_attr(hax, hax_lib::opaque_type)] -#[derive(Clone, Copy)] +#[derive(Debug, Clone, Copy)] pub(crate) struct KeccakState> { st: [[T; 5]; 5], } @@ -29,6 +29,278 @@ impl> KeccakState { } } +/// The internal keccak state that can also buffer inputs to absorb. +/// This is used in the general xof APIs. +#[cfg_attr(hax, hax_lib::opaque_type)] +#[derive(Clone, Copy)] +pub(crate) struct KeccakXofState< + const PARALLEL_LANES: usize, + const BLOCK_SIZE: usize, + STATE: KeccakStateItem, +> { + inner: KeccakState, + + // Buffer inputs on absorb. + buf: [[u8; BLOCK_SIZE]; PARALLEL_LANES], + + // Buffered length. + buf_len: usize, + + // Needs sponge. + sponge: bool, +} + +impl< + const PARALLEL_LANES: usize, + const BLOCK_SIZE: usize, + STATE: KeccakStateItem, + > KeccakXofState +{ + /// Generate a new keccak xof state. + pub(crate) fn new() -> Self { + Self { + inner: KeccakState::new(), + buf: [[0; BLOCK_SIZE]; PARALLEL_LANES], + buf_len: 0, + sponge: false, + } + } + + /// Absorb + /// + /// This function takes any number of bytes to absorb and buffers if it's not enough. + /// The function assumes that all input slices in `blocks` have the same length. + /// + /// Only a multiple of `RATE` blocks are absorbed. + /// For the remaining bytes [`absorb_final`] needs to be called. + /// + /// This works best with relatively small `inputs`. + #[inline(always)] + pub(crate) fn absorb(&mut self, inputs: [&[u8]; PARALLEL_LANES]) { + println!("state before absorb (xof)"); + for s in self.inner.st { + println!( + " {} {} {} {} {}", + STATE::print(&s[0]), + STATE::print(&s[1]), + STATE::print(&s[2]), + STATE::print(&s[3]), + STATE::print(&s[4]) + ); + } + let input_len = inputs[0].len(); + + debug_assert!(PARALLEL_LANES > 0); + debug_assert!(self.buf_len < BLOCK_SIZE); + #[cfg(debug_assertions)] + { + for block in inputs { + debug_assert!(block.len() == input_len); + } + } + + // Check if there are buffered bytes to absorb first and consume them. + let input_consumed = self.consume_buffer(input_len, inputs); + eprintln!("consumed: {input_consumed}"); + eprintln!("need to consume: {}", input_len / BLOCK_SIZE); + + // Consume the (rest of the) input ... + for i in 0..input_len / BLOCK_SIZE { + // We only get in here if `input_len / RATE > 0`. + STATE::load_block::( + &mut self.inner.st, + STATE::slice_n( + inputs, + input_consumed * BLOCK_SIZE + i * BLOCK_SIZE, + BLOCK_SIZE, + ), + ); + keccakf1600(&mut self.inner); + } + // ... and buffer the rest if there's not enough input (left). + if input_len - input_consumed < BLOCK_SIZE && input_len > input_consumed { + eprintln!("buffering: {} bytes", input_len); + for i in 0..PARALLEL_LANES { + self.buf[i][input_consumed..input_len].copy_from_slice(inputs[i]); + } + } + println!("state after absorb (xof)"); + for s in self.inner.st { + println!( + " {} {} {} {} {}", + STATE::print(&s[0]), + STATE::print(&s[1]), + STATE::print(&s[2]), + STATE::print(&s[3]), + STATE::print(&s[4]) + ); + } + } + + /// Consume the internal buffer and the required amount of the input to pad to + /// `BLOCK_SIZE`. + /// + /// Returns the `consumed` amount of bytes from `inputs`. + fn consume_buffer( + &mut self, + input_len: usize, + inputs: [&[u8]; PARALLEL_LANES], + ) -> [&[u8]; PARALLEL_LANES] { + // let mut consumed = 0; + if self.buf_len > 0 { + if self.buf_len + input_len >= BLOCK_SIZE { + let consumed = BLOCK_SIZE - self.buf_len; + // We have enough to absorb something. + // XXX: This could be done more efficiently when we absorb from blocks + // rather than concat them first. + let mut blocks = [[0u8; BLOCK_SIZE]; PARALLEL_LANES]; + for i in 0..PARALLEL_LANES { + blocks[i][0..self.buf_len].copy_from_slice(&self.buf[i]); + blocks[i][self.buf_len..].copy_from_slice(&inputs[i][..consumed]) + } + let borrowed: [&[u8]; PARALLEL_LANES] = + core::array::from_fn(|i| &blocks[i] as &[u8]); + STATE::load_block::(&mut self.inner.st, borrowed); + keccakf1600(&mut self.inner); + + // Now we absorbed the buffered bytes and the part of the inputs to + // fill up to `BLOCK_SIZE`. + // Consume the rest of the inputs that we can and store the rest + // in the buffer + self.buf_len = 0; + } + } + todo!() + // consumed + } + /// Absorb a final block. + /// + /// The `inputs` block may be empty. Everything in the `inputs` block beyond + /// `RATE` bytes is ignored. + #[inline(always)] + pub(crate) fn absorb_final(&mut self, inputs: [&[u8]; PARALLEL_LANES]) { + println!("state before absorb final (xof)"); + for s in self.inner.st { + println!( + " {} {} {} {} {}", + STATE::print(&s[0]), + STATE::print(&s[1]), + STATE::print(&s[2]), + STATE::print(&s[3]), + STATE::print(&s[4]) + ); + } + debug_assert!(PARALLEL_LANES > 0 && inputs[0].len() < BLOCK_SIZE); + let input_len = inputs[0].len(); + + debug_assert!(PARALLEL_LANES > 0); + debug_assert!(self.buf_len < BLOCK_SIZE); + #[cfg(debug_assertions)] + { + for block in inputs { + debug_assert!(block.len() == input_len); + } + } + + // Check if there are buffered bytes to absorb first and consume them. + let consumed = self.consume_buffer(input_len, inputs); + eprintln!("consumed: {consumed}"); + eprintln!("buffer: {:x?}", self.buf); + + // Consume the (rest of the) input ... + for i in 0..input_len / BLOCK_SIZE { + // We only get in here if `input_len / RATE > 0`. + STATE::load_block::( + &mut self.inner.st, + STATE::slice_n( + inputs, + input_consumed * BLOCK_SIZE + i * BLOCK_SIZE, + BLOCK_SIZE, + ), + ); + keccakf1600(&mut self.inner); + } + // ... and buffer the rest if there's not enough input (left). + if input_len - input_consumed < BLOCK_SIZE && input_len > input_consumed { + eprintln!("buffering: {} bytes", input_len); + for i in 0..PARALLEL_LANES { + self.buf[i][input_consumed..input_len].copy_from_slice(inputs[i]); + } + } + + // Consume the remaining bytes. + let mut blocks = [[0u8; 200]; PARALLEL_LANES]; + for i in 0..PARALLEL_LANES { + blocks[i][0..input_len].copy_from_slice(&inputs[i][consumed..]); + blocks[i][input_len] = DELIMITER; + blocks[i][BLOCK_SIZE - 1] |= 0x80; + } + eprintln!("loading: {blocks:x?}"); + STATE::load_block_full::(&mut self.inner.st, blocks); + keccakf1600(&mut self.inner); + + println!("state after absorb final (xof)"); + for s in self.inner.st { + println!( + " {} {} {} {} {}", + STATE::print(&s[0]), + STATE::print(&s[1]), + STATE::print(&s[2]), + STATE::print(&s[3]), + STATE::print(&s[4]) + ); + } + } + + /// Squeeze `N` x `LEN` bytes. + #[inline(always)] + pub(crate) fn squeeze(&mut self, out: [&mut [u8]; PARALLEL_LANES]) { + println!("state before squeeze (xof)"); + for s in self.inner.st { + println!( + " {} {} {} {} {}", + STATE::print(&s[0]), + STATE::print(&s[1]), + STATE::print(&s[2]), + STATE::print(&s[3]), + STATE::print(&s[4]) + ); + } + if self.sponge { + // If we called `squeeze` before, call f1600 first. + // We do it this way around so that we don't call f1600 at the end + // when we don't need it. + keccakf1600(&mut self.inner); + } + + // How many blocks do we need to squeeze out? + let out_len = out[0].len(); + let blocks = out_len / BLOCK_SIZE; + let last = out_len - (out_len % BLOCK_SIZE); + + // Squeeze out one to start with. + let (out0, mut out_rest) = STATE::split_at_mut_n(out, BLOCK_SIZE.min(out_len)); + STATE::store::(&self.inner.st, out0); + + // If we got asked for more than one block, squeeze out more. + for _ in 1..blocks { + // Here we know that we always have full blocks to write out. + let (out0, tmp) = STATE::split_at_mut_n(out_rest, BLOCK_SIZE); + keccakf1600(&mut self.inner); + STATE::store::(&self.inner.st, out0); + out_rest = tmp; + } + + if last < out_len { + // Squeeze out the last partial block + keccakf1600(&mut self.inner); + STATE::store::(&self.inner.st, out_rest); + } + + self.sponge = true; + } +} + /// From here, everything is generic /// const _ROTC: [usize; 24] = [ @@ -299,6 +571,18 @@ pub(crate) fn keccak, const RATE: usize, c let blocks = outlen / RATE; let last = outlen - (outlen % RATE); + println!("state before squeeze"); + for s in s.st { + println!( + " {} {} {} {} {}", + T::print(&s[0]), + T::print(&s[1]), + T::print(&s[2]), + T::print(&s[3]), + T::print(&s[4]) + ); + } + if blocks == 0 { squeeze_first_and_last::(&s, out) } else { @@ -314,3 +598,19 @@ pub(crate) fn keccak, const RATE: usize, c } } } + +#[inline(always)] +pub(crate) fn keccak_xof< + const PARALLEL_LANES: usize, + STATE: KeccakStateItem, + const BLOCK_SIZE: usize, + const DELIMITER: u8, +>( + data: [&[u8]; PARALLEL_LANES], + out: [&mut [u8]; PARALLEL_LANES], +) { + let mut state = KeccakXofState::::new(); + state.absorb(data); + state.absorb_final::([&[]; PARALLEL_LANES]); + state.squeeze(out); +} diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index 599f67398..5532f64a0 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -2,7 +2,7 @@ //! //! A SHA3 implementation with optional simd optimisations. -#![no_std] +// #![no_std] #![forbid(unsafe_code)] #![deny(missing_docs)] @@ -205,7 +205,7 @@ pub fn shake256_ema(out: &mut [u8], data: &[u8]) { /// A portable SHA3 implementations without platform dependent optimisations. pub mod portable { use super::*; - use generic_keccak::{keccak, KeccakState as GenericState}; + use generic_keccak::{keccak_xof, KeccakState as GenericState}; /// The Keccak state for the incremental API. #[derive(Clone, Copy)] @@ -215,13 +215,14 @@ pub mod portable { #[inline(always)] fn keccakx1(data: [&[u8]; 1], out: [&mut [u8]; 1]) { - keccak::<1, u64, RATE, DELIM>(data, out) + keccak_xof::<1, u64, RATE, DELIM>(data, out); } /// A portable SHA3 224 implementation. #[inline(always)] pub fn sha224(digest: &mut [u8], data: &[u8]) { keccakx1::<144, 0x06u8>([data], [digest]); + // generic_keccak::keccak::<1, u64, 144, 0x06u8>([data], [digest]); } /// A portable SHA3 256 implementation. diff --git a/libcrux-sha3/src/portable_keccak.rs b/libcrux-sha3/src/portable_keccak.rs index 382a9e483..850515d35 100644 --- a/libcrux-sha3/src/portable_keccak.rs +++ b/libcrux-sha3/src/portable_keccak.rs @@ -128,4 +128,26 @@ impl KeccakItem<1> for u64 { fn split_at_mut_n(a: [&mut [u8]; 1], mid: usize) -> ([&mut [u8]; 1], [&mut [u8]; 1]) { split_at_mut_1(a, mid) } + + /// `out` has the exact size we want here. It must be less than or equal to `BLOCKSIZE`. + #[inline(always)] + fn store(state: &[[Self; 5]; 5], out: [&mut [u8]; 1]) { + debug_assert!(out.len() <= BLOCKSIZE / 8, "{} > {}", out.len(), BLOCKSIZE); + + let num_blocks = out[0].len() / 8; + let last_block_len = out[0].len() % 8; + + for i in 0..num_blocks { + out[0][i * 8..i * 8 + 8].copy_from_slice(&state[i / 5][i % 5].to_le_bytes()); + } + if last_block_len != 0 { + out[0][num_blocks * 8..num_blocks * 8 + last_block_len].copy_from_slice( + &state[num_blocks / 5][num_blocks % 5].to_le_bytes()[0..last_block_len], + ); + } + } + + fn print(&self) -> std::string::String { + format!("{:x?}", self).to_string() + } } diff --git a/libcrux-sha3/src/simd/arm64.rs b/libcrux-sha3/src/simd/arm64.rs index 773c5e036..ef94331fc 100644 --- a/libcrux-sha3/src/simd/arm64.rs +++ b/libcrux-sha3/src/simd/arm64.rs @@ -190,4 +190,12 @@ impl KeccakItem<2> for uint64x2_t { fn split_at_mut_n(a: [&mut [u8]; 2], mid: usize) -> ([&mut [u8]; 2], [&mut [u8]; 2]) { split_at_mut_2(a, mid) } + + fn store(state: &[[Self; 5]; 5], out: [&mut [u8]; 2]) { + todo!() + } + + fn print(&self) -> std::string::String { + todo!() + } } diff --git a/libcrux-sha3/src/traits.rs b/libcrux-sha3/src/traits.rs index fa3f5f846..cd04a7e29 100644 --- a/libcrux-sha3/src/traits.rs +++ b/libcrux-sha3/src/traits.rs @@ -21,5 +21,7 @@ pub(crate) mod internal { fn store_block_full(a: &[[Self; 5]; 5]) -> [[u8; 200]; N]; fn slice_n(a: [&[u8]; N], start: usize, len: usize) -> [&[u8]; N]; fn split_at_mut_n(a: [&mut [u8]; N], mid: usize) -> ([&mut [u8]; N], [&mut [u8]; N]); + fn store(state: &[[Self; 5]; 5], out: [&mut [u8]; N]); + fn print(&self) -> std::string::String; } } diff --git a/libcrux-sha3/tests/cavp.rs b/libcrux-sha3/tests/cavp.rs index d74644d8a..f06b40500 100644 --- a/libcrux-sha3/tests/cavp.rs +++ b/libcrux-sha3/tests/cavp.rs @@ -16,6 +16,9 @@ macro_rules! sha3_test { c += 1; let my_digest: $digest = sha3($algorithm, &test.msg[0..test.msg_length / 8]); assert_eq!(&my_digest, &test.digest[..]); + if c == 2 { + break; + } } } }; From 3c81d1430d2535d0dcf8c3c8ac3b4e4b3c1357ab Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 22 Jul 2024 17:21:09 +0200 Subject: [PATCH 013/172] more wip --- libcrux-sha3/src/generic_keccak.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libcrux-sha3/src/generic_keccak.rs b/libcrux-sha3/src/generic_keccak.rs index 908ceecf0..61bf74547 100644 --- a/libcrux-sha3/src/generic_keccak.rs +++ b/libcrux-sha3/src/generic_keccak.rs @@ -29,6 +29,9 @@ impl> KeccakState { } } +#[derive(Clone, Copy, Default)] +pub struct SingleState {} + /// The internal keccak state that can also buffer inputs to absorb. /// This is used in the general xof APIs. #[cfg_attr(hax, hax_lib::opaque_type)] @@ -41,7 +44,7 @@ pub(crate) struct KeccakXofState< inner: KeccakState, // Buffer inputs on absorb. - buf: [[u8; BLOCK_SIZE]; PARALLEL_LANES], + buf: SingleState, // [[u8; BLOCK_SIZE]; PARALLEL_LANES] // Buffered length. buf_len: usize, @@ -60,7 +63,7 @@ impl< pub(crate) fn new() -> Self { Self { inner: KeccakState::new(), - buf: [[0; BLOCK_SIZE]; PARALLEL_LANES], + buf: Default::default(), buf_len: 0, sponge: false, } From 24306c51f0f246b0753c8fb4a218ccb26f01bc06 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 29 Jul 2024 21:30:00 +0200 Subject: [PATCH 014/172] wip --- libcrux-sha3/src/generic_keccak.rs | 179 +++++++++++++---------------- 1 file changed, 80 insertions(+), 99 deletions(-) diff --git a/libcrux-sha3/src/generic_keccak.rs b/libcrux-sha3/src/generic_keccak.rs index 61bf74547..49702c6a4 100644 --- a/libcrux-sha3/src/generic_keccak.rs +++ b/libcrux-sha3/src/generic_keccak.rs @@ -29,9 +29,6 @@ impl> KeccakState { } } -#[derive(Clone, Copy, Default)] -pub struct SingleState {} - /// The internal keccak state that can also buffer inputs to absorb. /// This is used in the general xof APIs. #[cfg_attr(hax, hax_lib::opaque_type)] @@ -44,7 +41,7 @@ pub(crate) struct KeccakXofState< inner: KeccakState, // Buffer inputs on absorb. - buf: SingleState, // [[u8; BLOCK_SIZE]; PARALLEL_LANES] + buf: [[u8; BLOCK_SIZE]; PARALLEL_LANES], // Buffered length. buf_len: usize, @@ -59,11 +56,16 @@ impl< STATE: KeccakStateItem, > KeccakXofState { + /// An all zero block + pub(crate) const fn zero_block() -> [u8; BLOCK_SIZE] { + [0u8; BLOCK_SIZE] + } + /// Generate a new keccak xof state. pub(crate) fn new() -> Self { Self { inner: KeccakState::new(), - buf: Default::default(), + buf: [Self::zero_block(); PARALLEL_LANES], buf_len: 0, sponge: false, } @@ -91,24 +93,69 @@ impl< STATE::print(&s[4]) ); } - let input_len = inputs[0].len(); + let remainder = self.absorb_full(inputs); + + // ... buffer the rest if there's not enough input (left). + if remainder > 0 { + debug_assert!( + self.buf_len == 0 // We consumed everything (or it was empty all along). + || self.buf_len + remainder <= BLOCK_SIZE + ); + eprintln!("buffering: {} bytes", remainder); + + let input_len = inputs[0].len(); + for i in 0..PARALLEL_LANES { + self.buf[i][self.buf_len..self.buf_len + remainder] + .copy_from_slice(&inputs[i][input_len - remainder..]); + } + } + println!("state after absorb (xof)"); + for s in self.inner.st { + println!( + " {} {} {} {} {}", + STATE::print(&s[0]), + STATE::print(&s[1]), + STATE::print(&s[2]), + STATE::print(&s[3]), + STATE::print(&s[4]) + ); + } + } + + fn absorb_full(&mut self, inputs: [&[u8]; PARALLEL_LANES]) -> usize { debug_assert!(PARALLEL_LANES > 0); debug_assert!(self.buf_len < BLOCK_SIZE); #[cfg(debug_assertions)] { for block in inputs { - debug_assert!(block.len() == input_len); + debug_assert!(block.len() == inputs[0].len()); } } // Check if there are buffered bytes to absorb first and consume them. - let input_consumed = self.consume_buffer(input_len, inputs); + let input_consumed = self.fill_buffer(inputs); eprintln!("consumed: {input_consumed}"); - eprintln!("need to consume: {}", input_len / BLOCK_SIZE); + eprintln!("need to consume: {}", inputs[0].len() / BLOCK_SIZE); + + if input_consumed > 0 { + // We have a full block in the local buffer now. + let borrowed: [&[u8]; PARALLEL_LANES] = + core::array::from_fn(|i| &self.buf[i] as &[u8]); + STATE::load_block::(&mut self.inner.st, borrowed); + keccakf1600(&mut self.inner); + + // "empty" the local buffer + self.buf_len = 0; + } + + // We only need to consume the rest of the input. + let input_to_consume = inputs[0].len() - input_consumed; // Consume the (rest of the) input ... - for i in 0..input_len / BLOCK_SIZE { + let num_blocks = input_to_consume / BLOCK_SIZE; + let remainder = input_to_consume % BLOCK_SIZE; + for i in 0..num_blocks { // We only get in here if `input_len / RATE > 0`. STATE::load_block::( &mut self.inner.st, @@ -120,115 +167,49 @@ impl< ); keccakf1600(&mut self.inner); } - // ... and buffer the rest if there's not enough input (left). - if input_len - input_consumed < BLOCK_SIZE && input_len > input_consumed { - eprintln!("buffering: {} bytes", input_len); - for i in 0..PARALLEL_LANES { - self.buf[i][input_consumed..input_len].copy_from_slice(inputs[i]); - } - } - println!("state after absorb (xof)"); - for s in self.inner.st { - println!( - " {} {} {} {} {}", - STATE::print(&s[0]), - STATE::print(&s[1]), - STATE::print(&s[2]), - STATE::print(&s[3]), - STATE::print(&s[4]) - ); - } + + remainder } /// Consume the internal buffer and the required amount of the input to pad to /// `BLOCK_SIZE`. /// - /// Returns the `consumed` amount of bytes from `inputs`. - fn consume_buffer( - &mut self, - input_len: usize, - inputs: [&[u8]; PARALLEL_LANES], - ) -> [&[u8]; PARALLEL_LANES] { - // let mut consumed = 0; + /// Returns the `consumed` bytes from `inputs` if there's enough buffered + /// content to consume, and `0` otherwise. + /// If `consumed > 0` is returned, `self.buf` contains a full block to be + /// loaded. + fn fill_buffer(&mut self, inputs: [&[u8]; PARALLEL_LANES]) -> usize { + let input_len = inputs[0].len(); + let mut consumed = 0; if self.buf_len > 0 { + // There's something buffered internally to consume. if self.buf_len + input_len >= BLOCK_SIZE { - let consumed = BLOCK_SIZE - self.buf_len; - // We have enough to absorb something. - // XXX: This could be done more efficiently when we absorb from blocks - // rather than concat them first. - let mut blocks = [[0u8; BLOCK_SIZE]; PARALLEL_LANES]; + // We have enough data when combining the internal buffer and + // the input. + consumed = BLOCK_SIZE - self.buf_len; for i in 0..PARALLEL_LANES { - blocks[i][0..self.buf_len].copy_from_slice(&self.buf[i]); - blocks[i][self.buf_len..].copy_from_slice(&inputs[i][..consumed]) + self.buf[i][self.buf_len..].copy_from_slice(&inputs[i][..consumed]); } - let borrowed: [&[u8]; PARALLEL_LANES] = - core::array::from_fn(|i| &blocks[i] as &[u8]); - STATE::load_block::(&mut self.inner.st, borrowed); - keccakf1600(&mut self.inner); - - // Now we absorbed the buffered bytes and the part of the inputs to - // fill up to `BLOCK_SIZE`. - // Consume the rest of the inputs that we can and store the rest - // in the buffer - self.buf_len = 0; } } - todo!() - // consumed + consumed } + /// Absorb a final block. /// /// The `inputs` block may be empty. Everything in the `inputs` block beyond /// `RATE` bytes is ignored. #[inline(always)] pub(crate) fn absorb_final(&mut self, inputs: [&[u8]; PARALLEL_LANES]) { - println!("state before absorb final (xof)"); - for s in self.inner.st { - println!( - " {} {} {} {} {}", - STATE::print(&s[0]), - STATE::print(&s[1]), - STATE::print(&s[2]), - STATE::print(&s[3]), - STATE::print(&s[4]) - ); - } - debug_assert!(PARALLEL_LANES > 0 && inputs[0].len() < BLOCK_SIZE); - let input_len = inputs[0].len(); + let remainder = self.absorb_full(inputs); - debug_assert!(PARALLEL_LANES > 0); - debug_assert!(self.buf_len < BLOCK_SIZE); - #[cfg(debug_assertions)] - { - for block in inputs { - debug_assert!(block.len() == input_len); - } - } - - // Check if there are buffered bytes to absorb first and consume them. - let consumed = self.consume_buffer(input_len, inputs); - eprintln!("consumed: {consumed}"); - eprintln!("buffer: {:x?}", self.buf); - - // Consume the (rest of the) input ... - for i in 0..input_len / BLOCK_SIZE { - // We only get in here if `input_len / RATE > 0`. - STATE::load_block::( - &mut self.inner.st, - STATE::slice_n( - inputs, - input_consumed * BLOCK_SIZE + i * BLOCK_SIZE, - BLOCK_SIZE, - ), + // ... buffer the rest if there's not enough input (left). + if remainder > 0 { + debug_assert!( + self.buf_len == 0 // We consumed everything (or it was empty all along). + || self.buf_len + remainder <= BLOCK_SIZE ); - keccakf1600(&mut self.inner); - } - // ... and buffer the rest if there's not enough input (left). - if input_len - input_consumed < BLOCK_SIZE && input_len > input_consumed { - eprintln!("buffering: {} bytes", input_len); - for i in 0..PARALLEL_LANES { - self.buf[i][input_consumed..input_len].copy_from_slice(inputs[i]); - } + eprintln!("buffering: {} bytes", remainder); } // Consume the remaining bytes. From 470fc6004f48be9a64a32b7f09e1eb557f6c83e0 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 29 Jul 2024 22:11:43 +0200 Subject: [PATCH 015/172] working, dirty --- libcrux-ml-dsa/src/lib.rs | 2 + libcrux-ml-dsa/src/ml_dsa_generic.rs | 9 +- libcrux-sha3/src/generic_keccak.rs | 158 ++++++++++++++------------- libcrux-sha3/src/lib.rs | 37 ++++++- libcrux-sha3/tests/cavp.rs | 6 +- 5 files changed, 129 insertions(+), 83 deletions(-) diff --git a/libcrux-ml-dsa/src/lib.rs b/libcrux-ml-dsa/src/lib.rs index a6c178295..55a608c65 100644 --- a/libcrux-ml-dsa/src/lib.rs +++ b/libcrux-ml-dsa/src/lib.rs @@ -1,3 +1,5 @@ +#![no_std] + mod arithmetic; mod constants; mod encoding; diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs index 82d65c2dc..fc29fed99 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs @@ -1,3 +1,5 @@ +use libcrux_sha3::portable::incremental; + use crate::{ arithmetic::{ decompose_vector, make_hint, power2round_vector, use_hint, vector_infinity_norm_exceeds, @@ -147,10 +149,11 @@ pub(crate) fn sign< // TODO: Remove the use of to_vec with an incremental SHAKE-256 absorb API. let mut message_representative = [0; MESSAGE_REPRESENTATIVE_SIZE]; { - let mut hash_input = verification_key_hash.to_vec(); - hash_input.extend_from_slice(message); + let mut shake = incremental::Xof::new(); + shake.absorb(&verification_key_hash); + shake.absorb_final(message); - Shake256::shake256::(&hash_input, &mut message_representative); + shake.squeeze(&mut message_representative); } let mut mask_seed = [0; MASK_SEED_SIZE]; diff --git a/libcrux-sha3/src/generic_keccak.rs b/libcrux-sha3/src/generic_keccak.rs index 49702c6a4..390ddc59c 100644 --- a/libcrux-sha3/src/generic_keccak.rs +++ b/libcrux-sha3/src/generic_keccak.rs @@ -82,45 +82,48 @@ impl< /// This works best with relatively small `inputs`. #[inline(always)] pub(crate) fn absorb(&mut self, inputs: [&[u8]; PARALLEL_LANES]) { - println!("state before absorb (xof)"); - for s in self.inner.st { - println!( - " {} {} {} {} {}", - STATE::print(&s[0]), - STATE::print(&s[1]), - STATE::print(&s[2]), - STATE::print(&s[3]), - STATE::print(&s[4]) - ); - } + // eprintln!("absorb ..."); + // eprintln!("state before absorb (xof)"); + // for s in self.inner.st { + // println!( + // " {} {} {} {} {}", + // STATE::print(&s[0]), + // STATE::print(&s[1]), + // STATE::print(&s[2]), + // STATE::print(&s[3]), + // STATE::print(&s[4]) + // ); + // } let remainder = self.absorb_full(inputs); + // eprintln!("remainder: {remainder}"); // ... buffer the rest if there's not enough input (left). if remainder > 0 { debug_assert!( self.buf_len == 0 // We consumed everything (or it was empty all along). || self.buf_len + remainder <= BLOCK_SIZE ); - eprintln!("buffering: {} bytes", remainder); + // eprintln!("buffering: {} bytes", remainder); let input_len = inputs[0].len(); for i in 0..PARALLEL_LANES { self.buf[i][self.buf_len..self.buf_len + remainder] .copy_from_slice(&inputs[i][input_len - remainder..]); } + self.buf_len += remainder; } - println!("state after absorb (xof)"); - for s in self.inner.st { - println!( - " {} {} {} {} {}", - STATE::print(&s[0]), - STATE::print(&s[1]), - STATE::print(&s[2]), - STATE::print(&s[3]), - STATE::print(&s[4]) - ); - } + // eprintln!("state after absorb (xof)"); + // for s in self.inner.st { + // eprintln!( + // " {} {} {} {} {}", + // STATE::print(&s[0]), + // STATE::print(&s[1]), + // STATE::print(&s[2]), + // STATE::print(&s[3]), + // STATE::print(&s[4]) + // ); + // } } fn absorb_full(&mut self, inputs: [&[u8]; PARALLEL_LANES]) -> usize { @@ -135,8 +138,8 @@ impl< // Check if there are buffered bytes to absorb first and consume them. let input_consumed = self.fill_buffer(inputs); - eprintln!("consumed: {input_consumed}"); - eprintln!("need to consume: {}", inputs[0].len() / BLOCK_SIZE); + // eprintln!("consumed: {input_consumed}"); + // eprintln!("need to consume: {}", inputs[0].len() / BLOCK_SIZE); if input_consumed > 0 { // We have a full block in the local buffer now. @@ -159,11 +162,7 @@ impl< // We only get in here if `input_len / RATE > 0`. STATE::load_block::( &mut self.inner.st, - STATE::slice_n( - inputs, - input_consumed * BLOCK_SIZE + i * BLOCK_SIZE, - BLOCK_SIZE, - ), + STATE::slice_n(inputs, input_consumed + i * BLOCK_SIZE, BLOCK_SIZE), ); keccakf1600(&mut self.inner); } @@ -179,6 +178,7 @@ impl< /// If `consumed > 0` is returned, `self.buf` contains a full block to be /// loaded. fn fill_buffer(&mut self, inputs: [&[u8]; PARALLEL_LANES]) -> usize { + // eprintln!("fill_buffer"); let input_len = inputs[0].len(); let mut consumed = 0; if self.buf_len > 0 { @@ -190,6 +190,7 @@ impl< for i in 0..PARALLEL_LANES { self.buf[i][self.buf_len..].copy_from_slice(&inputs[i][..consumed]); } + self.buf_len += consumed; } } consumed @@ -203,53 +204,62 @@ impl< pub(crate) fn absorb_final(&mut self, inputs: [&[u8]; PARALLEL_LANES]) { let remainder = self.absorb_full(inputs); - // ... buffer the rest if there's not enough input (left). - if remainder > 0 { - debug_assert!( - self.buf_len == 0 // We consumed everything (or it was empty all along). - || self.buf_len + remainder <= BLOCK_SIZE - ); - eprintln!("buffering: {} bytes", remainder); - } + // // Consume the remaining bytes. + // if remainder > 0 { + // debug_assert!( + // self.buf_len == 0 // We consumed everything (or it was empty all along). + // || self.buf_len + remainder <= BLOCK_SIZE + // ); + // eprintln!("buffering: {} bytes", remainder); + // } // Consume the remaining bytes. + // This may be in the local buffer or in the input. + let input_len = inputs[0].len(); let mut blocks = [[0u8; 200]; PARALLEL_LANES]; + // eprintln!("local buf: ({}) {:x?}", self.buf_len, self.buf); for i in 0..PARALLEL_LANES { - blocks[i][0..input_len].copy_from_slice(&inputs[i][consumed..]); - blocks[i][input_len] = DELIMITER; + if self.buf_len > 0 { + blocks[i][0..self.buf_len].copy_from_slice(&self.buf[i][0..self.buf_len]); + } + if remainder > 0 { + blocks[i][self.buf_len..self.buf_len + remainder] + .copy_from_slice(&inputs[i][input_len - remainder..]); + } + blocks[i][self.buf_len + remainder] = DELIMITER; blocks[i][BLOCK_SIZE - 1] |= 0x80; } - eprintln!("loading: {blocks:x?}"); + // eprintln!("loading: {blocks:x?}"); STATE::load_block_full::(&mut self.inner.st, blocks); keccakf1600(&mut self.inner); - println!("state after absorb final (xof)"); - for s in self.inner.st { - println!( - " {} {} {} {} {}", - STATE::print(&s[0]), - STATE::print(&s[1]), - STATE::print(&s[2]), - STATE::print(&s[3]), - STATE::print(&s[4]) - ); - } + // println!("state after absorb final (xof)"); + // for s in self.inner.st { + // println!( + // " {} {} {} {} {}", + // STATE::print(&s[0]), + // STATE::print(&s[1]), + // STATE::print(&s[2]), + // STATE::print(&s[3]), + // STATE::print(&s[4]) + // ); + // } } /// Squeeze `N` x `LEN` bytes. #[inline(always)] pub(crate) fn squeeze(&mut self, out: [&mut [u8]; PARALLEL_LANES]) { - println!("state before squeeze (xof)"); - for s in self.inner.st { - println!( - " {} {} {} {} {}", - STATE::print(&s[0]), - STATE::print(&s[1]), - STATE::print(&s[2]), - STATE::print(&s[3]), - STATE::print(&s[4]) - ); - } + // println!("state before squeeze (xof)"); + // for s in self.inner.st { + // println!( + // " {} {} {} {} {}", + // STATE::print(&s[0]), + // STATE::print(&s[1]), + // STATE::print(&s[2]), + // STATE::print(&s[3]), + // STATE::print(&s[4]) + // ); + // } if self.sponge { // If we called `squeeze` before, call f1600 first. // We do it this way around so that we don't call f1600 at the end @@ -555,17 +565,17 @@ pub(crate) fn keccak, const RATE: usize, c let blocks = outlen / RATE; let last = outlen - (outlen % RATE); - println!("state before squeeze"); - for s in s.st { - println!( - " {} {} {} {} {}", - T::print(&s[0]), - T::print(&s[1]), - T::print(&s[2]), - T::print(&s[3]), - T::print(&s[4]) - ); - } + // println!("state before squeeze"); + // for s in s.st { + // println!( + // " {} {} {} {} {}", + // T::print(&s[0]), + // T::print(&s[1]), + // T::print(&s[2]), + // T::print(&s[3]), + // T::print(&s[4]) + // ); + // } if blocks == 0 { squeeze_first_and_last::(&s, out) diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index 5532f64a0..e57435561 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -215,14 +215,14 @@ pub mod portable { #[inline(always)] fn keccakx1(data: [&[u8]; 1], out: [&mut [u8]; 1]) { - keccak_xof::<1, u64, RATE, DELIM>(data, out); + // or keccak_xof + generic_keccak::keccak::<1, u64, RATE, DELIM>(data, out); } /// A portable SHA3 224 implementation. #[inline(always)] pub fn sha224(digest: &mut [u8], data: &[u8]) { keccakx1::<144, 0x06u8>([data], [digest]); - // generic_keccak::keccak::<1, u64, 144, 0x06u8>([data], [digest]); } /// A portable SHA3 256 implementation. @@ -259,11 +259,41 @@ pub mod portable { pub mod incremental { use generic_keccak::{ absorb_final, squeeze_first_block, squeeze_first_five_blocks, - squeeze_first_three_blocks, squeeze_next_block, + squeeze_first_three_blocks, squeeze_next_block, KeccakXofState, }; use super::*; + /// Incremental Xof state + pub struct Xof { + state: KeccakXofState<1, BLOCK_SIZE, u64>, + } + + /// Shake256 + impl Xof<136> { + /// Shake256 new state + pub fn new() -> Self { + Self { + state: KeccakXofState::<1, 136, u64>::new(), + } + } + + /// Shake256 absorb + pub fn absorb(&mut self, input: &[u8]) { + self.state.absorb([input]); + } + + /// Shake256 absorb final + pub fn absorb_final(&mut self, input: &[u8]) { + self.state.absorb_final::<0x1fu8>([input]); + } + + /// Shake256 squeeze + pub fn squeeze(&mut self, out: &mut [u8]) { + self.state.squeeze([out]); + } + } + /// Create a new SHAKE-128 state object. #[inline(always)] pub fn shake128_init() -> KeccakState { @@ -303,6 +333,7 @@ pub mod portable { state: GenericState::<1, u64>::new(), } } + /// Absorb some data for SHAKE-256 for the last time #[inline(always)] pub fn shake256_absorb_final(s: &mut KeccakState, data: &[u8]) { diff --git a/libcrux-sha3/tests/cavp.rs b/libcrux-sha3/tests/cavp.rs index f06b40500..b5943283a 100644 --- a/libcrux-sha3/tests/cavp.rs +++ b/libcrux-sha3/tests/cavp.rs @@ -16,9 +16,9 @@ macro_rules! sha3_test { c += 1; let my_digest: $digest = sha3($algorithm, &test.msg[0..test.msg_length / 8]); assert_eq!(&my_digest, &test.digest[..]); - if c == 2 { - break; - } + // if c == 2 { + // break; + // } } } }; From dcb7944c8d3b6aea0997a57f61eee324ee6aa13d Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 29 Jul 2024 22:12:52 +0200 Subject: [PATCH 016/172] started cleanup --- libcrux-sha3/src/generic_keccak.rs | 76 +----------------------------- 1 file changed, 1 insertion(+), 75 deletions(-) diff --git a/libcrux-sha3/src/generic_keccak.rs b/libcrux-sha3/src/generic_keccak.rs index 390ddc59c..e8df1fed6 100644 --- a/libcrux-sha3/src/generic_keccak.rs +++ b/libcrux-sha3/src/generic_keccak.rs @@ -82,29 +82,14 @@ impl< /// This works best with relatively small `inputs`. #[inline(always)] pub(crate) fn absorb(&mut self, inputs: [&[u8]; PARALLEL_LANES]) { - // eprintln!("absorb ..."); - // eprintln!("state before absorb (xof)"); - // for s in self.inner.st { - // println!( - // " {} {} {} {} {}", - // STATE::print(&s[0]), - // STATE::print(&s[1]), - // STATE::print(&s[2]), - // STATE::print(&s[3]), - // STATE::print(&s[4]) - // ); - // } - let remainder = self.absorb_full(inputs); - // eprintln!("remainder: {remainder}"); // ... buffer the rest if there's not enough input (left). if remainder > 0 { debug_assert!( self.buf_len == 0 // We consumed everything (or it was empty all along). || self.buf_len + remainder <= BLOCK_SIZE ); - // eprintln!("buffering: {} bytes", remainder); let input_len = inputs[0].len(); for i in 0..PARALLEL_LANES { @@ -113,17 +98,6 @@ impl< } self.buf_len += remainder; } - // eprintln!("state after absorb (xof)"); - // for s in self.inner.st { - // eprintln!( - // " {} {} {} {} {}", - // STATE::print(&s[0]), - // STATE::print(&s[1]), - // STATE::print(&s[2]), - // STATE::print(&s[3]), - // STATE::print(&s[4]) - // ); - // } } fn absorb_full(&mut self, inputs: [&[u8]; PARALLEL_LANES]) -> usize { @@ -138,8 +112,6 @@ impl< // Check if there are buffered bytes to absorb first and consume them. let input_consumed = self.fill_buffer(inputs); - // eprintln!("consumed: {input_consumed}"); - // eprintln!("need to consume: {}", inputs[0].len() / BLOCK_SIZE); if input_consumed > 0 { // We have a full block in the local buffer now. @@ -178,7 +150,6 @@ impl< /// If `consumed > 0` is returned, `self.buf` contains a full block to be /// loaded. fn fill_buffer(&mut self, inputs: [&[u8]; PARALLEL_LANES]) -> usize { - // eprintln!("fill_buffer"); let input_len = inputs[0].len(); let mut consumed = 0; if self.buf_len > 0 { @@ -204,20 +175,10 @@ impl< pub(crate) fn absorb_final(&mut self, inputs: [&[u8]; PARALLEL_LANES]) { let remainder = self.absorb_full(inputs); - // // Consume the remaining bytes. - // if remainder > 0 { - // debug_assert!( - // self.buf_len == 0 // We consumed everything (or it was empty all along). - // || self.buf_len + remainder <= BLOCK_SIZE - // ); - // eprintln!("buffering: {} bytes", remainder); - // } - // Consume the remaining bytes. // This may be in the local buffer or in the input. let input_len = inputs[0].len(); let mut blocks = [[0u8; 200]; PARALLEL_LANES]; - // eprintln!("local buf: ({}) {:x?}", self.buf_len, self.buf); for i in 0..PARALLEL_LANES { if self.buf_len > 0 { blocks[i][0..self.buf_len].copy_from_slice(&self.buf[i][0..self.buf_len]); @@ -229,37 +190,14 @@ impl< blocks[i][self.buf_len + remainder] = DELIMITER; blocks[i][BLOCK_SIZE - 1] |= 0x80; } - // eprintln!("loading: {blocks:x?}"); + STATE::load_block_full::(&mut self.inner.st, blocks); keccakf1600(&mut self.inner); - - // println!("state after absorb final (xof)"); - // for s in self.inner.st { - // println!( - // " {} {} {} {} {}", - // STATE::print(&s[0]), - // STATE::print(&s[1]), - // STATE::print(&s[2]), - // STATE::print(&s[3]), - // STATE::print(&s[4]) - // ); - // } } /// Squeeze `N` x `LEN` bytes. #[inline(always)] pub(crate) fn squeeze(&mut self, out: [&mut [u8]; PARALLEL_LANES]) { - // println!("state before squeeze (xof)"); - // for s in self.inner.st { - // println!( - // " {} {} {} {} {}", - // STATE::print(&s[0]), - // STATE::print(&s[1]), - // STATE::print(&s[2]), - // STATE::print(&s[3]), - // STATE::print(&s[4]) - // ); - // } if self.sponge { // If we called `squeeze` before, call f1600 first. // We do it this way around so that we don't call f1600 at the end @@ -565,18 +503,6 @@ pub(crate) fn keccak, const RATE: usize, c let blocks = outlen / RATE; let last = outlen - (outlen % RATE); - // println!("state before squeeze"); - // for s in s.st { - // println!( - // " {} {} {} {} {}", - // T::print(&s[0]), - // T::print(&s[1]), - // T::print(&s[2]), - // T::print(&s[3]), - // T::print(&s[4]) - // ); - // } - if blocks == 0 { squeeze_first_and_last::(&s, out) } else { From 27c3955fca1933f0c028b0e8c8281f6bdbbf2df8 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 29 Jul 2024 22:15:59 +0200 Subject: [PATCH 017/172] no more vecs in mldsa --- libcrux-ml-dsa/src/ml_dsa_generic.rs | 34 ++++++++++++++-------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs index fc29fed99..99644a6bf 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs @@ -146,7 +146,6 @@ pub(crate) fn sign< into_padded_array(&seed_for_A), ); - // TODO: Remove the use of to_vec with an incremental SHAKE-256 absorb API. let mut message_representative = [0; MESSAGE_REPRESENTATIVE_SIZE]; { let mut shake = incremental::Xof::new(); @@ -158,11 +157,12 @@ pub(crate) fn sign< let mut mask_seed = [0; MASK_SEED_SIZE]; { - let mut hash_input = seed_for_signing.to_vec(); - hash_input.extend_from_slice(&randomness); - hash_input.extend_from_slice(&message_representative); + let mut shake = incremental::Xof::new(); + shake.absorb(&seed_for_signing); + shake.absorb(&randomness); + shake.absorb_final(&message_representative); - Shake256::shake256::(&hash_input, &mut mask_seed); + shake.squeeze(&mut mask_seed); } let mut domain_separator_for_mask: u16 = 0; @@ -204,10 +204,11 @@ pub(crate) fn sign< COMMITMENT_VECTOR_SIZE, >(commitment); - let mut hash_input = message_representative.to_vec(); - hash_input.extend_from_slice(&commitment_serialized); + let mut shake = incremental::Xof::new(); + shake.absorb(&message_representative); + shake.absorb_final(&commitment_serialized); - Shake256::shake256::(&hash_input, &mut commitment_hash); + shake.squeeze(&mut commitment_hash); } let verifier_challenge_as_ntt = ntt(sample_challenge_ring_element::< @@ -331,13 +332,11 @@ pub(crate) fn verify< ); let mut message_representative = [0; MESSAGE_REPRESENTATIVE_SIZE]; { - let mut hash_input = verification_key_hash.to_vec(); - hash_input.extend_from_slice(message); + let mut shake = incremental::Xof::new(); + shake.absorb(&verification_key_hash); + shake.absorb_final(&message); - Shake256::shake256::( - &hash_input, - &mut message_representative, - ) + shake.squeeze(&mut message_representative); }; let verifier_challenge_as_ntt = ntt(sample_challenge_ring_element::< @@ -367,10 +366,11 @@ pub(crate) fn verify< COMMITMENT_VECTOR_SIZE, >(commitment); - let mut hash_input = message_representative.to_vec(); - hash_input.extend_from_slice(&commitment_serialized); + let mut shake = incremental::Xof::new(); + shake.absorb(&message_representative); + shake.absorb_final(&commitment_serialized); - Shake256::shake256::(&hash_input, &mut commitment_hash); + shake.squeeze(&mut commitment_hash); } if signature.commitment_hash != commitment_hash { From 1d09b7119ac8babaf6dd1be92ab83231fea1e929 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 29 Jul 2024 22:16:33 +0200 Subject: [PATCH 018/172] drop comment in cavp --- libcrux-sha3/tests/cavp.rs | 3 --- 1 file changed, 3 deletions(-) diff --git a/libcrux-sha3/tests/cavp.rs b/libcrux-sha3/tests/cavp.rs index b5943283a..d74644d8a 100644 --- a/libcrux-sha3/tests/cavp.rs +++ b/libcrux-sha3/tests/cavp.rs @@ -16,9 +16,6 @@ macro_rules! sha3_test { c += 1; let my_digest: $digest = sha3($algorithm, &test.msg[0..test.msg_length / 8]); assert_eq!(&my_digest, &test.digest[..]); - // if c == 2 { - // break; - // } } } }; From c69b0f8e351fbbc188e2364d018155d0cafb546e Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 29 Jul 2024 22:20:00 +0200 Subject: [PATCH 019/172] more cleanup --- libcrux-sha3/src/lib.rs | 14 +++++++------- libcrux-sha3/src/portable_keccak.rs | 4 ---- libcrux-sha3/src/simd/arm64.rs | 6 +----- libcrux-sha3/src/traits.rs | 1 - 4 files changed, 8 insertions(+), 17 deletions(-) diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index e57435561..5464e4e99 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -2,7 +2,7 @@ //! //! A SHA3 implementation with optional simd optimisations. -// #![no_std] +#![no_std] #![forbid(unsafe_code)] #![deny(missing_docs)] @@ -205,7 +205,7 @@ pub fn shake256_ema(out: &mut [u8], data: &[u8]) { /// A portable SHA3 implementations without platform dependent optimisations. pub mod portable { use super::*; - use generic_keccak::{keccak_xof, KeccakState as GenericState}; + use generic_keccak::KeccakState as GenericState; /// The Keccak state for the incremental API. #[derive(Clone, Copy)] @@ -1073,11 +1073,11 @@ pub mod avx2 { /// Squeeze five blocks #[inline(always)] pub fn shake128_squeeze_first_five_blocks( - s: &mut KeccakState, - out0: &mut [u8], - out1: &mut [u8], - out2: &mut [u8], - out3: &mut [u8], + _s: &mut KeccakState, + _out0: &mut [u8], + _out1: &mut [u8], + _out2: &mut [u8], + _out3: &mut [u8], ) { #[cfg(not(feature = "simd256"))] unimplemented!(); diff --git a/libcrux-sha3/src/portable_keccak.rs b/libcrux-sha3/src/portable_keccak.rs index 850515d35..d178a01ef 100644 --- a/libcrux-sha3/src/portable_keccak.rs +++ b/libcrux-sha3/src/portable_keccak.rs @@ -146,8 +146,4 @@ impl KeccakItem<1> for u64 { ); } } - - fn print(&self) -> std::string::String { - format!("{:x?}", self).to_string() - } } diff --git a/libcrux-sha3/src/simd/arm64.rs b/libcrux-sha3/src/simd/arm64.rs index ef94331fc..6d2c24394 100644 --- a/libcrux-sha3/src/simd/arm64.rs +++ b/libcrux-sha3/src/simd/arm64.rs @@ -191,11 +191,7 @@ impl KeccakItem<2> for uint64x2_t { split_at_mut_2(a, mid) } - fn store(state: &[[Self; 5]; 5], out: [&mut [u8]; 2]) { - todo!() - } - - fn print(&self) -> std::string::String { + fn store(_state: &[[Self; 5]; 5], _out: [&mut [u8]; 2]) { todo!() } } diff --git a/libcrux-sha3/src/traits.rs b/libcrux-sha3/src/traits.rs index cd04a7e29..6206f905d 100644 --- a/libcrux-sha3/src/traits.rs +++ b/libcrux-sha3/src/traits.rs @@ -22,6 +22,5 @@ pub(crate) mod internal { fn slice_n(a: [&[u8]; N], start: usize, len: usize) -> [&[u8]; N]; fn split_at_mut_n(a: [&mut [u8]; N], mid: usize) -> ([&mut [u8]; N], [&mut [u8]; N]); fn store(state: &[[Self; 5]; 5], out: [&mut [u8]; N]); - fn print(&self) -> std::string::String; } } From cac35f2c1598a0a845fa5aac28224e9d5d30990d Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 30 Jul 2024 11:07:19 +0200 Subject: [PATCH 020/172] Restore AVX2 build --- libcrux-sha3/src/lib.rs | 10 +++++----- libcrux-sha3/src/simd/avx2.rs | 4 ++++ 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index 5464e4e99..e7af1a5da 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -1073,11 +1073,11 @@ pub mod avx2 { /// Squeeze five blocks #[inline(always)] pub fn shake128_squeeze_first_five_blocks( - _s: &mut KeccakState, - _out0: &mut [u8], - _out1: &mut [u8], - _out2: &mut [u8], - _out3: &mut [u8], + s: &mut KeccakState, + out0: &mut [u8], + out1: &mut [u8], + out2: &mut [u8], + out3: &mut [u8], ) { #[cfg(not(feature = "simd256"))] unimplemented!(); diff --git a/libcrux-sha3/src/simd/avx2.rs b/libcrux-sha3/src/simd/avx2.rs index f55de7ffb..d6cefddd8 100644 --- a/libcrux-sha3/src/simd/avx2.rs +++ b/libcrux-sha3/src/simd/avx2.rs @@ -241,4 +241,8 @@ impl KeccakItem<4> for Vec256 { fn split_at_mut_n(a: [&mut [u8]; 4], mid: usize) -> ([&mut [u8]; 4], [&mut [u8]; 4]) { split_at_mut_4(a, mid) } + + fn store(state: &[[Self; 5]; 5], out: [&mut [u8]; 4]) { + todo!() + } } From 4044c78baf35fc5822c16fb1a78af09dfaced118 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 31 Jul 2024 15:48:57 +0200 Subject: [PATCH 021/172] Remove warnings about unused function parameters --- libcrux-sha3/src/simd/avx2.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-sha3/src/simd/avx2.rs b/libcrux-sha3/src/simd/avx2.rs index d6cefddd8..92783b3b8 100644 --- a/libcrux-sha3/src/simd/avx2.rs +++ b/libcrux-sha3/src/simd/avx2.rs @@ -242,7 +242,7 @@ impl KeccakItem<4> for Vec256 { split_at_mut_4(a, mid) } - fn store(state: &[[Self; 5]; 5], out: [&mut [u8]; 4]) { + fn store(_state: &[[Self; 5]; 5], _out: [&mut [u8]; 4]) { todo!() } } From 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 31 Jul 2024 15:59:06 +0200 Subject: [PATCH 022/172] Change naming: `RATE` is what the standard uses for `BLOCK(_)SIZE` --- libcrux-sha3/src/generic_keccak.rs | 77 ++++++++++++++--------------- libcrux-sha3/src/lib.rs | 9 ++-- libcrux-sha3/src/portable_keccak.rs | 30 +++++------ libcrux-sha3/src/simd/arm64.rs | 18 +++---- libcrux-sha3/src/simd/avx2.rs | 18 +++---- libcrux-sha3/src/traits.rs | 10 ++-- 6 files changed, 80 insertions(+), 82 deletions(-) diff --git a/libcrux-sha3/src/generic_keccak.rs b/libcrux-sha3/src/generic_keccak.rs index e8df1fed6..a1aa9c8ac 100644 --- a/libcrux-sha3/src/generic_keccak.rs +++ b/libcrux-sha3/src/generic_keccak.rs @@ -35,13 +35,13 @@ impl> KeccakState { #[derive(Clone, Copy)] pub(crate) struct KeccakXofState< const PARALLEL_LANES: usize, - const BLOCK_SIZE: usize, + const RATE: usize, STATE: KeccakStateItem, > { inner: KeccakState, // Buffer inputs on absorb. - buf: [[u8; BLOCK_SIZE]; PARALLEL_LANES], + buf: [[u8; RATE]; PARALLEL_LANES], // Buffered length. buf_len: usize, @@ -50,15 +50,12 @@ pub(crate) struct KeccakXofState< sponge: bool, } -impl< - const PARALLEL_LANES: usize, - const BLOCK_SIZE: usize, - STATE: KeccakStateItem, - > KeccakXofState +impl> + KeccakXofState { /// An all zero block - pub(crate) const fn zero_block() -> [u8; BLOCK_SIZE] { - [0u8; BLOCK_SIZE] + pub(crate) const fn zero_block() -> [u8; RATE] { + [0u8; RATE] } /// Generate a new keccak xof state. @@ -82,27 +79,27 @@ impl< /// This works best with relatively small `inputs`. #[inline(always)] pub(crate) fn absorb(&mut self, inputs: [&[u8]; PARALLEL_LANES]) { - let remainder = self.absorb_full(inputs); + let input_remainder_len = self.absorb_full(inputs); // ... buffer the rest if there's not enough input (left). - if remainder > 0 { + if input_remainder_len > 0 { debug_assert!( self.buf_len == 0 // We consumed everything (or it was empty all along). - || self.buf_len + remainder <= BLOCK_SIZE + || self.buf_len + input_remainder_len <= RATE ); let input_len = inputs[0].len(); for i in 0..PARALLEL_LANES { - self.buf[i][self.buf_len..self.buf_len + remainder] - .copy_from_slice(&inputs[i][input_len - remainder..]); + self.buf[i][self.buf_len..self.buf_len + input_remainder_len] + .copy_from_slice(&inputs[i][input_len - input_remainder_len..]); } - self.buf_len += remainder; + self.buf_len += input_remainder_len; } } fn absorb_full(&mut self, inputs: [&[u8]; PARALLEL_LANES]) -> usize { debug_assert!(PARALLEL_LANES > 0); - debug_assert!(self.buf_len < BLOCK_SIZE); + debug_assert!(self.buf_len < RATE); #[cfg(debug_assertions)] { for block in inputs { @@ -117,7 +114,7 @@ impl< // We have a full block in the local buffer now. let borrowed: [&[u8]; PARALLEL_LANES] = core::array::from_fn(|i| &self.buf[i] as &[u8]); - STATE::load_block::(&mut self.inner.st, borrowed); + STATE::load_block::(&mut self.inner.st, borrowed); keccakf1600(&mut self.inner); // "empty" the local buffer @@ -128,13 +125,13 @@ impl< let input_to_consume = inputs[0].len() - input_consumed; // Consume the (rest of the) input ... - let num_blocks = input_to_consume / BLOCK_SIZE; - let remainder = input_to_consume % BLOCK_SIZE; + let num_blocks = input_to_consume / RATE; + let remainder = input_to_consume % RATE; for i in 0..num_blocks { // We only get in here if `input_len / RATE > 0`. - STATE::load_block::( + STATE::load_block::( &mut self.inner.st, - STATE::slice_n(inputs, input_consumed + i * BLOCK_SIZE, BLOCK_SIZE), + STATE::slice_n(inputs, input_consumed + i * RATE, RATE), ); keccakf1600(&mut self.inner); } @@ -143,7 +140,7 @@ impl< } /// Consume the internal buffer and the required amount of the input to pad to - /// `BLOCK_SIZE`. + /// `RATE`. /// /// Returns the `consumed` bytes from `inputs` if there's enough buffered /// content to consume, and `0` otherwise. @@ -154,10 +151,10 @@ impl< let mut consumed = 0; if self.buf_len > 0 { // There's something buffered internally to consume. - if self.buf_len + input_len >= BLOCK_SIZE { + if self.buf_len + input_len >= RATE { // We have enough data when combining the internal buffer and // the input. - consumed = BLOCK_SIZE - self.buf_len; + consumed = RATE - self.buf_len; for i in 0..PARALLEL_LANES { self.buf[i][self.buf_len..].copy_from_slice(&inputs[i][..consumed]); } @@ -173,7 +170,7 @@ impl< /// `RATE` bytes is ignored. #[inline(always)] pub(crate) fn absorb_final(&mut self, inputs: [&[u8]; PARALLEL_LANES]) { - let remainder = self.absorb_full(inputs); + let input_remainder_len = self.absorb_full(inputs); // Consume the remaining bytes. // This may be in the local buffer or in the input. @@ -183,15 +180,15 @@ impl< if self.buf_len > 0 { blocks[i][0..self.buf_len].copy_from_slice(&self.buf[i][0..self.buf_len]); } - if remainder > 0 { - blocks[i][self.buf_len..self.buf_len + remainder] - .copy_from_slice(&inputs[i][input_len - remainder..]); + if input_remainder_len > 0 { + blocks[i][self.buf_len..self.buf_len + input_remainder_len] + .copy_from_slice(&inputs[i][input_len - input_remainder_len..]); } - blocks[i][self.buf_len + remainder] = DELIMITER; - blocks[i][BLOCK_SIZE - 1] |= 0x80; + blocks[i][self.buf_len + input_remainder_len] = DELIMITER; + blocks[i][RATE - 1] |= 0x80; } - STATE::load_block_full::(&mut self.inner.st, blocks); + STATE::load_block_full::(&mut self.inner.st, blocks); keccakf1600(&mut self.inner); } @@ -207,26 +204,26 @@ impl< // How many blocks do we need to squeeze out? let out_len = out[0].len(); - let blocks = out_len / BLOCK_SIZE; - let last = out_len - (out_len % BLOCK_SIZE); + let blocks = out_len / RATE; + let last = out_len - (out_len % RATE); // Squeeze out one to start with. - let (out0, mut out_rest) = STATE::split_at_mut_n(out, BLOCK_SIZE.min(out_len)); - STATE::store::(&self.inner.st, out0); + let (out0, mut out_rest) = STATE::split_at_mut_n(out, RATE.min(out_len)); + STATE::store::(&self.inner.st, out0); // If we got asked for more than one block, squeeze out more. for _ in 1..blocks { // Here we know that we always have full blocks to write out. - let (out0, tmp) = STATE::split_at_mut_n(out_rest, BLOCK_SIZE); + let (out0, tmp) = STATE::split_at_mut_n(out_rest, RATE); keccakf1600(&mut self.inner); - STATE::store::(&self.inner.st, out0); + STATE::store::(&self.inner.st, out0); out_rest = tmp; } if last < out_len { // Squeeze out the last partial block keccakf1600(&mut self.inner); - STATE::store::(&self.inner.st, out_rest); + STATE::store::(&self.inner.st, out_rest); } self.sponge = true; @@ -523,13 +520,13 @@ pub(crate) fn keccak, const RATE: usize, c pub(crate) fn keccak_xof< const PARALLEL_LANES: usize, STATE: KeccakStateItem, - const BLOCK_SIZE: usize, + const RATE: usize, const DELIMITER: u8, >( data: [&[u8]; PARALLEL_LANES], out: [&mut [u8]; PARALLEL_LANES], ) { - let mut state = KeccakXofState::::new(); + let mut state = KeccakXofState::::new(); state.absorb(data); state.absorb_final::([&[]; PARALLEL_LANES]); state.squeeze(out); diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index e7af1a5da..0ac4c5feb 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -202,7 +202,7 @@ pub fn shake256_ema(out: &mut [u8], data: &[u8]) { // === The portable instantiation === // -/// A portable SHA3 implementations without platform dependent optimisations. +/// A portable SHA3 implementation without platform dependent optimisations. pub mod portable { use super::*; use generic_keccak::KeccakState as GenericState; @@ -215,7 +215,8 @@ pub mod portable { #[inline(always)] fn keccakx1(data: [&[u8]; 1], out: [&mut [u8]; 1]) { - // or keccak_xof + // generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); + // or generic_keccak::keccak::<1, u64, RATE, DELIM>(data, out); } @@ -265,8 +266,8 @@ pub mod portable { use super::*; /// Incremental Xof state - pub struct Xof { - state: KeccakXofState<1, BLOCK_SIZE, u64>, + pub struct Xof { + state: KeccakXofState<1, RATE, u64>, } /// Shake256 diff --git a/libcrux-sha3/src/portable_keccak.rs b/libcrux-sha3/src/portable_keccak.rs index d178a01ef..1bc4b7235 100644 --- a/libcrux-sha3/src/portable_keccak.rs +++ b/libcrux-sha3/src/portable_keccak.rs @@ -105,20 +105,20 @@ impl KeccakItem<1> for u64 { a ^ b } #[inline(always)] - fn load_block(a: &mut [[Self; 5]; 5], b: [&[u8]; 1]) { - load_block::(a, b) + fn load_block(a: &mut [[Self; 5]; 5], b: [&[u8]; 1]) { + load_block::(a, b) } #[inline(always)] - fn store_block(a: &[[Self; 5]; 5], b: [&mut [u8]; 1]) { - store_block::(a, b) + fn store_block(a: &[[Self; 5]; 5], b: [&mut [u8]; 1]) { + store_block::(a, b) } #[inline(always)] - fn load_block_full(a: &mut [[Self; 5]; 5], b: [[u8; 200]; 1]) { - load_block_full::(a, b) + fn load_block_full(a: &mut [[Self; 5]; 5], b: [[u8; 200]; 1]) { + load_block_full::(a, b) } #[inline(always)] - fn store_block_full(a: &[[Self; 5]; 5]) -> [[u8; 200]; 1] { - store_block_full::(a) + fn store_block_full(a: &[[Self; 5]; 5]) -> [[u8; 200]; 1] { + store_block_full::(a) } #[inline(always)] fn slice_n(a: [&[u8]; 1], start: usize, len: usize) -> [&[u8]; 1] { @@ -129,20 +129,20 @@ impl KeccakItem<1> for u64 { split_at_mut_1(a, mid) } - /// `out` has the exact size we want here. It must be less than or equal to `BLOCKSIZE`. + /// `out` has the exact size we want here. It must be less than or equal to `RATE`. #[inline(always)] - fn store(state: &[[Self; 5]; 5], out: [&mut [u8]; 1]) { - debug_assert!(out.len() <= BLOCKSIZE / 8, "{} > {}", out.len(), BLOCKSIZE); + fn store(state: &[[Self; 5]; 5], out: [&mut [u8]; 1]) { + debug_assert!(out.len() <= RATE / 8, "{} > {}", out.len(), RATE); - let num_blocks = out[0].len() / 8; + let num_full_blocks = out[0].len() / 8; let last_block_len = out[0].len() % 8; - for i in 0..num_blocks { + for i in 0..num_full_blocks { out[0][i * 8..i * 8 + 8].copy_from_slice(&state[i / 5][i % 5].to_le_bytes()); } if last_block_len != 0 { - out[0][num_blocks * 8..num_blocks * 8 + last_block_len].copy_from_slice( - &state[num_blocks / 5][num_blocks % 5].to_le_bytes()[0..last_block_len], + out[0][num_full_blocks * 8..num_full_blocks * 8 + last_block_len].copy_from_slice( + &state[num_full_blocks / 5][num_full_blocks % 5].to_le_bytes()[0..last_block_len], ); } } diff --git a/libcrux-sha3/src/simd/arm64.rs b/libcrux-sha3/src/simd/arm64.rs index 6d2c24394..481207525 100644 --- a/libcrux-sha3/src/simd/arm64.rs +++ b/libcrux-sha3/src/simd/arm64.rs @@ -167,20 +167,20 @@ impl KeccakItem<2> for uint64x2_t { _veorq_u64(a, b) } #[inline(always)] - fn load_block(a: &mut [[Self; 5]; 5], b: [&[u8]; 2]) { - load_block::(a, b) + fn load_block(a: &mut [[Self; 5]; 5], b: [&[u8]; 2]) { + load_block::(a, b) } #[inline(always)] - fn store_block(a: &[[Self; 5]; 5], b: [&mut [u8]; 2]) { - store_block::(a, b) + fn store_block(a: &[[Self; 5]; 5], b: [&mut [u8]; 2]) { + store_block::(a, b) } #[inline(always)] - fn load_block_full(a: &mut [[Self; 5]; 5], b: [[u8; 200]; 2]) { - load_block_full::(a, b) + fn load_block_full(a: &mut [[Self; 5]; 5], b: [[u8; 200]; 2]) { + load_block_full::(a, b) } #[inline(always)] - fn store_block_full(a: &[[Self; 5]; 5]) -> [[u8; 200]; 2] { - store_block_full::(a) + fn store_block_full(a: &[[Self; 5]; 5]) -> [[u8; 200]; 2] { + store_block_full::(a) } #[inline(always)] fn slice_n(a: [&[u8]; 2], start: usize, len: usize) -> [&[u8]; 2] { @@ -191,7 +191,7 @@ impl KeccakItem<2> for uint64x2_t { split_at_mut_2(a, mid) } - fn store(_state: &[[Self; 5]; 5], _out: [&mut [u8]; 2]) { + fn store(_state: &[[Self; 5]; 5], _out: [&mut [u8]; 2]) { todo!() } } diff --git a/libcrux-sha3/src/simd/avx2.rs b/libcrux-sha3/src/simd/avx2.rs index 92783b3b8..c7b7a98c8 100644 --- a/libcrux-sha3/src/simd/avx2.rs +++ b/libcrux-sha3/src/simd/avx2.rs @@ -218,20 +218,20 @@ impl KeccakItem<4> for Vec256 { mm256_xor_si256(a, b) } #[inline(always)] - fn load_block(a: &mut [[Self; 5]; 5], b: [&[u8]; 4]) { - load_block::(a, b) + fn load_block(a: &mut [[Self; 5]; 5], b: [&[u8]; 4]) { + load_block::(a, b) } #[inline(always)] - fn store_block(a: &[[Self; 5]; 5], b: [&mut [u8]; 4]) { - store_block::(a, b) + fn store_block(a: &[[Self; 5]; 5], b: [&mut [u8]; 4]) { + store_block::(a, b) } #[inline(always)] - fn load_block_full(a: &mut [[Self; 5]; 5], b: [[u8; 200]; 4]) { - load_block_full::(a, b) + fn load_block_full(a: &mut [[Self; 5]; 5], b: [[u8; 200]; 4]) { + load_block_full::(a, b) } #[inline(always)] - fn store_block_full(a: &[[Self; 5]; 5]) -> [[u8; 200]; 4] { - store_block_full::(a) + fn store_block_full(a: &[[Self; 5]; 5]) -> [[u8; 200]; 4] { + store_block_full::(a) } #[inline(always)] fn slice_n(a: [&[u8]; 4], start: usize, len: usize) -> [&[u8]; 4] { @@ -242,7 +242,7 @@ impl KeccakItem<4> for Vec256 { split_at_mut_4(a, mid) } - fn store(_state: &[[Self; 5]; 5], _out: [&mut [u8]; 4]) { + fn store(_state: &[[Self; 5]; 5], _out: [&mut [u8]; 4]) { todo!() } } diff --git a/libcrux-sha3/src/traits.rs b/libcrux-sha3/src/traits.rs index 6206f905d..3f7414f50 100644 --- a/libcrux-sha3/src/traits.rs +++ b/libcrux-sha3/src/traits.rs @@ -15,12 +15,12 @@ pub(crate) mod internal { fn and_not_xor(a: Self, b: Self, c: Self) -> Self; fn xor_constant(a: Self, c: u64) -> Self; fn xor(a: Self, b: Self) -> Self; - fn load_block(a: &mut [[Self; 5]; 5], b: [&[u8]; N]); - fn store_block(a: &[[Self; 5]; 5], b: [&mut [u8]; N]); - fn load_block_full(a: &mut [[Self; 5]; 5], b: [[u8; 200]; N]); - fn store_block_full(a: &[[Self; 5]; 5]) -> [[u8; 200]; N]; + fn load_block(a: &mut [[Self; 5]; 5], b: [&[u8]; N]); + fn store_block(a: &[[Self; 5]; 5], b: [&mut [u8]; N]); + fn load_block_full(a: &mut [[Self; 5]; 5], b: [[u8; 200]; N]); + fn store_block_full(a: &[[Self; 5]; 5]) -> [[u8; 200]; N]; fn slice_n(a: [&[u8]; N], start: usize, len: usize) -> [&[u8]; N]; fn split_at_mut_n(a: [&mut [u8]; N], mid: usize) -> ([&mut [u8]; N], [&mut [u8]; N]); - fn store(state: &[[Self; 5]; 5], out: [&mut [u8]; N]); + fn store(state: &[[Self; 5]; 5], out: [&mut [u8]; N]); } } From e75875f50f5d323c3bbe4cf2d488748cd4ebb159 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Thu, 1 Aug 2024 09:33:10 +0200 Subject: [PATCH 023/172] Repair C extraction --- libcrux-sha3/src/generic_keccak.rs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libcrux-sha3/src/generic_keccak.rs b/libcrux-sha3/src/generic_keccak.rs index a1aa9c8ac..e55d88a25 100644 --- a/libcrux-sha3/src/generic_keccak.rs +++ b/libcrux-sha3/src/generic_keccak.rs @@ -6,7 +6,7 @@ use core::ops::Index; use crate::traits::*; #[cfg_attr(hax, hax_lib::opaque_type)] -#[derive(Debug, Clone, Copy)] +#[derive(Clone, Copy)] pub(crate) struct KeccakState> { st: [[T; 5]; 5], } @@ -32,7 +32,6 @@ impl> KeccakState { /// The internal keccak state that can also buffer inputs to absorb. /// This is used in the general xof APIs. #[cfg_attr(hax, hax_lib::opaque_type)] -#[derive(Clone, Copy)] pub(crate) struct KeccakXofState< const PARALLEL_LANES: usize, const RATE: usize, @@ -208,7 +207,10 @@ impl= out_len {out_len} else {RATE}; + let (out0, mut out_rest) = STATE::split_at_mut_n(out, mid); STATE::store::(&self.inner.st, out0); // If we got asked for more than one block, squeeze out more. From 4ea7835e7144ba71d7798e5853f07e372b0c37b2 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Thu, 1 Aug 2024 09:33:37 +0200 Subject: [PATCH 024/172] Update C code --- libcrux-ml-kem/c/code_gen.txt | 6 +- libcrux-ml-kem/c/internal/libcrux_core.h | 16 +- .../c/internal/libcrux_mlkem_avx2.h | 6 +- .../c/internal/libcrux_mlkem_portable.h | 6 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 6 +- .../c/internal/libcrux_sha3_internal.h | 479 +++++++++++++++++- libcrux-ml-kem/c/libcrux_core.c | 6 +- libcrux-ml-kem/c/libcrux_core.h | 19 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 6 +- libcrux-ml-kem/c/libcrux_sha3.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 24 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 6 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 6 +- 35 files changed, 598 insertions(+), 126 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index a72178364..f79efab29 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e -Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 -F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 +Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 +F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 +Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index c77aae282..433ea7b1e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __internal_libcrux_core_H @@ -148,7 +148,7 @@ void libcrux_ml_kem_utils_into_padded_array___33size_t(Eurydice_slice slice, typedef struct core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; + core_result_Result_____core_fmt_Error_tags tag; union { uint8_t case_Ok[32U]; core_array_TryFromSliceError case_Err; @@ -174,7 +174,7 @@ void libcrux_ml_kem_utils_into_padded_array___64size_t(Eurydice_slice slice, typedef struct core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; + core_result_Result_____core_fmt_Error_tags tag; union { uint8_t case_Ok[24U]; core_array_TryFromSliceError case_Err; @@ -187,7 +187,7 @@ void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_arr typedef struct core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; + core_result_Result_____core_fmt_Error_tags tag; union { uint8_t case_Ok[20U]; core_array_TryFromSliceError case_Err; @@ -200,7 +200,7 @@ void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_arr typedef struct core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; + core_result_Result_____core_fmt_Error_tags tag; union { uint8_t case_Ok[10U]; core_array_TryFromSliceError case_Err; @@ -213,7 +213,7 @@ void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_arr typedef struct core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; + core_result_Result_____core_fmt_Error_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index c371152b4..5fef96b9e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index f3232a839..96a60dd37 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 023065b3a..29b55c12e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index fd181e042..81c8d930f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __internal_libcrux_sha3_internal_H @@ -218,6 +218,479 @@ libcrux_sha3_portable_incremental_shake256_squeeze_next_block( s, buf); } +typedef struct + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t_s { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t inner; + uint8_t buf[1U][136U]; + size_t buf_len; + bool sponge; +} libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t; + +typedef libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + libcrux_sha3_portable_incremental_Xof____136size_t; + +static inline size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__fill_buffer__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *self, + Eurydice_slice inputs[1U]) { + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + size_t consumed = (size_t)0U; + if (self->buf_len > (size_t)0U) { + if (self->buf_len + input_len >= (size_t)136U) { + consumed = (size_t)136U - self->buf_len; + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)136U, self->buf[i], self->buf_len, uint8_t, size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice_to(inputs[i], consumed, uint8_t, size_t, + Eurydice_slice), + uint8_t, void *); + } + self->buf_len = self->buf_len + consumed; + } + } + return consumed; +} + +static inline Eurydice_slice +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full_closure__uint64_t_1size_t_136size_t( + uint8_t (**state)[136U], size_t i) { + return Eurydice_array_to_slice((size_t)136U, state[0U][i], uint8_t, + Eurydice_slice); +} + +static inline size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_consumed = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__fill_buffer__uint64_t_1size_t_136size_t( + uu____0, uu____1); + if (input_consumed > (size_t)0U) { + Eurydice_slice borrowed[1U]; + { + borrowed[0U] = Eurydice_array_to_slice((size_t)136U, self->buf[0U], + uint8_t, Eurydice_slice); + } + uint64_t(*uu____2)[5U] = self->inner.st; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___136size_t( + uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + self->buf_len = (size_t)0U; + } + size_t input_to_consume = + core_slice___Slice_T___len(inputs[0U], uint8_t, size_t) - input_consumed; + size_t num_blocks = input_to_consume / (size_t)136U; + size_t remainder = input_to_consume % (size_t)136U; + for (size_t i = (size_t)0U; i < num_blocks; i++) { + size_t i0 = i; + uint64_t(*uu____4)[5U] = self->inner.st; + Eurydice_slice uu____5[1U]; + memcpy(uu____5, inputs, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( + uu____5, input_consumed + i0 * (size_t)136U, (size_t)136U, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___136size_t( + uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + } + return remainder; +} + +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full__uint64_t_1size_t_136size_t( + uu____0, uu____1); + if (input_remainder_len > (size_t)0U) { + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + { + size_t i = (size_t)0U; + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)136U, self->buf[i], + (CLITERAL(core_ops_range_Range__size_t){ + .start = self->buf_len, + .end = self->buf_len + input_remainder_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice_from(inputs[i], + input_len - input_remainder_len, uint8_t, + size_t, Eurydice_slice), + uint8_t, void *); + } + self->buf_len = self->buf_len + input_remainder_len; + } +} + +static inline void +libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136__usize___absorb( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *self, + Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb__uint64_t_1size_t_136size_t( + self, buf); +} + +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_final__uint64_t_1size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full__uint64_t_1size_t_136size_t( + uu____0, uu____1); + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + { + size_t i = (size_t)0U; + if (self->buf_len > (size_t)0U) { + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = self->buf_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)136U, self->buf[i], + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = self->buf_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } + if (input_remainder_len > (size_t)0U) { + Eurydice_slice uu____3 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + (CLITERAL(core_ops_range_Range__size_t){ + .start = self->buf_len, + .end = self->buf_len + input_remainder_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice_from(inputs[i], + input_len - input_remainder_len, uint8_t, + size_t, Eurydice_slice), + uint8_t, void *); + } + blocks[i][self->buf_len + input_remainder_len] = 31U; + size_t uu____4 = i; + size_t uu____5 = (size_t)136U - (size_t)1U; + blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U; + } + uint64_t(*uu____6)[5U] = self->inner.st; + uint8_t uu____7[1U][200U]; + memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); +} + +static inline void +libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136__usize___absorb_final( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *self, + Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_final__uint64_t_1size_t_136size_t_31uint8_t( + self, buf); +} + +static inline void +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__zero_block__uint64_t_1size_t_136size_t( + uint8_t ret[136U]) { + ret[0U] = 0U; + ret[1U] = 0U; + ret[2U] = 0U; + ret[3U] = 0U; + ret[4U] = 0U; + ret[5U] = 0U; + ret[6U] = 0U; + ret[7U] = 0U; + ret[8U] = 0U; + ret[9U] = 0U; + ret[10U] = 0U; + ret[11U] = 0U; + ret[12U] = 0U; + ret[13U] = 0U; + ret[14U] = 0U; + ret[15U] = 0U; + ret[16U] = 0U; + ret[17U] = 0U; + ret[18U] = 0U; + ret[19U] = 0U; + ret[20U] = 0U; + ret[21U] = 0U; + ret[22U] = 0U; + ret[23U] = 0U; + ret[24U] = 0U; + ret[25U] = 0U; + ret[26U] = 0U; + ret[27U] = 0U; + ret[28U] = 0U; + ret[29U] = 0U; + ret[30U] = 0U; + ret[31U] = 0U; + ret[32U] = 0U; + ret[33U] = 0U; + ret[34U] = 0U; + ret[35U] = 0U; + ret[36U] = 0U; + ret[37U] = 0U; + ret[38U] = 0U; + ret[39U] = 0U; + ret[40U] = 0U; + ret[41U] = 0U; + ret[42U] = 0U; + ret[43U] = 0U; + ret[44U] = 0U; + ret[45U] = 0U; + ret[46U] = 0U; + ret[47U] = 0U; + ret[48U] = 0U; + ret[49U] = 0U; + ret[50U] = 0U; + ret[51U] = 0U; + ret[52U] = 0U; + ret[53U] = 0U; + ret[54U] = 0U; + ret[55U] = 0U; + ret[56U] = 0U; + ret[57U] = 0U; + ret[58U] = 0U; + ret[59U] = 0U; + ret[60U] = 0U; + ret[61U] = 0U; + ret[62U] = 0U; + ret[63U] = 0U; + ret[64U] = 0U; + ret[65U] = 0U; + ret[66U] = 0U; + ret[67U] = 0U; + ret[68U] = 0U; + ret[69U] = 0U; + ret[70U] = 0U; + ret[71U] = 0U; + ret[72U] = 0U; + ret[73U] = 0U; + ret[74U] = 0U; + ret[75U] = 0U; + ret[76U] = 0U; + ret[77U] = 0U; + ret[78U] = 0U; + ret[79U] = 0U; + ret[80U] = 0U; + ret[81U] = 0U; + ret[82U] = 0U; + ret[83U] = 0U; + ret[84U] = 0U; + ret[85U] = 0U; + ret[86U] = 0U; + ret[87U] = 0U; + ret[88U] = 0U; + ret[89U] = 0U; + ret[90U] = 0U; + ret[91U] = 0U; + ret[92U] = 0U; + ret[93U] = 0U; + ret[94U] = 0U; + ret[95U] = 0U; + ret[96U] = 0U; + ret[97U] = 0U; + ret[98U] = 0U; + ret[99U] = 0U; + ret[100U] = 0U; + ret[101U] = 0U; + ret[102U] = 0U; + ret[103U] = 0U; + ret[104U] = 0U; + ret[105U] = 0U; + ret[106U] = 0U; + ret[107U] = 0U; + ret[108U] = 0U; + ret[109U] = 0U; + ret[110U] = 0U; + ret[111U] = 0U; + ret[112U] = 0U; + ret[113U] = 0U; + ret[114U] = 0U; + ret[115U] = 0U; + ret[116U] = 0U; + ret[117U] = 0U; + ret[118U] = 0U; + ret[119U] = 0U; + ret[120U] = 0U; + ret[121U] = 0U; + ret[122U] = 0U; + ret[123U] = 0U; + ret[124U] = 0U; + ret[125U] = 0U; + ret[126U] = 0U; + ret[127U] = 0U; + ret[128U] = 0U; + ret[129U] = 0U; + ret[130U] = 0U; + ret[131U] = 0U; + ret[132U] = 0U; + ret[133U] = 0U; + ret[134U] = 0U; + ret[135U] = 0U; +} + +static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__new__uint64_t_1size_t_136size_t( + void) { + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t lit; + lit.inner = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + uint8_t ret[136U]; + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__zero_block__uint64_t_1size_t_136size_t( + ret); + memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); + lit.buf_len = (size_t)0U; + lit.sponge = false; + return lit; +} + +static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t +libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136__usize___new( + void) { + return libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__new__uint64_t_1size_t_136size_t(); +} + +static KRML_MUSTINLINE void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___136size_t( + uint64_t (*state)[5U], Eurydice_slice out[1U]) { + size_t num_full_blocks = + core_slice___Slice_T___len(out[0U], uint8_t, size_t) / (size_t)8U; + size_t last_block_len = + core_slice___Slice_T___len(out[0U], uint8_t, size_t) % (size_t)8U; + for (size_t i = (size_t)0U; i < num_full_blocks; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, .end = i0 * (size_t)8U + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } + if (last_block_len != (size_t)0U) { + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = num_full_blocks * (size_t)8U, + .end = num_full_blocks * (size_t)8U + last_block_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes( + state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice( + (size_t)8U, ret, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_block_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__squeeze__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *self, + Eurydice_slice out[1U]) { + if (self->sponge) { + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + } + size_t out_len = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = out_len / (size_t)136U; + size_t last = out_len - out_len % (size_t)136U; + size_t mid; + if ((size_t)136U >= out_len) { + mid = out_len; + } else { + mid = (size_t)136U; + } + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, mid); + Eurydice_slice out00[1U]; + memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice out_rest[1U]; + memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___136size_t( + self->inner.st, out00); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( + out_rest, (size_t)136U); + Eurydice_slice out0[1U]; + memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice tmp[1U]; + memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___136size_t( + self->inner.st, out0); + memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < out_len) { + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___136size_t( + self->inner.st, out_rest); + } + self->sponge = true; +} + +static inline void +libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136__usize___squeeze( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *self, + Eurydice_slice out) { + Eurydice_slice buf[1U] = {out}; + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__squeeze__uint64_t_1size_t_136size_t( + self, buf); +} + static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState___clone( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self) { diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 6bb58f90b..81577d43c 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index f4b396162..e781a69cd 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __libcrux_core_H @@ -25,6 +25,11 @@ typedef struct core_ops_range_Range__size_t_s { size_t end; } core_ops_range_Range__size_t; +#define core_result_Ok 0 +#define core_result_Err 1 + +typedef uint8_t core_result_Result_____core_fmt_Error_tags; + #define core_option_None 0 #define core_option_Some 1 @@ -126,15 +131,9 @@ typedef struct uint8_t snd[32U]; } K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_; -#define core_result_Ok 0 -#define core_result_Err 1 - -typedef uint8_t - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags; - typedef struct core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; + core_result_Result_____core_fmt_Error_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index a1f5bf127..1ba21c085 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 3733a14a5..11a749de9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 01bae879a..9910d33ab 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 063241607..74939d93a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 9f7b59e85..245d9d44f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 64e7238ae..719e0568e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 6cce0f7b0..67f4744ba 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 004b2ec9b..c5ec890c3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index d31a66da5..d0743ccb3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 574d0b3d9..eb259896c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 892ab3e7b..5afa0f1bd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index d8dbf59d1..cb1841657 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index aa91b7422..0e1df0677 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index a876d9002..94b2cd699 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 0389c5ab6..89a1bdcbb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index f05126f3d..e8575136a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #include "internal/libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 407733c54..16a3ca1a8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 8bf52f752..f492bfca0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 7d40c655e..e4ca735e9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 3337dccf9..1390022e8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 863de1804..c1423ea92 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 07cd81311..121ea5951 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 7b1f50592..8d7e3f8fa 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 6f01a38da..0f4c534ca 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 0f232a05a..0fb004725 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __libcrux_sha3_internal_H @@ -1076,6 +1076,15 @@ libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( s->st, out); } +static KRML_MUSTINLINE void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___136size_t( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, uu____1); +} + static KRML_MUSTINLINE void libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___168size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { @@ -1812,15 +1821,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( uu____0, out); } -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___136size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, uu____1); -} - static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 104e66d0a..4ef0d3e20 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index c77eae430..1cc2ac54d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 */ #ifndef __libcrux_sha3_neon_H From 311466858468504a1c6f5510661dc1f0adc332ba Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Thu, 1 Aug 2024 09:35:09 +0200 Subject: [PATCH 025/172] cargo fmt --- libcrux-sha3/src/generic_keccak.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-sha3/src/generic_keccak.rs b/libcrux-sha3/src/generic_keccak.rs index e55d88a25..188ca0498 100644 --- a/libcrux-sha3/src/generic_keccak.rs +++ b/libcrux-sha3/src/generic_keccak.rs @@ -209,7 +209,7 @@ impl= out_len {out_len} else {RATE}; + let mid = if RATE >= out_len { out_len } else { RATE }; let (out0, mut out_rest) = STATE::split_at_mut_n(out, mid); STATE::store::(&self.inner.st, out0); From 747aec4da63c6c77031776b2da4c3282e1c7cc35 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Thu, 1 Aug 2024 09:44:17 +0200 Subject: [PATCH 026/172] Update header-only C --- libcrux-ml-kem/cg/code_gen.txt | 6 +- libcrux-ml-kem/cg/libcrux_core.h | 29 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 6 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 6 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 6 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 6 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 479 +++++++++++++++++- 7 files changed, 505 insertions(+), 33 deletions(-) diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index a72178364..44d3500e7 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e -Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 -F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 +Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 +F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 +Libcrux: 311466858468504a1c6f5510661dc1f0adc332ba diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 637f11502..2c5c9ca55 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 311466858468504a1c6f5510661dc1f0adc332ba */ #ifndef __libcrux_core_H @@ -25,6 +25,11 @@ typedef struct core_ops_range_Range__size_t_s { size_t end; } core_ops_range_Range__size_t; +#define core_result_Ok 0 +#define core_result_Err 1 + +typedef uint8_t core_result_Result_____core_fmt_Error_tags; + #define core_option_None 0 #define core_option_Some 1 @@ -68,15 +73,9 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t snd[1184U]; } libcrux_ml_kem_utils_extraction_helper_Keypair768; -#define core_result_Ok 0 -#define core_result_Err 1 - -typedef uint8_t - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags; - typedef struct core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + core_result_Result_____core_fmt_Error_tags tag; union { uint8_t case_Ok[24U]; core_array_TryFromSliceError case_Err; @@ -100,7 +99,7 @@ core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_Tr typedef struct core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + core_result_Result_____core_fmt_Error_tags tag; union { uint8_t case_Ok[20U]; core_array_TryFromSliceError case_Err; @@ -124,7 +123,7 @@ core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_Tr typedef struct core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + core_result_Result_____core_fmt_Error_tags tag; union { uint8_t case_Ok[10U]; core_array_TryFromSliceError case_Err; @@ -242,7 +241,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array___33size_t( typedef struct core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + core_result_Result_____core_fmt_Error_tags tag; union { uint8_t case_Ok[32U]; core_array_TryFromSliceError case_Err; @@ -318,7 +317,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array___64size_t( typedef struct core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + core_result_Result_____core_fmt_Error_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; @@ -342,7 +341,7 @@ core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_Tr typedef struct core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + core_result_Result_____core_fmt_Error_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 3914e7c0f..eae6906cf 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 311466858468504a1c6f5510661dc1f0adc332ba */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index dd97489cc..48895f545 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 311466858468504a1c6f5510661dc1f0adc332ba */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index bc4393b76..3342416a6 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 311466858468504a1c6f5510661dc1f0adc332ba */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 013b1ab7d..e0c5a4a99 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 311466858468504a1c6f5510661dc1f0adc332ba */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 8d8cf28c8..bdf013a34 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -6,9 +6,9 @@ * This code was generated with the following revisions: * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: 1ed8ba551e8c65fdbad1bb7833bd7837be0d89b9 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: ad4ce19c3a5be12e25aefc8fa206b0d6335f2b81 + * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 311466858468504a1c6f5510661dc1f0adc332ba */ #ifndef __libcrux_sha3_portable_H @@ -2762,6 +2762,479 @@ libcrux_sha3_portable_incremental_shake256_squeeze_next_block( s, buf); } +typedef struct + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t_s { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t inner; + uint8_t buf[1U][136U]; + size_t buf_len; + bool sponge; +} libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t; + +typedef libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + libcrux_sha3_portable_incremental_Xof____136size_t; + +static inline size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__fill_buffer__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *self, + Eurydice_slice inputs[1U]) { + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + size_t consumed = (size_t)0U; + if (self->buf_len > (size_t)0U) { + if (self->buf_len + input_len >= (size_t)136U) { + consumed = (size_t)136U - self->buf_len; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)136U, self->buf[i0], self->buf_len, uint8_t, size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t, + Eurydice_slice), + uint8_t, void *); + } + self->buf_len = self->buf_len + consumed; + } + } + return consumed; +} + +static inline Eurydice_slice +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full_closure__uint64_t_1size_t_136size_t( + uint8_t (**state)[136U], size_t i) { + return Eurydice_array_to_slice((size_t)136U, state[0U][i], uint8_t, + Eurydice_slice); +} + +static inline size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_consumed = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__fill_buffer__uint64_t_1size_t_136size_t( + uu____0, uu____1); + if (input_consumed > (size_t)0U) { + Eurydice_slice borrowed[1U]; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + borrowed[i] = Eurydice_array_to_slice((size_t)136U, self->buf[i], uint8_t, + Eurydice_slice); + } + uint64_t(*uu____2)[5U] = self->inner.st; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___136size_t( + uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + self->buf_len = (size_t)0U; + } + size_t input_to_consume = + core_slice___Slice_T___len(inputs[0U], uint8_t, size_t) - input_consumed; + size_t num_blocks = input_to_consume / (size_t)136U; + size_t remainder = input_to_consume % (size_t)136U; + for (size_t i = (size_t)0U; i < num_blocks; i++) { + size_t i0 = i; + uint64_t(*uu____4)[5U] = self->inner.st; + Eurydice_slice uu____5[1U]; + memcpy(uu____5, inputs, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( + uu____5, input_consumed + i0 * (size_t)136U, (size_t)136U, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___136size_t( + uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + } + return remainder; +} + +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full__uint64_t_1size_t_136size_t( + uu____0, uu____1); + if (input_remainder_len > (size_t)0U) { + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)136U, self->buf[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = self->buf_len, + .end = self->buf_len + input_remainder_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice_from(inputs[i0], + input_len - input_remainder_len, uint8_t, + size_t, Eurydice_slice), + uint8_t, void *); + } + self->buf_len = self->buf_len + input_remainder_len; + } +} + +static inline void +libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136__usize___absorb( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *self, + Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb__uint64_t_1size_t_136size_t( + self, buf); +} + +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_final__uint64_t_1size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full__uint64_t_1size_t_136size_t( + uu____0, uu____1); + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + if (self->buf_len > (size_t)0U) { + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = self->buf_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)136U, self->buf[i0], + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = self->buf_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } + if (input_remainder_len > (size_t)0U) { + Eurydice_slice uu____3 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = self->buf_len, + .end = self->buf_len + input_remainder_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice_from(inputs[i0], + input_len - input_remainder_len, uint8_t, + size_t, Eurydice_slice), + uint8_t, void *); + } + blocks[i0][self->buf_len + input_remainder_len] = 31U; + size_t uu____4 = i0; + size_t uu____5 = (size_t)136U - (size_t)1U; + blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U; + } + uint64_t(*uu____6)[5U] = self->inner.st; + uint8_t uu____7[1U][200U]; + memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); +} + +static inline void +libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136__usize___absorb_final( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *self, + Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_final__uint64_t_1size_t_136size_t_31uint8_t( + self, buf); +} + +static inline void +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__zero_block__uint64_t_1size_t_136size_t( + uint8_t ret[136U]) { + ret[0U] = 0U; + ret[1U] = 0U; + ret[2U] = 0U; + ret[3U] = 0U; + ret[4U] = 0U; + ret[5U] = 0U; + ret[6U] = 0U; + ret[7U] = 0U; + ret[8U] = 0U; + ret[9U] = 0U; + ret[10U] = 0U; + ret[11U] = 0U; + ret[12U] = 0U; + ret[13U] = 0U; + ret[14U] = 0U; + ret[15U] = 0U; + ret[16U] = 0U; + ret[17U] = 0U; + ret[18U] = 0U; + ret[19U] = 0U; + ret[20U] = 0U; + ret[21U] = 0U; + ret[22U] = 0U; + ret[23U] = 0U; + ret[24U] = 0U; + ret[25U] = 0U; + ret[26U] = 0U; + ret[27U] = 0U; + ret[28U] = 0U; + ret[29U] = 0U; + ret[30U] = 0U; + ret[31U] = 0U; + ret[32U] = 0U; + ret[33U] = 0U; + ret[34U] = 0U; + ret[35U] = 0U; + ret[36U] = 0U; + ret[37U] = 0U; + ret[38U] = 0U; + ret[39U] = 0U; + ret[40U] = 0U; + ret[41U] = 0U; + ret[42U] = 0U; + ret[43U] = 0U; + ret[44U] = 0U; + ret[45U] = 0U; + ret[46U] = 0U; + ret[47U] = 0U; + ret[48U] = 0U; + ret[49U] = 0U; + ret[50U] = 0U; + ret[51U] = 0U; + ret[52U] = 0U; + ret[53U] = 0U; + ret[54U] = 0U; + ret[55U] = 0U; + ret[56U] = 0U; + ret[57U] = 0U; + ret[58U] = 0U; + ret[59U] = 0U; + ret[60U] = 0U; + ret[61U] = 0U; + ret[62U] = 0U; + ret[63U] = 0U; + ret[64U] = 0U; + ret[65U] = 0U; + ret[66U] = 0U; + ret[67U] = 0U; + ret[68U] = 0U; + ret[69U] = 0U; + ret[70U] = 0U; + ret[71U] = 0U; + ret[72U] = 0U; + ret[73U] = 0U; + ret[74U] = 0U; + ret[75U] = 0U; + ret[76U] = 0U; + ret[77U] = 0U; + ret[78U] = 0U; + ret[79U] = 0U; + ret[80U] = 0U; + ret[81U] = 0U; + ret[82U] = 0U; + ret[83U] = 0U; + ret[84U] = 0U; + ret[85U] = 0U; + ret[86U] = 0U; + ret[87U] = 0U; + ret[88U] = 0U; + ret[89U] = 0U; + ret[90U] = 0U; + ret[91U] = 0U; + ret[92U] = 0U; + ret[93U] = 0U; + ret[94U] = 0U; + ret[95U] = 0U; + ret[96U] = 0U; + ret[97U] = 0U; + ret[98U] = 0U; + ret[99U] = 0U; + ret[100U] = 0U; + ret[101U] = 0U; + ret[102U] = 0U; + ret[103U] = 0U; + ret[104U] = 0U; + ret[105U] = 0U; + ret[106U] = 0U; + ret[107U] = 0U; + ret[108U] = 0U; + ret[109U] = 0U; + ret[110U] = 0U; + ret[111U] = 0U; + ret[112U] = 0U; + ret[113U] = 0U; + ret[114U] = 0U; + ret[115U] = 0U; + ret[116U] = 0U; + ret[117U] = 0U; + ret[118U] = 0U; + ret[119U] = 0U; + ret[120U] = 0U; + ret[121U] = 0U; + ret[122U] = 0U; + ret[123U] = 0U; + ret[124U] = 0U; + ret[125U] = 0U; + ret[126U] = 0U; + ret[127U] = 0U; + ret[128U] = 0U; + ret[129U] = 0U; + ret[130U] = 0U; + ret[131U] = 0U; + ret[132U] = 0U; + ret[133U] = 0U; + ret[134U] = 0U; + ret[135U] = 0U; +} + +static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__new__uint64_t_1size_t_136size_t( + void) { + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t lit; + lit.inner = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + uint8_t ret[136U]; + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__zero_block__uint64_t_1size_t_136size_t( + ret); + memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); + lit.buf_len = (size_t)0U; + lit.sponge = false; + return lit; +} + +static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t +libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136__usize___new( + void) { + return libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__new__uint64_t_1size_t_136size_t(); +} + +static KRML_MUSTINLINE void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___136size_t( + uint64_t (*state)[5U], Eurydice_slice out[1U]) { + size_t num_full_blocks = + core_slice___Slice_T___len(out[0U], uint8_t, size_t) / (size_t)8U; + size_t last_block_len = + core_slice___Slice_T___len(out[0U], uint8_t, size_t) % (size_t)8U; + for (size_t i = (size_t)0U; i < num_full_blocks; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, .end = i0 * (size_t)8U + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } + if (last_block_len != (size_t)0U) { + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = num_full_blocks * (size_t)8U, + .end = num_full_blocks * (size_t)8U + last_block_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes( + state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice( + (size_t)8U, ret, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_block_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__squeeze__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *self, + Eurydice_slice out[1U]) { + if (self->sponge) { + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + } + size_t out_len = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = out_len / (size_t)136U; + size_t last = out_len - out_len % (size_t)136U; + size_t mid; + if ((size_t)136U >= out_len) { + mid = out_len; + } else { + mid = (size_t)136U; + } + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, mid); + Eurydice_slice out00[1U]; + memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice out_rest[1U]; + memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___136size_t( + self->inner.st, out00); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( + out_rest, (size_t)136U); + Eurydice_slice out0[1U]; + memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice tmp[1U]; + memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___136size_t( + self->inner.st, out0); + memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < out_len) { + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___136size_t( + self->inner.st, out_rest); + } + self->sponge = true; +} + +static inline void +libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136__usize___squeeze( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + *self, + Eurydice_slice out) { + Eurydice_slice buf[1U] = {out}; + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__squeeze__uint64_t_1size_t_136size_t( + self, buf); +} + static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState___clone( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self) { From 4e595b9f4a93b38ae7d40d2f8222a3f6f151b70b Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Thu, 1 Aug 2024 14:25:00 +0200 Subject: [PATCH 027/172] Distinguish between Absorb and Squeeze states in XOF API --- libcrux-ml-dsa/src/ml_dsa_generic.rs | 20 ++++++++++---------- libcrux-sha3/src/lib.rs | 19 ++++++++++++++----- 2 files changed, 24 insertions(+), 15 deletions(-) diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs index 99644a6bf..62556f129 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs @@ -148,19 +148,19 @@ pub(crate) fn sign< let mut message_representative = [0; MESSAGE_REPRESENTATIVE_SIZE]; { - let mut shake = incremental::Xof::new(); + let mut shake = incremental::XofAbsorb::new(); shake.absorb(&verification_key_hash); - shake.absorb_final(message); + let mut shake = shake.absorb_final(message); shake.squeeze(&mut message_representative); } let mut mask_seed = [0; MASK_SEED_SIZE]; { - let mut shake = incremental::Xof::new(); + let mut shake = incremental::XofAbsorb::new(); shake.absorb(&seed_for_signing); shake.absorb(&randomness); - shake.absorb_final(&message_representative); + let mut shake = shake.absorb_final(&message_representative); shake.squeeze(&mut mask_seed); } @@ -204,9 +204,9 @@ pub(crate) fn sign< COMMITMENT_VECTOR_SIZE, >(commitment); - let mut shake = incremental::Xof::new(); + let mut shake = incremental::XofAbsorb::new(); shake.absorb(&message_representative); - shake.absorb_final(&commitment_serialized); + let mut shake = shake.absorb_final(&commitment_serialized); shake.squeeze(&mut commitment_hash); } @@ -332,9 +332,9 @@ pub(crate) fn verify< ); let mut message_representative = [0; MESSAGE_REPRESENTATIVE_SIZE]; { - let mut shake = incremental::Xof::new(); + let mut shake = incremental::XofAbsorb::new(); shake.absorb(&verification_key_hash); - shake.absorb_final(&message); + let mut shake = shake.absorb_final(&message); shake.squeeze(&mut message_representative); }; @@ -366,9 +366,9 @@ pub(crate) fn verify< COMMITMENT_VECTOR_SIZE, >(commitment); - let mut shake = incremental::Xof::new(); + let mut shake = incremental::XofAbsorb::new(); shake.absorb(&message_representative); - shake.absorb_final(&commitment_serialized); + let mut shake = shake.absorb_final(&commitment_serialized); shake.squeeze(&mut commitment_hash); } diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index 0ac4c5feb..fcd7d945e 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -265,13 +265,18 @@ pub mod portable { use super::*; - /// Incremental Xof state - pub struct Xof { + /// Incremental XOF absorb state + pub struct XofAbsorb { state: KeccakXofState<1, RATE, u64>, } - /// Shake256 - impl Xof<136> { + /// Incremental XOF squeeze state + pub struct XofSqueeze { + state: KeccakXofState<1, RATE, u64>, + } + + /// Shake256 XOF in absorb state + impl XofAbsorb<136> { /// Shake256 new state pub fn new() -> Self { Self { @@ -285,10 +290,14 @@ pub mod portable { } /// Shake256 absorb final - pub fn absorb_final(&mut self, input: &[u8]) { + pub fn absorb_final(mut self, input: &[u8]) -> XofSqueeze<136> { self.state.absorb_final::<0x1fu8>([input]); + XofSqueeze { state: self.state } } + } + /// Shake256 XOF in squeeze state + impl XofSqueeze<136> { /// Shake256 squeeze pub fn squeeze(&mut self, out: &mut [u8]) { self.state.squeeze([out]); From 7dedcf069e900a1ac5c5a47e8fbc39c6b8cbe804 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Thu, 1 Aug 2024 14:42:04 +0200 Subject: [PATCH 028/172] Type aliases for incremental SHAKE128/256 --- libcrux-sha3/src/lib.rs | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index fcd7d945e..8404c887b 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -264,6 +264,14 @@ pub mod portable { }; use super::*; + /// Shake256 XOF in absorb state + pub type Shake256Absorb = XofAbsorb<136>; + /// Shake256 XOF in squeeze state + pub type Shake256Squeeze = XofSqueeze<136>; + /// Shake128 XOF in absorb state + pub type Shake128Absorb = XofAbsorb<168>; + /// Shake128 XOF in squeeze state + pub type Shake128Squeeze = XofSqueeze<168>; /// Incremental XOF absorb state pub struct XofAbsorb { @@ -275,6 +283,35 @@ pub mod portable { state: KeccakXofState<1, RATE, u64>, } + /// Shake128 XOF in absorb state + impl XofAbsorb<168> { + /// Shake128 new state + pub fn new() -> Self { + Self { + state: KeccakXofState::<1, 168, u64>::new(), + } + } + + /// Shake128 absorb + pub fn absorb(&mut self, input: &[u8]) { + self.state.absorb([input]); + } + + /// Shake128 absorb final + pub fn absorb_final(mut self, input: &[u8]) -> XofSqueeze<168> { + self.state.absorb_final::<0x1fu8>([input]); + XofSqueeze { state: self.state } + } + } + + /// Shake128 XOF in squeeze state + impl XofSqueeze<168> { + /// Shake128 squeeze + pub fn squeeze(&mut self, out: &mut [u8]) { + self.state.squeeze([out]); + } + } + /// Shake256 XOF in absorb state impl XofAbsorb<136> { /// Shake256 new state From b2314d1e996ac7a4fbda72210b4aabbd915d282a Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Thu, 1 Aug 2024 15:28:02 +0200 Subject: [PATCH 029/172] Offer SHAKE128/256 as implementations of sealed XOF traits --- libcrux-ml-dsa/src/ml_dsa_generic.rs | 12 ++-- libcrux-sha3/src/lib.rs | 88 ++++++++++++++++++---------- 2 files changed, 62 insertions(+), 38 deletions(-) diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs index 62556f129..79410a18b 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs @@ -1,4 +1,4 @@ -use libcrux_sha3::portable::incremental; +use libcrux_sha3::portable::incremental::{Shake256Absorb, XofAbsorb, XofSqueeze}; use crate::{ arithmetic::{ @@ -148,7 +148,7 @@ pub(crate) fn sign< let mut message_representative = [0; MESSAGE_REPRESENTATIVE_SIZE]; { - let mut shake = incremental::XofAbsorb::new(); + let mut shake = Shake256Absorb::new(); shake.absorb(&verification_key_hash); let mut shake = shake.absorb_final(message); @@ -157,7 +157,7 @@ pub(crate) fn sign< let mut mask_seed = [0; MASK_SEED_SIZE]; { - let mut shake = incremental::XofAbsorb::new(); + let mut shake = Shake256Absorb::new(); shake.absorb(&seed_for_signing); shake.absorb(&randomness); let mut shake = shake.absorb_final(&message_representative); @@ -204,7 +204,7 @@ pub(crate) fn sign< COMMITMENT_VECTOR_SIZE, >(commitment); - let mut shake = incremental::XofAbsorb::new(); + let mut shake = Shake256Absorb::new(); shake.absorb(&message_representative); let mut shake = shake.absorb_final(&commitment_serialized); @@ -332,7 +332,7 @@ pub(crate) fn verify< ); let mut message_representative = [0; MESSAGE_REPRESENTATIVE_SIZE]; { - let mut shake = incremental::XofAbsorb::new(); + let mut shake = Shake256Absorb::new(); shake.absorb(&verification_key_hash); let mut shake = shake.absorb_final(&message); @@ -366,7 +366,7 @@ pub(crate) fn verify< COMMITMENT_VECTOR_SIZE, >(commitment); - let mut shake = incremental::XofAbsorb::new(); + let mut shake = Shake256Absorb::new(); shake.absorb(&message_representative); let mut shake = shake.absorb_final(&commitment_serialized); diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index 8404c887b..b1a39283d 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -262,81 +262,105 @@ pub mod portable { absorb_final, squeeze_first_block, squeeze_first_five_blocks, squeeze_first_three_blocks, squeeze_next_block, KeccakXofState, }; + mod private { + pub trait Sealed {} + impl Sealed for super::Shake128Absorb {} + impl Sealed for super::Shake128Squeeze {} + impl Sealed for super::Shake256Absorb {} + impl Sealed for super::Shake256Squeeze {} + } use super::*; - /// Shake256 XOF in absorb state - pub type Shake256Absorb = XofAbsorb<136>; - /// Shake256 XOF in squeeze state - pub type Shake256Squeeze = XofSqueeze<136>; - /// Shake128 XOF in absorb state - pub type Shake128Absorb = XofAbsorb<168>; - /// Shake128 XOF in squeeze state - pub type Shake128Squeeze = XofSqueeze<168>; - /// Incremental XOF absorb state - pub struct XofAbsorb { - state: KeccakXofState<1, RATE, u64>, + /// SHAKE128 in absorb state + pub struct Shake128Absorb { + state: KeccakXofState<1, 168, u64>, + } + /// SHAKE128 in squeeze state + pub struct Shake128Squeeze { + state: KeccakXofState<1, 168, u64>, + } + /// SHAKE256 in absorb state + pub struct Shake256Absorb { + state: KeccakXofState<1, 136, u64>, } + /// SHAKE256 in squeeze state + pub struct Shake256Squeeze { + state: KeccakXofState<1, 136, u64>, + } + + /// An XOF in absorb state + pub trait XofAbsorb: private::Sealed { + /// The state after final input absorption + type Squeeze; + + /// Create new absorb state + fn new() -> Self; - /// Incremental XOF squeeze state - pub struct XofSqueeze { - state: KeccakXofState<1, RATE, u64>, + /// Absorb input + fn absorb(&mut self, input: &[u8]); + + /// Absorb final input (may be empty) + fn absorb_final(self, input: &[u8]) -> Self::Squeeze; } - /// Shake128 XOF in absorb state - impl XofAbsorb<168> { - /// Shake128 new state - pub fn new() -> Self { + impl XofAbsorb<168> for Shake128Absorb { + type Squeeze = Shake128Squeeze; + fn new() -> Self { Self { state: KeccakXofState::<1, 168, u64>::new(), } } - /// Shake128 absorb - pub fn absorb(&mut self, input: &[u8]) { + fn absorb(&mut self, input: &[u8]) { self.state.absorb([input]); } - /// Shake128 absorb final - pub fn absorb_final(mut self, input: &[u8]) -> XofSqueeze<168> { + fn absorb_final(mut self, input: &[u8]) -> Shake128Squeeze { self.state.absorb_final::<0x1fu8>([input]); - XofSqueeze { state: self.state } + Shake128Squeeze { state: self.state } } } + /// An XOF in squeeze state + pub trait XofSqueeze: private::Sealed { + /// Squeeze output bytes + fn squeeze(&mut self, out: &mut [u8]); + } /// Shake128 XOF in squeeze state - impl XofSqueeze<168> { + impl XofSqueeze<168> for Shake128Squeeze { /// Shake128 squeeze - pub fn squeeze(&mut self, out: &mut [u8]) { + fn squeeze(&mut self, out: &mut [u8]) { self.state.squeeze([out]); } } /// Shake256 XOF in absorb state - impl XofAbsorb<136> { + impl XofAbsorb<136> for Shake256Absorb { + type Squeeze = Shake256Squeeze; /// Shake256 new state - pub fn new() -> Self { + fn new() -> Self { Self { state: KeccakXofState::<1, 136, u64>::new(), } } /// Shake256 absorb - pub fn absorb(&mut self, input: &[u8]) { + fn absorb(&mut self, input: &[u8]) { self.state.absorb([input]); } /// Shake256 absorb final - pub fn absorb_final(mut self, input: &[u8]) -> XofSqueeze<136> { + fn absorb_final(mut self, input: &[u8]) -> Shake256Squeeze { self.state.absorb_final::<0x1fu8>([input]); - XofSqueeze { state: self.state } + Shake256Squeeze { state: self.state } } } /// Shake256 XOF in squeeze state - impl XofSqueeze<136> { + impl XofSqueeze<136> for Shake256Squeeze { /// Shake256 squeeze - pub fn squeeze(&mut self, out: &mut [u8]) { + fn squeeze(&mut self, out: &mut [u8]) { self.state.squeeze([out]); } } From e7ba6d3df806a306de22bb9d67b05c830b399224 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Thu, 1 Aug 2024 15:39:28 +0200 Subject: [PATCH 030/172] Update C code --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 2 +- .../c/internal/libcrux_mlkem_avx2.h | 2 +- .../c/internal/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 531 +++++++++++++++++- libcrux-ml-kem/c/libcrux_core.c | 2 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 2 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 531 +++++++++++++++++- 42 files changed, 1084 insertions(+), 58 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index f79efab29..fbf832cc3 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 +Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 433ea7b1e..8f0a09f6a 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 5fef96b9e..efa048a16 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 96a60dd37..62b193152 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 29b55c12e..4a6526437 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 81c8d930f..1904ebb3b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __internal_libcrux_sha3_internal_H @@ -227,7 +227,7 @@ typedef struct } libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t; typedef libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t - libcrux_sha3_portable_incremental_Xof____136size_t; + libcrux_sha3_portable_incremental_Shake256Absorb; static inline size_t libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__fill_buffer__uint64_t_1size_t_136size_t( @@ -342,7 +342,7 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ } static inline void -libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136__usize___absorb( +libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofAbsorb_136__usize__for_libcrux_sha3__portable__incremental__Shake256Absorb__2__absorb( libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t *self, Eurydice_slice input) { @@ -351,6 +351,9 @@ libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136_ self, buf); } +typedef libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + libcrux_sha3_portable_incremental_Shake256Squeeze; + static KRML_MUSTINLINE void libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_final__uint64_t_1size_t_136size_t_31uint8_t( libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t @@ -409,14 +412,15 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); } -static inline void -libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136__usize___absorb_final( +static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t +libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofAbsorb_136__usize__for_libcrux_sha3__portable__incremental__Shake256Absorb__2__absorb_final( libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t - *self, + self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_final__uint64_t_1size_t_136size_t_31uint8_t( - self, buf); + &self, buf); + return self; } static inline void @@ -576,11 +580,410 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ } static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t -libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136__usize___new( +libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofAbsorb_136__usize__for_libcrux_sha3__portable__incremental__Shake256Absorb__2__new( void) { return libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__new__uint64_t_1size_t_136size_t(); } +typedef struct + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t_s { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t inner; + uint8_t buf[1U][168U]; + size_t buf_len; + bool sponge; +} libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t; + +typedef libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + libcrux_sha3_portable_incremental_Shake128Absorb; + +static inline size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__fill_buffer__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *self, + Eurydice_slice inputs[1U]) { + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + size_t consumed = (size_t)0U; + if (self->buf_len > (size_t)0U) { + if (self->buf_len + input_len >= (size_t)168U) { + consumed = (size_t)168U - self->buf_len; + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)168U, self->buf[i], self->buf_len, uint8_t, size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice_to(inputs[i], consumed, uint8_t, size_t, + Eurydice_slice), + uint8_t, void *); + } + self->buf_len = self->buf_len + consumed; + } + } + return consumed; +} + +static inline Eurydice_slice +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full_closure__uint64_t_1size_t_168size_t( + uint8_t (**state)[168U], size_t i) { + return Eurydice_array_to_slice((size_t)168U, state[0U][i], uint8_t, + Eurydice_slice); +} + +static inline size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_consumed = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__fill_buffer__uint64_t_1size_t_168size_t( + uu____0, uu____1); + if (input_consumed > (size_t)0U) { + Eurydice_slice borrowed[1U]; + { + borrowed[0U] = Eurydice_array_to_slice((size_t)168U, self->buf[0U], + uint8_t, Eurydice_slice); + } + uint64_t(*uu____2)[5U] = self->inner.st; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___168size_t( + uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + self->buf_len = (size_t)0U; + } + size_t input_to_consume = + core_slice___Slice_T___len(inputs[0U], uint8_t, size_t) - input_consumed; + size_t num_blocks = input_to_consume / (size_t)168U; + size_t remainder = input_to_consume % (size_t)168U; + for (size_t i = (size_t)0U; i < num_blocks; i++) { + size_t i0 = i; + uint64_t(*uu____4)[5U] = self->inner.st; + Eurydice_slice uu____5[1U]; + memcpy(uu____5, inputs, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( + uu____5, input_consumed + i0 * (size_t)168U, (size_t)168U, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___168size_t( + uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + } + return remainder; +} + +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full__uint64_t_1size_t_168size_t( + uu____0, uu____1); + if (input_remainder_len > (size_t)0U) { + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + { + size_t i = (size_t)0U; + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)168U, self->buf[i], + (CLITERAL(core_ops_range_Range__size_t){ + .start = self->buf_len, + .end = self->buf_len + input_remainder_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice_from(inputs[i], + input_len - input_remainder_len, uint8_t, + size_t, Eurydice_slice), + uint8_t, void *); + } + self->buf_len = self->buf_len + input_remainder_len; + } +} + +static inline void +libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofAbsorb_168__usize__for_libcrux_sha3__portable__incremental__Shake128Absorb___absorb( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *self, + Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb__uint64_t_1size_t_168size_t( + self, buf); +} + +typedef libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + libcrux_sha3_portable_incremental_Shake128Squeeze; + +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full__uint64_t_1size_t_168size_t( + uu____0, uu____1); + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + { + size_t i = (size_t)0U; + if (self->buf_len > (size_t)0U) { + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = self->buf_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)168U, self->buf[i], + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = self->buf_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } + if (input_remainder_len > (size_t)0U) { + Eurydice_slice uu____3 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + (CLITERAL(core_ops_range_Range__size_t){ + .start = self->buf_len, + .end = self->buf_len + input_remainder_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice_from(inputs[i], + input_len - input_remainder_len, uint8_t, + size_t, Eurydice_slice), + uint8_t, void *); + } + blocks[i][self->buf_len + input_remainder_len] = 31U; + size_t uu____4 = i; + size_t uu____5 = (size_t)168U - (size_t)1U; + blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U; + } + uint64_t(*uu____6)[5U] = self->inner.st; + uint8_t uu____7[1U][200U]; + memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___168size_t( + uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); +} + +static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t +libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofAbsorb_168__usize__for_libcrux_sha3__portable__incremental__Shake128Absorb___absorb_final( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + self, + Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + &self, buf); + return self; +} + +static inline void +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__zero_block__uint64_t_1size_t_168size_t( + uint8_t ret[168U]) { + ret[0U] = 0U; + ret[1U] = 0U; + ret[2U] = 0U; + ret[3U] = 0U; + ret[4U] = 0U; + ret[5U] = 0U; + ret[6U] = 0U; + ret[7U] = 0U; + ret[8U] = 0U; + ret[9U] = 0U; + ret[10U] = 0U; + ret[11U] = 0U; + ret[12U] = 0U; + ret[13U] = 0U; + ret[14U] = 0U; + ret[15U] = 0U; + ret[16U] = 0U; + ret[17U] = 0U; + ret[18U] = 0U; + ret[19U] = 0U; + ret[20U] = 0U; + ret[21U] = 0U; + ret[22U] = 0U; + ret[23U] = 0U; + ret[24U] = 0U; + ret[25U] = 0U; + ret[26U] = 0U; + ret[27U] = 0U; + ret[28U] = 0U; + ret[29U] = 0U; + ret[30U] = 0U; + ret[31U] = 0U; + ret[32U] = 0U; + ret[33U] = 0U; + ret[34U] = 0U; + ret[35U] = 0U; + ret[36U] = 0U; + ret[37U] = 0U; + ret[38U] = 0U; + ret[39U] = 0U; + ret[40U] = 0U; + ret[41U] = 0U; + ret[42U] = 0U; + ret[43U] = 0U; + ret[44U] = 0U; + ret[45U] = 0U; + ret[46U] = 0U; + ret[47U] = 0U; + ret[48U] = 0U; + ret[49U] = 0U; + ret[50U] = 0U; + ret[51U] = 0U; + ret[52U] = 0U; + ret[53U] = 0U; + ret[54U] = 0U; + ret[55U] = 0U; + ret[56U] = 0U; + ret[57U] = 0U; + ret[58U] = 0U; + ret[59U] = 0U; + ret[60U] = 0U; + ret[61U] = 0U; + ret[62U] = 0U; + ret[63U] = 0U; + ret[64U] = 0U; + ret[65U] = 0U; + ret[66U] = 0U; + ret[67U] = 0U; + ret[68U] = 0U; + ret[69U] = 0U; + ret[70U] = 0U; + ret[71U] = 0U; + ret[72U] = 0U; + ret[73U] = 0U; + ret[74U] = 0U; + ret[75U] = 0U; + ret[76U] = 0U; + ret[77U] = 0U; + ret[78U] = 0U; + ret[79U] = 0U; + ret[80U] = 0U; + ret[81U] = 0U; + ret[82U] = 0U; + ret[83U] = 0U; + ret[84U] = 0U; + ret[85U] = 0U; + ret[86U] = 0U; + ret[87U] = 0U; + ret[88U] = 0U; + ret[89U] = 0U; + ret[90U] = 0U; + ret[91U] = 0U; + ret[92U] = 0U; + ret[93U] = 0U; + ret[94U] = 0U; + ret[95U] = 0U; + ret[96U] = 0U; + ret[97U] = 0U; + ret[98U] = 0U; + ret[99U] = 0U; + ret[100U] = 0U; + ret[101U] = 0U; + ret[102U] = 0U; + ret[103U] = 0U; + ret[104U] = 0U; + ret[105U] = 0U; + ret[106U] = 0U; + ret[107U] = 0U; + ret[108U] = 0U; + ret[109U] = 0U; + ret[110U] = 0U; + ret[111U] = 0U; + ret[112U] = 0U; + ret[113U] = 0U; + ret[114U] = 0U; + ret[115U] = 0U; + ret[116U] = 0U; + ret[117U] = 0U; + ret[118U] = 0U; + ret[119U] = 0U; + ret[120U] = 0U; + ret[121U] = 0U; + ret[122U] = 0U; + ret[123U] = 0U; + ret[124U] = 0U; + ret[125U] = 0U; + ret[126U] = 0U; + ret[127U] = 0U; + ret[128U] = 0U; + ret[129U] = 0U; + ret[130U] = 0U; + ret[131U] = 0U; + ret[132U] = 0U; + ret[133U] = 0U; + ret[134U] = 0U; + ret[135U] = 0U; + ret[136U] = 0U; + ret[137U] = 0U; + ret[138U] = 0U; + ret[139U] = 0U; + ret[140U] = 0U; + ret[141U] = 0U; + ret[142U] = 0U; + ret[143U] = 0U; + ret[144U] = 0U; + ret[145U] = 0U; + ret[146U] = 0U; + ret[147U] = 0U; + ret[148U] = 0U; + ret[149U] = 0U; + ret[150U] = 0U; + ret[151U] = 0U; + ret[152U] = 0U; + ret[153U] = 0U; + ret[154U] = 0U; + ret[155U] = 0U; + ret[156U] = 0U; + ret[157U] = 0U; + ret[158U] = 0U; + ret[159U] = 0U; + ret[160U] = 0U; + ret[161U] = 0U; + ret[162U] = 0U; + ret[163U] = 0U; + ret[164U] = 0U; + ret[165U] = 0U; + ret[166U] = 0U; + ret[167U] = 0U; +} + +static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__new__uint64_t_1size_t_168size_t( + void) { + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t lit; + lit.inner = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + uint8_t ret[168U]; + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__zero_block__uint64_t_1size_t_168size_t( + ret); + memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); + lit.buf_len = (size_t)0U; + lit.sponge = false; + return lit; +} + +static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t +libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofAbsorb_168__usize__for_libcrux_sha3__portable__incremental__Shake128Absorb___new( + void) { + return libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__new__uint64_t_1size_t_168size_t(); +} + static KRML_MUSTINLINE void libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___136size_t( uint64_t (*state)[5U], Eurydice_slice out[1U]) { @@ -682,7 +1085,7 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ } static inline void -libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136__usize___squeeze( +libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofSqueeze_136__usize__for_libcrux_sha3__portable__incremental__Shake256Squeeze__3__squeeze( libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t *self, Eurydice_slice out) { @@ -691,6 +1094,116 @@ libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136_ self, buf); } +static KRML_MUSTINLINE void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___168size_t( + uint64_t (*state)[5U], Eurydice_slice out[1U]) { + size_t num_full_blocks = + core_slice___Slice_T___len(out[0U], uint8_t, size_t) / (size_t)8U; + size_t last_block_len = + core_slice___Slice_T___len(out[0U], uint8_t, size_t) % (size_t)8U; + for (size_t i = (size_t)0U; i < num_full_blocks; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, .end = i0 * (size_t)8U + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } + if (last_block_len != (size_t)0U) { + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = num_full_blocks * (size_t)8U, + .end = num_full_blocks * (size_t)8U + last_block_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes( + state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice( + (size_t)8U, ret, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_block_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__squeeze__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *self, + Eurydice_slice out[1U]) { + if (self->sponge) { + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + } + size_t out_len = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = out_len / (size_t)168U; + size_t last = out_len - out_len % (size_t)168U; + size_t mid; + if ((size_t)168U >= out_len) { + mid = out_len; + } else { + mid = (size_t)168U; + } + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, mid); + Eurydice_slice out00[1U]; + memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice out_rest[1U]; + memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___168size_t( + self->inner.st, out00); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( + out_rest, (size_t)168U); + Eurydice_slice out0[1U]; + memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice tmp[1U]; + memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___168size_t( + self->inner.st, out0); + memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < out_len) { + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___168size_t( + self->inner.st, out_rest); + } + self->sponge = true; +} + +static inline void +libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofSqueeze_168__usize__for_libcrux_sha3__portable__incremental__Shake128Squeeze__1__squeeze( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *self, + Eurydice_slice out) { + Eurydice_slice buf[1U] = {out}; + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__squeeze__uint64_t_1size_t_168size_t( + self, buf); +} + static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState___clone( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self) { diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 81577d43c..79ce21b12 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index e781a69cd..b228b3e0e 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 1ba21c085..0412d94bf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 11a749de9..87057fdd3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 9910d33ab..1d6ee241b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 74939d93a..e88d78c08 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 245d9d44f..3c8ff80c2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 719e0568e..86bab0b26 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 67f4744ba..2e1cbd7ba 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index c5ec890c3..026c05d29 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index d0743ccb3..dab0126e1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index eb259896c..b5688912e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 5afa0f1bd..5091fd800 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index cb1841657..dd0322917 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 0e1df0677..489821114 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 94b2cd699..0453bfcd9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 89a1bdcbb..5d48ad0eb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index e8575136a..7fb9bba52 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #include "internal/libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 16a3ca1a8..8623173c8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index f492bfca0..1e62723ef 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index e4ca735e9..c7034207b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 1390022e8..234a99e31 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index c1423ea92..fba8990ae 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 121ea5951..c77ac22b7 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 8d7e3f8fa..be90fe0e9 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 0f4c534ca..8d820e7be 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 0fb004725..e38ae09e2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 4ef0d3e20..3488409fe 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 1cc2ac54d..f76cd9bda 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 3339f719293e3d7a5747f6f6c8fecf56f308e0b6 + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 44d3500e7..fbf832cc3 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 311466858468504a1c6f5510661dc1f0adc332ba +Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 2c5c9ca55..e4eeb4e0e 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 311466858468504a1c6f5510661dc1f0adc332ba + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index eae6906cf..dadfca2d0 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 311466858468504a1c6f5510661dc1f0adc332ba + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 48895f545..79eb29315 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 311466858468504a1c6f5510661dc1f0adc332ba + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 3342416a6..d3a8786db 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 311466858468504a1c6f5510661dc1f0adc332ba + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index e0c5a4a99..3b4ce41a6 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 311466858468504a1c6f5510661dc1f0adc332ba + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index bdf013a34..33f087298 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 311466858468504a1c6f5510661dc1f0adc332ba + * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a */ #ifndef __libcrux_sha3_portable_H @@ -2771,7 +2771,7 @@ typedef struct } libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t; typedef libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t - libcrux_sha3_portable_incremental_Xof____136size_t; + libcrux_sha3_portable_incremental_Shake256Absorb; static inline size_t libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__fill_buffer__uint64_t_1size_t_136size_t( @@ -2886,7 +2886,7 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ } static inline void -libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136__usize___absorb( +libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofAbsorb_136__usize__for_libcrux_sha3__portable__incremental__Shake256Absorb__2__absorb( libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t *self, Eurydice_slice input) { @@ -2895,6 +2895,9 @@ libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136_ self, buf); } +typedef libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t + libcrux_sha3_portable_incremental_Shake256Squeeze; + static KRML_MUSTINLINE void libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_final__uint64_t_1size_t_136size_t_31uint8_t( libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t @@ -2953,14 +2956,15 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); } -static inline void -libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136__usize___absorb_final( +static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t +libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofAbsorb_136__usize__for_libcrux_sha3__portable__incremental__Shake256Absorb__2__absorb_final( libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t - *self, + self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_final__uint64_t_1size_t_136size_t_31uint8_t( - self, buf); + &self, buf); + return self; } static inline void @@ -3120,11 +3124,410 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ } static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t -libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136__usize___new( +libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofAbsorb_136__usize__for_libcrux_sha3__portable__incremental__Shake256Absorb__2__new( void) { return libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__new__uint64_t_1size_t_136size_t(); } +typedef struct + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t_s { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t inner; + uint8_t buf[1U][168U]; + size_t buf_len; + bool sponge; +} libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t; + +typedef libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + libcrux_sha3_portable_incremental_Shake128Absorb; + +static inline size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__fill_buffer__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *self, + Eurydice_slice inputs[1U]) { + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + size_t consumed = (size_t)0U; + if (self->buf_len > (size_t)0U) { + if (self->buf_len + input_len >= (size_t)168U) { + consumed = (size_t)168U - self->buf_len; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)168U, self->buf[i0], self->buf_len, uint8_t, size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t, + Eurydice_slice), + uint8_t, void *); + } + self->buf_len = self->buf_len + consumed; + } + } + return consumed; +} + +static inline Eurydice_slice +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full_closure__uint64_t_1size_t_168size_t( + uint8_t (**state)[168U], size_t i) { + return Eurydice_array_to_slice((size_t)168U, state[0U][i], uint8_t, + Eurydice_slice); +} + +static inline size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_consumed = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__fill_buffer__uint64_t_1size_t_168size_t( + uu____0, uu____1); + if (input_consumed > (size_t)0U) { + Eurydice_slice borrowed[1U]; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + borrowed[i] = Eurydice_array_to_slice((size_t)168U, self->buf[i], uint8_t, + Eurydice_slice); + } + uint64_t(*uu____2)[5U] = self->inner.st; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___168size_t( + uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + self->buf_len = (size_t)0U; + } + size_t input_to_consume = + core_slice___Slice_T___len(inputs[0U], uint8_t, size_t) - input_consumed; + size_t num_blocks = input_to_consume / (size_t)168U; + size_t remainder = input_to_consume % (size_t)168U; + for (size_t i = (size_t)0U; i < num_blocks; i++) { + size_t i0 = i; + uint64_t(*uu____4)[5U] = self->inner.st; + Eurydice_slice uu____5[1U]; + memcpy(uu____5, inputs, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( + uu____5, input_consumed + i0 * (size_t)168U, (size_t)168U, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___168size_t( + uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + } + return remainder; +} + +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full__uint64_t_1size_t_168size_t( + uu____0, uu____1); + if (input_remainder_len > (size_t)0U) { + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)168U, self->buf[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = self->buf_len, + .end = self->buf_len + input_remainder_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice_from(inputs[i0], + input_len - input_remainder_len, uint8_t, + size_t, Eurydice_slice), + uint8_t, void *); + } + self->buf_len = self->buf_len + input_remainder_len; + } +} + +static inline void +libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofAbsorb_168__usize__for_libcrux_sha3__portable__incremental__Shake128Absorb___absorb( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *self, + Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb__uint64_t_1size_t_168size_t( + self, buf); +} + +typedef libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + libcrux_sha3_portable_incremental_Shake128Squeeze; + +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full__uint64_t_1size_t_168size_t( + uu____0, uu____1); + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + if (self->buf_len > (size_t)0U) { + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = self->buf_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)168U, self->buf[i0], + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = self->buf_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } + if (input_remainder_len > (size_t)0U) { + Eurydice_slice uu____3 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = self->buf_len, + .end = self->buf_len + input_remainder_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice_from(inputs[i0], + input_len - input_remainder_len, uint8_t, + size_t, Eurydice_slice), + uint8_t, void *); + } + blocks[i0][self->buf_len + input_remainder_len] = 31U; + size_t uu____4 = i0; + size_t uu____5 = (size_t)168U - (size_t)1U; + blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U; + } + uint64_t(*uu____6)[5U] = self->inner.st; + uint8_t uu____7[1U][200U]; + memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___168size_t( + uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); +} + +static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t +libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofAbsorb_168__usize__for_libcrux_sha3__portable__incremental__Shake128Absorb___absorb_final( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + self, + Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + &self, buf); + return self; +} + +static inline void +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__zero_block__uint64_t_1size_t_168size_t( + uint8_t ret[168U]) { + ret[0U] = 0U; + ret[1U] = 0U; + ret[2U] = 0U; + ret[3U] = 0U; + ret[4U] = 0U; + ret[5U] = 0U; + ret[6U] = 0U; + ret[7U] = 0U; + ret[8U] = 0U; + ret[9U] = 0U; + ret[10U] = 0U; + ret[11U] = 0U; + ret[12U] = 0U; + ret[13U] = 0U; + ret[14U] = 0U; + ret[15U] = 0U; + ret[16U] = 0U; + ret[17U] = 0U; + ret[18U] = 0U; + ret[19U] = 0U; + ret[20U] = 0U; + ret[21U] = 0U; + ret[22U] = 0U; + ret[23U] = 0U; + ret[24U] = 0U; + ret[25U] = 0U; + ret[26U] = 0U; + ret[27U] = 0U; + ret[28U] = 0U; + ret[29U] = 0U; + ret[30U] = 0U; + ret[31U] = 0U; + ret[32U] = 0U; + ret[33U] = 0U; + ret[34U] = 0U; + ret[35U] = 0U; + ret[36U] = 0U; + ret[37U] = 0U; + ret[38U] = 0U; + ret[39U] = 0U; + ret[40U] = 0U; + ret[41U] = 0U; + ret[42U] = 0U; + ret[43U] = 0U; + ret[44U] = 0U; + ret[45U] = 0U; + ret[46U] = 0U; + ret[47U] = 0U; + ret[48U] = 0U; + ret[49U] = 0U; + ret[50U] = 0U; + ret[51U] = 0U; + ret[52U] = 0U; + ret[53U] = 0U; + ret[54U] = 0U; + ret[55U] = 0U; + ret[56U] = 0U; + ret[57U] = 0U; + ret[58U] = 0U; + ret[59U] = 0U; + ret[60U] = 0U; + ret[61U] = 0U; + ret[62U] = 0U; + ret[63U] = 0U; + ret[64U] = 0U; + ret[65U] = 0U; + ret[66U] = 0U; + ret[67U] = 0U; + ret[68U] = 0U; + ret[69U] = 0U; + ret[70U] = 0U; + ret[71U] = 0U; + ret[72U] = 0U; + ret[73U] = 0U; + ret[74U] = 0U; + ret[75U] = 0U; + ret[76U] = 0U; + ret[77U] = 0U; + ret[78U] = 0U; + ret[79U] = 0U; + ret[80U] = 0U; + ret[81U] = 0U; + ret[82U] = 0U; + ret[83U] = 0U; + ret[84U] = 0U; + ret[85U] = 0U; + ret[86U] = 0U; + ret[87U] = 0U; + ret[88U] = 0U; + ret[89U] = 0U; + ret[90U] = 0U; + ret[91U] = 0U; + ret[92U] = 0U; + ret[93U] = 0U; + ret[94U] = 0U; + ret[95U] = 0U; + ret[96U] = 0U; + ret[97U] = 0U; + ret[98U] = 0U; + ret[99U] = 0U; + ret[100U] = 0U; + ret[101U] = 0U; + ret[102U] = 0U; + ret[103U] = 0U; + ret[104U] = 0U; + ret[105U] = 0U; + ret[106U] = 0U; + ret[107U] = 0U; + ret[108U] = 0U; + ret[109U] = 0U; + ret[110U] = 0U; + ret[111U] = 0U; + ret[112U] = 0U; + ret[113U] = 0U; + ret[114U] = 0U; + ret[115U] = 0U; + ret[116U] = 0U; + ret[117U] = 0U; + ret[118U] = 0U; + ret[119U] = 0U; + ret[120U] = 0U; + ret[121U] = 0U; + ret[122U] = 0U; + ret[123U] = 0U; + ret[124U] = 0U; + ret[125U] = 0U; + ret[126U] = 0U; + ret[127U] = 0U; + ret[128U] = 0U; + ret[129U] = 0U; + ret[130U] = 0U; + ret[131U] = 0U; + ret[132U] = 0U; + ret[133U] = 0U; + ret[134U] = 0U; + ret[135U] = 0U; + ret[136U] = 0U; + ret[137U] = 0U; + ret[138U] = 0U; + ret[139U] = 0U; + ret[140U] = 0U; + ret[141U] = 0U; + ret[142U] = 0U; + ret[143U] = 0U; + ret[144U] = 0U; + ret[145U] = 0U; + ret[146U] = 0U; + ret[147U] = 0U; + ret[148U] = 0U; + ret[149U] = 0U; + ret[150U] = 0U; + ret[151U] = 0U; + ret[152U] = 0U; + ret[153U] = 0U; + ret[154U] = 0U; + ret[155U] = 0U; + ret[156U] = 0U; + ret[157U] = 0U; + ret[158U] = 0U; + ret[159U] = 0U; + ret[160U] = 0U; + ret[161U] = 0U; + ret[162U] = 0U; + ret[163U] = 0U; + ret[164U] = 0U; + ret[165U] = 0U; + ret[166U] = 0U; + ret[167U] = 0U; +} + +static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__new__uint64_t_1size_t_168size_t( + void) { + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t lit; + lit.inner = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + uint8_t ret[168U]; + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__zero_block__uint64_t_1size_t_168size_t( + ret); + memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); + lit.buf_len = (size_t)0U; + lit.sponge = false; + return lit; +} + +static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t +libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofAbsorb_168__usize__for_libcrux_sha3__portable__incremental__Shake128Absorb___new( + void) { + return libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__new__uint64_t_1size_t_168size_t(); +} + static KRML_MUSTINLINE void libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___136size_t( uint64_t (*state)[5U], Eurydice_slice out[1U]) { @@ -3226,7 +3629,7 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ } static inline void -libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136__usize___squeeze( +libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofSqueeze_136__usize__for_libcrux_sha3__portable__incremental__Shake256Squeeze__3__squeeze( libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t *self, Eurydice_slice out) { @@ -3235,6 +3638,116 @@ libcrux_sha3_portable_incremental__libcrux_sha3__portable__incremental__Xof_136_ self, buf); } +static KRML_MUSTINLINE void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___168size_t( + uint64_t (*state)[5U], Eurydice_slice out[1U]) { + size_t num_full_blocks = + core_slice___Slice_T___len(out[0U], uint8_t, size_t) / (size_t)8U; + size_t last_block_len = + core_slice___Slice_T___len(out[0U], uint8_t, size_t) % (size_t)8U; + for (size_t i = (size_t)0U; i < num_full_blocks; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, .end = i0 * (size_t)8U + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } + if (last_block_len != (size_t)0U) { + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = num_full_blocks * (size_t)8U, + .end = num_full_blocks * (size_t)8U + last_block_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes( + state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice( + (size_t)8U, ret, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_block_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__squeeze__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *self, + Eurydice_slice out[1U]) { + if (self->sponge) { + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + } + size_t out_len = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = out_len / (size_t)168U; + size_t last = out_len - out_len % (size_t)168U; + size_t mid; + if ((size_t)168U >= out_len) { + mid = out_len; + } else { + mid = (size_t)168U; + } + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, mid); + Eurydice_slice out00[1U]; + memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice out_rest[1U]; + memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___168size_t( + self->inner.st, out00); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( + out_rest, (size_t)168U); + Eurydice_slice out0[1U]; + memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice tmp[1U]; + memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___168size_t( + self->inner.st, out0); + memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < out_len) { + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___168size_t( + self->inner.st, out_rest); + } + self->sponge = true; +} + +static inline void +libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofSqueeze_168__usize__for_libcrux_sha3__portable__incremental__Shake128Squeeze__1__squeeze( + libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t + *self, + Eurydice_slice out) { + Eurydice_slice buf[1U] = {out}; + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__squeeze__uint64_t_1size_t_168size_t( + self, buf); +} + static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState___clone( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self) { From 38402677d04d1a69aa394345b9d3a8d3ba7b6d4c Mon Sep 17 00:00:00 2001 From: xvzcf Date: Tue, 6 Aug 2024 21:08:13 +0000 Subject: [PATCH 031/172] Slight improvement to rejection sampling. --- .../src/simd/avx2/rejection_sample.rs | 1 - .../avx2/rejection_sample/less_than_eta.rs | 4 ++-- .../less_than_field_modulus.rs | 4 ++-- .../src/simd/avx2/rejection_sample/utils.rs | 22 ------------------- 4 files changed, 4 insertions(+), 27 deletions(-) delete mode 100644 libcrux-ml-dsa/src/simd/avx2/rejection_sample/utils.rs diff --git a/libcrux-ml-dsa/src/simd/avx2/rejection_sample.rs b/libcrux-ml-dsa/src/simd/avx2/rejection_sample.rs index fca877fa2..ec89bd87a 100644 --- a/libcrux-ml-dsa/src/simd/avx2/rejection_sample.rs +++ b/libcrux-ml-dsa/src/simd/avx2/rejection_sample.rs @@ -1,4 +1,3 @@ pub(crate) mod less_than_eta; pub(crate) mod less_than_field_modulus; mod shuffle_table; -mod utils; diff --git a/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_eta.rs b/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_eta.rs index a2ca12d46..da2834fba 100644 --- a/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_eta.rs +++ b/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_eta.rs @@ -1,6 +1,6 @@ use crate::simd::avx2::{ encoding, - rejection_sample::{shuffle_table::SHUFFLE_TABLE, utils}, + rejection_sample::shuffle_table::SHUFFLE_TABLE, }; use libcrux_intrinsics::avx2::*; @@ -44,7 +44,7 @@ pub(crate) fn sample(input: &[u8], output: &mut [i32]) -> usiz // Since every bit in each lane is either 0 or all 1s, we only need one bit // from each lane to tell us what coefficients to keep and what to throw-away. // Combine all the bits (there are 8) into one byte. - let good = utils::extract_least_significant_bits(compare_with_interval_boundary); + let good = mm256_movemask_ps(mm256_castsi256_ps(compare_with_interval_boundary)); let good_lower_half = good & 0x0F; let good_upper_half = good >> 4; diff --git a/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_field_modulus.rs b/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_field_modulus.rs index aefc39f35..124b6048b 100644 --- a/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_field_modulus.rs +++ b/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_field_modulus.rs @@ -1,5 +1,5 @@ use crate::simd::{ - avx2::rejection_sample::{shuffle_table::SHUFFLE_TABLE, utils}, + avx2::rejection_sample::shuffle_table::SHUFFLE_TABLE, traits::FIELD_MODULUS, }; @@ -53,7 +53,7 @@ pub(crate) fn sample(input: &[u8], output: &mut [i32]) -> usize { // Since every bit in each lane is either 0 or all 1s, we only need one bit // from each lane to tell us what coefficients to keep and what to throw-away. // Combine all the bits (there are 8) into one byte. - let good = utils::extract_least_significant_bits(compare_with_field_modulus); + let good = mm256_movemask_ps(mm256_castsi256_ps(compare_with_field_modulus)); let good_lower_half = good & 0x0F; let good_upper_half = good >> 4; diff --git a/libcrux-ml-dsa/src/simd/avx2/rejection_sample/utils.rs b/libcrux-ml-dsa/src/simd/avx2/rejection_sample/utils.rs deleted file mode 100644 index 8ad7b9684..000000000 --- a/libcrux-ml-dsa/src/simd/avx2/rejection_sample/utils.rs +++ /dev/null @@ -1,22 +0,0 @@ -use libcrux_intrinsics::avx2::*; - -#[inline(always)] -pub(crate) fn extract_least_significant_bits(simd_unit: Vec256) -> u8 { - let first_byte_from_each_i32_lane = mm256_shuffle_epi8( - simd_unit, - mm256_set_epi8( - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 12, 8, 4, 0, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 12, 8, 4, 0, - ), - ); - - let bytes_grouped = mm256_permutevar8x32_epi32( - first_byte_from_each_i32_lane, - mm256_set_epi32(0, 0, 0, 0, 0, 0, 4, 0), - ); - let bytes_grouped = mm256_castsi256_si128(bytes_grouped); - - let bits = mm_movemask_epi8(bytes_grouped); - - (bits & 0xFF) as u8 -} From 74354fd27c4ca686eb99b5548276d9fea05c390f Mon Sep 17 00:00:00 2001 From: xvzcf Date: Wed, 7 Aug 2024 21:03:47 +0000 Subject: [PATCH 032/172] Unroll expand_to_A. --- libcrux-ml-dsa/src/expandx4.rs | 382 ++++++++++++++++++ libcrux-ml-dsa/src/lib.rs | 1 + libcrux-ml-dsa/src/matrix.rs | 45 --- libcrux-ml-dsa/src/ml_dsa_generic.rs | 12 +- libcrux-ml-dsa/src/sample.rs | 80 ++-- .../avx2/rejection_sample/less_than_eta.rs | 5 +- .../less_than_field_modulus.rs | 5 +- 7 files changed, 425 insertions(+), 105 deletions(-) create mode 100644 libcrux-ml-dsa/src/expandx4.rs diff --git a/libcrux-ml-dsa/src/expandx4.rs b/libcrux-ml-dsa/src/expandx4.rs new file mode 100644 index 000000000..7ae9e1d78 --- /dev/null +++ b/libcrux-ml-dsa/src/expandx4.rs @@ -0,0 +1,382 @@ +use crate::{ + hash_functions::shake128, polynomial::PolynomialRingElement, sample::sample_four_ring_elements, + simd::traits::Operations, +}; + +#[inline(always)] +fn generate_domain_separator(row: u8, column: u8) -> u16 { + (column as u16) | ((row as u16) << 8) +} + +#[allow(non_snake_case)] +#[inline(always)] +pub(crate) fn matrix_A_4_by_4< + SIMDUnit: Operations, + Shake128X4: shake128::XofX4, + const ROWS_IN_A: usize, + const COLUMNS_IN_A: usize, +>( + seed: [u8; 34], +) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { + let mut A = [[PolynomialRingElement::::ZERO(); COLUMNS_IN_A]; ROWS_IN_A]; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(0, 0), + generate_domain_separator(0, 1), + generate_domain_separator(0, 2), + generate_domain_separator(0, 3), + ); + A[0][0] = four_ring_elements.0; + A[0][1] = four_ring_elements.1; + A[0][2] = four_ring_elements.2; + A[0][3] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(1, 0), + generate_domain_separator(1, 1), + generate_domain_separator(1, 2), + generate_domain_separator(1, 3), + ); + A[1][0] = four_ring_elements.0; + A[1][1] = four_ring_elements.1; + A[1][2] = four_ring_elements.2; + A[1][3] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(2, 0), + generate_domain_separator(2, 1), + generate_domain_separator(2, 2), + generate_domain_separator(2, 3), + ); + A[2][0] = four_ring_elements.0; + A[2][1] = four_ring_elements.1; + A[2][2] = four_ring_elements.2; + A[2][3] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(3, 0), + generate_domain_separator(3, 1), + generate_domain_separator(3, 2), + generate_domain_separator(3, 3), + ); + A[3][0] = four_ring_elements.0; + A[3][1] = four_ring_elements.1; + A[3][2] = four_ring_elements.2; + A[3][3] = four_ring_elements.3; + + A +} + +#[allow(non_snake_case)] +#[inline(always)] +pub(crate) fn matrix_A_6_by_5< + SIMDUnit: Operations, + Shake128X4: shake128::XofX4, + const ROWS_IN_A: usize, + const COLUMNS_IN_A: usize, +>( + seed: [u8; 34], +) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { + let mut A = [[PolynomialRingElement::::ZERO(); COLUMNS_IN_A]; ROWS_IN_A]; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(0, 0), + generate_domain_separator(0, 1), + generate_domain_separator(0, 2), + generate_domain_separator(0, 3), + ); + A[0][0] = four_ring_elements.0; + A[0][1] = four_ring_elements.1; + A[0][2] = four_ring_elements.2; + A[0][3] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(0, 4), + generate_domain_separator(1, 0), + generate_domain_separator(1, 1), + generate_domain_separator(1, 2), + ); + A[0][4] = four_ring_elements.0; + A[1][0] = four_ring_elements.1; + A[1][1] = four_ring_elements.2; + A[1][2] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(1, 3), + generate_domain_separator(1, 4), + generate_domain_separator(2, 0), + generate_domain_separator(2, 1), + ); + A[1][3] = four_ring_elements.0; + A[1][4] = four_ring_elements.1; + A[2][0] = four_ring_elements.2; + A[2][1] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(2, 2), + generate_domain_separator(2, 3), + generate_domain_separator(2, 4), + generate_domain_separator(3, 0), + ); + A[2][2] = four_ring_elements.0; + A[2][3] = four_ring_elements.1; + A[2][4] = four_ring_elements.2; + A[3][0] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(3, 1), + generate_domain_separator(3, 2), + generate_domain_separator(3, 3), + generate_domain_separator(3, 4), + ); + A[3][1] = four_ring_elements.0; + A[3][2] = four_ring_elements.1; + A[3][3] = four_ring_elements.2; + A[3][4] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(4, 0), + generate_domain_separator(4, 1), + generate_domain_separator(4, 2), + generate_domain_separator(4, 3), + ); + A[4][0] = four_ring_elements.0; + A[4][1] = four_ring_elements.1; + A[4][2] = four_ring_elements.2; + A[4][3] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(4, 4), + generate_domain_separator(5, 0), + generate_domain_separator(5, 1), + generate_domain_separator(5, 2), + ); + A[4][4] = four_ring_elements.0; + A[5][0] = four_ring_elements.1; + A[5][1] = four_ring_elements.2; + A[5][2] = four_ring_elements.3; + + // The the last 2 sampled ring elements are discarded here. + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(5, 3), + generate_domain_separator(5, 4), + generate_domain_separator(0, 0), + generate_domain_separator(0, 0), + ); + A[5][3] = four_ring_elements.0; + A[5][4] = four_ring_elements.1; + + A +} + +#[allow(non_snake_case)] +#[inline(always)] +pub(crate) fn matrix_A_8_by_7< + SIMDUnit: Operations, + Shake128X4: shake128::XofX4, + const ROWS_IN_A: usize, + const COLUMNS_IN_A: usize, +>( + seed: [u8; 34], +) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { + let mut A = [[PolynomialRingElement::::ZERO(); COLUMNS_IN_A]; ROWS_IN_A]; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(0, 0), + generate_domain_separator(0, 1), + generate_domain_separator(0, 2), + generate_domain_separator(0, 3), + ); + A[0][0] = four_ring_elements.0; + A[0][1] = four_ring_elements.1; + A[0][2] = four_ring_elements.2; + A[0][3] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(0, 4), + generate_domain_separator(0, 5), + generate_domain_separator(0, 6), + generate_domain_separator(1, 0), + ); + A[0][4] = four_ring_elements.0; + A[0][5] = four_ring_elements.1; + A[0][6] = four_ring_elements.2; + A[1][0] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(1, 1), + generate_domain_separator(1, 2), + generate_domain_separator(1, 3), + generate_domain_separator(1, 4), + ); + A[1][1] = four_ring_elements.0; + A[1][2] = four_ring_elements.1; + A[1][3] = four_ring_elements.2; + A[1][4] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(1, 5), + generate_domain_separator(1, 6), + generate_domain_separator(2, 0), + generate_domain_separator(2, 1), + ); + A[1][5] = four_ring_elements.0; + A[1][6] = four_ring_elements.1; + A[2][0] = four_ring_elements.2; + A[2][1] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(2, 2), + generate_domain_separator(2, 3), + generate_domain_separator(2, 4), + generate_domain_separator(2, 5), + ); + A[2][2] = four_ring_elements.0; + A[2][3] = four_ring_elements.1; + A[2][4] = four_ring_elements.2; + A[2][5] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(2, 6), + generate_domain_separator(3, 0), + generate_domain_separator(3, 1), + generate_domain_separator(3, 2), + ); + A[2][6] = four_ring_elements.0; + A[3][0] = four_ring_elements.1; + A[3][1] = four_ring_elements.2; + A[3][2] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(3, 3), + generate_domain_separator(3, 4), + generate_domain_separator(3, 5), + generate_domain_separator(3, 6), + ); + A[3][3] = four_ring_elements.0; + A[3][4] = four_ring_elements.1; + A[3][5] = four_ring_elements.2; + A[3][6] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(4, 0), + generate_domain_separator(4, 1), + generate_domain_separator(4, 2), + generate_domain_separator(4, 3), + ); + A[4][0] = four_ring_elements.0; + A[4][1] = four_ring_elements.1; + A[4][2] = four_ring_elements.2; + A[4][3] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(4, 4), + generate_domain_separator(4, 5), + generate_domain_separator(4, 6), + generate_domain_separator(5, 0), + ); + A[4][4] = four_ring_elements.0; + A[4][5] = four_ring_elements.1; + A[4][6] = four_ring_elements.2; + A[5][0] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(5, 1), + generate_domain_separator(5, 2), + generate_domain_separator(5, 3), + generate_domain_separator(5, 4), + ); + A[5][1] = four_ring_elements.0; + A[5][2] = four_ring_elements.1; + A[5][3] = four_ring_elements.2; + A[5][4] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(5, 5), + generate_domain_separator(5, 6), + generate_domain_separator(6, 0), + generate_domain_separator(6, 1), + ); + A[5][5] = four_ring_elements.0; + A[5][6] = four_ring_elements.1; + A[6][0] = four_ring_elements.2; + A[6][1] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(6, 2), + generate_domain_separator(6, 3), + generate_domain_separator(6, 4), + generate_domain_separator(6, 5), + ); + A[6][2] = four_ring_elements.0; + A[6][3] = four_ring_elements.1; + A[6][4] = four_ring_elements.2; + A[6][5] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(6, 6), + generate_domain_separator(7, 0), + generate_domain_separator(7, 1), + generate_domain_separator(7, 2), + ); + A[6][6] = four_ring_elements.0; + A[7][0] = four_ring_elements.1; + A[7][1] = four_ring_elements.2; + A[7][2] = four_ring_elements.3; + + let four_ring_elements = sample_four_ring_elements::( + seed, + generate_domain_separator(7, 3), + generate_domain_separator(7, 4), + generate_domain_separator(7, 5), + generate_domain_separator(7, 6), + ); + A[7][3] = four_ring_elements.0; + A[7][4] = four_ring_elements.1; + A[7][5] = four_ring_elements.2; + A[7][6] = four_ring_elements.3; + + A +} + +#[allow(non_snake_case)] +pub(crate) fn matrix_A< + SIMDUnit: Operations, + Shake128X4: shake128::XofX4, + const ROWS_IN_A: usize, + const COLUMNS_IN_A: usize, +>( + seed: [u8; 34], +) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { + match (ROWS_IN_A, COLUMNS_IN_A) { + (4, 4) => matrix_A_4_by_4::(seed), + (6, 5) => matrix_A_6_by_5::(seed), + (8, 7) => matrix_A_8_by_7::(seed), + _ => unreachable!(), + } +} diff --git a/libcrux-ml-dsa/src/lib.rs b/libcrux-ml-dsa/src/lib.rs index a6c178295..0401a0fd9 100644 --- a/libcrux-ml-dsa/src/lib.rs +++ b/libcrux-ml-dsa/src/lib.rs @@ -1,6 +1,7 @@ mod arithmetic; mod constants; mod encoding; +mod expandx4; mod hash_functions; mod instantiations; mod matrix; diff --git a/libcrux-ml-dsa/src/matrix.rs b/libcrux-ml-dsa/src/matrix.rs index 1306095c8..7f4e3e1b6 100644 --- a/libcrux-ml-dsa/src/matrix.rs +++ b/libcrux-ml-dsa/src/matrix.rs @@ -1,56 +1,11 @@ use crate::{ arithmetic::shift_left_then_reduce, constants::BITS_IN_LOWER_PART_OF_T, - hash_functions::shake128, ntt::{invert_ntt_montgomery, ntt, ntt_multiply_montgomery}, polynomial::PolynomialRingElement, - sample::{sample_four_ring_element_uniform, sample_ring_element_uniform}, simd::traits::Operations, }; -#[allow(non_snake_case)] -#[inline(always)] -pub(crate) fn expand_to_A< - SIMDUnit: Operations, - Shake128: shake128::Xof, - Shake128X4: shake128::XofX4, - const ROWS_IN_A: usize, - const COLUMNS_IN_A: usize, ->( - mut seed: [u8; 34], -) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { - let mut A = [[PolynomialRingElement::::ZERO(); COLUMNS_IN_A]; ROWS_IN_A]; - - // Mutable iterators won't go through hax, so we need these range loops. - - // | Key size | ROWS_IN_A | COLUMNS_IN_A | - // | -------- | --------- | ------------ | - // | 44 | 4 | 4 | - // | 65 | 6 | 5 | - // | 87 | 8 | 7 | - // - // We always do 4 in parallel first and then one at a time. - #[allow(clippy::needless_range_loop)] - for i in 0..ROWS_IN_A { - let samples = sample_four_ring_element_uniform::(seed, i); - A[i][0] = samples.0; - A[i][1] = samples.1; - A[i][2] = samples.2; - A[i][3] = samples.3; - - // TODO: We could do more in parallel if we think that may speed - // things up. - for j in 4..COLUMNS_IN_A { - seed[32] = j as u8; - seed[33] = i as u8; - - A[i][j] = sample_ring_element_uniform::(seed); - } - } - - A -} - /// Compute InvertNTT( ◦ ŝ₁) + s₂ #[allow(non_snake_case)] #[inline(always)] diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs index 82d65c2dc..78291938e 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs @@ -3,11 +3,11 @@ use crate::{ decompose_vector, make_hint, power2round_vector, use_hint, vector_infinity_norm_exceeds, }, constants::*, - encoding, + encoding, expandx4, hash_functions::{shake128, shake256}, matrix::{ - add_vectors, compute_A_times_mask, compute_As1_plus_s2, compute_w_approx, expand_to_A, - subtract_vectors, vector_times_ring_element, + add_vectors, compute_A_times_mask, compute_As1_plus_s2, compute_w_approx, subtract_vectors, + vector_times_ring_element, }, ntt::ntt, polynomial::PolynomialRingElement, @@ -54,7 +54,7 @@ pub(crate) fn generate_key_pair< let mut domain_separator: u16 = 0; - let A_as_ntt = expand_to_A::( + let A_as_ntt = expandx4::matrix_A::( into_padded_array(seed_for_A), ); @@ -140,7 +140,7 @@ pub(crate) fn sign< SIGNING_KEY_SIZE, >(signing_key); - let A_as_ntt = expand_to_A::( + let A_as_ntt = expandx4::matrix_A::( into_padded_array(&seed_for_A), ); @@ -317,7 +317,7 @@ pub(crate) fn verify< signature.signer_response, (2 << GAMMA1_EXPONENT) - BETA, ) { - let A_as_ntt = expand_to_A::( + let A_as_ntt = expandx4::matrix_A::( into_padded_array(&seed_for_A), ); diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index d13de4309..2f56dad2f 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -32,25 +32,33 @@ fn rejection_sample_less_than_field_modulus( } #[inline(always)] -pub(crate) fn sample_four_ring_element_uniform( +pub(crate) fn sample_four_ring_elements( mut seed0: [u8; 34], - i: usize, + domain_separator0: u16, + domain_separator1: u16, + domain_seperator2: u16, + domain_separator3: u16, ) -> ( PolynomialRingElement, PolynomialRingElement, PolynomialRingElement, PolynomialRingElement, ) { - seed0[33] = i as u8; + // Prepare the seeds + seed0[32] = domain_separator0 as u8; + seed0[33] = (domain_separator0 >> 8) as u8; - // Prepare 4 seeds - seed0[32] = 0; let mut seed1 = seed0; - seed1[32] = 1; + seed1[32] = domain_separator1 as u8; + seed1[33] = (domain_separator1 >> 8) as u8; + let mut seed2 = seed0; - seed2[32] = 2; + seed2[32] = domain_seperator2 as u8; + seed2[33] = (domain_seperator2 >> 8) as u8; + let mut seed3 = seed0; - seed3[32] = 3; + seed3[32] = domain_separator3 as u8; + seed3[33] = (domain_separator3 >> 8) as u8; let mut state = Shake128::init_absorb(&seed0, &seed1, &seed2, &seed3); @@ -144,42 +152,6 @@ pub(crate) fn sample_four_ring_element_uniform( - seed: [u8; 34], -) -> PolynomialRingElement { - let mut state = Shake128::init_absorb(&seed); - let randomness = state.squeeze_first_five_blocks(); - - // Every call to |rejection_sample_less_than_field_modulus| - // will result in a call to |PortableSIMDUnit::rejection_sample_less_than_field_modulus|; - // this latter function performs no bounds checking and can write up to 8 - // elements to its output. It is therefore possible that 255 elements have - // already been sampled and we call the function again. - // - // To ensure we don't overflow the buffer in this case, we allocate 255 + 8 - // = 263 elements. - let mut coefficients = [0i32; 263]; - - let mut sampled = 0; - let mut done = rejection_sample_less_than_field_modulus::( - &randomness, - &mut sampled, - &mut coefficients, - ); - - while !done { - let randomness = state.squeeze_next_block(); - done = rejection_sample_less_than_field_modulus::( - &randomness, - &mut sampled, - &mut coefficients, - ); - } - - PolynomialRingElement::::from_i32_array(&coefficients[0..256]) -} - #[inline(always)] fn rejection_sample_less_than_eta_equals_2( randomness: &[u8], @@ -565,7 +537,23 @@ mod tests { simd::{self, traits::Operations}, }; - fn test_sample_ring_element_uniform_generic() { + // This is just a wrapper around sample_four_ring_elements, for testing + // purposes. + fn sample_ring_element_uniform( + seed: [u8; 34], + ) -> PolynomialRingElement { + let four_ring_elements = sample_four_ring_elements::( + seed, + ((seed[33] as u16) << 8) | (seed[32] as u16), + 0, + 0, + 0, + ); + + four_ring_elements.0 + } + + fn test_sample_ring_element_uniform_generic() { let seed: [u8; 34] = [ 33, 192, 250, 216, 117, 61, 16, 12, 248, 51, 213, 110, 64, 57, 119, 80, 164, 83, 73, 91, 80, 128, 195, 219, 203, 149, 170, 233, 16, 232, 209, 105, 4, 5, @@ -816,7 +804,7 @@ mod tests { fn test_sample_ring_element_uniform_simd256() { test_sample_ring_element_uniform_generic::< simd::avx2::AVX2SIMDUnit, - hash_functions::portable::Shake128, + crate::hash_functions::simd256::Shake128, >(); } #[cfg(feature = "simd256")] diff --git a/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_eta.rs b/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_eta.rs index da2834fba..cd0f5b05d 100644 --- a/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_eta.rs +++ b/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_eta.rs @@ -1,7 +1,4 @@ -use crate::simd::avx2::{ - encoding, - rejection_sample::shuffle_table::SHUFFLE_TABLE, -}; +use crate::simd::avx2::{encoding, rejection_sample::shuffle_table::SHUFFLE_TABLE}; use libcrux_intrinsics::avx2::*; diff --git a/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_field_modulus.rs b/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_field_modulus.rs index 124b6048b..394fa211c 100644 --- a/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_field_modulus.rs +++ b/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_field_modulus.rs @@ -1,7 +1,4 @@ -use crate::simd::{ - avx2::rejection_sample::shuffle_table::SHUFFLE_TABLE, - traits::FIELD_MODULUS, -}; +use crate::simd::{avx2::rejection_sample::shuffle_table::SHUFFLE_TABLE, traits::FIELD_MODULUS}; use libcrux_intrinsics::avx2::*; From 9f921f1d486b6c676b52dfc58939997c9a96bacb Mon Sep 17 00:00:00 2001 From: xvzcf Date: Thu, 8 Aug 2024 15:47:10 +0000 Subject: [PATCH 033/172] Slightly refactored sample.rs tests --- libcrux-ml-dsa/src/sample.rs | 96 +++++++++++++++++++----------------- 1 file changed, 52 insertions(+), 44 deletions(-) diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index 2f56dad2f..2f05a4e01 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -775,52 +775,60 @@ mod tests { } #[cfg(not(feature = "simd256"))] - #[test] - fn test_sample_ring_element_uniform_portable() { - test_sample_ring_element_uniform_generic::< - simd::portable::PortableSIMDUnit, - hash_functions::portable::Shake128, - >(); - } - #[cfg(not(feature = "simd256"))] - #[test] - fn test_sample_error_ring_element_portable() { - test_sample_error_ring_element_generic::< - simd::portable::PortableSIMDUnit, - hash_functions::portable::Shake256, - >(); - } - #[cfg(not(feature = "simd256"))] - #[test] - fn test_sample_challenge_ring_element_portable() { - test_sample_challenge_ring_element_generic::< - simd::portable::PortableSIMDUnit, - hash_functions::portable::Shake256, - >(); - } + mod portable { + use super::*; + + #[test] + fn test_sample_ring_element_uniform() { + test_sample_ring_element_uniform_generic::< + simd::portable::PortableSIMDUnit, + hash_functions::portable::Shake128, + >(); + } - #[cfg(feature = "simd256")] - #[test] - fn test_sample_ring_element_uniform_simd256() { - test_sample_ring_element_uniform_generic::< - simd::avx2::AVX2SIMDUnit, - crate::hash_functions::simd256::Shake128, - >(); - } - #[cfg(feature = "simd256")] - #[test] - fn test_sample_error_ring_element_simd256() { - test_sample_error_ring_element_generic::< - simd::avx2::AVX2SIMDUnit, - hash_functions::portable::Shake256, - >(); + #[test] + fn test_sample_error_ring_element() { + test_sample_error_ring_element_generic::< + simd::portable::PortableSIMDUnit, + hash_functions::portable::Shake256, + >(); + } + + #[test] + fn test_sample_challenge_ring_element() { + test_sample_challenge_ring_element_generic::< + simd::portable::PortableSIMDUnit, + hash_functions::portable::Shake256, + >(); + } } + #[cfg(feature = "simd256")] - #[test] - fn test_sample_challenge_ring_element_simd256() { - test_sample_challenge_ring_element_generic::< - simd::avx2::AVX2SIMDUnit, - hash_functions::portable::Shake256, - >(); + mod simd256 { + use super::*; + + #[test] + fn test_sample_ring_element_uniform() { + test_sample_ring_element_uniform_generic::< + simd::avx2::AVX2SIMDUnit, + crate::hash_functions::simd256::Shake128, + >(); + } + + #[test] + fn test_sample_error_ring_element() { + test_sample_error_ring_element_generic::< + simd::avx2::AVX2SIMDUnit, + hash_functions::portable::Shake256, + >(); + } + + #[test] + fn test_sample_challenge_ring_element() { + test_sample_challenge_ring_element_generic::< + simd::avx2::AVX2SIMDUnit, + hash_functions::portable::Shake256, + >(); + } } } From 9307ab926afbe89fd8e61ffec8dd95a500c18f33 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Thu, 8 Aug 2024 13:54:06 -0700 Subject: [PATCH 034/172] Leverage latest code quality improvements in Eurydice etc. --- .docker/c/install.sh | 12 +- libcrux-ml-kem/c.yaml | 5 + libcrux-ml-kem/c/code_gen.txt | 10 +- libcrux-ml-kem/c/internal/libcrux_core.h | 46 +- .../c/internal/libcrux_mlkem_avx2.h | 34 +- .../c/internal/libcrux_mlkem_portable.h | 34 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 10 +- .../c/internal/libcrux_sha3_internal.h | 40 +- libcrux-ml-kem/c/libcrux_core.c | 57 +- libcrux-ml-kem/c/libcrux_core.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 70 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 52 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 70 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 52 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 68 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 68 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 68 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 68 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2915 ++++++++++------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 263 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 1003 +++++- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 92 +- libcrux-ml-kem/c/libcrux_sha3.h | 65 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 921 +++--- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 39 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 82 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 41 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 41 +- 37 files changed, 4355 insertions(+), 2131 deletions(-) diff --git a/.docker/c/install.sh b/.docker/c/install.sh index 666d4fc60..596d0c366 100644 --- a/.docker/c/install.sh +++ b/.docker/c/install.sh @@ -25,24 +25,24 @@ unzip hacl-star.zip rm -rf hacl-star.zip mv hacl-star-2a8b61343a1a7232611cb763b0dc3e4dff84d656/ hacl-star -curl -L https://github.com/AeneasVerif/charon/archive/3f6d1c304e0e5bef1e9e2ea65aec703661b05f39.zip \ +curl -L https://github.com/AeneasVerif/charon/archive/53530427db2941ce784201e64086766504bc5642.zip \ --output charon.zip unzip charon.zip rm -rf charon.zip -mv charon-3f6d1c304e0e5bef1e9e2ea65aec703661b05f39/ charon +mv charon-53530427db2941ce784201e64086766504bc5642/ charon -curl -L https://github.com/FStarLang/karamel/archive/fc56fce6a58754766809845f88fc62063b2c6b92.zip \ +curl -L https://github.com/FStarLang/karamel/archive/2bd16e63cfbfa2b81d3c45d597b811ca2a12d430.zip \ --output karamel.zip unzip karamel.zip rm -rf karamel.zip -mv karamel-fc56fce6a58754766809845f88fc62063b2c6b92/ karamel +mv karamel-2bd16e63cfbfa2b81d3c45d597b811ca2a12d430/ karamel -curl -L https://github.com/AeneasVerif/eurydice/archive/392674166bac86e60f5fffa861181a398fdc3896.zip \ +curl -L https://github.com/AeneasVerif/eurydice/archive/05ade3c33b87927d9873736212cc5078c1fc3d69.zip \ --output eurydice.zip unzip eurydice.zip rm -rf eurydice.zip -mv eurydice-392674166bac86e60f5fffa861181a398fdc3896/ eurydice +mv eurydice-05ade3c33b87927d9873736212cc5078c1fc3d69/ eurydice echo "export FSTAR_HOME=$HOME/fstar" >>$HOME/.profile echo "export HACL_HOME=$HOME/hacl-star" >>$HOME/.profile diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 54dea4797..3a8f6001d 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -230,3 +230,8 @@ files: private: - [libcrux_ml_kem, "*"] inline_static: true + +naming: + skip_prefix: + - [ core, core_arch, arm_shared, neon ] + - [ core, core_arch, x86 ] diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 89de62066..7de2127cd 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 -Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 -Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 -F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f +Charon: 53530427db2941ce784201e64086766504bc5642 +Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 +Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 +F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 +Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 1bfc0666f..50f0155c0 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __internal_libcrux_core_H @@ -78,6 +78,9 @@ with const generics libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( uint8_t value[1568U]); +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -116,6 +119,9 @@ with const generics libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( uint8_t value[1568U]); +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -139,6 +145,9 @@ with const generics Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -159,6 +168,9 @@ with const generics libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( uint8_t value[1184U]); +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -197,6 +209,9 @@ with const generics libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( uint8_t value[1088U]); +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -220,6 +235,9 @@ with const generics Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -240,6 +258,9 @@ with const generics libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( uint8_t value[800U]); +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -278,6 +299,9 @@ with const generics libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( uint8_t value[768U]); +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -289,6 +313,9 @@ with const generics uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( libcrux_ml_kem_types_MlKemPublicKey_be *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -320,6 +347,9 @@ with types uint8_t[32size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -340,6 +370,9 @@ with const generics Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -348,6 +381,9 @@ with const generics void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, uint8_t ret[800U]); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index b400ee5e8..5a5776797 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -49,6 +49,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -185,6 +193,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -321,6 +337,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 7e3c47929..370d96d3b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -55,6 +55,14 @@ generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -195,6 +203,14 @@ generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -335,6 +351,14 @@ generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index f57c7bd3f..545a20b77 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index c2e703c10..46a061db9 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __internal_libcrux_sha3_internal_H @@ -24,11 +24,17 @@ extern "C" { typedef libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_KeccakState; +/** + Create a new SHAKE-128 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { return libcrux_sha3_generic_keccak_new_1e_f2(); } +/** + Absorb +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { @@ -36,6 +42,9 @@ libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_absorb_final_72(s, buf); } +/** + Squeeze another block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -70,6 +79,9 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); } +/** + Squeeze three blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -84,6 +96,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( typedef uint8_t libcrux_sha3_Algorithm; +/** + Returns the output size of a digest. +*/ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; switch (mode) { @@ -167,6 +182,9 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); } +/** + Squeeze five blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -174,6 +192,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } +/** + Absorb some data for SHAKE-256 for the last time +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { @@ -181,11 +202,17 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_720(s, buf); } +/** + Create a new SHAKE-256 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { return libcrux_sha3_generic_keccak_new_1e_f2(); } +/** + Squeeze the first SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { @@ -193,6 +220,9 @@ libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } +/** + Squeeze the next SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 4aaba94d8..e2b08b63e 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,15 +4,18 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "internal/libcrux_core.h" +/** + Return 1 if `value` is not zero and 0 otherwise. +*/ static uint8_t inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -25,6 +28,10 @@ static uint8_t inz(uint8_t value) { static KRML_NOINLINE uint8_t is_non_zero(uint8_t value) { return inz(value); } +/** + Return 1 if the bytes of `lhs` and `rhs` do not exactly + match and 0 otherwise. +*/ static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; for (size_t i = (size_t)0U; @@ -43,6 +50,10 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return compare(lhs, rhs); } +/** + If `selector` is not zero, return the bytes in `rhs`; return the bytes in + `lhs` otherwise. +*/ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); @@ -96,6 +107,9 @@ libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( return lit; } +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -149,6 +163,9 @@ libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( return lit; } +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -177,6 +194,9 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( Eurydice_slice); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -213,6 +233,9 @@ libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( return lit; } +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -266,6 +289,9 @@ libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( return lit; } +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -294,6 +320,9 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( Eurydice_slice); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -330,6 +359,9 @@ libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( return lit; } +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -382,6 +414,9 @@ libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( return lit; } +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -395,6 +430,9 @@ uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( return self->value; } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -433,6 +471,9 @@ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { } } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -466,6 +507,9 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( Eurydice_slice); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -484,6 +528,9 @@ void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index a389c7bb3..c9cbb548b 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index f2f030801..7769b768b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index b520aad16..638100d27 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "libcrux_mlkem1024_avx2.h" #include "internal/libcrux_mlkem_avx2.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -42,6 +45,13 @@ static void decapsulate_d8( libcrux_ml_kem_ind_cca_decapsulate_c40(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -49,6 +59,9 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( decapsulate_d8(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -77,6 +90,13 @@ static void decapsulate_unpacked_ca( libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -110,6 +130,13 @@ static tuple_21 encapsulate_b2( return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); } +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { @@ -119,6 +146,9 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( return encapsulate_b2(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -147,6 +177,16 @@ static tuple_21 encapsulate_unpacked_16( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0(uu____0, uu____1); } +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { @@ -157,6 +197,9 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( return encapsulate_unpacked_16(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -175,6 +218,9 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_f6( return libcrux_ml_kem_ind_cca_generate_keypair_c22(uu____0); } +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -182,6 +228,9 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_f6(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -201,6 +250,9 @@ generate_keypair_unpacked_d9(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uu____0); } +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -209,6 +261,9 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( return generate_keypair_unpacked_d9(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -221,6 +276,11 @@ static bool validate_public_key_570(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf0(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 95e4be554..63dc40f87 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem1024_avx2_H @@ -22,29 +22,71 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index e8cd5bbc6..62ab56360 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "libcrux_mlkem1024_portable.h" #include "internal/libcrux_mlkem_portable.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -42,6 +45,13 @@ static void decapsulate_52( libcrux_ml_kem_ind_cca_decapsulate_4f1(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -49,6 +59,9 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( decapsulate_52(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -77,6 +90,13 @@ static void decapsulate_unpacked_b6( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -110,6 +130,13 @@ static tuple_21 encapsulate_ec( return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, uu____1); } +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { @@ -119,6 +146,9 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( return encapsulate_ec(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -147,6 +177,16 @@ static tuple_21 encapsulate_unpacked_9a( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_311(uu____0, uu____1); } +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { @@ -157,6 +197,9 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( return encapsulate_unpacked_9a(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -176,6 +219,9 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_0e( return libcrux_ml_kem_ind_cca_generate_keypair_c24(uu____0); } +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -183,6 +229,9 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_0e(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -202,6 +251,9 @@ generate_keypair_unpacked_4a(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uu____0); } +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -210,6 +262,9 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( return generate_keypair_unpacked_4a(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -222,6 +277,11 @@ static bool validate_public_key_e11(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_351(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index c147a8fdd..417e9fffa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem1024_portable_H @@ -22,29 +22,71 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 67291c9bf..56d0a6c67 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 84df57bde..c3bc43264 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "libcrux_mlkem512_avx2.h" #include "internal/libcrux_mlkem_avx2.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -41,12 +44,22 @@ static void decapsulate_1d(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_ind_cca_decapsulate_c4(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_1d(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -74,6 +87,13 @@ static void decapsulate_unpacked_50( libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { @@ -106,6 +126,13 @@ static tuple_ec encapsulate_72( return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); } +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { @@ -115,6 +142,9 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( return encapsulate_72(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -143,6 +173,14 @@ static tuple_ec encapsulate_unpacked_14( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e(uu____0, uu____1); } +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { @@ -153,6 +191,9 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( return encapsulate_unpacked_14(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -171,6 +212,9 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_27( return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); } +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -178,6 +222,9 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_27(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -197,6 +244,9 @@ generate_keypair_unpacked_2c(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uu____0); } +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -205,6 +255,9 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( return generate_keypair_unpacked_2c(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -217,6 +270,11 @@ static bool validate_public_key_57(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 584ff9e81..e347d189e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem512_avx2_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index a14d6bc00..7ace12866 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "libcrux_mlkem512_portable.h" #include "internal/libcrux_mlkem_portable.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -41,12 +44,22 @@ static void decapsulate_be0( libcrux_ml_kem_ind_cca_decapsulate_4f0(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_be0(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -74,6 +87,13 @@ static void decapsulate_unpacked_06( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { @@ -106,6 +126,13 @@ static tuple_ec encapsulate_f3( return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); } +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { @@ -115,6 +142,9 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( return encapsulate_f3(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -143,6 +173,14 @@ static tuple_ec encapsulate_unpacked_01( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_310(uu____0, uu____1); } +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { @@ -153,6 +191,9 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( return encapsulate_unpacked_01(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -172,6 +213,9 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_df( return libcrux_ml_kem_ind_cca_generate_keypair_c21(uu____0); } +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -179,6 +223,9 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_df(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -198,6 +245,9 @@ generate_keypair_unpacked_c0(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uu____0); } +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -206,6 +256,9 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( return generate_keypair_unpacked_c0(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -218,6 +271,11 @@ static bool validate_public_key_e10(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_350(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 08df65733..8d065f1d8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem512_portable_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index d3208577f..f39c8d40c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index eb821bdb0..97c57c897 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "libcrux_mlkem768_avx2.h" #include "internal/libcrux_mlkem_avx2.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -41,12 +44,22 @@ static void decapsulate_15( libcrux_ml_kem_ind_cca_decapsulate_c41(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_15(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -74,6 +87,13 @@ static void decapsulate_unpacked_e1( libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -106,6 +126,13 @@ static tuple_3c encapsulate_54( return libcrux_ml_kem_ind_cca_encapsulate_821(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -115,6 +142,9 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( return encapsulate_54(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -143,6 +173,14 @@ static tuple_3c encapsulate_unpacked_94( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { @@ -153,6 +191,9 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( return encapsulate_unpacked_94(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -171,6 +212,9 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_e4( return libcrux_ml_kem_ind_cca_generate_keypair_c23(uu____0); } +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -178,6 +222,9 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_e4(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -197,6 +244,9 @@ generate_keypair_unpacked_35(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uu____0); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -205,6 +255,9 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( return generate_keypair_unpacked_35(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -217,6 +270,11 @@ static bool validate_public_key_571(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf1(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 74e2de796..fc58e53f4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem768_avx2_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index af58efd18..7556cb943 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "libcrux_mlkem768_portable.h" #include "internal/libcrux_mlkem_portable.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -41,12 +44,22 @@ static void decapsulate_be( libcrux_ml_kem_ind_cca_decapsulate_4f(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_be(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -74,6 +87,13 @@ static void decapsulate_unpacked_d4( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -106,6 +126,13 @@ static tuple_3c encapsulate_13( return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -115,6 +142,9 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( return encapsulate_13(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -143,6 +173,14 @@ static tuple_3c encapsulate_unpacked_1b( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_31(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { @@ -153,6 +191,9 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( return encapsulate_unpacked_1b(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -172,6 +213,9 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); } +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -179,6 +223,9 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_ff(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -198,6 +245,9 @@ generate_keypair_unpacked_37(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uu____0); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -206,6 +256,9 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( return generate_keypair_unpacked_37(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -218,6 +271,11 @@ static bool validate_public_key_e1(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index ea8485ac0..52536a0cf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem768_portable_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index fe9ab1671..d454d6b36 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "internal/libcrux_mlkem_avx2.h" @@ -35,8 +35,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_zero(void) { +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { return libcrux_intrinsics_avx2_mm256_setzero_si256(); } @@ -44,11 +43,11 @@ libcrux_ml_kem_vector_avx2_zero(void) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { +__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { return libcrux_ml_kem_vector_avx2_zero(); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); } @@ -57,13 +56,12 @@ libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( - Eurydice_slice array) { +__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { return libcrux_ml_kem_vector_avx2_from_i16_array(array); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( - core_core_arch_x86___m256i v, int16_t ret[16U]) { +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, + int16_t ret[16U]) { int16_t output[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); @@ -74,14 +72,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, - int16_t ret[16U]) { +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]) { libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, + __m256i rhs) { return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); } @@ -89,14 +85,12 @@ libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { +__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, + __m256i rhs) { return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); } @@ -104,14 +98,13 @@ libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { +__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, + int16_t constant) { return libcrux_intrinsics_avx2_mm256_mullo_epi16( vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); } @@ -120,14 +113,14 @@ libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - core_core_arch_x86___m256i v, int16_t c) { +__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, + int16_t c) { return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant) { + __m256i vector, int16_t constant) { return libcrux_intrinsics_avx2_mm256_and_si256( vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); } @@ -136,25 +129,21 @@ libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { +__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( vector, constant); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i v_minus_field_modulus = +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i v_minus_field_modulus = libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); - core_core_arch_x86___m256i conditional_add_field_modulus = + __m256i sign_mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, __m256i); + __m256i conditional_add_field_modulus = libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); @@ -164,23 +153,24 @@ libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector) { +__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { + __m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( vector, libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + __m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i quotient_times_field_modulus = + __m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, __m256i); + __m256i quotient_times_field_modulus = libcrux_intrinsics_avx2_mm256_mullo_epi16( quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); @@ -192,28 +182,25 @@ libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector) { +__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i constant0 = - libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i value_low = + __m256i vector, int16_t constant) { + __m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } @@ -222,95 +209,81 @@ libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { +__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( vector, constant); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)2); - core_core_arch_x86___m256i field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)4); - core_core_arch_x86___m256i shifted = + __m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)2); + __m256i field_modulus_quartered = libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)4); + __m256i shifted = libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, shifted, core_core_arch_x86___m256i); - core_core_arch_x86___m256i shifted_to_positive = + __m256i mask = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, shifted, __m256i); + __m256i shifted_to_positive = libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i shifted_to_positive_in_range = + __m256i shifted_to_positive_in_range = libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, field_modulus_quartered); return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); + (int32_t)15, shifted_to_positive_in_range, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( - core_core_arch_x86___m256i vector) { +__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( vector); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - core_core_arch_x86___m256i prod02 = - libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, - core_core_arch_x86___m256i)); +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + __m256i lhs, __m256i rhs) { + __m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + __m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, __m256i), + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, __m256i)); return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i v, __m256i c) { + __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, __m256i); + __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); + __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, __m256i); return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); } @@ -318,26 +291,27 @@ libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + __m256i vector, int16_t zeta0, int16_t zeta1) { + __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)238, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)238, + vector, __m256i); + __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)68, vector, core_core_arch_x86___m256i); + __m256i lhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)68, vector, __m256i); return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); } @@ -345,292 +319,255 @@ libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); } -KRML_MUSTINLINE core_core_arch_x86___m128i +KRML_MUSTINLINE __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { - core_core_arch_x86___m128i value_low = - libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + __m128i v, __m128i c) { + __m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + __m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = - libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + __m128i k_times_modulus = libcrux_intrinsics_avx2_mm_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs0 = +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) { + __m128i rhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m128i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i combined = + __m128i lhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + __m256i combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); + (int32_t)1, combined, upper_coefficients, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, __m256i); + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, __m256i); + __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( rhs, libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1)); - core_core_arch_x86___m256i sum0 = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = + __m256i sum0 = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( sum0, libcrux_intrinsics_avx2_mm256_set_epi16( zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - core_core_arch_x86___m256i sum = - libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); + __m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)204, sum, + sum_times_zetas, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( vector, zeta0, zeta1, zeta2, zeta3); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + __m256i vector, int16_t zeta0, int16_t zeta1) { + __m256i lhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, __m256i); + __m256i rhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, __m256i); + __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( rhs, libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1)); - core_core_arch_x86___m256i sum = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = + __m256i sum = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( sum, libcrux_intrinsics_avx2_mm256_set_epi16( zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)240, sum, + sum_times_zetas, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients0 = +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + __m256i vector, int16_t zeta) { + __m128i lhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m128i rhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + __m128i upper_coefficients0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i combined = + __m256i combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); + (int32_t)1, combined, upper_coefficients0, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v) { - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( v, libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i result = + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, __m256i); + __m256i result = libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, result, core_core_arch_x86___m256i); + __m256i result0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, result, __m256i); return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - core_core_arch_x86___m256i); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - core_core_arch_x86___m256i lhs_shuffled = + __m256i); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i shuffle_with = libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + __m256i lhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lhs_evens = + __m256i lhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, __m256i); + __m128i lhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i lhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i rhs_shuffled = + __m256i lhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + __m128i lhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, __m128i); + __m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + __m256i rhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i rhs_evens = + __m256i rhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, __m256i); + __m128i rhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i rhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i left = + __m256i rhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + __m128i rhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, __m128i); + __m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + __m256i left = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i right = + __m256i right = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i right0 = + __m256i right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + __m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( right0, libcrux_intrinsics_avx2_mm256_set_epi32( -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - core_core_arch_x86___m256i products_left = - libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i products_left0 = + __m256i products_left = libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + __m256i products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_left); - core_core_arch_x86___m256i rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - rhs, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, - (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, - (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, - (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, - (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, - (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - core_core_arch_x86___m256i products_right = + __m256i rhs_adjacent_swapped = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + rhs, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, + (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, + (int8_t)1, (int8_t)0, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, + (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, + (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + __m256i products_right = libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i products_right0 = + __m256i products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_right); - core_core_arch_x86___m256i products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, - core_core_arch_x86___m256i); + __m256i products_right1 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, products_right0, __m256i); return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, - core_core_arch_x86___m256i); + products_right1, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { +__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, zeta1, zeta2, zeta3); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - core_core_arch_x86___m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i low_msbs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = - libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + __m256i vector, uint8_t ret[2U]) { + __m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, __m256i); + __m128i low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + __m128i high_msbs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, __m128i); + __m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); uint8_t serialized[2U] = {0U}; serialized[0U] = (uint8_t)bits_packed; @@ -642,100 +579,88 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { +void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, + uint8_t ret[2U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, - (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, - (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, - (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, - (int16_t)-32768); - core_core_arch_x86___m256i coefficients_in_msb = + __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + __m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); + __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, + coefficients_in_msb, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + __m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)4, (int32_t)0)); - core_core_arch_x86___m128i combined0 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0)); + __m256i combined = libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + adjacent_8_combined, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); + __m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), combined0); @@ -754,61 +679,55 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { +void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, + uint8_t ret[8U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, - core_core_arch_x86___m256i); + __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients, shift_lsbs_to_msbs); + __m256i coefficients_in_lsb = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)4, coefficients_in_msb, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 4U) - (int16_t)1)); @@ -818,52 +737,43 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + __m256i vector, uint8_t ret[10U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lower_8 = + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)22, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, __m256i); + __m256i adjacent_8_combined0 = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)12)); + __m256i adjacent_8_combined1 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, __m256i); + __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice), lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, Eurydice_slice), @@ -883,14 +793,14 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { +void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, + uint8_t ret[10U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + __m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), @@ -907,85 +817,73 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i coefficients_loaded = + __m256i coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, - (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, - (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); + __m256i coefficients_loaded0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, __m256i); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + coefficients_loaded0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, (int8_t)8, + (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, (int8_t)4, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, (int8_t)2, + (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - core_core_arch_x86___m256i); + __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + __m256i vector, uint8_t ret[20U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, + (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice), lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, Eurydice_slice), @@ -1005,49 +903,40 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { +void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, + uint8_t ret[20U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, - (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, - (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i lower_coefficients = + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, - 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, + 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, - 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - core_core_arch_x86___m256i coefficients = + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, + 9U, 8U, 8U, 7U, 7U, 6U)); + __m256i coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, - core_core_arch_x86___m256i); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, __m256i); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)6, coefficients1, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 10U) - (int16_t)1)); @@ -1057,13 +946,12 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + __m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), @@ -1080,12 +968,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { +void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, + uint8_t ret[22U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { libcrux_ml_kem_vector_portable_vector_type_PortableVector output = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); @@ -1099,47 +987,39 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + __m256i vector, uint8_t ret[24U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, - (int32_t)8, (int32_t)0, (int32_t)8)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)8, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, (int8_t)12, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice), @@ -1163,49 +1043,40 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { +void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, + uint8_t ret[24U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i lower_coefficients = + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, - 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, + 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, - 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - core_core_arch_x86___m256i coefficients = + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, + 10U, 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + __m256i coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, - core_core_arch_x86___m256i); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, __m256i); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)4, coefficients1, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 12U) - (int16_t)1)); @@ -1215,19 +1086,17 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); } KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( Eurydice_slice input, Eurydice_slice output) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i potential_coefficients = + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i compare_with_field_modulus = + __m256i compare_with_field_modulus = libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, potential_coefficients); uint8_t good[2U]; @@ -1238,14 +1107,13 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i lower_shuffles0 = + __m128i lower_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients = + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, lower_shuffles0); libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); uint8_t upper_shuffles[16U]; @@ -1253,15 +1121,13 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i upper_shuffles0 = + __m128i upper_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, __m128i); + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, upper_shuffles0); libcrux_intrinsics_avx2_mm_storeu_si128( Eurydice_slice_subslice2(output, sampled_count, sampled_count + (size_t)8U, int16_t, @@ -1284,8 +1150,7 @@ size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} */ -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self) { +inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { return self[0U]; } @@ -1320,6 +1185,12 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { return lit; } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -1337,14 +1208,19 @@ deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); } return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -1382,10 +1258,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -shift_right_98(core_core_arch_x86___m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i shift_right_98(__m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } /** @@ -1397,8 +1271,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static core_core_arch_x86___m256i shift_right_ea_92( - core_core_arch_x86___m256i vector) { +static __m256i shift_right_ea_92(__m256i vector) { return shift_right_98(vector); } @@ -1408,12 +1281,10 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i to_unsigned_representative_a4( - core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = shift_right_ea_92(a); - core_core_arch_x86___m256i fm = - libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); +static __m256i to_unsigned_representative_a4(__m256i a) { + __m256i t = shift_right_ea_92(a); + __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); } @@ -1429,8 +1300,7 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative_a4(re->coefficients[i0]); + __m256i coefficient = to_unsigned_representative_a4(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1444,6 +1314,9 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1479,6 +1352,9 @@ static KRML_MUSTINLINE void serialize_secret_key_ae1( memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1650,6 +1526,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d1( shake128_squeeze_three_blocks_6b1(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -1733,6 +1650,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a1( shake128_squeeze_block_1b1(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -1958,6 +1916,55 @@ static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], PRFxN_1c2(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -2073,9 +2080,8 @@ static KRML_MUSTINLINE void ntt_at_layer_7_45( size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - re->coefficients[j + step], (int16_t)-1600); + __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + re->coefficients[j + step], (int16_t)-1600); re->coefficients[j + step] = libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); re->coefficients[j] = @@ -2084,8 +2090,8 @@ static KRML_MUSTINLINE void ntt_at_layer_7_45( } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; + __m256i fst; + __m256i snd; } libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; /** @@ -2094,8 +2100,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i montgomery_multiply_fe_9d( - core_core_arch_x86___m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_9d(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -2106,9 +2111,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, int16_t zeta_r) { - core_core_arch_x86___m256i t = montgomery_multiply_fe_9d(b, zeta_r); +ntt_layer_int_vec_step_f4(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_9d(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -2137,8 +2141,8 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_65( ntt_layer_int_vec_step_f4( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -2242,6 +2246,10 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b5( poly_barrett_reduce_89_99(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2266,13 +2274,11 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; PRFxN_a9_512(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; memcpy( uu____2, re_as_ntt, @@ -2285,6 +2291,33 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( return lit; } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2319,6 +2352,10 @@ ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2333,11 +2370,10 @@ static KRML_MUSTINLINE void add_to_ring_element_89_971( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, + Eurydice_slice), + __m256i, size_t); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -2351,8 +2387,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i to_standard_domain_42( - core_core_arch_x86___m256i v) { +static __m256i to_standard_domain_42(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -2373,7 +2408,7 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = to_standard_domain_42(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, @@ -2381,6 +2416,9 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2427,6 +2465,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2534,11 +2613,10 @@ with const generics static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_48( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - core_core_arch_x86___m256i ret[16U]; + __m256i ret[16U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * sizeof(core_core_arch_x86___m256i)); + (size_t)16U, self->coefficients, ret, __m256i, void *); + memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); return lit; } @@ -2665,6 +2743,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -2720,6 +2801,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_751( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2766,6 +2855,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_4c0(uu____3)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2904,11 +2996,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_df(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i a_minus_b = - libcrux_ml_kem_vector_avx2_sub_ea(b, &a); +inv_ntt_layer_int_vec_step_reduce_df(__m256i a, __m256i b, int16_t zeta_r) { + __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); b = montgomery_multiply_fe_9d(a_minus_b, zeta_r); @@ -2940,8 +3029,8 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_a2( inv_ntt_layer_int_vec_step_reduce_df( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -2984,7 +3073,7 @@ static KRML_MUSTINLINE void add_error_reduce_89_91( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( self->coefficients[j], (int16_t)1441); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( @@ -2993,6 +3082,9 @@ static KRML_MUSTINLINE void add_error_reduce_89_91( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3045,8 +3137,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i decompress_1_91( - core_core_arch_x86___m256i v) { +static __m256i decompress_1_91(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3064,7 +3155,7 @@ deserialize_then_decompress_message_b9(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient_compressed = + __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_deserialize_1_ea( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, @@ -3091,12 +3182,12 @@ add_message_error_reduce_89_67( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( result.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &message->coefficients[i0]); - core_core_arch_x86___m256i tmp0 = + __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea(self->coefficients[i0], + &message->coefficients[i0]); + __m256i tmp0 = libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); result.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); @@ -3104,6 +3195,9 @@ add_message_error_reduce_89_67( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3132,61 +3226,49 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 10 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_8a(__m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)10, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)10, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -3198,8 +3280,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i compress_ea_80( - core_core_arch_x86___m256i vector) { +static __m256i compress_ea_80(__m256i vector) { return compress_ciphertext_coefficient_8a(vector); } @@ -3215,7 +3296,7 @@ static KRML_MUSTINLINE void compress_then_serialize_10_2f( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = + __m256i coefficient = compress_ea_80(to_unsigned_representative_a4(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); @@ -3236,61 +3317,49 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 11 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a0(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_8a0(__m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)11, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)11, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -3302,8 +3371,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i compress_ea_800( - core_core_arch_x86___m256i vector) { +static __m256i compress_ea_800(__m256i vector) { return compress_ciphertext_coefficient_8a0(vector); } @@ -3321,6 +3389,9 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b2( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3362,61 +3433,49 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 4 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a1(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_8a1(__m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)4, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)4, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -3428,8 +3487,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i compress_ea_801( - core_core_arch_x86___m256i vector) { +static __m256i compress_ea_801(__m256i vector) { return compress_ciphertext_coefficient_8a1(vector); } @@ -3445,7 +3503,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_b7( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = + __m256i coefficient = compress_ea_801(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); @@ -3464,61 +3522,49 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 5 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a2(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_8a2(__m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)5, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)5, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -3530,8 +3576,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i compress_ea_802( - core_core_arch_x86___m256i vector) { +static __m256i compress_ea_802(__m256i vector) { return compress_ciphertext_coefficient_8a2(vector); } @@ -3547,7 +3592,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_35( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficients = + __m256i coefficients = compress_ea_802(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); @@ -3572,6 +3617,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_39( compress_then_serialize_4_b7(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3728,6 +3814,12 @@ static KRML_MUSTINLINE void entropy_preprocess_af_e21(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -3924,58 +4016,44 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 10 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_55(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i coefficients_low = +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_55(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)10); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)10, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)10, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -3988,8 +4066,7 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d( - core_core_arch_x86___m256i vector) { +static __m256i decompress_ciphertext_coefficient_ea_1d(__m256i vector) { return decompress_ciphertext_coefficient_55(vector); } @@ -4010,8 +4087,7 @@ deserialize_then_decompress_10_a7(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d(coefficient); } return re; @@ -4023,58 +4099,44 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 11 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_550(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i coefficients_low = +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_550(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)11); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)11, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)11, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -4087,8 +4149,7 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d0( - core_core_arch_x86___m256i vector) { +static __m256i decompress_ciphertext_coefficient_ea_1d0(__m256i vector) { return decompress_ciphertext_coefficient_550(vector); } @@ -4109,8 +4170,7 @@ deserialize_then_decompress_11_8d(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d0(coefficient); } return re; @@ -4146,6 +4206,10 @@ static KRML_MUSTINLINE void ntt_vector_u_fe( poly_barrett_reduce_89_99(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4178,9 +4242,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b51( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_10(u_bytes); - u_as_ntt[i0] = uu____0; + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_10(u_bytes); ntt_vector_u_fe(&u_as_ntt[i0]); } memcpy( @@ -4194,58 +4256,44 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 4 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_551(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i coefficients_low = +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_551(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)4); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)4, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)4, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -4258,8 +4306,7 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d1( - core_core_arch_x86___m256i vector) { +static __m256i decompress_ciphertext_coefficient_ea_1d1(__m256i vector) { return decompress_ciphertext_coefficient_551(vector); } @@ -4279,8 +4326,7 @@ deserialize_then_decompress_4_9a(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d1(coefficient); } return re; @@ -4292,58 +4338,44 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 5 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_552(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i coefficients_low = +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_552(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)5); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)5, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)5, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -4356,8 +4388,7 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d2( - core_core_arch_x86___m256i vector) { +static __m256i decompress_ciphertext_coefficient_ea_1d2(__m256i vector) { return decompress_ciphertext_coefficient_552(vector); } @@ -4412,7 +4443,7 @@ subtract_reduce_89_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( b.coefficients[i0], (int16_t)1441); b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( @@ -4422,6 +4453,12 @@ subtract_reduce_89_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4454,9 +4491,8 @@ static KRML_MUSTINLINE void compress_then_serialize_message_ec( uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative_a4(re.coefficients[i0]); - core_core_arch_x86___m256i coefficient_compressed = + __m256i coefficient = to_unsigned_representative_a4(re.coefficients[i0]); + __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); @@ -4470,6 +4506,30 @@ static KRML_MUSTINLINE void compress_then_serialize_message_ec( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4630,6 +4690,9 @@ deserialize_to_uncompressed_ring_element_63(Eurydice_slice serialized) { return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4786,6 +4849,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_c41( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4818,6 +4887,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4853,6 +4925,9 @@ static KRML_MUSTINLINE void serialize_secret_key_ae0( memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5027,6 +5102,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d0( shake128_squeeze_three_blocks_6b0(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5113,6 +5229,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a0( shake128_squeeze_block_1b0(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5317,6 +5474,10 @@ static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], PRFxN_1c1(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5341,13 +5502,11 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; PRFxN_a9_511(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; memcpy( uu____2, re_as_ntt, @@ -5360,6 +5519,10 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -5374,11 +5537,10 @@ static KRML_MUSTINLINE void add_to_ring_element_89_970( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, + Eurydice_slice), + __m256i, size_t); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -5386,6 +5548,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_970( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5432,6 +5597,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5649,6 +5855,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -5704,6 +5913,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_750( memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5750,6 +5967,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_4c1(uu____3)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5827,6 +6047,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_570( poly_barrett_reduce_89_99(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5873,6 +6096,9 @@ static KRML_MUSTINLINE void compute_vector_u_000( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5907,7 +6133,7 @@ static KRML_MUSTINLINE void compress_then_serialize_11_d10( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = + __m256i coefficient = compress_ea_800(to_unsigned_representative_a4(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); @@ -5936,6 +6162,9 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b20( memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5983,6 +6212,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_390( compress_then_serialize_5_35(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -6140,6 +6410,12 @@ static KRML_MUSTINLINE void entropy_preprocess_af_e20(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6360,6 +6636,10 @@ static KRML_MUSTINLINE void ntt_vector_u_fe0( poly_barrett_reduce_89_99(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6392,9 +6672,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b50( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_100(u_bytes); - u_as_ntt[i0] = uu____0; + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_100(u_bytes); ntt_vector_u_fe0(&u_as_ntt[i0]); } memcpy( @@ -6413,6 +6691,12 @@ deserialize_then_decompress_ring_element_v_5b0(Eurydice_slice serialized) { return deserialize_then_decompress_5_75(serialized); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6434,6 +6718,30 @@ compute_message_220( return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6560,6 +6868,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6717,6 +7028,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_c40( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6749,6 +7066,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6784,6 +7104,9 @@ static KRML_MUSTINLINE void serialize_secret_key_ae( memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6951,6 +7274,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d( shake128_squeeze_three_blocks_6b(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7031,6 +7395,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a( shake128_squeeze_block_1b(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7240,6 +7645,10 @@ sample_from_binomial_distribution_47(Eurydice_slice randomness) { return sample_from_binomial_distribution_3_43(randomness); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7264,13 +7673,11 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; PRFxN_a9_51(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_47(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; memcpy( uu____2, re_as_ntt, @@ -7283,6 +7690,10 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -7297,11 +7708,10 @@ static KRML_MUSTINLINE void add_to_ring_element_89_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, + Eurydice_slice), + __m256i, size_t); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -7309,6 +7719,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_97( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7355,6 +7768,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7572,6 +8026,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -7627,6 +8084,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_75( memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7719,6 +8184,9 @@ static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], PRFxN_1c0(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7796,6 +8264,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_57( poly_barrett_reduce_89_99(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7842,6 +8313,9 @@ static KRML_MUSTINLINE void compute_vector_u_00( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7864,6 +8338,9 @@ compute_ring_element_v_71( return result; } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7899,6 +8376,47 @@ static void compress_then_serialize_u_84( } } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -8055,6 +8573,12 @@ static KRML_MUSTINLINE void entropy_preprocess_af_e2(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -8245,6 +8769,10 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( return lit; } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8277,9 +8805,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b5( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_10(u_bytes); - u_as_ntt[i0] = uu____0; + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_10(u_bytes); ntt_vector_u_fe(&u_as_ntt[i0]); } memcpy( @@ -8287,6 +8813,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b5( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8308,6 +8840,30 @@ compute_message_22( return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8433,6 +8989,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index a43dc2228..0c5c9ed7a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem_avx2_H @@ -30,335 +30,311 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); +__m256i libcrux_ml_kem_vector_avx2_zero(void); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); +__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( - Eurydice_slice array); +__m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( - Eurydice_slice array); +__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array); -void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, - int16_t ret[16U]); +void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, int16_t ret[16U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, - int16_t ret[16U]); +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); +__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); +__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + __m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - core_core_arch_x86___m256i v, int16_t c); +__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, + int16_t c); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + __m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + __m256i vector, int16_t constant); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + __m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector); #define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ ((int16_t)20159) -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector); +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ +__m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + __m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + __m256i vector, int16_t constant); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + __m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); +__m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, + __m256i rhs); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + __m256i v, __m256i c); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(__m256i vector, + int16_t zeta0, + int16_t zeta1); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1); -core_core_arch_x86___m128i +__m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); + __m128i v, __m128i c); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, + int16_t zeta); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector, + int16_t zeta0, + int16_t zeta1); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(__m256i vector, + int16_t zeta); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(__m256i lhs, __m256i rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, + int16_t zeta3); -void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_1(__m256i vector, + uint8_t ret[2U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); +void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, uint8_t ret[2U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_4(__m256i vector, + uint8_t ret[8U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); +void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, uint8_t ret[8U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_5(__m256i vector, + uint8_t ret[10U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); +void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, + uint8_t ret[10U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_10(__m256i vector, + uint8_t ret[20U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); +void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, + uint8_t ret[20U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_11(__m256i vector, + uint8_t ret[22U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); +void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, + uint8_t ret[22U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_12(__m256i vector, + uint8_t ret[24U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); +void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, + uint8_t ret[24U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes); size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( Eurydice_slice input, Eurydice_slice output); @@ -374,8 +350,7 @@ size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self); +__m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self); /** A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement @@ -383,7 +358,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector */ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - core_core_arch_x86___m256i coefficients[16U]; + __m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2; /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 751ef2e27..f032daea7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index f82784d70..24f4c33dd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 507d406be..25d2df9e0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "internal/libcrux_mlkem_portable.h" @@ -1018,6 +1018,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { int32_t t = (int32_t)value * @@ -1053,6 +1066,20 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { int32_t k = @@ -1071,6 +1098,17 @@ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( return value_high - c; } +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { @@ -1102,6 +1140,28 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, r); } +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { int16_t shifted = (int16_t)1664 - (int16_t)fe; @@ -1374,6 +1434,28 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, @@ -2254,6 +2336,12 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { return lit; } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -2280,6 +2368,12 @@ deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -2385,6 +2479,9 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2420,6 +2517,9 @@ static KRML_MUSTINLINE void serialize_secret_key_f81( memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2597,6 +2697,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e1( shake128_squeeze_three_blocks_101(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2669,6 +2810,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_f1_c11( shake128_squeeze_block_ed1(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2882,6 +3064,55 @@ static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], PRFxN_1d2(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -3000,9 +3231,8 @@ static KRML_MUSTINLINE void ntt_at_layer_7_13( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[j + step] = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -3107,13 +3337,13 @@ static KRML_MUSTINLINE void ntt_at_layer_2_7b( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } /** @@ -3127,7 +3357,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_4f( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3137,7 +3367,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_4f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } /** @@ -3181,6 +3411,10 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_88( poly_barrett_reduce_89_2c(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3206,13 +3440,11 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; PRFxN_f1_892(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; memcpy( uu____2, re_as_ntt, @@ -3225,6 +3457,33 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( return lit; } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3261,6 +3520,10 @@ ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3330,6 +3593,9 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_99( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3376,6 +3642,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3620,6 +3927,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] @@ -3675,6 +3985,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f2( memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3722,6 +4040,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_4c1(uu____3)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3804,7 +4125,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3814,7 +4135,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } /** @@ -3828,13 +4149,13 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_2_a6( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } /** @@ -3957,6 +4278,9 @@ static KRML_MUSTINLINE void add_error_reduce_89_08( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4074,6 +4398,9 @@ add_message_error_reduce_89_8b( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4201,6 +4528,9 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f0( memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4362,6 +4692,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_310( compress_then_serialize_5_a3(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4521,6 +4892,12 @@ static KRML_MUSTINLINE void entropy_preprocess_af_44(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4868,6 +5245,10 @@ static KRML_MUSTINLINE void ntt_vector_u_ed0( poly_barrett_reduce_89_2c(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4900,9 +5281,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_890(u_bytes); - u_as_ntt[i0] = uu____0; + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_890(u_bytes); ntt_vector_u_ed0(&u_as_ntt[i0]); } memcpy( @@ -5026,9 +5405,8 @@ deserialize_then_decompress_5_53(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); - re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); re.coefficients[i0] = uu____1; @@ -5076,6 +5454,12 @@ subtract_reduce_89_7d(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5125,6 +5509,30 @@ static KRML_MUSTINLINE void compress_then_serialize_message_3a( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5289,6 +5697,9 @@ deserialize_to_uncompressed_ring_element_05(Eurydice_slice serialized) { return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5446,6 +5857,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -5478,6 +5895,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5513,6 +5933,9 @@ static KRML_MUSTINLINE void serialize_secret_key_f80( memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5689,6 +6112,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e0( shake128_squeeze_three_blocks_100(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5761,6 +6225,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_f1_c10( shake128_squeeze_block_ed0(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5959,6 +6464,10 @@ sample_from_binomial_distribution_660(Eurydice_slice randomness) { return sample_from_binomial_distribution_3_85(randomness); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5984,13 +6493,11 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; PRFxN_f1_890(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_660(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_660( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, re_as_ntt, @@ -6003,6 +6510,10 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -6033,6 +6544,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_930( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6079,6 +6593,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6300,6 +6855,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] @@ -6355,6 +6913,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_41( memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6435,6 +7001,9 @@ static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], PRFxN_1d1(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6513,6 +7082,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_860( poly_barrett_reduce_89_2c(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6559,6 +7131,9 @@ static KRML_MUSTINLINE void compute_vector_u_a10( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6622,6 +7197,9 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6669,6 +7247,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_31( compress_then_serialize_4_e5(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6827,6 +7446,12 @@ static KRML_MUSTINLINE void entropy_preprocess_af_5d(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7048,6 +7673,10 @@ static KRML_MUSTINLINE void ntt_vector_u_ed( poly_barrett_reduce_89_2c(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7080,9 +7709,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_89(u_bytes); - u_as_ntt[i0] = uu____0; + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_89(u_bytes); ntt_vector_u_ed(&u_as_ntt[i0]); } memcpy( @@ -7101,6 +7728,12 @@ deserialize_then_decompress_ring_element_v_30(Eurydice_slice serialized) { return deserialize_then_decompress_4_34(serialized); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7122,6 +7755,30 @@ compute_message_cb0( return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7248,6 +7905,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7404,6 +8064,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7436,6 +8102,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7471,6 +8140,9 @@ static KRML_MUSTINLINE void serialize_secret_key_f8( memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7648,6 +8320,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e( shake128_squeeze_three_blocks_10(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7720,6 +8433,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_f1_c1( shake128_squeeze_block_ed(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7907,6 +8661,10 @@ static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], PRFxN_1d(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -7932,13 +8690,11 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; PRFxN_f1_89(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, @@ -7951,6 +8707,10 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -7981,6 +8741,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_93( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8027,6 +8790,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8248,6 +9052,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -8303,6 +9110,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_a8( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8350,6 +9165,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_4c0(uu____3)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8428,6 +9246,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_86( poly_barrett_reduce_89_2c(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8474,6 +9295,9 @@ static KRML_MUSTINLINE void compute_vector_u_a1( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8496,6 +9320,9 @@ compute_ring_element_v_1f( return result; } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8531,6 +9358,47 @@ static void compress_then_serialize_u_24( } } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8689,6 +9557,12 @@ static KRML_MUSTINLINE void entropy_preprocess_af_6c(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -8880,6 +9754,10 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( return lit; } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8912,9 +9790,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_89(u_bytes); - u_as_ntt[i0] = uu____0; + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_89(u_bytes); ntt_vector_u_ed(&u_as_ntt[i0]); } memcpy( @@ -8922,6 +9798,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8943,6 +9825,30 @@ compute_message_cb( return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9069,6 +9975,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 22c73c92b..0088ab487 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem_portable_H @@ -205,6 +205,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value); @@ -226,9 +239,34 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value); +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer); @@ -244,6 +282,28 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r); +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe); @@ -353,6 +413,28 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index bdbc91b3d..a0797a0ce 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_sha3_H @@ -22,6 +22,9 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3_internal.h" +/** + A portable SHA3 512 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -29,6 +32,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a(buf0, buf); } +/** + A portable SHA3 256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -36,6 +42,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a0(buf0, buf); } +/** + A portable SHAKE256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -43,6 +52,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } +/** + A portable SHA3 224 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -50,6 +62,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a2(buf0, buf); } +/** + A portable SHA3 384 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -57,11 +72,20 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a3(buf0, buf); } +/** + SHA3 224 + + Preconditions: + - `digest.len() == 28` +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } +/** + SHA3 224 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; @@ -70,11 +94,17 @@ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -83,11 +113,17 @@ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; @@ -96,11 +132,17 @@ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; @@ -109,6 +151,9 @@ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +/** + A portable SHAKE128 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -116,11 +161,21 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( libcrux_sha3_portable_keccakx1_2a4(buf0, buf); } +/** + SHAKE 128 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } +/** + SHAKE 256 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 29b305e5e..fb89c890d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "internal/libcrux_sha3_avx2.h" @@ -19,18 +19,15 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i zero_ef(void) { +static KRML_MUSTINLINE __m256i zero_ef(void) { return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_veor5q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); +static KRML_MUSTINLINE __m256i _veor5q_u64(__m256i a, __m256i b, __m256i c, + __m256i d, __m256i e) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + __m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); } @@ -38,10 +35,8 @@ _veor5q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor5_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { +static KRML_MUSTINLINE __m256i xor5_ef(__m256i a, __m256i b, __m256i c, + __m256i d, __m256i e) { return _veor5q_u64(a, b, c, d, e); } @@ -51,18 +46,14 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_58(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_58(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, __m256i)); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; +static KRML_MUSTINLINE __m256i _vrax1q_u64(__m256i a, __m256i b) { + __m256i uu____0 = a; return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); } @@ -70,14 +61,11 @@ _vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i rotate_left1_and_xor_ef( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i rotate_left1_and_xor_ef(__m256i a, __m256i b) { return _vrax1q_u64(a, b); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vbcaxq_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { +static KRML_MUSTINLINE __m256i _vbcaxq_u64(__m256i a, __m256i b, __m256i c) { return libcrux_intrinsics_avx2_mm256_xor_si256( a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); } @@ -86,16 +74,12 @@ _vbcaxq_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -and_not_xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { +static KRML_MUSTINLINE __m256i and_not_xor_ef(__m256i a, __m256i b, __m256i c) { return _vbcaxq_u64(a, b, c); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); +static KRML_MUSTINLINE __m256i _veorq_n_u64(__m256i a, uint64_t c) { + __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); } @@ -103,8 +87,7 @@ _veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { +static KRML_MUSTINLINE __m256i xor_constant_ef(__m256i a, uint64_t c) { return _veorq_n_u64(a, c); } @@ -112,8 +95,7 @@ xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_ef(__m256i a, __m256i b) { return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); } @@ -185,6 +167,9 @@ split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { return split_at_mut_4(a, mid); } +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -231,46 +216,38 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v00 = + __m256i v00 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = + __m256i v10 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = + __m256i v20 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = + __m256i v30 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, __m256i); + __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, __m256i); + __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, __m256i); + __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = libcrux_intrinsics_avx2_mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); @@ -324,7 +301,7 @@ static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; @@ -360,10 +337,9 @@ static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = @@ -381,9 +357,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void load_block_ef_6a( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; +static KRML_MUSTINLINE void load_block_ef_6a(__m256i (*a)[5U], + Eurydice_slice b[4U]) { + __m256i(*uu____0)[5U] = a; Eurydice_slice uu____1[4U]; memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); load_block_c7(uu____0, uu____1); @@ -395,13 +371,10 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_580(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_580(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, __m256i)); } /** @@ -410,9 +383,8 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c1(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c1(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_580(ab); } @@ -426,8 +398,7 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_17( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_17(__m256i a, __m256i b) { return _vxarq_u64_c1(a, b); } @@ -437,13 +408,10 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_581(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_581(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, __m256i)); } /** @@ -452,9 +420,8 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c10(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c10(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_581(ab); } @@ -468,8 +435,7 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_170( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_170(__m256i a, __m256i b) { return _vxarq_u64_c10(a, b); } @@ -479,13 +445,10 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_582(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_582(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, __m256i)); } /** @@ -494,9 +457,8 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c11(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c11(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_582(ab); } @@ -510,8 +472,7 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_171( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_171(__m256i a, __m256i b) { return _vxarq_u64_c11(a, b); } @@ -521,13 +482,10 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_583(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_583(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, __m256i)); } /** @@ -536,9 +494,8 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c12(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c12(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_583(ab); } @@ -552,8 +509,7 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_172( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_172(__m256i a, __m256i b) { return _vxarq_u64_c12(a, b); } @@ -563,9 +519,8 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c13(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_58(ab); } @@ -579,8 +534,7 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_173( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_173(__m256i a, __m256i b) { return _vxarq_u64_c13(a, b); } @@ -590,13 +544,10 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_584(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_584(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, __m256i)); } /** @@ -605,9 +556,8 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c14(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c14(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_584(ab); } @@ -621,8 +571,7 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_174( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_174(__m256i a, __m256i b) { return _vxarq_u64_c14(a, b); } @@ -632,13 +581,10 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_585(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_585(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, __m256i)); } /** @@ -647,9 +593,8 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c15(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c15(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_585(ab); } @@ -663,8 +608,7 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_175( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_175(__m256i a, __m256i b) { return _vxarq_u64_c15(a, b); } @@ -674,13 +618,10 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_586(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_586(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, __m256i)); } /** @@ -689,9 +630,8 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c16(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_586(ab); } @@ -705,8 +645,7 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_176( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_176(__m256i a, __m256i b) { return _vxarq_u64_c16(a, b); } @@ -716,13 +655,10 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_587(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_587(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, __m256i)); } /** @@ -731,9 +667,8 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c17(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c17(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_587(ab); } @@ -747,8 +682,7 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_177( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_177(__m256i a, __m256i b) { return _vxarq_u64_c17(a, b); } @@ -758,13 +692,10 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_588(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_588(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, __m256i)); } /** @@ -773,9 +704,8 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c18(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c18(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_588(ab); } @@ -789,8 +719,7 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_178( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_178(__m256i a, __m256i b) { return _vxarq_u64_c18(a, b); } @@ -800,13 +729,10 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_589(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_589(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, __m256i)); } /** @@ -815,9 +741,8 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c19(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c19(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_589(ab); } @@ -831,8 +756,7 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_179( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_179(__m256i a, __m256i b) { return _vxarq_u64_c19(a, b); } @@ -842,13 +766,10 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5810(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5810(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, __m256i)); } /** @@ -857,9 +778,8 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c110(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c110(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5810(ab); } @@ -873,8 +793,7 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1710( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1710(__m256i a, __m256i b) { return _vxarq_u64_c110(a, b); } @@ -884,13 +803,10 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5811(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5811(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, __m256i)); } /** @@ -899,9 +815,8 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c111(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c111(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5811(ab); } @@ -915,8 +830,7 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1711( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1711(__m256i a, __m256i b) { return _vxarq_u64_c111(a, b); } @@ -926,13 +840,10 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5812(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5812(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, __m256i)); } /** @@ -941,9 +852,8 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c112(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c112(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5812(ab); } @@ -957,8 +867,7 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1712( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1712(__m256i a, __m256i b) { return _vxarq_u64_c112(a, b); } @@ -968,13 +877,10 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5813(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5813(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, __m256i)); } /** @@ -983,9 +889,8 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c113(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c113(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5813(ab); } @@ -999,8 +904,7 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1713( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1713(__m256i a, __m256i b) { return _vxarq_u64_c113(a, b); } @@ -1010,13 +914,10 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5814(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5814(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, __m256i)); } /** @@ -1025,9 +926,8 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c114(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c114(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5814(ab); } @@ -1041,8 +941,7 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1714( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1714(__m256i a, __m256i b) { return _vxarq_u64_c114(a, b); } @@ -1052,13 +951,10 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5815(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5815(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, __m256i)); } /** @@ -1067,9 +963,8 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c115(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c115(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5815(ab); } @@ -1083,8 +978,7 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1715( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1715(__m256i a, __m256i b) { return _vxarq_u64_c115(a, b); } @@ -1094,13 +988,10 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5816(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5816(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, __m256i)); } /** @@ -1109,9 +1000,8 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c116(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c116(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5816(ab); } @@ -1125,8 +1015,7 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1716( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1716(__m256i a, __m256i b) { return _vxarq_u64_c116(a, b); } @@ -1136,13 +1025,10 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5817(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5817(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, __m256i)); } /** @@ -1151,9 +1037,8 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c117(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c117(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5817(ab); } @@ -1167,8 +1052,7 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1717( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1717(__m256i a, __m256i b) { return _vxarq_u64_c117(a, b); } @@ -1178,13 +1062,10 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5818(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5818(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, __m256i)); } /** @@ -1193,9 +1074,8 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c118(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c118(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5818(ab); } @@ -1209,8 +1089,7 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1718( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1718(__m256i a, __m256i b) { return _vxarq_u64_c118(a, b); } @@ -1220,13 +1099,10 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5819(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5819(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, __m256i)); } /** @@ -1235,9 +1111,8 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c119(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c119(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5819(ab); } @@ -1251,8 +1126,7 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1719( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1719(__m256i a, __m256i b) { return _vxarq_u64_c119(a, b); } @@ -1262,13 +1136,10 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5820(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5820(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, __m256i)); } /** @@ -1277,9 +1148,8 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c120(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c120(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5820(ab); } @@ -1293,8 +1163,7 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1720( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1720(__m256i a, __m256i b) { return _vxarq_u64_c120(a, b); } @@ -1304,13 +1173,10 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5821(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5821(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, __m256i)); } /** @@ -1319,9 +1185,8 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c121(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c121(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5821(ab); } @@ -1335,8 +1200,7 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1721( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1721(__m256i a, __m256i b) { return _vxarq_u64_c121(a, b); } @@ -1346,13 +1210,10 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5822(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5822(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, __m256i)); } /** @@ -1361,9 +1222,8 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c122(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c122(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5822(ab); } @@ -1377,8 +1237,7 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1722( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1722(__m256i a, __m256i b) { return _vxarq_u64_c122(a, b); } @@ -1390,105 +1249,57 @@ with const generics */ static KRML_MUSTINLINE void theta_rho_71( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i c[5U] = { - xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____0 = + __m256i c[5U] = {xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], + s->st[3U][0U], s->st[4U][0U]), + xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], + s->st[3U][1U], s->st[4U][1U]), + xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], + s->st[3U][2U], s->st[4U][2U]), + xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], + s->st[3U][3U], s->st[4U][3U]), + xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], + s->st[3U][4U], s->st[4U][4U])}; + __m256i uu____0 = rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____1 = + __m256i uu____1 = rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____2 = + __m256i uu____2 = rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____3 = + __m256i uu____3 = rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { + __m256i t[5U] = { uu____0, uu____1, uu____2, uu____3, rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - core_core_arch_x86___m256i uu____4 = - xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_x86___m256i uu____5 = - xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_x86___m256i uu____6 = - xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_x86___m256i uu____7 = - xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_x86___m256i uu____8 = - xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_x86___m256i uu____9 = - xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_x86___m256i uu____10 = - xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_x86___m256i uu____11 = - xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_x86___m256i uu____12 = - xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_x86___m256i uu____13 = - xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_x86___m256i uu____14 = - xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_x86___m256i uu____15 = - xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_x86___m256i uu____16 = - xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_x86___m256i uu____17 = - xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_x86___m256i uu____18 = - xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_x86___m256i uu____19 = - xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_x86___m256i uu____20 = - xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_x86___m256i uu____21 = - xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_x86___m256i uu____22 = - xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_x86___m256i uu____23 = - xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_x86___m256i uu____24 = - xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_x86___m256i uu____25 = - xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_x86___m256i uu____26 = - xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_x86___m256i uu____27 = - xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + s->st[1U][0U] = xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[2U][0U] = xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[3U][0U] = xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[4U][0U] = xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[0U][1U] = xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[1U][1U] = xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[2U][1U] = xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[3U][1U] = xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[4U][1U] = xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[0U][2U] = xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[1U][2U] = xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[2U][2U] = xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[3U][2U] = xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[4U][2U] = xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[0U][3U] = xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[1U][3U] = xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[2U][3U] = xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[3U][3U] = xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[4U][3U] = xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[0U][4U] = xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[1U][4U] = xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[2U][4U] = xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[3U][4U] = xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + __m256i uu____27 = xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1500,8 +1311,8 @@ with const generics */ static KRML_MUSTINLINE void pi_01( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); s->st[0U][1U] = old[1U][1U]; s->st[0U][2U] = old[2U][2U]; s->st[0U][3U] = old[3U][3U]; @@ -1536,8 +1347,8 @@ with const generics */ static KRML_MUSTINLINE void chi_9b( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); KRML_MAYBE_FOR5( i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; @@ -1584,7 +1395,7 @@ with const generics */ static KRML_MUSTINLINE void absorb_block_37( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); load_block_ef_6a(uu____0, uu____1); @@ -1596,8 +1407,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_full_91( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { +static KRML_MUSTINLINE void load_block_full_91(__m256i (*s)[5U], + uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, blocks[1U], @@ -1618,9 +1429,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void load_block_full_ef_05( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; +static KRML_MUSTINLINE void load_block_full_ef_05(__m256i (*a)[5U], + uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; uint8_t uu____1[4U][200U]; memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); load_block_full_91(uu____0, uu____1); @@ -1648,7 +1459,7 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); load_block_full_ef_05(uu____3, uu____4); @@ -1660,48 +1471,40 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, @@ -1808,8 +1611,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_full_0b( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { +static KRML_MUSTINLINE void store_block_full_0b(__m256i (*s)[5U], + uint8_t ret[4U][200U]) { uint8_t out0[200U] = {0U}; uint8_t out1[200U] = {0U}; uint8_t out2[200U] = {0U}; @@ -1843,8 +1646,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void store_block_full_ef_99( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { +static KRML_MUSTINLINE void store_block_full_ef_99(__m256i (*a)[5U], + uint8_t ret[4U][200U]) { store_block_full_0b(a, ret); } @@ -1880,8 +1683,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void store_block_ef_f6( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { +static KRML_MUSTINLINE void store_block_ef_f6(__m256i (*a)[5U], + Eurydice_slice b[4U]) { store_block_e9(a, b); } @@ -2006,6 +1809,9 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], } } +/** + Perform 4 SHAKE256 operations in parallel +*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, @@ -2015,6 +1821,9 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, keccak_14(buf0, buf); } +/** + Initialise the [`KeccakState`]. +*/ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { return new_1e_16(); @@ -2025,46 +1834,38 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v00 = + __m256i v00 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = + __m256i v10 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = + __m256i v20 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = + __m256i v30 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, __m256i); + __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, __m256i); + __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, __m256i); + __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = libcrux_intrinsics_avx2_mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); @@ -2118,7 +1919,7 @@ static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; @@ -2154,10 +1955,9 @@ static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = @@ -2171,8 +1971,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_full_910( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { +static KRML_MUSTINLINE void load_block_full_910(__m256i (*s)[5U], + uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, blocks[1U], @@ -2193,9 +1993,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void load_block_full_ef_050( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; +static KRML_MUSTINLINE void load_block_full_ef_050(__m256i (*a)[5U], + uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; uint8_t uu____1[4U][200U]; memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); load_block_full_910(uu____0, uu____1); @@ -2223,13 +2023,16 @@ static KRML_MUSTINLINE void absorb_final_5e0( } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); load_block_full_ef_050(uu____3, uu____4); keccakf1600_07(s); } +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { @@ -2242,48 +2045,40 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, @@ -2394,8 +2189,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void store_block_ef_f60( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { +static KRML_MUSTINLINE void store_block_ef_f60(__m256i (*a)[5U], + Eurydice_slice b[4U]) { store_block_e90(a, b); } @@ -2412,6 +2207,9 @@ static KRML_MUSTINLINE void squeeze_next_block_1c0( store_block_ef_f60(s->st, out); } +/** + Squeeze another block +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { @@ -2457,6 +2255,9 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( squeeze_next_block_1c0(s, o2); } +/** + Squeeze three blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { @@ -2504,6 +2305,9 @@ static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( squeeze_next_block_1c0(s, o4); } +/** + Squeeze five blocks +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, @@ -2512,6 +2316,9 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( squeeze_first_five_blocks_e4(s, buf); } +/** + Absorb +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { @@ -2519,6 +2326,9 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } +/** + Squeeze block +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, @@ -2527,6 +2337,9 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( squeeze_first_block_e9(s, buf); } +/** + Squeeze next block +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 667739a31..fca89dc4c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_sha3_avx2_H @@ -30,41 +30,68 @@ with const generics - $4size_t */ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { - core_core_arch_x86___m256i st[5U][5U]; + __m256i st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_29; +/** + Perform 4 SHAKE256 operations in parallel +*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Initialise the [`KeccakState`]. +*/ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void); +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); +/** + Squeeze another block +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze three blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze five blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); +/** + Squeeze block +*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze next block +*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index c31f051b5..7ae9eb4eb 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_sha3_internal_H @@ -187,6 +187,9 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -1224,75 +1227,52 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - uint64_t uu____4 = + s->st[1U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - uint64_t uu____5 = + s->st[2U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - uint64_t uu____6 = + s->st[3U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - uint64_t uu____7 = + s->st[4U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - uint64_t uu____8 = + s->st[0U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - uint64_t uu____9 = + s->st[1U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - uint64_t uu____10 = + s->st[2U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - uint64_t uu____11 = + s->st[3U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - uint64_t uu____12 = + s->st[4U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - uint64_t uu____13 = + s->st[0U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - uint64_t uu____14 = + s->st[1U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - uint64_t uu____15 = + s->st[2U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - uint64_t uu____16 = + s->st[3U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - uint64_t uu____17 = + s->st[4U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - uint64_t uu____18 = + s->st[0U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - uint64_t uu____19 = + s->st[1U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - uint64_t uu____20 = + s->st[2U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - uint64_t uu____21 = + s->st[3U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - uint64_t uu____22 = + s->st[4U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - uint64_t uu____23 = + s->st[0U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - uint64_t uu____24 = + s->st[1U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - uint64_t uu____25 = + s->st[2U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - uint64_t uu____26 = + s->st[3U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; uint64_t uu____27 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 6e368639b..e000a5155 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,27 +4,38 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "libcrux_sha3_neon.h" +/** + A portable SHA3 512 implementation. +*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } +/** + A portable SHA3 256 implementation. +*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, @@ -34,6 +45,9 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, KRML_HOST_EXIT(255U); } +/** + Initialise the `KeccakState2`. +*/ KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -41,6 +55,9 @@ libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EXIT(255U); } +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { @@ -49,6 +66,10 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -58,6 +79,10 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -67,6 +92,9 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( KRML_HOST_EXIT(255U); } +/** + A portable SHA3 224 implementation. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -74,6 +102,9 @@ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + A portable SHA3 384 implementation. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 68bc29ff1..f3ed82378 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_sha3_neon_H @@ -22,10 +22,21 @@ extern "C" { #include "intrinsics/libcrux_intrinsics_arm64.h" #include "libcrux_sha3_internal.h" +/** + A portable SHA3 512 implementation. +*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); +/** + A portable SHA3 256 implementation. +*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); @@ -33,23 +44,43 @@ typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; } libcrux_sha3_neon_x2_incremental_KeccakState; +/** + Initialise the `KeccakState2`. +*/ libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void); +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1); +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); +/** + A portable SHA3 224 implementation. +*/ void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); +/** + A portable SHA3 384 implementation. +*/ void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); #if defined(__cplusplus) From ac6b1ad187116d3869bf3b9f7e46f2fe15e23f44 Mon Sep 17 00:00:00 2001 From: xvzcf Date: Fri, 9 Aug 2024 13:49:07 +0000 Subject: [PATCH 035/172] Unroll sample_error_vector. --- libcrux-ml-dsa/src/lib.rs | 2 +- libcrux-ml-dsa/src/ml_dsa_generic.rs | 23 +--- libcrux-ml-dsa/src/sample.rs | 129 ++++++------------ .../src/{expandx4.rs => samplex4.rs} | 124 ++++++++++++++++- 4 files changed, 172 insertions(+), 106 deletions(-) rename libcrux-ml-dsa/src/{expandx4.rs => samplex4.rs} (75%) diff --git a/libcrux-ml-dsa/src/lib.rs b/libcrux-ml-dsa/src/lib.rs index 0401a0fd9..5d249859c 100644 --- a/libcrux-ml-dsa/src/lib.rs +++ b/libcrux-ml-dsa/src/lib.rs @@ -1,7 +1,7 @@ mod arithmetic; mod constants; mod encoding; -mod expandx4; +mod samplex4; mod hash_functions; mod instantiations; mod matrix; diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs index 78291938e..84df3d060 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs @@ -3,7 +3,7 @@ use crate::{ decompose_vector, make_hint, power2round_vector, use_hint, vector_infinity_norm_exceeds, }, constants::*, - encoding, expandx4, + encoding, samplex4, hash_functions::{shake128, shake256}, matrix::{ add_vectors, compute_A_times_mask, compute_As1_plus_s2, compute_w_approx, subtract_vectors, @@ -11,7 +11,7 @@ use crate::{ }, ntt::ntt, polynomial::PolynomialRingElement, - sample::{sample_challenge_ring_element, sample_error_vector, sample_mask_vector}, + sample::{sample_challenge_ring_element, sample_mask_vector}, simd::traits::Operations, utils::into_padded_array, MLDSASignature, @@ -52,20 +52,11 @@ pub(crate) fn generate_key_pair< let (seed_for_error_vectors, seed_for_signing) = seed_expanded.split_at(SEED_FOR_ERROR_VECTORS_SIZE); - let mut domain_separator: u16 = 0; - - let A_as_ntt = expandx4::matrix_A::( + let A_as_ntt = samplex4::matrix_A::( into_padded_array(seed_for_A), ); - - let s1 = sample_error_vector::( - into_padded_array(seed_for_error_vectors), - &mut domain_separator, - ); - let s2 = sample_error_vector::( - into_padded_array(seed_for_error_vectors), - &mut domain_separator, - ); + + let (s1, s2) = samplex4::sample_s1_and_s2::(into_padded_array(seed_for_error_vectors)); let t = compute_As1_plus_s2::(&A_as_ntt, &s1, &s2); @@ -140,7 +131,7 @@ pub(crate) fn sign< SIGNING_KEY_SIZE, >(signing_key); - let A_as_ntt = expandx4::matrix_A::( + let A_as_ntt = samplex4::matrix_A::( into_padded_array(&seed_for_A), ); @@ -317,7 +308,7 @@ pub(crate) fn verify< signature.signer_response, (2 << GAMMA1_EXPONENT) - BETA, ) { - let A_as_ntt = expandx4::matrix_A::( + let A_as_ntt = samplex4::matrix_A::( into_padded_array(&seed_for_A), ); diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index 2f05a4e01..de8e845f6 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -217,52 +217,40 @@ pub(crate) fn rejection_sample_less_than_eta( - seed: [u8; 66], -) -> PolynomialRingElement { - let mut state = Shake256::init_absorb(&seed); - let randomness = state.squeeze_first_block(); - - // Every call to |rejection_sample_less_than_field_modulus| - // will result in a call to |SIMDUnit::rejection_sample_less_than_field_modulus|; - // this latter function performs no bounds checking and can write up to 8 - // elements to its output. It is therefore possible that 255 elements have - // already been sampled and we call the function again. - // - // To ensure we don't overflow the buffer in this case, we allocate 255 + 8 - // = 263 elements. - let mut out = [0i32; 263]; - - let mut sampled = 0; - let mut done = - rejection_sample_less_than_eta::(&randomness, &mut sampled, &mut out); - - while !done { - let randomness = state.squeeze_next_block(); - done = rejection_sample_less_than_eta::(&randomness, &mut sampled, &mut out); - } - - PolynomialRingElement::::from_i32_array(&out) -} - -#[inline(always)] -fn sample_four_error_ring_element< +pub(crate) fn sample_four_error_ring_elements< SIMDUnit: Operations, Shake256: shake256::XofX4, const ETA: usize, >( - seed0: [u8; 66], - seed1: [u8; 66], - seed2: [u8; 66], - seed3: [u8; 66], + seed_base: [u8; 66], + domain_separator0: u16, + domain_separator1: u16, + domain_seperator2: u16, + domain_separator3: u16, ) -> ( PolynomialRingElement, PolynomialRingElement, PolynomialRingElement, PolynomialRingElement, ) { + // Prepare the seeds + let mut seed0 = seed_base; + seed0[64] = domain_separator0 as u8; + seed0[65] = (domain_separator0 >> 8) as u8; + + let mut seed1 = seed0; + seed1[64] = domain_separator1 as u8; + seed1[65] = (domain_separator1 >> 8) as u8; + + let mut seed2 = seed0; + seed2[64] = domain_seperator2 as u8; + seed2[65] = (domain_seperator2 >> 8) as u8; + + let mut seed3 = seed0; + seed3[64] = domain_separator3 as u8; + seed3[65] = (domain_separator3 >> 8) as u8; + let mut state = Shake256::init_absorb(&seed0, &seed1, &seed2, &seed3); let randomnesses = state.squeeze_first_block(); @@ -334,7 +322,6 @@ fn sample_four_error_ring_element< ) } -#[inline(always)] fn update_seed(mut seed: [u8; 66], domain_separator: &mut u16) -> [u8; 66] { seed[64] = *domain_separator as u8; seed[65] = (*domain_separator >> 8) as u8; @@ -342,51 +329,6 @@ fn update_seed(mut seed: [u8; 66], domain_separator: &mut u16) -> [u8; 66] { seed } -#[inline(always)] -pub(crate) fn sample_error_vector< - SIMDUnit: Operations, - Shake256: shake256::Xof, - Shake256X4: shake256::XofX4, - const DIMENSION: usize, - const ETA: usize, ->( - mut seed: [u8; 66], - domain_separator: &mut u16, -) -> [PolynomialRingElement; DIMENSION] { - let mut error = [PolynomialRingElement::::ZERO(); DIMENSION]; - - // DIMENSION is either COLUMNS_IN_A or ROWS_IN_A - debug_assert!( - DIMENSION == 4 || DIMENSION == 5 || DIMENSION == 6 || DIMENSION == 7 || DIMENSION == 8 - ); - // So we can always sample 4 ring elements first before sampling the remaining. - - let seed0 = update_seed(seed, domain_separator); - let seed1 = update_seed(seed, domain_separator); - let seed2 = update_seed(seed, domain_separator); - let seed3 = update_seed(seed, domain_separator); - - let errors = - sample_four_error_ring_element::(seed0, seed1, seed2, seed3); - error[0] = errors.0; - error[1] = errors.1; - error[2] = errors.2; - error[3] = errors.3; - - #[allow(clippy::needless_range_loop)] - for i in 4..DIMENSION { - seed[64] = *domain_separator as u8; - seed[65] = (*domain_separator >> 8) as u8; - *domain_separator += 1; - - // TODO: We could sample up to 4 in parallel in some cases if we think - // that makes it faster. - error[i] = sample_error_ring_element::(seed); - } - - error -} - #[inline(always)] fn sample_mask_ring_element< SIMDUnit: Operations, @@ -553,6 +495,25 @@ mod tests { four_ring_elements.0 } + // This is just a wrapper around sample_four_ring_elements, for testing + // purposes. + fn sample_error_ring_element< + SIMDUnit: Operations, + Shake256X4: shake256::XofX4, + const ETA: usize>( + seed_base: [u8; 66], + ) -> PolynomialRingElement { + let four_ring_elements = sample_four_error_ring_elements::( + seed_base, + ((seed_base[65] as u16) << 8) | (seed_base[64] as u16), + 0, + 0, + 0, + ); + + four_ring_elements.0 + } + fn test_sample_ring_element_uniform_generic() { let seed: [u8; 34] = [ 33, 192, 250, 216, 117, 61, 16, 12, 248, 51, 213, 110, 64, 57, 119, 80, 164, 83, 73, @@ -644,7 +605,7 @@ mod tests { ); } - fn test_sample_error_ring_element_generic() { + fn test_sample_error_ring_element_generic() { // When ETA = 2 let seed: [u8; 66] = [ 51, 203, 133, 235, 126, 210, 169, 81, 4, 134, 147, 168, 252, 67, 176, 99, 130, 186, @@ -790,7 +751,7 @@ mod tests { fn test_sample_error_ring_element() { test_sample_error_ring_element_generic::< simd::portable::PortableSIMDUnit, - hash_functions::portable::Shake256, + hash_functions::portable::Shake256X4, >(); } @@ -819,7 +780,7 @@ mod tests { fn test_sample_error_ring_element() { test_sample_error_ring_element_generic::< simd::avx2::AVX2SIMDUnit, - hash_functions::portable::Shake256, + hash_functions::simd256::Shake256X4, >(); } diff --git a/libcrux-ml-dsa/src/expandx4.rs b/libcrux-ml-dsa/src/samplex4.rs similarity index 75% rename from libcrux-ml-dsa/src/expandx4.rs rename to libcrux-ml-dsa/src/samplex4.rs index 7ae9e1d78..359189f41 100644 --- a/libcrux-ml-dsa/src/expandx4.rs +++ b/libcrux-ml-dsa/src/samplex4.rs @@ -1,5 +1,5 @@ use crate::{ - hash_functions::shake128, polynomial::PolynomialRingElement, sample::sample_four_ring_elements, + hash_functions::{shake128, shake256}, polynomial::PolynomialRingElement, sample::{sample_four_ring_elements, sample_four_error_ring_elements}, simd::traits::Operations, }; @@ -172,15 +172,14 @@ pub(crate) fn matrix_A_6_by_5< seed, generate_domain_separator(5, 3), generate_domain_separator(5, 4), - generate_domain_separator(0, 0), - generate_domain_separator(0, 0), + generate_domain_separator(5, 5), + generate_domain_separator(5, 6), ); A[5][3] = four_ring_elements.0; A[5][4] = four_ring_elements.1; A } - #[allow(non_snake_case)] #[inline(always)] pub(crate) fn matrix_A_8_by_7< @@ -363,8 +362,8 @@ pub(crate) fn matrix_A_8_by_7< A } - #[allow(non_snake_case)] +#[inline(always)] pub(crate) fn matrix_A< SIMDUnit: Operations, Shake128X4: shake128::XofX4, @@ -380,3 +379,118 @@ pub(crate) fn matrix_A< _ => unreachable!(), } } + +#[inline(always)] +fn sample_s1_and_s2_4_by_4< + SIMDUnit: Operations, + Shake256X4: shake256::XofX4, + const ETA: usize, + const S1_DIMENSION: usize, + const S2_DIMENSION: usize, +>( + seed_base: [u8; 66], +) -> ([PolynomialRingElement; S1_DIMENSION], [PolynomialRingElement; S2_DIMENSION]) { + let mut s1 = [PolynomialRingElement::::ZERO(); S1_DIMENSION]; + let mut s2 = [PolynomialRingElement::::ZERO(); S2_DIMENSION]; + + let four = sample_four_error_ring_elements::(seed_base, 0, 1, 2, 3); + s1[0] = four.0; + s1[1] = four.1; + s1[2] = four.2; + s1[3] = four.3; + + let four = sample_four_error_ring_elements::(seed_base, 4, 5, 6, 7); + s2[0] = four.0; + s2[1] = four.1; + s2[2] = four.2; + s2[3] = four.3; + + (s1, s2) +} +#[inline(always)] +fn sample_s1_and_s2_5_by_6< + SIMDUnit: Operations, + Shake256X4: shake256::XofX4, + const ETA: usize, + const S1_DIMENSION: usize, + const S2_DIMENSION: usize, +>( + seed_base: [u8; 66], +) -> ([PolynomialRingElement; S1_DIMENSION], [PolynomialRingElement; S2_DIMENSION]) { + let mut s1 = [PolynomialRingElement::::ZERO(); S1_DIMENSION]; + let mut s2 = [PolynomialRingElement::::ZERO(); S2_DIMENSION]; + + let four = sample_four_error_ring_elements::(seed_base, 0, 1, 2, 3); + s1[0] = four.0; + s1[1] = four.1; + s1[2] = four.2; + s1[3] = four.3; + + let four = sample_four_error_ring_elements::(seed_base, 4, 5, 6, 7); + s1[4] = four.0; + s2[0] = four.1; + s2[1] = four.2; + s2[2] = four.3; + + let four = sample_four_error_ring_elements::(seed_base, 8, 9, 10, 11); + s2[3] = four.0; + s2[4] = four.1; + s2[5] = four.2; + + (s1, s2) +} +#[inline(always)] +fn sample_s1_and_s2_7_by_8< + SIMDUnit: Operations, + Shake256X4: shake256::XofX4, + const ETA: usize, + const S1_DIMENSION: usize, + const S2_DIMENSION: usize, +>( + seed_base: [u8; 66], +) -> ([PolynomialRingElement; S1_DIMENSION], [PolynomialRingElement; S2_DIMENSION]) { + let mut s1 = [PolynomialRingElement::::ZERO(); S1_DIMENSION]; + let mut s2 = [PolynomialRingElement::::ZERO(); S2_DIMENSION]; + + let four = sample_four_error_ring_elements::(seed_base, 0, 1, 2, 3); + s1[0] = four.0; + s1[1] = four.1; + s1[2] = four.2; + s1[3] = four.3; + + let four = sample_four_error_ring_elements::(seed_base, 4, 5, 6, 7); + s1[4] = four.0; + s1[5] = four.1; + s1[6] = four.2; + s2[0] = four.3; + + let four = sample_four_error_ring_elements::(seed_base, 8, 9, 10, 11); + s2[1] = four.0; + s2[2] = four.1; + s2[3] = four.2; + s2[4] = four.3; + + let four = sample_four_error_ring_elements::(seed_base, 12, 13, 14, 15); + s2[5] = four.0; + s2[6] = four.1; + s2[7] = four.2; + + (s1, s2) +} +#[inline(always)] +pub(crate) fn sample_s1_and_s2< + SIMDUnit: Operations, + Shake256X4: shake256::XofX4, + const ETA: usize, + const S1_DIMENSION: usize, + const S2_DIMENSION: usize, +>( + seed: [u8; 66], +) -> ([PolynomialRingElement; S1_DIMENSION], [PolynomialRingElement; S2_DIMENSION]) { + match (S1_DIMENSION, S2_DIMENSION) { + (4, 4) => sample_s1_and_s2_4_by_4::(seed), + (5, 6) => sample_s1_and_s2_5_by_6::(seed), + (7, 8) => sample_s1_and_s2_7_by_8::(seed), + _ => unreachable!(), + } +} From d6bc5ff5f0c71c6dd2aa4c95c615906018fb3c5d Mon Sep 17 00:00:00 2001 From: xvzcf Date: Fri, 9 Aug 2024 13:49:18 +0000 Subject: [PATCH 036/172] cargo fmt --- libcrux-ml-dsa/src/lib.rs | 2 +- libcrux-ml-dsa/src/ml_dsa_generic.rs | 9 ++++-- libcrux-ml-dsa/src/sample.rs | 7 +++-- libcrux-ml-dsa/src/samplex4.rs | 45 +++++++++++++++++++++------- 4 files changed, 45 insertions(+), 18 deletions(-) diff --git a/libcrux-ml-dsa/src/lib.rs b/libcrux-ml-dsa/src/lib.rs index 5d249859c..1d8a09983 100644 --- a/libcrux-ml-dsa/src/lib.rs +++ b/libcrux-ml-dsa/src/lib.rs @@ -1,7 +1,6 @@ mod arithmetic; mod constants; mod encoding; -mod samplex4; mod hash_functions; mod instantiations; mod matrix; @@ -9,6 +8,7 @@ mod ml_dsa_generic; mod ntt; mod polynomial; mod sample; +mod samplex4; mod simd; mod types; mod utils; diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs index 84df3d060..69d2a0a3e 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs @@ -3,7 +3,7 @@ use crate::{ decompose_vector, make_hint, power2round_vector, use_hint, vector_infinity_norm_exceeds, }, constants::*, - encoding, samplex4, + encoding, hash_functions::{shake128, shake256}, matrix::{ add_vectors, compute_A_times_mask, compute_As1_plus_s2, compute_w_approx, subtract_vectors, @@ -12,6 +12,7 @@ use crate::{ ntt::ntt, polynomial::PolynomialRingElement, sample::{sample_challenge_ring_element, sample_mask_vector}, + samplex4, simd::traits::Operations, utils::into_padded_array, MLDSASignature, @@ -55,8 +56,10 @@ pub(crate) fn generate_key_pair< let A_as_ntt = samplex4::matrix_A::( into_padded_array(seed_for_A), ); - - let (s1, s2) = samplex4::sample_s1_and_s2::(into_padded_array(seed_for_error_vectors)); + + let (s1, s2) = samplex4::sample_s1_and_s2::( + into_padded_array(seed_for_error_vectors), + ); let t = compute_As1_plus_s2::(&A_as_ntt, &s1, &s2); diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index de8e845f6..50c72d647 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -498,9 +498,10 @@ mod tests { // This is just a wrapper around sample_four_ring_elements, for testing // purposes. fn sample_error_ring_element< - SIMDUnit: Operations, - Shake256X4: shake256::XofX4, - const ETA: usize>( + SIMDUnit: Operations, + Shake256X4: shake256::XofX4, + const ETA: usize, + >( seed_base: [u8; 66], ) -> PolynomialRingElement { let four_ring_elements = sample_four_error_ring_elements::( diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs index 359189f41..b8bfd5535 100644 --- a/libcrux-ml-dsa/src/samplex4.rs +++ b/libcrux-ml-dsa/src/samplex4.rs @@ -1,5 +1,7 @@ use crate::{ - hash_functions::{shake128, shake256}, polynomial::PolynomialRingElement, sample::{sample_four_ring_elements, sample_four_error_ring_elements}, + hash_functions::{shake128, shake256}, + polynomial::PolynomialRingElement, + sample::{sample_four_error_ring_elements, sample_four_ring_elements}, simd::traits::Operations, }; @@ -389,7 +391,10 @@ fn sample_s1_and_s2_4_by_4< const S2_DIMENSION: usize, >( seed_base: [u8; 66], -) -> ([PolynomialRingElement; S1_DIMENSION], [PolynomialRingElement; S2_DIMENSION]) { +) -> ( + [PolynomialRingElement; S1_DIMENSION], + [PolynomialRingElement; S2_DIMENSION], +) { let mut s1 = [PolynomialRingElement::::ZERO(); S1_DIMENSION]; let mut s2 = [PolynomialRingElement::::ZERO(); S2_DIMENSION]; @@ -416,7 +421,10 @@ fn sample_s1_and_s2_5_by_6< const S2_DIMENSION: usize, >( seed_base: [u8; 66], -) -> ([PolynomialRingElement; S1_DIMENSION], [PolynomialRingElement; S2_DIMENSION]) { +) -> ( + [PolynomialRingElement; S1_DIMENSION], + [PolynomialRingElement; S2_DIMENSION], +) { let mut s1 = [PolynomialRingElement::::ZERO(); S1_DIMENSION]; let mut s2 = [PolynomialRingElement::::ZERO(); S2_DIMENSION]; @@ -432,7 +440,8 @@ fn sample_s1_and_s2_5_by_6< s2[1] = four.2; s2[2] = four.3; - let four = sample_four_error_ring_elements::(seed_base, 8, 9, 10, 11); + let four = + sample_four_error_ring_elements::(seed_base, 8, 9, 10, 11); s2[3] = four.0; s2[4] = four.1; s2[5] = four.2; @@ -448,7 +457,10 @@ fn sample_s1_and_s2_7_by_8< const S2_DIMENSION: usize, >( seed_base: [u8; 66], -) -> ([PolynomialRingElement; S1_DIMENSION], [PolynomialRingElement; S2_DIMENSION]) { +) -> ( + [PolynomialRingElement; S1_DIMENSION], + [PolynomialRingElement; S2_DIMENSION], +) { let mut s1 = [PolynomialRingElement::::ZERO(); S1_DIMENSION]; let mut s2 = [PolynomialRingElement::::ZERO(); S2_DIMENSION]; @@ -464,13 +476,15 @@ fn sample_s1_and_s2_7_by_8< s1[6] = four.2; s2[0] = four.3; - let four = sample_four_error_ring_elements::(seed_base, 8, 9, 10, 11); + let four = + sample_four_error_ring_elements::(seed_base, 8, 9, 10, 11); s2[1] = four.0; s2[2] = four.1; s2[3] = four.2; s2[4] = four.3; - let four = sample_four_error_ring_elements::(seed_base, 12, 13, 14, 15); + let four = + sample_four_error_ring_elements::(seed_base, 12, 13, 14, 15); s2[5] = four.0; s2[6] = four.1; s2[7] = four.2; @@ -486,11 +500,20 @@ pub(crate) fn sample_s1_and_s2< const S2_DIMENSION: usize, >( seed: [u8; 66], -) -> ([PolynomialRingElement; S1_DIMENSION], [PolynomialRingElement; S2_DIMENSION]) { +) -> ( + [PolynomialRingElement; S1_DIMENSION], + [PolynomialRingElement; S2_DIMENSION], +) { match (S1_DIMENSION, S2_DIMENSION) { - (4, 4) => sample_s1_and_s2_4_by_4::(seed), - (5, 6) => sample_s1_and_s2_5_by_6::(seed), - (7, 8) => sample_s1_and_s2_7_by_8::(seed), + (4, 4) => { + sample_s1_and_s2_4_by_4::(seed) + } + (5, 6) => { + sample_s1_and_s2_5_by_6::(seed) + } + (7, 8) => { + sample_s1_and_s2_7_by_8::(seed) + } _ => unreachable!(), } } From 8b22983f8387a9511ce803075d70ff9d4391718e Mon Sep 17 00:00:00 2001 From: xvzcf Date: Fri, 9 Aug 2024 14:03:02 +0000 Subject: [PATCH 037/172] Fix test build failure. --- libcrux-ml-dsa/src/sample.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index 50c72d647..e16ca46e4 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -744,7 +744,7 @@ mod tests { fn test_sample_ring_element_uniform() { test_sample_ring_element_uniform_generic::< simd::portable::PortableSIMDUnit, - hash_functions::portable::Shake128, + hash_functions::portable::Shake128X4, >(); } From 541bf678bd86e09a69bb057fd7d1930333f8c07a Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sat, 10 Aug 2024 15:04:58 +0000 Subject: [PATCH 038/172] re-extract cg --- libcrux-ml-kem/c/libcrux_core.h | 449 +-- libcrux-ml-kem/cg.yaml | 5 + libcrux-ml-kem/cg/code_gen.txt | 8 +- libcrux-ml-kem/cg/libcrux_core.h | 29 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 19 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 2478 +++++++++-------- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 527 +++- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 1054 +++---- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 196 +- 9 files changed, 2707 insertions(+), 2058 deletions(-) diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index c9cbb548b..4a0da578a 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -15,231 +15,256 @@ #define __libcrux_core_H #if defined(__cplusplus) -extern "C" { +extern "C" +{ #endif #include "eurydice_glue.h" -/** -A monomorphic instance of core.ops.range.Range -with types size_t + /** + A monomorphic instance of core.ops.range.Range + with types size_t -*/ -typedef struct core_ops_range_Range_b3_s { - size_t start; - size_t end; -} core_ops_range_Range_b3; + */ + typedef struct core_ops_range_Range_b3_s + { + size_t start; + size_t end; + } core_ops_range_Range_b3; #define core_option_None 0 #define core_option_Some 1 -typedef uint8_t core_option_Option_ef_tags; - -/** -A monomorphic instance of core.option.Option -with types size_t - -*/ -typedef struct core_option_Option_b3_s { - core_option_Option_ef_tags tag; - size_t f0; -} core_option_Option_b3; - -static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); - -static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $1568size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_1f_s { - uint8_t value[1568U]; -} libcrux_ml_kem_types_MlKemPublicKey_1f; - -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$1568size_t]] - -*/ -typedef struct core_option_Option_99_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_1f f0; -} core_option_Option_99; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $3168size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_95_s { - uint8_t value[3168U]; -} libcrux_ml_kem_types_MlKemPrivateKey_95; - -typedef struct libcrux_ml_kem_mlkem1024_MlKem1024KeyPair_s { - libcrux_ml_kem_types_MlKemPrivateKey_95 sk; - libcrux_ml_kem_types_MlKemPublicKey_1f pk; -} libcrux_ml_kem_mlkem1024_MlKem1024KeyPair; - -typedef struct libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext_s { - uint8_t value[1568U]; -} libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$1568size_t]], -uint8_t[32size_t] - -*/ -typedef struct tuple_21_s { - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext fst; - uint8_t snd[32U]; -} tuple_21; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $1184size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { - uint8_t value[1184U]; -} libcrux_ml_kem_types_MlKemPublicKey_15; - -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$1184size_t]] - -*/ -typedef struct core_option_Option_92_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_15 f0; -} core_option_Option_92; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $2400size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_55_s { - uint8_t value[2400U]; -} libcrux_ml_kem_types_MlKemPrivateKey_55; - -typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { - libcrux_ml_kem_types_MlKemPrivateKey_55 sk; - libcrux_ml_kem_types_MlKemPublicKey_15 pk; -} libcrux_ml_kem_mlkem768_MlKem768KeyPair; - -typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { - uint8_t value[1088U]; -} libcrux_ml_kem_mlkem768_MlKem768Ciphertext; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]], -uint8_t[32size_t] - -*/ -typedef struct tuple_3c_s { - libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst; - uint8_t snd[32U]; -} tuple_3c; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { - uint8_t value[800U]; -} libcrux_ml_kem_types_MlKemPublicKey_be; - -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] - -*/ -typedef struct core_option_Option_04_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_be f0; -} core_option_Option_04; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $1632size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { - uint8_t value[1632U]; -} libcrux_ml_kem_types_MlKemPrivateKey_5e; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair -with const generics -- $1632size_t -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { - libcrux_ml_kem_types_MlKemPrivateKey_5e sk; - libcrux_ml_kem_types_MlKemPublicKey_be pk; -} libcrux_ml_kem_types_MlKemKeyPair_cb; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext -with const generics -- $768size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { - uint8_t value[768U]; -} libcrux_ml_kem_types_MlKemCiphertext_e8; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] - -*/ -typedef struct tuple_ec_s { - libcrux_ml_kem_types_MlKemCiphertext_e8 fst; - uint8_t snd[32U]; -} tuple_ec; + typedef uint8_t core_option_Option_ef_tags; + + /** + A monomorphic instance of core.option.Option + with types size_t + + */ + typedef struct core_option_Option_b3_s + { + core_option_Option_ef_tags tag; + size_t f0; + } core_option_Option_b3; + + static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); + + static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); + + /** + A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey + with const generics + - $1568size_t + */ + typedef struct libcrux_ml_kem_types_MlKemPublicKey_1f_s + { + uint8_t value[1568U]; + } libcrux_ml_kem_types_MlKemPublicKey_1f; + + /** + A monomorphic instance of core.option.Option + with types libcrux_ml_kem_types_MlKemPublicKey[[$1568size_t]] + + */ + typedef struct core_option_Option_99_s + { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_1f f0; + } core_option_Option_99; + + /** + A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey + with const generics + - $3168size_t + */ + typedef struct libcrux_ml_kem_types_MlKemPrivateKey_95_s + { + uint8_t value[3168U]; + } libcrux_ml_kem_types_MlKemPrivateKey_95; + + typedef struct libcrux_ml_kem_mlkem1024_MlKem1024KeyPair_s + { + libcrux_ml_kem_types_MlKemPrivateKey_95 sk; + libcrux_ml_kem_types_MlKemPublicKey_1f pk; + } libcrux_ml_kem_mlkem1024_MlKem1024KeyPair; + + typedef struct libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext_s + { + uint8_t value[1568U]; + } libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext; + + /** + A monomorphic instance of K. + with types libcrux_ml_kem_types_MlKemCiphertext[[$1568size_t]], + uint8_t[32size_t] + + */ + typedef struct tuple_21_s + { + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext fst; + uint8_t snd[32U]; + } tuple_21; + + /** + A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey + with const generics + - $1184size_t + */ + typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s + { + uint8_t value[1184U]; + } libcrux_ml_kem_types_MlKemPublicKey_15; + + /** + A monomorphic instance of core.option.Option + with types libcrux_ml_kem_types_MlKemPublicKey[[$1184size_t]] + + */ + typedef struct core_option_Option_92_s + { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_15 f0; + } core_option_Option_92; + + /** + A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey + with const generics + - $2400size_t + */ + typedef struct libcrux_ml_kem_types_MlKemPrivateKey_55_s + { + uint8_t value[2400U]; + } libcrux_ml_kem_types_MlKemPrivateKey_55; + + typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s + { + libcrux_ml_kem_types_MlKemPrivateKey_55 sk; + libcrux_ml_kem_types_MlKemPublicKey_15 pk; + } libcrux_ml_kem_mlkem768_MlKem768KeyPair; + + typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s + { + uint8_t value[1088U]; + } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; + + /** + A monomorphic instance of K. + with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]], + uint8_t[32size_t] + + */ + typedef struct tuple_3c_s + { + libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst; + uint8_t snd[32U]; + } tuple_3c; + + /** + A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey + with const generics + - $800size_t + */ + typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s + { + uint8_t value[800U]; + } libcrux_ml_kem_types_MlKemPublicKey_be; + + /** + A monomorphic instance of core.option.Option + with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] + + */ + typedef struct core_option_Option_04_s + { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_be f0; + } core_option_Option_04; + + /** + A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey + with const generics + - $1632size_t + */ + typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s + { + uint8_t value[1632U]; + } libcrux_ml_kem_types_MlKemPrivateKey_5e; + + /** + A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair + with const generics + - $1632size_t + - $800size_t + */ + typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s + { + libcrux_ml_kem_types_MlKemPrivateKey_5e sk; + libcrux_ml_kem_types_MlKemPublicKey_be pk; + } libcrux_ml_kem_types_MlKemKeyPair_cb; + + /** + A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext + with const generics + - $768size_t + */ + typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s + { + uint8_t value[768U]; + } libcrux_ml_kem_types_MlKemCiphertext_e8; + + /** + A monomorphic instance of K. + with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] + + */ + typedef struct tuple_ec_s + { + libcrux_ml_kem_types_MlKemCiphertext_e8 fst; + uint8_t snd[32U]; + } tuple_ec; #define core_result_Ok 0 #define core_result_Err 1 -typedef uint8_t core_result_Result_00_tags; - -/** -A monomorphic instance of core.result.Result -with types uint8_t[8size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_56_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[8U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_56; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[8size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_ac(core_result_Result_56 self, uint8_t ret[8U]); - -typedef struct Eurydice_slice_uint8_t_x2_s { - Eurydice_slice fst; - Eurydice_slice snd; -} Eurydice_slice_uint8_t_x2; - -typedef struct Eurydice_slice_uint8_t_1size_t__x2_s { - Eurydice_slice fst[1U]; - Eurydice_slice snd[1U]; -} Eurydice_slice_uint8_t_1size_t__x2; + typedef uint8_t core_result_Result_00_tags; + + /** + A monomorphic instance of core.result.Result + with types uint8_t[8size_t], core_array_TryFromSliceError + + */ + typedef struct core_result_Result_56_s + { + core_result_Result_00_tags tag; + union + { + uint8_t case_Ok[8U]; + core_array_TryFromSliceError case_Err; + } val; + } core_result_Result_56; + + /** + This function found in impl {core::result::Result} + */ + /** + A monomorphic instance of core.result.unwrap_41 + with types uint8_t[8size_t], core_array_TryFromSliceError + + */ + void core_result_unwrap_41_ac(core_result_Result_56 self, uint8_t ret[8U]); + + typedef struct Eurydice_slice_uint8_t_x2_s + { + Eurydice_slice fst; + Eurydice_slice snd; + } Eurydice_slice_uint8_t_x2; + + typedef struct Eurydice_slice_uint8_t_1size_t__x2_s + { + Eurydice_slice fst[1U]; + Eurydice_slice snd[1U]; + } Eurydice_slice_uint8_t_1size_t__x2; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg.yaml b/libcrux-ml-kem/cg.yaml index 7e0205733..d4a28b48e 100644 --- a/libcrux-ml-kem/cg.yaml +++ b/libcrux-ml-kem/cg.yaml @@ -116,3 +116,8 @@ files: - [libcrux_ml_kem, vector, "*"] - [libcrux_ml_kem, hash_functions, portable, "*"] - [libcrux_ml_kem, ind_cca, instantiations, portable, "*"] + +naming: + skip_prefix: + - [ core, core_arch, arm_shared, neon ] + - [ core, core_arch, x86 ] diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 89de62066..6acb4d397 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 -Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 -Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 +Charon: 53530427db2941ce784201e64086766504bc5642 +Eurydice: 67f4341506300372fba9cb8de070234935839cb7 +Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f +Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 313228c9f..07f561d00 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 */ #ifndef __libcrux_core_H @@ -213,6 +213,9 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { uint8_t value[1088U]; } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#6} */ @@ -258,6 +261,9 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { libcrux_ml_kem_types_MlKemPublicKey_15 pk; } libcrux_ml_kem_mlkem768_MlKem768KeyPair; +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -322,6 +328,9 @@ libcrux_ml_kem_types_from_01_f5(uint8_t value[1088U]) { return lit; } +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -335,6 +344,9 @@ static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( return self->value; } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -387,6 +399,9 @@ static inline void core_result_unwrap_41_83(core_result_Result_00 self, } } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -420,6 +435,9 @@ static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_47( Eurydice_slice); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -438,6 +456,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 3bf3b7a0a..63d4774f7 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 */ #ifndef __libcrux_ct_ops_H @@ -21,6 +21,9 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +/** + Return 1 if `value` is not zero and 0 otherwise. +*/ static inline uint8_t libcrux_ml_kem_constant_time_ops_inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -36,6 +39,10 @@ libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) { return libcrux_ml_kem_constant_time_ops_inz(value); } +/** + Return 1 if the bytes of `lhs` and `rhs` do not exactly + match and 0 otherwise. +*/ static inline uint8_t libcrux_ml_kem_constant_time_ops_compare( Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; @@ -55,6 +62,10 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return libcrux_ml_kem_constant_time_ops_compare(lhs, rhs); } +/** + If `selector` is not zero, return the bytes in `rhs`; return the bytes in + `lhs` otherwise. +*/ static inline void libcrux_ml_kem_constant_time_ops_select_ct( Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index d3f1e459d..09cb085ac 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 */ #ifndef __libcrux_mlkem768_avx2_H @@ -45,11 +45,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H( memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -typedef core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; +typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_zero(void) { +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { return libcrux_intrinsics_avx2_mm256_setzero_si256(); } @@ -58,13 +57,12 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea( - void) { +static inline __m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { return libcrux_ml_kem_vector_avx2_zero(); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); } @@ -74,14 +72,14 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { +static inline __m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( + Eurydice_slice array) { return libcrux_ml_kem_vector_avx2_from_i16_array(array); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( - core_core_arch_x86___m256i v, int16_t ret[16U]) { + __m256i v, int16_t ret[16U]) { int16_t output[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); @@ -94,14 +92,13 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_vector_avx2_to_i16_array_ea( - core_core_arch_x86___m256i x, int16_t ret[16U]) { + __m256i x, int16_t ret[16U]) { libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs) { return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); } @@ -110,15 +107,14 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { +static inline __m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, + __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs) { return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); } @@ -127,15 +123,15 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { +static inline __m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, + __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, + int16_t constant) { return libcrux_intrinsics_avx2_mm256_mullo_epi16( vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); } @@ -145,16 +141,15 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(core_core_arch_x86___m256i v, - int16_t c) { +static inline __m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + __m256i v, int16_t c) { return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant) { + __m256i vector, int16_t constant) { return libcrux_intrinsics_avx2_mm256_and_si256( vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); } @@ -164,26 +159,22 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { +static inline __m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( vector, constant); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i v_minus_field_modulus = +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i v_minus_field_modulus = libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); - core_core_arch_x86___m256i conditional_add_field_modulus = + __m256i sign_mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, __m256i); + __m256i conditional_add_field_modulus = libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); @@ -194,28 +185,29 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector) { +static inline __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( + __m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); } #define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ ((int16_t)20159) +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { + __m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( vector, libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + __m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i quotient_times_field_modulus = + __m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, __m256i); + __m256i quotient_times_field_modulus = libcrux_intrinsics_avx2_mm256_mullo_epi16( quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); @@ -228,30 +220,27 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector) { +static inline __m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + __m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i constant0 = - libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i value_low = + __m256i vector, int16_t constant) { + __m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } @@ -261,36 +250,32 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i +static inline __m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { + __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( vector, constant); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)2); - core_core_arch_x86___m256i field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)4); - core_core_arch_x86___m256i shifted = + __m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)2); + __m256i field_modulus_quartered = libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)4); + __m256i shifted = libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, shifted, core_core_arch_x86___m256i); - core_core_arch_x86___m256i shifted_to_positive = + __m256i mask = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, shifted, __m256i); + __m256i shifted_to_positive = libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i shifted_to_positive_in_range = + __m256i shifted_to_positive_in_range = libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, field_modulus_quartered); return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); + (int32_t)15, shifted_to_positive_in_range, __m256i); } /** @@ -298,63 +283,55 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_1_ea(core_core_arch_x86___m256i vector) { +static inline __m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( vector); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - core_core_arch_x86___m256i prod02 = - libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, + __m256i rhs) { + __m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + __m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, __m256i), + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, __m256i)); return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i v, __m256i c) { + __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, __m256i); + __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); + __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, __m256i); return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); } @@ -363,28 +340,26 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { +static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + __m256i vector, int16_t zeta0, int16_t zeta1) { + __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)238, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)238, + vector, __m256i); + __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)68, vector, core_core_arch_x86___m256i); + __m256i lhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)68, vector, __m256i); return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); } @@ -393,52 +368,43 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { +static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m128i +static KRML_MUSTINLINE __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { - core_core_arch_x86___m128i value_low = - libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + __m128i v, __m128i c) { + __m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + __m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = - libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + __m128i k_times_modulus = libcrux_intrinsics_avx2_mm_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs0 = +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) { + __m128i rhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m128i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i combined = + __m128i lhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + __m256i combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); + (int32_t)1, combined, upper_coefficients, __m256i); } /** @@ -446,39 +412,38 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { +static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + __m256i vector, int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(__m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { + __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, __m256i); + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, __m256i); + __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( rhs, libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1)); - core_core_arch_x86___m256i sum0 = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = + __m256i sum0 = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( sum0, libcrux_intrinsics_avx2_mm256_set_epi16( zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - core_core_arch_x86___m256i sum = - libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); + __m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)204, sum, + sum_times_zetas, __m256i); } /** @@ -486,40 +451,37 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { +static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( vector, zeta0, zeta1, zeta2, zeta3); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector, + int16_t zeta0, + int16_t zeta1) { + __m256i lhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, __m256i); + __m256i rhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, __m256i); + __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( rhs, libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1)); - core_core_arch_x86___m256i sum = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = + __m256i sum = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( sum, libcrux_intrinsics_avx2_mm256_set_epi16( zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)240, sum, + sum_times_zetas, __m256i); } /** @@ -527,33 +489,28 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { +static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients0 = +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(__m256i vector, + int16_t zeta) { + __m128i lhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m128i rhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + __m128i upper_coefficients0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i combined = + __m256i combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); + (int32_t)1, combined, upper_coefficients0, __m256i); } /** @@ -561,115 +518,96 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { +static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + __m256i vector, int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v) { - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( v, libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i result = + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, __m256i); + __m256i result = libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, result, core_core_arch_x86___m256i); + __m256i result0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, result, __m256i); return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - core_core_arch_x86___m256i); + __m256i); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - core_core_arch_x86___m256i lhs_shuffled = +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i shuffle_with = libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + __m256i lhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lhs_evens = + __m256i lhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, __m256i); + __m128i lhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i lhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i rhs_shuffled = + __m256i lhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + __m128i lhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, __m128i); + __m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + __m256i rhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i rhs_evens = + __m256i rhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, __m256i); + __m128i rhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i rhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i left = + __m256i rhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + __m128i rhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, __m128i); + __m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + __m256i left = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i right = + __m256i right = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i right0 = + __m256i right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + __m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( right0, libcrux_intrinsics_avx2_mm256_set_epi32( -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - core_core_arch_x86___m256i products_left = - libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i products_left0 = + __m256i products_left = libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + __m256i products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_left); - core_core_arch_x86___m256i rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - rhs, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, - (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, - (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, - (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, - (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, - (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - core_core_arch_x86___m256i products_right = + __m256i rhs_adjacent_swapped = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + rhs, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, + (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, + (int8_t)1, (int8_t)0, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, + (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, + (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + __m256i products_right = libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i products_right0 = + __m256i products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_right); - core_core_arch_x86___m256i products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, - core_core_arch_x86___m256i); + __m256i products_right1 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, products_right0, __m256i); return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, - core_core_arch_x86___m256i); + products_right1, __m256i); } /** @@ -677,28 +615,22 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_multiply_ea(core_core_arch_x86___m256i *lhs, - core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { +static inline __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + __m256i *lhs, __m256i *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, zeta1, zeta2, zeta3); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - core_core_arch_x86___m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i low_msbs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = - libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + __m256i vector, uint8_t ret[2U]) { + __m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, __m256i); + __m128i low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + __m128i high_msbs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, __m128i); + __m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); uint8_t serialized[2U] = {0U}; serialized[0U] = (uint8_t)bits_packed; @@ -711,60 +643,56 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { +static inline void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, + uint8_t ret[2U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, - (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, - (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, - (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, - (int16_t)-32768); - core_core_arch_x86___m256i coefficients_in_msb = + __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + __m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); + __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, + coefficients_in_msb, __m256i); } /** @@ -772,42 +700,35 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { +static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + __m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)4, (int32_t)0)); - core_core_arch_x86___m128i combined0 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0)); + __m256i combined = libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + adjacent_8_combined, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); + __m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), combined0); @@ -827,62 +748,56 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { +static inline void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, + uint8_t ret[8U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, - core_core_arch_x86___m256i); + __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients, shift_lsbs_to_msbs); + __m256i coefficients_in_lsb = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)4, coefficients_in_msb, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 4U) - (int16_t)1)); @@ -893,53 +808,45 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { +static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + __m256i vector, uint8_t ret[10U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lower_8 = + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)22, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, __m256i); + __m256i adjacent_8_combined0 = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)12)); + __m256i adjacent_8_combined1 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, __m256i); + __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice), lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, Eurydice_slice), @@ -960,15 +867,15 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { +static inline void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, + uint8_t ret[10U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + __m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), @@ -985,34 +892,29 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i coefficients_loaded = + __m256i coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, - (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, - (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); + __m256i coefficients_loaded0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, __m256i); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + coefficients_loaded0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, (int8_t)8, + (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, (int8_t)4, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, (int8_t)2, + (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - core_core_arch_x86___m256i); + __m256i); } /** @@ -1020,52 +922,46 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { +static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + __m256i vector, uint8_t ret[20U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, + (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice), lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, Eurydice_slice), @@ -1087,49 +983,40 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + __m256i vector, uint8_t ret[20U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, - (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, - (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i lower_coefficients = + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, - 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, + 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, - 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - core_core_arch_x86___m256i coefficients = + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, + 9U, 8U, 8U, 7U, 7U, 6U)); + __m256i coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, - core_core_arch_x86___m256i); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, __m256i); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)6, coefficients1, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 10U) - (int16_t)1)); @@ -1140,14 +1027,14 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { +static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + __m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), @@ -1166,12 +1053,12 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + __m256i vector, uint8_t ret[22U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { libcrux_ml_kem_vector_portable_vector_type_PortableVector output = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); @@ -1186,48 +1073,41 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { +static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + __m256i vector, uint8_t ret[24U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, - (int32_t)8, (int32_t)0, (int32_t)8)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)8, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, (int8_t)12, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice), @@ -1253,49 +1133,40 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + __m256i vector, uint8_t ret[24U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i lower_coefficients = + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, - 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, + 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, - 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - core_core_arch_x86___m256i coefficients = + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, + 10U, 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + __m256i coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, - core_core_arch_x86___m256i); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, __m256i); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)4, coefficients1, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 12U) - (int16_t)1)); @@ -1306,8 +1177,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { +static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); } @@ -1315,12 +1186,11 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, Eurydice_slice output) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i potential_coefficients = + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i compare_with_field_modulus = + __m256i compare_with_field_modulus = libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, potential_coefficients); uint8_t good[2U]; @@ -1331,14 +1201,13 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i lower_shuffles0 = + __m128i lower_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients = + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, lower_shuffles0); libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); uint8_t upper_shuffles[16U]; @@ -1346,15 +1215,13 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i upper_shuffles0 = + __m128i upper_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, __m128i); + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, upper_shuffles0); libcrux_intrinsics_avx2_mm_storeu_si128( Eurydice_slice_subslice2(output, sampled_count, sampled_count + (size_t)8U, int16_t, @@ -1380,7 +1247,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector */ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - core_core_arch_x86___m256i coefficients[16U]; + __m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2; /** @@ -1453,6 +1320,9 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_3e( return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1518,59 +1388,45 @@ generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i coefficients_low = + __m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)10); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)10, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)10, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -1584,9 +1440,9 @@ generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i +static inline __m256i libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( - core_core_arch_x86___m256i vector) { + __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( vector); } @@ -1611,8 +1467,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7( Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( coefficient); @@ -1627,59 +1482,45 @@ generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i coefficients_low = + __m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)11); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)11, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)11, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -1693,9 +1534,9 @@ generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i +static inline __m256i libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( - core_core_arch_x86___m256i vector) { + __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( vector); } @@ -1720,8 +1561,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_ae( Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( coefficient); @@ -1743,8 +1583,8 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; + __m256i fst; + __m256i snd; } libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; /** @@ -1754,9 +1594,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d( - core_core_arch_x86___m256i v, int16_t fer) { +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d( + __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -1768,11 +1607,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4(__m256i a, __m256i b, int16_t zeta_r) { - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1802,8 +1639,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65( libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -1922,6 +1759,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_09( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1957,10 +1798,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + u_as_ntt[i0] = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( u_bytes); - u_as_ntt[i0] = uu____0; libcrux_ml_kem_ntt_ntt_vector_u_09(&u_as_ntt[i0]); } memcpy( @@ -1975,59 +1815,45 @@ generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i coefficients_low = + __m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)4); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)4, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)4, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -2041,9 +1867,9 @@ generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i +static inline __m256i libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( - core_core_arch_x86___m256i vector) { + __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( vector); } @@ -2067,8 +1893,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_00( Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( coefficient); @@ -2083,59 +1908,45 @@ generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i coefficients_low = + __m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)5); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)5, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)5, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -2149,9 +1960,9 @@ generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i +static inline __m256i libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df2( - core_core_arch_x86___m256i vector) { + __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( vector); } @@ -2197,6 +2008,33 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( return libcrux_ml_kem_serialize_deserialize_then_decompress_4_00(serialized); } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2234,6 +2072,10 @@ libcrux_ml_kem_polynomial_ntt_multiply_89_48( return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2249,11 +2091,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, + Eurydice_slice), + __m256i, size_t); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -2339,11 +2180,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i a_minus_b = - libcrux_ml_kem_vector_avx2_sub_ea(b, &a); +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df(__m256i a, + __m256i b, + int16_t zeta_r) { + __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(a_minus_b, zeta_r); @@ -2377,8 +2217,8 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2( libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -2428,7 +2268,7 @@ libcrux_ml_kem_polynomial_subtract_reduce_89_56( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( b.coefficients[i0], (int16_t)1441); b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( @@ -2438,6 +2278,12 @@ libcrux_ml_kem_polynomial_subtract_reduce_89_56( return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2470,11 +2316,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8( - core_core_arch_x86___m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8(__m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } /** @@ -2487,9 +2331,8 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_shift_right_ea_4e( - core_core_arch_x86___m256i vector) { +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_4e( + __m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8(vector); } @@ -2500,14 +2343,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_shift_right_ea_4e(a); - core_core_arch_x86___m256i fm = - libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); +static inline __m256i +libcrux_ml_kem_vector_traits_to_unsigned_representative_a4(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_4e(a); + __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); } @@ -2524,10 +2364,10 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_4a( uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = + __m256i coefficient = libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re.coefficients[i0]); - core_core_arch_x86___m256i coefficient_compressed = + __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); @@ -2542,6 +2382,30 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_4a( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2662,6 +2526,12 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c0( return libcrux_ml_kem_polynomial_ZERO_89_d5(); } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -2682,14 +2552,19 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); } return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -2843,6 +2718,47 @@ libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_4d( ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2935,6 +2851,47 @@ libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_5a( libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_1b(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -3209,6 +3166,55 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51( libcrux_ml_kem_hash_functions_avx2_PRFxN_1c(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -3332,9 +3338,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_45( size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - re->coefficients[j + step], (int16_t)-1600); + __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + re->coefficients[j + step], (int16_t)-1600); re->coefficients[j + step] = libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); re->coefficients[j] = @@ -3366,6 +3371,10 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3397,11 +3406,10 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + re_as_ntt[i0] = libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; @@ -3430,6 +3438,9 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_8f(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3539,7 +3550,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_91( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( self->coefficients[j], (int16_t)1441); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( @@ -3548,6 +3559,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_91( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3604,8 +3618,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_decompress_1_91(core_core_arch_x86___m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_91(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3626,7 +3639,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient_compressed = + __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_array_to_subslice2( serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); @@ -3655,12 +3668,12 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( result.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &message->coefficients[i0]); - core_core_arch_x86___m256i tmp0 = + __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea(self->coefficients[i0], + &message->coefficients[i0]); + __m256i tmp0 = libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); result.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); @@ -3668,6 +3681,9 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3703,62 +3719,50 @@ generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = + __m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)10, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)10, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -3771,8 +3775,8 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_98(core_core_arch_x86___m256i vector) { +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_98( + __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( vector); } @@ -3791,10 +3795,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_2f( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_98( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re->coefficients[i0])); + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_98( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3815,62 +3818,50 @@ generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = + __m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)11, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)11, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -3883,8 +3874,8 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_980(core_core_arch_x86___m256i vector) { +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_980( + __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( vector); } @@ -3903,10 +3894,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_d1( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_980( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re->coefficients[i0])); + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_980( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3936,6 +3926,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3980,62 +3973,50 @@ generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = + __m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)4, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)4, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -4048,8 +4029,8 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_981(core_core_arch_x86___m256i vector) { +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_981( + __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( vector); } @@ -4068,10 +4049,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_b7( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_981( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re.coefficients[i0])); + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_981( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); core_slice___Slice_T___copy_from_slice( @@ -4090,62 +4070,50 @@ generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = + __m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)5, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)5, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -4158,8 +4126,8 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_982(core_core_arch_x86___m256i vector) { +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_982( + __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( vector); } @@ -4178,10 +4146,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_35( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficients = - libcrux_ml_kem_vector_avx2_compress_ea_982( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re.coefficients[i0])); + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_982( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); core_slice___Slice_T___copy_from_slice( @@ -4207,6 +4174,47 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( libcrux_ml_kem_serialize_compress_then_serialize_4_b7(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -4472,6 +4480,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -4499,6 +4510,13 @@ static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_73( libcrux_ml_kem_ind_cca_decapsulate_be(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, @@ -4627,6 +4645,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -4656,6 +4677,13 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_82( libcrux_ml_kem_ind_cca_decapsulate_unpacked_10(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, @@ -4806,6 +4834,13 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2d( return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, @@ -4885,6 +4920,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( return lit; } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -4915,6 +4953,14 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_2e( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, @@ -4959,9 +5005,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_standard_domain_42( - core_core_arch_x86___m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_42( + __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -4984,7 +5029,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_traits_to_standard_domain_42( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( @@ -4993,6 +5038,9 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5044,6 +5092,47 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5138,7 +5227,7 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = + __m256i coefficient = libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re->coefficients[i0]); uint8_t bytes[24U]; @@ -5154,6 +5243,9 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5190,6 +5282,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5257,6 +5352,9 @@ libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -5313,6 +5411,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5360,6 +5466,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -5380,6 +5489,9 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); } +/** + Generate ML-KEM 768 Key Pair +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { @@ -5444,11 +5556,10 @@ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_polynomial_clone_d5_25( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - core_core_arch_x86___m256i ret[16U]; + __m256i ret[16U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * sizeof(core_core_arch_x86___m256i)); + (size_t)16U, self->coefficients, ret, __m256i, void *); + memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); return lit; } @@ -5537,6 +5648,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uint8_t randomness[64U]) { return lit; } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -5558,6 +5672,9 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_ed( return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uu____0); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( @@ -5705,6 +5822,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics @@ -5733,6 +5853,13 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_fd( libcrux_ml_kem_ind_cca_decapsulate_be0(private_key, ciphertext, ret); } +/** + Decapsulate Kyber 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, @@ -5836,6 +5963,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( return lit; } +/** + Portable encapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics @@ -5864,6 +5994,13 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0f( return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); } +/** + Encapsulate Kyber 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, @@ -5889,6 +6026,12 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c00( return libcrux_ml_kem_polynomial_ZERO_89_d5(); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -5952,6 +6095,9 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_cf( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -5967,6 +6113,11 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( @@ -5987,8 +6138,7 @@ This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self) { +static inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { return self[0U]; } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 1bedf65a9..3cd6940e7 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 */ #ifndef __libcrux_mlkem768_portable_H @@ -1115,6 +1115,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { @@ -1157,6 +1170,20 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { @@ -1176,6 +1203,17 @@ libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( return value_high - c; } +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ static KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { @@ -1207,6 +1245,28 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, r); } +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ static inline uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { @@ -1481,6 +1541,28 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, @@ -2498,6 +2580,9 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_59( return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2801,13 +2886,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7b( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U; } } @@ -2824,7 +2908,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -2834,7 +2918,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U; } } @@ -2884,6 +2967,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_65( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2918,10 +3005,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + u_as_ntt[i0] = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f4( u_bytes); - u_as_ntt[i0] = uu____0; libcrux_ml_kem_ntt_ntt_vector_u_65(&u_as_ntt[i0]); } memcpy( @@ -3052,9 +3138,8 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_93( Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); - re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( re.coefficients[i0]); @@ -3075,6 +3160,33 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f7( return libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b(serialized); } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3113,6 +3225,10 @@ libcrux_ml_kem_polynomial_ntt_multiply_89_d5( return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3155,7 +3271,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3165,7 +3281,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U; } } @@ -3182,13 +3297,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; } } @@ -3322,6 +3436,12 @@ libcrux_ml_kem_polynomial_subtract_reduce_89_79( return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3427,6 +3547,30 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_fb( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3541,6 +3685,12 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_06( return libcrux_ml_kem_polynomial_ZERO_89_39(); } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -3569,6 +3719,12 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -3724,6 +3880,47 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_4e( ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -3806,6 +4003,47 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_c1( libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_ed(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -4064,6 +4302,55 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89( libcrux_ml_kem_hash_functions_portable_PRFxN_1d(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -4186,9 +4473,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[j + step] = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -4218,6 +4504,10 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4249,11 +4539,10 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = + re_as_ntt[i0] = libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; @@ -4282,6 +4571,9 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_da(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4399,6 +4691,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_08( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4522,6 +4817,9 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4692,6 +4990,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4865,6 +5166,47 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( libcrux_ml_kem_serialize_compress_then_serialize_4_e5(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5128,6 +5470,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -5155,6 +5500,13 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( libcrux_ml_kem_ind_cca_decapsulate_88(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5282,6 +5634,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -5310,6 +5665,13 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( libcrux_ml_kem_ind_cca_decapsulate_unpacked_05(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5455,6 +5817,13 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_67( return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -5533,6 +5902,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( return lit; } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -5562,6 +5934,14 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_65( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_57(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { @@ -5639,6 +6019,9 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5689,6 +6072,47 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5798,6 +6222,9 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5833,6 +6260,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5899,6 +6329,9 @@ libcrux_ml_kem_ind_cpa_generate_keypair_ec(Eurydice_slice key_generation_seed) { return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -5954,6 +6387,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6001,6 +6442,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -6021,6 +6465,9 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); } +/** + Generate ML-KEM 768 Key Pair +*/ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -6178,6 +6625,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { return lit; } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -6198,6 +6648,9 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uu____0); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -6342,6 +6795,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.kyber_decapsulate with const @@ -6370,6 +6826,13 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( libcrux_ml_kem_ind_cca_decapsulate_880(private_key, ciphertext, ret); } +/** + Decapsulate Kyber 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6470,6 +6933,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( return lit; } +/** + Portable encapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.kyber_encapsulate with const @@ -6498,6 +6964,13 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_a7( return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); } +/** + Encapsulate Kyber 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -6521,6 +6994,12 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_060( return libcrux_ml_kem_polynomial_ZERO_89_39(); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6582,6 +7061,9 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_35( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -6596,6 +7078,11 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index d47e46e3b..d3a29b153 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 */ #ifndef __libcrux_sha3_avx2_H @@ -28,22 +28,16 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_zero_ef(void) { +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2_zero_ef(void) { return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__veor5q_u64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__veor5q_u64( + __m256i a, __m256i b, __m256i c, __m256i d, __m256i e) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + __m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); } @@ -52,12 +46,8 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor5_ef(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2_xor5_ef( + __m256i a, __m256i b, __m256i c, __m256i d, __m256i e) { return libcrux_sha3_simd_avx2__veor5q_u64(a, b, c, d, e); } @@ -68,20 +58,17 @@ with const generics - RIGHT= 63 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_58(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_58(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, __m256i)); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vrax1q_u64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vrax1q_u64(__m256i a, + __m256i b) { + __m256i uu____0 = a; return libcrux_intrinsics_avx2_mm256_xor_si256( uu____0, libcrux_sha3_simd_avx2_rotate_left_58(b)); } @@ -91,17 +78,15 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vrax1q_u64(a, b); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vbcaxq_u64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vbcaxq_u64(__m256i a, + __m256i b, + __m256i c) { return libcrux_intrinsics_avx2_mm256_xor_si256( a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); } @@ -111,18 +96,15 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_and_not_xor_ef(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_and_not_xor_ef(__m256i a, __m256i b, __m256i c) { return libcrux_sha3_simd_avx2__vbcaxq_u64(a, b, c); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__veorq_n_u64(__m256i a, + uint64_t c) { + __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); } @@ -131,9 +113,8 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_constant_ef(core_core_arch_x86___m256i a, - uint64_t c) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_constant_ef(__m256i a, uint64_t c) { return libcrux_sha3_simd_avx2__veorq_n_u64(a, c); } @@ -142,8 +123,8 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_sha3_simd_avx2_xor_ef( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2_xor_ef(__m256i a, + __m256i b) { return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); } @@ -226,9 +207,12 @@ with const generics - $4size_t */ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { - core_core_arch_x86___m256i st[5U][5U]; + __m256i st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_29; +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -278,45 +262,37 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { + __m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v00 = + __m256i v00 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = + __m256i v10 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = + __m256i v20 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = + __m256i v30 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, __m256i); + __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, __m256i); + __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, __m256i); + __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = libcrux_intrinsics_avx2_mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); @@ -370,7 +346,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; @@ -406,10 +382,9 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = @@ -429,8 +404,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; + __m256i (*a)[5U], Eurydice_slice b[4U]) { + __m256i(*uu____0)[5U] = a; Eurydice_slice uu____1[4U]; memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); libcrux_sha3_simd_avx2_load_block_c7(uu____0, uu____1); @@ -443,13 +418,11 @@ with const generics - RIGHT= 28 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_580(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_580(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, __m256i)); } /** @@ -459,10 +432,9 @@ with const generics - RIGHT= 28 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c1(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_c1(__m256i a, + __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_580(ab); } @@ -477,9 +449,8 @@ with const generics - RIGHT= 28 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c1(a, b); } @@ -490,13 +461,11 @@ with const generics - RIGHT= 61 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_581(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_581(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, __m256i)); } /** @@ -506,10 +475,9 @@ with const generics - RIGHT= 61 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c10(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c10(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_581(ab); } @@ -524,9 +492,8 @@ with const generics - RIGHT= 61 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c10(a, b); } @@ -537,13 +504,11 @@ with const generics - RIGHT= 23 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_582(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_582(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, __m256i)); } /** @@ -553,10 +518,9 @@ with const generics - RIGHT= 23 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c11(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c11(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_582(ab); } @@ -571,9 +535,8 @@ with const generics - RIGHT= 23 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c11(a, b); } @@ -584,13 +547,11 @@ with const generics - RIGHT= 46 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_583(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_583(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, __m256i)); } /** @@ -600,10 +561,9 @@ with const generics - RIGHT= 46 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c12(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c12(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_583(ab); } @@ -618,9 +578,8 @@ with const generics - RIGHT= 46 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c12(a, b); } @@ -631,10 +590,9 @@ with const generics - RIGHT= 63 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c13(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c13(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_58(ab); } @@ -649,9 +607,8 @@ with const generics - RIGHT= 63 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c13(a, b); } @@ -662,13 +619,11 @@ with const generics - RIGHT= 20 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_584(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_584(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, __m256i)); } /** @@ -678,10 +633,9 @@ with const generics - RIGHT= 20 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c14(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c14(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_584(ab); } @@ -696,9 +650,8 @@ with const generics - RIGHT= 20 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c14(a, b); } @@ -709,13 +662,11 @@ with const generics - RIGHT= 54 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_585(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_585(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, __m256i)); } /** @@ -725,10 +676,9 @@ with const generics - RIGHT= 54 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c15(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c15(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_585(ab); } @@ -743,9 +693,8 @@ with const generics - RIGHT= 54 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c15(a, b); } @@ -756,13 +705,11 @@ with const generics - RIGHT= 19 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_586(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_586(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, __m256i)); } /** @@ -772,10 +719,9 @@ with const generics - RIGHT= 19 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c16(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_586(ab); } @@ -790,9 +736,8 @@ with const generics - RIGHT= 19 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c16(a, b); } @@ -803,13 +748,11 @@ with const generics - RIGHT= 62 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_587(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_587(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, __m256i)); } /** @@ -819,10 +762,9 @@ with const generics - RIGHT= 62 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c17(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c17(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_587(ab); } @@ -837,9 +779,8 @@ with const generics - RIGHT= 62 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c17(a, b); } @@ -850,13 +791,11 @@ with const generics - RIGHT= 2 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_588(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_588(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, __m256i)); } /** @@ -866,10 +805,9 @@ with const generics - RIGHT= 2 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c18(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c18(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_588(ab); } @@ -884,9 +822,8 @@ with const generics - RIGHT= 2 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c18(a, b); } @@ -897,13 +834,11 @@ with const generics - RIGHT= 58 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_589(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_589(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, __m256i)); } /** @@ -913,10 +848,9 @@ with const generics - RIGHT= 58 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c19(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c19(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_589(ab); } @@ -931,9 +865,8 @@ with const generics - RIGHT= 58 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c19(a, b); } @@ -944,13 +877,11 @@ with const generics - RIGHT= 21 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5810(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5810(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, __m256i)); } /** @@ -960,10 +891,9 @@ with const generics - RIGHT= 21 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c110(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c110(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5810(ab); } @@ -978,9 +908,8 @@ with const generics - RIGHT= 21 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c110(a, b); } @@ -991,13 +920,11 @@ with const generics - RIGHT= 49 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5811(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5811(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, __m256i)); } /** @@ -1007,10 +934,9 @@ with const generics - RIGHT= 49 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c111(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c111(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5811(ab); } @@ -1025,9 +951,8 @@ with const generics - RIGHT= 49 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c111(a, b); } @@ -1038,13 +963,11 @@ with const generics - RIGHT= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5812(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5812(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, __m256i)); } /** @@ -1054,10 +977,9 @@ with const generics - RIGHT= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c112(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c112(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5812(ab); } @@ -1072,9 +994,8 @@ with const generics - RIGHT= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c112(a, b); } @@ -1085,13 +1006,11 @@ with const generics - RIGHT= 36 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5813(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5813(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, __m256i)); } /** @@ -1101,10 +1020,9 @@ with const generics - RIGHT= 36 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c113(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c113(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5813(ab); } @@ -1119,9 +1037,8 @@ with const generics - RIGHT= 36 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c113(a, b); } @@ -1132,13 +1049,11 @@ with const generics - RIGHT= 9 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5814(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5814(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, __m256i)); } /** @@ -1148,10 +1063,9 @@ with const generics - RIGHT= 9 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c114(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c114(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5814(ab); } @@ -1166,9 +1080,8 @@ with const generics - RIGHT= 9 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c114(a, b); } @@ -1179,13 +1092,11 @@ with const generics - RIGHT= 39 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5815(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5815(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, __m256i)); } /** @@ -1195,10 +1106,9 @@ with const generics - RIGHT= 39 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c115(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c115(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5815(ab); } @@ -1213,9 +1123,8 @@ with const generics - RIGHT= 39 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c115(a, b); } @@ -1226,13 +1135,11 @@ with const generics - RIGHT= 43 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5816(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5816(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, __m256i)); } /** @@ -1242,10 +1149,9 @@ with const generics - RIGHT= 43 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c116(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c116(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5816(ab); } @@ -1260,9 +1166,8 @@ with const generics - RIGHT= 43 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c116(a, b); } @@ -1273,13 +1178,11 @@ with const generics - RIGHT= 8 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5817(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5817(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, __m256i)); } /** @@ -1289,10 +1192,9 @@ with const generics - RIGHT= 8 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c117(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c117(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5817(ab); } @@ -1307,9 +1209,8 @@ with const generics - RIGHT= 8 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c117(a, b); } @@ -1320,13 +1221,11 @@ with const generics - RIGHT= 37 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5818(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5818(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, __m256i)); } /** @@ -1336,10 +1235,9 @@ with const generics - RIGHT= 37 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c118(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c118(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5818(ab); } @@ -1354,9 +1252,8 @@ with const generics - RIGHT= 37 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c118(a, b); } @@ -1367,13 +1264,11 @@ with const generics - RIGHT= 44 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5819(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5819(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, __m256i)); } /** @@ -1383,10 +1278,9 @@ with const generics - RIGHT= 44 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c119(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c119(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5819(ab); } @@ -1401,9 +1295,8 @@ with const generics - RIGHT= 44 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c119(a, b); } @@ -1414,13 +1307,11 @@ with const generics - RIGHT= 25 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5820(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5820(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, __m256i)); } /** @@ -1430,10 +1321,9 @@ with const generics - RIGHT= 25 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c120(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c120(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5820(ab); } @@ -1448,9 +1338,8 @@ with const generics - RIGHT= 25 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c120(a, b); } @@ -1461,13 +1350,11 @@ with const generics - RIGHT= 56 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5821(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5821(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, __m256i)); } /** @@ -1477,10 +1364,9 @@ with const generics - RIGHT= 56 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c121(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c121(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5821(ab); } @@ -1495,9 +1381,8 @@ with const generics - RIGHT= 56 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c121(a, b); } @@ -1508,13 +1393,11 @@ with const generics - RIGHT= 50 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5822(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5822(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, __m256i)); } /** @@ -1524,10 +1407,9 @@ with const generics - RIGHT= 50 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c122(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c122(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5822(ab); } @@ -1542,9 +1424,8 @@ with const generics - RIGHT= 50 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c122(a, b); } @@ -1557,114 +1438,85 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i c[5U] = { - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], - s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][1U], s->st[1U][1U], - s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][2U], s->st[1U][2U], - s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][3U], s->st[1U][3U], - s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][4U], s->st[1U][4U], - s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____0 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____1 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____2 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____3 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { - uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + __m256i c[5U] = {libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], + s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][1U], s->st[1U][1U], + s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][2U], s->st[1U][2U], + s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][3U], s->st[1U][3U], + s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][4U], s->st[1U][4U], + s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + __m256i uu____0 = libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + __m256i uu____1 = libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + __m256i uu____2 = libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + __m256i uu____3 = libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + __m256i t[5U] = {uu____0, uu____1, uu____2, uu____3, + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_ef(s->st[0U][0U], t[0U]); - core_core_arch_x86___m256i uu____4 = + s->st[1U][0U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_x86___m256i uu____5 = + s->st[2U][0U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_x86___m256i uu____6 = + s->st[3U][0U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_x86___m256i uu____7 = + s->st[4U][0U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_x86___m256i uu____8 = + s->st[0U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_x86___m256i uu____9 = + s->st[1U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_x86___m256i uu____10 = + s->st[2U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_x86___m256i uu____11 = + s->st[3U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_x86___m256i uu____12 = + s->st[4U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_x86___m256i uu____13 = + s->st[0U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_x86___m256i uu____14 = + s->st[1U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_x86___m256i uu____15 = + s->st[2U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_x86___m256i uu____16 = + s->st[3U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_x86___m256i uu____17 = + s->st[4U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_x86___m256i uu____18 = + s->st[0U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_x86___m256i uu____19 = + s->st[1U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_x86___m256i uu____20 = + s->st[2U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_x86___m256i uu____21 = + s->st[3U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_x86___m256i uu____22 = + s->st[4U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_x86___m256i uu____23 = + s->st[0U][4U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_x86___m256i uu____24 = + s->st[1U][4U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_x86___m256i uu____25 = + s->st[2U][4U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_x86___m256i uu____26 = + s->st[3U][4U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_x86___m256i uu____27 = + __m256i uu____27 = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1678,8 +1530,8 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_01( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); s->st[0U][1U] = old[1U][1U]; s->st[0U][2U] = old[2U][2U]; s->st[0U][3U] = old[3U][3U]; @@ -1715,8 +1567,8 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_9b( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)5U; i++) { @@ -1769,7 +1621,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_37( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); libcrux_sha3_simd_avx2_load_block_ef_6a(uu____0, uu____1); @@ -1783,7 +1635,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_91( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + __m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, blocks[1U], @@ -1806,8 +1658,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; + __m256i (*a)[5U], uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; uint8_t uu____1[4U][200U]; memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); libcrux_sha3_simd_avx2_load_block_full_91(uu____0, uu____1); @@ -1839,7 +1691,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( size_t uu____2 = (size_t)136U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; } - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); libcrux_sha3_simd_avx2_load_block_full_ef_05(uu____3, uu____4); @@ -1853,47 +1705,39 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { + __m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, @@ -2002,7 +1846,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { + __m256i (*s)[5U], uint8_t ret[4U][200U]) { uint8_t out0[200U] = {0U}; uint8_t out1[200U] = {0U}; uint8_t out2[200U] = {0U}; @@ -2038,7 +1882,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_99( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { + __m256i (*a)[5U], uint8_t ret[4U][200U]) { libcrux_sha3_simd_avx2_store_block_full_0b(a, ret); } @@ -2081,7 +1925,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f6( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + __m256i (*a)[5U], Eurydice_slice b[4U]) { libcrux_sha3_simd_avx2_store_block_e9(a, b); } @@ -2215,6 +2059,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( } } +/** + Perform 4 SHAKE256 operations in parallel +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, @@ -2228,6 +2075,9 @@ static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( typedef libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_KeccakState; +/** + Initialise the [`KeccakState`]. +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { @@ -2241,45 +2091,37 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { + __m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v00 = + __m256i v00 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = + __m256i v10 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = + __m256i v20 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = + __m256i v30 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, __m256i); + __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, __m256i); + __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, __m256i); + __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = libcrux_intrinsics_avx2_mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); @@ -2333,7 +2175,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; @@ -2369,10 +2211,9 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = @@ -2388,7 +2229,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_910( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + __m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, blocks[1U], @@ -2411,8 +2252,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; + __m256i (*a)[5U], uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; uint8_t uu____1[4U][200U]; memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); libcrux_sha3_simd_avx2_load_block_full_910(uu____0, uu____1); @@ -2444,13 +2285,16 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( size_t uu____2 = (size_t)168U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; } - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); libcrux_sha3_simd_avx2_load_block_full_ef_050(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_07(s); } +/** + Absorb +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -2467,47 +2311,39 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { + __m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, @@ -2620,7 +2456,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f60( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + __m256i (*a)[5U], Eurydice_slice b[4U]) { libcrux_sha3_simd_avx2_store_block_e90(a, b); } @@ -2638,6 +2474,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c0( libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); } +/** + Squeeze another block +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( @@ -2688,6 +2527,9 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); } +/** + Squeeze three blocks +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( @@ -2739,6 +2581,9 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o4); } +/** + Squeeze five blocks +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( @@ -2748,6 +2593,9 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4(s, buf); } +/** + Absorb +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( @@ -2757,6 +2605,9 @@ libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } +/** + Squeeze block +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( @@ -2766,6 +2617,9 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_squeeze_first_block_e9(s, buf); } +/** + Squeeze next block +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 56e5608a9..16738841a 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 */ #ifndef __libcrux_sha3_portable_H @@ -187,6 +187,9 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -1212,75 +1215,52 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - uint64_t uu____4 = + s->st[1U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - uint64_t uu____5 = + s->st[2U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - uint64_t uu____6 = + s->st[3U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - uint64_t uu____7 = + s->st[4U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - uint64_t uu____8 = + s->st[0U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - uint64_t uu____9 = + s->st[1U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - uint64_t uu____10 = + s->st[2U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - uint64_t uu____11 = + s->st[3U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - uint64_t uu____12 = + s->st[4U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - uint64_t uu____13 = + s->st[0U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - uint64_t uu____14 = + s->st[1U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - uint64_t uu____15 = + s->st[2U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - uint64_t uu____16 = + s->st[3U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - uint64_t uu____17 = + s->st[4U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - uint64_t uu____18 = + s->st[0U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - uint64_t uu____19 = + s->st[1U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - uint64_t uu____20 = + s->st[2U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - uint64_t uu____21 = + s->st[3U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - uint64_t uu____22 = + s->st[4U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - uint64_t uu____23 = + s->st[0U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - uint64_t uu____24 = + s->st[1U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - uint64_t uu____25 = + s->st[2U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - uint64_t uu____26 = + s->st[3U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; uint64_t uu____27 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; @@ -1680,6 +1660,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( libcrux_sha3_generic_keccak_keccak_75(uu____0, out); } +/** + A portable SHA3 512 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -2038,6 +2021,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( libcrux_sha3_generic_keccak_keccak_750(uu____0, out); } +/** + A portable SHA3 256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -2164,6 +2150,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( libcrux_sha3_generic_keccak_keccak_751(uu____0, out); } +/** + A portable SHAKE256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -2171,6 +2160,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } +/** + A portable SHA3 512 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -2178,6 +2170,9 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + A portable SHA3 256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -2185,6 +2180,11 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, @@ -2201,6 +2201,9 @@ typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; } libcrux_sha3_neon_x2_incremental_KeccakState; +/** + Initialise the `KeccakState2`. +*/ static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -2208,6 +2211,9 @@ libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EXIT(255U); } +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, @@ -2217,6 +2223,10 @@ libcrux_sha3_neon_x2_incremental_shake128_absorb_final( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -2226,6 +2236,10 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -2235,6 +2249,9 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( KRML_HOST_EXIT(255U); } +/** + Create a new SHAKE-128 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { return libcrux_sha3_generic_keccak_new_1e_f2(); @@ -2326,6 +2343,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_keccakf1600_85(s); } +/** + Absorb +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { @@ -2381,6 +2401,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } +/** + Squeeze another block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -2427,6 +2450,9 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); } +/** + Squeeze three blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -2441,6 +2467,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( typedef uint8_t libcrux_sha3_Algorithm; +/** + Returns the output size of a digest. +*/ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; switch (mode) { @@ -2820,6 +2849,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( libcrux_sha3_generic_keccak_keccak_752(uu____0, out); } +/** + A portable SHA3 224 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -3178,6 +3210,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( libcrux_sha3_generic_keccak_keccak_753(uu____0, out); } +/** + A portable SHA3 384 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -3185,11 +3220,20 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a3(buf0, buf); } +/** + SHA3 224 + + Preconditions: + - `digest.len() == 28` +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } +/** + SHA3 224 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; @@ -3198,11 +3242,17 @@ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -3211,11 +3261,17 @@ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; @@ -3224,11 +3280,17 @@ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; @@ -3442,6 +3504,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( libcrux_sha3_generic_keccak_keccak_754(uu____0, out); } +/** + A portable SHAKE128 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -3449,11 +3514,21 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( libcrux_sha3_portable_keccakx1_2a4(buf0, buf); } +/** + SHAKE 128 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } +/** + SHAKE 256 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); @@ -3473,6 +3548,9 @@ static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; +/** + A portable SHA3 224 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -3480,6 +3558,9 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + A portable SHA3 384 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -3528,6 +3609,9 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o4); } +/** + Squeeze five blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -3535,6 +3619,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } +/** + Absorb some data for SHAKE-256 for the last time +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { @@ -3542,11 +3629,17 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_721(s, buf); } +/** + Create a new SHAKE-256 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { return libcrux_sha3_generic_keccak_new_1e_f2(); } +/** + Squeeze the first SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { @@ -3554,6 +3647,9 @@ libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } +/** + Squeeze the next SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { From d50e2a062a09bf85430e82d1d8b7c210d9458d0b Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 12 Aug 2024 14:28:39 +0200 Subject: [PATCH 039/172] Get rid of `unused` warnings --- libcrux-sha3/src/generic_keccak.rs | 16 ---------------- libcrux-sha3/src/lib.rs | 4 ++++ libcrux-sha3/src/simd/arm64.rs | 1 + libcrux-sha3/src/simd/avx2.rs | 1 + 4 files changed, 6 insertions(+), 16 deletions(-) diff --git a/libcrux-sha3/src/generic_keccak.rs b/libcrux-sha3/src/generic_keccak.rs index 188ca0498..c87ee9e07 100644 --- a/libcrux-sha3/src/generic_keccak.rs +++ b/libcrux-sha3/src/generic_keccak.rs @@ -517,19 +517,3 @@ pub(crate) fn keccak, const RATE: usize, c } } } - -#[inline(always)] -pub(crate) fn keccak_xof< - const PARALLEL_LANES: usize, - STATE: KeccakStateItem, - const RATE: usize, - const DELIMITER: u8, ->( - data: [&[u8]; PARALLEL_LANES], - out: [&mut [u8]; PARALLEL_LANES], -) { - let mut state = KeccakXofState::::new(); - state.absorb(data); - state.absorb_final::([&[]; PARALLEL_LANES]); - state.squeeze(out); -} diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index b1a39283d..77d7edc9e 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -936,6 +936,7 @@ pub mod avx2 { absorb_final, squeeze_first_three_blocks, squeeze_next_block, KeccakState as GenericState, }; + #[cfg(not(feature = "simd128"))] use crate::generic_keccak::{squeeze_first_block, squeeze_first_five_blocks}; #[cfg(feature = "simd256")] use libcrux_intrinsics::avx2::*; @@ -1040,6 +1041,7 @@ pub mod avx2 { /// Squeeze block #[inline(always)] + #[allow(unused_variables)] // TODO: decide if we want to fall back here pub fn shake256_squeeze_first_block( s: &mut KeccakState, out0: &mut [u8], @@ -1055,6 +1057,7 @@ pub mod avx2 { /// Squeeze next block #[inline(always)] + #[allow(unused_variables)] // TODO: decide if we want to fall back here pub fn shake256_squeeze_next_block( s: &mut KeccakState, out0: &mut [u8], @@ -1143,6 +1146,7 @@ pub mod avx2 { /// Squeeze five blocks #[inline(always)] + #[allow(unused_variables)] // TODO: decide if we want to fall back here pub fn shake128_squeeze_first_five_blocks( s: &mut KeccakState, out0: &mut [u8], diff --git a/libcrux-sha3/src/simd/arm64.rs b/libcrux-sha3/src/simd/arm64.rs index 481207525..d10836405 100644 --- a/libcrux-sha3/src/simd/arm64.rs +++ b/libcrux-sha3/src/simd/arm64.rs @@ -191,6 +191,7 @@ impl KeccakItem<2> for uint64x2_t { split_at_mut_2(a, mid) } + // TODO: Do we need this, or not? cf. https://github.com/cryspen/libcrux/issues/482 fn store(_state: &[[Self; 5]; 5], _out: [&mut [u8]; 2]) { todo!() } diff --git a/libcrux-sha3/src/simd/avx2.rs b/libcrux-sha3/src/simd/avx2.rs index c7b7a98c8..07578e1d1 100644 --- a/libcrux-sha3/src/simd/avx2.rs +++ b/libcrux-sha3/src/simd/avx2.rs @@ -242,6 +242,7 @@ impl KeccakItem<4> for Vec256 { split_at_mut_4(a, mid) } + // TODO: Do we need this, or not? cf. https://github.com/cryspen/libcrux/issues/482 fn store(_state: &[[Self; 5]; 5], _out: [&mut [u8]; 4]) { todo!() } From c52405ea0a57830cfac5f952072ffe083ccb94f7 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Mon, 12 Aug 2024 13:56:03 -0700 Subject: [PATCH 040/172] wip --- libcrux-ml-kem/c/code_gen.txt | 6 +- libcrux-ml-kem/c/internal/libcrux_core.h | 231 +- .../c/internal/libcrux_mlkem_neon.h | 32 +- .../c/internal/libcrux_mlkem_portable.h | 48 +- .../c/internal/libcrux_sha3_internal.h | 44 +- libcrux-ml-kem/c/libcrux_core.c | 308 +- libcrux-ml-kem/c/libcrux_core.h | 455 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 68 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 48 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 66 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 52 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 66 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 48 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 9125 +--------------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 507 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 9287 ++++++++++++++++- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 572 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2885 +++-- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 186 +- libcrux-ml-kem/c/libcrux_sha3.h | 18 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2327 +---- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 39 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 742 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3308 +++++- libcrux-ml-kem/c/libcrux_sha3_neon.h | 29 +- 34 files changed, 15775 insertions(+), 14904 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 7de2127cd..7fd7d385c 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: Charon: 53530427db2941ce784201e64086766504bc5642 -Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 +Eurydice: 67f4341506300372fba9cb8de070234935839cb7 Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 -F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 +F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 +Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 50f0155c0..ff449d1ea 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __internal_libcrux_core_H @@ -23,8 +23,6 @@ extern "C" { #define CORE_NUM__U32_8__BITS (32U) -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); - uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( Eurydice_slice lhs, Eurydice_slice rhs); @@ -73,10 +71,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1568 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( + uint8_t value[800U]); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -88,12 +86,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_2c1( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk); /** This function found in impl {(core::convert::From<@Array> for @@ -102,10 +100,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 3168 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( - uint8_t value[3168U]); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_e01( + uint8_t value[1632U]); /** This function found in impl {(core::convert::From<@Array> for @@ -114,10 +112,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1568 +- SIZE= 768 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( + uint8_t value[768U]); /** A reference to the raw byte slice. @@ -128,10 +126,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1568 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( - libcrux_ml_kem_types_MlKemPublicKey_1f *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_1f1( + libcrux_ml_kem_types_MlKemPublicKey_be *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -140,10 +138,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1568 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** Pad the `slice` with `0`s at the end. @@ -151,10 +149,10 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, - uint8_t ret[1600U]); +void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, + uint8_t ret[800U]); /** This function found in impl {(core::convert::From<@Array> for @@ -163,10 +161,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1184 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( - uint8_t value[1184U]); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( + uint8_t value[1568U]); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -178,12 +176,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_2c0( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** This function found in impl {(core::convert::From<@Array> for @@ -192,10 +190,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 2400 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( - uint8_t value[2400U]); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_e00( + uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for @@ -204,10 +202,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1088 +- SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( - uint8_t value[1088U]); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( + uint8_t value[1568U]); /** A reference to the raw byte slice. @@ -218,10 +216,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1184 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( - libcrux_ml_kem_types_MlKemPublicKey_15 *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_1f0( + libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -230,10 +228,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1088 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** Pad the `slice` with `0`s at the end. @@ -241,10 +239,10 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, - uint8_t ret[1120U]); +void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, + uint8_t ret[1600U]); /** This function found in impl {(core::convert::From<@Array> for @@ -253,10 +251,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 800 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( - uint8_t value[800U]); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( + uint8_t value[1184U]); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -268,12 +266,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_2c( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** This function found in impl {(core::convert::From<@Array> for @@ -282,10 +280,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 1632 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( - uint8_t value[1632U]); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_e0( + uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for @@ -294,10 +292,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 768 +- SIZE= 1088 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( - uint8_t value[768U]); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( + uint8_t value[1088U]); /** A reference to the raw byte slice. @@ -308,10 +306,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 800 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( - libcrux_ml_kem_types_MlKemPublicKey_be *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( + libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** Pad the `slice` with `0`s at the end. @@ -321,7 +319,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -355,7 +353,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -365,10 +363,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 768 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** Pad the `slice` with `0`s at the end. @@ -376,10 +374,10 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, - uint8_t ret[800U]); +void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, + uint8_t ret[1120U]); /** Pad the `slice` with `0`s at the end. @@ -389,77 +387,18 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, uint8_t ret[64U]); /** -A monomorphic instance of core.result.Result -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_6f_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_6f; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]); - -/** -A monomorphic instance of core.result.Result -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_7a_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_7a; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]); - -/** -A monomorphic instance of core.result.Result -with types uint8_t[10size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_cd_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_cd; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[10size_t], core_array_TryFromSliceError +A monomorphic instance of core.option.Option +with types Eurydice_slice uint8_t */ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]); +typedef struct core_option_Option_44_s { + core_option_Option_ef_tags tag; + Eurydice_slice f0; +} core_option_Option_44; /** A monomorphic instance of core.result.Result @@ -484,10 +423,10 @@ with types int16_t[16size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]); -typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { - Eurydice_slice fst[4U]; - Eurydice_slice snd[4U]; -} Eurydice_slice_uint8_t_4size_t__x2; +typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { + Eurydice_slice fst[2U]; + Eurydice_slice snd[2U]; +} Eurydice_slice_uint8_t_2size_t__x2; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index 57231a2ff..cad194d8f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __internal_libcrux_mlkem_neon_H @@ -48,6 +48,14 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -184,6 +192,14 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -320,6 +336,14 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 370d96d3b..503d8a62e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -53,7 +53,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]); /** Packed API @@ -77,7 +77,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -98,7 +98,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -121,7 +121,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -147,7 +147,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -173,7 +173,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f1( +void libcrux_ml_kem_ind_cca_decapsulate_711( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -185,7 +185,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -201,7 +201,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]); /** Packed API @@ -225,7 +225,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -246,7 +246,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -269,7 +269,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -295,7 +295,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f0( +void libcrux_ml_kem_ind_cca_decapsulate_710( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -333,7 +333,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -349,7 +349,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]); /** Packed API @@ -373,7 +373,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -394,7 +394,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -417,7 +417,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -443,7 +443,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -469,7 +469,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f( +void libcrux_ml_kem_ind_cca_decapsulate_71( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 46a061db9..2d77d01ee 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __internal_libcrux_sha3_internal_H @@ -29,7 +29,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_7a(); } /** @@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_72(s, buf); + libcrux_sha3_generic_keccak_absorb_final_25(s, buf); } /** @@ -49,7 +49,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, buf); } /** @@ -60,7 +60,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -68,15 +68,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); } /** @@ -86,7 +86,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); } #define libcrux_sha3_Sha224 0 @@ -149,7 +149,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -157,29 +157,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o4); } /** @@ -189,7 +189,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); } /** @@ -199,7 +199,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_720(s, buf); + libcrux_sha3_generic_keccak_absorb_final_250(s, buf); } /** @@ -207,7 +207,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_7a(); } /** @@ -217,7 +217,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); } /** @@ -227,7 +227,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index e2b08b63e..7a3bd7ee8 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #include "internal/libcrux_core.h" @@ -96,14 +96,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1568 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( + uint8_t value[800U]) { + uint8_t uu____0[800U]; + memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_be lit; + memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -117,14 +117,13 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk) { - return ( - CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_2c1( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk) { + return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); } /** @@ -134,14 +133,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 3168 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( - uint8_t value[3168U]) { - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_e01( + uint8_t value[1632U]) { + uint8_t uu____0[1632U]; + memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e lit; + memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -152,14 +151,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1568 +- SIZE= 768 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( + uint8_t value[768U]) { + uint8_t uu____0[768U]; + memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 lit; + memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); return lit; } @@ -172,10 +171,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1568 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( - libcrux_ml_kem_types_MlKemPublicKey_1f *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_1f1( + libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -186,11 +185,11 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1568 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); } @@ -200,11 +199,11 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, - uint8_t ret[1600U]) { - uint8_t out[1600U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, + uint8_t ret[800U]) { + uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -212,7 +211,7 @@ void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } /** @@ -222,14 +221,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1184 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( - uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_1f lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -243,14 +242,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk) { +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_2c0( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( - CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); + CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); } /** @@ -260,14 +259,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 2400 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( - uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_e00( + uint8_t value[3168U]) { + uint8_t uu____0[3168U]; + memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 lit; + memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -278,14 +277,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1088 +- SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( - uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -298,10 +297,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1184 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( - libcrux_ml_kem_types_MlKemPublicKey_15 *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_1f0( + libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -312,11 +311,11 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1088 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); } @@ -326,11 +325,11 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, - uint8_t ret[1120U]) { - uint8_t out[1120U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, + uint8_t ret[1600U]) { + uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -338,7 +337,7 @@ void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } /** @@ -348,14 +347,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 800 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( - uint8_t value[800U]) { - uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( + uint8_t value[1184U]) { + uint8_t uu____0[1184U]; + memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_15 lit; + memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -369,13 +368,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk) { - return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_2c( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk) { + return ( + CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** @@ -385,14 +385,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 1632 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( - uint8_t value[1632U]) { - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_e0( + uint8_t value[2400U]) { + uint8_t uu____0[2400U]; + memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 lit; + memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -403,14 +403,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 768 +- SIZE= 1088 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( - uint8_t value[768U]) { - uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( + uint8_t value[1088U]) { + uint8_t uu____0[1088U]; + memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); return lit; } @@ -423,10 +423,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 800 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( - libcrux_ml_kem_types_MlKemPublicKey_be *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( + libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -438,7 +438,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -479,7 +479,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -499,11 +499,11 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 768 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); } @@ -513,11 +513,11 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, - uint8_t ret[800U]) { - uint8_t out[800U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, + uint8_t ret[1120U]) { + uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -525,7 +525,7 @@ void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } /** @@ -536,7 +536,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -549,66 +549,6 @@ void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[24U]; - memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[20U]; - memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[10size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[10U]; - memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - /** This function found in impl {core::result::Result} */ diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 4a0da578a..debf385d0 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -5,266 +5,241 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_core_H #define __libcrux_core_H #if defined(__cplusplus) -extern "C" -{ +extern "C" { #endif #include "eurydice_glue.h" - /** - A monomorphic instance of core.ops.range.Range - with types size_t +/** +A monomorphic instance of core.ops.range.Range +with types size_t - */ - typedef struct core_ops_range_Range_b3_s - { - size_t start; - size_t end; - } core_ops_range_Range_b3; +*/ +typedef struct core_ops_range_Range_b3_s { + size_t start; + size_t end; +} core_ops_range_Range_b3; #define core_option_None 0 #define core_option_Some 1 - typedef uint8_t core_option_Option_ef_tags; - - /** - A monomorphic instance of core.option.Option - with types size_t - - */ - typedef struct core_option_Option_b3_s - { - core_option_Option_ef_tags tag; - size_t f0; - } core_option_Option_b3; - - static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); - - static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); - - /** - A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey - with const generics - - $1568size_t - */ - typedef struct libcrux_ml_kem_types_MlKemPublicKey_1f_s - { - uint8_t value[1568U]; - } libcrux_ml_kem_types_MlKemPublicKey_1f; - - /** - A monomorphic instance of core.option.Option - with types libcrux_ml_kem_types_MlKemPublicKey[[$1568size_t]] - - */ - typedef struct core_option_Option_99_s - { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_1f f0; - } core_option_Option_99; - - /** - A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey - with const generics - - $3168size_t - */ - typedef struct libcrux_ml_kem_types_MlKemPrivateKey_95_s - { - uint8_t value[3168U]; - } libcrux_ml_kem_types_MlKemPrivateKey_95; - - typedef struct libcrux_ml_kem_mlkem1024_MlKem1024KeyPair_s - { - libcrux_ml_kem_types_MlKemPrivateKey_95 sk; - libcrux_ml_kem_types_MlKemPublicKey_1f pk; - } libcrux_ml_kem_mlkem1024_MlKem1024KeyPair; - - typedef struct libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext_s - { - uint8_t value[1568U]; - } libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext; - - /** - A monomorphic instance of K. - with types libcrux_ml_kem_types_MlKemCiphertext[[$1568size_t]], - uint8_t[32size_t] - - */ - typedef struct tuple_21_s - { - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext fst; - uint8_t snd[32U]; - } tuple_21; - - /** - A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey - with const generics - - $1184size_t - */ - typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s - { - uint8_t value[1184U]; - } libcrux_ml_kem_types_MlKemPublicKey_15; - - /** - A monomorphic instance of core.option.Option - with types libcrux_ml_kem_types_MlKemPublicKey[[$1184size_t]] - - */ - typedef struct core_option_Option_92_s - { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_15 f0; - } core_option_Option_92; - - /** - A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey - with const generics - - $2400size_t - */ - typedef struct libcrux_ml_kem_types_MlKemPrivateKey_55_s - { - uint8_t value[2400U]; - } libcrux_ml_kem_types_MlKemPrivateKey_55; - - typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s - { - libcrux_ml_kem_types_MlKemPrivateKey_55 sk; - libcrux_ml_kem_types_MlKemPublicKey_15 pk; - } libcrux_ml_kem_mlkem768_MlKem768KeyPair; - - typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s - { - uint8_t value[1088U]; - } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; - - /** - A monomorphic instance of K. - with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]], - uint8_t[32size_t] - - */ - typedef struct tuple_3c_s - { - libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst; - uint8_t snd[32U]; - } tuple_3c; - - /** - A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey - with const generics - - $800size_t - */ - typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s - { - uint8_t value[800U]; - } libcrux_ml_kem_types_MlKemPublicKey_be; - - /** - A monomorphic instance of core.option.Option - with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] - - */ - typedef struct core_option_Option_04_s - { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_be f0; - } core_option_Option_04; - - /** - A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey - with const generics - - $1632size_t - */ - typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s - { - uint8_t value[1632U]; - } libcrux_ml_kem_types_MlKemPrivateKey_5e; - - /** - A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair - with const generics - - $1632size_t - - $800size_t - */ - typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s - { - libcrux_ml_kem_types_MlKemPrivateKey_5e sk; - libcrux_ml_kem_types_MlKemPublicKey_be pk; - } libcrux_ml_kem_types_MlKemKeyPair_cb; - - /** - A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext - with const generics - - $768size_t - */ - typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s - { - uint8_t value[768U]; - } libcrux_ml_kem_types_MlKemCiphertext_e8; - - /** - A monomorphic instance of K. - with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] - - */ - typedef struct tuple_ec_s - { - libcrux_ml_kem_types_MlKemCiphertext_e8 fst; - uint8_t snd[32U]; - } tuple_ec; +typedef uint8_t core_option_Option_ef_tags; + +/** +A monomorphic instance of core.option.Option +with types size_t + +*/ +typedef struct core_option_Option_b3_s { + core_option_Option_ef_tags tag; + size_t f0; +} core_option_Option_b3; + +static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); + +static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { + uint8_t value[800U]; +} libcrux_ml_kem_types_MlKemPublicKey_be; + +/** +A monomorphic instance of core.option.Option +with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] + +*/ +typedef struct core_option_Option_04_s { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_be f0; +} core_option_Option_04; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $1632size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { + uint8_t value[1632U]; +} libcrux_ml_kem_types_MlKemPrivateKey_5e; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair +with const generics +- $1632size_t +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { + libcrux_ml_kem_types_MlKemPrivateKey_5e sk; + libcrux_ml_kem_types_MlKemPublicKey_be pk; +} libcrux_ml_kem_types_MlKemKeyPair_cb; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext +with const generics +- $768size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { + uint8_t value[768U]; +} libcrux_ml_kem_types_MlKemCiphertext_e8; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] + +*/ +typedef struct tuple_ec_s { + libcrux_ml_kem_types_MlKemCiphertext_e8 fst; + uint8_t snd[32U]; +} tuple_ec; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $1568size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_1f_s { + uint8_t value[1568U]; +} libcrux_ml_kem_types_MlKemPublicKey_1f; + +/** +A monomorphic instance of core.option.Option +with types libcrux_ml_kem_types_MlKemPublicKey[[$1568size_t]] + +*/ +typedef struct core_option_Option_99_s { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_1f f0; +} core_option_Option_99; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $3168size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_95_s { + uint8_t value[3168U]; +} libcrux_ml_kem_types_MlKemPrivateKey_95; + +typedef struct libcrux_ml_kem_mlkem1024_MlKem1024KeyPair_s { + libcrux_ml_kem_types_MlKemPrivateKey_95 sk; + libcrux_ml_kem_types_MlKemPublicKey_1f pk; +} libcrux_ml_kem_mlkem1024_MlKem1024KeyPair; + +typedef struct libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext_s { + uint8_t value[1568U]; +} libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$1568size_t]], +uint8_t[32size_t] + +*/ +typedef struct tuple_21_s { + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext fst; + uint8_t snd[32U]; +} tuple_21; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $1184size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { + uint8_t value[1184U]; +} libcrux_ml_kem_types_MlKemPublicKey_15; + +/** +A monomorphic instance of core.option.Option +with types libcrux_ml_kem_types_MlKemPublicKey[[$1184size_t]] + +*/ +typedef struct core_option_Option_92_s { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_15 f0; +} core_option_Option_92; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $2400size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_55_s { + uint8_t value[2400U]; +} libcrux_ml_kem_types_MlKemPrivateKey_55; + +typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { + libcrux_ml_kem_types_MlKemPrivateKey_55 sk; + libcrux_ml_kem_types_MlKemPublicKey_15 pk; +} libcrux_ml_kem_mlkem768_MlKem768KeyPair; + +typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { + uint8_t value[1088U]; +} libcrux_ml_kem_mlkem768_MlKem768Ciphertext; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]], +uint8_t[32size_t] + +*/ +typedef struct tuple_3c_s { + libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst; + uint8_t snd[32U]; +} tuple_3c; #define core_result_Ok 0 #define core_result_Err 1 - typedef uint8_t core_result_Result_00_tags; - - /** - A monomorphic instance of core.result.Result - with types uint8_t[8size_t], core_array_TryFromSliceError - - */ - typedef struct core_result_Result_56_s - { - core_result_Result_00_tags tag; - union - { - uint8_t case_Ok[8U]; - core_array_TryFromSliceError case_Err; - } val; - } core_result_Result_56; - - /** - This function found in impl {core::result::Result} - */ - /** - A monomorphic instance of core.result.unwrap_41 - with types uint8_t[8size_t], core_array_TryFromSliceError - - */ - void core_result_unwrap_41_ac(core_result_Result_56 self, uint8_t ret[8U]); - - typedef struct Eurydice_slice_uint8_t_x2_s - { - Eurydice_slice fst; - Eurydice_slice snd; - } Eurydice_slice_uint8_t_x2; - - typedef struct Eurydice_slice_uint8_t_1size_t__x2_s - { - Eurydice_slice fst[1U]; - Eurydice_slice snd[1U]; - } Eurydice_slice_uint8_t_1size_t__x2; +typedef uint8_t core_result_Result_00_tags; + +/** +A monomorphic instance of core.result.Result +with types uint8_t[8size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_56_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[8U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_56; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[8size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_ac(core_result_Result_56 self, uint8_t ret[8U]); + +typedef struct Eurydice_slice_uint8_t_x2_s { + Eurydice_slice fst; + Eurydice_slice snd; +} Eurydice_slice_uint8_t_x2; + +typedef struct Eurydice_slice_uint8_t_1size_t__x2_s { + Eurydice_slice fst[1U]; + Eurydice_slice snd[1U]; +} Eurydice_slice_uint8_t_1size_t__x2; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 7769b768b..e45f4a347 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index 8f38be0c7..348a2c1d3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #include "libcrux_mlkem1024_neon.h" #include "internal/libcrux_mlkem_neon.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -42,6 +45,13 @@ static void decapsulate_f8( libcrux_ml_kem_ind_cca_decapsulate_82(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -49,6 +59,9 @@ void libcrux_ml_kem_mlkem1024_neon_decapsulate( decapsulate_f8(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -77,6 +90,13 @@ static void decapsulate_unpacked_c2( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -110,6 +130,13 @@ static tuple_21 encapsulate_6b( return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, uu____1); } +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { @@ -119,6 +146,9 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( return encapsulate_6b(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -147,6 +177,16 @@ static tuple_21 encapsulate_unpacked_1c( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, uu____1); } +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]) { @@ -157,6 +197,9 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( return encapsulate_unpacked_1c(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -175,6 +218,9 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( return libcrux_ml_kem_ind_cca_generate_keypair_72(uu____0); } +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -182,6 +228,9 @@ libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_91(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -201,6 +250,9 @@ generate_keypair_unpacked_87(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uu____0); } +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -209,6 +261,9 @@ libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( return generate_keypair_unpacked_87(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -221,6 +276,11 @@ static bool validate_public_key_a3(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index dc1d1a4be..9ad36777f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem1024_neon_H @@ -22,29 +22,71 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 62ab56360..ab538bf0b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #include "libcrux_mlkem1024_portable.h" @@ -38,11 +38,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_52( +static void decapsulate_3e( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_711(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_52(private_key, ciphertext, ret); + decapsulate_3e(private_key, ciphertext, ret); } /** @@ -83,11 +83,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_b6( +static void decapsulate_unpacked_81( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61(key_pair, ciphertext, ret); } /** @@ -101,7 +101,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_b6(private_key, ciphertext, ret); + decapsulate_unpacked_81(private_key, ciphertext, ret); } /** @@ -121,13 +121,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_ec( +static tuple_21 encapsulate_48( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d1(uu____0, uu____1); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ec(uu____0, uu____1); + return encapsulate_48(uu____0, uu____1); } /** @@ -167,14 +167,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_9a( +static tuple_21 encapsulate_unpacked_ac( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_311(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_861(uu____0, uu____1); } /** @@ -194,7 +194,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_9a(uu____0, uu____1); + return encapsulate_unpacked_ac(uu____0, uu____1); } /** @@ -212,11 +212,11 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_0e( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c24(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_6f1(uu____0); } /** @@ -226,7 +226,7 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_0e(uu____0); + return generate_keypair_6e(uu____0); } /** @@ -245,10 +245,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_4a(uint8_t randomness[64U]) { +generate_keypair_unpacked_f5(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uu____0); } /** @@ -259,7 +259,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_4a(uu____0); + return generate_keypair_unpacked_f5(uu____0); } /** @@ -273,8 +273,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_e11(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_351(public_key); +static bool validate_public_key_2a1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_991(public_key); } /** @@ -285,7 +285,7 @@ static bool validate_public_key_e11(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_e11(public_key.value)) { + if (validate_public_key_2a1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 417e9fffa..6f550d51e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 56d0a6c67..e8619577b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index 906114e72..1dc9ade54 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #include "libcrux_mlkem512_neon.h" #include "internal/libcrux_mlkem_neon.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -41,12 +44,22 @@ static void decapsulate_55(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_ind_cca_decapsulate_821(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_55(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -74,6 +87,13 @@ static void decapsulate_unpacked_53( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { @@ -106,6 +126,13 @@ static tuple_ec encapsulate_f8( return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, uu____1); } +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { @@ -115,6 +142,9 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( return encapsulate_f8(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -143,6 +173,14 @@ static tuple_ec encapsulate_unpacked_ce( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, uu____1); } +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]) { @@ -153,6 +191,9 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( return encapsulate_unpacked_ce(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -171,6 +212,9 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( return libcrux_ml_kem_ind_cca_generate_keypair_721(uu____0); } +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -178,6 +222,9 @@ libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_1a(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -197,6 +244,9 @@ generate_keypair_unpacked_38(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uu____0); } +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -205,6 +255,9 @@ libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( return generate_keypair_unpacked_38(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -217,6 +270,11 @@ static bool validate_public_key_a31(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e1(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index 67f26b584..e953e8cdf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem512_neon_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 7ace12866..efda480b7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #include "libcrux_mlkem512_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_be0( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f0(private_key, ciphertext, ret); +static void decapsulate_3f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_710(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_be0( void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_be0(private_key, ciphertext, ret); + decapsulate_3f(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_06( +static void decapsulate_unpacked_73( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_06( void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_06(private_key, ciphertext, ret); + decapsulate_unpacked_73(private_key, ciphertext, ret); } /** @@ -117,13 +117,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_f3( +static tuple_ec encapsulate_10( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_f3(uu____0, uu____1); + return encapsulate_10(uu____0, uu____1); } /** @@ -163,14 +163,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_01( +static tuple_ec encapsulate_unpacked_49( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_310(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_860(uu____0, uu____1); } /** @@ -188,7 +188,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_01(uu____0, uu____1); + return encapsulate_unpacked_49(uu____0, uu____1); } /** @@ -206,11 +206,11 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_df( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c21(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_6f0(uu____0); } /** @@ -220,7 +220,7 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_df(uu____0); + return generate_keypair_f9(uu____0); } /** @@ -239,10 +239,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_c0(uint8_t randomness[64U]) { +generate_keypair_unpacked_d6(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uu____0); } /** @@ -253,7 +253,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c0(uu____0); + return generate_keypair_unpacked_d6(uu____0); } /** @@ -267,8 +267,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_e10(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_350(public_key); +static bool validate_public_key_2a0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_990(public_key); } /** @@ -279,7 +279,7 @@ static bool validate_public_key_e10(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_e10(public_key.value)) { + if (validate_public_key_2a0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 8d065f1d8..0deb92f42 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index f39c8d40c..1dc07a330 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index f7f161a44..a88c7b3ed 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #include "libcrux_mlkem768_neon.h" #include "internal/libcrux_mlkem_neon.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -41,12 +44,22 @@ static void decapsulate_67( libcrux_ml_kem_ind_cca_decapsulate_820(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_67(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -74,6 +87,13 @@ static void decapsulate_unpacked_70( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -106,6 +126,13 @@ static tuple_3c encapsulate_ea( return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -115,6 +142,9 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( return encapsulate_ea(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -143,6 +173,14 @@ static tuple_3c encapsulate_unpacked_29( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]) { @@ -153,6 +191,9 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( return encapsulate_unpacked_29(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -171,6 +212,9 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( return libcrux_ml_kem_ind_cca_generate_keypair_720(uu____0); } +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -178,6 +222,9 @@ libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_1b(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -197,6 +244,9 @@ generate_keypair_unpacked_42(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uu____0); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -205,6 +255,9 @@ libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( return generate_keypair_unpacked_42(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -217,6 +270,11 @@ static bool validate_public_key_a30(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e0(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index 4bbf14bf5..34fd92317 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem768_neon_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 7556cb943..2e07aebd4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #include "libcrux_mlkem768_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_be( +static void decapsulate_03( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_71(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_be( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_be(private_key, ciphertext, ret); + decapsulate_03(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_d4( +static void decapsulate_unpacked_69( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_d4( void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d4(private_key, ciphertext, ret); + decapsulate_unpacked_69(private_key, ciphertext, ret); } /** @@ -117,13 +117,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_13( +static tuple_3c encapsulate_4b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_13(uu____0, uu____1); + return encapsulate_4b(uu____0, uu____1); } /** @@ -163,14 +163,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_1b( +static tuple_3c encapsulate_unpacked_10( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_31(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_86(uu____0, uu____1); } /** @@ -188,7 +188,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_1b(uu____0, uu____1); + return encapsulate_unpacked_10(uu____0, uu____1); } /** @@ -206,11 +206,11 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); } /** @@ -220,7 +220,7 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ff(uu____0); + return generate_keypair_64(uu____0); } /** @@ -239,10 +239,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_37(uint8_t randomness[64U]) { +generate_keypair_unpacked_c5(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uu____0); } /** @@ -253,7 +253,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_37(uu____0); + return generate_keypair_unpacked_c5(uu____0); } /** @@ -267,8 +267,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_e1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); +static bool validate_public_key_2a(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); } /** @@ -279,7 +279,7 @@ static bool validate_public_key_e1(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_e1(public_key.value)) { + if (validate_public_key_2a(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 52536a0cf..002b28c6c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index d454d6b36..3ed7fe16f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -5,17 +5,13 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ -#include "internal/libcrux_mlkem_avx2.h" - -#include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem_portable.h" -#include "internal/libcrux_sha3_avx2.h" +#include "libcrux_mlkem_avx2.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -34,9116 +30,3 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { - return libcrux_intrinsics_avx2_mm256_setzero_si256(); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { - return libcrux_ml_kem_vector_avx2_zero(); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { - return libcrux_ml_kem_vector_avx2_from_i16_array(array); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, - int16_t ret[16U]) { - int16_t output[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); - memcpy(ret, output, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]) { - libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, - __m256i rhs) { - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, - __m256i rhs) { - return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, - int16_t constant) { - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, - int16_t c) { - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - __m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_and_si256( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - __m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - vector, constant); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i v_minus_field_modulus = - libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - __m256i sign_mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, __m256i); - __m256i conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); - return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); -} - -/** - See Section 3.2 of the implementation notes document for an explanation - of this code. -*/ -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { - __m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - __m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, __m256i); - __m256i quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, - quotient_times_field_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - __m256i vector, int16_t constant) { - __m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - __m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - __m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - vector, constant); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - __m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)2); - __m256i field_modulus_quartered = libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)4); - __m256i shifted = - libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - __m256i mask = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, shifted, __m256i); - __m256i shifted_to_positive = - libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - __m256i shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - vector); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - __m256i lhs, __m256i rhs) { - __m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - __m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, __m256i), - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, __m256i)); - return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), - libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - __m256i v, __m256i c) { - __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, - int16_t zeta3) { - __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, - -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - vector, __m256i); - __m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, - vector, __m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, - zeta2, zeta3); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - __m256i vector, int16_t zeta0, int16_t zeta1) { - __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, - -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)238, - vector, __m256i); - __m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - __m256i lhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)68, vector, __m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); -} - -KRML_MUSTINLINE __m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - __m128i v, __m128i c) { - __m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - __m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m128i k_times_modulus = libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) { - __m128i rhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m128i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - __m128i lhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - __m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, - int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, - int16_t zeta3) { - __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - vector, __m256i); - __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, - vector, __m256i); - __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, - (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1)); - __m256i sum0 = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - __m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum0, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, - (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, - (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - __m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)204, sum, - sum_times_zetas, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - vector, zeta0, zeta1, zeta2, zeta3); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - __m256i vector, int16_t zeta0, int16_t zeta1) { - __m256i lhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, __m256i); - __m256i rhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, __m256i); - __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, - (int16_t)1)); - __m256i sum = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - __m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, - (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, - (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)240, sum, - sum_times_zetas, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, - zeta1); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - __m256i vector, int16_t zeta) { - __m128i lhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m128i rhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - __m128i upper_coefficients0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - __m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, - int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { - __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - v, - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, __m256i); - __m256i result = - libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - __m256i result0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, result, __m256i); - return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - __m256i); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, - int16_t zeta3) { - __m256i shuffle_with = libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - __m256i lhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - __m256i lhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, __m256i); - __m128i lhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - __m256i lhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - __m128i lhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, __m128i); - __m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - __m256i rhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - __m256i rhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, __m256i); - __m128i rhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - __m256i rhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - __m128i rhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, __m128i); - __m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - __m256i left = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - __m256i right = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - __m256i right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - __m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( - right0, - libcrux_intrinsics_avx2_mm256_set_epi32( - -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, - -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - __m256i products_left = libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - __m256i products_left0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_left); - __m256i rhs_adjacent_swapped = libcrux_intrinsics_avx2_mm256_shuffle_epi8( - rhs, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, - (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, - (int8_t)1, (int8_t)0, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, - (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, - (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - __m256i products_right = - libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - __m256i products_right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_right); - __m256i products_right1 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, products_right0, __m256i); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, - int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, - zeta1, zeta2, zeta3); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - __m256i vector, uint8_t ret[2U]) { - __m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, __m256i); - __m128i low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - __m128i high_msbs = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, __m128i); - __m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - uint8_t serialized[2U] = {0U}; - serialized[0U] = (uint8_t)bits_packed; - serialized[1U] = (uint8_t)(bits_packed >> 8U); - memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, - uint8_t ret[2U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - __m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); - __m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, - coefficients_in_msb, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - __m256i vector, uint8_t ret[8U]) { - uint8_t serialized[16U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0)); - __m256i combined = libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - adjacent_8_combined, libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); - __m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); - uint8_t ret0[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients, shift_lsbs_to_msbs); - __m256i coefficients_in_lsb = libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)4, coefficients_in_msb, __m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 4U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - __m256i vector, uint8_t ret[10U]) { - uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22)); - __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)22, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, __m256i); - __m256i adjacent_8_combined0 = libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)12)); - __m256i adjacent_8_combined1 = libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, __m256i); - __m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, __m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[10U]; - core_result_Result_cd dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); - core_result_unwrap_41_e8(dst, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - __m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - __m256i coefficients_loaded = - libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - __m256i coefficients_loaded0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, __m256i); - __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, (int8_t)8, - (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, (int8_t)4, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, (int8_t)2, - (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - __m256i vector, uint8_t ret[20U]) { - uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12)); - __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, - (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); - __m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, __m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[20U]; - core_result_Result_7a dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); - core_result_unwrap_41_34(dst, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, - uint8_t ret[20U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); - __m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, - 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); - __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, - 9U, 8U, 8U, 7U, 7U, 6U)); - __m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, __m256i); - __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)6, coefficients1, __m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 10U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - __m256i vector, uint8_t ret[22U]) { - int16_t array[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), - vector); - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, - uint8_t ret[22U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - __m256i vector, uint8_t ret[24U]) { - uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); - __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)8, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, - (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, (int8_t)12, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); - __m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, __m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[24U]; - core_result_Result_6f dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); - core_result_unwrap_41_1c(dst, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, - uint8_t ret[24U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, - 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); - __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, - 10U, 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - __m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, __m256i); - __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)4, coefficients1, __m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 12U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); -} - -KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, Eurydice_slice output) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i potential_coefficients = - libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - __m256i compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); - uint8_t good[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, - good); - uint8_t lower_shuffles[16U]; - memcpy(lower_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[0U]], - (size_t)16U * sizeof(uint8_t)); - __m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); - __m128i lower_coefficients = - libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); - size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); - uint8_t upper_shuffles[16U]; - memcpy(upper_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[1U]], - (size_t)16U * sizeof(uint8_t)); - __m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); - __m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, __m128i); - __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), - upper_coefficients0); - size_t uu____0 = sampled_count; - return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, - Eurydice_slice output) { - return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} -*/ -inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { - return self[0U]; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - return lit; -} - -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); - } - return re; -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -static KRML_MUSTINLINE __m256i shift_right_98(__m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea -with const generics -- SHIFT_BY= 15 -*/ -static __m256i shift_right_ea_92(__m256i vector) { - return shift_right_98(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static __m256i to_unsigned_representative_a4(__m256i a) { - __m256i t = shift_right_ea_92(a); - __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - __m256i coefficient = to_unsigned_representative_a4(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -static KRML_MUSTINLINE void serialize_secret_key_ae1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -/** - Concatenate `t` and `ρ` into the public key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -static KRML_MUSTINLINE void serialize_public_key_d01( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); - uint8_t ret0[1152U]; - serialize_secret_key_ae1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_5d4( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - serialize_public_key_d01( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; -} tuple_9b0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void G_a9_681(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static void closure_b81( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_4d1(uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_ca1(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_4d1(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b1( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d1( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_6b1(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_1b1( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a1( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_1b1(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_89_10(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( - int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_from_xof_b01( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_ca1(uu____0); - uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_a9_4d1(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb3( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_block_a9_5a1(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb4( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_791(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_matrix_A_a21( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_b81(A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_b01(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b00_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; - uint8_t snd; -} tuple_b00; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_1c2(input, ret); -} - -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- ETA= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_470(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c1(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_7_45( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = - libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); - re->coefficients[j] = - libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); - } -} - -typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { - __m256i fst; - __m256i snd; -} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static __m256i montgomery_multiply_fe_9d(__m256i v, int16_t fer) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_f4(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_9d(b, zeta_r); - b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); - a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, - .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_65( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_f4( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - __m256i x = uu____0.fst; - __m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_3_b4( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_2_7c( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_1_c2( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void poly_barrett_reduce_89_99( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - self->coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b5( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_45(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); -} - -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - } - return out; -} - -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_971( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, - Eurydice_slice), - __m256i, size_t); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static __m256i to_standard_domain_42(__m256i v) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - __m256i coefficient_normal_form = - to_standard_domain_42(self->coefficients[j]); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, - &error->coefficients[j])); - } -} - -/** - Compute  ◦ ŝ + ê -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_f01( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_971(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_9b0 generate_keypair_unpacked_6c1( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_681(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a21(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_151(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_151(uu____3, domain_separator).fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_f01(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_e31( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_48( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - __m256i ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, __m256i, void *); - memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_e31(A[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t pk_serialized[1184U]; - serialize_public_key_d01( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( - Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - serialize_public_key_d01(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_ae1(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_751( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_a9_651(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_e11(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_751( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a70(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c90( - uu____2, libcrux_ml_kem_types_from_b6_4c0(uu____3)); -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF -with const generics -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_a9_934(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_78( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_ba( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_1f( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_df(__m256i a, __m256i b, int16_t zeta_r) { - __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); - a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = montgomery_multiply_fe_9d(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, - .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_a2( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_df( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - __m256i x = uu____0.fst; - __m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_571( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_error_reduce_89_91( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - __m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - self->coefficients[j], (int16_t)1441); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, - &error->coefficients[j])); - } -} - -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_vector_u_001( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_971(&result[i1], &product); - } - invert_ntt_montgomery_571(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static __m256i decompress_1_91(__m256i v) { - return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_b9(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - re.coefficients[i0] = decompress_1_91(coefficient_compressed);); - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_67( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - __m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - result.coefficients[i0], (int16_t)1441); - __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea(self->coefficients[i0], - &message->coefficients[i0]); - __m256i tmp0 = - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); - result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); - } - return result; -} - -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_711( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_571(&result); - result = add_message_error_reduce_89_67(error_2, message, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_8a(__m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - __m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)10, coefficients_low0, __m256i); - __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_low, field_modulus_halved); - __m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)10, coefficients_high0, __m256i); - __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_high, field_modulus_halved); - __m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_high2, coefficient_bits_mask); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - compressed_low3, compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 10 -*/ -static __m256i compress_ea_80(__m256i vector) { - return compress_ciphertext_coefficient_8a(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_10_2f( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - __m256i coefficient = - compress_ea_80(to_unsigned_representative_a4(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_8a0(__m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - __m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)11, coefficients_low0, __m256i); - __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_low, field_modulus_halved); - __m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)11, coefficients_high0, __m256i); - __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_high, field_modulus_halved); - __m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_high2, coefficient_bits_mask); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - compressed_low3, compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 11 -*/ -static __m256i compress_ea_800(__m256i vector) { - return compress_ciphertext_coefficient_8a0(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b2( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10_2f(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_841( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_8a1(__m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - __m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)4, coefficients_low0, __m256i); - __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_low, field_modulus_halved); - __m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)4, coefficients_high0, __m256i); - __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_high, field_modulus_halved); - __m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_high2, coefficient_bits_mask); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - compressed_low3, compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 4 -*/ -static __m256i compress_ea_801(__m256i vector) { - return compress_ciphertext_coefficient_8a1(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_4_b7( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - __m256i coefficient = - compress_ea_801(to_unsigned_representative_a4(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_8a2(__m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - __m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)5, coefficients_low0, __m256i); - __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_low, field_modulus_halved); - __m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)5, coefficients_high0, __m256i); - __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_high, field_modulus_halved); - __m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_high2, coefficient_bits_mask); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - compressed_low3, compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 5 -*/ -static __m256i compress_ea_802(__m256i vector) { - return compress_ciphertext_coefficient_8a2(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_5_35( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - __m256i coefficients = - compress_ea_802(to_unsigned_representative_a4(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_39( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_b7(re, out); -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_881( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_151(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = sample_ring_element_cbd_471(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_934( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_001(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_711(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_841( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_unpacked_881(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f50(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_e21(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_fb1(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_5d3( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a21(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; - memcpy( - uu____0, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; - memcpy(uu____1, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_881(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -static KRML_MUSTINLINE void kdf_af_501(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_e21( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_a9_651(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_fb1(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f50(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_501(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_55(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)1 << (uint32_t)(int32_t)10); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_low0, field_modulus); - __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)10, decompressed_low1, __m256i); - __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_high0, field_modulus); - __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)10, decompressed_high1, __m256i); - __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - decompressed_low3, decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 10 -*/ -static __m256i decompress_ciphertext_coefficient_ea_1d(__m256i vector) { - return decompress_ciphertext_coefficient_55(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_a7(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_550(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)1 << (uint32_t)(int32_t)11); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_low0, field_modulus); - __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)11, decompressed_low1, __m256i); - __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_high0, field_modulus); - __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)11, decompressed_high1, __m256i); - __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - decompressed_low3, decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 11 -*/ -static __m256i decompress_ciphertext_coefficient_ea_1d0(__m256i vector) { - return decompress_ciphertext_coefficient_550(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_8d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d0(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_10(Eurydice_slice serialized) { - return deserialize_then_decompress_10_a7(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void ntt_vector_u_fe( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); -} - -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b51( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_10(u_bytes); - ntt_vector_u_fe(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_551(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)1 << (uint32_t)(int32_t)4); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_low0, field_modulus); - __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)4, decompressed_low1, __m256i); - __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_high0, field_modulus); - __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)4, decompressed_high1, __m256i); - __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - decompressed_low3, decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 4 -*/ -static __m256i decompress_ciphertext_coefficient_ea_1d1(__m256i vector) { - return decompress_ciphertext_coefficient_551(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_9a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d1(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_552(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)1 << (uint32_t)(int32_t)5); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_low0, field_modulus); - __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)5, decompressed_low1, __m256i); - __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_high0, field_modulus); - __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)5, decompressed_high1, __m256i); - __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - decompressed_low3, decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 5 -*/ -static __m256i decompress_ciphertext_coefficient_ea_1d2(__m256i vector) { - return decompress_ciphertext_coefficient_552(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_75(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); - re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_1d2(re.coefficients[i0]); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_5b(Eurydice_slice serialized) { - return deserialize_then_decompress_4_9a(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - __m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - b.coefficients[i0], (int16_t)1441); - b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], - &coefficient_normal_form)); - } - return b; -} - -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_221( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_571(&result); - result = subtract_reduce_89_63(v, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_message_ec( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_representative_a4(re.coefficients[i0]); - __m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_8c1( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_b51(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_221(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF -with const generics -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 3 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_8c1(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_933( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_881(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_63(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); - } - return re; -} - -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_201( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_391(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_201(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_8c1(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_c41( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_391(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_933( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_fb1(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_501( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_501(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1568 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- OUT_LEN= 1536 -*/ -static KRML_MUSTINLINE void serialize_secret_key_ae0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[1536U]) { - uint8_t out[1536U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); -} - -/** - Concatenate `t` and `ρ` into the public key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -static KRML_MUSTINLINE void serialize_public_key_d00( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); - uint8_t ret0[1536U]; - serialize_secret_key_ae0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_5d2( - Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1568U]; - serialize_public_key_d00( - uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]] - -*/ -typedef struct tuple_54_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 snd; -} tuple_54; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void G_a9_680(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static void closure_b80( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_4d0(uint8_t input[4U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_ca0(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_4d0(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b0( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { - uint8_t out[4U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____3[504U]; - memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d0( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_6b0(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 4 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( - uint8_t randomness[4U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_1b0( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { - uint8_t out[4U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____3[168U]; - memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a0( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_1b0(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 4 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( - uint8_t randomness[4U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( - int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_from_xof_b00( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - size_t sampled_coefficients[4U] = {0U}; - int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_ca0(uu____0); - uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_a9_4d0(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb1( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[4U][168U]; - shake128_squeeze_block_a9_5a0(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb2( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_790(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_matrix_A_a20( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_b80(A_transpose[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_b00(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[4size_t], uint8_t - -*/ -typedef struct tuple_71_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[4U]; - uint8_t snd; -} tuple_71; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - uint8_t out[4U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____3[128U]; - memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_1c1(input, ret); -} - -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; - memcpy( - uu____2, re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_71 lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_970( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, - Eurydice_slice), - __m256i, size_t); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** - Compute  ◦ ŝ + ê -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_f00( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_970(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_54 generate_keypair_unpacked_6c0( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_680(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a20(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_150(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_150(uu____3, domain_separator).fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_f00(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[4U]; - memcpy( - uu____4, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U][4U]; - memcpy(uu____5, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[4U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_e30( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_54 uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_e30(A[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; - memcpy(uu____2, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t pk_serialized[1568U]; - serialize_public_key_d00( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( - Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_6c0(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; - uint8_t public_key_serialized[1568U]; - serialize_public_key_d00(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_ae0(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -- SERIALIZED_KEY_LEN= 3168 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_750( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_a9_650(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); -} - -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_e10(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_750( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_a71(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c91( - uu____2, libcrux_ml_kem_types_from_b6_4c1(uu____3)); -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; - memcpy( - uu____2, error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_71 lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_a9_932(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_570( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); -} - -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_vector_u_000( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_970(&result[i1], &product); - } - invert_ntt_montgomery_570(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_710( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_570(&result); - result = add_message_error_reduce_89_67(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_11_d10( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - __m256i coefficient = - compress_ea_800(to_unsigned_representative_a4(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 11 -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b20( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11_d10(re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); -} - -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- OUT_LEN= 1408 -- COMPRESSION_FACTOR= 11 -- BLOCK_LEN= 352 -*/ -static void compress_then_serialize_u_840( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u_b20(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 5 -- OUT_LEN= 160 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_390( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_35(re, out); -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_880( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_150(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = sample_ring_element_cbd_470(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; - memcpy( - error_1, uu____3.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_932( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_000(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_710(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; - memcpy( - uu____5, u, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_840( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_390( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_unpacked_880(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f51(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_e20(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_fb0(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_5d1( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a20(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; - memcpy( - uu____0, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[4U][4U]; - memcpy(uu____1, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_880(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -*/ -static KRML_MUSTINLINE void kdf_af_500(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_e20( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_a9_650(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_fb0(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f51(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_500(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_100(Eurydice_slice serialized) { - return deserialize_then_decompress_11_8d(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void ntt_vector_u_fe0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); -} - -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b50( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_100(u_bytes); - ntt_vector_u_fe0(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_5b0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_75(serialized); -} - -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_220( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_570(&result); - result = subtract_reduce_89_63(v, result); - return result; -} - -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_unpacked_8c0( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_b50(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b0( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_220(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 4 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_8c0(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_931( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_880(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_200( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_390(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_200(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_8c0(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_c40( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_390(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_931( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_fb0(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_500( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_500(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 800 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- OUT_LEN= 768 -*/ -static KRML_MUSTINLINE void serialize_secret_key_ae( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[768U]) { - uint8_t out[768U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); -} - -/** - Concatenate `t` and `ρ` into the public key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -static KRML_MUSTINLINE void serialize_public_key_d0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); - uint8_t ret0[768U]; - serialize_secret_key_ae(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_5d0( - Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[800U]; - serialize_public_key_d0( - uu____0, - Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]] - -*/ -typedef struct tuple_4c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 snd; -} tuple_4c; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void G_a9_68(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static void closure_b8( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_4d(uint8_t input[2U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_ca(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_4d(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { - uint8_t out[2U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_6b(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 2 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( - uint8_t randomness[2U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_1b( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { - uint8_t out[2U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_1b(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 2 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( - uint8_t randomness[2U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( - int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_from_xof_b0( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - size_t sampled_coefficients[2U] = {0U}; - int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_ca(uu____0); - uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_a9_4d(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[2U][168U]; - shake128_squeeze_block_a9_5a(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb0( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_79(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_matrix_A_a2( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_b8(A_transpose[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_b0(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[2size_t], uint8_t - -*/ -typedef struct tuple_74_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[2U]; - uint8_t snd; -} tuple_74; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - uint8_t out0[192U] = {0U}; - uint8_t out1[192U] = {0U}; - uint8_t out2[192U] = {0U}; - uint8_t out3[192U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[192U]; - memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); - uint8_t uu____1[192U]; - memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_a9_51(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_1c(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- ETA= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_47(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_43(randomness); -} - -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- ETA= 3 -- ETA_RANDOMNESS_SIZE= 192 -*/ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN_a9_51(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; - memcpy( - uu____2, re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_74 lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_97( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, - Eurydice_slice), - __m256i, size_t); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** - Compute  ◦ ŝ + ê -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_97(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static tuple_4c generate_keypair_unpacked_6c( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a2(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_15(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_15(uu____3, domain_separator).fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[2U]; - memcpy( - uu____4, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U][2U]; - memcpy(uu____5, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[2U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static void closure_e3( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_4c uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_e3(A[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; - memcpy(uu____2, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t pk_serialized[800U]; - serialize_public_key_d0( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- PRIVATE_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( - Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_6c(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; - uint8_t public_key_serialized[800U]; - serialize_public_key_d0(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[768U]; - serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); - return lit; -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -- SERIALIZED_KEY_LEN= 1632 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_75( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_a9_65(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); -} - -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_e1(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_75( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - uint8_t out[2U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - PRFxN_1c0(input, ret); -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - PRFxN_a9_510(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; - memcpy( - uu____2, error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_74 lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_a9_930(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_57( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); -} - -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_vector_u_00( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_97(&result[i1], &product); - } - invert_ntt_montgomery_57(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_71( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_57(&result); - result = add_message_error_reduce_89_67(error_2, message, result); - return result; -} - -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- OUT_LEN= 640 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_84( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_88( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_15(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = sample_ring_element_cbd_47(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; - memcpy( - error_1, uu____3.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_930( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_00(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_71(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; - memcpy( - uu____5, u, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_84( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_e2(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 768 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_fb(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_5d( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a2(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; - memcpy( - uu____0, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[2U][2U]; - memcpy(uu____1, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_88(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -*/ -static KRML_MUSTINLINE void kdf_af_50(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_e2( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_a9_65(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_fb(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_50(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b5( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_10(u_bytes); - ntt_vector_u_fe(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_22( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_57(&result); - result = subtract_reduce_89_63(v, result); - return result; -} - -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_8c( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_b5(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_22(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 2 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_8c(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_93( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_20( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_39(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_20(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_8c(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_c4( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_39(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_93( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_fb(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_50( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_50(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 0c5c9ed7a..638c2cdaa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem_avx2_H @@ -20,9 +20,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem_portable.h" #include "libcrux_sha3.h" -#include "libcrux_sha3_avx2.h" void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]); @@ -30,505 +28,6 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); -__m256i libcrux_ml_kem_vector_avx2_zero(void); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); - -__m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array); - -void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]); - -__m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs); - -__m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs); - -__m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - __m256i vector, int16_t constant); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, - int16_t c); - -__m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - __m256i vector, int16_t constant); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - __m256i vector, int16_t constant); - -__m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - __m256i vector); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector); - -#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -/** - See Section 3.2 of the implementation notes document for an explanation - of this code. -*/ -__m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector); - -__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - __m256i vector, int16_t constant); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - __m256i vector, int16_t constant); - -__m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - __m256i vector); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector); - -__m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, - __m256i rhs); - -__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - __m256i v, __m256i c); - -__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(__m256i vector, - int16_t zeta0, - int16_t zeta1); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1); - -__m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - __m128i v, __m128i c); - -__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, - int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, - int16_t zeta); - -__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector, - int16_t zeta0, - int16_t zeta1); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1); - -__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(__m256i vector, - int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, - int16_t zeta); - -__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v); - -__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(__m256i lhs, __m256i rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, - int16_t zeta3); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_1(__m256i vector, - uint8_t ret[2U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, uint8_t ret[2U]); - -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_4(__m256i vector, - uint8_t ret[8U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, uint8_t ret[8U]); - -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_5(__m256i vector, - uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, - uint8_t ret[10U]); - -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_10(__m256i vector, - uint8_t ret[20U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, - uint8_t ret[20U]); - -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_11(__m256i vector, - uint8_t ret[22U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, - uint8_t ret[22U]); - -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_12(__m256i vector, - uint8_t ret[24U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, - uint8_t ret[24U]); - -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes); - -size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, Eurydice_slice output); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, - Eurydice_slice output); - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} -*/ -__m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self); - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - __m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6; - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index f032daea7..7524cf6c2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -5,13 +5,16 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ -#include "libcrux_mlkem_neon.h" +#include "internal/libcrux_mlkem_neon.h" + +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -30,3 +33,9279 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), + .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ZERO_20(void) { + return libcrux_ml_kem_vector_neon_vector_type_ZERO(); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), + .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { + return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { + int16_t out[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice), + v.low); + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice), + v.high); + memcpy(ret, out, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_to_i16_array_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); + return lhs; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_add_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); + return lhs; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_sub_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); + v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + int16x8_t c0 = libcrux_intrinsics_arm64__vdupq_n_s16(c); + v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + int16x8_t c = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); + uint16x8_t m0 = libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); + uint16x8_t m1 = libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); + int16x8_t c0 = libcrux_intrinsics_arm64__vandq_s16( + c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); + int16x8_t c1 = libcrux_intrinsics_arm64__vandq_s16( + c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); + v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_cond_subtract_3329_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); +} + +KRML_MUSTINLINE int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(int16x8_t v) { + int16x8_t adder = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); + int16x8_t vec = libcrux_intrinsics_arm64__vqdmulhq_n_s16( + v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); + int16x8_t vec0 = libcrux_intrinsics_arm64__vaddq_s16(vec, adder); + int16x8_t quotient = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)11, vec0, int16x8_t); + int16x8_t sub = libcrux_intrinsics_arm64__vmulq_n_s16( + quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_intrinsics_arm64__vsubq_s16(v, sub); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); +} + +KRML_MUSTINLINE int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + int16x8_t low, int16x8_t high) { + int16x8_t k = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vmulq_n_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), + (uint16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + int16x8_t c = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), + int16x8_t); + return libcrux_intrinsics_arm64__vsubq_s16(high, c); +} + +KRML_MUSTINLINE int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + int16x8_t v, int16_t c) { + int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_n_s16(v, c); + int16x8_t v_high = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.low, c); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.high, c); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + v, c); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + int16x8_t half = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); + int16x8_t quarter = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); + int16x8_t shifted = libcrux_intrinsics_arm64__vsubq_s16(half, v.low); + int16x8_t mask0 = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, shifted, int16x8_t); + int16x8_t shifted_to_positive = + libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); + int16x8_t shifted_positive_in_range = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range), + uint16x8_t)); + int16x8_t shifted0 = libcrux_intrinsics_arm64__vsubq_s16(half, v.high); + int16x8_t mask = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, shifted0, int16x8_t); + int16x8_t shifted_to_positive0 = + libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); + int16x8_t shifted_positive_in_range0 = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range0), + uint16x8_t)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_1(v); +} + +KRML_MUSTINLINE int16_t +libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + int16_t coefficient_bits) { + int16_t uu____0; + switch (coefficient_bits) { + case 4: { + uu____0 = (int16_t)15; + break; + } + case 5: { + uu____0 = (int16_t)31; + break; + } + case 10: { + uu____0 = (int16_t)1023; + break; + } + case 11: { + uu____0 = (int16_t)2047; + break; + } + default: { + int16_t x = coefficient_bits; + uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; + } + } + return uu____0; +} + +KRML_MUSTINLINE int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + int16x8_t v, int16x8_t c) { + int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_s16(v, c); + int16x8_t v_high = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + int16x8_t dup_a = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + int16x8_t dup_b = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, + zeta4); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + int16x8_t dup_a = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + int16x8_t dup_b = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + v.high, zeta0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + int16x8_t a0 = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + int16x8_t b0 = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + int16x8_t b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + int16x8_t a1 = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); + int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, + zeta3, zeta4); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + int16x8_t a0 = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + int16x8_t b0 = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + int16x8_t b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + int16x8_t b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); + v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta0); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, + zeta2, zeta4, -zeta2, -zeta4}; + int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + int16x8_t a0 = libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); + int16x8_t a1 = libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); + int16x8_t b0 = libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); + int16x8_t b1 = libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); + int16x8_t a1b1 = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, + b1); + int32x4_t a1b1_low = libcrux_intrinsics_arm64__vmull_s16( + libcrux_intrinsics_arm64__vget_low_s16(a1b1), + libcrux_intrinsics_arm64__vget_low_s16(zeta)); + int32x4_t a1b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); + int16x8_t fst_low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), + libcrux_intrinsics_arm64__vget_low_s16(b0))); + int16x8_t fst_high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); + int32x4_t a0b1_low = libcrux_intrinsics_arm64__vmull_s16( + libcrux_intrinsics_arm64__vget_low_s16(a0), + libcrux_intrinsics_arm64__vget_low_s16(b1)); + int32x4_t a0b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); + int16x8_t snd_low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), + libcrux_intrinsics_arm64__vget_low_s16(b0))); + int16x8_t snd_high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); + int16x8_t fst_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); + int16x8_t fst_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); + int16x8_t snd_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); + int16x8_t snd_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); + int16x8_t fst = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + fst_low16, fst_high16); + int16x8_t snd = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + snd_low16, snd_high16); + int32x4_t low0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); + int32x4_t high0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); + int16x8_t low1 = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); + int16x8_t high1 = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); + uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, + 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; + uint8x16_t index = libcrux_intrinsics_arm64__vld1q_u8( + Eurydice_array_to_slice((size_t)16U, indexes, uint8_t, Eurydice_slice)); + int16x8_t low2 = libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); + int16x8_t high2 = libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low2, .high = high2}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_multiply_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, + zeta3, zeta4); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, + (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; + int16x8_t shift = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, shifter, int16_t, Eurydice_slice)); + int16x8_t low0 = libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); + int16x8_t high0 = libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); + int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); + int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); + ret[0U] = (uint8_t)low; + ret[1U] = (uint8_t)high; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { + int16x8_t one = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); + int16x8_t low0 = libcrux_intrinsics_arm64__vdupq_n_s16(( + int16_t)Eurydice_slice_index(a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + int16x8_t high0 = libcrux_intrinsics_arm64__vdupq_n_s16(( + int16_t)Eurydice_slice_index(a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); + int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, + (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; + int16x8_t shift = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, shifter, int16_t, Eurydice_slice)); + int16x8_t low = libcrux_intrinsics_arm64__vshlq_s16(low0, shift); + int16x8_t high = libcrux_intrinsics_arm64__vshlq_s16(high0, shift); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vandq_s16(low, one), + .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, + (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; + int16x8_t shift = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, shifter, int16_t, Eurydice_slice)); + uint16x8_t lowt = libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); + uint16x8_t hight = libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); + uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(lowt)); + uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(lowt)); + uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(hight)); + uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(hight)); + uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; + uint8_t ret0[8U]; + core_num__u64_9__to_le_bytes(sum, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_4_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_deserialize_4_0d(v); + int16_t input_i16s[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { + int16_t out_i16s[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( + (size_t)16U, out_i16s, int16_t, Eurydice_slice)); + uint8_t ret0[10U]; + libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_5_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_5_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { + int32x4_t low00 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + int32x4_t low10 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + int32x4_t mixt = libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, low00, + low10, int32x4_t); + int64x2_t low0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + int64x2_t low1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, low0, low1, int64x2_t); + int32x4_t high00 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + int32x4_t high10 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + int32x4_t mixt0 = libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, high00, + high10, int32x4_t); + int64x2_t high0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + int64x2_t high1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + int64x2_t high_mix = libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, high0, + high1, int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[20U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_10_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_10_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { + int16_t out_i16s[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( + (size_t)16U, out_i16s, int16_t, Eurydice_slice)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_11_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { + int32x4_t low00 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + int32x4_t low10 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + int32x4_t mixt = libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, low00, + low10, int32x4_t); + int64x2_t low0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + int64x2_t low1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, low0, low1, int64x2_t); + int32x4_t high00 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + int32x4_t high10 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + int32x4_t mixt0 = libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, high00, + high10, int32x4_t); + int64x2_t high0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + int64x2_t high1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + int64x2_t high_mix = libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, high0, + high1, int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[24U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_12_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { + uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, + 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; + uint8x16_t index_vec = libcrux_intrinsics_arm64__vld1q_u8( + Eurydice_array_to_slice((size_t)16U, indexes, uint8_t, Eurydice_slice)); + int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, + (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; + int16x8_t shift_vec = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); + uint16x8_t mask12 = libcrux_intrinsics_arm64__vdupq_n_u16(4095U); + uint8_t input0[16U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8x16_t input_vec0 = libcrux_intrinsics_arm64__vld1q_u8( + Eurydice_array_to_slice((size_t)16U, input0, uint8_t, Eurydice_slice)); + uint8_t input1[16U] = {0U}; + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8x16_t input_vec1 = libcrux_intrinsics_arm64__vld1q_u8( + Eurydice_array_to_slice((size_t)16U, input1, uint8_t, Eurydice_slice)); + uint16x8_t moved0 = libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); + uint16x8_t shifted0 = libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); + int16x8_t low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); + uint16x8_t moved1 = libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); + uint16x8_t shifted1 = libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); + int16x8_t high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low, .high = high}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); +} + +KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { + size_t sampled = (size_t)0U; + core_slice_iter_Chunks iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, core_slice_iter_Chunks); + while (true) { + core_option_Option_44 uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( + &iter, uint8_t, core_option_Option_44); + if (uu____0.tag == core_option_None) { + break; + } else { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + int16_t uu____2; + bool uu____3; + size_t uu____4; + int16_t uu____5; + size_t uu____6; + int16_t uu____7; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = + d1; + sampled++; + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, + int16_t) = uu____5; + sampled++; + continue; + } + } + continue; + } + } + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = + uu____5; + sampled++; + continue; + } + } + } + } + return sampled; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, + Eurydice_slice out) { + return libcrux_ml_kem_vector_neon_rej_sample(a, out); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_clone_ed( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { + return self[0U]; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c ZERO_89_06(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); + return lit; +} + +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_to_reduced_ring_element_e3(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 800 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a64( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +shift_right_d3(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, v.low, int16x8_t); + v.high = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, v.high, int16x8_t); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 +with const generics +- SHIFT_BY= 15 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector shift_right_20_6a( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return shift_right_d3(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +to_unsigned_representative_64( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = shift_right_20_6a(a); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = + libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_neon_add_20(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_77( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + to_unsigned_representative_64(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- OUT_LEN= 768 +*/ +static KRML_MUSTINLINE void serialize_secret_key_5d1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_77(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +static KRML_MUSTINLINE void serialize_public_key_701( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + uint8_t ret0[768U]; + serialize_secret_key_5d1(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_7e1(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; + deserialize_ring_elements_reduced_a64( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[800U]; + serialize_public_key_701( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]] + +*/ +typedef struct tuple_4c0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 snd; +} tuple_4c0; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void G_48_771(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_neon_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static void closure_de1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +typedef struct Simd128Hash_s { + libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; +} Simd128Hash; + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb with const generics +- K= 2 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_6b1(uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = + libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { + uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, state, + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics +- K= 2 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_48_551(uint8_t input[2U][34U]) { + uint8_t uu____0[2U][34U]; + memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_6b1(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_b71( + Simd128Hash *st, uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[504U], void *); + uint8_t out3[504U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[504U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + st->shake128_state, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks_48 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_48_e91( + Simd128Hash *self, uint8_t ret[2U][504U]) { + shake128_squeeze_three_blocks_b71(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 2 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e63( + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_7d1(Simd128Hash *st, + uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[168U], void *); + uint8_t out3[168U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[168U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + st->shake128_state, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block_48 with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_48_ad1( + Simd128Hash *self, uint8_t ret[2U][168U]) { + shake128_squeeze_block_7d1(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 2 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e64( + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +from_i16_array_89_f3(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d51( + int16_t s[272U]) { + return from_i16_array_89_f3(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_from_xof_c01( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_48_551(uu____0); + uint8_t randomness0[2U][504U]; + shake128_squeeze_three_blocks_48_e91(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_e63( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_block_48_ad1(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_e64( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = closure_d51(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_matrix_A_481( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + closure_de1(A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[2U]; + sample_from_xof_c01(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[2size_t], uint8_t + +*/ +typedef struct tuple_740_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[2U]; + uint8_t snd; +} tuple_740; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_891(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + uint8_t out0[192U] = {0U}; + uint8_t out1[192U] = {0U}; + uint8_t out2[192U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[192U], void *); + uint8_t out3[192U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[192U], void *); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[192U]; + memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); + uint8_t uu____1[192U]; + memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_48_a91(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + PRFxN_891(input, ret); +} + +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_2_c3(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_f3(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_3_27(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_f3(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- ETA= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_2c0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_27(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_7_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + libcrux_ml_kem_vector_neon_multiply_by_constant_20( + re->coefficients[j + step], (int16_t)-1600); + re->coefficients[j + step] = + libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); + re->coefficients[j] = uu____1; + } +} + +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +montgomery_multiply_fe_91( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { + return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 +ntt_layer_int_vec_step_9c( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + montgomery_multiply_fe_91(b, zeta_r); + b = libcrux_ml_kem_vector_neon_sub_20(a, &t); + a = libcrux_ml_kem_vector_neon_add_20(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ + .fst = a, .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_4_plus_2a( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = + ntt_layer_int_vec_step_9c( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_3_f4( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_2_d0( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_1_39( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void poly_barrett_reduce_89_5f( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_cf( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + ntt_at_layer_7_67(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_f4(&zeta_i, re); + ntt_at_layer_2_d0(&zeta_i, re); + ntt_at_layer_1_39(&zeta_i, re); + poly_barrett_reduce_89_5f(re); +} + +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- ETA= 3 +- ETA_RANDOMNESS_SIZE= 192 +*/ +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN_48_a91(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_2c0( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; + memcpy( + uu____2, re_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_740 lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +ntt_multiply_89_16(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_multiply_20( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_ae1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +to_standard_domain_fc(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = to_standard_domain_fc(self->coefficients[j]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +/** + Compute  ◦ ŝ + ê +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_951( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ae1(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static tuple_4c0 generate_keypair_unpacked_ff1( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_48_771(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_481(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_1f1(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_1f1(uu____3, domain_separator).fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; + compute_As_plus_e_951(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[2U]; + memcpy( + uu____4, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U][2U]; + memcpy(uu____5, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[2U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static void closure_891( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c clone_d5_13( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * + sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void H_48_851(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_neon_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_891(A[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + clone_d5_13(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U][2U]; + memcpy(uu____2, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + uint8_t pk_serialized[800U]; + serialize_public_key_701( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_48_851(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_161( + Eurydice_slice key_generation_seed) { + tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk = uu____0.snd; + uint8_t public_key_serialized[800U]; + serialize_public_key_701(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[768U]; + serialize_secret_key_5d1(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[768U]; + memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____2[800U]; + memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; + memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + return lit; +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 2 +- SERIALIZED_KEY_LEN= 1632 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_d81( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_48_851(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); +} + +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_types_MlKemKeyPair_cb +libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = + generate_keypair_161(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key_d81( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[1632U]; + memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = + libcrux_ml_kem_types_from_05_e01(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; + uint8_t uu____3[800U]; + memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_2c1( + uu____2, libcrux_ml_kem_types_from_b6_571(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_892(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[128U], void *); + uint8_t out3[128U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[128U], void *); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_48_a92(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + PRFxN_892(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- ETA= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_2c(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_c3(randomness); +} + +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_740 +sample_ring_element_cbd_eb1(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN_48_a92(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; + memcpy( + uu____2, error_1, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_740 lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF +with const generics +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_b40(Eurydice_slice input, uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + uint8_t dummy[128U] = {0U}; + libcrux_sha3_neon_x2_shake256( + input, input, + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_48_6e4(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_b40(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_2_4b( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_3_74( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 +inv_ntt_layer_int_vec_step_reduce_27( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = + libcrux_ml_kem_vector_neon_sub_20(b, &a); + a = libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(a, &b)); + b = montgomery_multiply_fe_91(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ + .fst = a, .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_fd( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = + inv_ntt_layer_int_vec_step_reduce_27( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_621( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_4b(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_5f(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_error_reduce_89_24( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + self->coefficients[j], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_vector_u_6a1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ae1(&result[i1], &product); + } + invert_ntt_montgomery_621(&result[i1]); + add_error_reduce_89_24(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_1_fc( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_message_23(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_1_fc(coefficient_compressed); + re.coefficients[i0] = uu____0;); + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +add_message_error_reduce_89_3a( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + result.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &message->coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_ring_element_v_9b1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ae1(&result, &product);); + invert_ntt_montgomery_621(&result); + result = add_message_error_reduce_89_3a(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af(uint32x4_t v) { + uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)10, v, uint32x4_t); + uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + uint32x4_t compressed1 = libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, compressed1, + uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_43(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)10)); + uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + uint32x4_t); + uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + uint32x4_t); + uint32x4_t low0 = compress_int32x4_t_af(low00); + uint32x4_t low1 = compress_int32x4_t_af(low10); + uint32x4_t high0 = compress_int32x4_t_af(high00); + uint32x4_t high1 = compress_int32x4_t_af(high10); + int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + int16x8_t high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 10 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_43(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_10_ca0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress_20_0e(to_unsigned_representative_64(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af0(uint32x4_t v) { + uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)11, v, uint32x4_t); + uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + uint32x4_t compressed1 = libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, compressed1, + uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_430(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)11)); + uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + uint32x4_t); + uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + uint32x4_t); + uint32x4_t low0 = compress_int32x4_t_af0(low00); + uint32x4_t low1 = compress_int32x4_t_af0(low10); + uint32x4_t high0 = compress_int32x4_t_af0(high00); + uint32x4_t high1 = compress_int32x4_t_af0(high10); + int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + int16x8_t high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 11 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_430(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_840( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10_ca0(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- OUT_LEN= 640 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_d71( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[2U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)640U / (size_t)2U), + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_840(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af1(uint32x4_t v) { + uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)4, v, uint32x4_t); + uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + uint32x4_t compressed1 = libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, compressed1, + uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_431(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)4)); + uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + uint32x4_t); + uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + uint32x4_t); + uint32x4_t low0 = compress_int32x4_t_af1(low00); + uint32x4_t low1 = compress_int32x4_t_af1(low10); + uint32x4_t high0 = compress_int32x4_t_af1(high00); + uint32x4_t high1 = compress_int32x4_t_af1(high10); + int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + int16x8_t high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 4 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_431(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_4_21( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress_20_0e1(to_unsigned_representative_64(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af2(uint32x4_t v) { + uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)5, v, uint32x4_t); + uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + uint32x4_t compressed1 = libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, compressed1, + uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_432(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)5)); + uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + uint32x4_t); + uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + uint32x4_t); + uint32x4_t low0 = compress_int32x4_t_af2(low00); + uint32x4_t low1 = compress_int32x4_t_af2(low10); + uint32x4_t high0 = compress_int32x4_t_af2(high00); + uint32x4_t high1 = compress_int32x4_t_af2(high10); + int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + int16x8_t high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 5 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e2( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_432(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_5_2b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = + compress_20_0e2(to_unsigned_representative_64(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { + compress_then_serialize_4_21(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_541( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_1f1(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____3 = sample_ring_element_cbd_eb1(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_48_6e4( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[2U]; + compute_vector_u_6a1(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + deserialize_then_decompress_message_23(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + compute_ring_element_v_9b1(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + compress_then_serialize_u_d71( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + compress_then_serialize_ring_element_v_3f0( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_471( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_unpacked_541(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = + libcrux_ml_kem_types_from_01_201(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_c71(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 768 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a63( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_4e1(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; + deserialize_ring_elements_reduced_a63( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_481(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; + memcpy( + uu____0, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[2U][2U]; + memcpy(uu____1, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[768U]; + encrypt_unpacked_541(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +*/ +static KRML_MUSTINLINE void kdf_af_631(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_c71( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_48_851(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_4e1(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = + libcrux_ml_kem_types_from_01_201(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_631(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a(uint32x4_t v) { + uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)10 - (int32_t)1)); + uint32x4_t decompressed = libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)10, decompressed0, + uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_de( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + uint32x4_t); + uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + uint32x4_t); + uint32x4_t low0 = decompress_uint32x4_t_7a(low00); + uint32x4_t low1 = decompress_uint32x4_t_7a(low10); + uint32x4_t high0 = decompress_uint32x4_t_7a(high00); + uint32x4_t high1 = decompress_uint32x4_t_7a(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 10 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_21( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_de(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_10_81(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient_20_21(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a0(uint32x4_t v) { + uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)11 - (int32_t)1)); + uint32x4_t decompressed = libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)11, decompressed0, + uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_de0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + uint32x4_t); + uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + uint32x4_t); + uint32x4_t low0 = decompress_uint32x4_t_7a0(low00); + uint32x4_t low1 = decompress_uint32x4_t_7a0(low10); + uint32x4_t high0 = decompress_uint32x4_t_7a0(high00); + uint32x4_t high1 = decompress_uint32x4_t_7a0(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 11 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_210( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_de0(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_11_6b(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient_20_210(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_u_060(Eurydice_slice serialized) { + return deserialize_then_decompress_10_81(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void ntt_vector_u_3c0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_f4(&zeta_i, re); + ntt_at_layer_2_d0(&zeta_i, re); + ntt_at_layer_1_39(&zeta_i, re); + poly_barrett_reduce_89_5f(re); +} + +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_331( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_060(u_bytes); + ntt_vector_u_3c0(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a1(uint32x4_t v) { + uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)4 - (int32_t)1)); + uint32x4_t decompressed = libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, decompressed0, + uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_de1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + uint32x4_t); + uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + uint32x4_t); + uint32x4_t low0 = decompress_uint32x4_t_7a1(low00); + uint32x4_t low1 = decompress_uint32x4_t_7a1(low10); + uint32x4_t high0 = decompress_uint32x4_t_7a1(high00); + uint32x4_t high1 = decompress_uint32x4_t_7a1(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 4 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_211( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_de1(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_4_60(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient_20_211(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a2(uint32x4_t v) { + uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)5 - (int32_t)1)); + uint32x4_t decompressed = libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)5, decompressed0, + uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_de2( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + uint32x4_t); + uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + uint32x4_t); + uint32x4_t low0 = decompress_uint32x4_t_7a2(low00); + uint32x4_t low1 = decompress_uint32x4_t_7a2(low10); + uint32x4_t high0 = decompress_uint32x4_t_7a2(high00); + uint32x4_t high1 = decompress_uint32x4_t_7a2(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 5 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_212( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_de2(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_5_25(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + decompress_ciphertext_coefficient_20_212(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_v_440(Eurydice_slice serialized) { + return deserialize_then_decompress_4_60(serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +subtract_reduce_89_25(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + b.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_message_c71( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ae1(&result, &product);); + invert_ntt_montgomery_621(&result); + result = subtract_reduce_89_25(v, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_message_ab( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + to_unsigned_representative_64(re.coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_compressed = + libcrux_ml_kem_vector_neon_compress_1_20(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_d61( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; + deserialize_then_decompress_u_331(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + deserialize_then_decompress_ring_element_v_440( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + compute_message_c71(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ab(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF +with const generics +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_b4(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + uint8_t dummy[32U] = {0U}; + libcrux_sha3_neon_x2_shake256( + input, input, + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 2 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_48_6e3(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b4(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_d61(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_974( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_48_6e3( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_unpacked_541(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_f01(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_to_uncompressed_ring_element_10(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_4f1( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_uncompressed_ring_element_10(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_af1(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; + deserialize_secret_key_4f1(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t ret0[32U]; + decrypt_unpacked_d61(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_821( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_af1(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_48_6e3( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_4e1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_631( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_631(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_f01(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a62( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +static KRML_MUSTINLINE void serialize_secret_key_5d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_77(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void serialize_public_key_700( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); + uint8_t ret0[1152U]; + serialize_secret_key_5d0(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_7e0(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + deserialize_ring_elements_reduced_a62( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + serialize_public_key_700( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] + +*/ +typedef struct tuple_9b0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; +} tuple_9b0; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void G_48_770(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_neon_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static void closure_de0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb with const generics +- K= 3 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_6b0(uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = + libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { + uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + &state[1U], + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, state, + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics +- K= 3 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_48_550(uint8_t input[3U][34U]) { + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_6b0(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_b70( + Simd128Hash *st, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + st->shake128_state, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks_48 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_48_e90( + Simd128Hash *self, uint8_t ret[3U][504U]) { + shake128_squeeze_three_blocks_b70(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e61( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_7d0(Simd128Hash *st, + uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + st->shake128_state, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block_48 with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_48_ad0( + Simd128Hash *self, uint8_t ret[3U][168U]) { + shake128_squeeze_block_7d0(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e62( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d50( + int16_t s[272U]) { + return from_i16_array_89_f3(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_from_xof_c00( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_48_550(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_three_blocks_48_e90(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_e61( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_block_48_ad0(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_e62( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = closure_d50(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_matrix_A_480( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + closure_de0(A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; + sample_from_xof_c00(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b00_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; + uint8_t snd; +} tuple_b00; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_890(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_48_a90(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + PRFxN_890(input, ret); +} + +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_48_a90(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_2c( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_ae0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** + Compute  ◦ ŝ + ê +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_950( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ae0(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_9b0 generate_keypair_unpacked_ff0( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_48_770(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_480(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_1f0(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_1f0(uu____3, domain_separator).fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + compute_As_plus_e_950(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; + memcpy(uu____5, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_890( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void H_48_850(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_neon_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_890(A[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + clone_d5_13(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t pk_serialized[1184U]; + serialize_public_key_700( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_48_850(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_160( + Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + serialize_public_key_700(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key_5d0(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_d80( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_48_850(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + generate_keypair_160(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key_d80( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_05_e0(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_2c( + uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); +} + +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_b00 +sample_ring_element_cbd_eb0(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_48_a90(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_48_6e2(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_b40(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_620( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_4b(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_5f(re); +} + +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_vector_u_6a0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ae0(&result[i1], &product); + } + invert_ntt_montgomery_620(&result[i1]); + add_error_reduce_89_24(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_ring_element_v_9b0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ae0(&result, &product);); + invert_ntt_montgomery_620(&result); + result = add_message_error_reduce_89_3a(error_2, message, result); + return result; +} + +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_d70( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_840(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_540( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_1f0(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = sample_ring_element_cbd_eb0(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_48_6e2( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; + compute_vector_u_6a0(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + deserialize_then_decompress_message_23(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + compute_ring_element_v_9b0(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + compress_then_serialize_u_d70( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + compress_then_serialize_ring_element_v_3f0( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_470( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_unpacked_540(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_01_20(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_c70(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a61( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_4e0(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + deserialize_ring_elements_reduced_a61( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_480(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + encrypt_unpacked_540(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE void kdf_af_630(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_c70( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_48_850(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_4e0(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_20(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_630(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_330( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_060(u_bytes); + ntt_vector_u_3c0(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_message_c70( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ae0(&result, &product);); + invert_ntt_montgomery_620(&result); + result = subtract_reduce_89_25(v, result); + return result; +} + +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_d60( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; + deserialize_then_decompress_u_330(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + deserialize_then_decompress_ring_element_v_440( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + compute_message_c70(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ab(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 3 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_48_6e1(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b4(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_d60(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_48_6e1( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_unpacked_540(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_f0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_4f0( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_uncompressed_ring_element_10(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_af0(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + deserialize_secret_key_4f0(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t ret0[32U]; + decrypt_unpacked_d60(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_820( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_af0(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_48_6e1( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_4e0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_630( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_630(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_f0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1568 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a60( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- OUT_LEN= 1536 +*/ +static KRML_MUSTINLINE void serialize_secret_key_5d( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_77(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +static KRML_MUSTINLINE void serialize_public_key_70( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1536U, uint8_t, Eurydice_slice); + uint8_t ret0[1536U]; + serialize_secret_key_5d(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_7e(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; + deserialize_ring_elements_reduced_a60( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1568U]; + serialize_public_key_70( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]] + +*/ +typedef struct tuple_54_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c snd; +} tuple_54; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void G_48_77(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_neon_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static void closure_de( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb with const generics +- K= 4 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_6b(uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = + libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { + uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + &state[1U], + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, state, + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics +- K= 4 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_48_55(uint8_t input[4U][34U]) { + uint8_t uu____0[4U][34U]; + memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_6b(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_b7( + Simd128Hash *st, uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + st->shake128_state, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____3[504U]; + memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks_48 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_48_e9( + Simd128Hash *self, uint8_t ret[4U][504U]) { + shake128_squeeze_three_blocks_b7(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 4 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e6( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_7d(Simd128Hash *st, + uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + st->shake128_state, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block_48 with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_48_ad( + Simd128Hash *self, uint8_t ret[4U][168U]) { + shake128_squeeze_block_7d(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 4 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e60( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d5( + int16_t s[272U]) { + return from_i16_array_89_f3(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_from_xof_c0( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_48_55(uu____0); + uint8_t randomness0[4U][504U]; + shake128_squeeze_three_blocks_48_e9(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_e6( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_block_48_ad(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_e60( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = closure_d5(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_matrix_A_48( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + closure_de(A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[4U]; + sample_from_xof_c0(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[4size_t], uint8_t + +*/ +typedef struct tuple_71_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[4U]; + uint8_t snd; +} tuple_71; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_89(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____3[128U]; + memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_48_a9(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + PRFxN_89(input, ret); +} + +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_48_a9(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_2c( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; + memcpy( + uu____2, re_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_71 lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** + Compute  ◦ ŝ + ê +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_95( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ae(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_54 generate_keypair_unpacked_ff( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_48_77(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_48(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_1f(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_1f(uu____3, domain_separator).fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; + compute_As_plus_e_95(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[4U]; + memcpy( + uu____4, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U][4U]; + memcpy(uu____5, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[4U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_89( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void H_48_85(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_neon_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_54 uu____0 = generate_keypair_unpacked_ff(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_89(A[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + clone_d5_13(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U][4U]; + memcpy(uu____2, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + uint8_t pk_serialized[1568U]; + serialize_public_key_70( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_48_85(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_16( + Eurydice_slice key_generation_seed) { + tuple_54 uu____0 = generate_keypair_unpacked_ff(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk = uu____0.snd; + uint8_t public_key_serialized[1568U]; + serialize_public_key_70(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key_5d(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1536U]; + memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____2[1568U]; + memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; + memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + return lit; +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 4 +- SERIALIZED_KEY_LEN= 3168 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_d8( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_48_85(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); +} + +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = + generate_keypair_16(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key_d8( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[3168U]; + memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = + libcrux_ml_kem_types_from_05_e00(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_2c0( + uu____2, libcrux_ml_kem_types_from_b6_570(uu____3)); +} + +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_71 +sample_ring_element_cbd_eb(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_48_a9(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; + memcpy( + uu____2, error_1, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_71 lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_48_6e0(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_b40(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_62( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_4b(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_5f(re); +} + +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_vector_u_6a( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ae(&result[i1], &product); + } + invert_ntt_montgomery_62(&result[i1]); + add_error_reduce_89_24(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_ring_element_v_9b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ae(&result, &product);); + invert_ntt_montgomery_62(&result); + result = add_message_error_reduce_89_3a(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_11_55( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress_20_0e0(to_unsigned_representative_64(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 11 +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_84( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11_55(re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); +} + +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- OUT_LEN= 1408 +- COMPRESSION_FACTOR= 11 +- BLOCK_LEN= 352 +*/ +static void compress_then_serialize_u_d7( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[4U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)1408U / (size_t)4U), + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u_84(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 5 +- OUT_LEN= 160 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { + compress_then_serialize_5_2b(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_54( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_1f(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = sample_ring_element_cbd_eb(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_48_6e0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[4U]; + compute_vector_u_6a(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + deserialize_then_decompress_message_23(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + compute_ring_element_v_9b(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + compress_then_serialize_u_d7( + uu____5, + Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + compress_then_serialize_ring_element_v_3f( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_47( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_unpacked_54(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = + libcrux_ml_kem_types_from_01_200(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_c7(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1536 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a6( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_4e(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; + deserialize_ring_elements_reduced_a6( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_48(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; + memcpy( + uu____0, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[4U][4U]; + memcpy(uu____1, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1568U]; + encrypt_unpacked_54(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE void kdf_af_63(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_c7( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_48_85(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_4e(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_200(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_63(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_u_06(Eurydice_slice serialized) { + return deserialize_then_decompress_11_6b(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void ntt_vector_u_3c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_f4(&zeta_i, re); + ntt_at_layer_2_d0(&zeta_i, re); + ntt_at_layer_1_39(&zeta_i, re); + poly_barrett_reduce_89_5f(re); +} + +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_33( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U, + uint8_t, Eurydice_slice); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_06(u_bytes); + ntt_vector_u_3c(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_v_44(Eurydice_slice serialized) { + return deserialize_then_decompress_5_25(serialized); +} + +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_message_c7( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ae(&result, &product);); + invert_ntt_montgomery_62(&result); + result = subtract_reduce_89_25(v, result); + return result; +} + +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_unpacked_d6( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; + deserialize_then_decompress_u_33(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + deserialize_then_decompress_ring_element_v_44( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + compute_message_c7(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ab(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 4 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_48_6e(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b4(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_d6(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_973( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_48_6e( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_unpacked_54(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_f00(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_4f( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_uncompressed_ring_element_10(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_af(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; + deserialize_secret_key_4f(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t ret0[32U]; + decrypt_unpacked_d6(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_82( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_af(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_48_6e( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_4e(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_63( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_63(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_f00(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 24f4c33dd..80f89c5b8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem_neon_H @@ -20,6 +20,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" #include "libcrux_sha3_neon.h" void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, @@ -28,6 +29,571 @@ void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]); +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { + int16x8_t low; + int16x8_t high; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_ZERO(void); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ZERO_20(void); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array); + +void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_to_i16_array_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_add_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_sub_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_cond_subtract_3329_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +int16x8_t libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( + int16x8_t v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +int16x8_t libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + int16x8_t low, int16x8_t high); + +int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + int16x8_t v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +int16_t libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + int16_t coefficient_bits); + +int16x8_t libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + int16x8_t v, int16x8_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_multiply_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +void libcrux_ml_kem_vector_neon_serialize_serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_4_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_5_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_10_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_11_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_12_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a); + +size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, + Eurydice_slice result); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, + Eurydice_slice out); + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_clone_ed( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self); + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 25d2df9e0..4cf1af2e8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #include "internal/libcrux_mlkem_portable.h" @@ -68,6 +68,123 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); +} + KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice array) { @@ -93,6 +210,276 @@ libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } +KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +} + KRML_MUSTINLINE uint8_t_x11 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { uint8_t r0 = @@ -273,42 +660,20 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) >> 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) >> + 5U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -350,537 +715,6 @@ libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); -} - -const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE - [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, - 255U, 255U, 255U}, - {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 255U, 255U}, - {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, - 15U, 255U, 255U}, - {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 14U, 15U}}; - /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1548,331 +1382,88 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { KRML_MAYBE_FOR8( i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U);); - for (size_t i = (size_t)8U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); - } - return result; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); -} - -KRML_MUSTINLINE uint8_t_x4 -libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); - return (CLITERAL(uint8_t_x4){ - .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)i0 & + 1U);); + for (size_t i = (size_t)8U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); + } + return result; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); } -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); +KRML_MUSTINLINE uint8_t_x4 +libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); + return (CLITERAL(uint8_t_x4){ + .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); } KRML_MUSTINLINE uint8_t_x5 @@ -1961,112 +1552,6 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); } -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); -} - KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, @@ -2315,7 +1800,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_02(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2349,8 +1834,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_to_reduced_ring_element_d2(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -2381,12 +1866,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_524( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2398,7 +1883,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2412,7 +1897,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_f8(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_83(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2431,8 +1916,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_4b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_f8(v); +shift_right_0d_bf(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_83(v); } /** @@ -2442,10 +1927,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_78( +to_unsigned_representative_af( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_4b(a); + shift_right_0d_bf(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2458,14 +1943,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_05( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_78(re->coefficients[i0]); + to_unsigned_representative_af(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2489,7 +1974,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_f81( +static KRML_MUSTINLINE void serialize_secret_key_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2508,7 +1993,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f81( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); + serialize_uncompressed_ring_element_05(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -2528,7 +2013,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_801( +static KRML_MUSTINLINE void serialize_public_key_9a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; @@ -2536,7 +2021,7 @@ static KRML_MUSTINLINE void serialize_public_key_801( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; - serialize_secret_key_f81(t_as_ntt, ret0); + serialize_secret_key_e81(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), @@ -2557,15 +2042,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_724( + deserialize_ring_elements_reduced_524( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_801( + serialize_public_key_9a1( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), @@ -2596,7 +2081,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_b61(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_111(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2607,10 +2092,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_e81( +static void closure_821( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -2628,7 +2113,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_751(uint8_t input[4U][34U]) { +shake128_init_absorb_411(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2658,10 +2143,10 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_f1_111(uint8_t input[4U][34U]) { +shake128_init_absorb_f1_511(uint8_t input[4U][34U]) { uint8_t uu____0[4U][34U]; memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_751(uu____0); + return shake128_init_absorb_411(uu____0); } /** @@ -2670,7 +2155,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_101( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_541( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2692,9 +2177,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e1( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_7f1( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_101(self, ret); + shake128_squeeze_three_blocks_541(self, ret); } /** @@ -2745,7 +2230,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_023( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2784,7 +2269,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_ed1(PortableHash_d1 *st, +static KRML_MUSTINLINE void shake128_squeeze_block_881(PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2805,9 +2290,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_c11( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_681( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_ed1(self, ret); + shake128_squeeze_block_881(self, ret); } /** @@ -2858,7 +2343,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_024( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2902,8 +2387,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_89_6b(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); +from_i16_array_89_48(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2924,9 +2409,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_131( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( + return from_i16_array_89_48(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -2937,29 +2422,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_2b1( +static KRML_MUSTINLINE void sample_from_xof_f61( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; uint8_t uu____0[4U][34U]; memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_f1_111(uu____0); + PortableHash_d1 xof_state = shake128_init_absorb_f1_511(uu____0); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_f1_4e1(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_7f1(&xof_state, randomness0); uint8_t uu____1[4U][504U]; memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_053( + bool done = sample_from_uniform_distribution_next_023( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_block_f1_c11(&xof_state, randomness); + shake128_squeeze_block_f1_681(&xof_state, randomness); uint8_t uu____2[4U][168U]; memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_054( + done = sample_from_uniform_distribution_next_024( uu____2, sampled_coefficients, out); } } @@ -2967,7 +2452,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b1( memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_991(uu____3[i]);); + ret0[i] = closure_131(uu____3[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2980,12 +2465,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_231( +static KRML_MUSTINLINE void sample_matrix_A_551( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_e81(A_transpose[i]);); + closure_821(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -2998,7 +2483,7 @@ static KRML_MUSTINLINE void sample_matrix_A_231( uint8_t uu____1[4U][34U]; memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_2b1(uu____1, sampled); + sample_from_xof_f61(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -3037,7 +2522,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_632(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -3059,9 +2544,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_772(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_1d2(input, ret); + PRFxN_632(input, ret); } /** @@ -3120,7 +2605,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_c8(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -3156,7 +2641,7 @@ sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b(Eurydice_array_to_slice( + return from_i16_array_89_48(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -3167,7 +2652,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_b8(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -3202,7 +2687,7 @@ sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b(Eurydice_array_to_slice( + return from_i16_array_89_48(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -3213,8 +2698,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_66(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_20(randomness); +sample_from_binomial_distribution_e3(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_c8(randomness); } /** @@ -3223,7 +2708,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_13( +static KRML_MUSTINLINE void ntt_at_layer_7_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3251,7 +2736,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_d5( +montgomery_multiply_fe_29( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3265,12 +2750,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_d7( + ntt_layer_int_vec_step_a6( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_d5(b, zeta_r); + montgomery_multiply_fe_29(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3284,7 +2769,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_c0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3297,7 +2782,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_d7( + ntt_layer_int_vec_step_a6( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3314,7 +2799,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_34( +static KRML_MUSTINLINE void ntt_at_layer_3_c1( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3332,7 +2817,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_7b( +static KRML_MUSTINLINE void ntt_at_layer_2_46( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3352,7 +2837,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_4f( +static KRML_MUSTINLINE void ntt_at_layer_1_c9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3380,7 +2865,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_2c( +static KRML_MUSTINLINE void poly_barrett_reduce_89_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3398,17 +2883,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_88( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_13(re); + ntt_at_layer_7_1c(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c1(&zeta_i, re); + ntt_at_layer_2_46(&zeta_i, re); + ntt_at_layer_1_c9(&zeta_i, re); + poly_barrett_reduce_89_55(re); } /** @@ -3424,11 +2909,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); + re_as_ntt[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3439,12 +2924,12 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_772(prf_inputs, prf_outputs); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_66( + re_as_ntt[i0] = sample_from_binomial_distribution_e3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; memcpy( uu____2, re_as_ntt, @@ -3495,9 +2980,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_89_f7(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_02(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3534,7 +3019,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_931( +static KRML_MUSTINLINE void add_to_ring_element_89_8e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3561,7 +3046,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_3e( +to_standard_domain_a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3577,14 +3062,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_99( +static KRML_MUSTINLINE void add_standard_error_reduce_89_0b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_3e(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_a1(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3602,14 +3087,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_da1( +static KRML_MUSTINLINE void compute_As_plus_e_a51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -3632,10 +3117,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_931(&result[i1], &product); + ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_8e1(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -3692,10 +3177,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_f41( +static tuple_540 generate_keypair_unpacked_a91( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b61(key_generation_seed, hashed); + G_f1_111(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3703,14 +3188,14 @@ static tuple_540 generate_keypair_unpacked_f41( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_231(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_551(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_d71(uu____1, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_011(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -3721,10 +3206,10 @@ static tuple_540 generate_keypair_unpacked_f41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d71(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_011(uu____3, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_da1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_a51(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -3773,10 +3258,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_571( +static void closure_f21( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -3789,7 +3274,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_84( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3811,7 +3296,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_af1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3829,7 +3314,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -3838,18 +3323,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_540 uu____0 = generate_keypair_unpacked_f41(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_a91(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_571(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_f21(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_93(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3859,13 +3344,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_801( + serialize_public_key_9a1( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + H_f1_af1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -3905,18 +3390,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e81( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_f41(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_a91(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_801(pk.t_as_ntt, + serialize_public_key_9a1(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_e81(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1536U]; memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); uint8_t uu____2[1568U]; @@ -3937,7 +3422,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f2( +static KRML_MUSTINLINE void serialize_kem_secret_key_6b( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3966,7 +3451,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e1(public_key, ret0); + H_f1_af1(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -4007,7 +3492,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -4017,13 +3502,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_ec1(ind_cpa_keypair_randomness); + generate_keypair_e81(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_f2( + serialize_kem_secret_key_6b( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, @@ -4032,12 +3517,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { uint8_t uu____1[3168U]; memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_a71(uu____1); + libcrux_ml_kem_types_from_05_e00(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; uint8_t uu____3[1568U]; memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c91( - uu____2, libcrux_ml_kem_types_from_b6_4c1(uu____3)); + return libcrux_ml_kem_types_from_17_2c0( + uu____2, libcrux_ml_kem_types_from_b6_570(uu____3)); } /** @@ -4053,10 +3538,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_39();); + error_1[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -4067,11 +3552,11 @@ sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_772(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; @@ -4091,7 +3576,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_b60(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), @@ -4109,9 +3594,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_044(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_6f4(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_b60(input, ret); } /** @@ -4120,7 +3605,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_2a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4144,7 +3629,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_a6( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_84( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4164,7 +3649,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_61( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_75( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4184,7 +3669,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_87( + inv_ntt_layer_int_vec_step_reduce_56( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4192,7 +3677,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_d5(a_minus_b, zeta_r); + b = montgomery_multiply_fe_29(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4204,7 +3689,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4219,7 +3704,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_87( + inv_ntt_layer_int_vec_step_reduce_56( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4236,18 +3721,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_861( +static KRML_MUSTINLINE void invert_ntt_montgomery_d41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_2a(&zeta_i, re); + invert_ntt_at_layer_2_84(&zeta_i, re); + invert_ntt_at_layer_3_75(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_55(re); } /** @@ -4260,7 +3745,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_08( +static KRML_MUSTINLINE void add_error_reduce_89_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4287,14 +3772,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_a11( +static KRML_MUSTINLINE void compute_vector_u_571( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -4316,11 +3801,11 @@ static KRML_MUSTINLINE void compute_vector_u_a11( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_931(&result[i1], &product); + ntt_multiply_89_f7(a_element, &r_as_ntt[j]); + add_to_ring_element_89_8e1(&result[i1], &product); } - invert_ntt_montgomery_861(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d41(&result[i1]); + add_error_reduce_89_b9(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4334,7 +3819,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_89(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_e9(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4348,8 +3833,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4359,7 +3844,7 @@ deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_89(coefficient_compressed); + decompress_1_e9(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4375,7 +3860,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_8b( +add_message_error_reduce_89_11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4408,18 +3893,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f1( +compute_ring_element_v_c81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_931(&result, &product);); - invert_ntt_montgomery_861(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_8e1(&result, &product);); + invert_ntt_montgomery_d41(&result); + result = add_message_error_reduce_89_11(error_2, message, result); return result; } @@ -4429,7 +3914,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_94(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4450,9 +3935,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_31( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_9b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be(v); + return compress_94(v); } /** @@ -4461,7 +3946,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_940(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4483,8 +3968,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_310(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be0(v); +compress_0d_9b0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_940(v); } /** @@ -4493,14 +3978,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_e10( +static KRML_MUSTINLINE void compress_then_serialize_11_2d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_310(to_unsigned_representative_78(re->coefficients[i0])); + compress_0d_9b0(to_unsigned_representative_af(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4521,10 +4006,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_e10(re, uu____0); + compress_then_serialize_11_2d0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4540,7 +4025,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_241( +static void compress_then_serialize_u_251( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4558,7 +4043,7 @@ static void compress_then_serialize_u_241( (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_2f0(&re, ret); + compress_then_serialize_ring_element_u_d80(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), @@ -4572,7 +4057,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_941(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4594,8 +4079,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_311(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be1(v); +compress_0d_9b1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_941(v); } /** @@ -4604,14 +4089,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_e5( +static KRML_MUSTINLINE void compress_then_serialize_4_09( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_311(to_unsigned_representative_78(re.coefficients[i0])); + compress_0d_9b1(to_unsigned_representative_af(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); core_slice___Slice_T___copy_from_slice( @@ -4629,7 +4114,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_942(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4651,8 +4136,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_312(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be2(v); +compress_0d_9b2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_942(v); } /** @@ -4661,14 +4146,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_a3( +static KRML_MUSTINLINE void compress_then_serialize_5_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_312(to_unsigned_representative_78(re.coefficients[i0])); + compress_0d_9b2(to_unsigned_representative_af(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); core_slice___Slice_T___copy_from_slice( @@ -4687,9 +4172,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_310( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_a3(re, out); + compress_then_serialize_5_b9(re, out); } /** @@ -4751,14 +4236,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c1( +static void encrypt_unpacked_651( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_d71(uu____0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_011(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4766,7 +4251,7 @@ static void encrypt_unpacked_6c1( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = sample_ring_element_cbd_2c1(uu____2, domain_separator0); + tuple_710 uu____3 = sample_ring_element_cbd_381(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4774,32 +4259,32 @@ static void encrypt_unpacked_6c1( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_044( + PRF_f1_6f4( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_a11(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_571(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_cb(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c81(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_241( + compress_then_serialize_u_251( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_310( + compress_then_serialize_ring_element_v_d60( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); @@ -4825,11 +4310,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -4841,7 +4326,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4855,7 +4340,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_6c1(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_651(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -4864,7 +4349,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f51(uu____4); + libcrux_ml_kem_types_from_01_200(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; @@ -4883,7 +4368,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_44(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_a1(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -4905,12 +4390,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_523( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4922,7 +4407,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4948,10 +4433,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_723( + deserialize_ring_elements_reduced_523( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -4959,8 +4444,8 @@ static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_231(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_551(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -4990,7 +4475,7 @@ static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_6c1(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_651(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -5005,7 +4490,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_c2(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_f4(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -5033,15 +4518,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_44( + entropy_preprocess_af_a1( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -5049,8 +4534,8 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), + H_f1_af1(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -5058,7 +4543,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5068,18 +4553,18 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_0d1(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_f71(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f51(uu____4); + libcrux_ml_kem_types_from_01_200(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_c2(shared_secret, shared_secret_array); + kdf_af_f4(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -5096,7 +4581,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b8( +decompress_ciphertext_coefficient_41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5121,9 +4606,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f4( +decompress_ciphertext_coefficient_0d_cc( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b8(v); + return decompress_ciphertext_coefficient_41(v); } /** @@ -5133,8 +4618,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_e9(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_10_02(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -5146,7 +4631,7 @@ deserialize_then_decompress_10_e9(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f4(coefficient); + decompress_ciphertext_coefficient_0d_cc(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5159,7 +4644,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b80( +decompress_ciphertext_coefficient_410( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5184,9 +4669,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f40( +decompress_ciphertext_coefficient_0d_cc0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b80(v); + return decompress_ciphertext_coefficient_410(v); } /** @@ -5196,8 +4681,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_f5(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_11_a4(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -5209,7 +4694,7 @@ deserialize_then_decompress_11_f5(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f40(coefficient); + decompress_ciphertext_coefficient_0d_cc0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5222,8 +4707,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_890(Eurydice_slice serialized) { - return deserialize_then_decompress_11_f5(serialized); +deserialize_then_decompress_ring_element_u_450(Eurydice_slice serialized) { + return deserialize_then_decompress_11_a4(serialized); } /** @@ -5232,17 +4717,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_ed0( +static KRML_MUSTINLINE void ntt_vector_u_d70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c1(&zeta_i, re); + ntt_at_layer_2_46(&zeta_i, re); + ntt_at_layer_1_c9(&zeta_i, re); + poly_barrett_reduce_89_55(re); } /** @@ -5257,12 +4742,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( +static KRML_MUSTINLINE void deserialize_then_decompress_u_201( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, @@ -5281,8 +4766,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_890(u_bytes); - ntt_vector_u_ed0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_450(u_bytes); + ntt_vector_u_d70(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5296,7 +4781,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b81( +decompress_ciphertext_coefficient_411( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5321,9 +4806,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f41( +decompress_ciphertext_coefficient_0d_cc1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b81(v); + return decompress_ciphertext_coefficient_411(v); } /** @@ -5333,8 +4818,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_34(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_4_b6(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -5345,7 +4830,7 @@ deserialize_then_decompress_4_34(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f41(coefficient); + decompress_ciphertext_coefficient_0d_cc1(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5358,7 +4843,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b82( +decompress_ciphertext_coefficient_412( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5383,9 +4868,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f42( +decompress_ciphertext_coefficient_0d_cc2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b82(v); + return decompress_ciphertext_coefficient_412(v); } /** @@ -5395,8 +4880,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_53(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_5_9f(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -5408,7 +4893,7 @@ deserialize_then_decompress_5_53(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_cc2(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5421,8 +4906,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_300(Eurydice_slice serialized) { - return deserialize_then_decompress_5_53(serialized); +deserialize_then_decompress_ring_element_v_670(Eurydice_slice serialized) { + return deserialize_then_decompress_5_9f(serialized); } /** @@ -5436,7 +4921,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_7d(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_d2(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5467,17 +4952,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb1( +compute_message_f61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_931(&result, &product);); - invert_ntt_montgomery_861(&result); - result = subtract_reduce_89_7d(v, result); + ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_8e1(&result, &product);); + invert_ntt_montgomery_d41(&result); + result = subtract_reduce_89_d2(v, result); return result; } @@ -5487,13 +4972,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_3a( +static KRML_MUSTINLINE void compress_then_serialize_message_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_78(re.coefficients[i0]); + to_unsigned_representative_af(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5543,20 +5028,20 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_e71( +static void decrypt_unpacked_181( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_b11(ciphertext, u_as_ntt); + deserialize_then_decompress_u_201(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_300( + deserialize_then_decompress_ring_element_v_670( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_f61(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_ef(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5565,7 +5050,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_b6(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), @@ -5583,8 +5068,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_6f3(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b6(input, ret); } /** @@ -5609,15 +5094,15 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e71(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_181(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -5629,7 +5114,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5639,7 +5124,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( + libcrux_ml_kem_utils_into_padded_array_973( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -5648,9 +5133,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_043( + PRF_f1_6f3( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = @@ -5658,10 +5143,10 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_6c1(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_651(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_00_f00(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -5680,8 +5165,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_05(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_to_uncompressed_ring_element_00(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -5706,12 +5191,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_011( +static KRML_MUSTINLINE void deserialize_secret_key_6b1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5723,7 +5208,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_011( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_00(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5741,10 +5226,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_c21(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_4a1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_011(secret_key, secret_as_ntt); + deserialize_secret_key_6b1(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; memcpy( uu____0, secret_as_ntt, @@ -5755,7 +5240,7 @@ static void decrypt_c21(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e71(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_181(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5781,7 +5266,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f1( +void libcrux_ml_kem_ind_cca_decapsulate_711( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5801,9 +5286,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c21(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_4a1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -5812,7 +5297,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -5822,31 +5307,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_043( + PRF_f1_6f3( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_0d1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f71(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_c2( + kdf_af_f4( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_c2(shared_secret0, shared_secret); + kdf_af_f4(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_00_f00(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -5870,12 +5355,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_522( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5887,7 +5372,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5905,7 +5390,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_f80( +static KRML_MUSTINLINE void serialize_secret_key_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5924,7 +5409,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); + serialize_uncompressed_ring_element_05(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -5944,14 +5429,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_800( +static KRML_MUSTINLINE void serialize_public_key_9a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; - serialize_secret_key_f80(t_as_ntt, ret0); + serialize_secret_key_e80(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), @@ -5972,15 +5457,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_722( + deserialize_ring_elements_reduced_522( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_800( + serialize_public_key_9a0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), @@ -5997,10 +5482,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$2size_t]] */ -typedef struct tuple_4c0_s { +typedef struct tuple_4c_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae snd; -} tuple_4c0; +} tuple_4c; /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for @@ -6011,7 +5496,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_b60(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_110(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -6022,10 +5507,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_e80( +static void closure_820( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -6043,7 +5528,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_750(uint8_t input[2U][34U]) { +shake128_init_absorb_410(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -6073,10 +5558,10 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_f1_110(uint8_t input[2U][34U]) { +shake128_init_absorb_f1_510(uint8_t input[2U][34U]) { uint8_t uu____0[2U][34U]; memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_750(uu____0); + return shake128_init_absorb_410(uu____0); } /** @@ -6085,7 +5570,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_100( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_540( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -6107,9 +5592,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e0( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_7f0( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_100(self, ret); + shake128_squeeze_three_blocks_540(self, ret); } /** @@ -6160,7 +5645,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_021( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6199,7 +5684,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_ed0(PortableHash_8b *st, +static KRML_MUSTINLINE void shake128_squeeze_block_880(PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -6220,9 +5705,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_c10( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_680( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_ed0(self, ret); + shake128_squeeze_block_880(self, ret); } /** @@ -6273,7 +5758,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_022( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6313,9 +5798,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_130( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( + return from_i16_array_89_48(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -6326,29 +5811,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_2b0( +static KRML_MUSTINLINE void sample_from_xof_f60( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; uint8_t uu____0[2U][34U]; memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_f1_110(uu____0); + PortableHash_8b xof_state = shake128_init_absorb_f1_510(uu____0); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_f1_4e0(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_7f0(&xof_state, randomness0); uint8_t uu____1[2U][504U]; memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_051( + bool done = sample_from_uniform_distribution_next_021( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_block_f1_c10(&xof_state, randomness); + shake128_squeeze_block_f1_680(&xof_state, randomness); uint8_t uu____2[2U][168U]; memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_052( + done = sample_from_uniform_distribution_next_022( uu____2, sampled_coefficients, out); } } @@ -6356,7 +5841,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b0( memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_990(uu____3[i]);); + ret0[i] = closure_130(uu____3[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6369,12 +5854,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_230( +static KRML_MUSTINLINE void sample_matrix_A_550( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_e80(A_transpose[i]);); + closure_820(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -6387,7 +5872,7 @@ static KRML_MUSTINLINE void sample_matrix_A_230( uint8_t uu____1[2U][34U]; memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_2b0(uu____1, sampled); + sample_from_xof_f60(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -6415,10 +5900,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[2size_t], uint8_t */ -typedef struct tuple_740_s { +typedef struct tuple_74_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[2U]; uint8_t snd; -} tuple_740; +} tuple_74; /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN @@ -6426,7 +5911,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_630(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -6448,9 +5933,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_890(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_770(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_1d0(input, ret); + PRFxN_630(input, ret); } /** @@ -6460,8 +5945,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_660(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_85(randomness); +sample_from_binomial_distribution_e30(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_b8(randomness); } /** @@ -6477,11 +5962,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); + re_as_ntt[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -6492,17 +5977,17 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_890(prf_inputs, prf_outputs); + PRFxN_f1_770(prf_inputs, prf_outputs); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_660( + re_as_ntt[i0] = sample_from_binomial_distribution_e30( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_740 lit; + tuple_74 lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6524,7 +6009,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_930( +static KRML_MUSTINLINE void add_to_ring_element_89_8e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6553,14 +6038,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_da0( +static KRML_MUSTINLINE void compute_As_plus_e_a50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -6583,10 +6068,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_930(&result[i1], &product); + ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_8e0(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -6643,10 +6128,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_f40( +static tuple_4c generate_keypair_unpacked_a90( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b60(key_generation_seed, hashed); + G_f1_110(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6654,14 +6139,14 @@ static tuple_4c0 generate_keypair_unpacked_f40( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_230(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_550(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_d70(uu____1, 0U); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_010(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6672,10 +6157,10 @@ static tuple_4c0 generate_keypair_unpacked_f40( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d70(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_010(uu____3, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_da0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_a50(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -6707,7 +6192,7 @@ static tuple_4c0 generate_keypair_unpacked_f40( memcpy( sk.secret_as_ntt, uu____7, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); } /** @@ -6724,10 +6209,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_570( +static void closure_f20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -6739,7 +6224,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_af0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -6757,7 +6242,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6766,18 +6251,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_4c0 uu____0 = generate_keypair_unpacked_f40(ind_cpa_keypair_randomness); + tuple_4c uu____0 = generate_keypair_unpacked_a90(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_570(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_f20(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_93(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6787,13 +6272,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_800( + serialize_public_key_9a0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + H_f1_af0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -6833,18 +6318,18 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e80( Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_f40(key_generation_seed); + tuple_4c uu____0 = generate_keypair_unpacked_a90(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_800(pk.t_as_ntt, + serialize_public_key_9a0(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_e80(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[768U]; memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); uint8_t uu____2[800U]; @@ -6865,7 +6350,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_41( +static KRML_MUSTINLINE void serialize_kem_secret_key_b4( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6894,7 +6379,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_41( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e0(public_key, ret0); + H_f1_af0(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -6935,7 +6420,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6945,13 +6430,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_ec0(ind_cpa_keypair_randomness); + generate_keypair_e80(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_41( + serialize_kem_secret_key_b4( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, @@ -6960,12 +6445,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { uint8_t uu____1[1632U]; memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); + libcrux_ml_kem_types_from_05_e01(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; uint8_t uu____3[800U]; memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); + return libcrux_ml_kem_types_from_17_2c1( + uu____2, libcrux_ml_kem_types_from_b6_571(uu____3)); } /** @@ -6974,7 +6459,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_631(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -6996,9 +6481,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_771(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_1d1(input, ret); + PRFxN_631(input, ret); } /** @@ -7013,11 +6498,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { +static KRML_MUSTINLINE tuple_74 +sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_39();); + error_1[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -7028,18 +6513,18 @@ sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_891(prf_inputs, prf_outputs); + PRFxN_f1_771(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_740 lit; + tuple_74 lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7057,9 +6542,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_042(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_6f2(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_b60(input, ret); } /** @@ -7068,18 +6553,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_860( +static KRML_MUSTINLINE void invert_ntt_montgomery_d40( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_2a(&zeta_i, re); + invert_ntt_at_layer_2_84(&zeta_i, re); + invert_ntt_at_layer_3_75(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_55(re); } /** @@ -7091,14 +6576,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_a10( +static KRML_MUSTINLINE void compute_vector_u_570( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -7120,11 +6605,11 @@ static KRML_MUSTINLINE void compute_vector_u_a10( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_930(&result[i1], &product); + ntt_multiply_89_f7(a_element, &r_as_ntt[j]); + add_to_ring_element_89_8e0(&result[i1], &product); } - invert_ntt_montgomery_860(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d40(&result[i1]); + add_error_reduce_89_b9(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -7141,18 +6626,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f0( +compute_ring_element_v_c80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_930(&result, &product);); - invert_ntt_montgomery_860(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_8e0(&result, &product);); + invert_ntt_montgomery_d40(&result); + result = add_message_error_reduce_89_11(error_2, message, result); return result; } @@ -7162,14 +6647,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_3b( +static KRML_MUSTINLINE void compress_then_serialize_10_54( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_31(to_unsigned_representative_78(re->coefficients[i0])); + compress_0d_9b(to_unsigned_representative_af(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -7190,10 +6675,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_3b(re, uu____0); + compress_then_serialize_10_54(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -7209,7 +6694,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_240( +static void compress_then_serialize_u_250( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7227,7 +6712,7 @@ static void compress_then_serialize_u_240( (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_2f(&re, ret); + compress_then_serialize_ring_element_u_d8(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -7242,9 +6727,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_31( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_e5(re, out); + compress_then_serialize_4_09(re, out); } /** @@ -7306,14 +6791,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c0( +static void encrypt_unpacked_650( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_d70(uu____0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_010(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -7321,7 +6806,7 @@ static void encrypt_unpacked_6c0( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = sample_ring_element_cbd_2c0(uu____2, domain_separator0); + tuple_74 uu____3 = sample_ring_element_cbd_380(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7329,31 +6814,31 @@ static void encrypt_unpacked_6c0( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_042( + PRF_f1_6f2( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_a10(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_570(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_cb(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c80(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_240( + compress_then_serialize_u_250( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_31( + compress_then_serialize_ring_element_v_d6( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); @@ -7379,11 +6864,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -7395,7 +6880,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -7409,7 +6894,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_6c0(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_650(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -7418,7 +6903,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_201(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; @@ -7437,7 +6922,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_5d(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_57(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -7459,12 +6944,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_521( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7476,7 +6961,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7502,10 +6987,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_721( + deserialize_ring_elements_reduced_521( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -7513,8 +6998,8 @@ static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_230(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_550(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -7544,7 +7029,7 @@ static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_6c0(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_650(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -7559,7 +7044,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_e8(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_26(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -7587,15 +7072,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_5d( + entropy_preprocess_af_57( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -7603,8 +7088,8 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), + H_f1_af0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -7612,7 +7097,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -7622,18 +7107,18 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_0d0(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_f70(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_201(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_e8(shared_secret, shared_secret_array); + kdf_af_26(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -7650,8 +7135,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_89(Eurydice_slice serialized) { - return deserialize_then_decompress_10_e9(serialized); +deserialize_then_decompress_ring_element_u_45(Eurydice_slice serialized) { + return deserialize_then_decompress_10_02(serialized); } /** @@ -7660,17 +7145,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_ed( +static KRML_MUSTINLINE void ntt_vector_u_d7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c1(&zeta_i, re); + ntt_at_layer_2_46(&zeta_i, re); + ntt_at_layer_1_c9(&zeta_i, re); + poly_barrett_reduce_89_55(re); } /** @@ -7685,12 +7170,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( +static KRML_MUSTINLINE void deserialize_then_decompress_u_200( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, @@ -7709,8 +7194,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_89(u_bytes); - ntt_vector_u_ed(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_45(u_bytes); + ntt_vector_u_d7(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7724,8 +7209,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_30(Eurydice_slice serialized) { - return deserialize_then_decompress_4_34(serialized); +deserialize_then_decompress_ring_element_v_67(Eurydice_slice serialized) { + return deserialize_then_decompress_4_b6(serialized); } /** @@ -7741,17 +7226,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb0( +compute_message_f60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_930(&result, &product);); - invert_ntt_montgomery_860(&result); - result = subtract_reduce_89_7d(v, result); + ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_8e0(&result, &product);); + invert_ntt_montgomery_d40(&result); + result = subtract_reduce_89_d2(v, result); return result; } @@ -7789,20 +7274,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e70( +static void decrypt_unpacked_180( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_b10(ciphertext, u_as_ntt); + deserialize_then_decompress_u_200(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_30( + deserialize_then_decompress_ring_element_v_67( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_f60(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_ef(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7816,8 +7301,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_6f1(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b6(input, ret); } /** @@ -7842,14 +7327,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e70(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_180(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -7861,7 +7346,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -7871,7 +7356,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_974( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -7880,9 +7365,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_041( + PRF_f1_6f1( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = @@ -7890,10 +7375,10 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_6c0(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_650(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + libcrux_ml_kem_types_as_ref_00_f01(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -7914,12 +7399,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_010( +static KRML_MUSTINLINE void deserialize_secret_key_6b0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7931,7 +7416,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_010( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_00(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7949,10 +7434,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_c20(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_4a0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_010(secret_key, secret_as_ntt); + deserialize_secret_key_6b0(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; memcpy( uu____0, secret_as_ntt, @@ -7963,7 +7448,7 @@ static void decrypt_c20(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e70(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_180(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7989,7 +7474,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f0( +void libcrux_ml_kem_ind_cca_decapsulate_710( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -8008,9 +7493,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c20(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_4a0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -8019,7 +7504,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -8029,31 +7514,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_041( + PRF_f1_6f1( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_0d0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f70(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e8( + kdf_af_26( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_e8(shared_secret0, shared_secret); + kdf_af_26(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + libcrux_ml_kem_types_as_ref_00_f01(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -8077,12 +7562,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_520( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8094,7 +7579,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8112,7 +7597,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_f8( +static KRML_MUSTINLINE void serialize_secret_key_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -8131,7 +7616,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); + serialize_uncompressed_ring_element_05(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -8151,7 +7636,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_80( +static KRML_MUSTINLINE void serialize_public_key_9a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -8159,7 +7644,7 @@ static KRML_MUSTINLINE void serialize_public_key_80( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - serialize_secret_key_f8(t_as_ntt, ret0); + serialize_secret_key_e8(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -8180,15 +7665,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_720( + deserialize_ring_elements_reduced_520( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_80( + serialize_public_key_9a( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -8219,7 +7704,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_b6(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_11(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -8230,10 +7715,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_e8( +static void closure_82( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -8251,7 +7736,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_75(uint8_t input[3U][34U]) { +shake128_init_absorb_41(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -8281,10 +7766,10 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_f1_11(uint8_t input[3U][34U]) { +shake128_init_absorb_f1_51(uint8_t input[3U][34U]) { uint8_t uu____0[3U][34U]; memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_75(uu____0); + return shake128_init_absorb_41(uu____0); } /** @@ -8293,7 +7778,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_10( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_54( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -8315,9 +7800,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_7f( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_10(self, ret); + shake128_squeeze_three_blocks_54(self, ret); } /** @@ -8368,7 +7853,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_02( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -8407,7 +7892,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_ed(PortableHash_58 *st, +static KRML_MUSTINLINE void shake128_squeeze_block_88(PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -8428,9 +7913,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_c1( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_68( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_ed(self, ret); + shake128_squeeze_block_88(self, ret); } /** @@ -8481,7 +7966,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_020( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -8521,9 +8006,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_13( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( + return from_i16_array_89_48(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -8534,29 +8019,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_2b( +static KRML_MUSTINLINE void sample_from_xof_f6( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_f1_11(uu____0); + PortableHash_58 xof_state = shake128_init_absorb_f1_51(uu____0); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_f1_4e(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_7f(&xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_05( + bool done = sample_from_uniform_distribution_next_02( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_block_f1_c1(&xof_state, randomness); + shake128_squeeze_block_f1_68(&xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_050( + done = sample_from_uniform_distribution_next_020( uu____2, sampled_coefficients, out); } } @@ -8564,7 +8049,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b( memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_99(uu____3[i]);); + ret0[i] = closure_13(uu____3[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8577,12 +8062,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_23( +static KRML_MUSTINLINE void sample_matrix_A_55( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_e8(A_transpose[i]);); + closure_82(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -8595,7 +8080,7 @@ static KRML_MUSTINLINE void sample_matrix_A_23( uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_2b(uu____1, sampled); + sample_from_xof_f6(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -8634,7 +8119,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_63(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -8656,9 +8141,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_77(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_1d(input, ret); + PRFxN_63(input, ret); } /** @@ -8674,11 +8159,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); + re_as_ntt[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -8689,12 +8174,12 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_77(prf_inputs, prf_outputs); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_66( + re_as_ntt[i0] = sample_from_binomial_distribution_e3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, @@ -8721,7 +8206,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_93( +static KRML_MUSTINLINE void add_to_ring_element_89_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8750,14 +8235,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_da( +static KRML_MUSTINLINE void compute_As_plus_e_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -8780,10 +8265,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_93(&result[i1], &product); + ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_8e(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -8840,10 +8325,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_f4( +static tuple_9b generate_keypair_unpacked_a9( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b6(key_generation_seed, hashed); + G_f1_11(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8851,14 +8336,14 @@ static tuple_9b generate_keypair_unpacked_f4( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_23(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_55(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_d7(uu____1, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_01(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -8869,10 +8354,10 @@ static tuple_9b generate_keypair_unpacked_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d7(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_01(uu____3, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_a5(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -8921,10 +8406,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_57( +static void closure_f2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -8936,7 +8421,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_af(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -8954,7 +8439,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -8963,18 +8448,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b uu____0 = generate_keypair_unpacked_f4(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_a9(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_57(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_f2(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_93(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8984,13 +8469,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_80( + serialize_public_key_9a( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + H_f1_af(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -9030,18 +8515,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e8( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_f4(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_a9(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_80(pk.t_as_ntt, + serialize_public_key_9a(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_e8(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1152U]; memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); uint8_t uu____2[1184U]; @@ -9062,7 +8547,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_a8( +static KRML_MUSTINLINE void serialize_kem_secret_key_97( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -9091,7 +8576,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_a8( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e(public_key, ret0); + H_f1_af(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -9132,7 +8617,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -9142,13 +8627,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_ec(ind_cpa_keypair_randomness); + generate_keypair_e8(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_a8( + serialize_kem_secret_key_97( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -9157,12 +8642,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a70(uu____1); + libcrux_ml_kem_types_from_05_e0(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c90( - uu____2, libcrux_ml_kem_types_from_b6_4c0(uu____3)); + return libcrux_ml_kem_types_from_17_2c( + uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); } /** @@ -9178,10 +8663,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_39();); + error_1[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -9192,11 +8677,11 @@ sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_77(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; @@ -9221,9 +8706,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_040(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_6f0(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_b60(input, ret); } /** @@ -9232,18 +8717,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_86( +static KRML_MUSTINLINE void invert_ntt_montgomery_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_2a(&zeta_i, re); + invert_ntt_at_layer_2_84(&zeta_i, re); + invert_ntt_at_layer_3_75(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_55(re); } /** @@ -9255,14 +8740,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_a1( +static KRML_MUSTINLINE void compute_vector_u_57( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -9284,11 +8769,11 @@ static KRML_MUSTINLINE void compute_vector_u_a1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_93(&result[i1], &product); + ntt_multiply_89_f7(a_element, &r_as_ntt[j]); + add_to_ring_element_89_8e(&result[i1], &product); } - invert_ntt_montgomery_86(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d4(&result[i1]); + add_error_reduce_89_b9(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -9305,18 +8790,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f( +compute_ring_element_v_c8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_93(&result, &product);); - invert_ntt_montgomery_86(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_8e(&result, &product);); + invert_ntt_montgomery_d4(&result); + result = add_message_error_reduce_89_11(error_2, message, result); return result; } @@ -9332,7 +8817,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_24( +static void compress_then_serialize_u_25( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -9350,7 +8835,7 @@ static void compress_then_serialize_u_24( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_2f(&re, ret); + compress_then_serialize_ring_element_u_d8(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -9417,14 +8902,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c( +static void encrypt_unpacked_65( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_d7(uu____0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_01(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -9432,7 +8917,7 @@ static void encrypt_unpacked_6c( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = sample_ring_element_cbd_2c(uu____2, domain_separator0); + tuple_b0 uu____3 = sample_ring_element_cbd_38(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -9440,31 +8925,31 @@ static void encrypt_unpacked_6c( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_040( + PRF_f1_6f0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_57(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_cb(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c8(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_24( + compress_then_serialize_u_25( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_31( + compress_then_serialize_ring_element_v_d6( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -9490,11 +8975,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -9506,7 +8991,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -9520,7 +9005,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_65(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -9529,7 +9014,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f50(uu____4); + libcrux_ml_kem_types_from_01_20(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -9548,7 +9033,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_6c(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_d2(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -9570,12 +9055,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_52( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9587,7 +9072,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -9613,10 +9098,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_72( + deserialize_ring_elements_reduced_52( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -9624,8 +9109,8 @@ static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_23(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_55(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -9655,7 +9140,7 @@ static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_6c(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_65(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -9670,7 +9155,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_b6(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_69(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -9698,15 +9183,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_6c( + entropy_preprocess_af_d2( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -9714,8 +9199,8 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), + H_f1_af(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -9723,7 +9208,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -9733,18 +9218,18 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_0d(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_f7(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f50(uu____4); + libcrux_ml_kem_types_from_01_20(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_b6(shared_secret, shared_secret_array); + kdf_af_69(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -9766,12 +9251,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_20( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, @@ -9790,8 +9275,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_89(u_bytes); - ntt_vector_u_ed(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_45(u_bytes); + ntt_vector_u_d7(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -9811,17 +9296,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb( +compute_message_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_93(&result, &product);); - invert_ntt_montgomery_86(&result); - result = subtract_reduce_89_7d(v, result); + ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_8e(&result, &product);); + invert_ntt_montgomery_d4(&result); + result = subtract_reduce_89_d2(v, result); return result; } @@ -9859,20 +9344,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e7( +static void decrypt_unpacked_18( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_b1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_20(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_30( + deserialize_then_decompress_ring_element_v_67( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_f6(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_ef(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9886,8 +9371,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_6f(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b6(input, ret); } /** @@ -9912,14 +9397,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e7(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_18(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -9931,7 +9416,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -9941,7 +9426,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( + libcrux_ml_kem_utils_into_padded_array_970( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -9950,9 +9435,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_04( + PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -9960,10 +9445,10 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_65(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_00_f0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -9984,12 +9469,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_01( +static KRML_MUSTINLINE void deserialize_secret_key_6b( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -10001,7 +9486,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_01( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_00(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -10019,10 +9504,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_c2(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_4a(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_01(secret_key, secret_as_ntt); + deserialize_secret_key_6b(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -10033,7 +9518,7 @@ static void decrypt_c2(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e7(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_18(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -10059,7 +9544,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f( +void libcrux_ml_kem_ind_cca_decapsulate_71( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -10078,9 +9563,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c2(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_4a(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -10089,7 +9574,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -10099,31 +9584,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_04( + PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_0d(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f7(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_b6( + kdf_af_69( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_b6(shared_secret0, shared_secret); + kdf_af_69(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_00_f0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 0088ab487..d4b1c0ce7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem_portable_H @@ -39,10 +39,49 @@ void libcrux_ml_kem_hash_functions_portable_H(Eurydice_slice input, #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes); + typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { int16_t elements[16U]; } libcrux_ml_kem_vector_portable_vector_type_PortableVector; +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); + +void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array); @@ -53,6 +92,55 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array); +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_slice v); + +void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]); + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); + typedef struct uint8_t_x11_s { uint8_t fst; uint8_t snd; @@ -82,23 +170,9 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[22U]); -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; - int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void); - libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); @@ -109,22 +183,6 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a); -void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - -extern const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] - [16U]; - /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -501,55 +559,6 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]); -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); - -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; - -uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_slice v); - -void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); - uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_slice v); @@ -565,19 +574,6 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]); -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); - typedef struct uint8_t_x3_s { uint8_t fst; uint8_t snd; diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index a0797a0ce..f83fa6654 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_sha3_H @@ -29,7 +29,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_fd(buf0, buf); } /** @@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_fd0(buf0, buf); } /** @@ -49,7 +49,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_fd1(buf0, buf); } /** @@ -59,7 +59,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_fd2(buf0, buf); } /** @@ -69,7 +69,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); + libcrux_sha3_portable_keccakx1_fd3(buf0, buf); } /** @@ -158,7 +158,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); + libcrux_sha3_portable_keccakx1_fd4(buf0, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index fb89c890d..569a83ca1 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -5,2304 +5,69 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ -#include "internal/libcrux_sha3_avx2.h" - -#include "internal/libcrux_core.h" - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE __m256i zero_ef(void) { - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); -} - -static KRML_MUSTINLINE __m256i _veor5q_u64(__m256i a, __m256i b, __m256i c, - __m256i d, __m256i e) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - __m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - __m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE __m256i xor5_ef(__m256i a, __m256i b, __m256i c, - __m256i d, __m256i e) { - return _veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE __m256i rotate_left_58(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, __m256i)); -} - -static KRML_MUSTINLINE __m256i _vrax1q_u64(__m256i a, __m256i b) { - __m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE __m256i rotate_left1_and_xor_ef(__m256i a, __m256i b) { - return _vrax1q_u64(a, b); -} - -static KRML_MUSTINLINE __m256i _vbcaxq_u64(__m256i a, __m256i b, __m256i c) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE __m256i and_not_xor_ef(__m256i a, __m256i b, __m256i c) { - return _vbcaxq_u64(a, b, c); -} - -static KRML_MUSTINLINE __m256i _veorq_n_u64(__m256i a, uint64_t c) { - __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE __m256i xor_constant_ef(__m256i a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE __m256i xor_ef(__m256i a, __m256i b) { - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); -} - -static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, - size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, - Eurydice_slice); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, - Eurydice_slice); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE void slice_n_ef(Eurydice_slice a[4U], size_t start, - size_t len, Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[4U]; - slice_4(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); -} - -static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 -split_at_mut_4(Eurydice_slice out[4U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice out2 = out[2U]; - Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( - out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out20 = uu____2.fst; - Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( - out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out30 = uu____3.fst; - Eurydice_slice out31 = uu____3.snd; - Eurydice_slice_uint8_t_4size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.fst[2U] = out20; - lit.fst[3U] = out30; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - lit.snd[2U] = out21; - lit.snd[3U] = out31; - return lit; -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 -split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { - return split_at_mut_4(a, mid); -} - -/** - Create a new Shake128 x4 state. -*/ -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_1e_16(void) { - libcrux_sha3_generic_keccak_KeccakState_29 lit; - lit.st[0U][0U] = zero_ef(); - lit.st[0U][1U] = zero_ef(); - lit.st[0U][2U] = zero_ef(); - lit.st[0U][3U] = zero_ef(); - lit.st[0U][4U] = zero_ef(); - lit.st[1U][0U] = zero_ef(); - lit.st[1U][1U] = zero_ef(); - lit.st[1U][2U] = zero_ef(); - lit.st[1U][3U] = zero_ef(); - lit.st[1U][4U] = zero_ef(); - lit.st[2U][0U] = zero_ef(); - lit.st[2U][1U] = zero_ef(); - lit.st[2U][2U] = zero_ef(); - lit.st[2U][3U] = zero_ef(); - lit.st[2U][4U] = zero_ef(); - lit.st[3U][0U] = zero_ef(); - lit.st[3U][1U] = zero_ef(); - lit.st[3U][2U] = zero_ef(); - lit.st[3U][3U] = zero_ef(); - lit.st[3U][4U] = zero_ef(); - lit.st[4U][0U] = zero_ef(); - lit.st[4U][1U] = zero_ef(); - lit.st[4U][2U] = zero_ef(); - lit.st[4U][3U] = zero_ef(); - lit.st[4U][4U] = zero_ef(); - return lit; -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - __m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, __m256i); - __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, __m256i); - __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, __m256i); - __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, __m256i); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_ef_6a(__m256i (*a)[5U], - Eurydice_slice b[4U]) { - __m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block_c7(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE __m256i rotate_left_580(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c1(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_580(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_17(__m256i a, __m256i b) { - return _vxarq_u64_c1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE __m256i rotate_left_581(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c10(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_581(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_170(__m256i a, __m256i b) { - return _vxarq_u64_c10(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE __m256i rotate_left_582(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c11(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_582(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_171(__m256i a, __m256i b) { - return _vxarq_u64_c11(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE __m256i rotate_left_583(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c12(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_583(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_172(__m256i a, __m256i b) { - return _vxarq_u64_c12(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c13(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_58(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_173(__m256i a, __m256i b) { - return _vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE __m256i rotate_left_584(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c14(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_174(__m256i a, __m256i b) { - return _vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE __m256i rotate_left_585(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c15(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_175(__m256i a, __m256i b) { - return _vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE __m256i rotate_left_586(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c16(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_176(__m256i a, __m256i b) { - return _vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE __m256i rotate_left_587(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c17(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_177(__m256i a, __m256i b) { - return _vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE __m256i rotate_left_588(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c18(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_178(__m256i a, __m256i b) { - return _vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE __m256i rotate_left_589(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c19(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_179(__m256i a, __m256i b) { - return _vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5810(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c110(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1710(__m256i a, __m256i b) { - return _vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5811(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c111(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1711(__m256i a, __m256i b) { - return _vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5812(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c112(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1712(__m256i a, __m256i b) { - return _vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5813(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c113(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1713(__m256i a, __m256i b) { - return _vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5814(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c114(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1714(__m256i a, __m256i b) { - return _vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5815(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c115(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1715(__m256i a, __m256i b) { - return _vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5816(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c116(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1716(__m256i a, __m256i b) { - return _vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5817(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c117(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1717(__m256i a, __m256i b) { - return _vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5818(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c118(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1718(__m256i a, __m256i b) { - return _vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5819(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c119(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1719(__m256i a, __m256i b) { - return _vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5820(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c120(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1720(__m256i a, __m256i b) { - return _vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5821(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c121(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1721(__m256i a, __m256i b) { - return _vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5822(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c122(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5822(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1722(__m256i a, __m256i b) { - return _vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void theta_rho_71( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - __m256i c[5U] = {xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], - s->st[3U][0U], s->st[4U][0U]), - xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], - s->st[3U][1U], s->st[4U][1U]), - xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], - s->st[3U][2U], s->st[4U][2U]), - xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], - s->st[3U][3U], s->st[4U][3U]), - xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], - s->st[3U][4U], s->st[4U][4U])}; - __m256i uu____0 = - rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - __m256i uu____1 = - rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - __m256i uu____2 = - rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - __m256i uu____3 = - rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - __m256i t[5U] = { - uu____0, uu____1, uu____2, uu____3, - rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - s->st[1U][0U] = xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[2U][0U] = xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[3U][0U] = xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[4U][0U] = xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[0U][1U] = xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[1U][1U] = xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[2U][1U] = xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[3U][1U] = xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[4U][1U] = xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[0U][2U] = xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[1U][2U] = xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[2U][2U] = xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[3U][2U] = xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[4U][2U] = xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[0U][3U] = xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[1U][3U] = xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[2U][3U] = xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[3U][3U] = xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[4U][3U] = xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[0U][4U] = xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[1U][4U] = xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[2U][4U] = xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[3U][4U] = xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - __m256i uu____27 = xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void pi_01( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - __m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void chi_9b( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - __m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; - KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - s->st[i1][j] = and_not_xor_ef( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]););); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void iota_09( - libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { - s->st[0U][0U] = xor_constant_ef( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void keccakf1600_07( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho_71(s); - pi_01(s); - chi_9b(s); - iota_09(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void absorb_block_37( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { - __m256i(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - load_block_ef_6a(uu____0, uu____1); - keccakf1600_07(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_91(__m256i (*s)[5U], - uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block_c7(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_ef_05(__m256i (*a)[5U], - uint8_t b[4U][200U]) { - __m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_91(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -- DELIM= 31 -*/ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - __m256i(*uu____3)[5U] = s->st; - uint8_t uu____4[4U][200U]; - memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_05(uu____3, uu____4); - keccakf1600_07(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - __m256i); - __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - __m256i); - __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_0b(__m256i (*s)[5U], - uint8_t ret[4U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - uint8_t out2[200U] = {0U}; - uint8_t out3[200U] = {0U}; - Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; - store_block_e9(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____2[200U]; - memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_ef_99(__m256i (*a)[5U], - uint8_t ret[4U][200U]) { - store_block_full_0b(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_a4( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - uint8_t b[4U][200U]; - store_block_full_ef_99(s->st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_ef_f6(__m256i (*a)[5U], - Eurydice_slice b[4U]) { - store_block_e9(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_block_e9( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f6(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_next_block_1c( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f6(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_last_77( - libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - keccakf1600_07(&s); - uint8_t b[4U][200U]; - store_block_full_ef_99(s.st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], - Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_37(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n_ef(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_a4(&s, out); - } else { - Eurydice_slice_uint8_t_4size_t__x2 uu____4 = - split_at_mut_n_ef(out, (size_t)136U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o1[4U]; - memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e9(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_4size_t__x2 uu____5 = - split_at_mut_n_ef(o1, (size_t)136U); - Eurydice_slice o[4U]; - memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice orest[4U]; - memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c(&s, o); - memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_77(s, o1); - } - } -} +#include "libcrux_sha3_avx2.h" /** Perform 4 SHAKE256 operations in parallel */ -void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice input2, Eurydice_slice input3, - Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - keccak_14(buf0, buf); +KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, + Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** Initialise the [`KeccakState`]. */ -libcrux_sha3_generic_keccak_KeccakState_29 +KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void) { - return new_1e_16(); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - __m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, __m256i); - __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, __m256i); - __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, __m256i); - __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, __m256i); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_910(__m256i (*s)[5U], - uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block_c70(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_ef_050(__m256i (*a)[5U], - uint8_t b[4U][200U]) { - __m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_910(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void absorb_final_5e0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - __m256i(*uu____3)[5U] = s->st; - uint8_t uu____4[4U][200U]; - memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_050(uu____3, uu____4); - keccakf1600_07(s); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** Absorb */ -void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, +KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - absorb_final_5e0(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - __m256i); - __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - __m256i); - __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void store_block_ef_f60(__m256i (*a)[5U], - Eurydice_slice b[4U]) { - store_block_e90(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_next_block_1c0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f60(s->st, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** Squeeze another block */ -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c0(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_block_e90( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f60(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - Eurydice_slice_uint8_t_4size_t__x2 uu____0 = - split_at_mut_n_ef(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); - Eurydice_slice_uint8_t_4size_t__x2 uu____1 = - split_at_mut_n_ef(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o2[4U]; - memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); - squeeze_next_block_1c0(s, o2); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** Squeeze three blocks */ -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - Eurydice_slice_uint8_t_4size_t__x2 uu____0 = - split_at_mut_n_ef(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); - Eurydice_slice_uint8_t_4size_t__x2 uu____1 = - split_at_mut_n_ef(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o20[4U]; - memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); - Eurydice_slice_uint8_t_4size_t__x2 uu____2 = - split_at_mut_n_ef(o20, (size_t)168U); - Eurydice_slice o2[4U]; - memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o30[4U]; - memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o2); - Eurydice_slice_uint8_t_4size_t__x2 uu____3 = - split_at_mut_n_ef(o30, (size_t)168U); - Eurydice_slice o3[4U]; - memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o4[4U]; - memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o3); - squeeze_next_block_1c0(s, o4); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** @@ -2310,20 +75,22 @@ static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_five_blocks_e4(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** Absorb */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** @@ -2331,10 +98,11 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_block_e9(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** @@ -2342,8 +110,9 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index fca89dc4c..06c3fa6fc 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_sha3_avx2_H @@ -20,18 +20,7 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_core.h" -#include "libcrux_sha3_internal.h" - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_x86___m256i -with const generics -- $4size_t -*/ -typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { - __m256i st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_29; +#include "libcrux_sha3_neon.h" /** Perform 4 SHAKE256 operations in parallel @@ -41,59 +30,63 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; +} libcrux_sha3_avx2_x4_incremental_KeccakState; + /** Initialise the [`KeccakState`]. */ -libcrux_sha3_generic_keccak_KeccakState_29 +libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void); /** Absorb */ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); /** Squeeze another block */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Squeeze three blocks */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Squeeze five blocks */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Absorb */ void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); /** Squeeze block */ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Squeeze next block */ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 7ae9eb4eb..a1665484d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); } /** @@ -201,7 +201,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_1e_7a(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -236,7 +236,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -261,11 +261,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + libcrux_sha3_portable_keccak_load_block_de(s, buf); } /** @@ -277,12 +277,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); } /** @@ -292,7 +292,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -303,9 +303,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_340(ab); } /** @@ -319,8 +319,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); } /** @@ -330,7 +330,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -341,9 +341,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_341(ab); } /** @@ -357,8 +357,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); } /** @@ -368,7 +368,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -379,9 +379,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_342(ab); } /** @@ -395,8 +395,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); } /** @@ -406,7 +406,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -417,9 +417,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_343(ab); } /** @@ -433,8 +433,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); } /** @@ -444,9 +444,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_34(ab); } /** @@ -460,8 +460,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); } /** @@ -471,7 +471,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -482,9 +482,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_344(ab); } /** @@ -498,8 +498,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); } /** @@ -509,7 +509,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -520,9 +520,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_345(ab); } /** @@ -536,8 +536,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); } /** @@ -547,7 +547,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -558,9 +558,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_346(ab); } /** @@ -574,8 +574,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); } /** @@ -585,7 +585,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -596,9 +596,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_347(ab); } /** @@ -612,8 +612,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); } /** @@ -623,7 +623,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -634,9 +634,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_348(ab); } /** @@ -650,8 +650,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); } /** @@ -661,7 +661,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -672,9 +672,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_349(ab); } /** @@ -688,8 +688,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); } /** @@ -699,7 +699,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -710,9 +710,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_3410(ab); } /** @@ -726,8 +726,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); } /** @@ -737,7 +737,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -748,9 +748,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_3411(ab); } /** @@ -764,8 +764,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); } /** @@ -775,7 +775,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -786,9 +786,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_3412(ab); } /** @@ -802,8 +802,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); } /** @@ -813,7 +813,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -824,9 +824,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_3413(ab); } /** @@ -840,8 +840,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); } /** @@ -851,7 +851,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -862,9 +862,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_3414(ab); } /** @@ -878,8 +878,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); } /** @@ -889,7 +889,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -900,9 +900,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_3415(ab); } /** @@ -916,8 +916,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); } /** @@ -927,7 +927,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -938,9 +938,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_3416(ab); } /** @@ -954,8 +954,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); } /** @@ -965,7 +965,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -976,9 +976,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_3417(ab); } /** @@ -992,8 +992,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); } /** @@ -1003,7 +1003,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1014,9 +1014,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_3418(ab); } /** @@ -1030,8 +1030,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); } /** @@ -1041,7 +1041,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1052,9 +1052,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_3419(ab); } /** @@ -1068,8 +1068,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); } /** @@ -1079,7 +1079,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1090,9 +1090,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_3420(ab); } /** @@ -1106,8 +1106,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); } /** @@ -1117,7 +1117,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1128,9 +1128,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_3421(ab); } /** @@ -1144,8 +1144,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); } /** @@ -1155,7 +1155,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1166,9 +1166,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_3422(ab); } /** @@ -1182,8 +1182,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); } /** @@ -1192,7 +1192,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1228,53 +1228,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1284,7 +1284,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1320,7 +1320,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1338,7 +1338,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1350,14 +1350,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_8d(s); + libcrux_sha3_generic_keccak_pi_ac(s); + libcrux_sha3_generic_keccak_chi_c7(s); + libcrux_sha3_generic_keccak_iota_4f(s, i0); } } @@ -1369,7 +1369,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1388,8 +1388,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1397,7 +1397,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -1422,9 +1422,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_58(a, b); + libcrux_sha3_portable_keccak_store_block_39(a, b); } /** @@ -1434,10 +1434,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); } /** @@ -1447,9 +1447,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); } /** @@ -1457,7 +1457,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1482,11 +1482,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + libcrux_sha3_portable_keccak_load_block_de0(s, buf); } /** @@ -1498,12 +1498,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); } /** @@ -1514,7 +1514,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1533,8 +1533,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1542,7 +1542,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1567,9 +1567,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_580(a, b); + libcrux_sha3_portable_keccak_store_block_390(a, b); } /** @@ -1579,9 +1579,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); } /** @@ -1591,10 +1591,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); } /** @@ -1606,12 +1606,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); } /** @@ -1621,13 +1621,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1635,12 +1635,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_58(s, buf); + libcrux_sha3_portable_keccak_store_block_39(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1656,9 +1656,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); } /** @@ -1669,10 +1669,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( +libcrux_sha3_generic_keccak_squeeze_first_and_last_653( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1695,11 +1695,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1723,10 +1723,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { @@ -1737,7 +1737,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; @@ -1748,12 +1748,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1761,7 +1761,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1779,12 +1779,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); } } } @@ -1795,11 +1795,11 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); } /** @@ -1807,7 +1807,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1836,12 +1836,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); } /** @@ -1851,13 +1851,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1865,11 +1865,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + libcrux_sha3_portable_keccak_load_block_de3(s, buf); } /** @@ -1881,12 +1881,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); } /** @@ -1897,7 +1897,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1916,8 +1916,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1925,7 +1925,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1946,12 +1946,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_583(s, buf); + libcrux_sha3_portable_keccak_store_block_393(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1967,9 +1967,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); } /** @@ -1980,10 +1980,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( +libcrux_sha3_generic_keccak_squeeze_first_and_last_652( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2008,9 +2008,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_583(a, b); + libcrux_sha3_portable_keccak_store_block_393(a, b); } /** @@ -2020,9 +2020,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); } /** @@ -2032,10 +2032,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); } /** @@ -2045,11 +2045,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2073,10 +2073,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { @@ -2087,7 +2087,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; @@ -2098,12 +2098,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2111,7 +2111,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2129,12 +2129,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); } } } @@ -2145,11 +2145,11 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); } /** @@ -2157,7 +2157,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2186,12 +2186,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); } /** @@ -2201,13 +2201,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2215,11 +2215,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); + libcrux_sha3_portable_keccak_load_block_de2(s, buf); } /** @@ -2231,12 +2231,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); } /** @@ -2247,7 +2247,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2266,8 +2266,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2275,7 +2275,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2296,12 +2296,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_582(s, buf); + libcrux_sha3_portable_keccak_store_block_392(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2317,9 +2317,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); } /** @@ -2330,10 +2330,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_651( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2358,9 +2358,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_582(a, b); + libcrux_sha3_portable_keccak_store_block_392(a, b); } /** @@ -2370,9 +2370,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); } /** @@ -2382,10 +2382,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); } /** @@ -2395,11 +2395,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2423,10 +2423,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { @@ -2437,7 +2437,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; @@ -2448,12 +2448,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2461,7 +2461,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2479,12 +2479,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); } } } @@ -2495,11 +2495,11 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); } /** @@ -2511,12 +2511,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); } /** @@ -2526,13 +2526,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2540,12 +2540,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_580(s, buf); + libcrux_sha3_portable_keccak_store_block_390(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2561,9 +2561,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); } /** @@ -2574,10 +2574,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_650( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2600,11 +2600,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2628,10 +2628,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2642,7 +2642,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2653,12 +2653,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2666,7 +2666,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2684,12 +2684,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); } } } @@ -2700,11 +2700,11 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); } /** @@ -2715,7 +2715,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2734,8 +2734,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2746,10 +2746,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2760,7 +2760,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2771,12 +2771,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2784,7 +2784,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2802,12 +2802,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); } } } @@ -2818,11 +2818,11 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); } /** @@ -2830,7 +2830,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2859,12 +2859,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); } /** @@ -2874,13 +2874,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2888,11 +2888,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); + libcrux_sha3_portable_keccak_load_block_de1(s, buf); } /** @@ -2904,12 +2904,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); } /** @@ -2920,7 +2920,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2939,8 +2939,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2948,7 +2948,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2969,12 +2969,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_581(s, buf); + libcrux_sha3_portable_keccak_store_block_391(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2989,9 +2989,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); } /** @@ -3002,10 +3002,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_65( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3030,9 +3030,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_581(a, b); + libcrux_sha3_portable_keccak_store_block_391(a, b); } /** @@ -3042,9 +3042,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); } /** @@ -3054,10 +3054,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); } /** @@ -3067,11 +3067,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3095,10 +3095,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { @@ -3109,7 +3109,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; @@ -3120,12 +3120,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3133,7 +3133,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3151,12 +3151,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); } } } @@ -3167,11 +3167,11 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index e000a5155..b0f13ff6d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -5,30 +5,2198 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #include "libcrux_sha3_neon.h" +#include "internal/libcrux_core.h" + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE uint64x2_t zero_fa(void) { + return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); +} + +static KRML_MUSTINLINE uint64x2_t _veor5q_u64(uint64x2_t a, uint64x2_t b, + uint64x2_t c, uint64x2_t d, + uint64x2_t e) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t cd = libcrux_intrinsics_arm64__veorq_u64(c, d); + uint64x2_t abcd = libcrux_intrinsics_arm64__veorq_u64(ab, cd); + return libcrux_intrinsics_arm64__veorq_u64(abcd, e); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE uint64x2_t xor5_fa(uint64x2_t a, uint64x2_t b, + uint64x2_t c, uint64x2_t d, + uint64x2_t e) { + return _veor5q_u64(a, b, c, d, e); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_58(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)1, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)63, x, uint64x2_t)); +} + +static KRML_MUSTINLINE uint64x2_t _vrax1q_u64(uint64x2_t a, uint64x2_t b) { + uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64(uu____0, rotate_left_58(b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left1_and_xor_fa(uint64x2_t a, + uint64x2_t b) { + return _vrax1q_u64(a, b); +} + +static KRML_MUSTINLINE uint64x2_t _vbcaxq_u64(uint64x2_t a, uint64x2_t b, + uint64x2_t c) { + return libcrux_intrinsics_arm64__veorq_u64( + a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE uint64x2_t and_not_xor_fa(uint64x2_t a, uint64x2_t b, + uint64x2_t c) { + return _vbcaxq_u64(a, b, c); +} + +static KRML_MUSTINLINE uint64x2_t _veorq_n_u64(uint64x2_t a, uint64_t c) { + uint64x2_t c0 = libcrux_intrinsics_arm64__vdupq_n_u64(c); + return libcrux_intrinsics_arm64__veorq_u64(a, c0); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE uint64x2_t xor_constant_fa(uint64x2_t a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE uint64x2_t xor_fa(uint64x2_t a, uint64x2_t b) { + return libcrux_intrinsics_arm64__veorq_u64(a, b); +} + +static KRML_MUSTINLINE void slice_2(Eurydice_slice a[2U], size_t start, + size_t len, Eurydice_slice ret[2U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE void slice_n_fa(Eurydice_slice a[2U], size_t start, + size_t len, Eurydice_slice ret[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[2U]; + slice_2(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); +} + +static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 +split_at_mut_2(Eurydice_slice out[2U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_2size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 +split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { + return split_at_mut_2(a, mid); +} + +/** + Create a new Shake128 x4 state. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc +new_1e_12(void) { + libcrux_sha3_generic_keccak_KeccakState_fc lit; + lit.st[0U][0U] = zero_fa(); + lit.st[0U][1U] = zero_fa(); + lit.st[0U][2U] = zero_fa(); + lit.st[0U][3U] = zero_fa(); + lit.st[0U][4U] = zero_fa(); + lit.st[1U][0U] = zero_fa(); + lit.st[1U][1U] = zero_fa(); + lit.st[1U][2U] = zero_fa(); + lit.st[1U][3U] = zero_fa(); + lit.st[1U][4U] = zero_fa(); + lit.st[2U][0U] = zero_fa(); + lit.st[2U][1U] = zero_fa(); + lit.st[2U][2U] = zero_fa(); + lit.st[2U][3U] = zero_fa(); + lit.st[2U][4U] = zero_fa(); + lit.st[3U][0U] = zero_fa(); + lit.st[3U][1U] = zero_fa(); + lit.st[3U][2U] = zero_fa(); + lit.st[3U][3U] = zero_fa(); + lit.st[3U][4U] = zero_fa(); + lit.st[4U][0U] = zero_fa(); + lit.st[4U][1U] = zero_fa(); + lit.st[4U][2U] = zero_fa(); + lit.st[4U][3U] = zero_fa(); + lit.st[4U][4U] = zero_fa(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void load_block_3c(uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, + (size_t)72U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, + (size_t)72U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void load_block_fa_0f(uint64x2_t (*a)[5U], + Eurydice_slice b[2U]) { + uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_580(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)36, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)28, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c1(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_580(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_581(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)3, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)61, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c10(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_581(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f0(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c10(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_582(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)41, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)23, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c11(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_582(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f1(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c11(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_583(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)18, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)46, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c12(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_583(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f2(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c12(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c13(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_58(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f3(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_584(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)44, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)20, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c14(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f4(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_585(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)10, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)54, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c15(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f5(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_586(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)45, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)19, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c16(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f6(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_587(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)2, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)62, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c17(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f7(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_588(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)62, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)2, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c18(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f8(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_589(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)6, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)58, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c19(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f9(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5810(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)43, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)21, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c110(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f10(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5811(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)15, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)49, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c111(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f11(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5812(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)61, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)3, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c112(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f12(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5813(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)28, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)36, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c113(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f13(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5814(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)55, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)9, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c114(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f14(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5815(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)25, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)39, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c115(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f15(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5816(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)21, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)43, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c116(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f16(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5817(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)56, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)8, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c117(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f17(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5818(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)27, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)37, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c118(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f18(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5819(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)20, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)44, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c119(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f19(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5820(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)39, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)25, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c120(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f20(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5821(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)8, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)56, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c121(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f21(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5822(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)14, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)50, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c122(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f22(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void theta_rho_eb( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + uint64x2_t c[5U] = {xor5_fa(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], + s->st[3U][0U], s->st[4U][0U]), + xor5_fa(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], + s->st[3U][1U], s->st[4U][1U]), + xor5_fa(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], + s->st[3U][2U], s->st[4U][2U]), + xor5_fa(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], + s->st[3U][3U], s->st[4U][3U]), + xor5_fa(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], + s->st[3U][4U], s->st[4U][4U])}; + uint64x2_t uu____0 = + rotate_left1_and_xor_fa(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + uint64x2_t uu____1 = + rotate_left1_and_xor_fa(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + uint64x2_t uu____2 = + rotate_left1_and_xor_fa(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + uint64x2_t uu____3 = + rotate_left1_and_xor_fa(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + uint64x2_t t[5U] = { + uu____0, uu____1, uu____2, uu____3, + rotate_left1_and_xor_fa(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = xor_fa(s->st[0U][0U], t[0U]); + s->st[1U][0U] = xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); + s->st[2U][0U] = xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); + s->st[3U][0U] = xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); + s->st[4U][0U] = xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); + s->st[0U][1U] = xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); + s->st[1U][1U] = xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); + s->st[2U][1U] = xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); + s->st[3U][1U] = xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); + s->st[4U][1U] = xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); + s->st[0U][2U] = xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); + s->st[1U][2U] = xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); + s->st[2U][2U] = xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); + s->st[3U][2U] = xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); + s->st[4U][2U] = xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); + s->st[0U][3U] = xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); + s->st[1U][3U] = xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); + s->st[2U][3U] = xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); + s->st[3U][3U] = xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); + s->st[4U][3U] = xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); + s->st[0U][4U] = xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); + s->st[1U][4U] = xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); + s->st[2U][4U] = xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); + s->st[3U][4U] = xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); + uint64x2_t uu____27 = xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void pi_a0( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + uint64x2_t old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(uint64x2_t[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void chi_b0( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + uint64x2_t old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(uint64x2_t[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + s->st[i1][j] = and_not_xor_fa( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]););); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void iota_33( + libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { + s->st[0U][0U] = xor_constant_fa( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void keccakf1600_3e( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho_eb(s); + pi_a0(s); + chi_b0(s); + iota_33(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void absorb_block_45( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void load_block_full_3e(uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void load_block_full_fa_07(uint64x2_t (*a)[5U], + uint8_t b[2U][200U]) { + uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)72U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_07(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void store_block_2f(uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void store_block_full_9a(uint64x2_t (*s)[5U], + uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a5(uint64x2_t (*a)[5U], + uint8_t ret[2U][200U]) { + store_block_full_9a(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e7( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a5(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void store_block_fa_90(uint64x2_t (*a)[5U], + Eurydice_slice b[2U]) { + store_block_2f(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_90(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_90(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_last_70( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a5(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_59(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, ret); + absorb_block_45(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e7(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)72U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)72U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_70(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_59(uu____0, out); +} + +/** + A portable SHA3 512 implementation. +*/ +void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { + uint8_t dummy[64U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_3c0(uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_fa_0f0(uint64x2_t (*a)[5U], + Eurydice_slice b[2U]) { + uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c0(uu____0, uu____1); +} + /** - A portable SHA3 512 implementation. +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 */ -void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +static KRML_MUSTINLINE void absorb_block_450( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f0(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_3e0(uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c0(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_fa_070(uint64x2_t (*a)[5U], + uint8_t b[2U][200U]) { + uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e0(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_070(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_2f0(uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_9a0(uint64x2_t (*s)[5U], + uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f0(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a50(uint64x2_t (*a)[5U], + uint8_t ret[2U][200U]) { + store_block_full_9a0(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e70( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a50(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_fa_900(uint64x2_t (*a)[5U], + Eurydice_slice b[2U]) { + store_block_2f0(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_900(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_900(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_last_700( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a50(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_590(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_450(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe0(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e70(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f0(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d0(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_700(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e0(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_590(uu____0, out); } /** A portable SHA3 256 implementation. */ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e0(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void absorb_final_fe1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_070(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void keccak_591(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_450(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe1(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e70(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f0(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d0(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_700(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_591(uu____0, out); } /** @@ -36,60 +2204,695 @@ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { Writes the two results into `out0` and `out1` */ -KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice out0, Eurydice_slice out1) { + Eurydice_slice buf0[2U] = {input0, input1}; + Eurydice_slice buf[2U] = {out0, out1}; + keccakx2_6e1(buf0, buf); } /** Initialise the `KeccakState2`. */ -KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState +libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_shake128_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new_1e_12(); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_3c1(uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_3e1(uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c1(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_fa_071(uint64x2_t (*a)[5U], + uint8_t b[2U][200U]) { + uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e1(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void absorb_final_fe2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_071(uu____3, uu____4); + keccakf1600_3e(s); } /** Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. */ -KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, +void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, Eurydice_slice data1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[2U] = {data0, data1}; + absorb_final_fe2(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void store_block_2f1(uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void store_block_fa_901(uint64x2_t (*a)[5U], + Eurydice_slice b[2U]) { + store_block_2f1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_901(s->st, out); } /** Squeeze 2 times the next block in parallel in the [`KeccakState`] and return the output in `out0` and `out1`. */ -KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_next_block_5d1(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_901(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_three_blocks_2e( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + Eurydice_slice_uint8_t_2size_t__x2 uu____0 = + split_at_mut_n_fa(out, (size_t)168U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o10[2U]; + memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f1(s, o0); + Eurydice_slice_uint8_t_2size_t__x2 uu____1 = + split_at_mut_n_fa(o10, (size_t)168U); + Eurydice_slice o1[2U]; + memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o2[2U]; + memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d1(s, o1); + squeeze_next_block_5d1(s, o2); } /** Squeeze 2 times the first three blocks in parallel in the [`KeccakState`] and return the output in `out0` and `out1`. */ -KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_first_three_blocks_2e(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void load_block_3c2(uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void load_block_fa_0f1(uint64x2_t (*a)[5U], + Eurydice_slice b[2U]) { + uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c2(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void absorb_block_451( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f1(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void load_block_full_3e2(uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c2(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void load_block_full_fa_072(uint64x2_t (*a)[5U], + uint8_t b[2U][200U]) { + uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e2(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)144U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_072(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void store_block_2f2(uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void store_block_full_9a1(uint64x2_t (*s)[5U], + uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f2(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a51(uint64x2_t (*a)[5U], + uint8_t ret[2U][200U]) { + store_block_full_9a1(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e71( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a51(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void store_block_fa_902(uint64x2_t (*a)[5U], + Eurydice_slice b[2U]) { + store_block_2f2(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_902(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_902(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_last_701( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a51(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_592(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, ret); + absorb_block_451(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe3(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e71(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)144U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f2(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)144U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d2(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_701(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_592(uu____0, out); } /** @@ -97,9 +2900,421 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( */ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[28U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e2(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void load_block_3c3(uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void load_block_fa_0f2(uint64x2_t (*a)[5U], + Eurydice_slice b[2U]) { + uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c3(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void absorb_block_452( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f2(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void load_block_full_3e3(uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c3(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void load_block_full_fa_073(uint64x2_t (*a)[5U], + uint8_t b[2U][200U]) { + uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e3(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe4( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)104U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_073(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void store_block_2f3(uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void store_block_full_9a2(uint64x2_t (*s)[5U], + uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f3(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a52(uint64x2_t (*a)[5U], + uint8_t ret[2U][200U]) { + store_block_full_9a2(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e72( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a52(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void store_block_fa_903(uint64x2_t (*a)[5U], + Eurydice_slice b[2U]) { + store_block_2f3(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_903(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_903(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_last_702( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a52(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_593(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, ret); + absorb_block_452(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe4(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e72(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)104U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f3(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)104U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d3(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_702(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_593(uu____0, out); } /** @@ -107,7 +3322,10 @@ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, */ KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[48U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e3(uu____0, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index f3ed82378..6a6a9be26 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_sha3_neon_H @@ -20,8 +20,19 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_arm64.h" +#include "libcrux_core.h" #include "libcrux_sha3_internal.h" +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- $2size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { + uint64x2_t st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_fc; + /** A portable SHA3 512 implementation. */ @@ -40,21 +51,17 @@ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; -} libcrux_sha3_neon_x2_incremental_KeccakState; - /** Initialise the `KeccakState2`. */ -libcrux_sha3_neon_x2_incremental_KeccakState +libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_shake128_init(void); /** Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. */ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, Eurydice_slice data1); /** @@ -62,7 +69,7 @@ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( [`KeccakState`] and return the output in `out0` and `out1`. */ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1); /** @@ -70,7 +77,7 @@ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( [`KeccakState`] and return the output in `out0` and `out1`. */ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1); /** From 5b5b44c0d2000609e5ada7fcba3ef47a3486259d Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 13 Aug 2024 11:15:57 +0200 Subject: [PATCH 041/172] Remove feature gated import --- libcrux-sha3/src/lib.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index 77d7edc9e..e4f7e33bc 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -936,7 +936,6 @@ pub mod avx2 { absorb_final, squeeze_first_three_blocks, squeeze_next_block, KeccakState as GenericState, }; - #[cfg(not(feature = "simd128"))] use crate::generic_keccak::{squeeze_first_block, squeeze_first_five_blocks}; #[cfg(feature = "simd256")] use libcrux_intrinsics::avx2::*; From 2254679b1f78d1cfe96de9ef4ae8e76fee62f07e Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 13 Aug 2024 11:16:14 +0200 Subject: [PATCH 042/172] Re-extract C code --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 2 +- .../c/internal/libcrux_mlkem_avx2.h | 2 +- .../c/internal/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 2 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- libcrux-ml-kem/cg/code_gen.txt | 16 +- libcrux-ml-kem/cg/libcrux_core.h | 93 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 16 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 796 +++++---- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 796 +++++---- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 162 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 1530 +++++++++-------- 42 files changed, 1740 insertions(+), 1739 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index ed4031a66..2dcd66593 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 53530427db2941ce784201e64086766504bc5642 Eurydice: 67f4341506300372fba9cb8de070234935839cb7 Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b +Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 4bc851d3a..211cc9909 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index f41caea25..c58274b2d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 8b6216c52..f804b6fe9 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 6ba5c1c5a..266d7b1d9 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 7d482178e..492806c01 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 2bc219382..b7b2bdd9c 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 7b5489d26..f996275c2 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 9750decec..e49671d22 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 7f952db2c..06fd29c23 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 0e3c70709..b998cf7b5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 6eb5a1a2e..797d91e73 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 1b8ba4b09..da8c23ac8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index d4744ee19..09650596b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 4d6126687..097a45d9c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 0cf11b9ec..5c4f38c2a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 966f68825..fa6dad06e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 375cf7658..b8f2d5f1d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 8e5e83c23..44d618b81 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 2cafaad7f..ab26b8bb2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 769413234..72c54b633 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index f0b672a25..2f467bcf6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index b584bd6b1..210560026 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 6c6b07509..33f6d76d2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #include "internal/libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index e6611d880..8790d8b38 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 822829286..3fe183665 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index dfa2e263c..1d6f5431b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 59e3ce3dc..af39cb43a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 23a861f27..ba9e8f0f0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 2cf0c5f5f..c68ecc2de 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 45a196746..f55c62960 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index dea53655e..57c0cf3a9 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index fdff76708..bd4b21e2f 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 90ac7373e..1addd0b44 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index cdadc54a2..faf3b6790 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: d50e2a062a09bf85430e82d1d8b7c210d9458d0b + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index d5d5436ed..2dcd66593 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,14 +1,6 @@ This code was generated with the following revisions: -<<<<<<< HEAD -Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba -Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e -Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 +Charon: 53530427db2941ce784201e64086766504bc5642 +Eurydice: 67f4341506300372fba9cb8de070234935839cb7 +Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a -======= -Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 -Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 -Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 -F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f ->>>>>>> main +Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 477334759..91e226a7f 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a -======= - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f ->>>>>>> main + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_core_H @@ -41,7 +33,7 @@ typedef struct core_ops_range_Range_b3_s { #define core_result_Ok 0 #define core_result_Err 1 -typedef uint8_t core_result_Result_____core_fmt_Error_tags; +typedef uint8_t core_result_Result_86_tags; #define core_option_None 0 #define core_option_Some 1 @@ -91,24 +83,13 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t snd[1184U]; } libcrux_ml_kem_utils_extraction_helper_Keypair768; -<<<<<<< HEAD -typedef struct - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s { - core_result_Result_____core_fmt_Error_tags tag; -======= -#define core_result_Ok 0 -#define core_result_Err 1 - -typedef uint8_t core_result_Result_6f_tags; - /** A monomorphic instance of core.result.Result with types uint8_t[24size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_6f_s { - core_result_Result_6f_tags tag; ->>>>>>> main + core_result_Result_86_tags tag; union { uint8_t case_Ok[24U]; core_array_TryFromSliceError case_Err; @@ -136,19 +117,13 @@ static inline void core_result_unwrap_41_1c(core_result_Result_6f self, } } -<<<<<<< HEAD -typedef struct - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError_s { - core_result_Result_____core_fmt_Error_tags tag; -======= /** A monomorphic instance of core.result.Result with types uint8_t[20size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_7a_s { - core_result_Result_6f_tags tag; ->>>>>>> main + core_result_Result_86_tags tag; union { uint8_t case_Ok[20U]; core_array_TryFromSliceError case_Err; @@ -176,19 +151,13 @@ static inline void core_result_unwrap_41_34(core_result_Result_7a self, } } -<<<<<<< HEAD -typedef struct - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError_s { - core_result_Result_____core_fmt_Error_tags tag; -======= /** A monomorphic instance of core.result.Result with types uint8_t[10size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_cd_s { - core_result_Result_6f_tags tag; ->>>>>>> main + core_result_Result_86_tags tag; union { uint8_t case_Ok[10U]; core_array_TryFromSliceError case_Err; @@ -252,7 +221,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_8a( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_87( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -267,7 +236,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_b6_4c(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_b6_a3(uint8_t value[1184U]) { uint8_t uu____0[1184U]; memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; @@ -300,7 +269,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_c9(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_17_eb(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -316,7 +285,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_05_a7(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_05_70(uint8_t value[2400U]) { uint8_t uu____0[2400U]; memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; @@ -345,7 +314,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_f5(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_10(uint8_t value[1088U]) { uint8_t uu____0[1088U]; memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; @@ -361,7 +330,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( +static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_3b( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -371,7 +340,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea2( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -384,19 +353,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } -<<<<<<< HEAD -typedef struct - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_s { - core_result_Result_____core_fmt_Error_tags tag; -======= /** A monomorphic instance of core.result.Result with types uint8_t[32size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_00_s { - core_result_Result_6f_tags tag; ->>>>>>> main + core_result_Result_86_tags tag; union { uint8_t case_Ok[32U]; core_array_TryFromSliceError case_Err; @@ -429,7 +392,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea1( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -451,7 +414,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_47( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_39( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); @@ -462,7 +425,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea0( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -480,7 +443,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -493,19 +456,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -<<<<<<< HEAD -typedef struct - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_s { - core_result_Result_____core_fmt_Error_tags tag; -======= /** A monomorphic instance of core.result.Result with types int16_t[16size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_c0_s { - core_result_Result_6f_tags tag; ->>>>>>> main + core_result_Result_86_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; @@ -533,19 +490,13 @@ static inline void core_result_unwrap_41_f9(core_result_Result_c0 self, } } -<<<<<<< HEAD -typedef struct - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s { - core_result_Result_____core_fmt_Error_tags tag; -======= /** A monomorphic instance of core.result.Result with types uint8_t[8size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_56_s { - core_result_Result_6f_tags tag; ->>>>>>> main + core_result_Result_86_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index a297b2268..249704425 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a -======= - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f ->>>>>>> main + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index f79e1bd9a..e9805d28d 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a -======= - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f ->>>>>>> main + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_mlkem768_avx2_H @@ -1403,7 +1395,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_89_d5(void) { +libcrux_ml_kem_polynomial_ZERO_89_9b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); @@ -1432,8 +1424,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_70(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_63(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -1444,10 +1436,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_3e( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_e1( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -1468,12 +1460,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_40( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_38( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / @@ -1486,7 +1478,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_40( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_3e( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_e1( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1515,8 +1507,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_11(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_53(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -1527,7 +1519,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_04( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -1593,9 +1585,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_87( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_04( vector); } @@ -1607,10 +1599,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_bb( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -1622,7 +1614,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7( core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_87( coefficient); } return re; @@ -1636,7 +1628,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_040( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -1702,9 +1694,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_870( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_040( vector); } @@ -1716,10 +1708,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_ae( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_e7( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -1731,7 +1723,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_ae( core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_870( coefficient); } return re; @@ -1745,9 +1737,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_59( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_bb(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1763,7 +1755,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_3e( core_core_arch_x86___m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -1776,11 +1768,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a7(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, int16_t zeta_r) { core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_3e(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1794,7 +1786,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1807,7 +1799,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); core_core_arch_x86___m256i x = uu____0.fst; @@ -1825,7 +1817,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_b4( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_c4( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1844,7 +1836,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7c( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_2d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1866,7 +1858,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c2( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_42( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1896,7 +1888,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1913,21 +1905,21 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_09( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_41( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_c4(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_2d(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_42(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_e6(re); } /** @@ -1940,12 +1932,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_42( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( @@ -1966,10 +1958,10 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_59( u_bytes); u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u_09(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_41(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1984,7 +1976,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_041( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -2050,9 +2042,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_871( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_041( vector); } @@ -2064,10 +2056,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_00( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_dd( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -2078,7 +2070,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_00( core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_871( coefficient); } return re; @@ -2092,7 +2084,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_042( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -2158,9 +2150,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df2( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_872( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_042( vector); } @@ -2172,10 +2164,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_aa( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_8b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -2186,7 +2178,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_aa( Eurydice_slice); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df2( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_872( re.coefficients[i0]); } return re; @@ -2200,9 +2192,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c2( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_00(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_dd(serialized); } /** @@ -2217,11 +2209,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_89_48( +libcrux_ml_kem_polynomial_ntt_multiply_89_44( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2253,7 +2245,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_97( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_ce( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2276,7 +2268,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_38( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2303,7 +2295,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2326,7 +2318,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_b7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2347,14 +2339,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_0d( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, int16_t zeta_r) { core_core_arch_x86___m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_3e(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2367,7 +2359,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_78( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2382,7 +2374,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_0d( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); core_core_arch_x86___m256i x = uu____0.fst; @@ -2400,22 +2392,22 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_24( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_38(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_b7(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_e6(re); } /** @@ -2430,7 +2422,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_89_56( +libcrux_ml_kem_polynomial_subtract_reduce_89_78( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2454,21 +2446,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_d0( +libcrux_ml_kem_matrix_compute_message_e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_56(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_24(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_78(v, result); return result; } @@ -2479,7 +2471,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8( +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_fc( core_core_arch_x86___m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, core_core_arch_x86___m256i); @@ -2496,9 +2488,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_shift_right_ea_4e( +libcrux_ml_kem_vector_avx2_shift_right_ea_54( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_fc(vector); } /** @@ -2509,10 +2501,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( +libcrux_ml_kem_vector_traits_to_unsigned_representative_d2( core_core_arch_x86___m256i a) { core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_shift_right_ea_4e(a); + libcrux_ml_kem_vector_avx2_shift_right_ea_54(a); core_core_arch_x86___m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2527,13 +2519,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_4a( +libcrux_ml_kem_serialize_compress_then_serialize_message_69( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + libcrux_ml_kem_vector_traits_to_unsigned_representative_d2( re.coefficients[i0]); core_core_arch_x86___m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); @@ -2561,21 +2553,21 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_8a( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_42(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c2( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_d0(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_e0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_4a(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_69(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2590,11 +2582,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_b1(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_40(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_40(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_38(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -2605,7 +2597,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_b1(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_8a(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2620,7 +2612,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_68( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_e1( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -2631,7 +2623,7 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_42( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_45( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -2651,9 +2643,9 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_42(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_45(input, ret); } /** @@ -2665,9 +2657,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_23( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -2678,10 +2670,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_7f( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -2707,12 +2699,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_49( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -2725,7 +2717,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_7f( ring_element); deserialized_pk[i0] = uu____0; } @@ -2742,8 +2734,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_a6(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_11(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -2753,10 +2745,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_b8( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_b9( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } } @@ -2770,7 +2762,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_4d( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_b4( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); @@ -2794,11 +2786,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_ca( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_cf( uint8_t input[3U][34U]) { uint8_t uu____0[3U][34U]; memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_4d(uu____0); + return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_b4(uu____0); } /** @@ -2809,7 +2801,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_6b( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_98( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -2845,9 +2837,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_4d( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_c0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_6b(self, + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_98(self, ret); } @@ -2860,7 +2852,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f9( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2903,7 +2895,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_1b( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_aa( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -2938,9 +2930,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_5a( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_a3( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_1b(self, ret); + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_aa(self, ret); } /** @@ -2952,7 +2944,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f90( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3000,9 +2992,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_89_46(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3022,8 +3014,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_79(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_10( +libcrux_ml_kem_sampling_sample_from_xof_closure_19(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_46( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -3035,7 +3027,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_af( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -3043,24 +3035,24 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_ca(uu____0); + libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_cf(uu____0); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_4d( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_c0( &xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f9( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_5a( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_a3( &xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f90( uu____2, sampled_coefficients, out); } } @@ -3068,7 +3060,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_79(uu____3[i]); + ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_19(uu____3[i]); } memcpy( ret, ret0, @@ -3082,12 +3074,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ac( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_b8(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_b9(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -3105,7 +3097,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_b0(uu____1, sampled); + libcrux_ml_kem_sampling_sample_from_xof_af(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -3162,8 +3154,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_aa(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_d3(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -3173,7 +3165,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_1c( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_66( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -3212,9 +3204,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_a1( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_avx2_PRFxN_1c(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRFxN_66(input, ret); } /** @@ -3225,7 +3217,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ee( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3262,7 +3254,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( + return libcrux_ml_kem_polynomial_from_i16_array_89_46(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -3274,7 +3266,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_c4( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3310,7 +3302,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( + return libcrux_ml_kem_polynomial_from_i16_array_89_46(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -3322,9 +3314,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ee( randomness); } @@ -3335,7 +3327,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_45( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_fd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3358,20 +3350,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_45(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_fd(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_c4(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_2d(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_42(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_e6(re); } /** @@ -3384,11 +3376,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3402,15 +3394,15 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_a1(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b2(&re_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; memcpy( @@ -3434,8 +3426,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_8f(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_5d(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -3448,11 +3440,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_c0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3466,11 +3458,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_a1(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1; @@ -3493,7 +3485,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_420( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_450( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -3513,9 +3505,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd0( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_420(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_450(input, ret); } /** @@ -3526,8 +3518,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_ee(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_matrix_compute_vector_u_closure_e5(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -3541,7 +3533,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_91( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_42( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3563,14 +3555,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( @@ -3593,12 +3585,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_89_44(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_91(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_24(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_42(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3613,7 +3605,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_decompress_1_91(core_core_arch_x86___m256i v) { +libcrux_ml_kem_vector_traits_decompress_1_22(core_core_arch_x86___m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3628,10 +3620,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_5a( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient_compressed = @@ -3639,7 +3631,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_91(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_22(coefficient_compressed); } return re; } @@ -3656,7 +3648,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_07( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3684,22 +3676,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_71( +libcrux_ml_kem_matrix_compute_ring_element_v_af( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_24(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_07( error_2, message, result); return result; } @@ -3712,7 +3704,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f1( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -3780,8 +3772,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_98(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( +libcrux_ml_kem_vector_avx2_compress_ea_44(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f1( vector); } @@ -3793,15 +3785,15 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_2f( +libcrux_ml_kem_serialize_compress_then_serialize_10_b2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_98( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + libcrux_ml_kem_vector_avx2_compress_ea_44( + libcrux_ml_kem_vector_traits_to_unsigned_representative_d2( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); @@ -3824,7 +3816,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f10( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -3892,8 +3884,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_980(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( +libcrux_ml_kem_vector_avx2_compress_ea_440(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f10( vector); } @@ -3905,15 +3897,15 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_d1( +libcrux_ml_kem_serialize_compress_then_serialize_11_49( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_980( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + libcrux_ml_kem_vector_avx2_compress_ea_440( + libcrux_ml_kem_vector_traits_to_unsigned_representative_d2( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); @@ -3937,10 +3929,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_36( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_2f(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_b2(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3954,7 +3946,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3972,7 +3964,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_36(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, @@ -3989,7 +3981,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f11( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -4057,8 +4049,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_981(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( +libcrux_ml_kem_vector_avx2_compress_ea_441(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f11( vector); } @@ -4070,15 +4062,15 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_b7( +libcrux_ml_kem_serialize_compress_then_serialize_4_5a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_981( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + libcrux_ml_kem_vector_avx2_compress_ea_441( + libcrux_ml_kem_vector_traits_to_unsigned_representative_d2( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); @@ -4099,7 +4091,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f12( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -4167,8 +4159,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_982(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( +libcrux_ml_kem_vector_avx2_compress_ea_442(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f12( vector); } @@ -4180,15 +4172,15 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_35( +libcrux_ml_kem_serialize_compress_then_serialize_5_a4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficients = - libcrux_ml_kem_vector_avx2_compress_ea_982( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + libcrux_ml_kem_vector_avx2_compress_ea_442( + libcrux_ml_kem_vector_traits_to_unsigned_representative_d2( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); @@ -4210,9 +4202,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_b7(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_5a(re, out); } /** @@ -4233,15 +4225,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_d2( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____0, 0U); + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -4249,7 +4241,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_c0( uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4258,33 +4250,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_00(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_7e(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_serialize_deserialize_then_decompress_message_5a(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_71( + libcrux_ml_kem_matrix_compute_ring_element_v_af( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c5( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3c( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -4309,12 +4301,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_fb(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_35(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_49( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -4322,8 +4314,8 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_fb(Eurydice_slice public_key, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_a2(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_ac(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -4353,7 +4345,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_fb(Eurydice_slice public_key, uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_d2(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -4370,7 +4362,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_da( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_53( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -4403,7 +4395,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_be( +static inline void libcrux_ml_kem_ind_cca_decapsulate_50( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -4422,10 +4414,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_40(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -4434,7 +4426,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_e1( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -4444,32 +4436,32 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_39(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_35(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da( + libcrux_ml_kem_ind_cca_kdf_43_53( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_43_53(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_39(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -4501,17 +4493,17 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_73( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_15( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_be(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_50(private_key, ciphertext, ret); } KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_73(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_15(private_key, ciphertext, ret); } @@ -4571,14 +4563,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_d3( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_8a( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -4590,7 +4582,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_e1( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4600,7 +4592,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_ea0( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -4609,9 +4601,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_39(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = @@ -4619,11 +4611,11 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_d2(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_39(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -4658,17 +4650,17 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_82( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_6a( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_10(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_d3(key_pair, ciphertext, ret); } KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_82( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_6a( private_key, ciphertext, ret); } @@ -4683,7 +4675,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_e6( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -4702,7 +4694,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_65( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -4727,15 +4719,15 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_01( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_e6( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -4743,9 +4735,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_cb_3b(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -4753,7 +4745,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_e1( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4763,19 +4755,19 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_35(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_10(uu____4); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_53(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; @@ -4805,13 +4797,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2d( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_a0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_01(uu____0, uu____1); } KRML_ATTRIBUTE_TARGET("avx2") @@ -4821,7 +4813,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2d(uu____0, + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_a0(uu____0, uu____1); } @@ -4844,11 +4836,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_54( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -4860,7 +4852,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_e1( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4874,7 +4866,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_d2(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -4884,7 +4876,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_10(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -4913,14 +4905,14 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_2e( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_99( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_54(uu____0, uu____1); } KRML_ATTRIBUTE_TARGET("avx2") @@ -4931,7 +4923,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_2e( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_99( uu____0, uu____1); } @@ -4956,8 +4948,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_66(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_dc(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -4968,7 +4960,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_standard_domain_42( +libcrux_ml_kem_vector_traits_to_standard_domain_c8( core_core_arch_x86___m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -4986,14 +4978,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_06( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_42( + libcrux_ml_kem_vector_traits_to_standard_domain_c8( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, @@ -5008,14 +5000,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_58( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( @@ -5039,12 +5031,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_89_44(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_06( &result[i1], &error_as_ntt[i1]); } memcpy( @@ -5061,10 +5053,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_65( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); + libcrux_ml_kem_hash_functions_avx2_G_a9_e1(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5072,15 +5064,15 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_a2(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_ac(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____1, 0U); + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5091,12 +5083,12 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____3, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(uu____3, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_f0(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_58(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; @@ -5140,14 +5132,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_af( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + libcrux_ml_kem_vector_traits_to_unsigned_representative_d2( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); @@ -5170,7 +5162,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_7f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5189,7 +5181,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_af(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -5207,7 +5199,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d0( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_94( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -5215,7 +5207,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d0( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_7f(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -5241,19 +5233,19 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_e3(Eurydice_slice key_generation_seed) { tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_65(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + libcrux_ml_kem_ind_cpa_serialize_public_key_94( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_7f(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1152U]; memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); @@ -5273,7 +5265,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f6( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5302,7 +5294,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65(public_key, ret0); + libcrux_ml_kem_hash_functions_avx2_H_a9_a1(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -5335,7 +5327,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_99(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5345,13 +5337,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_e1(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_e3(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f6( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -5360,12 +5352,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); + libcrux_ml_kem_types_from_05_70(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); + return libcrux_ml_kem_types_from_17_eb( + uu____2, libcrux_ml_kem_types_from_b6_a3(uu____3)); } /** @@ -5381,11 +5373,11 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_d6( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_99(uu____0); } KRML_ATTRIBUTE_TARGET("avx2") @@ -5393,7 +5385,7 @@ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_d6( uu____0); } @@ -5412,8 +5404,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_fb(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_e7(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -5430,10 +5422,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_7b( +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_c2( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } } @@ -5449,7 +5441,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_d5_25( +libcrux_ml_kem_polynomial_clone_d5_62( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; core_core_arch_x86___m256i ret[16U]; @@ -5474,7 +5466,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_ce(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5483,7 +5475,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_65( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; @@ -5491,14 +5483,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_7b(i, A[i]); + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_c2(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_25(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_62(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5510,13 +5502,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + libcrux_ml_kem_ind_cpa_serialize_public_key_94( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); @@ -5559,11 +5551,11 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_ed( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_08( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_ce(uu____0); } KRML_ATTRIBUTE_TARGET("avx2") @@ -5572,7 +5564,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_ed( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_08( uu____0); } @@ -5588,18 +5580,18 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_3e( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_62( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_ea(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_8a(ciphertext), + libcrux_ml_kem_types_as_slice_d4_87(ciphertext), uint8_t, Eurydice_slice), ret0); core_slice___Slice_T___copy_from_slice( @@ -5607,7 +5599,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_3e( Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); @@ -5636,7 +5628,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_500( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -5655,10 +5647,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_40(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -5667,7 +5659,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_e1( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -5677,32 +5669,32 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_39(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_35(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e( + libcrux_ml_kem_ind_cca_kdf_6c_62( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_6c_62(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_39(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -5735,17 +5727,17 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_fd( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_11( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_be0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_500(private_key, ciphertext, ret); } KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_fd( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_11( private_key, ciphertext, ret); } @@ -5760,9 +5752,9 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_5a( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H_a9_65(randomness, ret); + libcrux_ml_kem_hash_functions_avx2_H_a9_a1(randomness, ret); } /** @@ -5785,15 +5777,15 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_010( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_5a( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -5801,9 +5793,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_cb_3b(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -5811,7 +5803,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_e1( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5821,19 +5813,19 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_35(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_10(uu____4); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_62(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; @@ -5863,13 +5855,13 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0f( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_11( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_010(uu____0, uu____1); } KRML_ATTRIBUTE_TARGET("avx2") @@ -5879,7 +5871,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0f( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_11( uu____0, uu____1); } @@ -5892,9 +5884,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c00( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_230( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -5906,12 +5898,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_490( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -5924,7 +5916,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_7f( ring_element); deserialized_pk[i0] = uu____0; } @@ -5942,16 +5934,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_cf( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_6c( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_490( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + libcrux_ml_kem_ind_cpa_serialize_public_key_94( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -5970,9 +5962,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_aa( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_6c(public_key); } KRML_ATTRIBUTE_TARGET("avx2") @@ -5980,7 +5972,7 @@ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_aa( public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 7ac41e5cc..aeefc6f61 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a -======= - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f ->>>>>>> main + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_mlkem768_portable_H @@ -2448,7 +2440,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_89_39(void) { +libcrux_ml_kem_polynomial_ZERO_89_8d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2476,8 +2468,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_17(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_d2(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -2487,10 +2479,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_59( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -2512,12 +2504,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_a9( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / @@ -2530,7 +2522,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_59( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2c( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2558,8 +2550,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_34(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_1f(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -2569,7 +2561,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_05( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2594,9 +2586,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_83( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_05( v); } @@ -2607,10 +2599,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_a8( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -2622,7 +2614,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_83( coefficient); re.coefficients[i0] = uu____0; } @@ -2636,7 +2628,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_050( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2661,9 +2653,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_830( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_050( v); } @@ -2674,10 +2666,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_64( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_e9( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -2689,7 +2681,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_64( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_830( coefficient); re.coefficients[i0] = uu____0; } @@ -2703,9 +2695,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f4( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_24( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_a8(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2720,7 +2712,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2734,12 +2726,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2753,7 +2745,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2766,7 +2758,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2783,7 +2775,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_34( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_a6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2803,7 +2795,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_23( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2826,7 +2818,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_43( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2857,7 +2849,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2875,21 +2867,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_65( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_86( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_a6(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_23(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_43(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_61(re); } /** @@ -2901,12 +2893,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_18( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( @@ -2927,10 +2919,10 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f4( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_24( u_bytes); u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u_65(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_86(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2944,7 +2936,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_051( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2969,9 +2961,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_831( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_051( v); } @@ -2982,10 +2974,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_ff( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -2996,7 +2988,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_831( coefficient); re.coefficients[i0] = uu____0; } @@ -3010,7 +3002,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_052( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3035,9 +3027,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_832( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_052( v); } @@ -3048,10 +3040,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_93( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_55( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -3064,7 +3056,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_93( libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_832( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3078,9 +3070,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f7( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e6( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_ff(serialized); } /** @@ -3094,11 +3086,11 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_89_d5( +libcrux_ml_kem_polynomial_ntt_multiply_89_17( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3131,7 +3123,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_93( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3157,7 +3149,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_13( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3184,7 +3176,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_cd( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3207,7 +3199,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_74( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3229,7 +3221,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_bf( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3237,7 +3229,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3250,7 +3242,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_52( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3265,7 +3257,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_bf( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3282,22 +3274,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_13(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_cd(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_74(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_61(re); } /** @@ -3311,7 +3303,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_79( +libcrux_ml_kem_polynomial_subtract_reduce_89_4f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3337,21 +3329,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_b8( +libcrux_ml_kem_matrix_compute_message_00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_79(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_4f(v, result); return result; } @@ -3361,7 +3353,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_68( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3381,9 +3373,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_4b( +libcrux_ml_kem_vector_portable_shift_right_0d_f2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_68(v); } /** @@ -3393,10 +3385,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_78( +libcrux_ml_kem_vector_traits_to_unsigned_representative_e5( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_4b(a); + libcrux_ml_kem_vector_portable_shift_right_0d_f2(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3410,13 +3402,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_fb( +libcrux_ml_kem_serialize_compress_then_serialize_message_ad( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_traits_to_unsigned_representative_e5( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3445,21 +3437,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_41( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_bd( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_18(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f7( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e6( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_b8(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_00(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_fb(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_ad(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3473,11 +3465,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_39(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_16(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_29(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_a9(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -3488,7 +3480,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_39(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_41(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_bd(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3502,7 +3494,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_b6( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_e4( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -3512,7 +3504,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_2b( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -3531,9 +3523,9 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_04( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_3a(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_2b(input, ret); } /** @@ -3544,9 +3536,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_06( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_0a( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -3556,10 +3548,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_a4( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -3585,12 +3577,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1d( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -3603,7 +3595,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_a4( ring_element); deserialized_pk[i0] = uu____0; } @@ -3620,8 +3612,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_25(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_2a(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -3631,10 +3623,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_e8( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_08( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } } @@ -3653,7 +3645,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_75( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_b7( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3685,11 +3677,11 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_11( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_8c( uint8_t input[3U][34U]) { uint8_t uu____0[3U][34U]; memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_75( + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_b7( uu____0); } @@ -3700,7 +3692,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_10( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_ca( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; @@ -3725,10 +3717,10 @@ const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_4e( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_69( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_10(self, + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_ca(self, ret); } @@ -3740,7 +3732,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_2c( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3783,7 +3775,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_ed( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_dd( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; @@ -3808,10 +3800,10 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_c1( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_60( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_ed(self, ret); + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_dd(self, ret); } /** @@ -3822,7 +3814,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_2c0( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3869,9 +3861,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_89_ca(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3893,8 +3885,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_99(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_6b( +libcrux_ml_kem_sampling_sample_from_xof_closure_2f(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_ca( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -3906,7 +3898,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_d4( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -3914,25 +3906,25 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_11( + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_8c( uu____0); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_4e( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_69( &xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_2c( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_c1( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_60( &xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_2c0( uu____2, sampled_coefficients, out); } } @@ -3940,7 +3932,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_99(uu____3[i]); + ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_2f(uu____3[i]); } memcpy( ret, ret0, @@ -3954,12 +3946,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_05( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_e8(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_08(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -3977,7 +3969,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_2b(uu____1, sampled); + libcrux_ml_kem_sampling_sample_from_xof_d4(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -4034,8 +4026,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_56(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_71(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -4044,7 +4036,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_1d( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_c5( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4067,9 +4059,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_1d(input, ret); + libcrux_ml_kem_hash_functions_portable_PRFxN_c5(input, ret); } /** @@ -4079,7 +4071,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_52( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4116,7 +4108,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( + return libcrux_ml_kem_polynomial_from_i16_array_89_ca(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -4127,7 +4119,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_b0( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4163,7 +4155,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( + return libcrux_ml_kem_polynomial_from_i16_array_89_ca(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -4174,9 +4166,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_52( randomness); } @@ -4186,7 +4178,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_09( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4210,20 +4202,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_28( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_13(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_09(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_a6(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_23(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_43(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_61(re); } /** @@ -4236,11 +4228,11 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4254,15 +4246,15 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_28(&re_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( @@ -4286,8 +4278,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_da(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_74(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -4300,11 +4292,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_bf(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4318,11 +4310,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1; @@ -4344,7 +4336,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_2b0( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -4363,9 +4355,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_040( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_3a0(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_2b0(input, ret); } /** @@ -4375,8 +4367,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_79(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_compute_vector_u_closure_c1(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -4389,7 +4381,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_08( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_53( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4413,14 +4405,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( @@ -4443,12 +4435,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_89_17(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_08(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_53(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4462,7 +4454,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_89( +libcrux_ml_kem_vector_traits_decompress_1_9f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4477,10 +4469,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_c0( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4490,7 +4482,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_89(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_9f(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4507,7 +4499,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4537,22 +4529,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_1f( +libcrux_ml_kem_matrix_compute_ring_element_v_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_60( error_2, message, result); return result; } @@ -4563,7 +4555,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be( +libcrux_ml_kem_vector_portable_compress_compress_13( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4586,9 +4578,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_31( +libcrux_ml_kem_vector_portable_compress_0d_99( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be(v); + return libcrux_ml_kem_vector_portable_compress_compress_13(v); } /** @@ -4598,15 +4590,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_3b( +libcrux_ml_kem_serialize_compress_then_serialize_10_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_31( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_99( + libcrux_ml_kem_vector_traits_to_unsigned_representative_e5( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4627,7 +4619,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be0( +libcrux_ml_kem_vector_portable_compress_compress_130( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4650,9 +4642,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_310( +libcrux_ml_kem_vector_portable_compress_0d_990( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be0(v); + return libcrux_ml_kem_vector_portable_compress_compress_130(v); } /** @@ -4662,15 +4654,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_e1( +libcrux_ml_kem_serialize_compress_then_serialize_11_51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_310( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_990( + libcrux_ml_kem_vector_traits_to_unsigned_representative_e5( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4693,10 +4685,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_42( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_3b(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_7b(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4709,7 +4701,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4727,7 +4719,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_42(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, @@ -4742,7 +4734,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be1( +libcrux_ml_kem_vector_portable_compress_compress_131( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4765,9 +4757,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_311( +libcrux_ml_kem_vector_portable_compress_0d_991( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be1(v); + return libcrux_ml_kem_vector_portable_compress_compress_131(v); } /** @@ -4777,15 +4769,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_e5( +libcrux_ml_kem_serialize_compress_then_serialize_4_59( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_311( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_991( + libcrux_ml_kem_vector_traits_to_unsigned_representative_e5( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4804,7 +4796,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be2( +libcrux_ml_kem_vector_portable_compress_compress_132( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4827,9 +4819,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_312( +libcrux_ml_kem_vector_portable_compress_0d_992( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be2(v); + return libcrux_ml_kem_vector_portable_compress_compress_132(v); } /** @@ -4839,15 +4831,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_a3( +libcrux_ml_kem_serialize_compress_then_serialize_5_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_312( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_992( + libcrux_ml_kem_vector_traits_to_unsigned_representative_e5( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -4868,9 +4860,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_1d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_e5(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_59(re, out); } /** @@ -4891,15 +4883,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_84( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____0, 0U); + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -4907,7 +4899,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_bf( uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -4916,33 +4908,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_040( + libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_a1(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_11(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6(uu____4); + libcrux_ml_kem_serialize_deserialize_then_decompress_message_c0(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_1f( + libcrux_ml_kem_matrix_compute_ring_element_v_d8( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e7( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_1d( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -4967,12 +4959,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_aa(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1d( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -4980,8 +4972,8 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_23(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_05(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -5011,7 +5003,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_84(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -5027,7 +5019,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_cc( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_ad( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -5059,7 +5051,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_88( +static inline void libcrux_ml_kem_ind_cca_decapsulate_f2( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -5078,10 +5070,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_39(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_16(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -5090,7 +5082,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_e4( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -5100,32 +5092,32 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_39(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_aa(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc( + libcrux_ml_kem_ind_cca_kdf_43_ad( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_43_ad(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_39(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -5157,16 +5149,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_81( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_88(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_f2(private_key, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_81( private_key, ciphertext, ret); } @@ -5226,14 +5218,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_74( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_41( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_bd( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -5245,7 +5237,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_e4( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5255,7 +5247,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_ea0( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -5264,9 +5256,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_39(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -5274,11 +5266,11 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_84(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_39(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -5312,16 +5304,16 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_5e( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_05(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_74(key_pair, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_5e( private_key, ciphertext, ret); } @@ -5335,7 +5327,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ad( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_a0( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -5353,7 +5345,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_2e( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5377,15 +5369,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_fa( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_ad( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_a0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -5393,9 +5385,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_cb_3b(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -5403,7 +5395,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_e4( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5413,19 +5405,19 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_aa(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_10(uu____4); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_ad(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; @@ -5454,13 +5446,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_67( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_33( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_fa(uu____0, uu____1); } static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( @@ -5469,7 +5461,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_67(uu____0, + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_33(uu____0, uu____1); } @@ -5492,11 +5484,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_be( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -5508,7 +5500,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_e4( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5522,7 +5514,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_84(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -5532,7 +5524,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_10(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -5560,14 +5552,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_65( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_f4( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_57(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_be(uu____0, uu____1); } static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( @@ -5577,7 +5569,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_65( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_f4( uu____0, uu____1); } @@ -5601,8 +5593,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_ab(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_bd(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -5612,7 +5604,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_3e( +libcrux_ml_kem_vector_traits_to_standard_domain_a8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5629,7 +5621,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_22( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5637,7 +5629,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_3e( + libcrux_ml_kem_vector_traits_to_standard_domain_a8( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5653,14 +5645,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_cb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( @@ -5684,12 +5676,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_89_17(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_22( &result[i1], &error_as_ntt[i1]); } memcpy( @@ -5706,10 +5698,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_d1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_e4(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5717,15 +5709,15 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_23(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_05(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____1, 0U); + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5736,12 +5728,12 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____3, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7(uu____3, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_da(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_cb(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; @@ -5784,14 +5776,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_1d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_traits_to_unsigned_representative_e5( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5813,7 +5805,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_6d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5832,7 +5824,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_1d(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -5849,7 +5841,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_80( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_eb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -5857,7 +5849,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_80( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_6d(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -5883,19 +5875,19 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_ec(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_c5(Eurydice_slice key_generation_seed) { tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_d1(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( + libcrux_ml_kem_ind_cpa_serialize_public_key_eb( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_6d(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1152U]; memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); @@ -5914,7 +5906,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5e( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5943,7 +5935,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e(public_key, ret0); + libcrux_ml_kem_hash_functions_portable_H_f1_1a(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -5976,7 +5968,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_ef(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5986,13 +5978,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_ec(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_c5(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5e( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -6001,12 +5993,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); + libcrux_ml_kem_types_from_05_70(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); + return libcrux_ml_kem_types_from_17_eb( + uu____2, libcrux_ml_kem_types_from_b6_a3(uu____3)); } /** @@ -6022,18 +6014,18 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_21( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_ef(uu____0); } static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_21( uu____0); } @@ -6052,8 +6044,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_34(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_d0(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -6070,10 +6062,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_48( +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_58( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } } @@ -6088,7 +6080,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_d5_5e( +libcrux_ml_kem_polynomial_clone_d5_5f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6115,7 +6107,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_bc(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6124,7 +6116,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_d1( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -6132,14 +6124,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_48(i, A[i]); + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_58(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_5e(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_5f(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6151,13 +6143,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( + libcrux_ml_kem_ind_cpa_serialize_public_key_eb( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); @@ -6199,11 +6191,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_6d( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_bc(uu____0); } static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 @@ -6211,7 +6203,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_6d( uu____0); } @@ -6226,18 +6218,18 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_72( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_c4( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_ea(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_8a(ciphertext), + libcrux_ml_kem_types_as_slice_d4_87(ciphertext), uint8_t, Eurydice_slice), ret0); core_slice___Slice_T___copy_from_slice( @@ -6245,7 +6237,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_72( Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); @@ -6273,7 +6265,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_880( +static inline void libcrux_ml_kem_ind_cca_decapsulate_f20( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -6292,10 +6284,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_39(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_16(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -6304,7 +6296,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_e4( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -6314,32 +6306,32 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_39(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_aa(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72( + libcrux_ml_kem_ind_cca_kdf_6c_c4( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_6c_c4(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_39(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -6372,16 +6364,16 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_16( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_880(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_f20(private_key, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_16( private_key, ciphertext, ret); } @@ -6395,9 +6387,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_2e( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_2e(randomness, ret); + libcrux_ml_kem_hash_functions_portable_H_f1_1a(randomness, ret); } /** @@ -6419,15 +6411,15 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_fa0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f0( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_2e( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -6435,9 +6427,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_cb_3b(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -6445,7 +6437,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_e4( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6455,19 +6447,19 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_aa(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_10(uu____4); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_c4(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; @@ -6497,13 +6489,13 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_a7( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_18( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_fa0(uu____0, uu____1); } static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( @@ -6512,7 +6504,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_a7( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_18( uu____0, uu____1); } @@ -6524,9 +6516,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_060( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_0a0( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -6537,12 +6529,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1d0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -6555,7 +6547,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_a4( ring_element); deserialized_pk[i0] = uu____0; } @@ -6572,16 +6564,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_35( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_60( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1d0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( + libcrux_ml_kem_ind_cpa_serialize_public_key_eb( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -6599,16 +6591,16 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4d( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_60(public_key); } static inline core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4d( public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 74f4899e3..a9f54c228 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a -======= - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f ->>>>>>> main + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_sha3_avx2_H @@ -249,7 +241,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -libcrux_sha3_generic_keccak_new_1e_16(void) { +libcrux_sha3_generic_keccak_new_1e_bf(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); @@ -433,10 +425,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_65( core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; Eurydice_slice uu____1[4U]; @@ -1563,7 +1555,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_74( libcrux_sha3_generic_keccak_KeccakState_29 *s) { core_core_arch_x86___m256i c[5U] = { libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], @@ -1684,7 +1676,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_01( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_35( libcrux_sha3_generic_keccak_KeccakState_29 *s) { core_core_arch_x86___m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); @@ -1721,7 +1713,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_9b( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_09( libcrux_sha3_generic_keccak_KeccakState_29 *s) { core_core_arch_x86___m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); @@ -1743,7 +1735,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_5b( libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1756,14 +1748,14 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_07( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_f8( libcrux_sha3_generic_keccak_KeccakState_29 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_71(s); - libcrux_sha3_generic_keccak_pi_01(s); - libcrux_sha3_generic_keccak_chi_9b(s); - libcrux_sha3_generic_keccak_iota_09(s, i0); + libcrux_sha3_generic_keccak_theta_rho_74(s); + libcrux_sha3_generic_keccak_pi_35(s); + libcrux_sha3_generic_keccak_chi_09(s); + libcrux_sha3_generic_keccak_iota_5b(s, i0); } } @@ -1775,13 +1767,13 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_37( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_1d( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { core_core_arch_x86___m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_ef_6a(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_load_block_ef_65(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_f8(s); } /** @@ -1810,10 +1802,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_e9( core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; uint8_t uu____1[4U][200U]; @@ -1830,7 +1822,7 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_d9( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1850,8 +1842,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( core_core_arch_x86___m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_05(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_load_block_full_ef_e9(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_f8(s); } /** @@ -2042,10 +2034,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_99( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_43( core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { libcrux_sha3_simd_avx2_store_block_full_0b(a, ret); } @@ -2059,10 +2051,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_a4( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c54( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_99(s->st, b); + libcrux_sha3_simd_avx2_store_block_full_ef_43(s->st, b); for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2085,10 +2077,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f6( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_58( core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { libcrux_sha3_simd_avx2_store_block_e9(a, b); } @@ -2101,9 +2093,9 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e9( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_9b( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); + libcrux_sha3_simd_avx2_store_block_ef_58(s->st, out); } /** @@ -2114,10 +2106,10 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_b4( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(s); - libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_f8(s); + libcrux_sha3_simd_avx2_store_block_ef_58(s->st, out); } /** @@ -2128,11 +2120,11 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_77( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_74( libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(&s); + libcrux_sha3_generic_keccak_keccakf1600_f8(&s); uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_99(s.st, b); + libcrux_sha3_simd_avx2_store_block_full_ef_43(s.st, b); for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2157,10 +2149,10 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_4f( Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_1e_16(); + libcrux_sha3_generic_keccak_new_1e_bf(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2171,7 +2163,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_37(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_1d(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2182,12 +2174,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( libcrux_sha3_simd_avx2_slice_n_ef( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_d9(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_a4(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c54(&s, out); } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)136U); @@ -2195,7 +2187,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e9(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_9b(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2213,12 +2205,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_b4(&s, o); memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_77(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_74(s, o1); } } } @@ -2230,7 +2222,7 @@ static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_keccak_14(buf0, buf); + libcrux_sha3_generic_keccak_keccak_4f(buf0, buf); } typedef libcrux_sha3_generic_keccak_KeccakState_29 @@ -2239,7 +2231,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_29 KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return libcrux_sha3_generic_keccak_new_1e_16(); + return libcrux_sha3_generic_keccak_new_1e_bf(); } /** @@ -2415,10 +2407,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_e90( core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; uint8_t uu____1[4U][200U]; @@ -2435,7 +2427,7 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_d90( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -2455,8 +2447,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( core_core_arch_x86___m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_050(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_load_block_full_ef_e90(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_f8(s); } KRML_ATTRIBUTE_TARGET("avx2") @@ -2465,7 +2457,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e0(s, buf); + libcrux_sha3_generic_keccak_absorb_final_d90(s, buf); } /** @@ -2624,10 +2616,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f60( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_580( core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { libcrux_sha3_simd_avx2_store_block_e90(a, b); } @@ -2640,10 +2632,10 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_b40( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(s); - libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_f8(s); + libcrux_sha3_simd_avx2_store_block_ef_580(s->st, out); } KRML_ATTRIBUTE_TARGET("avx2") @@ -2652,7 +2644,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, buf); } /** @@ -2663,9 +2655,9 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e90( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_9b0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); + libcrux_sha3_simd_avx2_store_block_ef_580(s->st, out); } /** @@ -2677,7 +2669,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2685,15 +2677,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_9b0(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o2); } KRML_ATTRIBUTE_TARGET("avx2") @@ -2702,7 +2694,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(s, buf); } /** @@ -2714,7 +2706,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_69( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2722,29 +2714,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_9b0(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o1); Eurydice_slice_uint8_t_4size_t__x2 uu____2 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o2); Eurydice_slice_uint8_t_4size_t__x2 uu____3 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o4); } KRML_ATTRIBUTE_TARGET("avx2") @@ -2753,7 +2745,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_69(s, buf); } KRML_ATTRIBUTE_TARGET("avx2") @@ -2762,7 +2754,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); + libcrux_sha3_generic_keccak_absorb_final_d9(s, buf); } KRML_ATTRIBUTE_TARGET("avx2") @@ -2771,7 +2763,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_block_e9(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_9b(s, buf); } KRML_ATTRIBUTE_TARGET("avx2") @@ -2780,7 +2772,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_1c(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_b4(s, buf); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 8effaf1b5..a37ff7f18 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: 0eb8a17354fd62586cb9f7515af23f4488c2267e - * Karamel: ab466d75991f78bb7925bf97c8ee9874f67074f5 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: b2314d1e996ac7a4fbda72210b4aabbd915d282a -======= - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f ->>>>>>> main + * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 */ #ifndef __libcrux_sha3_portable_H @@ -87,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_cb(b); } /** @@ -206,7 +198,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_1e_f4(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -241,7 +233,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -268,14 +260,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b8( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_2c(uu____0, uu____1); } /** @@ -285,7 +277,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -296,9 +288,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_42(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb0(ab); } /** @@ -312,8 +304,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_42(a, b); } /** @@ -323,7 +315,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -334,9 +326,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_420(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb1(ab); } /** @@ -350,8 +342,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_420(a, b); } /** @@ -361,7 +353,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -372,9 +364,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_421(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb2(ab); } /** @@ -388,8 +380,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_421(a, b); } /** @@ -399,7 +391,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -410,9 +402,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_422(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb3(ab); } /** @@ -426,8 +418,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_422(a, b); } /** @@ -437,9 +429,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_423(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb(ab); } /** @@ -453,8 +445,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_423(a, b); } /** @@ -464,7 +456,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -475,9 +467,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_424(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb4(ab); } /** @@ -491,8 +483,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_424(a, b); } /** @@ -502,7 +494,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -513,9 +505,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_425(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb5(ab); } /** @@ -529,8 +521,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_425(a, b); } /** @@ -540,7 +532,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -551,9 +543,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_426(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb6(ab); } /** @@ -567,8 +559,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_426(a, b); } /** @@ -578,7 +570,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -589,9 +581,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_427(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb7(ab); } /** @@ -605,8 +597,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_427(a, b); } /** @@ -616,7 +608,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -627,9 +619,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_428(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb8(ab); } /** @@ -643,8 +635,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_428(a, b); } /** @@ -654,7 +646,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -665,9 +657,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_429(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb9(ab); } /** @@ -681,8 +673,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_429(a, b); } /** @@ -692,7 +684,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -703,9 +695,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4210(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb10(ab); } /** @@ -719,8 +711,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4210(a, b); } /** @@ -730,7 +722,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -741,9 +733,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4211(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb11(ab); } /** @@ -757,8 +749,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4211(a, b); } /** @@ -768,7 +760,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -779,9 +771,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4212(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb12(ab); } /** @@ -795,8 +787,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4212(a, b); } /** @@ -806,7 +798,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -817,9 +809,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4213(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb13(ab); } /** @@ -833,8 +825,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4213(a, b); } /** @@ -844,7 +836,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -855,9 +847,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4214(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb14(ab); } /** @@ -871,8 +863,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4214(a, b); } /** @@ -882,7 +874,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -893,9 +885,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4215(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb15(ab); } /** @@ -909,8 +901,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4215(a, b); } /** @@ -920,7 +912,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -931,9 +923,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4216(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb16(ab); } /** @@ -947,8 +939,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4216(a, b); } /** @@ -958,7 +950,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -969,9 +961,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4217(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb17(ab); } /** @@ -985,8 +977,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4217(a, b); } /** @@ -996,7 +988,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1007,9 +999,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4218(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb18(ab); } /** @@ -1023,8 +1015,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4218(a, b); } /** @@ -1034,7 +1026,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1045,9 +1037,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4219(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb19(ab); } /** @@ -1061,8 +1053,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4219(a, b); } /** @@ -1072,7 +1064,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1083,9 +1075,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4220(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb20(ab); } /** @@ -1099,8 +1091,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4220(a, b); } /** @@ -1110,7 +1102,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1121,9 +1113,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4221(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb21(ab); } /** @@ -1137,8 +1129,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4221(a, b); } /** @@ -1148,7 +1140,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1159,9 +1151,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4222(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb22(ab); } /** @@ -1175,8 +1167,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4222(a, b); } /** @@ -1185,7 +1177,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_16( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1221,76 +1213,76 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); uint64_t uu____4 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(s->st[1U][0U], t[0U]); s->st[1U][0U] = uu____4; uint64_t uu____5 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(s->st[2U][0U], t[0U]); s->st[2U][0U] = uu____5; uint64_t uu____6 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(s->st[3U][0U], t[0U]); s->st[3U][0U] = uu____6; uint64_t uu____7 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(s->st[4U][0U], t[0U]); s->st[4U][0U] = uu____7; uint64_t uu____8 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(s->st[0U][1U], t[1U]); s->st[0U][1U] = uu____8; uint64_t uu____9 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(s->st[1U][1U], t[1U]); s->st[1U][1U] = uu____9; uint64_t uu____10 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(s->st[2U][1U], t[1U]); s->st[2U][1U] = uu____10; uint64_t uu____11 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(s->st[3U][1U], t[1U]); s->st[3U][1U] = uu____11; uint64_t uu____12 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(s->st[4U][1U], t[1U]); s->st[4U][1U] = uu____12; uint64_t uu____13 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(s->st[0U][2U], t[2U]); s->st[0U][2U] = uu____13; uint64_t uu____14 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(s->st[1U][2U], t[2U]); s->st[1U][2U] = uu____14; uint64_t uu____15 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(s->st[2U][2U], t[2U]); s->st[2U][2U] = uu____15; uint64_t uu____16 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(s->st[3U][2U], t[2U]); s->st[3U][2U] = uu____16; uint64_t uu____17 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(s->st[4U][2U], t[2U]); s->st[4U][2U] = uu____17; uint64_t uu____18 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(s->st[0U][3U], t[3U]); s->st[0U][3U] = uu____18; uint64_t uu____19 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(s->st[1U][3U], t[3U]); s->st[1U][3U] = uu____19; uint64_t uu____20 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(s->st[2U][3U], t[3U]); s->st[2U][3U] = uu____20; uint64_t uu____21 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(s->st[3U][3U], t[3U]); s->st[3U][3U] = uu____21; uint64_t uu____22 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(s->st[4U][3U], t[3U]); s->st[4U][3U] = uu____22; uint64_t uu____23 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(s->st[0U][4U], t[4U]); s->st[0U][4U] = uu____23; uint64_t uu____24 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(s->st[1U][4U], t[4U]); s->st[1U][4U] = uu____24; uint64_t uu____25 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(s->st[2U][4U], t[4U]); s->st[2U][4U] = uu____25; uint64_t uu____26 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(s->st[3U][4U], t[4U]); s->st[3U][4U] = uu____26; uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1300,7 +1292,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_1d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1336,7 +1328,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_12( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1357,7 +1349,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_62( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1369,14 +1361,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_21( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_16(s); + libcrux_sha3_generic_keccak_pi_1d(s); + libcrux_sha3_generic_keccak_chi_12(s); + libcrux_sha3_generic_keccak_iota_62(s, i0); } } @@ -1387,13 +1379,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b8(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1401,11 +1393,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + libcrux_sha3_portable_keccak_load_block_2c(s, buf); } /** @@ -1415,14 +1407,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_df(uu____0, uu____1); } /** @@ -1433,7 +1425,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c7( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1453,8 +1445,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1483,7 +1475,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { @@ -1501,11 +1493,11 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_29( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d(a, ret); } /** @@ -1516,10 +1508,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c5( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_29(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1542,9 +1534,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_59( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_58(a, b); } @@ -1556,9 +1548,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_84( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out); } /** @@ -1568,10 +1560,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out); } /** @@ -1581,11 +1573,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_29(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1609,10 +1601,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { @@ -1623,7 +1615,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; @@ -1634,12 +1626,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_c7(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c5(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -1647,7 +1639,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_84(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1665,12 +1657,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf(s, o1); } } } @@ -1681,18 +1673,18 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(uu____0, out); + libcrux_sha3_generic_keccak_keccak_e9(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_ce(buf0, buf); } /** @@ -1700,7 +1692,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c0( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1727,14 +1719,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b80( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_2c0(uu____0, uu____1); } /** @@ -1744,13 +1736,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b80(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1758,11 +1750,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + libcrux_sha3_portable_keccak_load_block_2c0(s, buf); } /** @@ -1772,14 +1764,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d20( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_df0(uu____0, uu____1); } /** @@ -1790,7 +1782,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c70( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1810,8 +1802,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1840,7 +1832,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { @@ -1858,12 +1850,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_290(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d0(a, ret); } /** @@ -1874,10 +1866,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c50( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_290(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1900,9 +1892,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_590( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_580(a, b); } @@ -1914,9 +1906,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_840( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out); } /** @@ -1926,10 +1918,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out); } /** @@ -1939,11 +1931,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf0( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_290(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1967,10 +1959,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -1981,7 +1973,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -1992,12 +1984,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_c70(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2005,7 +1997,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2023,12 +2015,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1); } } } @@ -2039,18 +2031,18 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(uu____0, out); + libcrux_sha3_generic_keccak_keccak_e90(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_ce0(buf0, buf); } /** @@ -2061,7 +2053,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c71( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2081,8 +2073,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2093,10 +2085,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2107,7 +2099,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2118,12 +2110,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_c71(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2131,7 +2123,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2149,12 +2141,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1); } } } @@ -2165,18 +2157,18 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(uu____0, out); + libcrux_sha3_generic_keccak_keccak_e91(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_ce1(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, @@ -2245,7 +2237,7 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_f4(); } /** @@ -2253,7 +2245,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c1( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -2278,11 +2270,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); + libcrux_sha3_portable_keccak_load_block_2c1(s, buf); } /** @@ -2292,14 +2284,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d21( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_df1(uu____0, uu____1); } /** @@ -2310,7 +2302,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2330,15 +2322,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d21(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_722(s, buf); + libcrux_sha3_generic_keccak_absorb_final_c72(s, buf); } /** @@ -2369,9 +2361,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_591( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_581(a, b); } @@ -2383,17 +2375,17 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, buf); } /** @@ -2403,9 +2395,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_841( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out); } /** @@ -2416,7 +2408,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -2424,22 +2416,22 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_841(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o2); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc(s, buf); } #define libcrux_sha3_Sha224 0 @@ -2482,7 +2474,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c2( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2509,14 +2501,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b81( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_2c2(uu____0, uu____1); } /** @@ -2526,13 +2518,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b81(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2540,11 +2532,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); + libcrux_sha3_portable_keccak_load_block_2c2(s, buf); } /** @@ -2554,14 +2546,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d22( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_df2(uu____0, uu____1); } /** @@ -2572,7 +2564,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c73( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2592,8 +2584,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d22(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2622,7 +2614,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { @@ -2640,12 +2632,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_291(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d1(a, ret); } /** @@ -2656,10 +2648,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c51( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_291(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2682,9 +2674,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_592( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_582(a, b); } @@ -2696,9 +2688,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_842( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out); } /** @@ -2708,10 +2700,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out); } /** @@ -2721,11 +2713,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf1( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_291(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2749,10 +2741,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { @@ -2763,7 +2755,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df1(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; @@ -2774,12 +2766,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_c73(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c51(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2787,7 +2779,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_842(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2805,12 +2797,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf1(s, o1); } } } @@ -2821,18 +2813,18 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(uu____0, out); + libcrux_sha3_generic_keccak_keccak_e92(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_ce2(buf0, buf); } /** @@ -2840,7 +2832,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -2867,14 +2859,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b82( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_2c3(uu____0, uu____1); } /** @@ -2884,13 +2876,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b82(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2898,11 +2890,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + libcrux_sha3_portable_keccak_load_block_2c3(s, buf); } /** @@ -2912,14 +2904,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d23( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_df3(uu____0, uu____1); } /** @@ -2930,7 +2922,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c74( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2950,8 +2942,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d23(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2980,7 +2972,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { @@ -2998,12 +2990,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_292(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d2(a, ret); } /** @@ -3014,10 +3006,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c52( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_292(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3040,9 +3032,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_593( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_583(a, b); } @@ -3054,9 +3046,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_843( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out); } /** @@ -3066,10 +3058,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out); } /** @@ -3079,11 +3071,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf2( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_292(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3107,10 +3099,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { @@ -3121,7 +3113,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df2(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; @@ -3132,12 +3124,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_c74(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c52(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -3145,7 +3137,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_843(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3163,12 +3155,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc3(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf2(s, o1); } } } @@ -3179,18 +3171,18 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(uu____0, out); + libcrux_sha3_generic_keccak_keccak_e93(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); + libcrux_sha3_portable_keccakx1_ce3(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, @@ -3252,14 +3244,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b83( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_2c1(uu____0, uu____1); } /** @@ -3269,13 +3261,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b83(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -3283,7 +3275,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { @@ -3301,12 +3293,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_293(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d3(a, ret); } /** @@ -3317,10 +3309,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c53( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_293(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3343,11 +3335,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf3( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_293(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3371,10 +3363,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { @@ -3385,7 +3377,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df3(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; @@ -3396,12 +3388,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_c72(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c53(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3409,7 +3401,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_841(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3427,12 +3419,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf3(s, o1); } } } @@ -3443,18 +3435,18 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(uu____0, out); + libcrux_sha3_generic_keccak_keccak_e94(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); + libcrux_sha3_portable_keccakx1_ce4(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, @@ -3503,7 +3495,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3511,80 +3503,94 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_841(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o4); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_721(s, buf); + libcrux_sha3_generic_keccak_absorb_final_c71(s, buf); } static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_f4(); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_840(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_fc0(s, buf); } -<<<<<<< HEAD -typedef struct - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t_s { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t inner; +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState +with types uint64_t +with const generics +- $1size_t +- $136size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakXofState_4f_s { + libcrux_sha3_generic_keccak_KeccakState_48 inner; uint8_t buf[1U][136U]; size_t buf_len; bool sponge; -} libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t; +} libcrux_sha3_generic_keccak_KeccakXofState_4f; -typedef libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t +typedef libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_Shake256Absorb; -static inline size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__fill_buffer__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t - *self, +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b0( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); size_t consumed = (size_t)0U; @@ -3608,37 +3614,42 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ return consumed; } -static inline Eurydice_slice -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full_closure__uint64_t_1size_t_136size_t( - uint8_t (**state)[136U], size_t i) { - return Eurydice_array_to_slice((size_t)136U, state[0U][i], uint8_t, - Eurydice_slice); -} - -static inline size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t - *self, +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t - *uu____0 = self; + libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; Eurydice_slice uu____1[1U]; memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__fill_buffer__uint64_t_1size_t_136size_t( - uu____0, uu____1); + libcrux_sha3_generic_keccak_fill_buffer_9d_b0(uu____0, uu____1); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - borrowed[i] = Eurydice_array_to_slice((size_t)136U, self->buf[i], uint8_t, - Eurydice_slice); + uint8_t buf[136U] = {0U}; + borrowed[i] = core_array___Array_T__N__23__as_slice( + (size_t)136U, buf, uint8_t, Eurydice_slice); + } + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + borrowed[i0] = Eurydice_array_to_slice((size_t)136U, self->buf[i0], + uint8_t, Eurydice_slice); } uint64_t(*uu____2)[5U] = self->inner.st; Eurydice_slice uu____3[1U]; memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___136size_t( - uu____2, uu____3); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + libcrux_sha3_portable_keccak_load_block_5a_b80(uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); self->buf_len = (size_t)0U; } size_t input_to_consume = @@ -3651,37 +3662,40 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ Eurydice_slice uu____5[1U]; memcpy(uu____5, inputs, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak_slice_n_5a( uu____5, input_consumed + i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___136size_t( - uu____4, ret); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + libcrux_sha3_portable_keccak_load_block_5a_b80(uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); } return remainder; } -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t - *self, +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t - *uu____0 = self; + libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; Eurydice_slice uu____1[1U]; memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full__uint64_t_1size_t_136size_t( - uu____0, uu____1); + libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, uu____1); if (input_remainder_len > (size_t)0U) { size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; - Eurydice_slice uu____2 = Eurydice_array_to_subslice( - (size_t)136U, self->buf[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = self->buf_len, - .end = self->buf_len + input_remainder_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + self->buf[i0], self->buf_len, self->buf_len + input_remainder_len, + uint8_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____2, Eurydice_slice_subslice_from(inputs[i0], @@ -3693,57 +3707,57 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ } } -static inline void -libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofAbsorb_136__usize__for_libcrux_sha3__portable__incremental__Shake256Absorb__2__absorb( - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t - *self, - Eurydice_slice input) { +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for +libcrux_sha3::portable::incremental::Shake256Absorb)#2} +*/ +static inline void libcrux_sha3_portable_incremental_absorb_7d( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb__uint64_t_1size_t_136size_t( - self, buf); + libcrux_sha3_generic_keccak_absorb_9d_7b(self, buf); } -typedef libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t +typedef libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_Shake256Squeeze; -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_final__uint64_t_1size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t - *self, +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +- DELIMITER= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_25( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t - *uu____0 = self; + libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; Eurydice_slice uu____1[1U]; memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full__uint64_t_1size_t_136size_t( - uu____0, uu____1); + libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, uu____1); size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (self->buf_len > (size_t)0U) { - Eurydice_slice uu____2 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, - .end = self->buf_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, self->buf_len, uint8_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____2, - Eurydice_array_to_subslice( - (size_t)136U, self->buf[i0], - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, - .end = self->buf_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_array_to_subslice2(self->buf[i0], (size_t)0U, self->buf_len, + uint8_t, Eurydice_slice), uint8_t, void *); } if (input_remainder_len > (size_t)0U) { - Eurydice_slice uu____3 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = self->buf_len, - .end = self->buf_len + input_remainder_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + blocks[i0], self->buf_len, self->buf_len + input_remainder_len, + uint8_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____3, Eurydice_slice_subslice_from(inputs[i0], @@ -3759,24 +3773,35 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ uint64_t(*uu____6)[5U] = self->inner.st; uint8_t uu____7[1U][200U]; memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___136size_t( - uu____6, uu____7); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); } -static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t -libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofAbsorb_136__usize__for_libcrux_sha3__portable__incremental__Shake256Absorb__2__absorb_final( - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t - self, - Eurydice_slice input) { +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for +libcrux_sha3::portable::incremental::Shake256Absorb)#2} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_4f +libcrux_sha3_portable_incremental_absorb_final_7d( + libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_final__uint64_t_1size_t_136size_t_31uint8_t( - &self, buf); + libcrux_sha3_generic_keccak_absorb_final_9d_25(&self, buf); return self; } -static inline void -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__zero_block__uint64_t_1size_t_136size_t( +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline void libcrux_sha3_generic_keccak_zero_block_9d_e6( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -3916,42 +3941,69 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ ret[135U] = 0U; } -static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__new__uint64_t_1size_t_136size_t( - void) { - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t lit; - lit.inner = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_4f +libcrux_sha3_generic_keccak_new_9d_7e(void) { + libcrux_sha3_generic_keccak_KeccakXofState_4f lit; + lit.inner = libcrux_sha3_generic_keccak_new_1e_f4(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__zero_block__uint64_t_1size_t_136size_t( - ret); + libcrux_sha3_generic_keccak_zero_block_9d_e6(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; return lit; } -static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t -libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofAbsorb_136__usize__for_libcrux_sha3__portable__incremental__Shake256Absorb__2__new( - void) { - return libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__new__uint64_t_1size_t_136size_t(); +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for +libcrux_sha3::portable::incremental::Shake256Absorb)#2} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_4f +libcrux_sha3_portable_incremental_new_7d(void) { + return libcrux_sha3_generic_keccak_new_9d_7e(); } -typedef struct - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t_s { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t inner; +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState +with types uint64_t +with const generics +- $1size_t +- $168size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakXofState_78_s { + libcrux_sha3_generic_keccak_KeccakState_48 inner; uint8_t buf[1U][168U]; size_t buf_len; bool sponge; -} libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t; +} libcrux_sha3_generic_keccak_KeccakXofState_78; -typedef libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t +typedef libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_Shake128Absorb; -static inline size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__fill_buffer__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t - *self, +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b00( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); size_t consumed = (size_t)0U; @@ -3975,37 +4027,42 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ return consumed; } -static inline Eurydice_slice -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full_closure__uint64_t_1size_t_168size_t( - uint8_t (**state)[168U], size_t i) { - return Eurydice_array_to_slice((size_t)168U, state[0U][i], uint8_t, - Eurydice_slice); -} - -static inline size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t - *self, +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t - *uu____0 = self; + libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; Eurydice_slice uu____1[1U]; memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__fill_buffer__uint64_t_1size_t_168size_t( - uu____0, uu____1); + libcrux_sha3_generic_keccak_fill_buffer_9d_b00(uu____0, uu____1); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - borrowed[i] = Eurydice_array_to_slice((size_t)168U, self->buf[i], uint8_t, - Eurydice_slice); + uint8_t buf[168U] = {0U}; + borrowed[i] = core_array___Array_T__N__23__as_slice( + (size_t)168U, buf, uint8_t, Eurydice_slice); + } + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + borrowed[i0] = Eurydice_array_to_slice((size_t)168U, self->buf[i0], + uint8_t, Eurydice_slice); } uint64_t(*uu____2)[5U] = self->inner.st; Eurydice_slice uu____3[1U]; memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___168size_t( - uu____2, uu____3); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + libcrux_sha3_portable_keccak_load_block_5a_b83(uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); self->buf_len = (size_t)0U; } size_t input_to_consume = @@ -4018,37 +4075,40 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ Eurydice_slice uu____5[1U]; memcpy(uu____5, inputs, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak_slice_n_5a( uu____5, input_consumed + i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___168size_t( - uu____4, ret); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + libcrux_sha3_portable_keccak_load_block_5a_b83(uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); } return remainder; } -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t - *self, +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b0( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t - *uu____0 = self; + libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; Eurydice_slice uu____1[1U]; memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full__uint64_t_1size_t_168size_t( - uu____0, uu____1); + libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, uu____1); if (input_remainder_len > (size_t)0U) { size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; - Eurydice_slice uu____2 = Eurydice_array_to_subslice( - (size_t)168U, self->buf[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = self->buf_len, - .end = self->buf_len + input_remainder_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + self->buf[i0], self->buf_len, self->buf_len + input_remainder_len, + uint8_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____2, Eurydice_slice_subslice_from(inputs[i0], @@ -4060,57 +4120,57 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ } } -static inline void -libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofAbsorb_168__usize__for_libcrux_sha3__portable__incremental__Shake128Absorb___absorb( - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t - *self, - Eurydice_slice input) { +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for +libcrux_sha3::portable::incremental::Shake128Absorb)} +*/ +static inline void libcrux_sha3_portable_incremental_absorb_1c( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb__uint64_t_1size_t_168size_t( - self, buf); + libcrux_sha3_generic_keccak_absorb_9d_7b0(self, buf); } -typedef libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t +typedef libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_Shake128Squeeze; -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_final__uint64_t_1size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t - *self, +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +- DELIMITER= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_250( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t - *uu____0 = self; + libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; Eurydice_slice uu____1[1U]; memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_full__uint64_t_1size_t_168size_t( - uu____0, uu____1); + libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, uu____1); size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (self->buf_len > (size_t)0U) { - Eurydice_slice uu____2 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, - .end = self->buf_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, self->buf_len, uint8_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____2, - Eurydice_array_to_subslice( - (size_t)168U, self->buf[i0], - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, - .end = self->buf_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_array_to_subslice2(self->buf[i0], (size_t)0U, self->buf_len, + uint8_t, Eurydice_slice), uint8_t, void *); } if (input_remainder_len > (size_t)0U) { - Eurydice_slice uu____3 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = self->buf_len, - .end = self->buf_len + input_remainder_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + blocks[i0], self->buf_len, self->buf_len + input_remainder_len, + uint8_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____3, Eurydice_slice_subslice_from(inputs[i0], @@ -4126,24 +4186,35 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ uint64_t(*uu____6)[5U] = self->inner.st; uint8_t uu____7[1U][200U]; memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___168size_t( - uu____6, uu____7); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + libcrux_sha3_portable_keccak_load_block_full_5a_d21(uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); } -static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t -libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofAbsorb_168__usize__for_libcrux_sha3__portable__incremental__Shake128Absorb___absorb_final( - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t - self, - Eurydice_slice input) { +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for +libcrux_sha3::portable::incremental::Shake128Absorb)} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_78 +libcrux_sha3_portable_incremental_absorb_final_1c( + libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__absorb_final__uint64_t_1size_t_168size_t_31uint8_t( - &self, buf); + libcrux_sha3_generic_keccak_absorb_final_9d_250(&self, buf); return self; } -static inline void -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__zero_block__uint64_t_1size_t_168size_t( +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline void libcrux_sha3_generic_keccak_zero_block_9d_e60( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -4315,29 +4386,49 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ ret[167U] = 0U; } -static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__new__uint64_t_1size_t_168size_t( - void) { - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t lit; - lit.inner = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_78 +libcrux_sha3_generic_keccak_new_9d_7e0(void) { + libcrux_sha3_generic_keccak_KeccakXofState_78 lit; + lit.inner = libcrux_sha3_generic_keccak_new_1e_f4(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__zero_block__uint64_t_1size_t_168size_t( - ret); + libcrux_sha3_generic_keccak_zero_block_9d_e60(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; return lit; } -static inline libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t -libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofAbsorb_168__usize__for_libcrux_sha3__portable__incremental__Shake128Absorb___new( - void) { - return libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__new__uint64_t_1size_t_168size_t(); +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for +libcrux_sha3::portable::incremental::Shake128Absorb)} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_78 +libcrux_sha3_portable_incremental_new_1c(void) { + return libcrux_sha3_generic_keccak_new_9d_7e0(); } -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___136size_t( +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_5a +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c( uint64_t (*state)[5U], Eurydice_slice out[1U]) { size_t num_full_blocks = core_slice___Slice_T___len(out[0U], uint8_t, size_t) / (size_t)8U; @@ -4345,11 +4436,9 @@ libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usi core_slice___Slice_T___len(out[0U], uint8_t, size_t) % (size_t)8U; for (size_t i = (size_t)0U; i < num_full_blocks; i++) { size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * (size_t)8U, .end = i0 * (size_t)8U + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); core_slice___Slice_T___copy_from_slice( @@ -4358,33 +4447,36 @@ libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usi uint8_t, void *); } if (last_block_len != (size_t)0U) { - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = num_full_blocks * (size_t)8U, - .end = num_full_blocks * (size_t)8U + last_block_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[0U], num_full_blocks * (size_t)8U, + num_full_blocks * (size_t)8U + last_block_len, uint8_t, Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes( state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); core_slice___Slice_T___copy_from_slice( uu____1, - Eurydice_array_to_subslice( - (size_t)8U, ret, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, - .end = last_block_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t, + Eurydice_slice), uint8_t, void *); } } -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__squeeze__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t - *self, +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_96( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out[1U]) { if (self->sponge) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); } size_t out_len = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = out_len / (size_t)136U; @@ -4395,59 +4487,64 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ } else { mid = (size_t)136U; } - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( - out, mid); + Eurydice_slice_uint8_t_1size_t__x2 uu____0 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid); Eurydice_slice out00[1U]; memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice out_rest[1U]; memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___136size_t( - self->inner.st, out00); - core_ops_range_Range__size_t iter = + libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out00); + core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) + &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( - out_rest, (size_t)136U); + Eurydice_slice_uint8_t_1size_t__x2 uu____1 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest, + (size_t)136U); Eurydice_slice out0[1U]; memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice tmp[1U]; memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___136size_t( - self->inner.st, out0); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out0); memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < out_len) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___136size_t( - self->inner.st, out_rest); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out_rest); } self->sponge = true; } -static inline void -libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofSqueeze_136__usize__for_libcrux_sha3__portable__incremental__Shake256Squeeze__3__squeeze( - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__136size_t - *self, - Eurydice_slice out) { +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofSqueeze<136: usize> for +libcrux_sha3::portable::incremental::Shake256Squeeze)#3} +*/ +static inline void libcrux_sha3_portable_incremental_squeeze_8a( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__squeeze__uint64_t_1size_t_136size_t( - self, buf); + libcrux_sha3_generic_keccak_squeeze_9d_96(self, buf); } -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___168size_t( +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_5a +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c0( uint64_t (*state)[5U], Eurydice_slice out[1U]) { size_t num_full_blocks = core_slice___Slice_T___len(out[0U], uint8_t, size_t) / (size_t)8U; @@ -4455,11 +4552,9 @@ libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usi core_slice___Slice_T___len(out[0U], uint8_t, size_t) % (size_t)8U; for (size_t i = (size_t)0U; i < num_full_blocks; i++) { size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * (size_t)8U, .end = i0 * (size_t)8U + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); core_slice___Slice_T___copy_from_slice( @@ -4468,33 +4563,36 @@ libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usi uint8_t, void *); } if (last_block_len != (size_t)0U) { - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = num_full_blocks * (size_t)8U, - .end = num_full_blocks * (size_t)8U + last_block_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[0U], num_full_blocks * (size_t)8U, + num_full_blocks * (size_t)8U + last_block_len, uint8_t, Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes( state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); core_slice___Slice_T___copy_from_slice( uu____1, - Eurydice_array_to_subslice( - (size_t)8U, ret, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, - .end = last_block_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t, + Eurydice_slice), uint8_t, void *); } } -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__squeeze__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t - *self, +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_960( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out[1U]) { if (self->sponge) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); } size_t out_len = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = out_len / (size_t)168U; @@ -4505,61 +4603,54 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE_ } else { mid = (size_t)168U; } - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( - out, mid); + Eurydice_slice_uint8_t_1size_t__x2 uu____0 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid); Eurydice_slice out00[1U]; memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice out_rest[1U]; memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___168size_t( - self->inner.st, out00); - core_ops_range_Range__size_t iter = + libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out00); + core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) + &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( - out_rest, (size_t)168U); + Eurydice_slice_uint8_t_1size_t__x2 uu____1 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest, + (size_t)168U); Eurydice_slice out0[1U]; memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice tmp[1U]; memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___168size_t( - self->inner.st, out0); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out0); memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < out_len) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&self->inner); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store___168size_t( - self->inner.st, out_rest); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out_rest); } self->sponge = true; } -static inline void -libcrux_sha3_portable_incremental___libcrux_sha3__portable__incremental__XofSqueeze_168__usize__for_libcrux_sha3__portable__incremental__Shake128Squeeze__1__squeeze( - libcrux_sha3_generic_keccak_KeccakXofState__uint64_t__1size_t__168size_t - *self, - Eurydice_slice out) { +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofSqueeze<168: usize> for +libcrux_sha3::portable::incremental::Shake128Squeeze)#1} +*/ +static inline void libcrux_sha3_portable_incremental_squeeze_10( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakXofState_STATE__PARALLEL_LANES__RATE__TraitClause_0__2__squeeze__uint64_t_1size_t_168size_t( - self, buf); + libcrux_sha3_generic_keccak_squeeze_9d_960(self, buf); } -static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState___clone( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self) { -======= /** This function found in impl {(core::clone::Clone for libcrux_sha3::portable::KeccakState)} @@ -4567,7 +4658,6 @@ libcrux_sha3::portable::KeccakState)} static inline libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_clone_3d( libcrux_sha3_generic_keccak_KeccakState_48 *self) { ->>>>>>> main return self[0U]; } From 06b02e72e21705b53062d5988d3233715af43ad2 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 13 Aug 2024 11:51:39 +0200 Subject: [PATCH 043/172] Regenerate headerless --- libcrux-ml-kem/cg.yaml | 4 ++-- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 2 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/libcrux-ml-kem/cg.yaml b/libcrux-ml-kem/cg.yaml index 7e0205733..25587bea3 100644 --- a/libcrux-ml-kem/cg.yaml +++ b/libcrux-ml-kem/cg.yaml @@ -27,8 +27,8 @@ files: - [libcrux_sha3, simd, avx2, "*"] monomorphizations_exact: - [libcrux_sha3, generic_keccak, KeccakState_29] - - [libcrux_sha3, generic_keccak, absorb_final_5e ] - - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_27 ] + - [libcrux_sha3, generic_keccak, absorb_final_d9 ] + - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_2a ] monomorphizations_of: - [libcrux_sha3, avx2, "*"] - [libcrux_sha3, simd, avx2, "*"] diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 2dcd66593..d01f05406 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 53530427db2941ce784201e64086766504bc5642 Eurydice: 67f4341506300372fba9cb8de070234935839cb7 Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 +Libcrux: 2254679b1f78d1cfe96de9ef4ae8e76fee62f07e diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 91e226a7f..5aa5c71c7 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 2254679b1f78d1cfe96de9ef4ae8e76fee62f07e */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 249704425..892f3f32f 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 2254679b1f78d1cfe96de9ef4ae8e76fee62f07e */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index e9805d28d..20c43ef29 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 2254679b1f78d1cfe96de9ef4ae8e76fee62f07e */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index aeefc6f61..04b44178c 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 2254679b1f78d1cfe96de9ef4ae8e76fee62f07e */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index a9f54c228..e45044411 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 2254679b1f78d1cfe96de9ef4ae8e76fee62f07e */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index a37ff7f18..8b652e0ed 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 2254679b1f78d1cfe96de9ef4ae8e76fee62f07e */ #ifndef __libcrux_sha3_portable_H From 3230f595a9063fbdf7397861d8a547684e880272 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 13 Aug 2024 13:27:09 +0200 Subject: [PATCH 044/172] Fix C extraction --- libcrux-ml-kem/c.yaml | 4 ++-- libcrux-ml-kem/c/benches/sha3.cc | 8 +++---- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 2 +- .../c/internal/libcrux_mlkem_avx2.h | 2 +- .../c/internal/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 23 ++++++++++++++++++- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 2 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 12 +++++----- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- libcrux-ml-kem/cg/benches/sha3.cc | 8 +++---- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 2 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 45 files changed, 78 insertions(+), 57 deletions(-) diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 54dea4797..4dab8e235 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -43,8 +43,8 @@ files: # the behavior applies. internal: monomorphizations_exact: - - [libcrux_sha3, generic_keccak, absorb_final_5e ] - - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_27 ] + - [libcrux_sha3, generic_keccak, absorb_final_d9 ] + - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_2a ] api: - [libcrux_sha3, avx2, "*"] private: diff --git a/libcrux-ml-kem/c/benches/sha3.cc b/libcrux-ml-kem/c/benches/sha3.cc index d5b35e949..97cc7a57b 100644 --- a/libcrux-ml-kem/c/benches/sha3.cc +++ b/libcrux-ml-kem/c/benches/sha3.cc @@ -71,14 +71,14 @@ shake128_34_504(benchmark::State &state) Eurydice_slice last[4] = {EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34)}; Eurydice_slice out[4] = {EURYDICE_SLICE(digest0, 0, 504), EURYDICE_SLICE(digest1, 0, 504), EURYDICE_SLICE(digest2, 0, 504), EURYDICE_SLICE(digest3, 0, 504)}; libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_5e(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(&st, out); + libcrux_sha3_generic_keccak_absorb_final_d9(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(&st, out); for (auto _ : state) { libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_5e(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(&st, out); + libcrux_sha3_generic_keccak_absorb_final_d9(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(&st, out); } } diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 2dcd66593..5c241aed0 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 53530427db2941ce784201e64086766504bc5642 Eurydice: 67f4341506300372fba9cb8de070234935839cb7 Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 +Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 211cc9909..c267a11d4 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index c58274b2d..400fe304e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index f804b6fe9..02b20eae1 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 266d7b1d9..6b1490d57 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __internal_libcrux_sha3_avx2_H @@ -23,9 +23,30 @@ extern "C" { #include "internal/libcrux_core.h" #include "intrinsics/libcrux_intrinsics_avx2.h" +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +void libcrux_sha3_generic_keccak_absorb_final_d9( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]); + typedef libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_KeccakState; +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]); + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 492806c01..80cd5b7ab 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index b7b2bdd9c..86a49e1e6 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index f996275c2..4265e7e36 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index e49671d22..276b5327d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 06fd29c23..5b6502758 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index b998cf7b5..f70175faf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 797d91e73..2b84bcdbd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index da8c23ac8..8ea6c71ad 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 09650596b..06d05903b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 097a45d9c..d6917cf59 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 5c4f38c2a..36f5a4f09 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index fa6dad06e..e6ed7f596 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index b8f2d5f1d..b307dbf3b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 44d618b81..14d7b3864 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index ab26b8bb2..170f11724 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 72c54b633..860111581 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 2f467bcf6..145cf96c6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 210560026..4ed073607 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 33f6d76d2..ed6975218 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "internal/libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 8790d8b38..449e5df23 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 3fe183665..e82ce94ef 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 1d6f5431b..138774405 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index af39cb43a..8cd0d81d5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index ba9e8f0f0..3e6277eff 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index c68ecc2de..d25fce762 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index f55c62960..e606bafb5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "internal/libcrux_sha3_avx2.h" @@ -1634,7 +1634,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void absorb_final_d9( +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_d9( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1965,7 +1965,7 @@ static KRML_MUSTINLINE void keccak_4f(Eurydice_slice data[4U], slice_n_ef(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - absorb_final_d9(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_d9(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; @@ -2438,7 +2438,7 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_three_blocks_2a( +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2461,7 +2461,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_three_blocks_2a(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(s, buf); } /** @@ -2516,7 +2516,7 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - absorb_final_d9(s, buf); + libcrux_sha3_generic_keccak_absorb_final_d9(s, buf); } KRML_MUSTINLINE void diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 57c0cf3a9..39046c730 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index bd4b21e2f..aa2382f2b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 1addd0b44..654c8b7ee 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index faf3b6790..1fc256403 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 8afc9098ccf0c74c13fe7d661a9a9efad5861427 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/benches/sha3.cc b/libcrux-ml-kem/cg/benches/sha3.cc index 0d1334472..802449e33 100644 --- a/libcrux-ml-kem/cg/benches/sha3.cc +++ b/libcrux-ml-kem/cg/benches/sha3.cc @@ -69,14 +69,14 @@ shake128_34_504(benchmark::State &state) Eurydice_slice last[4] = {EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34)}; Eurydice_slice out[4] = {EURYDICE_SLICE(digest0, 0, 504), EURYDICE_SLICE(digest1, 0, 504), EURYDICE_SLICE(digest2, 0, 504), EURYDICE_SLICE(digest3, 0, 504)}; libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_5e(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(&st, out); + libcrux_sha3_generic_keccak_absorb_final_d9(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(&st, out); for (auto _ : state) { libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_5e(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(&st, out); + libcrux_sha3_generic_keccak_absorb_final_d9(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(&st, out); } } diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index d01f05406..5c241aed0 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 53530427db2941ce784201e64086766504bc5642 Eurydice: 67f4341506300372fba9cb8de070234935839cb7 Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 2254679b1f78d1cfe96de9ef4ae8e76fee62f07e +Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 5aa5c71c7..198ee3d21 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 2254679b1f78d1cfe96de9ef4ae8e76fee62f07e + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 892f3f32f..c817dee4b 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 2254679b1f78d1cfe96de9ef4ae8e76fee62f07e + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 20c43ef29..c474226eb 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 2254679b1f78d1cfe96de9ef4ae8e76fee62f07e + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 04b44178c..5577c03e1 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 2254679b1f78d1cfe96de9ef4ae8e76fee62f07e + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index e45044411..9cd351164 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 2254679b1f78d1cfe96de9ef4ae8e76fee62f07e + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 8b652e0ed..7b15ca543 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 2254679b1f78d1cfe96de9ef4ae8e76fee62f07e + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_sha3_portable_H From 66c395b33cd44f5d328eb52a5beee79cc47ce7c7 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 13 Aug 2024 15:01:24 +0200 Subject: [PATCH 045/172] Expose key generation and signing randomness requirement constants --- libcrux-ml-dsa/src/constants.rs | 6 ++++-- libcrux-ml-dsa/src/lib.rs | 3 +++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-dsa/src/constants.rs b/libcrux-ml-dsa/src/constants.rs index 8a9274a05..ac15681aa 100644 --- a/libcrux-ml-dsa/src/constants.rs +++ b/libcrux-ml-dsa/src/constants.rs @@ -18,8 +18,10 @@ pub(crate) const SEED_FOR_ERROR_VECTORS_SIZE: usize = 64; pub(crate) const BYTES_FOR_VERIFICATION_KEY_HASH: usize = 64; pub(crate) const SEED_FOR_SIGNING_SIZE: usize = 32; -pub(crate) const KEY_GENERATION_RANDOMNESS_SIZE: usize = 32; -pub(crate) const SIGNING_RANDOMNESS_SIZE: usize = 32; +/// Number of bytes of entropy required for key generation. +pub const KEY_GENERATION_RANDOMNESS_SIZE: usize = 32; +/// Number of bytes of entropy required for signing. +pub const SIGNING_RANDOMNESS_SIZE: usize = 32; pub(crate) const MESSAGE_REPRESENTATIVE_SIZE: usize = 64; pub(crate) const MASK_SEED_SIZE: usize = 64; diff --git a/libcrux-ml-dsa/src/lib.rs b/libcrux-ml-dsa/src/lib.rs index 1d8a09983..4cc7d8fc8 100644 --- a/libcrux-ml-dsa/src/lib.rs +++ b/libcrux-ml-dsa/src/lib.rs @@ -17,6 +17,9 @@ mod utils; pub use {ml_dsa_generic::VerificationError, types::*}; +pub use crate::constants::KEY_GENERATION_RANDOMNESS_SIZE; +pub use crate::constants::SIGNING_RANDOMNESS_SIZE; + pub mod ml_dsa_44; pub mod ml_dsa_65; pub mod ml_dsa_87; From 5624b74785b25c896c756b3455769fe4c4aae9f8 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 13 Aug 2024 15:01:57 +0200 Subject: [PATCH 046/172] Add manual benchmarks for ML-DSA variants --- libcrux-ml-dsa/Cargo.toml | 5 ++ libcrux-ml-dsa/benches/manual.rs | 131 +++++++++++++++++++++++++++++++ 2 files changed, 136 insertions(+) create mode 100644 libcrux-ml-dsa/benches/manual.rs diff --git a/libcrux-ml-dsa/Cargo.toml b/libcrux-ml-dsa/Cargo.toml index fc67242dc..5127e1020 100644 --- a/libcrux-ml-dsa/Cargo.toml +++ b/libcrux-ml-dsa/Cargo.toml @@ -28,6 +28,11 @@ pqcrypto-dilithium = { version = "0.5.0" } #, default-features = false simd128 = [] simd256 = [] +[[bench]] +name = "manual" +harness = false + [[bench]] name = "ml-dsa" harness = false + diff --git a/libcrux-ml-dsa/benches/manual.rs b/libcrux-ml-dsa/benches/manual.rs new file mode 100644 index 000000000..03d8e236e --- /dev/null +++ b/libcrux-ml-dsa/benches/manual.rs @@ -0,0 +1,131 @@ +use std::time::{Duration, Instant}; + +use libcrux_ml_dsa::{ + ml_dsa_44::{self, MLDSA44KeyPair, MLDSA44Signature}, + ml_dsa_65::{self, MLDSA65KeyPair, MLDSA65Signature}, + ml_dsa_87::{self, MLDSA87KeyPair, MLDSA87Signature}, + KEY_GENERATION_RANDOMNESS_SIZE, SIGNING_RANDOMNESS_SIZE, +}; +use rand::{rngs::OsRng, RngCore}; + +fn random_array() -> [u8; L] { + let mut rng = OsRng; + let mut seed = [0; L]; + rng.try_fill_bytes(&mut seed).unwrap(); + seed +} + +fn print_time(label: &str, d: Duration) { + let micros = d.as_micros(); + let time = if micros < (1_000 * ITERATIONS as u128) { + format!("{} μs", micros / ITERATIONS as u128) + } else if micros < (1_000_000 * ITERATIONS as u128) { + format!( + "{:.2} ms", + (micros as f64 / (1_000_f64 * ITERATIONS as f64)) + ) + } else { + format!( + "{:.2}s", + (micros as f64 / (1_000_000_f64 * ITERATIONS as f64)) + ) + }; + let space = if label.len() < 6 { + "\t\t".to_string() + } else { + "\t".to_string() + }; + + println!("{label}:{space}{time}"); +} + +const ITERATIONS: usize = 100_000; +const WARMUP_ITERATIONS: usize = 1_000; + +// A benchmarking macro to avoid copying memory and skewing the results. +macro_rules! bench { + ($label:literal, $variant:literal, $input:expr, $setup:expr, $routine:expr) => {{ + let mut time = Duration::ZERO; + + // Warmup + for _ in 0..WARMUP_ITERATIONS { + let input = $setup($input); + $routine(input); + } + + // Benchmark + for _ in 0..ITERATIONS { + let input = $setup($input); + + let start = Instant::now(); + core::hint::black_box($routine(input)); + let end = Instant::now(); + + time += end.duration_since(start); + } + print_time(concat!($label, " ", $variant), time); + }}; +} + +macro_rules! bench_group { + ($variant:literal, $mod:ident, $keypair_t:ident, $signature_t:ident) => {{ + bench!( + "KeyGen", + $variant, + (), + |()| { + // FIXME: expose the constants + let key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE] = random_array(); + key_generation_seed + }, + |key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE]| { + $mod::generate_key_pair(key_generation_seed) + } + ); + bench!( + "Sign", + $variant, + (), + |()| { + // FIXME: expose the constants + let key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE] = random_array(); + let signing_randomness: [u8; SIGNING_RANDOMNESS_SIZE] = random_array(); + let message = random_array::<1023>(); + let keypair = $mod::generate_key_pair(key_generation_seed); + + (keypair, message, signing_randomness) + }, + |(keypair, message, signing_randomness): ( + $keypair_t, + [u8; 1023], + [u8; SIGNING_RANDOMNESS_SIZE] + )| { $mod::sign(&keypair.signing_key, &message, signing_randomness) } + ); + + bench!( + "Verify", + $variant, + (), + |()| { + // FIXME: expose the constants + let key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE] = random_array(); + let signing_randomness: [u8; SIGNING_RANDOMNESS_SIZE] = random_array(); + let message = random_array::<1023>(); + let keypair = $mod::generate_key_pair(key_generation_seed); + let signature = $mod::sign(&keypair.signing_key, &message, signing_randomness); + (keypair, message, signature) + }, + |(keypair, message, signature): ($keypair_t, [u8; 1023], $signature_t)| { + $mod::verify(&keypair.verification_key, &message, &signature).unwrap() + } + ); + + println!(""); + }}; +} + +fn main() { + bench_group!("65", ml_dsa_65, MLDSA65KeyPair, MLDSA65Signature); + bench_group!("44", ml_dsa_44, MLDSA44KeyPair, MLDSA44Signature); + bench_group!("87", ml_dsa_87, MLDSA87KeyPair, MLDSA87Signature); +} From e38821806c67aa994b5b5cad767a28d0ee0679d5 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 13 Aug 2024 15:32:49 +0200 Subject: [PATCH 047/172] Remove obsolete comments --- libcrux-ml-dsa/benches/manual.rs | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/libcrux-ml-dsa/benches/manual.rs b/libcrux-ml-dsa/benches/manual.rs index 03d8e236e..af4b36b43 100644 --- a/libcrux-ml-dsa/benches/manual.rs +++ b/libcrux-ml-dsa/benches/manual.rs @@ -74,7 +74,6 @@ macro_rules! bench_group { $variant, (), |()| { - // FIXME: expose the constants let key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE] = random_array(); key_generation_seed }, @@ -87,7 +86,6 @@ macro_rules! bench_group { $variant, (), |()| { - // FIXME: expose the constants let key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE] = random_array(); let signing_randomness: [u8; SIGNING_RANDOMNESS_SIZE] = random_array(); let message = random_array::<1023>(); @@ -107,7 +105,6 @@ macro_rules! bench_group { $variant, (), |()| { - // FIXME: expose the constants let key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE] = random_array(); let signing_randomness: [u8; SIGNING_RANDOMNESS_SIZE] = random_array(); let message = random_array::<1023>(); @@ -125,7 +122,7 @@ macro_rules! bench_group { } fn main() { - bench_group!("65", ml_dsa_65, MLDSA65KeyPair, MLDSA65Signature); bench_group!("44", ml_dsa_44, MLDSA44KeyPair, MLDSA44Signature); + bench_group!("65", ml_dsa_65, MLDSA65KeyPair, MLDSA65Signature); bench_group!("87", ml_dsa_87, MLDSA87KeyPair, MLDSA87Signature); } From 6832d78cf67552b3644583a249c236bf39ab0cb0 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 13 Aug 2024 17:08:57 +0200 Subject: [PATCH 048/172] Separate parameter set benchmarks --- libcrux-ml-dsa/Cargo.toml | 10 ++- .../benches/{manual.rs => bench_utils.rs} | 62 +++++++++---------- libcrux-ml-dsa/benches/manual44.rs | 15 +++++ libcrux-ml-dsa/benches/manual65.rs | 15 +++++ libcrux-ml-dsa/benches/manual87.rs | 15 +++++ 5 files changed, 83 insertions(+), 34 deletions(-) rename libcrux-ml-dsa/benches/{manual.rs => bench_utils.rs} (70%) create mode 100644 libcrux-ml-dsa/benches/manual44.rs create mode 100644 libcrux-ml-dsa/benches/manual65.rs create mode 100644 libcrux-ml-dsa/benches/manual87.rs diff --git a/libcrux-ml-dsa/Cargo.toml b/libcrux-ml-dsa/Cargo.toml index 5127e1020..5408a697b 100644 --- a/libcrux-ml-dsa/Cargo.toml +++ b/libcrux-ml-dsa/Cargo.toml @@ -29,7 +29,15 @@ simd128 = [] simd256 = [] [[bench]] -name = "manual" +name = "manual44" +harness = false + +[[bench]] +name = "manual65" +harness = false + +[[bench]] +name = "manual87" harness = false [[bench]] diff --git a/libcrux-ml-dsa/benches/manual.rs b/libcrux-ml-dsa/benches/bench_utils.rs similarity index 70% rename from libcrux-ml-dsa/benches/manual.rs rename to libcrux-ml-dsa/benches/bench_utils.rs index af4b36b43..604bb0364 100644 --- a/libcrux-ml-dsa/benches/manual.rs +++ b/libcrux-ml-dsa/benches/bench_utils.rs @@ -1,21 +1,15 @@ -use std::time::{Duration, Instant}; - -use libcrux_ml_dsa::{ - ml_dsa_44::{self, MLDSA44KeyPair, MLDSA44Signature}, - ml_dsa_65::{self, MLDSA65KeyPair, MLDSA65Signature}, - ml_dsa_87::{self, MLDSA87KeyPair, MLDSA87Signature}, - KEY_GENERATION_RANDOMNESS_SIZE, SIGNING_RANDOMNESS_SIZE, -}; -use rand::{rngs::OsRng, RngCore}; - -fn random_array() -> [u8; L] { - let mut rng = OsRng; +use rand::RngCore; + +#[allow(unused)] +pub(crate) fn random_array() -> [u8; L] { + let mut rng = rand::rngs::OsRng; let mut seed = [0; L]; rng.try_fill_bytes(&mut seed).unwrap(); seed } -fn print_time(label: &str, d: Duration) { +#[allow(unused)] +pub(crate) fn print_time(label: &str, d: std::time::Duration) { let micros = d.as_micros(); let time = if micros < (1_000 * ITERATIONS as u128) { format!("{} μs", micros / ITERATIONS as u128) @@ -39,34 +33,38 @@ fn print_time(label: &str, d: Duration) { println!("{label}:{space}{time}"); } -const ITERATIONS: usize = 100_000; -const WARMUP_ITERATIONS: usize = 1_000; +#[allow(unused)] +pub(crate) const ITERATIONS: usize = 100_000; +#[allow(unused)] +pub(crate) const WARMUP_ITERATIONS: usize = 1_000; // A benchmarking macro to avoid copying memory and skewing the results. +#[macro_export] macro_rules! bench { ($label:literal, $variant:literal, $input:expr, $setup:expr, $routine:expr) => {{ - let mut time = Duration::ZERO; + let mut time = std::time::Duration::ZERO; // Warmup - for _ in 0..WARMUP_ITERATIONS { + for _ in 0..bench_utils::WARMUP_ITERATIONS { let input = $setup($input); $routine(input); } // Benchmark - for _ in 0..ITERATIONS { + for _ in 0..bench_utils::ITERATIONS { let input = $setup($input); - let start = Instant::now(); + let start = std::time::Instant::now(); core::hint::black_box($routine(input)); - let end = Instant::now(); + let end = std::time::Instant::now(); time += end.duration_since(start); } - print_time(concat!($label, " ", $variant), time); + bench_utils::print_time(concat!($label, " ", $variant), time); }}; } +#[macro_export] macro_rules! bench_group { ($variant:literal, $mod:ident, $keypair_t:ident, $signature_t:ident) => {{ bench!( @@ -74,7 +72,7 @@ macro_rules! bench_group { $variant, (), |()| { - let key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE] = random_array(); + let key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE] = bench_utils::random_array(); key_generation_seed }, |key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE]| { @@ -86,9 +84,9 @@ macro_rules! bench_group { $variant, (), |()| { - let key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE] = random_array(); - let signing_randomness: [u8; SIGNING_RANDOMNESS_SIZE] = random_array(); - let message = random_array::<1023>(); + let key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE] = bench_utils::random_array(); + let signing_randomness: [u8; SIGNING_RANDOMNESS_SIZE] = bench_utils::random_array(); + let message = bench_utils::random_array::<1023>(); let keypair = $mod::generate_key_pair(key_generation_seed); (keypair, message, signing_randomness) @@ -105,9 +103,9 @@ macro_rules! bench_group { $variant, (), |()| { - let key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE] = random_array(); - let signing_randomness: [u8; SIGNING_RANDOMNESS_SIZE] = random_array(); - let message = random_array::<1023>(); + let key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE] = bench_utils::random_array(); + let signing_randomness: [u8; SIGNING_RANDOMNESS_SIZE] = bench_utils::random_array(); + let message = bench_utils::random_array::<1023>(); let keypair = $mod::generate_key_pair(key_generation_seed); let signature = $mod::sign(&keypair.signing_key, &message, signing_randomness); (keypair, message, signature) @@ -121,8 +119,6 @@ macro_rules! bench_group { }}; } -fn main() { - bench_group!("44", ml_dsa_44, MLDSA44KeyPair, MLDSA44Signature); - bench_group!("65", ml_dsa_65, MLDSA65KeyPair, MLDSA65Signature); - bench_group!("87", ml_dsa_87, MLDSA87KeyPair, MLDSA87Signature); -} + + + diff --git a/libcrux-ml-dsa/benches/manual44.rs b/libcrux-ml-dsa/benches/manual44.rs new file mode 100644 index 000000000..9efe13d9b --- /dev/null +++ b/libcrux-ml-dsa/benches/manual44.rs @@ -0,0 +1,15 @@ + + +use libcrux_ml_dsa::{ + ml_dsa_44::{self, MLDSA44KeyPair, MLDSA44Signature}, + KEY_GENERATION_RANDOMNESS_SIZE, SIGNING_RANDOMNESS_SIZE, +}; + + +#[path = "./bench_utils.rs"] +#[macro_use] +mod bench_utils; + +fn main() { + bench_group!("44", ml_dsa_44, MLDSA44KeyPair, MLDSA44Signature); +} diff --git a/libcrux-ml-dsa/benches/manual65.rs b/libcrux-ml-dsa/benches/manual65.rs new file mode 100644 index 000000000..437a7b19f --- /dev/null +++ b/libcrux-ml-dsa/benches/manual65.rs @@ -0,0 +1,15 @@ + + +use libcrux_ml_dsa::{ + ml_dsa_65::{self, MLDSA65KeyPair, MLDSA65Signature}, + KEY_GENERATION_RANDOMNESS_SIZE, SIGNING_RANDOMNESS_SIZE, +}; + + +#[path = "./bench_utils.rs"] +#[macro_use] +mod bench_utils; + +fn main() { + bench_group!("65", ml_dsa_65, MLDSA65KeyPair, MLDSA65Signature); +} diff --git a/libcrux-ml-dsa/benches/manual87.rs b/libcrux-ml-dsa/benches/manual87.rs new file mode 100644 index 000000000..d16bbf008 --- /dev/null +++ b/libcrux-ml-dsa/benches/manual87.rs @@ -0,0 +1,15 @@ + + +use libcrux_ml_dsa::{ + ml_dsa_87::{self, MLDSA87KeyPair, MLDSA87Signature}, + KEY_GENERATION_RANDOMNESS_SIZE, SIGNING_RANDOMNESS_SIZE, +}; + + +#[path = "./bench_utils.rs"] +#[macro_use] +mod bench_utils; + +fn main() { + bench_group!("87", ml_dsa_87, MLDSA87KeyPair, MLDSA87Signature); +} From d5574e8f6c62bf622ab6b61c291abeb66c1b7221 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Tue, 13 Aug 2024 08:33:09 -0700 Subject: [PATCH 049/172] With latest Eurydice changes --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 2 +- .../c/internal/libcrux_mlkem_neon.h | 2 +- .../c/internal/libcrux_mlkem_portable.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 65 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 60 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 60 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 60 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 60 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 60 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 60 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 877 ++++++++++------- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 898 +++++++++++------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 252 ++--- libcrux-ml-kem/c/libcrux_sha3_neon.c | 205 ++-- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- 34 files changed, 1586 insertions(+), 1117 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 7fd7d385c..eaa0a1b5f 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 53530427db2941ce784201e64086766504bc5642 Eurydice: 67f4341506300372fba9cb8de070234935839cb7 Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 -Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 +Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index ff449d1ea..0cee66992 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index cad194d8f..f3b88ef8f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __internal_libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 503d8a62e..103c0b802 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 2d77d01ee..1f6b6c1d2 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 7a3bd7ee8..b6796aa82 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "internal/libcrux_core.h" @@ -100,10 +100,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( uint8_t value[800U]) { - uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_value[800U]; + memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -137,10 +138,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_e01( uint8_t value[1632U]) { - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_value[1632U]; + memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -155,10 +157,11 @@ with const generics */ libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( uint8_t value[768U]) { - uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_value[768U]; + memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); return lit; } @@ -225,10 +228,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -263,10 +267,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_e00( uint8_t value[3168U]) { - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_value[3168U]; + memcpy(copy_of_value, value, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -281,10 +286,11 @@ with const generics */ libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -351,10 +357,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_value[1184U]; + memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -389,10 +396,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_e0( uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_value[2400U]; + memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -407,10 +415,11 @@ with const generics */ libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_value[1088U]; + memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); return lit; } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index debf385d0..ba047cb53 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index e45f4a347..c5a47bcbb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index 348a2c1d3..542669909 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "libcrux_mlkem1024_neon.h" @@ -125,9 +125,10 @@ static tuple_21 encapsulate_6b( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, copy_of_randomness); } /** @@ -141,9 +142,10 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6b(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_6b(uu____0, copy_of_randomness); } /** @@ -172,9 +174,11 @@ static tuple_21 encapsulate_unpacked_1c( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, + copy_of_randomness); } /** @@ -192,9 +196,10 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_1c(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_1c(uu____0, copy_of_randomness); } /** @@ -213,9 +218,10 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_72(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_72(copy_of_randomness); } /** @@ -223,9 +229,10 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_91(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_91(copy_of_randomness); } /** @@ -245,9 +252,11 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c generate_keypair_unpacked_87(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4( + copy_of_randomness); } /** @@ -256,9 +265,10 @@ generate_keypair_unpacked_87(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_87(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_87(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index 9ad36777f..82014512d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem1024_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index ab538bf0b..f2599c9d4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "libcrux_mlkem1024_portable.h" @@ -125,9 +125,10 @@ static tuple_21 encapsulate_48( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d1(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_9d1(uu____0, copy_of_randomness); } /** @@ -141,9 +142,10 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_48(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_48(uu____0, copy_of_randomness); } /** @@ -172,9 +174,11 @@ static tuple_21 encapsulate_unpacked_ac( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_861(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_861(uu____0, + copy_of_randomness); } /** @@ -192,9 +196,10 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ac(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_ac(uu____0, copy_of_randomness); } /** @@ -214,9 +219,10 @@ generics */ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f1(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_6f1(copy_of_randomness); } /** @@ -224,9 +230,10 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6e(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_6e(copy_of_randomness); } /** @@ -246,9 +253,11 @@ const generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 generate_keypair_unpacked_f5(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1( + copy_of_randomness); } /** @@ -257,9 +266,10 @@ generate_keypair_unpacked_f5(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_f5(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_f5(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 6f550d51e..002601e79 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index e8619577b..664bc998c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index 1dc9ade54..ee4470906 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "libcrux_mlkem512_neon.h" @@ -121,9 +121,10 @@ static tuple_ec encapsulate_f8( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, copy_of_randomness); } /** @@ -137,9 +138,10 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_f8(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_f8(uu____0, copy_of_randomness); } /** @@ -168,9 +170,11 @@ static tuple_ec encapsulate_unpacked_ce( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, + copy_of_randomness); } /** @@ -186,9 +190,10 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ce(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_ce(uu____0, copy_of_randomness); } /** @@ -207,9 +212,10 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_721(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_721(copy_of_randomness); } /** @@ -217,9 +223,10 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( */ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1a(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_1a(copy_of_randomness); } /** @@ -239,9 +246,11 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 generate_keypair_unpacked_38(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41( + copy_of_randomness); } /** @@ -250,9 +259,10 @@ generate_keypair_unpacked_38(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_38(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_38(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index e953e8cdf..594ab9383 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem512_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index efda480b7..af419fed6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "libcrux_mlkem512_portable.h" @@ -121,9 +121,10 @@ static tuple_ec encapsulate_10( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, copy_of_randomness); } /** @@ -137,9 +138,10 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_10(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_10(uu____0, copy_of_randomness); } /** @@ -168,9 +170,11 @@ static tuple_ec encapsulate_unpacked_49( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_860(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_860(uu____0, + copy_of_randomness); } /** @@ -186,9 +190,10 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_49(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_49(uu____0, copy_of_randomness); } /** @@ -208,9 +213,10 @@ generics */ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f0(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_6f0(copy_of_randomness); } /** @@ -218,9 +224,10 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( */ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_f9(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_f9(copy_of_randomness); } /** @@ -240,9 +247,11 @@ const generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae generate_keypair_unpacked_d6(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0( + copy_of_randomness); } /** @@ -251,9 +260,10 @@ generate_keypair_unpacked_d6(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d6(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_d6(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 0deb92f42..51c51000e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 1dc07a330..976c473d9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index a88c7b3ed..44967e823 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "libcrux_mlkem768_neon.h" @@ -121,9 +121,10 @@ static tuple_3c encapsulate_ea( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, copy_of_randomness); } /** @@ -137,9 +138,10 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ea(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_ea(uu____0, copy_of_randomness); } /** @@ -168,9 +170,11 @@ static tuple_3c encapsulate_unpacked_29( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, + copy_of_randomness); } /** @@ -186,9 +190,10 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_29(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_29(uu____0, copy_of_randomness); } /** @@ -207,9 +212,10 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_720(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_720(copy_of_randomness); } /** @@ -217,9 +223,10 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( */ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1b(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_1b(copy_of_randomness); } /** @@ -239,9 +246,11 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd generate_keypair_unpacked_42(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40( + copy_of_randomness); } /** @@ -250,9 +259,10 @@ generate_keypair_unpacked_42(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_42(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_42(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index 34fd92317..d10775770 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem768_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 2e07aebd4..d79390c40 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "libcrux_mlkem768_portable.h" @@ -121,9 +121,10 @@ static tuple_3c encapsulate_4b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, copy_of_randomness); } /** @@ -137,9 +138,10 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_4b(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_4b(uu____0, copy_of_randomness); } /** @@ -168,9 +170,11 @@ static tuple_3c encapsulate_unpacked_10( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_86(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_86(uu____0, + copy_of_randomness); } /** @@ -186,9 +190,10 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_10(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_10(uu____0, copy_of_randomness); } /** @@ -208,9 +213,10 @@ generics */ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_6f(copy_of_randomness); } /** @@ -218,9 +224,10 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( */ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_64(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_64(copy_of_randomness); } /** @@ -240,9 +247,11 @@ const generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 generate_keypair_unpacked_c5(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d( + copy_of_randomness); } /** @@ -251,9 +260,10 @@ generate_keypair_unpacked_c5(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c5(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_c5(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 002b28c6c..13b1459a3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 3ed7fe16f..d2060fa0c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 638c2cdaa..94b4f2b96 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 7524cf6c2..2060c7880 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "internal/libcrux_mlkem_neon.h" @@ -1510,9 +1510,10 @@ libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics */ static KRML_MUSTINLINE Simd128Hash shake128_init_absorb_48_551(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_6b1(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_input[2U][34U]; + memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_6b1(copy_of_input); } /** @@ -1808,32 +1809,37 @@ static KRML_MUSTINLINE void sample_from_xof_c01( libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_48_551(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_48_551(copy_of_seeds); uint8_t randomness0[2U][504U]; shake128_squeeze_three_blocks_48_e91(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness0[2U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_e63( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; shake128_squeeze_block_48_ad1(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[2U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)2U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_e64( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + /* This copy dictated by the Rust value passing semantics */ + int16_t copy_of_out[2U][272U]; + memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_d51(uu____3[i]);); + ret0[i] = closure_d51(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); @@ -1853,17 +1859,19 @@ static KRML_MUSTINLINE void sample_matrix_A_481( closure_de1(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[2U]; - sample_from_xof_c01(uu____1, sampled); + sample_from_xof_c01(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -1879,7 +1887,9 @@ static KRML_MUSTINLINE void sample_matrix_A_481( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); @@ -2297,12 +2307,13 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, re_as_ntt[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -2313,13 +2324,14 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_re_as_ntt[2U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); tuple_740 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); lit.snd = domain_separator; return lit; @@ -2573,20 +2585,22 @@ static tuple_4c0 generate_keypair_unpacked_ff1( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_1f1(uu____1, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_1f1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_1f1(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_1f1(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; compute_As_plus_e_951(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); @@ -2595,31 +2609,36 @@ static tuple_4c0 generate_keypair_unpacked_ff1( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[2U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U][2U]; - memcpy(uu____5, A_transpose, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A_transpose[2U] + [2U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[2U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); } @@ -2738,20 +2757,24 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -2779,13 +2802,19 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_161( public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key_5d1(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[768U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_serialized[800U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)800U * sizeof(uint8_t)); return lit; } @@ -2890,15 +2919,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[1632U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_e01(uu____1); + libcrux_ml_kem_types_from_05_e01(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key[800U]; + memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c1( - uu____2, libcrux_ml_kem_types_from_b6_571(uu____3)); + uu____2, libcrux_ml_kem_types_from_b6_571(copy_of_public_key)); } /** @@ -2972,12 +3004,13 @@ sample_ring_element_cbd_eb1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -2989,13 +3022,14 @@ sample_ring_element_cbd_eb1(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_2c(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_error_1[2U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); tuple_740 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); lit.snd = domain_separator; return lit; @@ -3816,17 +3850,20 @@ static void encrypt_unpacked_541( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_1f1(uu____0, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_1f1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = sample_ring_element_cbd_eb1(uu____2, domain_separator0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____3 = + sample_ring_element_cbd_eb1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; memcpy( error_1, uu____3.fst, @@ -3842,10 +3879,11 @@ static void encrypt_unpacked_541( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[2U]; compute_vector_u_6a1(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(uu____4); + deserialize_then_decompress_message_23(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = compute_ring_element_v_9b1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -3910,24 +3948,29 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_471( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_541(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_541(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_201(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4022,32 +4065,36 @@ static void encrypt_4e1(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[2U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[2U][2U]; - memcpy(uu____1, A, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A[2U][2U]; + memcpy(copy_of_A, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_541(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_541(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -4127,22 +4174,26 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_4e1(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + encrypt_4e1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_201(uu____4); + libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_631(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4823,10 +4874,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_541(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_541(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_00_f01(ciphertext), @@ -4913,14 +4966,15 @@ static void decrypt_af1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; deserialize_secret_key_4f1(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[2U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t ret0[32U]; decrypt_unpacked_d61(&secret_key_unpacked, ciphertext, ret0); @@ -5000,10 +5054,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_821( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_4e1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_4e1(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_af_631( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, @@ -5231,9 +5287,10 @@ libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics */ static KRML_MUSTINLINE Simd128Hash shake128_init_absorb_48_550(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_6b0(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_6b0(copy_of_input); } /** @@ -5515,32 +5572,37 @@ static KRML_MUSTINLINE void sample_from_xof_c00( libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_48_550(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_48_550(copy_of_seeds); uint8_t randomness0[3U][504U]; shake128_squeeze_three_blocks_48_e90(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_e61( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; shake128_squeeze_block_48_ad0(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_e62( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* This copy dictated by the Rust value passing semantics */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_d50(uu____3[i]);); + ret0[i] = closure_d50(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); @@ -5560,17 +5622,19 @@ static KRML_MUSTINLINE void sample_matrix_A_480( closure_de0(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; - sample_from_xof_c00(uu____1, sampled); + sample_from_xof_c00(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -5586,7 +5650,9 @@ static KRML_MUSTINLINE void sample_matrix_A_480( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); @@ -5670,12 +5736,13 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, re_as_ntt[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -5686,13 +5753,14 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); lit.snd = domain_separator; return lit; @@ -5845,20 +5913,22 @@ static tuple_9b0 generate_keypair_unpacked_ff0( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_1f0(uu____1, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_1f0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_1f0(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_1f0(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; compute_As_plus_e_950(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); @@ -5867,31 +5937,36 @@ static tuple_9b0 generate_keypair_unpacked_ff0( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); } @@ -5987,20 +6062,24 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6028,13 +6107,19 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_160( public_key_serialized); uint8_t secret_key_serialized[1152U]; serialize_secret_key_5d0(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -6139,15 +6224,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_e0(uu____1); + libcrux_ml_kem_types_from_05_e0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c( - uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); + uu____2, libcrux_ml_kem_types_from_b6_57(copy_of_public_key)); } /** @@ -6166,12 +6254,13 @@ sample_ring_element_cbd_eb0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -6183,13 +6272,14 @@ sample_ring_element_cbd_eb0(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_2c(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); lit.snd = domain_separator; return lit; @@ -6405,17 +6495,20 @@ static void encrypt_unpacked_540( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_1f0(uu____0, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_1f0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = sample_ring_element_cbd_eb0(uu____2, domain_separator0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = + sample_ring_element_cbd_eb0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; memcpy( error_1, uu____3.fst, @@ -6431,10 +6524,11 @@ static void encrypt_unpacked_540( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; compute_vector_u_6a0(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(uu____4); + deserialize_then_decompress_message_23(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = compute_ring_element_v_9b0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -6499,24 +6593,29 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_470( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_540(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_540(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_20(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6611,32 +6710,36 @@ static void encrypt_4e0(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; - memcpy(uu____1, A, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_540(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_540(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -6716,22 +6819,26 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_4e0(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + encrypt_4e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(uu____4); + libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_630(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6937,10 +7044,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_540(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_540(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_00_f0(ciphertext), @@ -7003,14 +7112,15 @@ static void decrypt_af0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; deserialize_secret_key_4f0(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t ret0[32U]; decrypt_unpacked_d60(&secret_key_unpacked, ciphertext, ret0); @@ -7090,10 +7200,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_820( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_4e0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_4e0(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_af_630( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, @@ -7321,9 +7433,10 @@ libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics */ static KRML_MUSTINLINE Simd128Hash shake128_init_absorb_48_55(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_6b(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_input[4U][34U]; + memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_6b(copy_of_input); } /** @@ -7611,32 +7724,37 @@ static KRML_MUSTINLINE void sample_from_xof_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_48_55(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_48_55(copy_of_seeds); uint8_t randomness0[4U][504U]; shake128_squeeze_three_blocks_48_e9(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness0[4U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_e6( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; shake128_squeeze_block_48_ad(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[4U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)4U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_e60( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + /* This copy dictated by the Rust value passing semantics */ + int16_t copy_of_out[4U][272U]; + memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_d5(uu____3[i]);); + ret0[i] = closure_d5(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); @@ -7656,17 +7774,19 @@ static KRML_MUSTINLINE void sample_matrix_A_48( closure_de(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[4U]; - sample_from_xof_c0(uu____1, sampled); + sample_from_xof_c0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -7682,7 +7802,9 @@ static KRML_MUSTINLINE void sample_matrix_A_48( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); @@ -7769,12 +7891,13 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, re_as_ntt[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -7785,13 +7908,14 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_re_as_ntt[4U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); tuple_71 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); lit.snd = domain_separator; return lit; @@ -7944,20 +8068,22 @@ static tuple_54 generate_keypair_unpacked_ff( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_1f(uu____1, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_1f(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_1f(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_1f(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; compute_As_plus_e_95(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); @@ -7966,31 +8092,36 @@ static tuple_54 generate_keypair_unpacked_ff( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[4U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U][4U]; - memcpy(uu____5, A_transpose, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A_transpose[4U] + [4U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[4U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); } @@ -8086,20 +8217,24 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8127,13 +8262,19 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_16( public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key_5d(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[1536U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_serialized[1568U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -8238,15 +8379,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[3168U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_e00(uu____1); + libcrux_ml_kem_types_from_05_e00(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key[1568U]; + memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c0( - uu____2, libcrux_ml_kem_types_from_b6_570(uu____3)); + uu____2, libcrux_ml_kem_types_from_b6_570(copy_of_public_key)); } /** @@ -8265,12 +8409,13 @@ sample_ring_element_cbd_eb(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -8282,13 +8427,14 @@ sample_ring_element_cbd_eb(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_2c(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_error_1[4U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); tuple_71 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); lit.snd = domain_separator; return lit; @@ -8557,17 +8703,20 @@ static void encrypt_unpacked_54( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_1f(uu____0, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_1f(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = sample_ring_element_cbd_eb(uu____2, domain_separator0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = + sample_ring_element_cbd_eb(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; memcpy( error_1, uu____3.fst, @@ -8583,10 +8732,11 @@ static void encrypt_unpacked_54( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[4U]; compute_vector_u_6a(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(uu____4); + deserialize_then_decompress_message_23(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = compute_ring_element_v_9b(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -8652,24 +8802,29 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_47( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_54(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_54(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_200(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8764,32 +8919,36 @@ static void encrypt_4e(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[4U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[4U][4U]; - memcpy(uu____1, A, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A[4U][4U]; + memcpy(copy_of_A, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_54(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_54(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -8869,22 +9028,26 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_4e(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + encrypt_4e(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_200(uu____4); + libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_63(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -9132,10 +9295,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_54(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_54(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_00_f00(ciphertext), @@ -9198,14 +9363,15 @@ static void decrypt_af(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; deserialize_secret_key_4f(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[4U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t ret0[32U]; decrypt_unpacked_d6(&secret_key_unpacked, ciphertext, ret0); @@ -9286,10 +9452,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_82( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_4e(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_4e(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_af_63( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 80f89c5b8..eb50c46dd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 4cf1af2e8..fd2294739 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "internal/libcrux_mlkem_portable.h" @@ -2123,11 +2123,12 @@ shake128_init_absorb_411(uint8_t input[4U][34U]) { &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[4U]; - memcpy(uu____0, shake128_state, + /* This copy dictated by the Rust value passing semantics */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[4U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_d1 lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -2144,9 +2145,10 @@ generics */ static KRML_MUSTINLINE PortableHash_d1 shake128_init_absorb_f1_511(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_411(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_input[4U][34U]; + memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_411(copy_of_input); } /** @@ -2427,32 +2429,37 @@ static KRML_MUSTINLINE void sample_from_xof_f61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_f1_511(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + PortableHash_d1 xof_state = shake128_init_absorb_f1_511(copy_of_seeds); uint8_t randomness0[4U][504U]; shake128_squeeze_three_blocks_f1_7f1(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness0[4U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_023( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; shake128_squeeze_block_f1_681(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[4U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)4U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_024( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + /* This copy dictated by the Rust value passing semantics */ + int16_t copy_of_out[4U][272U]; + memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_131(uu____3[i]);); + ret0[i] = closure_131(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2473,17 +2480,19 @@ static KRML_MUSTINLINE void sample_matrix_A_551( closure_821(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_f61(uu____1, sampled); + sample_from_xof_f61(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -2499,7 +2508,9 @@ static KRML_MUSTINLINE void sample_matrix_A_551( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); @@ -2914,12 +2925,13 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, re_as_ntt[i] = ZERO_89_02();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -2930,13 +2942,14 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -3193,20 +3206,22 @@ static tuple_540 generate_keypair_unpacked_a91( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_011(uu____1, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_011(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_011(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_011(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; compute_As_plus_e_a51(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); @@ -3215,31 +3230,36 @@ static tuple_540 generate_keypair_unpacked_a91( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U][4U]; - memcpy(uu____5, A_transpose, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[4U] + [4U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_540){.fst = sk, .snd = pk}); } @@ -3360,20 +3380,24 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_42 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3402,13 +3426,19 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e81( public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key_e81(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[1536U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_serialized[1568U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -3514,15 +3544,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[3168U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_e00(uu____1); + libcrux_ml_kem_types_from_05_e00(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key[1568U]; + memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c0( - uu____2, libcrux_ml_kem_types_from_b6_570(uu____3)); + uu____2, libcrux_ml_kem_types_from_b6_570(copy_of_public_key)); } /** @@ -3542,12 +3575,13 @@ sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_02();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -3559,13 +3593,14 @@ sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[4U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -4241,17 +4276,20 @@ static void encrypt_unpacked_651( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_011(uu____0, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_011(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = sample_ring_element_cbd_381(uu____2, domain_separator0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____3 = + sample_ring_element_cbd_381(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4267,10 +4305,11 @@ static void encrypt_unpacked_651( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; compute_vector_u_571(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(uu____4); + deserialize_then_decompress_message_cb(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = compute_ring_element_v_c81(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -4337,24 +4376,29 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_651(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_651(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_200(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4450,32 +4494,36 @@ static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[4U][4U]; - memcpy(uu____1, A, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[4U][4U]; + memcpy(copy_of_A, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_651(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_651(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -4555,22 +4603,26 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_f71(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + encrypt_f71(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_200(uu____4); + libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_f4(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -5140,10 +5192,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_651(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_651(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_00_f00(ciphertext), @@ -5230,14 +5284,15 @@ static void decrypt_4a1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; deserialize_secret_key_6b1(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; decrypt_unpacked_181(&secret_key_unpacked, ciphertext, ret0); @@ -5318,10 +5373,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_f71(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f71(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_af_f4( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, @@ -5538,11 +5595,12 @@ shake128_init_absorb_410(uint8_t input[2U][34U]) { &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[2U]; - memcpy(uu____0, shake128_state, + /* This copy dictated by the Rust value passing semantics */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[2U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_8b lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -5559,9 +5617,10 @@ generics */ static KRML_MUSTINLINE PortableHash_8b shake128_init_absorb_f1_510(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_410(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_input[2U][34U]; + memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_410(copy_of_input); } /** @@ -5816,32 +5875,37 @@ static KRML_MUSTINLINE void sample_from_xof_f60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_f1_510(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + PortableHash_8b xof_state = shake128_init_absorb_f1_510(copy_of_seeds); uint8_t randomness0[2U][504U]; shake128_squeeze_three_blocks_f1_7f0(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness0[2U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_021( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; shake128_squeeze_block_f1_680(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[2U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)2U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_022( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + /* This copy dictated by the Rust value passing semantics */ + int16_t copy_of_out[2U][272U]; + memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_130(uu____3[i]);); + ret0[i] = closure_130(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5862,17 +5926,19 @@ static KRML_MUSTINLINE void sample_matrix_A_550( closure_820(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_f60(uu____1, sampled); + sample_from_xof_f60(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -5888,7 +5954,9 @@ static KRML_MUSTINLINE void sample_matrix_A_550( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); @@ -5967,12 +6035,13 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, re_as_ntt[i] = ZERO_89_02();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -5983,13 +6052,14 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_74 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -6144,20 +6214,22 @@ static tuple_4c generate_keypair_unpacked_a90( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_010(uu____1, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_010(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_010(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_010(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; compute_As_plus_e_a50(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); @@ -6166,31 +6238,36 @@ static tuple_4c generate_keypair_unpacked_a90( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U][2U]; - memcpy(uu____5, A_transpose, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[2U] + [2U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); } @@ -6288,20 +6365,24 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_ae uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6330,13 +6411,19 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e80( public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key_e80(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[768U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_serialized[800U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)800U * sizeof(uint8_t)); return lit; } @@ -6442,15 +6529,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[1632U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_e01(uu____1); + libcrux_ml_kem_types_from_05_e01(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key[800U]; + memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c1( - uu____2, libcrux_ml_kem_types_from_b6_571(uu____3)); + uu____2, libcrux_ml_kem_types_from_b6_571(copy_of_public_key)); } /** @@ -6503,12 +6593,13 @@ sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_02();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -6520,13 +6611,14 @@ sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[2U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_74 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -6796,17 +6888,20 @@ static void encrypt_unpacked_650( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_010(uu____0, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_010(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = sample_ring_element_cbd_380(uu____2, domain_separator0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____3 = + sample_ring_element_cbd_380(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6822,10 +6917,11 @@ static void encrypt_unpacked_650( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; compute_vector_u_570(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(uu____4); + deserialize_then_decompress_message_cb(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = compute_ring_element_v_c80(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -6891,24 +6987,29 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_650(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_650(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_201(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -7004,32 +7105,36 @@ static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[2U][2U]; - memcpy(uu____1, A, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[2U][2U]; + memcpy(copy_of_A, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_650(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_650(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -7109,22 +7214,26 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_f70(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + encrypt_f70(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_201(uu____4); + libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_26(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -7372,10 +7481,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_650(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_650(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_00_f01(ciphertext), @@ -7438,14 +7549,15 @@ static void decrypt_4a0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; deserialize_secret_key_6b0(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; decrypt_unpacked_180(&secret_key_unpacked, ciphertext, ret0); @@ -7525,10 +7637,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_f70(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f70(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_af_26( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, @@ -7746,11 +7860,12 @@ shake128_init_absorb_41(uint8_t input[3U][34U]) { &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[3U]; - memcpy(uu____0, shake128_state, + /* This copy dictated by the Rust value passing semantics */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_58 lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -7767,9 +7882,10 @@ generics */ static KRML_MUSTINLINE PortableHash_58 shake128_init_absorb_f1_51(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_41(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_41(copy_of_input); } /** @@ -8024,32 +8140,37 @@ static KRML_MUSTINLINE void sample_from_xof_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_f1_51(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + PortableHash_58 xof_state = shake128_init_absorb_f1_51(copy_of_seeds); uint8_t randomness0[3U][504U]; shake128_squeeze_three_blocks_f1_7f(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_02( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; shake128_squeeze_block_f1_68(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_020( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* This copy dictated by the Rust value passing semantics */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_13(uu____3[i]);); + ret0[i] = closure_13(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8070,17 +8191,19 @@ static KRML_MUSTINLINE void sample_matrix_A_55( closure_82(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_f6(uu____1, sampled); + sample_from_xof_f6(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -8096,7 +8219,9 @@ static KRML_MUSTINLINE void sample_matrix_A_55( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); @@ -8164,12 +8289,13 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, re_as_ntt[i] = ZERO_89_02();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -8180,13 +8306,14 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -8341,20 +8468,22 @@ static tuple_9b generate_keypair_unpacked_a9( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_01(uu____1, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_01(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_01(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_01(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; compute_As_plus_e_a5(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); @@ -8363,31 +8492,36 @@ static tuple_9b generate_keypair_unpacked_a9( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); } @@ -8485,20 +8619,24 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8527,13 +8665,19 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e8( public_key_serialized); uint8_t secret_key_serialized[1152U]; serialize_secret_key_e8(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -8639,15 +8783,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_e0(uu____1); + libcrux_ml_kem_types_from_05_e0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c( - uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); + uu____2, libcrux_ml_kem_types_from_b6_57(copy_of_public_key)); } /** @@ -8667,12 +8814,13 @@ sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_02();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -8684,13 +8832,14 @@ sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -8907,17 +9056,20 @@ static void encrypt_unpacked_65( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_01(uu____0, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_01(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = sample_ring_element_cbd_38(uu____2, domain_separator0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = + sample_ring_element_cbd_38(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8933,10 +9085,11 @@ static void encrypt_unpacked_65( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; compute_vector_u_57(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(uu____4); + deserialize_then_decompress_message_cb(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = compute_ring_element_v_c8(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -9002,24 +9155,29 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_65(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_65(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_20(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -9115,32 +9273,36 @@ static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[3U][3U]; - memcpy(uu____1, A, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_65(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_65(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -9220,22 +9382,26 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_f7(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + encrypt_f7(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(uu____4); + libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_69(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -9442,10 +9608,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_65(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_65(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_00_f0(ciphertext), @@ -9508,14 +9676,15 @@ static void decrypt_4a(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; deserialize_secret_key_6b(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; decrypt_unpacked_18(&secret_key_unpacked, ciphertext, ret0); @@ -9595,10 +9764,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_71( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_f7(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f7(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_af_69( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index d4b1c0ce7..ea777873b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index f83fa6654..554d431d4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 569a83ca1..67f9c8b91 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 06c3fa6fc..de79d0e42 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index a1665484d..185e7fc66 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_sha3_internal_H @@ -147,10 +147,11 @@ usize> for u64)} */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_a[1U]; + memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); + libcrux_sha3_portable_keccak_slice_1(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); } @@ -280,9 +281,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, copy_of_b); } /** @@ -1501,9 +1503,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, copy_of_b); } /** @@ -1609,9 +1612,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de(uu____0, copy_of_b); } /** @@ -1641,9 +1645,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_39(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -1732,22 +1737,24 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; @@ -1797,9 +1804,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf4(copy_of_data, out); } /** @@ -1839,9 +1847,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de3(uu____0, copy_of_b); } /** @@ -1884,9 +1893,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, copy_of_b); } /** @@ -1952,9 +1962,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_393(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2082,22 +2093,24 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; @@ -2147,9 +2160,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf3(copy_of_data, out); } /** @@ -2189,9 +2203,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de2(uu____0, copy_of_b); } /** @@ -2234,9 +2249,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, copy_of_b); } /** @@ -2302,9 +2318,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_392(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2432,22 +2449,24 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; @@ -2497,9 +2516,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf2(copy_of_data, out); } /** @@ -2514,9 +2534,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de0(uu____0, copy_of_b); } /** @@ -2546,9 +2567,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_390(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2637,22 +2659,24 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; @@ -2702,9 +2726,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf1(copy_of_data, out); } /** @@ -2755,22 +2780,24 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; @@ -2820,9 +2847,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf0(copy_of_data, out); } /** @@ -2862,9 +2890,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de1(uu____0, copy_of_b); } /** @@ -2907,9 +2936,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, copy_of_b); } /** @@ -2975,9 +3005,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_391(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -3104,22 +3135,24 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; @@ -3169,9 +3202,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf(copy_of_data, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index b0f13ff6d..c1cf5cca8 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "libcrux_sha3_neon.h" @@ -118,10 +118,11 @@ usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ static KRML_MUSTINLINE void slice_n_fa(Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_a[2U]; + memcpy(copy_of_a, a, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret0[2U]; - slice_2(uu____0, start, len, ret0); + slice_2(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); } @@ -266,9 +267,10 @@ with const generics static KRML_MUSTINLINE void load_block_fa_0f(uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_b[2U]; + memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c(uu____0, copy_of_b); } /** @@ -1358,9 +1360,10 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_07(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[2U][200U]; + memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e(uu____0, copy_of_b); } /** @@ -1459,11 +1462,12 @@ static KRML_MUSTINLINE void store_block_full_9a(uint64x2_t (*s)[5U], Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; store_block_2f(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_out0[200U]; + memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); uint8_t uu____1[200U]; memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } @@ -1583,19 +1587,21 @@ static KRML_MUSTINLINE void keccak_59(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, ret); + slice_n_fa(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); absorb_block_45(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____3, + slice_n_fa(copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); absorb_final_fe(uu____2, ret); @@ -1647,9 +1653,10 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_59(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_59(copy_of_data, out); } /** @@ -1732,9 +1739,10 @@ with const generics static KRML_MUSTINLINE void load_block_fa_0f0(uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c0(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_b[2U]; + memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c0(uu____0, copy_of_b); } /** @@ -1779,9 +1787,10 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_070(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e0(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[2U][200U]; + memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e0(uu____0, copy_of_b); } /** @@ -1880,11 +1889,12 @@ static KRML_MUSTINLINE void store_block_full_9a0(uint64x2_t (*s)[5U], Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; store_block_2f0(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_out0[200U]; + memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); uint8_t uu____1[200U]; memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } @@ -2004,19 +2014,21 @@ static KRML_MUSTINLINE void keccak_590(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + slice_n_fa(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); absorb_block_450(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____3, + slice_n_fa(copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); absorb_final_fe0(uu____2, ret); @@ -2068,9 +2080,10 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e0(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_590(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_590(copy_of_data, out); } /** @@ -2130,19 +2143,21 @@ static KRML_MUSTINLINE void keccak_591(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + slice_n_fa(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); absorb_block_450(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____3, + slice_n_fa(copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); absorb_final_fe1(uu____2, ret); @@ -2194,9 +2209,10 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_591(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_591(copy_of_data, out); } /** @@ -2301,9 +2317,10 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_071(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e1(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[2U][200U]; + memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e1(uu____0, copy_of_b); } /** @@ -2554,9 +2571,10 @@ with const generics static KRML_MUSTINLINE void load_block_fa_0f1(uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c2(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_b[2U]; + memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c2(uu____0, copy_of_b); } /** @@ -2601,9 +2619,10 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_072(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e2(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[2U][200U]; + memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e2(uu____0, copy_of_b); } /** @@ -2702,11 +2721,12 @@ static KRML_MUSTINLINE void store_block_full_9a1(uint64x2_t (*s)[5U], Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; store_block_2f2(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_out0[200U]; + memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); uint8_t uu____1[200U]; memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } @@ -2826,19 +2846,21 @@ static KRML_MUSTINLINE void keccak_592(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, ret); + slice_n_fa(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); absorb_block_451(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____3, + slice_n_fa(copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); absorb_final_fe3(uu____2, ret); @@ -2890,9 +2912,10 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_592(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_592(copy_of_data, out); } /** @@ -2976,9 +2999,10 @@ with const generics static KRML_MUSTINLINE void load_block_fa_0f2(uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c3(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_b[2U]; + memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c3(uu____0, copy_of_b); } /** @@ -3023,9 +3047,10 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_073(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e3(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[2U][200U]; + memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e3(uu____0, copy_of_b); } /** @@ -3124,11 +3149,12 @@ static KRML_MUSTINLINE void store_block_full_9a2(uint64x2_t (*s)[5U], Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; store_block_2f3(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_out0[200U]; + memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); uint8_t uu____1[200U]; memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } @@ -3248,19 +3274,21 @@ static KRML_MUSTINLINE void keccak_593(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, ret); + slice_n_fa(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); absorb_block_452(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____3, + slice_n_fa(copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); absorb_final_fe4(uu____2, ret); @@ -3312,9 +3340,10 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_593(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_593(copy_of_data, out); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 6a6a9be26..18ac37d7c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_sha3_neon_H From 0b811dab12d3bb3f004bb2ac853ff4a822780566 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Tue, 13 Aug 2024 09:01:31 -0700 Subject: [PATCH 050/172] WIP --- libcrux-ml-kem/c.yaml | 2 + libcrux-ml-kem/c/code_gen.txt | 6 +- libcrux-ml-kem/c/internal/libcrux_core.h | 6 +- .../c/internal/libcrux_mlkem_neon.h | 6 +- .../c/internal/libcrux_mlkem_portable.h | 6 +- .../c/internal/libcrux_sha3_internal.h | 6 +- libcrux-ml-kem/c/libcrux_core.c | 24 +- libcrux-ml-kem/c/libcrux_core.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 22 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 22 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 22 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 22 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 22 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 22 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 1136 +++++++---------- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 246 ++-- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 6 +- libcrux-ml-kem/c/libcrux_sha3.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 74 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 535 ++++---- libcrux-ml-kem/c/libcrux_sha3_neon.h | 6 +- 35 files changed, 1022 insertions(+), 1265 deletions(-) diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 3a8f6001d..db12e833c 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -235,3 +235,5 @@ naming: skip_prefix: - [ core, core_arch, arm_shared, neon ] - [ core, core_arch, x86 ] + - [libcrux_intrinsics, arm64] + - [libcrux_intrinsics, avx2] diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index eaa0a1b5f..8ac29a1be 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: Charon: 53530427db2941ce784201e64086766504bc5642 -Eurydice: 67f4341506300372fba9cb8de070234935839cb7 -Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 +Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb +Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 -Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 +Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 0cee66992..6e626b2cc 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index f3b88ef8f..03c96041e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __internal_libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 103c0b802..7c85dde7e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 1f6b6c1d2..c18dac469 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index b6796aa82..bb30330cf 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "internal/libcrux_core.h" @@ -100,7 +100,7 @@ with const generics */ libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( uint8_t value[800U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_be lit; @@ -138,7 +138,7 @@ with const generics */ libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_e01( uint8_t value[1632U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e lit; @@ -157,7 +157,7 @@ with const generics */ libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( uint8_t value[768U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 lit; @@ -228,7 +228,7 @@ with const generics */ libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( uint8_t value[1568U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_1f lit; @@ -267,7 +267,7 @@ with const generics */ libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_e00( uint8_t value[3168U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; memcpy(copy_of_value, value, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 lit; @@ -286,7 +286,7 @@ with const generics */ libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( uint8_t value[1568U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; @@ -357,7 +357,7 @@ with const generics */ libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( uint8_t value[1184U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; @@ -396,7 +396,7 @@ with const generics */ libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_e0( uint8_t value[2400U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; @@ -415,7 +415,7 @@ with const generics */ libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( uint8_t value[1088U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index ba047cb53..61a3e31f6 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index c5a47bcbb..8cf2e1852 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index 542669909..c95f9f673 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem1024_neon.h" @@ -125,7 +125,7 @@ static tuple_21 encapsulate_6b( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, copy_of_randomness); @@ -142,7 +142,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_6b(uu____0, copy_of_randomness); @@ -174,7 +174,7 @@ static tuple_21 encapsulate_unpacked_1c( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, @@ -196,7 +196,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_unpacked_1c(uu____0, copy_of_randomness); @@ -218,7 +218,7 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_72(copy_of_randomness); @@ -229,7 +229,7 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_91(copy_of_randomness); @@ -252,7 +252,7 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c generate_keypair_unpacked_87(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4( @@ -265,7 +265,7 @@ generate_keypair_unpacked_87(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_unpacked_87(copy_of_randomness); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index 82014512d..1ed96ad65 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem1024_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index f2599c9d4..226a7972a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem1024_portable.h" @@ -125,7 +125,7 @@ static tuple_21 encapsulate_48( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_9d1(uu____0, copy_of_randomness); @@ -142,7 +142,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_48(uu____0, copy_of_randomness); @@ -174,7 +174,7 @@ static tuple_21 encapsulate_unpacked_ac( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_unpacked_861(uu____0, @@ -196,7 +196,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_unpacked_ac(uu____0, copy_of_randomness); @@ -219,7 +219,7 @@ generics */ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_6f1(copy_of_randomness); @@ -230,7 +230,7 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_6e(copy_of_randomness); @@ -253,7 +253,7 @@ const generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 generate_keypair_unpacked_f5(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1( @@ -266,7 +266,7 @@ generate_keypair_unpacked_f5(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_unpacked_f5(copy_of_randomness); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 002601e79..b53ebe718 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 664bc998c..fde1eaaf3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index ee4470906..5b9b0ad47 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem512_neon.h" @@ -121,7 +121,7 @@ static tuple_ec encapsulate_f8( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, copy_of_randomness); @@ -138,7 +138,7 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_f8(uu____0, copy_of_randomness); @@ -170,7 +170,7 @@ static tuple_ec encapsulate_unpacked_ce( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, @@ -190,7 +190,7 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_unpacked_ce(uu____0, copy_of_randomness); @@ -212,7 +212,7 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_721(copy_of_randomness); @@ -223,7 +223,7 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( */ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_1a(copy_of_randomness); @@ -246,7 +246,7 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 generate_keypair_unpacked_38(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41( @@ -259,7 +259,7 @@ generate_keypair_unpacked_38(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_unpacked_38(copy_of_randomness); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index 594ab9383..211c714fc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem512_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index af419fed6..fa4106f06 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem512_portable.h" @@ -121,7 +121,7 @@ static tuple_ec encapsulate_10( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, copy_of_randomness); @@ -138,7 +138,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_10(uu____0, copy_of_randomness); @@ -170,7 +170,7 @@ static tuple_ec encapsulate_unpacked_49( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_unpacked_860(uu____0, @@ -190,7 +190,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_unpacked_49(uu____0, copy_of_randomness); @@ -213,7 +213,7 @@ generics */ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_6f0(copy_of_randomness); @@ -224,7 +224,7 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( */ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_f9(copy_of_randomness); @@ -247,7 +247,7 @@ const generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae generate_keypair_unpacked_d6(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0( @@ -260,7 +260,7 @@ generate_keypair_unpacked_d6(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_unpacked_d6(copy_of_randomness); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 51c51000e..75f921f45 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 976c473d9..f2bd4e669 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index 44967e823..c252832a1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem768_neon.h" @@ -121,7 +121,7 @@ static tuple_3c encapsulate_ea( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, copy_of_randomness); @@ -138,7 +138,7 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_ea(uu____0, copy_of_randomness); @@ -170,7 +170,7 @@ static tuple_3c encapsulate_unpacked_29( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, @@ -190,7 +190,7 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_unpacked_29(uu____0, copy_of_randomness); @@ -212,7 +212,7 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_720(copy_of_randomness); @@ -223,7 +223,7 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( */ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_1b(copy_of_randomness); @@ -246,7 +246,7 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd generate_keypair_unpacked_42(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40( @@ -259,7 +259,7 @@ generate_keypair_unpacked_42(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_unpacked_42(copy_of_randomness); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index d10775770..aaf2756d9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem768_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index d79390c40..0e5c36ee3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem768_portable.h" @@ -121,7 +121,7 @@ static tuple_3c encapsulate_4b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, copy_of_randomness); @@ -138,7 +138,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_4b(uu____0, copy_of_randomness); @@ -170,7 +170,7 @@ static tuple_3c encapsulate_unpacked_10( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_unpacked_86(uu____0, @@ -190,7 +190,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_unpacked_10(uu____0, copy_of_randomness); @@ -213,7 +213,7 @@ generics */ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_6f(copy_of_randomness); @@ -224,7 +224,7 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( */ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_64(copy_of_randomness); @@ -247,7 +247,7 @@ const generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 generate_keypair_unpacked_c5(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d( @@ -260,7 +260,7 @@ generate_keypair_unpacked_c5(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_unpacked_c5(copy_of_randomness); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 13b1459a3..5d21a7998 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index d2060fa0c..a2890d7fa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 94b4f2b96..f21c1ce0f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 2060c7880..398413b31 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "internal/libcrux_mlkem_neon.h" @@ -37,8 +37,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), - .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); + .low = _vdupq_n_s16((int16_t)0), .high = _vdupq_n_s16((int16_t)0)}); } /** @@ -53,9 +52,9 @@ libcrux_ml_kem_vector_neon_ZERO_20(void) { KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), - .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + .low = _vld1q_s16(Eurydice_slice_subslice2(array, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)), + .high = _vld1q_s16(Eurydice_slice_subslice2( array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); } @@ -71,14 +70,12 @@ libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { int16_t out[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice), - v.low); - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice), - v.high); + _vst1q_s16(Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice), + v.low); + _vst1q_s16(Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice), + v.high); memcpy(ret, out, (size_t)16U * sizeof(int16_t)); } @@ -95,8 +92,8 @@ KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_arithmetic_add( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); + lhs.low = _vaddq_s16(lhs.low, rhs->low); + lhs.high = _vaddq_s16(lhs.high, rhs->high); return lhs; } @@ -115,8 +112,8 @@ KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_arithmetic_sub( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); + lhs.low = _vsubq_s16(lhs.low, rhs->low); + lhs.high = _vsubq_s16(lhs.high, rhs->high); return lhs; } @@ -134,8 +131,8 @@ libcrux_ml_kem_vector_neon_sub_20( KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); - v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); + v.low = _vmulq_n_s16(v.low, c); + v.high = _vmulq_n_s16(v.high, c); return v; } @@ -152,9 +149,9 @@ libcrux_ml_kem_vector_neon_multiply_by_constant_20( KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - int16x8_t c0 = libcrux_intrinsics_arm64__vdupq_n_s16(c); - v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); + int16x8_t c0 = _vdupq_n_s16(c); + v.low = _vandq_s16(v.low, c0); + v.high = _vandq_s16(v.high, c0); return v; } @@ -171,15 +168,13 @@ libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t c = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); - uint16x8_t m0 = libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); - uint16x8_t m1 = libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); - int16x8_t c0 = libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); - int16x8_t c1 = libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); - v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); + int16x8_t c = _vdupq_n_s16((int16_t)3329); + uint16x8_t m0 = _vcgeq_s16(v.low, c); + uint16x8_t m1 = _vcgeq_s16(v.high, c); + int16x8_t c0 = _vandq_s16(c, _vreinterpretq_s16_u16(m0)); + int16x8_t c1 = _vandq_s16(c, _vreinterpretq_s16_u16(m1)); + v.low = _vsubq_s16(v.low, c0); + v.high = _vsubq_s16(v.high, c1); return v; } @@ -195,15 +190,14 @@ libcrux_ml_kem_vector_neon_cond_subtract_3329_20( KRML_MUSTINLINE int16x8_t libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(int16x8_t v) { - int16x8_t adder = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); - int16x8_t vec = libcrux_intrinsics_arm64__vqdmulhq_n_s16( + int16x8_t adder = _vdupq_n_s16((int16_t)1024); + int16x8_t vec = _vqdmulhq_n_s16( v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); - int16x8_t vec0 = libcrux_intrinsics_arm64__vaddq_s16(vec, adder); - int16x8_t quotient = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)11, vec0, int16x8_t); - int16x8_t sub = libcrux_intrinsics_arm64__vmulq_n_s16( - quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_intrinsics_arm64__vsubq_s16(v, sub); + int16x8_t vec0 = _vaddq_s16(vec, adder); + int16x8_t quotient = _vshrq_n_s16((int32_t)11, vec0, int16x8_t); + int16x8_t sub = + _vmulq_n_s16(quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return _vsubq_s16(v, sub); } KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -228,25 +222,22 @@ libcrux_ml_kem_vector_neon_barrett_reduce_20( KRML_MUSTINLINE int16x8_t libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( int16x8_t low, int16x8_t high) { - int16x8_t k = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vmulq_n_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), - (uint16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - int16x8_t c = libcrux_intrinsics_arm64__vshrq_n_s16( + int16x8_t k = _vreinterpretq_s16_u16(_vmulq_n_u16( + _vreinterpretq_u16_s16(low), + (uint16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + int16x8_t c = _vshrq_n_s16( (int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), + _vqdmulhq_n_s16(k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), int16x8_t); - return libcrux_intrinsics_arm64__vsubq_s16(high, c); + return _vsubq_s16(high, c); } KRML_MUSTINLINE int16x8_t libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( int16x8_t v, int16_t c) { - int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_n_s16(v, c); - int16x8_t v_high = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), int16x8_t); + int16x8_t v_low = _vmulq_n_s16(v, c); + int16x8_t v_high = _vshrq_n_s16((int32_t)1, _vqdmulhq_n_s16(v, c), int16x8_t); return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( v_low, v_high); } @@ -277,34 +268,24 @@ libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_compress_compress_1( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t half = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); - int16x8_t quarter = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); - int16x8_t shifted = libcrux_intrinsics_arm64__vsubq_s16(half, v.low); - int16x8_t mask0 = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, shifted, int16x8_t); - int16x8_t shifted_to_positive = - libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); + int16x8_t half = _vdupq_n_s16((int16_t)1664); + int16x8_t quarter = _vdupq_n_s16((int16_t)832); + int16x8_t shifted = _vsubq_s16(half, v.low); + int16x8_t mask0 = _vshrq_n_s16((int32_t)15, shifted, int16x8_t); + int16x8_t shifted_to_positive = _veorq_s16(mask0, shifted); int16x8_t shifted_positive_in_range = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range), - uint16x8_t)); - int16x8_t shifted0 = libcrux_intrinsics_arm64__vsubq_s16(half, v.high); - int16x8_t mask = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, shifted0, int16x8_t); - int16x8_t shifted_to_positive0 = - libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); + _vsubq_s16(shifted_to_positive, quarter); + v.low = _vreinterpretq_s16_u16(_vshrq_n_u16( + (int32_t)15, _vreinterpretq_u16_s16(shifted_positive_in_range), + uint16x8_t)); + int16x8_t shifted0 = _vsubq_s16(half, v.high); + int16x8_t mask = _vshrq_n_s16((int32_t)15, shifted0, int16x8_t); + int16x8_t shifted_to_positive0 = _veorq_s16(mask, shifted0); int16x8_t shifted_positive_in_range0 = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range0), - uint16x8_t)); + _vsubq_s16(shifted_to_positive0, quarter); + v.high = _vreinterpretq_s16_u16(_vshrq_n_u16( + (int32_t)15, _vreinterpretq_u16_s16(shifted_positive_in_range0), + uint16x8_t)); return v; } @@ -350,9 +331,8 @@ libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( KRML_MUSTINLINE int16x8_t libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( int16x8_t v, int16x8_t c) { - int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_s16(v, c); - int16x8_t v_high = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), int16x8_t); + int16x8_t v_low = _vmulq_s16(v, c); + int16x8_t v_high = _vshrq_n_s16((int32_t)1, _vqdmulhq_s16(v, c), int16x8_t); return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( v_low, v_high); } @@ -362,29 +342,21 @@ libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, int16_t zeta2, int16_t zeta3, int16_t zeta4) { int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + int16x8_t zeta = _vld1q_s16( Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t dup_a = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - int16x8_t dup_b = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + int16x8_t dup_a = _vreinterpretq_s16_s32(_vtrn1q_s32( + _vreinterpretq_s32_s16(v.low), _vreinterpretq_s32_s16(v.high))); + int16x8_t dup_b = _vreinterpretq_s16_s32(_vtrn2q_s32( + _vreinterpretq_s32_s16(v.low), _vreinterpretq_s32_s16(v.high))); int16x8_t t = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, zeta); - int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + int16x8_t b = _vsubq_s16(dup_a, t); + int16x8_t a = _vaddq_s16(dup_a, t); + v.low = _vreinterpretq_s16_s32( + _vtrn1q_s32(_vreinterpretq_s32_s16(a), _vreinterpretq_s32_s16(b))); + v.high = _vreinterpretq_s16_s32( + _vtrn2q_s32(_vreinterpretq_s32_s16(a), _vreinterpretq_s32_s16(b))); return v; } @@ -405,29 +377,21 @@ libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, int16_t zeta2) { int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + int16x8_t zeta = _vld1q_s16( Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t dup_a = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - int16x8_t dup_b = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + int16x8_t dup_a = _vreinterpretq_s16_s64(_vtrn1q_s64( + _vreinterpretq_s64_s16(v.low), _vreinterpretq_s64_s16(v.high))); + int16x8_t dup_b = _vreinterpretq_s16_s64(_vtrn2q_s64( + _vreinterpretq_s64_s16(v.low), _vreinterpretq_s64_s16(v.high))); int16x8_t t = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, zeta); - int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + int16x8_t b = _vsubq_s16(dup_a, t); + int16x8_t a = _vaddq_s16(dup_a, t); + v.low = _vreinterpretq_s16_s64( + _vtrn1q_s64(_vreinterpretq_s64_s16(a), _vreinterpretq_s64_s16(b))); + v.high = _vreinterpretq_s16_s64( + _vtrn2q_s64(_vreinterpretq_s64_s16(a), _vreinterpretq_s64_s16(b))); return v; } @@ -445,12 +409,12 @@ libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + int16x8_t zeta0 = _vdupq_n_s16(zeta); int16x8_t t = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( v.high, zeta0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); + v.high = _vsubq_s16(v.low, t); + v.low = _vaddq_s16(v.low, t); return v; } @@ -469,31 +433,23 @@ libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, int16_t zeta2, int16_t zeta3, int16_t zeta4) { int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + int16x8_t zeta = _vld1q_s16( Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t a0 = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - int16x8_t b0 = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - int16x8_t b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + int16x8_t a0 = _vreinterpretq_s16_s32(_vtrn1q_s32( + _vreinterpretq_s32_s16(v.low), _vreinterpretq_s32_s16(v.high))); + int16x8_t b0 = _vreinterpretq_s16_s32(_vtrn2q_s32( + _vreinterpretq_s32_s16(v.low), _vreinterpretq_s32_s16(v.high))); + int16x8_t b_minus_a = _vsubq_s16(b0, a0); + int16x8_t a = _vaddq_s16(a0, b0); int16x8_t a1 = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); int16x8_t b = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.low = _vreinterpretq_s16_s32( + _vtrn1q_s32(_vreinterpretq_s32_s16(a1), _vreinterpretq_s32_s16(b))); + v.high = _vreinterpretq_s16_s32( + _vtrn2q_s32(_vreinterpretq_s32_s16(a1), _vreinterpretq_s32_s16(b))); return v; } @@ -514,29 +470,21 @@ libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, int16_t zeta2) { int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + int16x8_t zeta = _vld1q_s16( Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t a0 = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - int16x8_t b0 = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - int16x8_t b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + int16x8_t a0 = _vreinterpretq_s16_s64(_vtrn1q_s64( + _vreinterpretq_s64_s16(v.low), _vreinterpretq_s64_s16(v.high))); + int16x8_t b0 = _vreinterpretq_s16_s64(_vtrn2q_s64( + _vreinterpretq_s64_s16(v.low), _vreinterpretq_s64_s16(v.high))); + int16x8_t b_minus_a = _vsubq_s16(b0, a0); + int16x8_t a = _vaddq_s16(a0, b0); int16x8_t b = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.low = _vreinterpretq_s16_s64( + _vtrn1q_s64(_vreinterpretq_s64_s16(a), _vreinterpretq_s64_s16(b))); + v.high = _vreinterpretq_s16_s64( + _vtrn2q_s64(_vreinterpretq_s64_s16(a), _vreinterpretq_s64_s16(b))); return v; } @@ -554,9 +502,9 @@ libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - int16x8_t b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); + int16x8_t zeta0 = _vdupq_n_s16(zeta); + int16x8_t b_minus_a = _vsubq_s16(v.high, v.low); + v.low = _vaddq_s16(v.low, v.high); v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( b_minus_a, zeta0); return v; @@ -579,65 +527,49 @@ libcrux_ml_kem_vector_neon_ntt_ntt_multiply( int16_t zeta2, int16_t zeta3, int16_t zeta4) { int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, zeta2, zeta4, -zeta2, -zeta4}; - int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + int16x8_t zeta = _vld1q_s16( Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t a0 = libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); - int16x8_t a1 = libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); - int16x8_t b0 = libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); - int16x8_t b1 = libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); + int16x8_t a0 = _vtrn1q_s16(lhs->low, lhs->high); + int16x8_t a1 = _vtrn2q_s16(lhs->low, lhs->high); + int16x8_t b0 = _vtrn1q_s16(rhs->low, rhs->high); + int16x8_t b1 = _vtrn2q_s16(rhs->low, rhs->high); int16x8_t a1b1 = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, b1); - int32x4_t a1b1_low = libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a1b1), - libcrux_intrinsics_arm64__vget_low_s16(zeta)); - int32x4_t a1b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); - int16x8_t fst_low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - int16x8_t fst_high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); - int32x4_t a0b1_low = libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b1)); - int32x4_t a0b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); - int16x8_t snd_low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - int16x8_t snd_high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); - int16x8_t fst_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); - int16x8_t fst_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); - int16x8_t snd_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); - int16x8_t snd_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); + int32x4_t a1b1_low = _vmull_s16(_vget_low_s16(a1b1), _vget_low_s16(zeta)); + int32x4_t a1b1_high = _vmull_high_s16(a1b1, zeta); + int16x8_t fst_low = _vreinterpretq_s16_s32( + _vmlal_s16(a1b1_low, _vget_low_s16(a0), _vget_low_s16(b0))); + int16x8_t fst_high = + _vreinterpretq_s16_s32(_vmlal_high_s16(a1b1_high, a0, b0)); + int32x4_t a0b1_low = _vmull_s16(_vget_low_s16(a0), _vget_low_s16(b1)); + int32x4_t a0b1_high = _vmull_high_s16(a0, b1); + int16x8_t snd_low = _vreinterpretq_s16_s32( + _vmlal_s16(a0b1_low, _vget_low_s16(a1), _vget_low_s16(b0))); + int16x8_t snd_high = + _vreinterpretq_s16_s32(_vmlal_high_s16(a0b1_high, a1, b0)); + int16x8_t fst_low16 = _vtrn1q_s16(fst_low, fst_high); + int16x8_t fst_high16 = _vtrn2q_s16(fst_low, fst_high); + int16x8_t snd_low16 = _vtrn1q_s16(snd_low, snd_high); + int16x8_t snd_high16 = _vtrn2q_s16(snd_low, snd_high); int16x8_t fst = libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( fst_low16, fst_high16); int16x8_t snd = libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( snd_low16, snd_high16); - int32x4_t low0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); - int32x4_t high0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); - int16x8_t low1 = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); - int16x8_t high1 = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); + int32x4_t low0 = _vreinterpretq_s32_s16(_vtrn1q_s16(fst, snd)); + int32x4_t high0 = _vreinterpretq_s32_s16(_vtrn2q_s16(fst, snd)); + int16x8_t low1 = _vreinterpretq_s16_s32(_vtrn1q_s32(low0, high0)); + int16x8_t high1 = _vreinterpretq_s16_s32(_vtrn2q_s32(low0, high0)); uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; - uint8x16_t index = libcrux_intrinsics_arm64__vld1q_u8( + uint8x16_t index = _vld1q_u8( Eurydice_array_to_slice((size_t)16U, indexes, uint8_t, Eurydice_slice)); - int16x8_t low2 = libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); - int16x8_t high2 = libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); + int16x8_t low2 = + _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(low1), index)); + int16x8_t high2 = + _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(high1), index)); return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ .low = low2, .high = high2}); } @@ -659,12 +591,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; - int16x8_t shift = libcrux_intrinsics_arm64__vld1q_s16( + int16x8_t shift = _vld1q_s16( Eurydice_array_to_slice((size_t)8U, shifter, int16_t, Eurydice_slice)); - int16x8_t low0 = libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); - int16x8_t high0 = libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); - int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); - int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); + int16x8_t low0 = _vshlq_s16(v.low, shift); + int16x8_t high0 = _vshlq_s16(v.high, shift); + int16_t low = _vaddvq_s16(low0); + int16_t high = _vaddvq_s16(high0); ret[0U] = (uint8_t)low; ret[1U] = (uint8_t)high; } @@ -680,20 +612,19 @@ void libcrux_ml_kem_vector_neon_serialize_1_20( KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { - int16x8_t one = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); - int16x8_t low0 = libcrux_intrinsics_arm64__vdupq_n_s16(( - int16_t)Eurydice_slice_index(a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - int16x8_t high0 = libcrux_intrinsics_arm64__vdupq_n_s16(( - int16_t)Eurydice_slice_index(a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); + int16x8_t one = _vdupq_n_s16((int16_t)1); + int16x8_t low0 = _vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + int16x8_t high0 = _vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; - int16x8_t shift = libcrux_intrinsics_arm64__vld1q_s16( + int16x8_t shift = _vld1q_s16( Eurydice_array_to_slice((size_t)8U, shifter, int16_t, Eurydice_slice)); - int16x8_t low = libcrux_intrinsics_arm64__vshlq_s16(low0, shift); - int16x8_t high = libcrux_intrinsics_arm64__vshlq_s16(high0, shift); + int16x8_t low = _vshlq_s16(low0, shift); + int16x8_t high = _vshlq_s16(high0, shift); return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vandq_s16(low, one), - .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); + .low = _vandq_s16(low, one), .high = _vandq_s16(high, one)}); } /** @@ -709,20 +640,14 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; - int16x8_t shift = libcrux_intrinsics_arm64__vld1q_s16( + int16x8_t shift = _vld1q_s16( Eurydice_array_to_slice((size_t)8U, shifter, int16_t, Eurydice_slice)); - uint16x8_t lowt = libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); - uint16x8_t hight = libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); - uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(lowt)); - uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(lowt)); - uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(hight)); - uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(hight)); + uint16x8_t lowt = _vshlq_u16(_vreinterpretq_u16_s16(v.low), shift); + uint16x8_t hight = _vshlq_u16(_vreinterpretq_u16_s16(v.high), shift); + uint64_t sum0 = (uint64_t)_vaddv_u16(_vget_low_u16(lowt)); + uint64_t sum1 = (uint64_t)_vaddv_u16(_vget_high_u16(lowt)); + uint64_t sum2 = (uint64_t)_vaddv_u16(_vget_low_u16(hight)); + uint64_t sum3 = (uint64_t)_vaddv_u16(_vget_high_u16(hight)); uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; uint8_t ret0[8U]; core_num__u64_9__to_le_bytes(sum, ret0); @@ -745,9 +670,9 @@ libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { int16_t input_i16s[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + lit.low = _vld1q_s16(Eurydice_array_to_subslice2( input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + lit.high = _vld1q_s16(Eurydice_array_to_subslice2( input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); return lit; } @@ -789,9 +714,9 @@ libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + lit.low = _vld1q_s16(Eurydice_array_to_subslice2( array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + lit.high = _vld1q_s16(Eurydice_array_to_subslice2( array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); return lit; } @@ -807,39 +732,25 @@ libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { - int32x4_t low00 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - int32x4_t low10 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - int32x4_t mixt = libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, low00, - low10, int32x4_t); - int64x2_t low0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - int64x2_t low1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, low0, low1, int64x2_t); - int32x4_t high00 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - int32x4_t high10 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - int32x4_t mixt0 = libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, high00, - high10, int32x4_t); - int64x2_t high0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - int64x2_t high1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - int64x2_t high_mix = libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, high0, - high1, int64x2_t); + int32x4_t low00 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.low, v.low)); + int32x4_t low10 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.low, v.low)); + int32x4_t mixt = _vsliq_n_s32((int32_t)10, low00, low10, int32x4_t); + int64x2_t low0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt, mixt)); + int64x2_t low1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt, mixt)); + int64x2_t low_mix = _vsliq_n_s64((int32_t)20, low0, low1, int64x2_t); + int32x4_t high00 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.high, v.high)); + int32x4_t high10 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.high, v.high)); + int32x4_t mixt0 = _vsliq_n_s32((int32_t)10, high00, high10, int32x4_t); + int64x2_t high0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt0, mixt0)); + int64x2_t high1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt0, mixt0)); + int64x2_t high_mix = _vsliq_n_s64((int32_t)20, high0, high1, int64x2_t); uint8_t result32[32U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + _vst1q_u8(uu____0, _vreinterpretq_u8_s64(low_mix)); Eurydice_slice uu____1 = Eurydice_array_to_subslice2( result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + _vst1q_u8(uu____1, _vreinterpretq_u8_s64(high_mix)); uint8_t result[20U] = {0U}; Eurydice_slice uu____2 = Eurydice_array_to_subslice2( result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); @@ -888,9 +799,9 @@ libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + lit.low = _vld1q_s16(Eurydice_array_to_subslice2( array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + lit.high = _vld1q_s16(Eurydice_array_to_subslice2( array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); return lit; } @@ -932,9 +843,9 @@ libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + lit.low = _vld1q_s16(Eurydice_array_to_subslice2( array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + lit.high = _vld1q_s16(Eurydice_array_to_subslice2( array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); return lit; } @@ -950,39 +861,25 @@ libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { - int32x4_t low00 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - int32x4_t low10 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - int32x4_t mixt = libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, low00, - low10, int32x4_t); - int64x2_t low0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - int64x2_t low1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, low0, low1, int64x2_t); - int32x4_t high00 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - int32x4_t high10 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - int32x4_t mixt0 = libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, high00, - high10, int32x4_t); - int64x2_t high0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - int64x2_t high1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - int64x2_t high_mix = libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, high0, - high1, int64x2_t); + int32x4_t low00 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.low, v.low)); + int32x4_t low10 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.low, v.low)); + int32x4_t mixt = _vsliq_n_s32((int32_t)12, low00, low10, int32x4_t); + int64x2_t low0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt, mixt)); + int64x2_t low1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt, mixt)); + int64x2_t low_mix = _vsliq_n_s64((int32_t)24, low0, low1, int64x2_t); + int32x4_t high00 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.high, v.high)); + int32x4_t high10 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.high, v.high)); + int32x4_t mixt0 = _vsliq_n_s32((int32_t)12, high00, high10, int32x4_t); + int64x2_t high0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt0, mixt0)); + int64x2_t high1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt0, mixt0)); + int64x2_t high_mix = _vsliq_n_s64((int32_t)24, high0, high1, int64x2_t); uint8_t result32[32U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + _vst1q_u8(uu____0, _vreinterpretq_u8_s64(low_mix)); Eurydice_slice uu____1 = Eurydice_array_to_subslice2( result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + _vst1q_u8(uu____1, _vreinterpretq_u8_s64(high_mix)); uint8_t result[24U] = {0U}; Eurydice_slice uu____2 = Eurydice_array_to_subslice2( result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); @@ -1028,13 +925,13 @@ KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; - uint8x16_t index_vec = libcrux_intrinsics_arm64__vld1q_u8( + uint8x16_t index_vec = _vld1q_u8( Eurydice_array_to_slice((size_t)16U, indexes, uint8_t, Eurydice_slice)); int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; - int16x8_t shift_vec = libcrux_intrinsics_arm64__vld1q_s16( + int16x8_t shift_vec = _vld1q_s16( Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); - uint16x8_t mask12 = libcrux_intrinsics_arm64__vdupq_n_u16(4095U); + uint16x8_t mask12 = _vdupq_n_u16(4095U); uint8_t input0[16U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); @@ -1043,7 +940,7 @@ libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice), uint8_t, void *); - uint8x16_t input_vec0 = libcrux_intrinsics_arm64__vld1q_u8( + uint8x16_t input_vec0 = _vld1q_u8( Eurydice_array_to_slice((size_t)16U, input0, uint8_t, Eurydice_slice)); uint8_t input1[16U] = {0U}; Eurydice_slice uu____1 = Eurydice_array_to_subslice2( @@ -1053,18 +950,14 @@ libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, Eurydice_slice), uint8_t, void *); - uint8x16_t input_vec1 = libcrux_intrinsics_arm64__vld1q_u8( + uint8x16_t input_vec1 = _vld1q_u8( Eurydice_array_to_slice((size_t)16U, input1, uint8_t, Eurydice_slice)); - uint16x8_t moved0 = libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); - uint16x8_t shifted0 = libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); - int16x8_t low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); - uint16x8_t moved1 = libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); - uint16x8_t shifted1 = libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); - int16x8_t high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); + uint16x8_t moved0 = _vreinterpretq_u16_u8(_vqtbl1q_u8(input_vec0, index_vec)); + uint16x8_t shifted0 = _vshlq_u16(moved0, shift_vec); + int16x8_t low = _vreinterpretq_s16_u16(_vandq_u16(shifted0, mask12)); + uint16x8_t moved1 = _vreinterpretq_u16_u8(_vqtbl1q_u8(input_vec1, index_vec)); + uint16x8_t shifted1 = _vshlq_u16(moved1, shift_vec); + int16x8_t high = _vreinterpretq_s16_u16(_vandq_u16(shifted1, mask12)); return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ .low = low, .high = high}); } @@ -1279,9 +1172,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector shift_right_d3(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, v.low, int16x8_t); - v.high = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, v.high, int16x8_t); + v.low = _vshrq_n_s16((int32_t)15, v.low, int16x8_t); + v.high = _vshrq_n_s16((int32_t)15, v.high, int16x8_t); return v; } @@ -1510,7 +1402,7 @@ libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics */ static KRML_MUSTINLINE Simd128Hash shake128_init_absorb_48_551(uint8_t input[2U][34U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); return shake128_init_absorb_6b1(copy_of_input); @@ -1809,13 +1701,13 @@ static KRML_MUSTINLINE void sample_from_xof_c01( libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); Simd128Hash xof_state = shake128_init_absorb_48_551(copy_of_seeds); uint8_t randomness0[2U][504U]; shake128_squeeze_three_blocks_48_e91(&xof_state, randomness0); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_e63( @@ -1826,7 +1718,7 @@ static KRML_MUSTINLINE void sample_from_xof_c01( } else { uint8_t randomness[2U][168U]; shake128_squeeze_block_48_ad1(&xof_state, randomness); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); @@ -1834,7 +1726,7 @@ static KRML_MUSTINLINE void sample_from_xof_c01( copy_of_randomness, sampled_coefficients, out); } } - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[2U][272U]; memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[2U]; @@ -1859,7 +1751,7 @@ static KRML_MUSTINLINE void sample_matrix_A_481( closure_de1(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed[34U]; memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( @@ -1867,7 +1759,7 @@ static KRML_MUSTINLINE void sample_matrix_A_481( memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[2U]; @@ -2307,7 +2199,7 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, re_as_ntt[i] = ZERO_89_06();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -2324,7 +2216,7 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_re_as_ntt[2U]; memcpy( copy_of_re_as_ntt, re_as_ntt, @@ -2585,7 +2477,7 @@ static tuple_4c0 generate_keypair_unpacked_ff1( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____2 = sample_vector_cbd_then_ntt_1f1(copy_of_prf_input0, 0U); @@ -2594,7 +2486,7 @@ static tuple_4c0 generate_keypair_unpacked_ff1( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator = uu____2.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[2U]; @@ -2609,18 +2501,18 @@ static tuple_4c0 generate_keypair_unpacked_ff1( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[2U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A_transpose[2U] [2U]; memcpy(copy_of_A_transpose, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk; @@ -2631,7 +2523,7 @@ static tuple_4c0 generate_keypair_unpacked_ff1( memcpy(pk.A, copy_of_A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[2U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -2757,7 +2649,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 uu____3 = ind_cpa_private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_implicit_rejection_value[32U]; memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); @@ -2767,7 +2659,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]) { (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 uu____6 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_hash[32U]; memcpy(copy_of_public_key_hash, public_key_hash, (size_t)32U * sizeof(uint8_t)); @@ -2802,11 +2694,11 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_161( public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key_5d1(sk.secret_as_ntt, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_serialized[800U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)800U * sizeof(uint8_t)); @@ -2919,14 +2811,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1632U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = libcrux_ml_kem_types_from_05_e01(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c1( @@ -3004,7 +2896,7 @@ sample_ring_element_cbd_eb1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_06();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -3022,7 +2914,7 @@ sample_ring_element_cbd_eb1(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_2c(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_error_1[2U]; memcpy( copy_of_error_1, error_1, @@ -3376,17 +3268,12 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af(uint32x4_t v) { - uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)10, v, uint32x4_t); - uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - uint32x4_t compressed1 = libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, compressed1, - uint32x4_t); + uint32x4_t half = _vdupq_n_u32(1664U); + uint32x4_t compressed = _vshlq_n_u32((int32_t)10, v, uint32x4_t); + uint32x4_t compressed0 = _vaddq_u32(compressed, half); + uint32x4_t compressed1 = _vreinterpretq_u32_s32( + _vqdmulhq_n_s32(_vreinterpretq_s32_u32(compressed0), (int32_t)10321340)); + return _vshrq_n_u32((int32_t)4, compressed1, uint32x4_t); } /** @@ -3396,32 +3283,26 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_43(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( + int16x8_t mask = _vdupq_n_s16( libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( (int16_t)(int32_t)10)); - uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - uint32x4_t); - uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - uint32x4_t); + uint32x4_t mask16 = _vdupq_n_u32(65535U); + uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); + uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); uint32x4_t low0 = compress_int32x4_t_af(low00); uint32x4_t low1 = compress_int32x4_t_af(low10); uint32x4_t high0 = compress_int32x4_t_af(high00); uint32x4_t high1 = compress_int32x4_t_af(high10); - int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - int16x8_t high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + int16x8_t low = + _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); + int16x8_t high = + _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); + v.low = _vandq_s16(low, mask); + v.high = _vandq_s16(high, mask); return v; } @@ -3472,17 +3353,12 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af0(uint32x4_t v) { - uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)11, v, uint32x4_t); - uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - uint32x4_t compressed1 = libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, compressed1, - uint32x4_t); + uint32x4_t half = _vdupq_n_u32(1664U); + uint32x4_t compressed = _vshlq_n_u32((int32_t)11, v, uint32x4_t); + uint32x4_t compressed0 = _vaddq_u32(compressed, half); + uint32x4_t compressed1 = _vreinterpretq_u32_s32( + _vqdmulhq_n_s32(_vreinterpretq_s32_u32(compressed0), (int32_t)10321340)); + return _vshrq_n_u32((int32_t)4, compressed1, uint32x4_t); } /** @@ -3492,32 +3368,26 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_430(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( + int16x8_t mask = _vdupq_n_s16( libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( (int16_t)(int32_t)11)); - uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - uint32x4_t); - uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - uint32x4_t); + uint32x4_t mask16 = _vdupq_n_u32(65535U); + uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); + uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); uint32x4_t low0 = compress_int32x4_t_af0(low00); uint32x4_t low1 = compress_int32x4_t_af0(low10); uint32x4_t high0 = compress_int32x4_t_af0(high00); uint32x4_t high1 = compress_int32x4_t_af0(high10); - int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - int16x8_t high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + int16x8_t low = + _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); + int16x8_t high = + _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); + v.low = _vandq_s16(low, mask); + v.high = _vandq_s16(high, mask); return v; } @@ -3593,17 +3463,12 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af1(uint32x4_t v) { - uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)4, v, uint32x4_t); - uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - uint32x4_t compressed1 = libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, compressed1, - uint32x4_t); + uint32x4_t half = _vdupq_n_u32(1664U); + uint32x4_t compressed = _vshlq_n_u32((int32_t)4, v, uint32x4_t); + uint32x4_t compressed0 = _vaddq_u32(compressed, half); + uint32x4_t compressed1 = _vreinterpretq_u32_s32( + _vqdmulhq_n_s32(_vreinterpretq_s32_u32(compressed0), (int32_t)10321340)); + return _vshrq_n_u32((int32_t)4, compressed1, uint32x4_t); } /** @@ -3613,32 +3478,26 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_431(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( + int16x8_t mask = _vdupq_n_s16( libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( (int16_t)(int32_t)4)); - uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - uint32x4_t); - uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - uint32x4_t); + uint32x4_t mask16 = _vdupq_n_u32(65535U); + uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); + uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); uint32x4_t low0 = compress_int32x4_t_af1(low00); uint32x4_t low1 = compress_int32x4_t_af1(low10); uint32x4_t high0 = compress_int32x4_t_af1(high00); uint32x4_t high1 = compress_int32x4_t_af1(high10); - int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - int16x8_t high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + int16x8_t low = + _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); + int16x8_t high = + _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); + v.low = _vandq_s16(low, mask); + v.high = _vandq_s16(high, mask); return v; } @@ -3687,17 +3546,12 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af2(uint32x4_t v) { - uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)5, v, uint32x4_t); - uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - uint32x4_t compressed1 = libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, compressed1, - uint32x4_t); + uint32x4_t half = _vdupq_n_u32(1664U); + uint32x4_t compressed = _vshlq_n_u32((int32_t)5, v, uint32x4_t); + uint32x4_t compressed0 = _vaddq_u32(compressed, half); + uint32x4_t compressed1 = _vreinterpretq_u32_s32( + _vqdmulhq_n_s32(_vreinterpretq_s32_u32(compressed0), (int32_t)10321340)); + return _vshrq_n_u32((int32_t)4, compressed1, uint32x4_t); } /** @@ -3707,32 +3561,26 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_432(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( + int16x8_t mask = _vdupq_n_s16( libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( (int16_t)(int32_t)5)); - uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - uint32x4_t); - uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - uint32x4_t); + uint32x4_t mask16 = _vdupq_n_u32(65535U); + uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); + uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); uint32x4_t low0 = compress_int32x4_t_af2(low00); uint32x4_t low1 = compress_int32x4_t_af2(low10); uint32x4_t high0 = compress_int32x4_t_af2(high00); uint32x4_t high1 = compress_int32x4_t_af2(high10); - int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - int16x8_t high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + int16x8_t low = + _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); + int16x8_t high = + _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); + v.low = _vandq_s16(low, mask); + v.high = _vandq_s16(high, mask); return v; } @@ -3850,7 +3698,7 @@ static void encrypt_unpacked_541( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____1 = sample_vector_cbd_then_ntt_1f1(copy_of_prf_input0, 0U); @@ -3859,7 +3707,7 @@ static void encrypt_unpacked_541( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator0 = uu____1.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = @@ -3879,7 +3727,7 @@ static void encrypt_unpacked_541( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[2U]; compute_vector_u_6a1(public_key->A, r_as_ntt, error_1, u); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = @@ -3948,7 +3796,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_471( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____2 = &public_key->ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; @@ -3959,12 +3807,12 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_471( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -4065,17 +3913,17 @@ static void encrypt_4e1(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[2U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A[2U][2U]; memcpy(copy_of_A, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 @@ -4090,7 +3938,7 @@ static void encrypt_4e1(Eurydice_slice public_key, uint8_t message[32U], sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = &public_key_unpacked; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; @@ -4174,12 +4022,12 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, Eurydice_slice); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; encrypt_4e1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = @@ -4187,7 +4035,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( uint8_t shared_secret_array[32U]; kdf_af_631(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -4203,14 +4051,11 @@ libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a(uint32x4_t v) { - uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)10 - (int32_t)1)); - uint32x4_t decompressed = libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)10, decompressed0, - uint32x4_t); + uint32x4_t coeff = _vdupq_n_u32(1U << (uint32_t)((int32_t)10 - (int32_t)1)); + uint32x4_t decompressed = + _vmulq_n_u32(v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + uint32x4_t decompressed0 = _vaddq_u32(decompressed, coeff); + return _vshrq_n_u32((int32_t)10, decompressed0, uint32x4_t); } /** @@ -4222,27 +4067,21 @@ generics static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_ciphertext_coefficient_de( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - uint32x4_t); - uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - uint32x4_t); + uint32x4_t mask16 = _vdupq_n_u32(65535U); + uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); + uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); uint32x4_t low0 = decompress_uint32x4_t_7a(low00); uint32x4_t low1 = decompress_uint32x4_t_7a(low10); uint32x4_t high0 = decompress_uint32x4_t_7a(high00); uint32x4_t high1 = decompress_uint32x4_t_7a(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = + _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); + v.high = + _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); return v; } @@ -4294,14 +4133,11 @@ libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a0(uint32x4_t v) { - uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)11 - (int32_t)1)); - uint32x4_t decompressed = libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)11, decompressed0, - uint32x4_t); + uint32x4_t coeff = _vdupq_n_u32(1U << (uint32_t)((int32_t)11 - (int32_t)1)); + uint32x4_t decompressed = + _vmulq_n_u32(v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + uint32x4_t decompressed0 = _vaddq_u32(decompressed, coeff); + return _vshrq_n_u32((int32_t)11, decompressed0, uint32x4_t); } /** @@ -4313,27 +4149,21 @@ generics static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_ciphertext_coefficient_de0( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - uint32x4_t); - uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - uint32x4_t); + uint32x4_t mask16 = _vdupq_n_u32(65535U); + uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); + uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); uint32x4_t low0 = decompress_uint32x4_t_7a0(low00); uint32x4_t low1 = decompress_uint32x4_t_7a0(low10); uint32x4_t high0 = decompress_uint32x4_t_7a0(high00); uint32x4_t high1 = decompress_uint32x4_t_7a0(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = + _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); + v.high = + _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); return v; } @@ -4459,14 +4289,11 @@ libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a1(uint32x4_t v) { - uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)4 - (int32_t)1)); - uint32x4_t decompressed = libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, decompressed0, - uint32x4_t); + uint32x4_t coeff = _vdupq_n_u32(1U << (uint32_t)((int32_t)4 - (int32_t)1)); + uint32x4_t decompressed = + _vmulq_n_u32(v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + uint32x4_t decompressed0 = _vaddq_u32(decompressed, coeff); + return _vshrq_n_u32((int32_t)4, decompressed0, uint32x4_t); } /** @@ -4478,27 +4305,21 @@ generics static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_ciphertext_coefficient_de1( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - uint32x4_t); - uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - uint32x4_t); + uint32x4_t mask16 = _vdupq_n_u32(65535U); + uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); + uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); uint32x4_t low0 = decompress_uint32x4_t_7a1(low00); uint32x4_t low1 = decompress_uint32x4_t_7a1(low10); uint32x4_t high0 = decompress_uint32x4_t_7a1(high00); uint32x4_t high1 = decompress_uint32x4_t_7a1(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = + _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); + v.high = + _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); return v; } @@ -4549,14 +4370,11 @@ libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a2(uint32x4_t v) { - uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)5 - (int32_t)1)); - uint32x4_t decompressed = libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)5, decompressed0, - uint32x4_t); + uint32x4_t coeff = _vdupq_n_u32(1U << (uint32_t)((int32_t)5 - (int32_t)1)); + uint32x4_t decompressed = + _vmulq_n_u32(v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + uint32x4_t decompressed0 = _vaddq_u32(decompressed, coeff); + return _vshrq_n_u32((int32_t)5, decompressed0, uint32x4_t); } /** @@ -4568,27 +4386,21 @@ generics static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_ciphertext_coefficient_de2( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - uint32x4_t); - uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - uint32x4_t); + uint32x4_t mask16 = _vdupq_n_u32(65535U); + uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); + uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); uint32x4_t low0 = decompress_uint32x4_t_7a2(low00); uint32x4_t low1 = decompress_uint32x4_t_7a2(low10); uint32x4_t high0 = decompress_uint32x4_t_7a2(high00); uint32x4_t high1 = decompress_uint32x4_t_7a2(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = + _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); + v.high = + _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); return v; } @@ -4874,7 +4686,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; @@ -4966,7 +4778,7 @@ static void decrypt_af1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; deserialize_secret_key_4f1(secret_key, secret_as_ntt); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[2U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -5054,7 +4866,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_821( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; @@ -5287,7 +5099,7 @@ libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics */ static KRML_MUSTINLINE Simd128Hash shake128_init_absorb_48_550(uint8_t input[3U][34U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); return shake128_init_absorb_6b0(copy_of_input); @@ -5572,13 +5384,13 @@ static KRML_MUSTINLINE void sample_from_xof_c00( libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); Simd128Hash xof_state = shake128_init_absorb_48_550(copy_of_seeds); uint8_t randomness0[3U][504U]; shake128_squeeze_three_blocks_48_e90(&xof_state, randomness0); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_e61( @@ -5589,7 +5401,7 @@ static KRML_MUSTINLINE void sample_from_xof_c00( } else { uint8_t randomness[3U][168U]; shake128_squeeze_block_48_ad0(&xof_state, randomness); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); @@ -5597,7 +5409,7 @@ static KRML_MUSTINLINE void sample_from_xof_c00( copy_of_randomness, sampled_coefficients, out); } } - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[3U][272U]; memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; @@ -5622,7 +5434,7 @@ static KRML_MUSTINLINE void sample_matrix_A_480( closure_de0(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed[34U]; memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( @@ -5630,7 +5442,7 @@ static KRML_MUSTINLINE void sample_matrix_A_480( memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; @@ -5736,7 +5548,7 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, re_as_ntt[i] = ZERO_89_06();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -5753,7 +5565,7 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_re_as_ntt[3U]; memcpy( copy_of_re_as_ntt, re_as_ntt, @@ -5913,7 +5725,7 @@ static tuple_9b0 generate_keypair_unpacked_ff0( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____2 = sample_vector_cbd_then_ntt_1f0(copy_of_prf_input0, 0U); @@ -5922,7 +5734,7 @@ static tuple_9b0 generate_keypair_unpacked_ff0( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator = uu____2.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; @@ -5937,18 +5749,18 @@ static tuple_9b0 generate_keypair_unpacked_ff0( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[3U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A_transpose[3U] [3U]; memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; @@ -5959,7 +5771,7 @@ static tuple_9b0 generate_keypair_unpacked_ff0( memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[3U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -6062,7 +5874,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = ind_cpa_private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_implicit_rejection_value[32U]; memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); @@ -6072,7 +5884,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]) { (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_hash[32U]; memcpy(copy_of_public_key_hash, public_key_hash, (size_t)32U * sizeof(uint8_t)); @@ -6107,11 +5919,11 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_160( public_key_serialized); uint8_t secret_key_serialized[1152U]; serialize_secret_key_5d0(sk.secret_as_ntt, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_serialized[1184U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); @@ -6224,14 +6036,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[2400U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = libcrux_ml_kem_types_from_05_e0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c( @@ -6254,7 +6066,7 @@ sample_ring_element_cbd_eb0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_06();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -6272,7 +6084,7 @@ sample_ring_element_cbd_eb0(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_2c(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_error_1[3U]; memcpy( copy_of_error_1, error_1, @@ -6495,7 +6307,7 @@ static void encrypt_unpacked_540( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____1 = sample_vector_cbd_then_ntt_1f0(copy_of_prf_input0, 0U); @@ -6504,7 +6316,7 @@ static void encrypt_unpacked_540( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator0 = uu____1.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = @@ -6524,7 +6336,7 @@ static void encrypt_unpacked_540( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; compute_vector_u_6a0(public_key->A, r_as_ntt, error_1, u); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = @@ -6593,7 +6405,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_470( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = &public_key->ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; @@ -6604,12 +6416,12 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_470( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -6710,17 +6522,17 @@ static void encrypt_4e0(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[3U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A[3U][3U]; memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd @@ -6735,7 +6547,7 @@ static void encrypt_4e0(Eurydice_slice public_key, uint8_t message[32U], sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = &public_key_unpacked; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; @@ -6819,12 +6631,12 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, Eurydice_slice); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; encrypt_4e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = @@ -6832,7 +6644,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( uint8_t shared_secret_array[32U]; kdf_af_630(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -7044,7 +6856,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; @@ -7112,7 +6924,7 @@ static void decrypt_af0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; deserialize_secret_key_4f0(secret_key, secret_as_ntt); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[3U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -7200,7 +7012,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_820( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; @@ -7433,7 +7245,7 @@ libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics */ static KRML_MUSTINLINE Simd128Hash shake128_init_absorb_48_55(uint8_t input[4U][34U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); return shake128_init_absorb_6b(copy_of_input); @@ -7724,13 +7536,13 @@ static KRML_MUSTINLINE void sample_from_xof_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); Simd128Hash xof_state = shake128_init_absorb_48_55(copy_of_seeds); uint8_t randomness0[4U][504U]; shake128_squeeze_three_blocks_48_e9(&xof_state, randomness0); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_e6( @@ -7741,7 +7553,7 @@ static KRML_MUSTINLINE void sample_from_xof_c0( } else { uint8_t randomness[4U][168U]; shake128_squeeze_block_48_ad(&xof_state, randomness); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); @@ -7749,7 +7561,7 @@ static KRML_MUSTINLINE void sample_from_xof_c0( copy_of_randomness, sampled_coefficients, out); } } - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[4U][272U]; memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[4U]; @@ -7774,7 +7586,7 @@ static KRML_MUSTINLINE void sample_matrix_A_48( closure_de(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed[34U]; memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( @@ -7782,7 +7594,7 @@ static KRML_MUSTINLINE void sample_matrix_A_48( memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[4U]; @@ -7891,7 +7703,7 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, re_as_ntt[i] = ZERO_89_06();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -7908,7 +7720,7 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_re_as_ntt[4U]; memcpy( copy_of_re_as_ntt, re_as_ntt, @@ -8068,7 +7880,7 @@ static tuple_54 generate_keypair_unpacked_ff( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____2 = sample_vector_cbd_then_ntt_1f(copy_of_prf_input0, 0U); @@ -8077,7 +7889,7 @@ static tuple_54 generate_keypair_unpacked_ff( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator = uu____2.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[4U]; @@ -8092,18 +7904,18 @@ static tuple_54 generate_keypair_unpacked_ff( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[4U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A_transpose[4U] [4U]; memcpy(copy_of_A_transpose, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk; @@ -8114,7 +7926,7 @@ static tuple_54 generate_keypair_unpacked_ff( memcpy(pk.A, copy_of_A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[4U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -8217,7 +8029,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c uu____3 = ind_cpa_private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_implicit_rejection_value[32U]; memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); @@ -8227,7 +8039,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]) { (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c uu____6 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_hash[32U]; memcpy(copy_of_public_key_hash, public_key_hash, (size_t)32U * sizeof(uint8_t)); @@ -8262,11 +8074,11 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_16( public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key_5d(sk.secret_as_ntt, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_serialized[1568U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); @@ -8379,14 +8191,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[3168U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = libcrux_ml_kem_types_from_05_e00(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c0( @@ -8409,7 +8221,7 @@ sample_ring_element_cbd_eb(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_06();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -8427,7 +8239,7 @@ sample_ring_element_cbd_eb(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_2c(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_error_1[4U]; memcpy( copy_of_error_1, error_1, @@ -8703,7 +8515,7 @@ static void encrypt_unpacked_54( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____1 = sample_vector_cbd_then_ntt_1f(copy_of_prf_input0, 0U); @@ -8712,7 +8524,7 @@ static void encrypt_unpacked_54( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator0 = uu____1.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = @@ -8732,7 +8544,7 @@ static void encrypt_unpacked_54( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[4U]; compute_vector_u_6a(public_key->A, r_as_ntt, error_1, u); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = @@ -8802,7 +8614,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_47( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____2 = &public_key->ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; @@ -8813,12 +8625,12 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_47( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -8919,17 +8731,17 @@ static void encrypt_4e(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[4U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A[4U][4U]; memcpy(copy_of_A, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c @@ -8944,7 +8756,7 @@ static void encrypt_4e(Eurydice_slice public_key, uint8_t message[32U], sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = &public_key_unpacked; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; @@ -9028,12 +8840,12 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, Eurydice_slice); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; encrypt_4e(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = @@ -9041,7 +8853,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( uint8_t shared_secret_array[32U]; kdf_af_63(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -9295,7 +9107,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; @@ -9363,7 +9175,7 @@ static void decrypt_af(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; deserialize_secret_key_4f(secret_key, secret_as_ntt); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[4U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -9452,7 +9264,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_82( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index eb50c46dd..4aac58084 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index fd2294739..39f30d882 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "internal/libcrux_mlkem_portable.h" @@ -2123,7 +2123,7 @@ shake128_init_absorb_411(uint8_t input[4U][34U]) { &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[4U]; memcpy(copy_of_shake128_state, shake128_state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); @@ -2145,7 +2145,7 @@ generics */ static KRML_MUSTINLINE PortableHash_d1 shake128_init_absorb_f1_511(uint8_t input[4U][34U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); return shake128_init_absorb_411(copy_of_input); @@ -2429,13 +2429,13 @@ static KRML_MUSTINLINE void sample_from_xof_f61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); PortableHash_d1 xof_state = shake128_init_absorb_f1_511(copy_of_seeds); uint8_t randomness0[4U][504U]; shake128_squeeze_three_blocks_f1_7f1(&xof_state, randomness0); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_023( @@ -2446,7 +2446,7 @@ static KRML_MUSTINLINE void sample_from_xof_f61( } else { uint8_t randomness[4U][168U]; shake128_squeeze_block_f1_681(&xof_state, randomness); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); @@ -2454,7 +2454,7 @@ static KRML_MUSTINLINE void sample_from_xof_f61( copy_of_randomness, sampled_coefficients, out); } } - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[4U][272U]; memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; @@ -2480,7 +2480,7 @@ static KRML_MUSTINLINE void sample_matrix_A_551( closure_821(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed[34U]; memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( @@ -2488,7 +2488,7 @@ static KRML_MUSTINLINE void sample_matrix_A_551( memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; @@ -2925,7 +2925,7 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, re_as_ntt[i] = ZERO_89_02();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -2942,7 +2942,7 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( copy_of_re_as_ntt, re_as_ntt, @@ -3206,7 +3206,7 @@ static tuple_540 generate_keypair_unpacked_a91( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____2 = sample_vector_cbd_then_ntt_011(copy_of_prf_input0, 0U); @@ -3215,7 +3215,7 @@ static tuple_540 generate_keypair_unpacked_a91( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; @@ -3230,18 +3230,18 @@ static tuple_540 generate_keypair_unpacked_a91( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[4U] [4U]; memcpy(copy_of_A_transpose, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk; @@ -3252,7 +3252,7 @@ static tuple_540 generate_keypair_unpacked_a91( memcpy(pk.A, copy_of_A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -3380,7 +3380,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = ind_cpa_private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_implicit_rejection_value[32U]; memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); @@ -3390,7 +3390,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 uu____6 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_hash[32U]; memcpy(copy_of_public_key_hash, public_key_hash, (size_t)32U * sizeof(uint8_t)); @@ -3426,11 +3426,11 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e81( public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key_e81(sk.secret_as_ntt, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_serialized[1568U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); @@ -3544,14 +3544,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[3168U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = libcrux_ml_kem_types_from_05_e00(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c0( @@ -3575,7 +3575,7 @@ sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_02();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3593,7 +3593,7 @@ sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[4U]; memcpy( copy_of_error_1, error_1, @@ -4276,7 +4276,7 @@ static void encrypt_unpacked_651( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____1 = sample_vector_cbd_then_ntt_011(copy_of_prf_input0, 0U); @@ -4285,7 +4285,7 @@ static void encrypt_unpacked_651( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = @@ -4305,7 +4305,7 @@ static void encrypt_unpacked_651( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; compute_vector_u_571(public_key->A, r_as_ntt, error_1, u); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = @@ -4376,7 +4376,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____2 = &public_key->ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; @@ -4387,12 +4387,12 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -4494,17 +4494,17 @@ static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[4U][4U]; memcpy(copy_of_A, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 @@ -4519,7 +4519,7 @@ static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &public_key_unpacked; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; @@ -4603,12 +4603,12 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, Eurydice_slice); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; encrypt_f71(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = @@ -4616,7 +4616,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( uint8_t shared_secret_array[32U]; kdf_af_f4(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -5192,7 +5192,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; @@ -5284,7 +5284,7 @@ static void decrypt_4a1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; deserialize_secret_key_6b1(secret_key, secret_as_ntt); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -5373,7 +5373,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; @@ -5595,7 +5595,7 @@ shake128_init_absorb_410(uint8_t input[2U][34U]) { &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[2U]; memcpy(copy_of_shake128_state, shake128_state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); @@ -5617,7 +5617,7 @@ generics */ static KRML_MUSTINLINE PortableHash_8b shake128_init_absorb_f1_510(uint8_t input[2U][34U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); return shake128_init_absorb_410(copy_of_input); @@ -5875,13 +5875,13 @@ static KRML_MUSTINLINE void sample_from_xof_f60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); PortableHash_8b xof_state = shake128_init_absorb_f1_510(copy_of_seeds); uint8_t randomness0[2U][504U]; shake128_squeeze_three_blocks_f1_7f0(&xof_state, randomness0); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_021( @@ -5892,7 +5892,7 @@ static KRML_MUSTINLINE void sample_from_xof_f60( } else { uint8_t randomness[2U][168U]; shake128_squeeze_block_f1_680(&xof_state, randomness); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); @@ -5900,7 +5900,7 @@ static KRML_MUSTINLINE void sample_from_xof_f60( copy_of_randomness, sampled_coefficients, out); } } - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[2U][272U]; memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; @@ -5926,7 +5926,7 @@ static KRML_MUSTINLINE void sample_matrix_A_550( closure_820(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed[34U]; memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( @@ -5934,7 +5934,7 @@ static KRML_MUSTINLINE void sample_matrix_A_550( memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; @@ -6035,7 +6035,7 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, re_as_ntt[i] = ZERO_89_02();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -6052,7 +6052,7 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( copy_of_re_as_ntt, re_as_ntt, @@ -6214,7 +6214,7 @@ static tuple_4c generate_keypair_unpacked_a90( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____2 = sample_vector_cbd_then_ntt_010(copy_of_prf_input0, 0U); @@ -6223,7 +6223,7 @@ static tuple_4c generate_keypair_unpacked_a90( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; @@ -6238,18 +6238,18 @@ static tuple_4c generate_keypair_unpacked_a90( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[2U] [2U]; memcpy(copy_of_A_transpose, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk; @@ -6260,7 +6260,7 @@ static tuple_4c generate_keypair_unpacked_a90( memcpy(pk.A, copy_of_A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -6365,7 +6365,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = ind_cpa_private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_implicit_rejection_value[32U]; memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); @@ -6375,7 +6375,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae uu____6 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_hash[32U]; memcpy(copy_of_public_key_hash, public_key_hash, (size_t)32U * sizeof(uint8_t)); @@ -6411,11 +6411,11 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e80( public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key_e80(sk.secret_as_ntt, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_serialized[800U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)800U * sizeof(uint8_t)); @@ -6529,14 +6529,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1632U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = libcrux_ml_kem_types_from_05_e01(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c1( @@ -6593,7 +6593,7 @@ sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_02();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -6611,7 +6611,7 @@ sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[2U]; memcpy( copy_of_error_1, error_1, @@ -6888,7 +6888,7 @@ static void encrypt_unpacked_650( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____1 = sample_vector_cbd_then_ntt_010(copy_of_prf_input0, 0U); @@ -6897,7 +6897,7 @@ static void encrypt_unpacked_650( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = @@ -6917,7 +6917,7 @@ static void encrypt_unpacked_650( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; compute_vector_u_570(public_key->A, r_as_ntt, error_1, u); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = @@ -6987,7 +6987,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____2 = &public_key->ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; @@ -6998,12 +6998,12 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -7105,17 +7105,17 @@ static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[2U][2U]; memcpy(copy_of_A, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae @@ -7130,7 +7130,7 @@ static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &public_key_unpacked; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; @@ -7214,12 +7214,12 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, Eurydice_slice); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; encrypt_f70(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = @@ -7227,7 +7227,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( uint8_t shared_secret_array[32U]; kdf_af_26(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -7481,7 +7481,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; @@ -7549,7 +7549,7 @@ static void decrypt_4a0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; deserialize_secret_key_6b0(secret_key, secret_as_ntt); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -7637,7 +7637,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; @@ -7860,7 +7860,7 @@ shake128_init_absorb_41(uint8_t input[3U][34U]) { &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; memcpy(copy_of_shake128_state, shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); @@ -7882,7 +7882,7 @@ generics */ static KRML_MUSTINLINE PortableHash_58 shake128_init_absorb_f1_51(uint8_t input[3U][34U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); return shake128_init_absorb_41(copy_of_input); @@ -8140,13 +8140,13 @@ static KRML_MUSTINLINE void sample_from_xof_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); PortableHash_58 xof_state = shake128_init_absorb_f1_51(copy_of_seeds); uint8_t randomness0[3U][504U]; shake128_squeeze_three_blocks_f1_7f(&xof_state, randomness0); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_02( @@ -8157,7 +8157,7 @@ static KRML_MUSTINLINE void sample_from_xof_f6( } else { uint8_t randomness[3U][168U]; shake128_squeeze_block_f1_68(&xof_state, randomness); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); @@ -8165,7 +8165,7 @@ static KRML_MUSTINLINE void sample_from_xof_f6( copy_of_randomness, sampled_coefficients, out); } } - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[3U][272U]; memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; @@ -8191,7 +8191,7 @@ static KRML_MUSTINLINE void sample_matrix_A_55( closure_82(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed[34U]; memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( @@ -8199,7 +8199,7 @@ static KRML_MUSTINLINE void sample_matrix_A_55( memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; @@ -8289,7 +8289,7 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, re_as_ntt[i] = ZERO_89_02();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -8306,7 +8306,7 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( copy_of_re_as_ntt, re_as_ntt, @@ -8468,7 +8468,7 @@ static tuple_9b generate_keypair_unpacked_a9( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____2 = sample_vector_cbd_then_ntt_01(copy_of_prf_input0, 0U); @@ -8477,7 +8477,7 @@ static tuple_9b generate_keypair_unpacked_a9( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; @@ -8492,18 +8492,18 @@ static tuple_9b generate_keypair_unpacked_a9( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] [3U]; memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; @@ -8514,7 +8514,7 @@ static tuple_9b generate_keypair_unpacked_a9( memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -8619,7 +8619,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_implicit_rejection_value[32U]; memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); @@ -8629,7 +8629,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_hash[32U]; memcpy(copy_of_public_key_hash, public_key_hash, (size_t)32U * sizeof(uint8_t)); @@ -8665,11 +8665,11 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e8( public_key_serialized); uint8_t secret_key_serialized[1152U]; serialize_secret_key_e8(sk.secret_as_ntt, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_serialized[1184U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); @@ -8783,14 +8783,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[2400U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = libcrux_ml_kem_types_from_05_e0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c( @@ -8814,7 +8814,7 @@ sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_02();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -8832,7 +8832,7 @@ sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; memcpy( copy_of_error_1, error_1, @@ -9056,7 +9056,7 @@ static void encrypt_unpacked_65( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____1 = sample_vector_cbd_then_ntt_01(copy_of_prf_input0, 0U); @@ -9065,7 +9065,7 @@ static void encrypt_unpacked_65( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = @@ -9085,7 +9085,7 @@ static void encrypt_unpacked_65( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; compute_vector_u_57(public_key->A, r_as_ntt, error_1, u); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = @@ -9155,7 +9155,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = &public_key->ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; @@ -9166,12 +9166,12 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -9273,17 +9273,17 @@ static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 @@ -9298,7 +9298,7 @@ static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &public_key_unpacked; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; @@ -9382,12 +9382,12 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, Eurydice_slice); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; encrypt_f7(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = @@ -9395,7 +9395,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( uint8_t shared_secret_array[32U]; kdf_af_69(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -9608,7 +9608,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; @@ -9676,7 +9676,7 @@ static void decrypt_4a(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; deserialize_secret_key_6b(secret_key, secret_as_ntt); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -9764,7 +9764,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_71( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index ea777873b..59e15235c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 554d431d4..cf02dc3bc 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 67f9c8b91..814ac74f7 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index de79d0e42..2354d05fe 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 185e7fc66..b0f8e37b8 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_sha3_internal_H @@ -147,7 +147,7 @@ usize> for u64)} */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_a[1U]; memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret0[1U]; @@ -281,7 +281,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, copy_of_b); @@ -1503,7 +1503,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, copy_of_b); @@ -1612,7 +1612,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block_de(uu____0, copy_of_b); @@ -1645,7 +1645,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_39(s, buf); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); @@ -1737,7 +1737,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -1748,7 +1748,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -1804,7 +1804,7 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_cf4(copy_of_data, out); @@ -1847,7 +1847,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block_de3(uu____0, copy_of_b); @@ -1893,7 +1893,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, copy_of_b); @@ -1962,7 +1962,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_393(s, buf); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); @@ -2093,7 +2093,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -2104,7 +2104,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -2160,7 +2160,7 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_cf3(copy_of_data, out); @@ -2203,7 +2203,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block_de2(uu____0, copy_of_b); @@ -2249,7 +2249,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, copy_of_b); @@ -2318,7 +2318,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_392(s, buf); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); @@ -2449,7 +2449,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -2460,7 +2460,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -2516,7 +2516,7 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_cf2(copy_of_data, out); @@ -2534,7 +2534,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block_de0(uu____0, copy_of_b); @@ -2567,7 +2567,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_390(s, buf); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); @@ -2659,7 +2659,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -2670,7 +2670,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -2726,7 +2726,7 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_cf1(copy_of_data, out); @@ -2780,7 +2780,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -2791,7 +2791,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -2847,7 +2847,7 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_cf0(copy_of_data, out); @@ -2890,7 +2890,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block_de1(uu____0, copy_of_b); @@ -2936,7 +2936,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, copy_of_b); @@ -3005,7 +3005,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_391(s, buf); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); @@ -3135,7 +3135,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -3146,7 +3146,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -3202,7 +3202,7 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_cf(copy_of_data, out); diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index c1cf5cca8..d565000e0 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_sha3_neon.h" @@ -19,17 +19,15 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ -static KRML_MUSTINLINE uint64x2_t zero_fa(void) { - return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); -} +static KRML_MUSTINLINE uint64x2_t zero_fa(void) { return _vdupq_n_u64(0ULL); } static KRML_MUSTINLINE uint64x2_t _veor5q_u64(uint64x2_t a, uint64x2_t b, uint64x2_t c, uint64x2_t d, uint64x2_t e) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - uint64x2_t cd = libcrux_intrinsics_arm64__veorq_u64(c, d); - uint64x2_t abcd = libcrux_intrinsics_arm64__veorq_u64(ab, cd); - return libcrux_intrinsics_arm64__veorq_u64(abcd, e); + uint64x2_t ab = _veorq_u64(a, b); + uint64x2_t cd = _veorq_u64(c, d); + uint64x2_t abcd = _veorq_u64(ab, cd); + return _veorq_u64(abcd, e); } /** @@ -49,14 +47,13 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64x2_t rotate_left_58(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)1, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)63, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)1, x, uint64x2_t), + _vshrq_n_u64((int32_t)63, x, uint64x2_t)); } static KRML_MUSTINLINE uint64x2_t _vrax1q_u64(uint64x2_t a, uint64x2_t b) { uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64(uu____0, rotate_left_58(b)); + return _veorq_u64(uu____0, rotate_left_58(b)); } /** @@ -70,8 +67,7 @@ static KRML_MUSTINLINE uint64x2_t rotate_left1_and_xor_fa(uint64x2_t a, static KRML_MUSTINLINE uint64x2_t _vbcaxq_u64(uint64x2_t a, uint64x2_t b, uint64x2_t c) { - return libcrux_intrinsics_arm64__veorq_u64( - a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); + return _veorq_u64(a, _vbicq_u64(b, c)); } /** @@ -84,8 +80,8 @@ static KRML_MUSTINLINE uint64x2_t and_not_xor_fa(uint64x2_t a, uint64x2_t b, } static KRML_MUSTINLINE uint64x2_t _veorq_n_u64(uint64x2_t a, uint64_t c) { - uint64x2_t c0 = libcrux_intrinsics_arm64__vdupq_n_u64(c); - return libcrux_intrinsics_arm64__veorq_u64(a, c0); + uint64x2_t c0 = _vdupq_n_u64(c); + return _veorq_u64(a, c0); } /** @@ -101,7 +97,7 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ static KRML_MUSTINLINE uint64x2_t xor_fa(uint64x2_t a, uint64x2_t b) { - return libcrux_intrinsics_arm64__veorq_u64(a, b); + return _veorq_u64(a, b); } static KRML_MUSTINLINE void slice_2(Eurydice_slice a[2U], size_t start, @@ -118,7 +114,7 @@ usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ static KRML_MUSTINLINE void slice_n_fa(Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_a[2U]; memcpy(copy_of_a, a, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret0[2U]; @@ -208,24 +204,20 @@ static KRML_MUSTINLINE void load_block_3c(uint64x2_t (*s)[5U], Eurydice_slice blocks[2U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + _vtrn1q_u64(v0, v1)); s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + _vtrn2q_u64(v0, v1)); } if ((size_t)72U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; @@ -249,9 +241,9 @@ static KRML_MUSTINLINE void load_block_3c(uint64x2_t (*s)[5U], Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____1); u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + uint64x2_t uvec = _vld1q_u64( Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = _veorq_u64(s[i][j], uvec); } } @@ -267,7 +259,7 @@ with const generics static KRML_MUSTINLINE void load_block_fa_0f(uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { uint64x2_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[2U]; memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); load_block_3c(uu____0, copy_of_b); @@ -280,9 +272,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64x2_t rotate_left_580(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)36, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)28, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)36, x, uint64x2_t), + _vshrq_n_u64((int32_t)28, x, uint64x2_t)); } /** @@ -292,7 +283,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c1(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_580(ab); } @@ -318,9 +309,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64x2_t rotate_left_581(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)3, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)61, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)3, x, uint64x2_t), + _vshrq_n_u64((int32_t)61, x, uint64x2_t)); } /** @@ -330,7 +320,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c10(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_581(ab); } @@ -356,9 +346,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64x2_t rotate_left_582(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)41, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)23, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)41, x, uint64x2_t), + _vshrq_n_u64((int32_t)23, x, uint64x2_t)); } /** @@ -368,7 +357,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c11(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_582(ab); } @@ -394,9 +383,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64x2_t rotate_left_583(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)18, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)46, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)18, x, uint64x2_t), + _vshrq_n_u64((int32_t)46, x, uint64x2_t)); } /** @@ -406,7 +394,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c12(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_583(ab); } @@ -432,7 +420,7 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c13(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_58(ab); } @@ -458,9 +446,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64x2_t rotate_left_584(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)44, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)20, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)44, x, uint64x2_t), + _vshrq_n_u64((int32_t)20, x, uint64x2_t)); } /** @@ -470,7 +457,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c14(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_584(ab); } @@ -496,9 +483,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64x2_t rotate_left_585(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)10, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)54, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)10, x, uint64x2_t), + _vshrq_n_u64((int32_t)54, x, uint64x2_t)); } /** @@ -508,7 +494,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c15(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_585(ab); } @@ -534,9 +520,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64x2_t rotate_left_586(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)45, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)19, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)45, x, uint64x2_t), + _vshrq_n_u64((int32_t)19, x, uint64x2_t)); } /** @@ -546,7 +531,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c16(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_586(ab); } @@ -572,9 +557,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64x2_t rotate_left_587(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)2, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)62, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)2, x, uint64x2_t), + _vshrq_n_u64((int32_t)62, x, uint64x2_t)); } /** @@ -584,7 +568,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c17(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_587(ab); } @@ -610,9 +594,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64x2_t rotate_left_588(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)62, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)2, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)62, x, uint64x2_t), + _vshrq_n_u64((int32_t)2, x, uint64x2_t)); } /** @@ -622,7 +605,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c18(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_588(ab); } @@ -648,9 +631,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64x2_t rotate_left_589(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)6, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)58, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)6, x, uint64x2_t), + _vshrq_n_u64((int32_t)58, x, uint64x2_t)); } /** @@ -660,7 +642,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c19(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_589(ab); } @@ -686,9 +668,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5810(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)43, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)21, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)43, x, uint64x2_t), + _vshrq_n_u64((int32_t)21, x, uint64x2_t)); } /** @@ -698,7 +679,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c110(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5810(ab); } @@ -724,9 +705,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5811(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)15, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)49, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)15, x, uint64x2_t), + _vshrq_n_u64((int32_t)49, x, uint64x2_t)); } /** @@ -736,7 +716,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c111(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5811(ab); } @@ -762,9 +742,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5812(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)61, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)3, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)61, x, uint64x2_t), + _vshrq_n_u64((int32_t)3, x, uint64x2_t)); } /** @@ -774,7 +753,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c112(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5812(ab); } @@ -800,9 +779,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5813(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)28, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)36, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)28, x, uint64x2_t), + _vshrq_n_u64((int32_t)36, x, uint64x2_t)); } /** @@ -812,7 +790,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c113(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5813(ab); } @@ -838,9 +816,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5814(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)55, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)9, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)55, x, uint64x2_t), + _vshrq_n_u64((int32_t)9, x, uint64x2_t)); } /** @@ -850,7 +827,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c114(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5814(ab); } @@ -876,9 +853,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5815(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)25, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)39, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)25, x, uint64x2_t), + _vshrq_n_u64((int32_t)39, x, uint64x2_t)); } /** @@ -888,7 +864,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c115(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5815(ab); } @@ -914,9 +890,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5816(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)21, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)43, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)21, x, uint64x2_t), + _vshrq_n_u64((int32_t)43, x, uint64x2_t)); } /** @@ -926,7 +901,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c116(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5816(ab); } @@ -952,9 +927,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5817(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)56, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)8, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)56, x, uint64x2_t), + _vshrq_n_u64((int32_t)8, x, uint64x2_t)); } /** @@ -964,7 +938,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c117(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5817(ab); } @@ -990,9 +964,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5818(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)27, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)37, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)27, x, uint64x2_t), + _vshrq_n_u64((int32_t)37, x, uint64x2_t)); } /** @@ -1002,7 +975,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c118(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5818(ab); } @@ -1028,9 +1001,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5819(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)20, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)44, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)20, x, uint64x2_t), + _vshrq_n_u64((int32_t)44, x, uint64x2_t)); } /** @@ -1040,7 +1012,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c119(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5819(ab); } @@ -1066,9 +1038,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5820(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)39, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)25, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)39, x, uint64x2_t), + _vshrq_n_u64((int32_t)25, x, uint64x2_t)); } /** @@ -1078,7 +1049,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c120(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5820(ab); } @@ -1104,9 +1075,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5821(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)8, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)56, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)8, x, uint64x2_t), + _vshrq_n_u64((int32_t)56, x, uint64x2_t)); } /** @@ -1116,7 +1086,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c121(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5821(ab); } @@ -1142,9 +1112,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5822(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)14, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)50, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)14, x, uint64x2_t), + _vshrq_n_u64((int32_t)50, x, uint64x2_t)); } /** @@ -1154,7 +1123,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c122(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5822(ab); } @@ -1360,7 +1329,7 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_07(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[2U][200U]; memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); load_block_full_3e(uu____0, copy_of_b); @@ -1404,30 +1373,28 @@ static KRML_MUSTINLINE void store_block_2f(uint64x2_t (*s)[5U], Eurydice_slice out[2U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + uint64x2_t v0 = _vtrn1q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + uint64x2_t v1 = _vtrn2q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v0); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v1); } if ((size_t)72U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( + _vst1q_bytes_u64( Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), s[i][j]); Eurydice_slice uu____0 = @@ -1462,7 +1429,7 @@ static KRML_MUSTINLINE void store_block_full_9a(uint64x2_t (*s)[5U], Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; store_block_2f(s, buf); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); uint8_t uu____1[200U]; @@ -1587,7 +1554,7 @@ static KRML_MUSTINLINE void keccak_59(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -1597,7 +1564,7 @@ static KRML_MUSTINLINE void keccak_59(Eurydice_slice data[2U], size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -1653,7 +1620,7 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); keccak_59(copy_of_data, out); @@ -1680,24 +1647,20 @@ static KRML_MUSTINLINE void load_block_3c0(uint64x2_t (*s)[5U], Eurydice_slice blocks[2U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + _vtrn1q_u64(v0, v1)); s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + _vtrn2q_u64(v0, v1)); } if ((size_t)136U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; @@ -1721,9 +1684,9 @@ static KRML_MUSTINLINE void load_block_3c0(uint64x2_t (*s)[5U], Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____1); u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + uint64x2_t uvec = _vld1q_u64( Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = _veorq_u64(s[i][j], uvec); } } @@ -1739,7 +1702,7 @@ with const generics static KRML_MUSTINLINE void load_block_fa_0f0(uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { uint64x2_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[2U]; memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); load_block_3c0(uu____0, copy_of_b); @@ -1787,7 +1750,7 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_070(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[2U][200U]; memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); load_block_full_3e0(uu____0, copy_of_b); @@ -1831,30 +1794,28 @@ static KRML_MUSTINLINE void store_block_2f0(uint64x2_t (*s)[5U], Eurydice_slice out[2U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + uint64x2_t v0 = _vtrn1q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + uint64x2_t v1 = _vtrn2q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v0); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v1); } if ((size_t)136U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( + _vst1q_bytes_u64( Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), s[i][j]); Eurydice_slice uu____0 = @@ -1889,7 +1850,7 @@ static KRML_MUSTINLINE void store_block_full_9a0(uint64x2_t (*s)[5U], Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; store_block_2f0(s, buf); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); uint8_t uu____1[200U]; @@ -2014,7 +1975,7 @@ static KRML_MUSTINLINE void keccak_590(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -2024,7 +1985,7 @@ static KRML_MUSTINLINE void keccak_590(Eurydice_slice data[2U], size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -2080,7 +2041,7 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e0(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); keccak_590(copy_of_data, out); @@ -2143,7 +2104,7 @@ static KRML_MUSTINLINE void keccak_591(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -2153,7 +2114,7 @@ static KRML_MUSTINLINE void keccak_591(Eurydice_slice data[2U], size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -2209,7 +2170,7 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); keccak_591(copy_of_data, out); @@ -2244,24 +2205,20 @@ static KRML_MUSTINLINE void load_block_3c1(uint64x2_t (*s)[5U], Eurydice_slice blocks[2U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + _vtrn1q_u64(v0, v1)); s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + _vtrn2q_u64(v0, v1)); } if ((size_t)168U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; @@ -2285,9 +2242,9 @@ static KRML_MUSTINLINE void load_block_3c1(uint64x2_t (*s)[5U], Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____1); u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + uint64x2_t uvec = _vld1q_u64( Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = _veorq_u64(s[i][j], uvec); } } @@ -2317,7 +2274,7 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_071(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[2U][200U]; memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); load_block_full_3e1(uu____0, copy_of_b); @@ -2371,30 +2328,28 @@ static KRML_MUSTINLINE void store_block_2f1(uint64x2_t (*s)[5U], Eurydice_slice out[2U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + uint64x2_t v0 = _vtrn1q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + uint64x2_t v1 = _vtrn2q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v0); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v1); } if ((size_t)168U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( + _vst1q_bytes_u64( Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), s[i][j]); Eurydice_slice uu____0 = @@ -2512,24 +2467,20 @@ static KRML_MUSTINLINE void load_block_3c2(uint64x2_t (*s)[5U], Eurydice_slice blocks[2U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + _vtrn1q_u64(v0, v1)); s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + _vtrn2q_u64(v0, v1)); } if ((size_t)144U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; @@ -2553,9 +2504,9 @@ static KRML_MUSTINLINE void load_block_3c2(uint64x2_t (*s)[5U], Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____1); u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + uint64x2_t uvec = _vld1q_u64( Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = _veorq_u64(s[i][j], uvec); } } @@ -2571,7 +2522,7 @@ with const generics static KRML_MUSTINLINE void load_block_fa_0f1(uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { uint64x2_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[2U]; memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); load_block_3c2(uu____0, copy_of_b); @@ -2619,7 +2570,7 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_072(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[2U][200U]; memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); load_block_full_3e2(uu____0, copy_of_b); @@ -2663,30 +2614,28 @@ static KRML_MUSTINLINE void store_block_2f2(uint64x2_t (*s)[5U], Eurydice_slice out[2U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + uint64x2_t v0 = _vtrn1q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + uint64x2_t v1 = _vtrn2q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v0); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v1); } if ((size_t)144U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( + _vst1q_bytes_u64( Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), s[i][j]); Eurydice_slice uu____0 = @@ -2721,7 +2670,7 @@ static KRML_MUSTINLINE void store_block_full_9a1(uint64x2_t (*s)[5U], Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; store_block_2f2(s, buf); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); uint8_t uu____1[200U]; @@ -2846,7 +2795,7 @@ static KRML_MUSTINLINE void keccak_592(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -2856,7 +2805,7 @@ static KRML_MUSTINLINE void keccak_592(Eurydice_slice data[2U], size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -2912,7 +2861,7 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); keccak_592(copy_of_data, out); @@ -2940,24 +2889,20 @@ static KRML_MUSTINLINE void load_block_3c3(uint64x2_t (*s)[5U], Eurydice_slice blocks[2U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + _vtrn1q_u64(v0, v1)); s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + _vtrn2q_u64(v0, v1)); } if ((size_t)104U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; @@ -2981,9 +2926,9 @@ static KRML_MUSTINLINE void load_block_3c3(uint64x2_t (*s)[5U], Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____1); u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + uint64x2_t uvec = _vld1q_u64( Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = _veorq_u64(s[i][j], uvec); } } @@ -2999,7 +2944,7 @@ with const generics static KRML_MUSTINLINE void load_block_fa_0f2(uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { uint64x2_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[2U]; memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); load_block_3c3(uu____0, copy_of_b); @@ -3047,7 +2992,7 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_073(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[2U][200U]; memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); load_block_full_3e3(uu____0, copy_of_b); @@ -3091,30 +3036,28 @@ static KRML_MUSTINLINE void store_block_2f3(uint64x2_t (*s)[5U], Eurydice_slice out[2U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + uint64x2_t v0 = _vtrn1q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + uint64x2_t v1 = _vtrn2q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v0); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v1); } if ((size_t)104U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( + _vst1q_bytes_u64( Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), s[i][j]); Eurydice_slice uu____0 = @@ -3149,7 +3092,7 @@ static KRML_MUSTINLINE void store_block_full_9a2(uint64x2_t (*s)[5U], Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; store_block_2f3(s, buf); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); uint8_t uu____1[200U]; @@ -3274,7 +3217,7 @@ static KRML_MUSTINLINE void keccak_593(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -3284,7 +3227,7 @@ static KRML_MUSTINLINE void keccak_593(Eurydice_slice data[2U], size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -3340,7 +3283,7 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); keccak_593(copy_of_data, out); diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 18ac37d7c..983358000 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_sha3_neon_H From 90358e0a5c7185a6ca5a058da9b43826827e5dfd Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Tue, 13 Aug 2024 09:16:15 -0700 Subject: [PATCH 051/172] Regenerate on Intel --- libcrux-ml-kem/c.yaml | 4 +- libcrux-ml-kem/c/code_gen.txt | 8 +- libcrux-ml-kem/c/internal/libcrux_core.h | 233 +- .../c/internal/libcrux_mlkem_avx2.h | 6 +- .../c/internal/libcrux_mlkem_portable.h | 50 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 6 +- .../c/internal/libcrux_sha3_internal.h | 46 +- libcrux-ml-kem/c/libcrux_core.c | 310 +- libcrux-ml-kem/c/libcrux_core.h | 124 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 64 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 50 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 64 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 54 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 64 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 50 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 9294 ++++++++++++++++- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 509 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 9268 +--------------- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 574 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2865 ++--- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 188 +- libcrux-ml-kem/c/libcrux_sha3.h | 20 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2338 ++++- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 41 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 744 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3282 +----- libcrux-ml-kem/c/libcrux_sha3_neon.h | 31 +- 36 files changed, 15017 insertions(+), 15336 deletions(-) diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index db12e833c..e391dab17 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -235,5 +235,5 @@ naming: skip_prefix: - [ core, core_arch, arm_shared, neon ] - [ core, core_arch, x86 ] - - [libcrux_intrinsics, arm64] - - [libcrux_intrinsics, avx2] + # - [libcrux_intrinsics, arm64] + # - [libcrux_intrinsics, avx2] diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 8ac29a1be..31c8dfd1b 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: Charon: 53530427db2941ce784201e64086766504bc5642 -Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb -Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 -F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 -Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 +Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 +Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b +F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 +Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 6e626b2cc..b8b4cc329 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __internal_libcrux_core_H @@ -23,6 +23,8 @@ extern "C" { #define CORE_NUM__U32_8__BITS (32U) +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); + uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( Eurydice_slice lhs, Eurydice_slice rhs); @@ -71,10 +73,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 800 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( - uint8_t value[800U]); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( + uint8_t value[1568U]); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -86,12 +88,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_2c1( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** This function found in impl {(core::convert::From<@Array> for @@ -100,10 +102,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 1632 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_e01( - uint8_t value[1632U]); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( + uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for @@ -112,10 +114,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 768 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( - uint8_t value[768U]); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( + uint8_t value[1568U]); /** A reference to the raw byte slice. @@ -126,10 +128,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 800 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f1( - libcrux_ml_kem_types_MlKemPublicKey_be *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( + libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -138,10 +140,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 768 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** Pad the `slice` with `0`s at the end. @@ -149,10 +151,10 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, - uint8_t ret[800U]); +void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, + uint8_t ret[1600U]); /** This function found in impl {(core::convert::From<@Array> for @@ -161,10 +163,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( + uint8_t value[1184U]); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -176,12 +178,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_2c0( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** This function found in impl {(core::convert::From<@Array> for @@ -190,10 +192,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 3168 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_e00( - uint8_t value[3168U]); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( + uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for @@ -202,10 +204,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( - uint8_t value[1568U]); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( + uint8_t value[1088U]); /** A reference to the raw byte slice. @@ -216,10 +218,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1568 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f0( - libcrux_ml_kem_types_MlKemPublicKey_1f *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( + libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -228,10 +230,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** Pad the `slice` with `0`s at the end. @@ -239,10 +241,10 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, - uint8_t ret[1600U]); +void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, + uint8_t ret[1120U]); /** This function found in impl {(core::convert::From<@Array> for @@ -251,10 +253,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1184 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( - uint8_t value[1184U]); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( + uint8_t value[800U]); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -266,12 +268,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_2c( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk); /** This function found in impl {(core::convert::From<@Array> for @@ -280,10 +282,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 2400 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_e0( - uint8_t value[2400U]); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( + uint8_t value[1632U]); /** This function found in impl {(core::convert::From<@Array> for @@ -292,10 +294,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1088 +- SIZE= 768 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( - uint8_t value[1088U]); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( + uint8_t value[768U]); /** A reference to the raw byte slice. @@ -306,10 +308,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1184 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( - libcrux_ml_kem_types_MlKemPublicKey_15 *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( + libcrux_ml_kem_types_MlKemPublicKey_be *self); /** Pad the `slice` with `0`s at the end. @@ -319,7 +321,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -353,7 +355,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -363,10 +365,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1088 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** Pad the `slice` with `0`s at the end. @@ -374,10 +376,10 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, - uint8_t ret[1120U]); +void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, + uint8_t ret[800U]); /** Pad the `slice` with `0`s at the end. @@ -387,18 +389,77 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]); /** -A monomorphic instance of core.option.Option -with types Eurydice_slice uint8_t +A monomorphic instance of core.result.Result +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_6f_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[24U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_6f; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]); + +/** +A monomorphic instance of core.result.Result +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_7a_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[20U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_7a; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]); + +/** +A monomorphic instance of core.result.Result +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_cd_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[10U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_cd; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[10size_t], core_array_TryFromSliceError */ -typedef struct core_option_Option_44_s { - core_option_Option_ef_tags tag; - Eurydice_slice f0; -} core_option_Option_44; +void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result @@ -423,10 +484,10 @@ with types int16_t[16size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]); -typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { - Eurydice_slice fst[2U]; - Eurydice_slice snd[2U]; -} Eurydice_slice_uint8_t_2size_t__x2; +typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; +} Eurydice_slice_uint8_t_4size_t__x2; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 5a5776797..ba6f74a0f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 7c85dde7e..0436054d3 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -53,7 +53,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]); /** Packed API @@ -77,7 +77,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -98,7 +98,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -121,7 +121,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -147,7 +147,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -173,7 +173,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_711( +void libcrux_ml_kem_ind_cca_decapsulate_4f1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -185,7 +185,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -201,7 +201,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]); /** Packed API @@ -225,7 +225,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -246,7 +246,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -269,7 +269,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -295,7 +295,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_710( +void libcrux_ml_kem_ind_cca_decapsulate_4f0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -333,7 +333,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -349,7 +349,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]); /** Packed API @@ -373,7 +373,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -394,7 +394,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -417,7 +417,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -443,7 +443,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -469,7 +469,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_71( +void libcrux_ml_kem_ind_cca_decapsulate_4f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 545a20b77..71f9fa63d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index c18dac469..a2772321d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __internal_libcrux_sha3_internal_H @@ -29,7 +29,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } /** @@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_25(s, buf); + libcrux_sha3_generic_keccak_absorb_final_72(s, buf); } /** @@ -49,7 +49,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, buf); } /** @@ -60,7 +60,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -68,15 +68,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); } /** @@ -86,7 +86,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); } #define libcrux_sha3_Sha224 0 @@ -149,7 +149,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -157,29 +157,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); } /** @@ -189,7 +189,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } /** @@ -199,7 +199,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_250(s, buf); + libcrux_sha3_generic_keccak_absorb_final_720(s, buf); } /** @@ -207,7 +207,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } /** @@ -217,7 +217,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } /** @@ -227,7 +227,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index bb30330cf..c1d56db43 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #include "internal/libcrux_core.h" @@ -96,15 +96,15 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 800 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( - uint8_t value[800U]) { +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( + uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[800U]; - memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_1f lit; + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -118,13 +118,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_2c1( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk) { - return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk) { + return ( + CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); } /** @@ -134,15 +135,15 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 1632 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_e01( - uint8_t value[1632U]) { +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( + uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1632U]; - memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t)); + uint8_t copy_of_value[3168U]; + memcpy(copy_of_value, value, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 lit; + memcpy(lit.value, copy_of_value, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -153,15 +154,15 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 768 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( - uint8_t value[768U]) { +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( + uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[768U]; - memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -174,10 +175,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 800 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f1( - libcrux_ml_kem_types_MlKemPublicKey_be *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( + libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -188,11 +189,11 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 768 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); } @@ -202,11 +203,11 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, - uint8_t ret[800U]) { - uint8_t out[800U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, + uint8_t ret[1600U]) { + uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -214,7 +215,7 @@ void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } /** @@ -224,15 +225,15 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( - uint8_t value[1568U]) { +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( + uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1568U]; - memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); + uint8_t copy_of_value[1184U]; + memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_15 lit; + memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -246,14 +247,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_2c0( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk) { +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( - CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); + CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** @@ -263,15 +264,15 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 3168 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_e00( - uint8_t value[3168U]) { +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( + uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[3168U]; - memcpy(copy_of_value, value, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, copy_of_value, (size_t)3168U * sizeof(uint8_t)); + uint8_t copy_of_value[2400U]; + memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 lit; + memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -282,15 +283,15 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( - uint8_t value[1568U]) { +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( + uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1568U]; - memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); + uint8_t copy_of_value[1088U]; + memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; + memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); return lit; } @@ -303,10 +304,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1568 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f0( - libcrux_ml_kem_types_MlKemPublicKey_1f *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( + libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -317,11 +318,11 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); } @@ -331,11 +332,11 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, - uint8_t ret[1600U]) { - uint8_t out[1600U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, + uint8_t ret[1120U]) { + uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -343,7 +344,7 @@ void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } /** @@ -353,15 +354,15 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1184 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( - uint8_t value[1184U]) { +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( + uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1184U]; - memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); + uint8_t copy_of_value[800U]; + memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_be lit; + memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -375,14 +376,13 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_2c( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk) { - return ( - CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk) { + return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); } /** @@ -392,15 +392,15 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 2400 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_e0( - uint8_t value[2400U]) { +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( + uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[2400U]; - memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); + uint8_t copy_of_value[1632U]; + memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e lit; + memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -411,15 +411,15 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1088 +- SIZE= 768 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( - uint8_t value[1088U]) { +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( + uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1088U]; - memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); + uint8_t copy_of_value[768U]; + memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 lit; + memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); return lit; } @@ -432,10 +432,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1184 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( - libcrux_ml_kem_types_MlKemPublicKey_15 *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( + libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -447,7 +447,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -488,7 +488,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -508,11 +508,11 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1088 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); } @@ -522,11 +522,11 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, - uint8_t ret[1120U]) { - uint8_t out[1120U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, + uint8_t ret[800U]) { + uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -534,7 +534,7 @@ void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } /** @@ -545,7 +545,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -558,6 +558,66 @@ void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[24U]; + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[20U]; + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[10U]; + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + /** This function found in impl {core::result::Result} */ diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 61a3e31f6..40be3b44a 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_core_H @@ -49,64 +49,6 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { - uint8_t value[800U]; -} libcrux_ml_kem_types_MlKemPublicKey_be; - -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] - -*/ -typedef struct core_option_Option_04_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_be f0; -} core_option_Option_04; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $1632size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { - uint8_t value[1632U]; -} libcrux_ml_kem_types_MlKemPrivateKey_5e; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair -with const generics -- $1632size_t -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { - libcrux_ml_kem_types_MlKemPrivateKey_5e sk; - libcrux_ml_kem_types_MlKemPublicKey_be pk; -} libcrux_ml_kem_types_MlKemKeyPair_cb; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext -with const generics -- $768size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { - uint8_t value[768U]; -} libcrux_ml_kem_types_MlKemCiphertext_e8; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] - -*/ -typedef struct tuple_ec_s { - libcrux_ml_kem_types_MlKemCiphertext_e8 fst; - uint8_t snd[32U]; -} tuple_ec; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -203,6 +145,64 @@ typedef struct tuple_3c_s { uint8_t snd[32U]; } tuple_3c; +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { + uint8_t value[800U]; +} libcrux_ml_kem_types_MlKemPublicKey_be; + +/** +A monomorphic instance of core.option.Option +with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] + +*/ +typedef struct core_option_Option_04_s { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_be f0; +} core_option_Option_04; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $1632size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { + uint8_t value[1632U]; +} libcrux_ml_kem_types_MlKemPrivateKey_5e; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair +with const generics +- $1632size_t +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { + libcrux_ml_kem_types_MlKemPrivateKey_5e sk; + libcrux_ml_kem_types_MlKemPublicKey_be pk; +} libcrux_ml_kem_types_MlKemKeyPair_cb; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext +with const generics +- $768size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { + uint8_t value[768U]; +} libcrux_ml_kem_types_MlKemCiphertext_e8; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] + +*/ +typedef struct tuple_ec_s { + libcrux_ml_kem_types_MlKemCiphertext_e8 fst; + uint8_t snd[32U]; +} tuple_ec; + #define core_result_Ok 0 #define core_result_Err 1 diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 8cf2e1852..6d0432bcc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 638100d27..6b6dabae9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #include "libcrux_mlkem1024_avx2.h" @@ -125,9 +125,10 @@ static tuple_21 encapsulate_b2( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, copy_of_randomness); } /** @@ -141,9 +142,10 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_b2(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_b2(uu____0, copy_of_randomness); } /** @@ -172,9 +174,11 @@ static tuple_21 encapsulate_unpacked_16( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0(uu____0, + copy_of_randomness); } /** @@ -192,9 +196,10 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_16(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_16(uu____0, copy_of_randomness); } /** @@ -213,9 +218,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_f6( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c22(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c22(copy_of_randomness); } /** @@ -223,9 +229,10 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_f6( */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_f6(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_f6(copy_of_randomness); } /** @@ -245,9 +252,11 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 generate_keypair_unpacked_d9(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830( + copy_of_randomness); } /** @@ -256,9 +265,10 @@ generate_keypair_unpacked_d9(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d9(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_d9(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 63dc40f87..3eb7ab530 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 226a7972a..47b7414e5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #include "libcrux_mlkem1024_portable.h" @@ -38,11 +38,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_3e( +static void decapsulate_52( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_711(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_4f1(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_3e(private_key, ciphertext, ret); + decapsulate_52(private_key, ciphertext, ret); } /** @@ -83,11 +83,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_81( +static void decapsulate_unpacked_b6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1(key_pair, ciphertext, ret); } /** @@ -101,7 +101,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_81(private_key, ciphertext, ret); + decapsulate_unpacked_b6(private_key, ciphertext, ret); } /** @@ -121,14 +121,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_48( +static tuple_21 encapsulate_ec( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d1(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, copy_of_randomness); } /** @@ -145,7 +145,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_48(uu____0, copy_of_randomness); + return encapsulate_ec(uu____0, copy_of_randomness); } /** @@ -169,7 +169,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_ac( +static tuple_21 encapsulate_unpacked_9a( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = @@ -177,7 +177,7 @@ static tuple_21 encapsulate_unpacked_ac( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_861(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_311(uu____0, copy_of_randomness); } @@ -199,7 +199,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ac(uu____0, copy_of_randomness); + return encapsulate_unpacked_9a(uu____0, copy_of_randomness); } /** @@ -217,12 +217,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_0e( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f1(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_c24(copy_of_randomness); } /** @@ -233,7 +233,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6e(copy_of_randomness); + return generate_keypair_0e(copy_of_randomness); } /** @@ -252,11 +252,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_f5(uint8_t randomness[64U]) { +generate_keypair_unpacked_4a(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1( copy_of_randomness); } @@ -269,7 +269,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_f5(copy_of_randomness); + return generate_keypair_unpacked_4a(copy_of_randomness); } /** @@ -283,8 +283,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_2a1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_991(public_key); +static bool validate_public_key_e11(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_351(public_key); } /** @@ -295,7 +295,7 @@ static bool validate_public_key_2a1(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_2a1(public_key.value)) { + if (validate_public_key_e11(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index b53ebe718..969f1f171 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index fde1eaaf3..f1b352eb1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index c3bc43264..d62291692 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #include "libcrux_mlkem512_avx2.h" @@ -121,9 +121,10 @@ static tuple_ec encapsulate_72( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, copy_of_randomness); } /** @@ -137,9 +138,10 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_72(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_72(uu____0, copy_of_randomness); } /** @@ -168,9 +170,11 @@ static tuple_ec encapsulate_unpacked_14( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e(uu____0, + copy_of_randomness); } /** @@ -186,9 +190,10 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_14(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_14(uu____0, copy_of_randomness); } /** @@ -207,9 +212,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_27( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c2(copy_of_randomness); } /** @@ -217,9 +223,10 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_27( */ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_27(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_27(copy_of_randomness); } /** @@ -239,9 +246,11 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 generate_keypair_unpacked_2c(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83( + copy_of_randomness); } /** @@ -250,9 +259,10 @@ generate_keypair_unpacked_2c(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_2c(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_2c(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index e347d189e..05e34bdaf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index fa4106f06..06ceac83b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #include "libcrux_mlkem512_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_3f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_710(private_key, ciphertext, ret); +static void decapsulate_be0( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_4f0(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_3f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_3f(private_key, ciphertext, ret); + decapsulate_be0(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_73( +static void decapsulate_unpacked_06( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_73( void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_73(private_key, ciphertext, ret); + decapsulate_unpacked_06(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_10( +static tuple_ec encapsulate_f3( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_10(uu____0, copy_of_randomness); + return encapsulate_f3(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_49( +static tuple_ec encapsulate_unpacked_01( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = @@ -173,7 +173,7 @@ static tuple_ec encapsulate_unpacked_49( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_860(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_310(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_49(uu____0, copy_of_randomness); + return encapsulate_unpacked_01(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_df( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_c21(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_f9(copy_of_randomness); + return generate_keypair_df(copy_of_randomness); } /** @@ -246,11 +246,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_d6(uint8_t randomness[64U]) { +generate_keypair_unpacked_c0(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d6(copy_of_randomness); + return generate_keypair_unpacked_c0(copy_of_randomness); } /** @@ -277,8 +277,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_2a0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_990(public_key); +static bool validate_public_key_e10(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_350(public_key); } /** @@ -289,7 +289,7 @@ static bool validate_public_key_2a0(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_2a0(public_key.value)) { + if (validate_public_key_e10(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 75f921f45..f8f12869b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index f2bd4e669..9967f5950 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 97c57c897..dd79bbbda 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #include "libcrux_mlkem768_avx2.h" @@ -121,9 +121,10 @@ static tuple_3c encapsulate_54( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_821(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_821(uu____0, copy_of_randomness); } /** @@ -137,9 +138,10 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_54(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_54(uu____0, copy_of_randomness); } /** @@ -168,9 +170,11 @@ static tuple_3c encapsulate_unpacked_94( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1(uu____0, + copy_of_randomness); } /** @@ -186,9 +190,10 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_94(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_94(uu____0, copy_of_randomness); } /** @@ -207,9 +212,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_e4( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c23(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c23(copy_of_randomness); } /** @@ -217,9 +223,10 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_e4( */ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_e4(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_e4(copy_of_randomness); } /** @@ -239,9 +246,11 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 generate_keypair_unpacked_35(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831( + copy_of_randomness); } /** @@ -250,9 +259,10 @@ generate_keypair_unpacked_35(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_35(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_35(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index fc58e53f4..f683880f8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 0e5c36ee3..d9c847566 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #include "libcrux_mlkem768_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_03( +static void decapsulate_be( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_71(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_4f(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_03( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_03(private_key, ciphertext, ret); + decapsulate_be(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_69( +static void decapsulate_unpacked_d4( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_69( void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_69(private_key, ciphertext, ret); + decapsulate_unpacked_d4(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_4b( +static tuple_3c encapsulate_13( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_4b(uu____0, copy_of_randomness); + return encapsulate_13(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_10( +static tuple_3c encapsulate_unpacked_1b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -173,7 +173,7 @@ static tuple_3c encapsulate_unpacked_10( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_86(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_31(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_10(uu____0, copy_of_randomness); + return encapsulate_unpacked_1b(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_c20(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_64(copy_of_randomness); + return generate_keypair_ff(copy_of_randomness); } /** @@ -246,11 +246,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_c5(uint8_t randomness[64U]) { +generate_keypair_unpacked_37(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c5(copy_of_randomness); + return generate_keypair_unpacked_37(copy_of_randomness); } /** @@ -277,8 +277,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_2a(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); +static bool validate_public_key_e1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); } /** @@ -289,7 +289,7 @@ static bool validate_public_key_2a(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_2a(public_key.value)) { + if (validate_public_key_e1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 5d21a7998..ae0b2abf7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index a2890d7fa..b99e1ded1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -5,13 +5,17 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ -#include "libcrux_mlkem_avx2.h" +#include "internal/libcrux_mlkem_avx2.h" + +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" +#include "internal/libcrux_sha3_avx2.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -30,3 +34,9283 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { + return libcrux_intrinsics_avx2_mm256_setzero_si256(); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { + return libcrux_ml_kem_vector_avx2_zero(); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { + return libcrux_ml_kem_vector_avx2_from_i16_array(array); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, + int16_t ret[16U]) { + int16_t output[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + memcpy(ret, output, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]) { + libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, + __m256i rhs) { + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, + __m256i rhs) { + return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, + int16_t constant) { + return libcrux_intrinsics_avx2_mm256_mullo_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, + int16_t c) { + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + __m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_and_si256( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + __m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + vector, constant); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i v_minus_field_modulus = + libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + __m256i sign_mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, __m256i); + __m256i conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); + return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); +} + +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { + __m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); + __m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + __m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, __m256i); + __m256i quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, + quotient_times_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + __m256i vector, int16_t constant) { + __m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + __m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + __m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + vector, constant); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + __m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)2); + __m256i field_modulus_quartered = libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)4); + __m256i shifted = + libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + __m256i mask = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, shifted, __m256i); + __m256i shifted_to_positive = + libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + __m256i shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, shifted_to_positive_in_range, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + vector); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + __m256i lhs, __m256i rhs) { + __m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + __m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, __m256i), + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, __m256i)); + return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), + libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + __m256i v, __m256i c) { + __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, + -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, __m256i); + __m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, __m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, + zeta2, zeta3); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + __m256i vector, int16_t zeta0, int16_t zeta1) { + __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, + -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)238, + vector, __m256i); + __m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + __m256i lhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)68, vector, __m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); +} + +KRML_MUSTINLINE __m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + __m128i v, __m128i c) { + __m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + __m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + __m128i k_times_modulus = libcrux_intrinsics_avx2_mm_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) { + __m128i rhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m128i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + __m128i lhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + __m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, __m256i); + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, __m256i); + __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, + (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1)); + __m256i sum0 = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum0, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + __m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)204, sum, + sum_times_zetas, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + vector, zeta0, zeta1, zeta2, zeta3); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + __m256i vector, int16_t zeta0, int16_t zeta1) { + __m256i lhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, __m256i); + __m256i rhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, __m256i); + __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, + (int16_t)1)); + __m256i sum = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)240, sum, + sum_times_zetas, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, + zeta1); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + __m256i vector, int16_t zeta) { + __m128i lhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m128i rhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + __m128i upper_coefficients0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + __m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients0, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + v, + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, __m256i); + __m256i result = + libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + __m256i result0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, result, __m256i); + return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, + __m256i); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i shuffle_with = libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + __m256i lhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + __m256i lhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, __m256i); + __m128i lhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + __m256i lhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + __m128i lhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, __m128i); + __m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + __m256i rhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + __m256i rhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, __m256i); + __m128i rhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + __m256i rhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + __m128i rhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, __m128i); + __m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + __m256i left = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + __m256i right = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + __m256i right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); + __m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + right0, + libcrux_intrinsics_avx2_mm256_set_epi32( + -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, + -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); + __m256i products_left = libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + __m256i products_left0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_left); + __m256i rhs_adjacent_swapped = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + rhs, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, + (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, + (int8_t)1, (int8_t)0, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, + (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, + (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + __m256i products_right = + libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + __m256i products_right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_right); + __m256i products_right1 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, products_right0, __m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, + products_right1, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, + zeta1, zeta2, zeta3); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + __m256i vector, uint8_t ret[2U]) { + __m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, __m256i); + __m128i low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + __m128i high_msbs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, __m128i); + __m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + uint8_t serialized[2U] = {0U}; + serialized[0U] = (uint8_t)bits_packed; + serialized[1U] = (uint8_t)(bits_packed >> 8U); + memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, + uint8_t ret[2U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + __m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); + __m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, + coefficients_in_msb, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + __m256i vector, uint8_t ret[8U]) { + uint8_t serialized[16U] = {0U}; + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0)); + __m256i combined = libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + adjacent_8_combined, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); + __m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), + combined0); + uint8_t ret0[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients, shift_lsbs_to_msbs); + __m256i coefficients_in_lsb = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)4, coefficients_in_msb, __m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 4U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + __m256i vector, uint8_t ret[10U]) { + uint8_t serialized[32U] = {0U}; + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)22, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, __m256i); + __m256i adjacent_8_combined0 = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)12)); + __m256i adjacent_8_combined1 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, __m256i); + __m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, __m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[10U]; + core_result_Result_cd dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[10U], void *); + core_result_unwrap_41_e8(dst, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { + __m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + __m256i coefficients_loaded = + libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + __m256i coefficients_loaded0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, __m256i); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + coefficients_loaded0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, (int8_t)8, + (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, (int8_t)4, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, (int8_t)2, + (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, + __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + __m256i vector, uint8_t ret[20U]) { + uint8_t serialized[32U] = {0U}; + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, + (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + __m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, __m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[20U]; + core_result_Result_7a dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[20U], void *); + core_result_unwrap_41_34(dst, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, + uint8_t ret[20U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); + __m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, + 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, + 9U, 8U, 8U, 7U, 7U, 6U)); + __m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, __m256i); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)6, coefficients1, __m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 10U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + __m256i vector, uint8_t ret[22U]) { + int16_t array[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), + vector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_from_i16_array_0d( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, + uint8_t ret[22U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + __m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)8, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, (int8_t)12, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + __m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, __m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[24U]; + core_result_Result_6f dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[24U], void *); + core_result_unwrap_41_1c(dst, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, + uint8_t ret[24U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, + 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, + 10U, 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + __m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, __m256i); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)4, coefficients1, __m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 12U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); +} + +KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i potential_coefficients = + libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); + __m256i compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); + uint8_t good[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, + good); + uint8_t lower_shuffles[16U]; + memcpy(lower_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[0U]], + (size_t)16U * sizeof(uint8_t)); + __m128i lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + __m128i lower_coefficients = + libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, lower_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); + uint8_t upper_shuffles[16U]; + memcpy(upper_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[1U]], + (size_t)16U * sizeof(uint8_t)); + __m128i upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, __m128i); + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice_subslice2(output, sampled_count, + sampled_count + (size_t)8U, int16_t, + Eurydice_slice), + upper_coefficients0); + size_t uu____0 = sampled_count; + return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, + Eurydice_slice output) { + return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} +*/ +inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { + return self[0U]; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + return lit; +} + +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); + } + return re; +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +static KRML_MUSTINLINE __m256i shift_right_98(__m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea +with const generics +- SHIFT_BY= 15 +*/ +static __m256i shift_right_ea_92(__m256i vector) { + return shift_right_98(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static __m256i to_unsigned_representative_a4(__m256i a) { + __m256i t = shift_right_ea_92(a); + __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + __m256i coefficient = to_unsigned_representative_a4(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +static KRML_MUSTINLINE void serialize_secret_key_ae1( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void serialize_public_key_d01( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); + uint8_t ret0[1152U]; + serialize_secret_key_ae1(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + deserialize_ring_elements_reduced_5d4( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + serialize_public_key_d01( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] + +*/ +typedef struct tuple_9b0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; +} tuple_9b0; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void G_a9_681(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static void closure_b81( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_4d1(uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_a9_ca1(uint8_t input[3U][34U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_4d1(copy_of_input); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b1( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d1( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { + shake128_squeeze_three_blocks_6b1(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_1b1( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a1( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { + shake128_squeeze_block_1b1(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +from_i16_array_89_10(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( + int16_t s[272U]) { + return from_i16_array_89_10(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_from_xof_b01( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_a9_ca1(copy_of_seeds); + uint8_t randomness0[3U][504U]; + shake128_squeeze_three_blocks_a9_4d1(&xof_state, randomness0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb3( + copy_of_randomness0, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_block_a9_5a1(&xof_state, randomness); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb4( + copy_of_randomness, sampled_coefficients, out); + } + } + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = closure_791(copy_of_out[i]);); + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a21( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + closure_b81(A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; + sample_from_xof_b01(copy_of_seeds, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + } + + ); + memcpy(ret, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b00_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; + uint8_t snd; +} tuple_b00; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + PRFxN_1c2(input, ret); +} + +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- ETA= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_470(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_c1(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_7_45( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + re->coefficients[j + step], (int16_t)-1600); + re->coefficients[j + step] = + libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); + re->coefficients[j] = + libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); + } +} + +typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { + __m256i fst; + __m256i snd; +} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static __m256i montgomery_multiply_fe_9d(__m256i v, int16_t fer) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +ntt_layer_int_vec_step_f4(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_9d(b, zeta_r); + b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); + a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_4_plus_65( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + ntt_layer_int_vec_step_f4( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_3_b4( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_2_7c( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_1_c2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void poly_barrett_reduce_89_99( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + self->coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b5( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + ntt_at_layer_7_45(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b4(&zeta_i, re); + ntt_at_layer_2_7c(&zeta_i, re); + ntt_at_layer_1_c2(&zeta_i, re); + poly_barrett_reduce_89_99(re); +} + +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO_89_d5();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_a9_512(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; + memcpy( + copy_of_re_as_ntt, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, copy_of_re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + } + return out; +} + +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_971( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, + Eurydice_slice), + __m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static __m256i to_standard_domain_42(__m256i v) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + __m256i coefficient_normal_form = + to_standard_domain_42(self->coefficients[j]); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** + Compute  ◦ ŝ + ê +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_f01( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_971(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_9b0 generate_keypair_unpacked_6c1( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_681(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a21(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_151(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_151(copy_of_prf_input, domain_separator).fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + compute_As_plus_e_f01(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; + memcpy( + pk.t_as_ntt, copy_of_t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; + memcpy( + sk.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_e31( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_48( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + __m256i ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, __m256i, void *); + memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_e31(A[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_d5_48(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t pk_serialized[1184U]; + serialize_public_key_d01( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = + ind_cpa_private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = + ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( + Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + serialize_public_key_d01(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key_ae1(sk.secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_751( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_a9_651(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + generate_keypair_e11(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key_751( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_05_a70(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_c90( + uu____2, libcrux_ml_kem_types_from_b6_4c0(copy_of_public_key)); +} + +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_b00 +sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = ZERO_89_d5();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_a9_512(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[3U]; + memcpy( + copy_of_error_1, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, copy_of_error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_934(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_1_78( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_2_ba( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_3_1f( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +inv_ntt_layer_int_vec_step_reduce_df(__m256i a, __m256i b, int16_t zeta_r) { + __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); + a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(a, &b)); + b = montgomery_multiply_fe_9d(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_a2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + inv_ntt_layer_int_vec_step_reduce_df( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_571( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_78(&zeta_i, re); + invert_ntt_at_layer_2_ba(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_99(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_error_reduce_89_91( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + __m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + self->coefficients[j], (int16_t)1441); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_vector_u_001( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(a_element, &r_as_ntt[j]); + add_to_ring_element_89_971(&result[i1], &product); + } + invert_ntt_montgomery_571(&result[i1]); + add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static __m256i decompress_1_91(__m256i v) { + return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_message_b9(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + __m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + re.coefficients[i0] = decompress_1_91(coefficient_compressed);); + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +add_message_error_reduce_89_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + __m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + result.coefficients[i0], (int16_t)1441); + __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea(self->coefficients[i0], + &message->coefficients[i0]); + __m256i tmp0 = + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); + } + return result; +} + +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_711( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_971(&result, &product);); + invert_ntt_montgomery_571(&result); + result = add_message_error_reduce_89_67(error_2, message, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_8a(__m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + __m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)10, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)10, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 10 +*/ +static __m256i compress_ea_80(__m256i vector) { + return compress_ciphertext_coefficient_8a(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_10_2f( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + __m256i coefficient = + compress_ea_80(to_unsigned_representative_a4(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_8a0(__m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + __m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)11, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)11, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 11 +*/ +static __m256i compress_ea_800(__m256i vector) { + return compress_ciphertext_coefficient_8a0(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b2( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10_2f(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_841( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_b2(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_8a1(__m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + __m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)4, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)4, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 4 +*/ +static __m256i compress_ea_801(__m256i vector) { + return compress_ciphertext_coefficient_8a1(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_4_b7( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + __m256i coefficient = + compress_ea_801(to_unsigned_representative_a4(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_8a2(__m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + __m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)5, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)5, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 5 +*/ +static __m256i compress_ea_802(__m256i vector) { + return compress_ciphertext_coefficient_8a2(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_5_35( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + __m256i coefficients = + compress_ea_802(to_unsigned_representative_a4(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_39( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { + compress_then_serialize_4_b7(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_881( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_151(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = + sample_ring_element_cbd_471(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_934( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; + compute_vector_u_001(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_b9(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_711(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_841( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_39( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = + &public_key->ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_unpacked_881(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_01_f50(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_e21(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_fb1(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + deserialize_ring_elements_reduced_5d3( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a21(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, copy_of_A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &public_key_unpacked; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + encrypt_unpacked_881(uu____3, copy_of_message, randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE void kdf_af_501(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_e21( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_a9_651(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, + Eurydice_slice); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_fb1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_f50(copy_of_ciphertext); + uint8_t shared_secret_array[32U]; + kdf_af_501(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_55(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)10); + __m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)10, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)10, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 10 +*/ +static __m256i decompress_ciphertext_coefficient_ea_1d(__m256i vector) { + return decompress_ciphertext_coefficient_55(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_10_a7(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_550(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)11); + __m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)11, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)11, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 11 +*/ +static __m256i decompress_ciphertext_coefficient_ea_1d0(__m256i vector) { + return decompress_ciphertext_coefficient_550(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_11_8d(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d0(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_u_10(Eurydice_slice serialized) { + return deserialize_then_decompress_10_a7(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void ntt_vector_u_fe( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b4(&zeta_i, re); + ntt_at_layer_2_7c(&zeta_i, re); + ntt_at_layer_1_c2(&zeta_i, re); + poly_barrett_reduce_89_99(re); +} + +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_b51( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_10(u_bytes); + ntt_vector_u_fe(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_551(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)4); + __m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)4, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)4, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 4 +*/ +static __m256i decompress_ciphertext_coefficient_ea_1d1(__m256i vector) { + return decompress_ciphertext_coefficient_551(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_4_9a(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d1(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_552(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)5); + __m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)5, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)5, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 5 +*/ +static __m256i decompress_ciphertext_coefficient_ea_1d2(__m256i vector) { + return decompress_ciphertext_coefficient_552(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_5_75(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); + re.coefficients[i0] = + decompress_ciphertext_coefficient_ea_1d2(re.coefficients[i0]); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_v_5b(Eurydice_slice serialized) { + return deserialize_then_decompress_4_9a(serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +subtract_reduce_89_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + __m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + b.coefficients[i0], (int16_t)1441); + b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], + &coefficient_normal_form)); + } + return b; +} + +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_221( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_971(&result, &product);); + invert_ntt_montgomery_571(&result); + result = subtract_reduce_89_63(v, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_message_ec( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + __m256i coefficient = to_unsigned_representative_a4(re.coefficients[i0]); + __m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_8c1( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + deserialize_then_decompress_u_b51(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_5b( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_221(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ec(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_8c1(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d3( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_933( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_unpacked_881(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_to_uncompressed_ring_element_63(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + } + return re; +} + +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_201( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_63(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_391(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + deserialize_secret_key_201(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + decrypt_unpacked_8c1(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_c41( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_391(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_933( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_fb1(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_501( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_501(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1568 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- OUT_LEN= 1536 +*/ +static KRML_MUSTINLINE void serialize_secret_key_ae0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +static KRML_MUSTINLINE void serialize_public_key_d00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1536U, uint8_t, Eurydice_slice); + uint8_t ret0[1536U]; + serialize_secret_key_ae0(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + deserialize_ring_elements_reduced_5d2( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1568U]; + serialize_public_key_d00( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]] + +*/ +typedef struct tuple_54_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 snd; +} tuple_54; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void G_a9_680(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static void closure_b80( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_4d0(uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_a9_ca0(uint8_t input[4U][34U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[4U][34U]; + memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_4d0(copy_of_input); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b0( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____3[504U]; + memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d0( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { + shake128_squeeze_three_blocks_6b0(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 4 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_1b0( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a0( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { + shake128_squeeze_block_1b0(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 4 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( + int16_t s[272U]) { + return from_i16_array_89_10(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_from_xof_b00( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_a9_ca0(copy_of_seeds); + uint8_t randomness0[4U][504U]; + shake128_squeeze_three_blocks_a9_4d0(&xof_state, randomness0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[4U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb1( + copy_of_randomness0, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_block_a9_5a0(&xof_state, randomness); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[4U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)4U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb2( + copy_of_randomness, sampled_coefficients, out); + } + } + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[4U][272U]; + memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = closure_790(copy_of_out[i]);); + memcpy( + ret, ret0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a20( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + closure_b80(A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; + sample_from_xof_b00(copy_of_seeds, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + } + + ); + memcpy(ret, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[4size_t], uint8_t + +*/ +typedef struct tuple_71_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[4U]; + uint8_t snd; +} tuple_71; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____3[128U]; + memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + PRFxN_1c1(input, ret); +} + +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO_89_d5();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_a9_511(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; + memcpy( + copy_of_re_as_ntt, re_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_71 lit; + memcpy( + lit.fst, copy_of_re_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_970( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, + Eurydice_slice), + __m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** + Compute  ◦ ŝ + ê +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_f00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_970(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_54 generate_keypair_unpacked_6c0( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_680(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a20(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_150(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_150(copy_of_prf_input, domain_separator).fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + compute_As_plus_e_f00(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[4U] + [4U]; + memcpy(copy_of_A_transpose, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; + memcpy( + pk.t_as_ntt, copy_of_t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; + memcpy( + sk.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_e30( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_54 uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_e30(A[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_d5_48(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; + memcpy(uu____2, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + uint8_t pk_serialized[1568U]; + serialize_public_key_d00( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = + ind_cpa_private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = + ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( + Eurydice_slice key_generation_seed) { + tuple_54 uu____0 = generate_keypair_unpacked_6c0(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; + uint8_t public_key_serialized[1568U]; + serialize_public_key_d00(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key_ae0(sk.secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1536U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1568U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); + return lit; +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- SERIALIZED_KEY_LEN= 3168 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_750( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_a9_650(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); +} + +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = + generate_keypair_e10(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key_750( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[3168U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = + libcrux_ml_kem_types_from_05_a71(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1568U]; + memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_c91( + uu____2, libcrux_ml_kem_types_from_b6_4c1(copy_of_public_key)); +} + +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_71 +sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = ZERO_89_d5();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_a9_511(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[4U]; + memcpy( + copy_of_error_1, error_1, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_71 lit; + memcpy( + lit.fst, copy_of_error_1, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_932(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_570( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_78(&zeta_i, re); + invert_ntt_at_layer_2_ba(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_99(re); +} + +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_vector_u_000( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(a_element, &r_as_ntt[j]); + add_to_ring_element_89_970(&result[i1], &product); + } + invert_ntt_montgomery_570(&result[i1]); + add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_710( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_970(&result, &product);); + invert_ntt_montgomery_570(&result); + result = add_message_error_reduce_89_67(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_11_d10( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + __m256i coefficient = + compress_ea_800(to_unsigned_representative_a4(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 11 +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b20( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11_d10(re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); +} + +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- OUT_LEN= 1408 +- COMPRESSION_FACTOR= 11 +- BLOCK_LEN= 352 +*/ +static void compress_then_serialize_u_840( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)1408U / (size_t)4U), + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u_b20(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 5 +- OUT_LEN= 160 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_390( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { + compress_then_serialize_5_35(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_880( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_150(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = + sample_ring_element_cbd_470(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_932( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; + compute_vector_u_000(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_b9(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_710(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_840( + uu____5, + Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_390( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = + &public_key->ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_unpacked_880(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = + libcrux_ml_kem_types_from_01_f51(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_e20(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1536 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_fb0(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + deserialize_ring_elements_reduced_5d1( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a20(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[4U][4U]; + memcpy(copy_of_A, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, copy_of_A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = + &public_key_unpacked; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1568U]; + encrypt_unpacked_880(uu____3, copy_of_message, randomness, ret1); + memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE void kdf_af_500(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_e20( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_a9_650(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, + Eurydice_slice); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_fb0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_f51(copy_of_ciphertext); + uint8_t shared_secret_array[32U]; + kdf_af_500(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_u_100(Eurydice_slice serialized) { + return deserialize_then_decompress_11_8d(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void ntt_vector_u_fe0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b4(&zeta_i, re); + ntt_at_layer_2_7c(&zeta_i, re); + ntt_at_layer_1_c2(&zeta_i, re); + poly_barrett_reduce_89_99(re); +} + +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_b50( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U, + uint8_t, Eurydice_slice); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_100(u_bytes); + ntt_vector_u_fe0(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_v_5b0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_75(serialized); +} + +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_220( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_970(&result, &product);); + invert_ntt_montgomery_570(&result); + result = subtract_reduce_89_63(v, result); + return result; +} + +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_unpacked_8c0( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; + deserialize_then_decompress_u_b50(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_5b0( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_220(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ec(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 4 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_8c0(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_2d4( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_931( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_unpacked_880(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_200( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_63(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_390(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + deserialize_secret_key_200(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + decrypt_unpacked_8c0(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_c40( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_390(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_931( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_fb0(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_500( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_500(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 800 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- OUT_LEN= 768 +*/ +static KRML_MUSTINLINE void serialize_secret_key_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +static KRML_MUSTINLINE void serialize_public_key_d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + uint8_t ret0[768U]; + serialize_secret_key_ae(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + deserialize_ring_elements_reduced_5d0( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[800U]; + serialize_public_key_d0( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]] + +*/ +typedef struct tuple_4c_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 snd; +} tuple_4c; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void G_a9_68(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static void closure_b8( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_4d(uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_a9_ca(uint8_t input[2U][34U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[2U][34U]; + memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_4d(copy_of_input); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { + shake128_squeeze_three_blocks_6b(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 2 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_1b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { + shake128_squeeze_block_1b(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 2 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( + int16_t s[272U]) { + return from_i16_array_89_10(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_from_xof_b0( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_a9_ca(copy_of_seeds); + uint8_t randomness0[2U][504U]; + shake128_squeeze_three_blocks_a9_4d(&xof_state, randomness0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[2U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb( + copy_of_randomness0, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_block_a9_5a(&xof_state, randomness); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[2U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)2U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb0( + copy_of_randomness, sampled_coefficients, out); + } + } + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[2U][272U]; + memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = closure_79(copy_of_out[i]);); + memcpy( + ret, ret0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a2( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + closure_b8(A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; + sample_from_xof_b0(copy_of_seeds, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + } + + ); + memcpy(ret, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[2size_t], uint8_t + +*/ +typedef struct tuple_74_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[2U]; + uint8_t snd; +} tuple_74; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + uint8_t out0[192U] = {0U}; + uint8_t out1[192U] = {0U}; + uint8_t out2[192U] = {0U}; + uint8_t out3[192U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[192U]; + memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); + uint8_t uu____1[192U]; + memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_a9_51(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + PRFxN_1c(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- ETA= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_47(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_43(randomness); +} + +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA= 3 +- ETA_RANDOMNESS_SIZE= 192 +*/ +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO_89_d5();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN_a9_51(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; + memcpy( + copy_of_re_as_ntt, re_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_74 lit; + memcpy( + lit.fst, copy_of_re_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_97( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, + Eurydice_slice), + __m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** + Compute  ◦ ŝ + ê +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_f0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_97(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static tuple_4c generate_keypair_unpacked_6c( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_68(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a2(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_15(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_15(copy_of_prf_input, domain_separator).fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[2U] + [2U]; + memcpy(copy_of_A_transpose, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; + memcpy( + pk.t_as_ntt, copy_of_t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; + memcpy( + sk.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static void closure_e3( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_4c uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_e3(A[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_d5_48(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; + memcpy(uu____2, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + uint8_t pk_serialized[800U]; + serialize_public_key_d0( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = + ind_cpa_private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = + ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( + Eurydice_slice key_generation_seed) { + tuple_4c uu____0 = generate_keypair_unpacked_6c(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; + uint8_t public_key_serialized[800U]; + serialize_public_key_d0(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[768U]; + serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[768U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[800U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)800U * sizeof(uint8_t)); + return lit; +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- SERIALIZED_KEY_LEN= 1632 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_75( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_a9_65(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); +} + +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = + generate_keypair_e1(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key_75( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1632U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = + libcrux_ml_kem_types_from_05_a7(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[800U]; + memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_c9( + uu____2, libcrux_ml_kem_types_from_b6_4c(copy_of_public_key)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + PRFxN_1c0(input, ret); +} + +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_74 +sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = ZERO_89_d5();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN_a9_510(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[2U]; + memcpy( + copy_of_error_1, error_1, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_74 lit; + memcpy( + lit.fst, copy_of_error_1, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_930(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_57( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_78(&zeta_i, re); + invert_ntt_at_layer_2_ba(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_99(re); +} + +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_vector_u_00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(a_element, &r_as_ntt[j]); + add_to_ring_element_89_97(&result[i1], &product); + } + invert_ntt_montgomery_57(&result[i1]); + add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_71( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_97(&result, &product);); + invert_ntt_montgomery_57(&result); + result = add_message_error_reduce_89_67(error_2, message, result); + return result; +} + +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- OUT_LEN= 640 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_84( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)640U / (size_t)2U), + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_b2(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_88( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_15(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____3 = + sample_ring_element_cbd_47(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_930( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; + compute_vector_u_00(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_b9(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_71(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_84( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_39( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = + &public_key->ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_unpacked_88(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = + libcrux_ml_kem_types_from_01_f5(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_e2(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 768 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_fb(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + deserialize_ring_elements_reduced_5d( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a2(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[2U][2U]; + memcpy(copy_of_A, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, copy_of_A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = + &public_key_unpacked; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[768U]; + encrypt_unpacked_88(uu____3, copy_of_message, randomness, ret1); + memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +*/ +static KRML_MUSTINLINE void kdf_af_50(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_e2( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_a9_65(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + Eurydice_slice); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_fb(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = + libcrux_ml_kem_types_from_01_f5(copy_of_ciphertext); + uint8_t shared_secret_array[32U]; + kdf_af_50(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_b5( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_10(u_bytes); + ntt_vector_u_fe(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_22( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_97(&result, &product);); + invert_ntt_montgomery_57(&result); + result = subtract_reduce_89_63(v, result); + return result; +} + +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_8c( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; + deserialize_then_decompress_u_b5(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_5b( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_22(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ec(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 2 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_8c(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_2d0( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_93( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_unpacked_88(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_20( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_63(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_39(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + deserialize_secret_key_20(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + decrypt_unpacked_8c(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_c4( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_39(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_93( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_fb(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_50( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_50(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index f21c1ce0f..d4cf42d54 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem_avx2_H @@ -20,7 +20,9 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" #include "libcrux_sha3.h" +#include "libcrux_sha3_avx2.h" void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]); @@ -28,6 +30,505 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); +__m256i libcrux_ml_kem_vector_avx2_zero(void); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); + +__m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array); + +void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]); + +__m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs); + +__m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs); + +__m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + __m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, + int16_t c); + +__m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + __m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + __m256i vector, int16_t constant); + +__m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + __m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector); + +#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ +__m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector); + +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + __m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + __m256i vector, int16_t constant); + +__m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + __m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector); + +__m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, + __m256i rhs); + +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + __m256i v, __m256i c); + +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(__m256i vector, + int16_t zeta0, + int16_t zeta1); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1); + +__m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + __m128i v, __m128i c); + +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, + int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta); + +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector, + int16_t zeta0, + int16_t zeta1); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1); + +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(__m256i vector, + int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta); + +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v); + +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(__m256i lhs, __m256i rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, + int16_t zeta3); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_1(__m256i vector, + uint8_t ret[2U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, uint8_t ret[2U]); + +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_4(__m256i vector, + uint8_t ret[8U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, uint8_t ret[8U]); + +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_5(__m256i vector, + uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, + uint8_t ret[10U]); + +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_10(__m256i vector, + uint8_t ret[20U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, + uint8_t ret[20U]); + +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_11(__m256i vector, + uint8_t ret[22U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, + uint8_t ret[22U]); + +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_12(__m256i vector, + uint8_t ret[24U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, + uint8_t ret[24U]); + +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes); + +size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, + Eurydice_slice output); + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} +*/ +__m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self); + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_avx2_SIMD256Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + __m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 398413b31..c14a63754 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -5,16 +5,13 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ -#include "internal/libcrux_mlkem_neon.h" - -#include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem_portable.h" +#include "libcrux_mlkem_neon.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -33,9258 +30,3 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = _vdupq_n_s16((int16_t)0), .high = _vdupq_n_s16((int16_t)0)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ZERO_20(void) { - return libcrux_ml_kem_vector_neon_vector_type_ZERO(); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = _vld1q_s16(Eurydice_slice_subslice2(array, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)), - .high = _vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { - return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { - int16_t out[16U] = {0U}; - _vst1q_s16(Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice), - v.low); - _vst1q_s16(Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice), - v.high); - memcpy(ret, out, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_to_i16_array_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_add( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = _vaddq_s16(lhs.low, rhs->low); - lhs.high = _vaddq_s16(lhs.high, rhs->high); - return lhs; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_add_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_sub( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = _vsubq_s16(lhs.low, rhs->low); - lhs.high = _vsubq_s16(lhs.high, rhs->high); - return lhs; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_sub_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = _vmulq_n_s16(v.low, c); - v.high = _vmulq_n_s16(v.high, c); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - int16x8_t c0 = _vdupq_n_s16(c); - v.low = _vandq_s16(v.low, c0); - v.high = _vandq_s16(v.high, c0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t c = _vdupq_n_s16((int16_t)3329); - uint16x8_t m0 = _vcgeq_s16(v.low, c); - uint16x8_t m1 = _vcgeq_s16(v.high, c); - int16x8_t c0 = _vandq_s16(c, _vreinterpretq_s16_u16(m0)); - int16x8_t c1 = _vandq_s16(c, _vreinterpretq_s16_u16(m1)); - v.low = _vsubq_s16(v.low, c0); - v.high = _vsubq_s16(v.high, c1); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_cond_subtract_3329_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); -} - -KRML_MUSTINLINE int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(int16x8_t v) { - int16x8_t adder = _vdupq_n_s16((int16_t)1024); - int16x8_t vec = _vqdmulhq_n_s16( - v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); - int16x8_t vec0 = _vaddq_s16(vec, adder); - int16x8_t quotient = _vshrq_n_s16((int32_t)11, vec0, int16x8_t); - int16x8_t sub = - _vmulq_n_s16(quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return _vsubq_s16(v, sub); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); -} - -KRML_MUSTINLINE int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - int16x8_t low, int16x8_t high) { - int16x8_t k = _vreinterpretq_s16_u16(_vmulq_n_u16( - _vreinterpretq_u16_s16(low), - (uint16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - int16x8_t c = _vshrq_n_s16( - (int32_t)1, - _vqdmulhq_n_s16(k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), - int16x8_t); - return _vsubq_s16(high, c); -} - -KRML_MUSTINLINE int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - int16x8_t v, int16_t c) { - int16x8_t v_low = _vmulq_n_s16(v, c); - int16x8_t v_high = _vshrq_n_s16((int32_t)1, _vqdmulhq_n_s16(v, c), int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.low, c); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.high, c); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t half = _vdupq_n_s16((int16_t)1664); - int16x8_t quarter = _vdupq_n_s16((int16_t)832); - int16x8_t shifted = _vsubq_s16(half, v.low); - int16x8_t mask0 = _vshrq_n_s16((int32_t)15, shifted, int16x8_t); - int16x8_t shifted_to_positive = _veorq_s16(mask0, shifted); - int16x8_t shifted_positive_in_range = - _vsubq_s16(shifted_to_positive, quarter); - v.low = _vreinterpretq_s16_u16(_vshrq_n_u16( - (int32_t)15, _vreinterpretq_u16_s16(shifted_positive_in_range), - uint16x8_t)); - int16x8_t shifted0 = _vsubq_s16(half, v.high); - int16x8_t mask = _vshrq_n_s16((int32_t)15, shifted0, int16x8_t); - int16x8_t shifted_to_positive0 = _veorq_s16(mask, shifted0); - int16x8_t shifted_positive_in_range0 = - _vsubq_s16(shifted_to_positive0, quarter); - v.high = _vreinterpretq_s16_u16(_vshrq_n_u16( - (int32_t)15, _vreinterpretq_u16_s16(shifted_positive_in_range0), - uint16x8_t)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_1(v); -} - -KRML_MUSTINLINE int16_t -libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - int16_t coefficient_bits) { - int16_t uu____0; - switch (coefficient_bits) { - case 4: { - uu____0 = (int16_t)15; - break; - } - case 5: { - uu____0 = (int16_t)31; - break; - } - case 10: { - uu____0 = (int16_t)1023; - break; - } - case 11: { - uu____0 = (int16_t)2047; - break; - } - default: { - int16_t x = coefficient_bits; - uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; - } - } - return uu____0; -} - -KRML_MUSTINLINE int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - int16x8_t v, int16x8_t c) { - int16x8_t v_low = _vmulq_s16(v, c); - int16x8_t v_high = _vshrq_n_s16((int32_t)1, _vqdmulhq_s16(v, c), int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - int16x8_t zeta = _vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t dup_a = _vreinterpretq_s16_s32(_vtrn1q_s32( - _vreinterpretq_s32_s16(v.low), _vreinterpretq_s32_s16(v.high))); - int16x8_t dup_b = _vreinterpretq_s16_s32(_vtrn2q_s32( - _vreinterpretq_s32_s16(v.low), _vreinterpretq_s32_s16(v.high))); - int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - int16x8_t b = _vsubq_s16(dup_a, t); - int16x8_t a = _vaddq_s16(dup_a, t); - v.low = _vreinterpretq_s16_s32( - _vtrn1q_s32(_vreinterpretq_s32_s16(a), _vreinterpretq_s32_s16(b))); - v.high = _vreinterpretq_s16_s32( - _vtrn2q_s32(_vreinterpretq_s32_s16(a), _vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, - zeta4); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - int16x8_t zeta = _vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t dup_a = _vreinterpretq_s16_s64(_vtrn1q_s64( - _vreinterpretq_s64_s16(v.low), _vreinterpretq_s64_s16(v.high))); - int16x8_t dup_b = _vreinterpretq_s16_s64(_vtrn2q_s64( - _vreinterpretq_s64_s16(v.low), _vreinterpretq_s64_s16(v.high))); - int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - int16x8_t b = _vsubq_s16(dup_a, t); - int16x8_t a = _vaddq_s16(dup_a, t); - v.low = _vreinterpretq_s16_s64( - _vtrn1q_s64(_vreinterpretq_s64_s16(a), _vreinterpretq_s64_s16(b))); - v.high = _vreinterpretq_s16_s64( - _vtrn2q_s64(_vreinterpretq_s64_s16(a), _vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - int16x8_t zeta0 = _vdupq_n_s16(zeta); - int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - v.high, zeta0); - v.high = _vsubq_s16(v.low, t); - v.low = _vaddq_s16(v.low, t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - int16x8_t zeta = _vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t a0 = _vreinterpretq_s16_s32(_vtrn1q_s32( - _vreinterpretq_s32_s16(v.low), _vreinterpretq_s32_s16(v.high))); - int16x8_t b0 = _vreinterpretq_s16_s32(_vtrn2q_s32( - _vreinterpretq_s32_s16(v.low), _vreinterpretq_s32_s16(v.high))); - int16x8_t b_minus_a = _vsubq_s16(b0, a0); - int16x8_t a = _vaddq_s16(a0, b0); - int16x8_t a1 = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); - int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = _vreinterpretq_s16_s32( - _vtrn1q_s32(_vreinterpretq_s32_s16(a1), _vreinterpretq_s32_s16(b))); - v.high = _vreinterpretq_s16_s32( - _vtrn2q_s32(_vreinterpretq_s32_s16(a1), _vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, - zeta3, zeta4); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - int16x8_t zeta = _vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t a0 = _vreinterpretq_s16_s64(_vtrn1q_s64( - _vreinterpretq_s64_s16(v.low), _vreinterpretq_s64_s16(v.high))); - int16x8_t b0 = _vreinterpretq_s16_s64(_vtrn2q_s64( - _vreinterpretq_s64_s16(v.low), _vreinterpretq_s64_s16(v.high))); - int16x8_t b_minus_a = _vsubq_s16(b0, a0); - int16x8_t a = _vaddq_s16(a0, b0); - int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = _vreinterpretq_s16_s64( - _vtrn1q_s64(_vreinterpretq_s64_s16(a), _vreinterpretq_s64_s16(b))); - v.high = _vreinterpretq_s16_s64( - _vtrn2q_s64(_vreinterpretq_s64_s16(a), _vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - int16x8_t zeta0 = _vdupq_n_s16(zeta); - int16x8_t b_minus_a = _vsubq_s16(v.high, v.low); - v.low = _vaddq_s16(v.low, v.high); - v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_multiply( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, - zeta2, zeta4, -zeta2, -zeta4}; - int16x8_t zeta = _vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t a0 = _vtrn1q_s16(lhs->low, lhs->high); - int16x8_t a1 = _vtrn2q_s16(lhs->low, lhs->high); - int16x8_t b0 = _vtrn1q_s16(rhs->low, rhs->high); - int16x8_t b1 = _vtrn2q_s16(rhs->low, rhs->high); - int16x8_t a1b1 = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, - b1); - int32x4_t a1b1_low = _vmull_s16(_vget_low_s16(a1b1), _vget_low_s16(zeta)); - int32x4_t a1b1_high = _vmull_high_s16(a1b1, zeta); - int16x8_t fst_low = _vreinterpretq_s16_s32( - _vmlal_s16(a1b1_low, _vget_low_s16(a0), _vget_low_s16(b0))); - int16x8_t fst_high = - _vreinterpretq_s16_s32(_vmlal_high_s16(a1b1_high, a0, b0)); - int32x4_t a0b1_low = _vmull_s16(_vget_low_s16(a0), _vget_low_s16(b1)); - int32x4_t a0b1_high = _vmull_high_s16(a0, b1); - int16x8_t snd_low = _vreinterpretq_s16_s32( - _vmlal_s16(a0b1_low, _vget_low_s16(a1), _vget_low_s16(b0))); - int16x8_t snd_high = - _vreinterpretq_s16_s32(_vmlal_high_s16(a0b1_high, a1, b0)); - int16x8_t fst_low16 = _vtrn1q_s16(fst_low, fst_high); - int16x8_t fst_high16 = _vtrn2q_s16(fst_low, fst_high); - int16x8_t snd_low16 = _vtrn1q_s16(snd_low, snd_high); - int16x8_t snd_high16 = _vtrn2q_s16(snd_low, snd_high); - int16x8_t fst = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - fst_low16, fst_high16); - int16x8_t snd = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - snd_low16, snd_high16); - int32x4_t low0 = _vreinterpretq_s32_s16(_vtrn1q_s16(fst, snd)); - int32x4_t high0 = _vreinterpretq_s32_s16(_vtrn2q_s16(fst, snd)); - int16x8_t low1 = _vreinterpretq_s16_s32(_vtrn1q_s32(low0, high0)); - int16x8_t high1 = _vreinterpretq_s16_s32(_vtrn2q_s32(low0, high0)); - uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, - 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; - uint8x16_t index = _vld1q_u8( - Eurydice_array_to_slice((size_t)16U, indexes, uint8_t, Eurydice_slice)); - int16x8_t low2 = - _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(low1), index)); - int16x8_t high2 = - _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(high1), index)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low2, .high = high2}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_multiply_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, - zeta3, zeta4); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, - (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; - int16x8_t shift = _vld1q_s16( - Eurydice_array_to_slice((size_t)8U, shifter, int16_t, Eurydice_slice)); - int16x8_t low0 = _vshlq_s16(v.low, shift); - int16x8_t high0 = _vshlq_s16(v.high, shift); - int16_t low = _vaddvq_s16(low0); - int16_t high = _vaddvq_s16(high0); - ret[0U] = (uint8_t)low; - ret[1U] = (uint8_t)high; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { - int16x8_t one = _vdupq_n_s16((int16_t)1); - int16x8_t low0 = _vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - int16x8_t high0 = _vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); - int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, - (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; - int16x8_t shift = _vld1q_s16( - Eurydice_array_to_slice((size_t)8U, shifter, int16_t, Eurydice_slice)); - int16x8_t low = _vshlq_s16(low0, shift); - int16x8_t high = _vshlq_s16(high0, shift); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = _vandq_s16(low, one), .high = _vandq_s16(high, one)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, - (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; - int16x8_t shift = _vld1q_s16( - Eurydice_array_to_slice((size_t)8U, shifter, int16_t, Eurydice_slice)); - uint16x8_t lowt = _vshlq_u16(_vreinterpretq_u16_s16(v.low), shift); - uint16x8_t hight = _vshlq_u16(_vreinterpretq_u16_s16(v.high), shift); - uint64_t sum0 = (uint64_t)_vaddv_u16(_vget_low_u16(lowt)); - uint64_t sum1 = (uint64_t)_vaddv_u16(_vget_high_u16(lowt)); - uint64_t sum2 = (uint64_t)_vaddv_u16(_vget_low_u16(hight)); - uint64_t sum3 = (uint64_t)_vaddv_u16(_vget_high_u16(hight)); - uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; - uint8_t ret0[8U]; - core_num__u64_9__to_le_bytes(sum, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_4_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_deserialize_4_0d(v); - int16_t input_i16s[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = _vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = _vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[10U]; - libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_5_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_5_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = _vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = _vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { - int32x4_t low00 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.low, v.low)); - int32x4_t low10 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.low, v.low)); - int32x4_t mixt = _vsliq_n_s32((int32_t)10, low00, low10, int32x4_t); - int64x2_t low0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt, mixt)); - int64x2_t low1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt, mixt)); - int64x2_t low_mix = _vsliq_n_s64((int32_t)20, low0, low1, int64x2_t); - int32x4_t high00 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.high, v.high)); - int32x4_t high10 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.high, v.high)); - int32x4_t mixt0 = _vsliq_n_s32((int32_t)10, high00, high10, int32x4_t); - int64x2_t high0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt0, mixt0)); - int64x2_t high1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt0, mixt0)); - int64x2_t high_mix = _vsliq_n_s64((int32_t)20, high0, high1, int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - _vst1q_u8(uu____0, _vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - _vst1q_u8(uu____1, _vreinterpretq_u8_s64(high_mix)); - uint8_t result[20U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_10_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_10_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = _vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = _vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_11_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = _vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = _vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { - int32x4_t low00 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.low, v.low)); - int32x4_t low10 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.low, v.low)); - int32x4_t mixt = _vsliq_n_s32((int32_t)12, low00, low10, int32x4_t); - int64x2_t low0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt, mixt)); - int64x2_t low1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt, mixt)); - int64x2_t low_mix = _vsliq_n_s64((int32_t)24, low0, low1, int64x2_t); - int32x4_t high00 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.high, v.high)); - int32x4_t high10 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.high, v.high)); - int32x4_t mixt0 = _vsliq_n_s32((int32_t)12, high00, high10, int32x4_t); - int64x2_t high0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt0, mixt0)); - int64x2_t high1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt0, mixt0)); - int64x2_t high_mix = _vsliq_n_s64((int32_t)24, high0, high1, int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - _vst1q_u8(uu____0, _vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - _vst1q_u8(uu____1, _vreinterpretq_u8_s64(high_mix)); - uint8_t result[24U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_12_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { - uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, - 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; - uint8x16_t index_vec = _vld1q_u8( - Eurydice_array_to_slice((size_t)16U, indexes, uint8_t, Eurydice_slice)); - int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, - (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; - int16x8_t shift_vec = _vld1q_s16( - Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); - uint16x8_t mask12 = _vdupq_n_u16(4095U); - uint8_t input0[16U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8x16_t input_vec0 = _vld1q_u8( - Eurydice_array_to_slice((size_t)16U, input0, uint8_t, Eurydice_slice)); - uint8_t input1[16U] = {0U}; - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8x16_t input_vec1 = _vld1q_u8( - Eurydice_array_to_slice((size_t)16U, input1, uint8_t, Eurydice_slice)); - uint16x8_t moved0 = _vreinterpretq_u16_u8(_vqtbl1q_u8(input_vec0, index_vec)); - uint16x8_t shifted0 = _vshlq_u16(moved0, shift_vec); - int16x8_t low = _vreinterpretq_s16_u16(_vandq_u16(shifted0, mask12)); - uint16x8_t moved1 = _vreinterpretq_u16_u8(_vqtbl1q_u8(input_vec1, index_vec)); - uint16x8_t shifted1 = _vshlq_u16(moved1, shift_vec); - int16x8_t high = _vreinterpretq_s16_u16(_vandq_u16(shifted1, mask12)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low, .high = high}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); -} - -KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { - size_t sampled = (size_t)0U; - core_slice_iter_Chunks iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, core_slice_iter_Chunks); - while (true) { - core_option_Option_44 uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( - &iter, uint8_t, core_option_Option_44); - if (uu____0.tag == core_option_None) { - break; - } else { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - int16_t uu____2; - bool uu____3; - size_t uu____4; - int16_t uu____5; - size_t uu____6; - int16_t uu____7; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = - d1; - sampled++; - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, - int16_t) = uu____5; - sampled++; - continue; - } - } - continue; - } - } - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = - uu____5; - sampled++; - continue; - } - } - } - } - return sampled; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, - Eurydice_slice out) { - return libcrux_ml_kem_vector_neon_rej_sample(a, out); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_clone_ed( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { - return self[0U]; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c ZERO_89_06(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); - return lit; -} - -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_to_reduced_ring_element_e3(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 800 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a64( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -shift_right_d3(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = _vshrq_n_s16((int32_t)15, v.low, int16x8_t); - v.high = _vshrq_n_s16((int32_t)15, v.high, int16x8_t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 -with const generics -- SHIFT_BY= 15 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector shift_right_20_6a( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return shift_right_d3(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -to_unsigned_representative_64( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = shift_right_20_6a(a); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = - libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_neon_add_20(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_77( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - to_unsigned_representative_64(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- OUT_LEN= 768 -*/ -static KRML_MUSTINLINE void serialize_secret_key_5d1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[768U]) { - uint8_t out[768U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); -} - -/** - Concatenate `t` and `ρ` into the public key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -static KRML_MUSTINLINE void serialize_public_key_701( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); - uint8_t ret0[768U]; - serialize_secret_key_5d1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e1(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - deserialize_ring_elements_reduced_a64( - Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[800U]; - serialize_public_key_701( - uu____0, - Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]] - -*/ -typedef struct tuple_4c0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 snd; -} tuple_4c0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void G_48_771(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static void closure_de1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -typedef struct Simd128Hash_s { - libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; -} Simd128Hash; - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb with const generics -- K= 2 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_6b1(uint8_t input[2U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics -- K= 2 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_48_551(uint8_t input[2U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[2U][34U]; - memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_6b1(copy_of_input); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_b71( - Simd128Hash *st, uint8_t ret[2U][504U]) { - uint8_t out[2U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[504U], void *); - uint8_t out3[504U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[504U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks_48 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_48_e91( - Simd128Hash *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_b71(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 2 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e63( - uint8_t randomness[2U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_7d1(Simd128Hash *st, - uint8_t ret[2U][168U]) { - uint8_t out[2U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[168U], void *); - uint8_t out3[168U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[168U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block_48 with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_48_ad1( - Simd128Hash *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_7d1(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 2 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e64( - uint8_t randomness[2U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -from_i16_array_89_f3(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d51( - int16_t s[272U]) { - return from_i16_array_89_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_from_xof_c01( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - size_t sampled_coefficients[2U] = {0U}; - int16_t out[2U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[2U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_48_551(copy_of_seeds); - uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_48_e91(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[2U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e63( - copy_of_randomness0, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[2U][168U]; - shake128_squeeze_block_48_ad1(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[2U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e64( - copy_of_randomness, sampled_coefficients, out); - } - } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[2U][272U]; - memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_d51(copy_of_out[i]);); - memcpy( - ret, ret0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_matrix_A_481( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_de1(A_transpose[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[2U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[2U]; - sample_from_xof_c01(copy_of_seeds, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - } - - ); - memcpy(ret, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[2size_t], uint8_t - -*/ -typedef struct tuple_740_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[2U]; - uint8_t snd; -} tuple_740; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_891(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - uint8_t out0[192U] = {0U}; - uint8_t out1[192U] = {0U}; - uint8_t out2[192U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[192U], void *); - uint8_t out3[192U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[192U], void *); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[192U]; - memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); - uint8_t uu____1[192U]; - memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_48_a91(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_891(input, ret); -} - -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_2_c3(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_3_27(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- ETA= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_2c0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_27(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_7_67( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - libcrux_ml_kem_vector_neon_multiply_by_constant_20( - re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = - libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); - re->coefficients[j] = uu____1; - } -} - -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -montgomery_multiply_fe_91( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -ntt_layer_int_vec_step_9c( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - montgomery_multiply_fe_91(b, zeta_r); - b = libcrux_ml_kem_vector_neon_sub_20(a, &t); - a = libcrux_ml_kem_vector_neon_add_20(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_2a( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - ntt_layer_int_vec_step_9c( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_3_f4( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_2_d0( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_1_39( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void poly_barrett_reduce_89_5f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_cf( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - ntt_at_layer_7_67(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_f4(&zeta_i, re); - ntt_at_layer_2_d0(&zeta_i, re); - ntt_at_layer_1_39(&zeta_i, re); - poly_barrett_reduce_89_5f(re); -} - -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA= 3 -- ETA_RANDOMNESS_SIZE= 192 -*/ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_06();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN_48_a91(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_2c0( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_re_as_ntt[2U]; - memcpy( - copy_of_re_as_ntt, re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_740 lit; - memcpy( - lit.fst, copy_of_re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -ntt_multiply_89_16(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_multiply_20( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_ae1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -to_standard_domain_fc(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = to_standard_domain_fc(self->coefficients[j]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** - Compute  ◦ ŝ + ê -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_951( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ae1(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static tuple_4c0 generate_keypair_unpacked_ff1( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_771(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_481(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_1f1(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[2U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_1f1(copy_of_prf_input, domain_separator).fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - compute_As_plus_e_951(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[2U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A_transpose[2U] - [2U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[2U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static void closure_891( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c clone_d5_13( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * - sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_48_851(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_891(A[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_d5_13(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U][2U]; - memcpy(uu____2, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t pk_serialized[800U]; - serialize_public_key_701( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_851(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- PRIVATE_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_161( - Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk = uu____0.snd; - uint8_t public_key_serialized[800U]; - serialize_public_key_701(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[768U]; - serialize_secret_key_5d1(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[768U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[800U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)800U * sizeof(uint8_t)); - return lit; -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -- SERIALIZED_KEY_LEN= 1632 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_d81( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_851(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); -} - -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_161(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_d81( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1632U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_e01(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[800U]; - memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c1( - uu____2, libcrux_ml_kem_types_from_b6_571(copy_of_public_key)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_892(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - uint8_t out[2U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[128U], void *); - uint8_t out3[128U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[128U], void *); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a92(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - PRFxN_892(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- ETA= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_2c(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c3(randomness); -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_eb1(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_06();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - PRFxN_48_a92(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_error_1[2U]; - memcpy( - copy_of_error_1, error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_740 lit; - memcpy( - lit.fst, copy_of_error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_b40(Eurydice_slice input, uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - uint8_t dummy[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - input, input, - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e4(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_4b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_74( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -inv_ntt_layer_int_vec_step_reduce_27( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = - libcrux_ml_kem_vector_neon_sub_20(b, &a); - a = libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(a, &b)); - b = montgomery_multiply_fe_91(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_fd( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_27( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_621( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_4b(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_5f(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_error_reduce_89_24( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - self->coefficients[j], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_vector_u_6a1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ae1(&result[i1], &product); - } - invert_ntt_montgomery_621(&result[i1]); - add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_1_fc( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_message_23(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_1_fc(coefficient_compressed); - re.coefficients[i0] = uu____0;); - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -add_message_error_reduce_89_3a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - result.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_9b1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ae1(&result, &product);); - invert_ntt_montgomery_621(&result); - result = add_message_error_reduce_89_3a(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af(uint32x4_t v) { - uint32x4_t half = _vdupq_n_u32(1664U); - uint32x4_t compressed = _vshlq_n_u32((int32_t)10, v, uint32x4_t); - uint32x4_t compressed0 = _vaddq_u32(compressed, half); - uint32x4_t compressed1 = _vreinterpretq_u32_s32( - _vqdmulhq_n_s32(_vreinterpretq_s32_u32(compressed0), (int32_t)10321340)); - return _vshrq_n_u32((int32_t)4, compressed1, uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_43(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t mask = _vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)10)); - uint32x4_t mask16 = _vdupq_n_u32(65535U); - uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); - uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); - uint32x4_t low0 = compress_int32x4_t_af(low00); - uint32x4_t low1 = compress_int32x4_t_af(low10); - uint32x4_t high0 = compress_int32x4_t_af(high00); - uint32x4_t high1 = compress_int32x4_t_af(high10); - int16x8_t low = - _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); - int16x8_t high = - _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); - v.low = _vandq_s16(low, mask); - v.high = _vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 10 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_43(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_10_ca0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_0e(to_unsigned_representative_64(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af0(uint32x4_t v) { - uint32x4_t half = _vdupq_n_u32(1664U); - uint32x4_t compressed = _vshlq_n_u32((int32_t)11, v, uint32x4_t); - uint32x4_t compressed0 = _vaddq_u32(compressed, half); - uint32x4_t compressed1 = _vreinterpretq_u32_s32( - _vqdmulhq_n_s32(_vreinterpretq_s32_u32(compressed0), (int32_t)10321340)); - return _vshrq_n_u32((int32_t)4, compressed1, uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_430(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t mask = _vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)11)); - uint32x4_t mask16 = _vdupq_n_u32(65535U); - uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); - uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); - uint32x4_t low0 = compress_int32x4_t_af0(low00); - uint32x4_t low1 = compress_int32x4_t_af0(low10); - uint32x4_t high0 = compress_int32x4_t_af0(high00); - uint32x4_t high1 = compress_int32x4_t_af0(high10); - int16x8_t low = - _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); - int16x8_t high = - _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); - v.low = _vandq_s16(low, mask); - v.high = _vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 11 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e0( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_430(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_840( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10_ca0(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- OUT_LEN= 640 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_d71( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[2U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_840(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af1(uint32x4_t v) { - uint32x4_t half = _vdupq_n_u32(1664U); - uint32x4_t compressed = _vshlq_n_u32((int32_t)4, v, uint32x4_t); - uint32x4_t compressed0 = _vaddq_u32(compressed, half); - uint32x4_t compressed1 = _vreinterpretq_u32_s32( - _vqdmulhq_n_s32(_vreinterpretq_s32_u32(compressed0), (int32_t)10321340)); - return _vshrq_n_u32((int32_t)4, compressed1, uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_431(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t mask = _vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)4)); - uint32x4_t mask16 = _vdupq_n_u32(65535U); - uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); - uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); - uint32x4_t low0 = compress_int32x4_t_af1(low00); - uint32x4_t low1 = compress_int32x4_t_af1(low10); - uint32x4_t high0 = compress_int32x4_t_af1(high00); - uint32x4_t high1 = compress_int32x4_t_af1(high10); - int16x8_t low = - _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); - int16x8_t high = - _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); - v.low = _vandq_s16(low, mask); - v.high = _vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 4 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_431(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_4_21( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_0e1(to_unsigned_representative_64(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af2(uint32x4_t v) { - uint32x4_t half = _vdupq_n_u32(1664U); - uint32x4_t compressed = _vshlq_n_u32((int32_t)5, v, uint32x4_t); - uint32x4_t compressed0 = _vaddq_u32(compressed, half); - uint32x4_t compressed1 = _vreinterpretq_u32_s32( - _vqdmulhq_n_s32(_vreinterpretq_s32_u32(compressed0), (int32_t)10321340)); - return _vshrq_n_u32((int32_t)4, compressed1, uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_432(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t mask = _vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)5)); - uint32x4_t mask16 = _vdupq_n_u32(65535U); - uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); - uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); - uint32x4_t low0 = compress_int32x4_t_af2(low00); - uint32x4_t low1 = compress_int32x4_t_af2(low10); - uint32x4_t high0 = compress_int32x4_t_af2(high00); - uint32x4_t high1 = compress_int32x4_t_af2(high10); - int16x8_t low = - _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); - int16x8_t high = - _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); - v.low = _vandq_s16(low, mask); - v.high = _vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 5 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e2( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_432(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_5_2b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = - compress_20_0e2(to_unsigned_representative_64(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - compress_then_serialize_4_21(re, out); -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_541( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_1f1(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[2U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = - sample_ring_element_cbd_eb1(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; - memcpy( - error_1, uu____3.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e4( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[2U]; - compute_vector_u_6a1(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_9b1(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U]; - memcpy( - uu____5, u, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d71( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_3f0( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_471( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_unpacked_541(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_c71(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 768 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a63( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_4e1(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - deserialize_ring_elements_reduced_a63( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_481(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[2U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A[2U][2U]; - memcpy(copy_of_A, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_541(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -*/ -static KRML_MUSTINLINE void kdf_af_631(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_c71( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_851(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, - Eurydice_slice); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_4e1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_af_631(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a(uint32x4_t v) { - uint32x4_t coeff = _vdupq_n_u32(1U << (uint32_t)((int32_t)10 - (int32_t)1)); - uint32x4_t decompressed = - _vmulq_n_u32(v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - uint32x4_t decompressed0 = _vaddq_u32(decompressed, coeff); - return _vshrq_n_u32((int32_t)10, decompressed0, uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_de( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - uint32x4_t mask16 = _vdupq_n_u32(65535U); - uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); - uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); - uint32x4_t low0 = decompress_uint32x4_t_7a(low00); - uint32x4_t low1 = decompress_uint32x4_t_7a(low10); - uint32x4_t high0 = decompress_uint32x4_t_7a(high00); - uint32x4_t high1 = decompress_uint32x4_t_7a(high10); - v.low = - _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); - v.high = - _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 10 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_21( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_de(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_10_81(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_21(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a0(uint32x4_t v) { - uint32x4_t coeff = _vdupq_n_u32(1U << (uint32_t)((int32_t)11 - (int32_t)1)); - uint32x4_t decompressed = - _vmulq_n_u32(v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - uint32x4_t decompressed0 = _vaddq_u32(decompressed, coeff); - return _vshrq_n_u32((int32_t)11, decompressed0, uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_de0( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - uint32x4_t mask16 = _vdupq_n_u32(65535U); - uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); - uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); - uint32x4_t low0 = decompress_uint32x4_t_7a0(low00); - uint32x4_t low1 = decompress_uint32x4_t_7a0(low10); - uint32x4_t high0 = decompress_uint32x4_t_7a0(high00); - uint32x4_t high1 = decompress_uint32x4_t_7a0(high10); - v.low = - _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); - v.high = - _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 11 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_210( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_de0(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_11_6b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_210(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_u_060(Eurydice_slice serialized) { - return deserialize_then_decompress_10_81(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void ntt_vector_u_3c0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_f4(&zeta_i, re); - ntt_at_layer_2_d0(&zeta_i, re); - ntt_at_layer_1_39(&zeta_i, re); - poly_barrett_reduce_89_5f(re); -} - -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_331( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_060(u_bytes); - ntt_vector_u_3c0(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a1(uint32x4_t v) { - uint32x4_t coeff = _vdupq_n_u32(1U << (uint32_t)((int32_t)4 - (int32_t)1)); - uint32x4_t decompressed = - _vmulq_n_u32(v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - uint32x4_t decompressed0 = _vaddq_u32(decompressed, coeff); - return _vshrq_n_u32((int32_t)4, decompressed0, uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_de1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - uint32x4_t mask16 = _vdupq_n_u32(65535U); - uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); - uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); - uint32x4_t low0 = decompress_uint32x4_t_7a1(low00); - uint32x4_t low1 = decompress_uint32x4_t_7a1(low10); - uint32x4_t high0 = decompress_uint32x4_t_7a1(high00); - uint32x4_t high1 = decompress_uint32x4_t_7a1(high10); - v.low = - _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); - v.high = - _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 4 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_211( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_de1(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_4_60(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_211(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a2(uint32x4_t v) { - uint32x4_t coeff = _vdupq_n_u32(1U << (uint32_t)((int32_t)5 - (int32_t)1)); - uint32x4_t decompressed = - _vmulq_n_u32(v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - uint32x4_t decompressed0 = _vaddq_u32(decompressed, coeff); - return _vshrq_n_u32((int32_t)5, decompressed0, uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_de2( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - uint32x4_t mask16 = _vdupq_n_u32(65535U); - uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); - uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); - uint32x4_t low0 = decompress_uint32x4_t_7a2(low00); - uint32x4_t low1 = decompress_uint32x4_t_7a2(low10); - uint32x4_t high0 = decompress_uint32x4_t_7a2(high00); - uint32x4_t high1 = decompress_uint32x4_t_7a2(high10); - v.low = - _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); - v.high = - _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 5 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_212( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_de2(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_5_25(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - decompress_ciphertext_coefficient_20_212(re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_v_440(Eurydice_slice serialized) { - return deserialize_then_decompress_4_60(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -subtract_reduce_89_25(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_c71( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ae1(&result, &product);); - invert_ntt_montgomery_621(&result); - result = subtract_reduce_89_25(v, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_message_ab( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - to_unsigned_representative_64(re.coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = - libcrux_ml_kem_vector_neon_compress_1_20(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_d61( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; - deserialize_then_decompress_u_331(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_440( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_c71(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ab(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_b4(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - uint8_t dummy[32U] = {0U}; - libcrux_sha3_neon_x2_shake256( - input, input, - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 2 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e3(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_d61(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e3( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_unpacked_541(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f01(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_to_uncompressed_ring_element_10(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_4f1( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_af1(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - deserialize_secret_key_4f1(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[2U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - decrypt_unpacked_d61(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_821( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_af1(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e3( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_4e1(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_631( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_631(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f01(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a62( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -static KRML_MUSTINLINE void serialize_secret_key_5d0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -/** - Concatenate `t` and `ρ` into the public key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -static KRML_MUSTINLINE void serialize_public_key_700( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); - uint8_t ret0[1152U]; - serialize_secret_key_5d0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e0(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - deserialize_ring_elements_reduced_a62( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - serialize_public_key_700( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; -} tuple_9b0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void G_48_770(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static void closure_de0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb with const generics -- K= 3 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_6b0(uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - &state[1U], - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics -- K= 3 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_48_550(uint8_t input[3U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[3U][34U]; - memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_6b0(copy_of_input); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_b70( - Simd128Hash *st, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks_48 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_48_e90( - Simd128Hash *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_b70(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e61( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_7d0(Simd128Hash *st, - uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block_48 with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_48_ad0( - Simd128Hash *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_7d0(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e62( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d50( - int16_t s[272U]) { - return from_i16_array_89_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_from_xof_c00( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[3U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_48_550(copy_of_seeds); - uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_48_e90(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[3U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e61( - copy_of_randomness0, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_block_48_ad0(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[3U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e62( - copy_of_randomness, sampled_coefficients, out); - } - } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[3U][272U]; - memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_d50(copy_of_out[i]);); - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_matrix_A_480( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_de0(A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[3U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; - sample_from_xof_c00(copy_of_seeds, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - } - - ); - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b00_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; - uint8_t snd; -} tuple_b00; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_890(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a90(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_890(input, ret); -} - -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_06();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_48_a90(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_re_as_ntt[3U]; - memcpy( - copy_of_re_as_ntt, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b00 lit; - memcpy( - lit.fst, copy_of_re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_ae0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** - Compute  ◦ ŝ + ê -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_950( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ae0(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_9b0 generate_keypair_unpacked_ff0( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_770(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_480(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_1f0(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_1f0(copy_of_prf_input, domain_separator).fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - compute_As_plus_e_950(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_890( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_48_850(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_890(A[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_d5_13(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t pk_serialized[1184U]; - serialize_public_key_700( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_850(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_160( - Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - serialize_public_key_700(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_5d0(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1152U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1184U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_d80( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_850(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_160(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_d80( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[2400U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_e0(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[1184U]; - memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c( - uu____2, libcrux_ml_kem_types_from_b6_57(copy_of_public_key)); -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_eb0(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_06();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_48_a90(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_error_1[3U]; - memcpy( - copy_of_error_1, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b00 lit; - memcpy( - lit.fst, copy_of_error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e2(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_620( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_4b(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_5f(re); -} - -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_vector_u_6a0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ae0(&result[i1], &product); - } - invert_ntt_montgomery_620(&result[i1]); - add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_9b0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ae0(&result, &product);); - invert_ntt_montgomery_620(&result); - result = add_message_error_reduce_89_3a(error_2, message, result); - return result; -} - -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_d70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_840(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_540( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_1f0(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = - sample_ring_element_cbd_eb0(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e2( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; - compute_vector_u_6a0(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_9b0(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d70( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_3f0( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_470( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_unpacked_540(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_c70(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a61( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_4e0(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - deserialize_ring_elements_reduced_a61( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_480(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A[3U][3U]; - memcpy(copy_of_A, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_540(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -static KRML_MUSTINLINE void kdf_af_630(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_c70( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_850(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, - Eurydice_slice); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_4e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_af_630(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_330( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_060(u_bytes); - ntt_vector_u_3c0(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_c70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ae0(&result, &product);); - invert_ntt_montgomery_620(&result); - result = subtract_reduce_89_25(v, result); - return result; -} - -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_d60( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - deserialize_then_decompress_u_330(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_440( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_c70(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ab(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e1(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_d60(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e1( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_540(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_4f0( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_af0(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - deserialize_secret_key_4f0(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - decrypt_unpacked_d60(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_820( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_af0(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e1( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_4e0(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_630( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_630(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1568 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a60( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- OUT_LEN= 1536 -*/ -static KRML_MUSTINLINE void serialize_secret_key_5d( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[1536U]) { - uint8_t out[1536U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); -} - -/** - Concatenate `t` and `ρ` into the public key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -static KRML_MUSTINLINE void serialize_public_key_70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); - uint8_t ret0[1536U]; - serialize_secret_key_5d(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - deserialize_ring_elements_reduced_a60( - Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1568U]; - serialize_public_key_70( - uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]] - -*/ -typedef struct tuple_54_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c snd; -} tuple_54; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void G_48_77(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static void closure_de( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb with const generics -- K= 4 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_6b(uint8_t input[4U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - &state[1U], - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics -- K= 4 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_48_55(uint8_t input[4U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[4U][34U]; - memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_6b(copy_of_input); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_b7( - Simd128Hash *st, uint8_t ret[4U][504U]) { - uint8_t out[4U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____3[504U]; - memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks_48 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_48_e9( - Simd128Hash *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_b7(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 4 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e6( - uint8_t randomness[4U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_7d(Simd128Hash *st, - uint8_t ret[4U][168U]) { - uint8_t out[4U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____3[168U]; - memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block_48 with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_48_ad( - Simd128Hash *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_7d(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 4 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e60( - uint8_t randomness[4U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d5( - int16_t s[272U]) { - return from_i16_array_89_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_from_xof_c0( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - size_t sampled_coefficients[4U] = {0U}; - int16_t out[4U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[4U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_48_55(copy_of_seeds); - uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_48_e9(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[4U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e6( - copy_of_randomness0, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[4U][168U]; - shake128_squeeze_block_48_ad(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[4U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e60( - copy_of_randomness, sampled_coefficients, out); - } - } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[4U][272U]; - memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_d5(copy_of_out[i]);); - memcpy( - ret, ret0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_matrix_A_48( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_de(A_transpose[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[4U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[4U]; - sample_from_xof_c0(copy_of_seeds, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - } - - ); - memcpy(ret, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[4size_t], uint8_t - -*/ -typedef struct tuple_71_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[4U]; - uint8_t snd; -} tuple_71; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_89(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - uint8_t out[4U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____3[128U]; - memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a9(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_89(input, ret); -} - -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_06();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_48_a9(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_re_as_ntt[4U]; - memcpy( - copy_of_re_as_ntt, re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_71 lit; - memcpy( - lit.fst, copy_of_re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_ae( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** - Compute  ◦ ŝ + ê -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_95( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ae(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_54 generate_keypair_unpacked_ff( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_77(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_48(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_1f(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[4U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_1f(copy_of_prf_input, domain_separator).fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - compute_As_plus_e_95(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[4U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A_transpose[4U] - [4U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[4U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_89( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_48_85(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_54 uu____0 = generate_keypair_unpacked_ff(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_89(A[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_d5_13(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U][4U]; - memcpy(uu____2, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t pk_serialized[1568U]; - serialize_public_key_70( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_85(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_16( - Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_ff(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk = uu____0.snd; - uint8_t public_key_serialized[1568U]; - serialize_public_key_70(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_5d(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1536U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1568U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -- SERIALIZED_KEY_LEN= 3168 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_d8( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_85(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); -} - -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_16(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_d8( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[3168U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_e00(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[1568U]; - memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c0( - uu____2, libcrux_ml_kem_types_from_b6_570(copy_of_public_key)); -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_eb(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_06();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_48_a9(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_error_1[4U]; - memcpy( - copy_of_error_1, error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_71 lit; - memcpy( - lit.fst, copy_of_error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e0(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_62( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_4b(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_5f(re); -} - -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_vector_u_6a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ae(&result[i1], &product); - } - invert_ntt_montgomery_62(&result[i1]); - add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_9b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ae(&result, &product);); - invert_ntt_montgomery_62(&result); - result = add_message_error_reduce_89_3a(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_11_55( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_0e0(to_unsigned_representative_64(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 11 -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_84( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11_55(re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); -} - -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- OUT_LEN= 1408 -- COMPRESSION_FACTOR= 11 -- BLOCK_LEN= 352 -*/ -static void compress_then_serialize_u_d7( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[4U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u_84(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 5 -- OUT_LEN= 160 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - compress_then_serialize_5_2b(re, out); -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_54( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_1f(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[4U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = - sample_ring_element_cbd_eb(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; - memcpy( - error_1, uu____3.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[4U]; - compute_vector_u_6a(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_9b(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U]; - memcpy( - uu____5, u, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d7( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_3f( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_47( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_unpacked_54(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_c7(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a6( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_4e(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - deserialize_ring_elements_reduced_a6( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_48(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[4U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A[4U][4U]; - memcpy(copy_of_A, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_54(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -*/ -static KRML_MUSTINLINE void kdf_af_63(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_c7( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_85(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, - Eurydice_slice); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_4e(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_af_63(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_u_06(Eurydice_slice serialized) { - return deserialize_then_decompress_11_6b(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void ntt_vector_u_3c( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_f4(&zeta_i, re); - ntt_at_layer_2_d0(&zeta_i, re); - ntt_at_layer_1_39(&zeta_i, re); - poly_barrett_reduce_89_5f(re); -} - -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_33( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_06(u_bytes); - ntt_vector_u_3c(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_v_44(Eurydice_slice serialized) { - return deserialize_then_decompress_5_25(serialized); -} - -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_c7( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ae(&result, &product);); - invert_ntt_montgomery_62(&result); - result = subtract_reduce_89_25(v, result); - return result; -} - -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_unpacked_d6( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; - deserialize_then_decompress_u_33(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_44( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_c7(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ab(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 4 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_d6(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_54(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f00(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_4f( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_af(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - deserialize_secret_key_4f(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[4U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - decrypt_unpacked_d6(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_82( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_af(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_4e(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_63( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_63(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f00(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 4aac58084..f2358c033 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem_neon_H @@ -20,7 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem_portable.h" #include "libcrux_sha3_neon.h" void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, @@ -29,571 +28,6 @@ void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]); -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { - int16x8_t low; - int16x8_t high; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_ZERO(void); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ZERO_20(void); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array); - -void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_to_i16_array_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_add( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_add_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_sub( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_sub_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_cond_subtract_3329_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -int16x8_t libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( - int16x8_t v); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -int16x8_t libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - int16x8_t low, int16x8_t high); - -int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - int16x8_t v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -int16_t libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - int16_t coefficient_bits); - -int16x8_t libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - int16x8_t v, int16x8_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_multiply( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_multiply_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -void libcrux_ml_kem_vector_neon_serialize_serialize_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_4( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_4_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_5( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_5_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_10_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_11_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_12_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a); - -size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, - Eurydice_slice result); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, - Eurydice_slice out); - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_clone_ed( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self); - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c; - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 39f30d882..67dd953b3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #include "internal/libcrux_mlkem_portable.h" @@ -68,407 +68,20 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_from_i16_array( - Eurydice_slice array) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - int16_t ret[16U]; - core_result_Result_c0 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); - core_result_unwrap_41_f9(dst, ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { - return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); -} - -KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_from_i16_array( + Eurydice_slice array) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + int16_t ret[16U]; + core_result_Result_c0 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, + Eurydice_slice), + Eurydice_slice, int16_t[16U], void *); + core_result_unwrap_41_f9(dst, ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); + return lit; } /** @@ -476,8 +89,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { + return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } KRML_MUSTINLINE uint8_t_x11 @@ -676,6 +289,28 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( .f7 = r7}); } +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( @@ -715,6 +350,537 @@ libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); +} + +const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE + [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, + 255U, 255U, 255U}, + {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 255U, 255U}, + {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, + 15U, 255U, 255U}, + {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 14U, 15U}}; + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1402,68 +1568,311 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +} + +KRML_MUSTINLINE uint8_t_x4 +libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); + return (CLITERAL(uint8_t_x4){ + .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +} + +KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); } -KRML_MUSTINLINE uint8_t_x4 -libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); - return (CLITERAL(uint8_t_x4){ - .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); } KRML_MUSTINLINE uint8_t_x5 @@ -1552,6 +1961,112 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); } +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +} + KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, @@ -1800,7 +2315,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_02(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -1834,8 +2349,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_d2(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -1866,12 +2381,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_524( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1883,7 +2398,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_524( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1897,7 +2412,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_83(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_f8(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -1916,8 +2431,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_bf(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_83(v); +shift_right_0d_4b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_f8(v); } /** @@ -1927,10 +2442,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_af( +to_unsigned_representative_78( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_bf(a); + shift_right_0d_4b(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1943,14 +2458,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_05( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_af(re->coefficients[i0]); + to_unsigned_representative_78(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1974,7 +2489,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_e81( +static KRML_MUSTINLINE void serialize_secret_key_f81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -1993,7 +2508,7 @@ static KRML_MUSTINLINE void serialize_secret_key_e81( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_05(&re, ret0); + serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -2013,7 +2528,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_9a1( +static KRML_MUSTINLINE void serialize_public_key_801( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; @@ -2021,7 +2536,7 @@ static KRML_MUSTINLINE void serialize_public_key_9a1( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; - serialize_secret_key_e81(t_as_ntt, ret0); + serialize_secret_key_f81(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), @@ -2042,15 +2557,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_524( + deserialize_ring_elements_reduced_724( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_9a1( + serialize_public_key_801( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), @@ -2081,7 +2596,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_111(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b61(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2092,10 +2607,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_821( +static void closure_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -2113,7 +2628,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_411(uint8_t input[4U][34U]) { +shake128_init_absorb_751(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2144,11 +2659,11 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_f1_511(uint8_t input[4U][34U]) { +shake128_init_absorb_f1_111(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_411(copy_of_input); + return shake128_init_absorb_751(copy_of_input); } /** @@ -2157,7 +2672,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_541( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_101( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2179,9 +2694,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_7f1( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e1( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_541(self, ret); + shake128_squeeze_three_blocks_101(self, ret); } /** @@ -2232,7 +2747,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_023( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2271,7 +2786,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_881(PortableHash_d1 *st, +static KRML_MUSTINLINE void shake128_squeeze_block_ed1(PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2292,9 +2807,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_681( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_c11( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_881(self, ret); + shake128_squeeze_block_ed1(self, ret); } /** @@ -2345,7 +2860,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_024( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2389,8 +2904,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_89_48(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); +from_i16_array_89_6b(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2411,9 +2926,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_131( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( int16_t s[272U]) { - return from_i16_array_89_48(Eurydice_array_to_subslice2( + return from_i16_array_89_6b(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -2424,7 +2939,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_f61( +static KRML_MUSTINLINE void sample_from_xof_2b1( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -2432,25 +2947,25 @@ static KRML_MUSTINLINE void sample_from_xof_f61( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_f1_511(copy_of_seeds); + PortableHash_d1 xof_state = shake128_init_absorb_f1_111(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_f1_7f1(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_4e1(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_023( + bool done = sample_from_uniform_distribution_next_053( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_block_f1_681(&xof_state, randomness); + shake128_squeeze_block_f1_c11(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_024( + done = sample_from_uniform_distribution_next_054( copy_of_randomness, sampled_coefficients, out); } } @@ -2459,7 +2974,7 @@ static KRML_MUSTINLINE void sample_from_xof_f61( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_131(copy_of_out[i]);); + ret0[i] = closure_991(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2472,12 +2987,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_551( +static KRML_MUSTINLINE void sample_matrix_A_231( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_821(A_transpose[i]);); + closure_e81(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -2492,7 +3007,7 @@ static KRML_MUSTINLINE void sample_matrix_A_551( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_f61(copy_of_seeds, sampled); + sample_from_xof_2b1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -2533,7 +3048,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_632(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2555,9 +3070,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_772(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_632(input, ret); + PRFxN_1d2(input, ret); } /** @@ -2616,7 +3131,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_c8(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -2652,7 +3167,7 @@ sample_from_binomial_distribution_2_c8(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_48(Eurydice_array_to_slice( + return from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -2663,7 +3178,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_b8(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -2698,7 +3213,7 @@ sample_from_binomial_distribution_3_b8(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_48(Eurydice_array_to_slice( + return from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -2709,8 +3224,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_e3(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c8(randomness); +sample_from_binomial_distribution_66(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_20(randomness); } /** @@ -2719,7 +3234,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_1c( +static KRML_MUSTINLINE void ntt_at_layer_7_13( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -2747,7 +3262,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_29( +montgomery_multiply_fe_d5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2761,12 +3276,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_a6( + ntt_layer_int_vec_step_d7( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_29(b, zeta_r); + montgomery_multiply_fe_d5(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2780,7 +3295,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_c0( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2793,7 +3308,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_c0( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_a6( + ntt_layer_int_vec_step_d7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2810,7 +3325,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_c1( +static KRML_MUSTINLINE void ntt_at_layer_3_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2828,7 +3343,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_46( +static KRML_MUSTINLINE void ntt_at_layer_2_7b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2848,7 +3363,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_c9( +static KRML_MUSTINLINE void ntt_at_layer_1_4f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2876,7 +3391,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_55( +static KRML_MUSTINLINE void poly_barrett_reduce_89_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2894,17 +3409,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d5( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_88( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_1c(re); + ntt_at_layer_7_13(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c1(&zeta_i, re); - ntt_at_layer_2_46(&zeta_i, re); - ntt_at_layer_1_c9(&zeta_i, re); - poly_barrett_reduce_89_55(re); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_7b(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_2c(re); } /** @@ -2920,11 +3435,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_02();); + re_as_ntt[i] = ZERO_89_39();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2936,12 +3451,12 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_772(prf_inputs, prf_outputs); + PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_e3( + re_as_ntt[i0] = sample_from_binomial_distribution_66( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -2993,9 +3508,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_89_f7(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3032,7 +3547,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_8e1( +static KRML_MUSTINLINE void add_to_ring_element_89_931( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3059,7 +3574,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_a1( +to_standard_domain_3e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3075,14 +3590,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_0b( +static KRML_MUSTINLINE void add_standard_error_reduce_89_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_a1(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_3e(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3100,14 +3615,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_a51( +static KRML_MUSTINLINE void compute_As_plus_e_da1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -3130,10 +3645,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_a51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_8e1(&result[i1], &product); + ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_931(&result[i1], &product); } - add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -3190,10 +3705,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_a91( +static tuple_540 generate_keypair_unpacked_f41( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_111(key_generation_seed, hashed); + G_f1_b61(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3201,15 +3716,15 @@ static tuple_540 generate_keypair_unpacked_a91( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_551(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_231(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_011(copy_of_prf_input0, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_d71(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -3221,10 +3736,10 @@ static tuple_540 generate_keypair_unpacked_a91( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_011(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_d71(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_a51(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_da1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -3278,10 +3793,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_f21( +static void closure_571( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -3294,7 +3809,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_93( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_84( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3316,7 +3831,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_af1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3334,7 +3849,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -3343,18 +3858,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_540 uu____0 = generate_keypair_unpacked_a91(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_f41(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_f21(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_571(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_93(&ind_cpa_public_key.A[j][i1]); + clone_d5_84(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3364,13 +3879,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_9a1( + serialize_public_key_801( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -3414,18 +3929,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e81( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_a91(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_f41(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_9a1(pk.t_as_ntt, + serialize_public_key_801(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_e81(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3452,7 +3967,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_6b( +static KRML_MUSTINLINE void serialize_kem_secret_key_f2( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3481,7 +3996,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_6b( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_af1(public_key, ret0); + H_f1_2e1(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -3522,7 +4037,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -3532,13 +4047,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_e81(ind_cpa_keypair_randomness); + generate_keypair_ec1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_6b( + serialize_kem_secret_key_f2( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, @@ -3549,13 +4064,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_e00(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_a71(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c0( - uu____2, libcrux_ml_kem_types_from_b6_570(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_c91( + uu____2, libcrux_ml_kem_types_from_b6_4c1(copy_of_public_key)); } /** @@ -3571,10 +4086,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_02();); + error_1[i] = ZERO_89_39();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3586,11 +4101,11 @@ sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_772(prf_inputs, prf_outputs); + PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -3611,7 +4126,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_b60(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), @@ -3629,9 +4144,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f4(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_044(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -3640,7 +4155,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_2a( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3664,7 +4179,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_84( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_a6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3684,7 +4199,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_75( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_61( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3704,7 +4219,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_56( + inv_ntt_layer_int_vec_step_reduce_87( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3712,7 +4227,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_29(a_minus_b, zeta_r); + b = montgomery_multiply_fe_d5(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3724,7 +4239,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3739,7 +4254,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_56( + inv_ntt_layer_int_vec_step_reduce_87( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3756,18 +4271,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d41( +static KRML_MUSTINLINE void invert_ntt_montgomery_861( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_84(&zeta_i, re); - invert_ntt_at_layer_3_75(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_55(re); + invert_ntt_at_layer_1_9f(&zeta_i, re); + invert_ntt_at_layer_2_a6(&zeta_i, re); + invert_ntt_at_layer_3_61(&zeta_i, re); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_2c(re); } /** @@ -3780,7 +4295,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_b9( +static KRML_MUSTINLINE void add_error_reduce_89_08( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -3807,14 +4322,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_571( +static KRML_MUSTINLINE void compute_vector_u_a11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -3836,11 +4351,11 @@ static KRML_MUSTINLINE void compute_vector_u_571( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - add_to_ring_element_89_8e1(&result[i1], &product); + ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + add_to_ring_element_89_931(&result[i1], &product); } - invert_ntt_montgomery_d41(&result[i1]); - add_error_reduce_89_b9(&result[i1], &error_1[i1]); + invert_ntt_montgomery_861(&result[i1]); + add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3854,7 +4369,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_e9(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_89(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -3868,8 +4383,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3879,7 +4394,7 @@ deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_e9(coefficient_compressed); + decompress_1_89(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -3895,7 +4410,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_11( +add_message_error_reduce_89_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -3928,18 +4443,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c81( +compute_ring_element_v_1f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_8e1(&result, &product);); - invert_ntt_montgomery_d41(&result); - result = add_message_error_reduce_89_11(error_2, message, result); + ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_931(&result, &product);); + invert_ntt_montgomery_861(&result); + result = add_message_error_reduce_89_8b(error_2, message, result); return result; } @@ -3949,7 +4464,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_94(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3970,9 +4485,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_9b( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_31( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_94(v); + return compress_be(v); } /** @@ -3981,7 +4496,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_940(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4003,8 +4518,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_940(v); +compress_0d_310(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be0(v); } /** @@ -4013,14 +4528,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_2d0( +static KRML_MUSTINLINE void compress_then_serialize_11_e10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b0(to_unsigned_representative_af(re->coefficients[i0])); + compress_0d_310(to_unsigned_representative_78(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4041,10 +4556,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d80( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_2d0(re, uu____0); + compress_then_serialize_11_e10(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4060,7 +4575,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_251( +static void compress_then_serialize_u_241( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4078,7 +4593,7 @@ static void compress_then_serialize_u_251( (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_d80(&re, ret); + compress_then_serialize_ring_element_u_2f0(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), @@ -4092,7 +4607,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_941(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4114,8 +4629,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_941(v); +compress_0d_311(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be1(v); } /** @@ -4124,14 +4639,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_09( +static KRML_MUSTINLINE void compress_then_serialize_4_e5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b1(to_unsigned_representative_af(re.coefficients[i0])); + compress_0d_311(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); core_slice___Slice_T___copy_from_slice( @@ -4149,7 +4664,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_942(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4171,8 +4686,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_942(v); +compress_0d_312(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be2(v); } /** @@ -4181,14 +4696,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_b9( +static KRML_MUSTINLINE void compress_then_serialize_5_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_9b2(to_unsigned_representative_af(re.coefficients[i0])); + compress_0d_312(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); core_slice___Slice_T___copy_from_slice( @@ -4207,9 +4722,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d60( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_310( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_b9(re, out); + compress_then_serialize_5_a3(re, out); } /** @@ -4271,15 +4786,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_651( +static void encrypt_unpacked_6c1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_011(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_d71(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4289,7 +4804,7 @@ static void encrypt_unpacked_651( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_381(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_2c1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4297,33 +4812,33 @@ static void encrypt_unpacked_651( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f4( + PRF_f1_044( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_571(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a11(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(copy_of_message); + deserialize_then_decompress_message_f6(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c81(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1f1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_251( + compress_then_serialize_u_241( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_d60( + compress_then_serialize_ring_element_v_310( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); @@ -4349,11 +4864,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -4365,7 +4880,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4380,7 +4895,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_651(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_6c1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -4391,7 +4906,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_f51(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4412,7 +4927,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_a1(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_44(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -4434,12 +4949,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_523( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4451,7 +4966,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_523( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4477,10 +4992,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_523( + deserialize_ring_elements_reduced_723( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -4488,8 +5003,8 @@ static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_551(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_231(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -4523,7 +5038,7 @@ static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_651(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_6c1(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -4538,7 +5053,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_f4(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_c2(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -4566,15 +5081,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_a1( + entropy_preprocess_af_44( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -4582,8 +5097,8 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_af1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), + H_f1_2e1(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -4591,7 +5106,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4601,20 +5116,20 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, Eurydice_slice); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_f71(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_0d1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_f51(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_f4(shared_secret, shared_secret_array); + kdf_af_c2(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -4633,7 +5148,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_41( +decompress_ciphertext_coefficient_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4658,9 +5173,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc( +decompress_ciphertext_coefficient_0d_f4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_41(v); + return decompress_ciphertext_coefficient_b8(v); } /** @@ -4670,8 +5185,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_02(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_10_e9(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -4683,7 +5198,7 @@ deserialize_then_decompress_10_02(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc(coefficient); + decompress_ciphertext_coefficient_0d_f4(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4696,7 +5211,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_410( +decompress_ciphertext_coefficient_b80( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4721,9 +5236,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc0( +decompress_ciphertext_coefficient_0d_f40( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_410(v); + return decompress_ciphertext_coefficient_b80(v); } /** @@ -4733,8 +5248,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_a4(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_11_f5(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -4746,7 +5261,7 @@ deserialize_then_decompress_11_a4(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc0(coefficient); + decompress_ciphertext_coefficient_0d_f40(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4759,8 +5274,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_450(Eurydice_slice serialized) { - return deserialize_then_decompress_11_a4(serialized); +deserialize_then_decompress_ring_element_u_890(Eurydice_slice serialized) { + return deserialize_then_decompress_11_f5(serialized); } /** @@ -4769,17 +5284,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_d70( +static KRML_MUSTINLINE void ntt_vector_u_ed0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c1(&zeta_i, re); - ntt_at_layer_2_46(&zeta_i, re); - ntt_at_layer_1_c9(&zeta_i, re); - poly_barrett_reduce_89_55(re); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_7b(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_2c(re); } /** @@ -4794,12 +5309,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_201( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_02();); + u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, @@ -4818,8 +5333,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_201( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_450(u_bytes); - ntt_vector_u_d70(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_890(u_bytes); + ntt_vector_u_ed0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4833,7 +5348,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_411( +decompress_ciphertext_coefficient_b81( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4858,9 +5373,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc1( +decompress_ciphertext_coefficient_0d_f41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_411(v); + return decompress_ciphertext_coefficient_b81(v); } /** @@ -4870,8 +5385,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_b6(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_4_34(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -4882,7 +5397,7 @@ deserialize_then_decompress_4_b6(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc1(coefficient); + decompress_ciphertext_coefficient_0d_f41(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4895,7 +5410,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_412( +decompress_ciphertext_coefficient_b82( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4920,9 +5435,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc2( +decompress_ciphertext_coefficient_0d_f42( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_412(v); + return decompress_ciphertext_coefficient_b82(v); } /** @@ -4932,8 +5447,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_9f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_5_53(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -4945,7 +5460,7 @@ deserialize_then_decompress_5_9f(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_cc2(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -4958,8 +5473,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_670(Eurydice_slice serialized) { - return deserialize_then_decompress_5_9f(serialized); +deserialize_then_decompress_ring_element_v_300(Eurydice_slice serialized) { + return deserialize_then_decompress_5_53(serialized); } /** @@ -4973,7 +5488,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_d2(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_7d(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5004,17 +5519,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_f61( +compute_message_cb1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_8e1(&result, &product);); - invert_ntt_montgomery_d41(&result); - result = subtract_reduce_89_d2(v, result); + ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_931(&result, &product);); + invert_ntt_montgomery_861(&result); + result = subtract_reduce_89_7d(v, result); return result; } @@ -5024,13 +5539,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_ef( +static KRML_MUSTINLINE void compress_then_serialize_message_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_af(re.coefficients[i0]); + to_unsigned_representative_78(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5080,20 +5595,20 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_181( +static void decrypt_unpacked_e71( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_201(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b11(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_670( + deserialize_then_decompress_ring_element_v_300( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_f61(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_cb1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_ef(message, ret0); + compress_then_serialize_message_3a(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5102,7 +5617,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_b6(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), @@ -5120,8 +5635,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f3(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -5146,15 +5661,15 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_181(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_e71(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -5166,7 +5681,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5176,7 +5691,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973( + libcrux_ml_kem_utils_into_padded_array_2d4( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -5185,9 +5700,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f3( + PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = @@ -5196,11 +5711,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_651(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_6c1(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f00(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -5219,8 +5734,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_00(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_to_uncompressed_ring_element_05(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -5245,12 +5760,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_6b1( +static KRML_MUSTINLINE void deserialize_secret_key_011( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_02();); + secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5262,7 +5777,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_6b1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_00(secret_bytes); + deserialize_to_uncompressed_ring_element_05(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5280,10 +5795,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_4a1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c21(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_6b1(secret_key, secret_as_ntt); + deserialize_secret_key_011(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5295,7 +5810,7 @@ static void decrypt_4a1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_181(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e71(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5321,7 +5836,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_711( +void libcrux_ml_kem_ind_cca_decapsulate_4f1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5341,9 +5856,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_4a1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c21(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -5352,7 +5867,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -5362,14 +5877,14 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f3( + PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5377,18 +5892,18 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_f71(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_0d1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_f4( + kdf_af_c2( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_f4(shared_secret0, shared_secret); + kdf_af_c2(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f00(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -5412,12 +5927,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_522( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5429,7 +5944,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_522( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5447,7 +5962,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_e80( +static KRML_MUSTINLINE void serialize_secret_key_f80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5466,7 +5981,7 @@ static KRML_MUSTINLINE void serialize_secret_key_e80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_05(&re, ret0); + serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -5486,14 +6001,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_9a0( +static KRML_MUSTINLINE void serialize_public_key_800( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; - serialize_secret_key_e80(t_as_ntt, ret0); + serialize_secret_key_f80(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), @@ -5514,15 +6029,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_522( + deserialize_ring_elements_reduced_722( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_9a0( + serialize_public_key_800( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), @@ -5539,10 +6054,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$2size_t]] */ -typedef struct tuple_4c_s { +typedef struct tuple_4c0_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae snd; -} tuple_4c; +} tuple_4c0; /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for @@ -5553,7 +6068,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_110(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b60(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5564,10 +6079,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_820( +static void closure_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -5585,7 +6100,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_410(uint8_t input[2U][34U]) { +shake128_init_absorb_750(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -5616,11 +6131,11 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_f1_510(uint8_t input[2U][34U]) { +shake128_init_absorb_f1_110(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_410(copy_of_input); + return shake128_init_absorb_750(copy_of_input); } /** @@ -5629,7 +6144,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_540( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_100( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5651,9 +6166,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_7f0( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e0( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_540(self, ret); + shake128_squeeze_three_blocks_100(self, ret); } /** @@ -5704,7 +6219,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_021( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5743,7 +6258,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_880(PortableHash_8b *st, +static KRML_MUSTINLINE void shake128_squeeze_block_ed0(PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5764,9 +6279,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_680( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_c10( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_880(self, ret); + shake128_squeeze_block_ed0(self, ret); } /** @@ -5817,7 +6332,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_022( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5857,9 +6372,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_130( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( int16_t s[272U]) { - return from_i16_array_89_48(Eurydice_array_to_subslice2( + return from_i16_array_89_6b(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -5870,7 +6385,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_f60( +static KRML_MUSTINLINE void sample_from_xof_2b0( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -5878,25 +6393,25 @@ static KRML_MUSTINLINE void sample_from_xof_f60( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_f1_510(copy_of_seeds); + PortableHash_8b xof_state = shake128_init_absorb_f1_110(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_f1_7f0(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_4e0(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_021( + bool done = sample_from_uniform_distribution_next_051( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_block_f1_680(&xof_state, randomness); + shake128_squeeze_block_f1_c10(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_022( + done = sample_from_uniform_distribution_next_052( copy_of_randomness, sampled_coefficients, out); } } @@ -5905,7 +6420,7 @@ static KRML_MUSTINLINE void sample_from_xof_f60( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_130(copy_of_out[i]);); + ret0[i] = closure_990(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5918,12 +6433,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_550( +static KRML_MUSTINLINE void sample_matrix_A_230( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_820(A_transpose[i]);); + closure_e80(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5938,7 +6453,7 @@ static KRML_MUSTINLINE void sample_matrix_A_550( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_f60(copy_of_seeds, sampled); + sample_from_xof_2b0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -5968,10 +6483,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[2size_t], uint8_t */ -typedef struct tuple_74_s { +typedef struct tuple_740_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[2U]; uint8_t snd; -} tuple_74; +} tuple_740; /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN @@ -5979,7 +6494,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_630(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -6001,9 +6516,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_770(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_890(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_630(input, ret); + PRFxN_1d0(input, ret); } /** @@ -6013,8 +6528,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_e30(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_b8(randomness); +sample_from_binomial_distribution_660(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_85(randomness); } /** @@ -6030,11 +6545,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_02();); + re_as_ntt[i] = ZERO_89_39();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6046,18 +6561,18 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_770(prf_inputs, prf_outputs); + PRFxN_f1_890(prf_inputs, prf_outputs); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_e30( + re_as_ntt[i0] = sample_from_binomial_distribution_660( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( copy_of_re_as_ntt, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_74 lit; + tuple_740 lit; memcpy( lit.fst, copy_of_re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6079,7 +6594,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_8e0( +static KRML_MUSTINLINE void add_to_ring_element_89_930( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6108,14 +6623,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_a50( +static KRML_MUSTINLINE void compute_As_plus_e_da0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -6138,10 +6653,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_a50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_8e0(&result[i1], &product); + ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_930(&result[i1], &product); } - add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -6198,10 +6713,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_a90( +static tuple_4c0 generate_keypair_unpacked_f40( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_110(key_generation_seed, hashed); + G_f1_b60(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6209,15 +6724,15 @@ static tuple_4c generate_keypair_unpacked_a90( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_550(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_230(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_010(copy_of_prf_input0, 0U); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_d70(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6229,10 +6744,10 @@ static tuple_4c generate_keypair_unpacked_a90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_010(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_d70(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_a50(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_da0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -6269,7 +6784,7 @@ static tuple_4c generate_keypair_unpacked_a90( memcpy( sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); } /** @@ -6286,10 +6801,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_f20( +static void closure_570( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -6301,7 +6816,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_af0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -6319,7 +6834,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6328,18 +6843,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_4c uu____0 = generate_keypair_unpacked_a90(ind_cpa_keypair_randomness); + tuple_4c0 uu____0 = generate_keypair_unpacked_f40(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_f20(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_570(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_93(&ind_cpa_public_key.A[j][i1]); + clone_d5_84(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6349,13 +6864,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_9a0( + serialize_public_key_800( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -6399,18 +6914,18 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e80( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_a90(key_generation_seed); + tuple_4c0 uu____0 = generate_keypair_unpacked_f40(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_9a0(pk.t_as_ntt, + serialize_public_key_800(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_e80(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6437,7 +6952,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_b4( +static KRML_MUSTINLINE void serialize_kem_secret_key_41( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6466,7 +6981,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_b4( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_af0(public_key, ret0); + H_f1_2e0(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -6507,7 +7022,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6517,13 +7032,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_e80(ind_cpa_keypair_randomness); + generate_keypair_ec0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_b4( + serialize_kem_secret_key_41( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, @@ -6534,13 +7049,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_e01(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_a7(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c1( - uu____2, libcrux_ml_kem_types_from_b6_571(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_c9( + uu____2, libcrux_ml_kem_types_from_b6_4c(copy_of_public_key)); } /** @@ -6549,7 +7064,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_631(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -6571,9 +7086,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_771(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_631(input, ret); + PRFxN_1d1(input, ret); } /** @@ -6588,11 +7103,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { +static KRML_MUSTINLINE tuple_740 +sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_02();); + error_1[i] = ZERO_89_39();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6604,11 +7119,11 @@ sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_771(prf_inputs, prf_outputs); + PRFxN_f1_891(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -6616,7 +7131,7 @@ sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { memcpy( copy_of_error_1, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_74 lit; + tuple_740 lit; memcpy( lit.fst, copy_of_error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6634,9 +7149,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f2(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_042(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -6645,18 +7160,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d40( +static KRML_MUSTINLINE void invert_ntt_montgomery_860( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_84(&zeta_i, re); - invert_ntt_at_layer_3_75(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_55(re); + invert_ntt_at_layer_1_9f(&zeta_i, re); + invert_ntt_at_layer_2_a6(&zeta_i, re); + invert_ntt_at_layer_3_61(&zeta_i, re); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_2c(re); } /** @@ -6668,14 +7183,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_570( +static KRML_MUSTINLINE void compute_vector_u_a10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -6697,11 +7212,11 @@ static KRML_MUSTINLINE void compute_vector_u_570( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - add_to_ring_element_89_8e0(&result[i1], &product); + ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + add_to_ring_element_89_930(&result[i1], &product); } - invert_ntt_montgomery_d40(&result[i1]); - add_error_reduce_89_b9(&result[i1], &error_1[i1]); + invert_ntt_montgomery_860(&result[i1]); + add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -6718,18 +7233,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c80( +compute_ring_element_v_1f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_8e0(&result, &product);); - invert_ntt_montgomery_d40(&result); - result = add_message_error_reduce_89_11(error_2, message, result); + ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_930(&result, &product);); + invert_ntt_montgomery_860(&result); + result = add_message_error_reduce_89_8b(error_2, message, result); return result; } @@ -6739,14 +7254,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_54( +static KRML_MUSTINLINE void compress_then_serialize_10_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b(to_unsigned_representative_af(re->coefficients[i0])); + compress_0d_31(to_unsigned_representative_78(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6767,10 +7282,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d8( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_54(re, uu____0); + compress_then_serialize_10_3b(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6786,7 +7301,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_250( +static void compress_then_serialize_u_240( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6804,7 +7319,7 @@ static void compress_then_serialize_u_250( (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_d8(&re, ret); + compress_then_serialize_ring_element_u_2f(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -6819,9 +7334,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d6( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_09(re, out); + compress_then_serialize_4_e5(re, out); } /** @@ -6883,15 +7398,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_650( +static void encrypt_unpacked_6c0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_010(copy_of_prf_input0, 0U); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_d70(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6900,8 +7415,8 @@ static void encrypt_unpacked_650( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = - sample_ring_element_cbd_380(copy_of_prf_input, domain_separator0); + tuple_740 uu____3 = + sample_ring_element_cbd_2c0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6909,32 +7424,32 @@ static void encrypt_unpacked_650( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f2( + PRF_f1_042( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_570(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a10(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(copy_of_message); + deserialize_then_decompress_message_f6(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c80(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1f0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_250( + compress_then_serialize_u_240( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_d6( + compress_then_serialize_ring_element_v_31( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); @@ -6960,11 +7475,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -6976,7 +7491,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6991,7 +7506,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_650(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_6c0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -7002,7 +7517,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_f5(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -7023,7 +7538,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_57(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_5d(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -7045,12 +7560,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_521( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7062,7 +7577,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_521( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7088,10 +7603,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_521( + deserialize_ring_elements_reduced_721( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -7099,8 +7614,8 @@ static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_550(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_230(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -7134,7 +7649,7 @@ static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_650(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_6c0(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -7149,7 +7664,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_26(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_e8(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -7177,15 +7692,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_57( + entropy_preprocess_af_5d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -7193,8 +7708,8 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_af0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), + H_f1_2e0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -7202,7 +7717,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -7212,20 +7727,20 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_f70(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_0d0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_f5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_26(shared_secret, shared_secret_array); + kdf_af_e8(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7244,8 +7759,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_45(Eurydice_slice serialized) { - return deserialize_then_decompress_10_02(serialized); +deserialize_then_decompress_ring_element_u_89(Eurydice_slice serialized) { + return deserialize_then_decompress_10_e9(serialized); } /** @@ -7254,17 +7769,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_d7( +static KRML_MUSTINLINE void ntt_vector_u_ed( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c1(&zeta_i, re); - ntt_at_layer_2_46(&zeta_i, re); - ntt_at_layer_1_c9(&zeta_i, re); - poly_barrett_reduce_89_55(re); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_7b(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_2c(re); } /** @@ -7279,12 +7794,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_200( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_02();); + u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, @@ -7303,8 +7818,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_200( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_45(u_bytes); - ntt_vector_u_d7(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_89(u_bytes); + ntt_vector_u_ed(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7318,8 +7833,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_67(Eurydice_slice serialized) { - return deserialize_then_decompress_4_b6(serialized); +deserialize_then_decompress_ring_element_v_30(Eurydice_slice serialized) { + return deserialize_then_decompress_4_34(serialized); } /** @@ -7335,17 +7850,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_f60( +compute_message_cb0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_8e0(&result, &product);); - invert_ntt_montgomery_d40(&result); - result = subtract_reduce_89_d2(v, result); + ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_930(&result, &product);); + invert_ntt_montgomery_860(&result); + result = subtract_reduce_89_7d(v, result); return result; } @@ -7383,20 +7898,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_180( +static void decrypt_unpacked_e70( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_200(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b10(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_67( + deserialize_then_decompress_ring_element_v_30( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_f60(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_cb0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_ef(message, ret0); + compress_then_serialize_message_3a(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7410,8 +7925,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f1(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -7436,14 +7951,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_180(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_e70(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -7455,7 +7970,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -7465,7 +7980,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974( + libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -7474,9 +7989,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f1( + PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = @@ -7485,11 +8000,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_650(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_6c0(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f01(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -7510,12 +8025,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_6b0( +static KRML_MUSTINLINE void deserialize_secret_key_010( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_02();); + secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7527,7 +8042,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_6b0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_00(secret_bytes); + deserialize_to_uncompressed_ring_element_05(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7545,10 +8060,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_4a0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c20(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_6b0(secret_key, secret_as_ntt); + deserialize_secret_key_010(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7560,7 +8075,7 @@ static void decrypt_4a0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_180(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e70(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7586,7 +8101,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_710( +void libcrux_ml_kem_ind_cca_decapsulate_4f0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -7605,9 +8120,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_4a0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c20(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -7616,7 +8131,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -7626,14 +8141,14 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f1( + PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -7641,18 +8156,18 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_f70(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_0d0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_26( + kdf_af_e8( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_26(shared_secret0, shared_secret); + kdf_af_e8(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f01(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -7676,12 +8191,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_520( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7693,7 +8208,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_520( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7711,7 +8226,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_e8( +static KRML_MUSTINLINE void serialize_secret_key_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7730,7 +8245,7 @@ static KRML_MUSTINLINE void serialize_secret_key_e8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_05(&re, ret0); + serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -7750,7 +8265,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_9a( +static KRML_MUSTINLINE void serialize_public_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -7758,7 +8273,7 @@ static KRML_MUSTINLINE void serialize_public_key_9a( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - serialize_secret_key_e8(t_as_ntt, ret0); + serialize_secret_key_f8(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -7779,15 +8294,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_520( + deserialize_ring_elements_reduced_720( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_9a( + serialize_public_key_80( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -7818,7 +8333,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_11(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b6(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7829,10 +8344,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_82( +static void closure_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -7850,7 +8365,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_41(uint8_t input[3U][34U]) { +shake128_init_absorb_75(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7881,11 +8396,11 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_f1_51(uint8_t input[3U][34U]) { +shake128_init_absorb_f1_11(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_41(copy_of_input); + return shake128_init_absorb_75(copy_of_input); } /** @@ -7894,7 +8409,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_54( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_10( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7916,9 +8431,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_7f( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_54(self, ret); + shake128_squeeze_three_blocks_10(self, ret); } /** @@ -7969,7 +8484,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_02( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -8008,7 +8523,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_88(PortableHash_58 *st, +static KRML_MUSTINLINE void shake128_squeeze_block_ed(PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -8029,9 +8544,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_68( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_c1( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_88(self, ret); + shake128_squeeze_block_ed(self, ret); } /** @@ -8082,7 +8597,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_020( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -8122,9 +8637,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_13( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( int16_t s[272U]) { - return from_i16_array_89_48(Eurydice_array_to_subslice2( + return from_i16_array_89_6b(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -8135,7 +8650,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_f6( +static KRML_MUSTINLINE void sample_from_xof_2b( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -8143,25 +8658,25 @@ static KRML_MUSTINLINE void sample_from_xof_f6( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_f1_51(copy_of_seeds); + PortableHash_58 xof_state = shake128_init_absorb_f1_11(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_f1_7f(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_4e(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_02( + bool done = sample_from_uniform_distribution_next_05( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_block_f1_68(&xof_state, randomness); + shake128_squeeze_block_f1_c1(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_020( + done = sample_from_uniform_distribution_next_050( copy_of_randomness, sampled_coefficients, out); } } @@ -8170,7 +8685,7 @@ static KRML_MUSTINLINE void sample_from_xof_f6( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_13(copy_of_out[i]);); + ret0[i] = closure_99(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8183,12 +8698,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_55( +static KRML_MUSTINLINE void sample_matrix_A_23( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_82(A_transpose[i]);); + closure_e8(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -8203,7 +8718,7 @@ static KRML_MUSTINLINE void sample_matrix_A_55( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_f6(copy_of_seeds, sampled); + sample_from_xof_2b(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -8244,7 +8759,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_63(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -8266,9 +8781,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_77(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_63(input, ret); + PRFxN_1d(input, ret); } /** @@ -8284,11 +8799,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_02();); + re_as_ntt[i] = ZERO_89_39();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8300,12 +8815,12 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_77(prf_inputs, prf_outputs); + PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_e3( + re_as_ntt[i0] = sample_from_binomial_distribution_66( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -8333,7 +8848,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_8e( +static KRML_MUSTINLINE void add_to_ring_element_89_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8362,14 +8877,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_a5( +static KRML_MUSTINLINE void compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -8392,10 +8907,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_8e(&result[i1], &product); + ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_93(&result[i1], &product); } - add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -8452,10 +8967,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_a9( +static tuple_9b generate_keypair_unpacked_f4( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_11(key_generation_seed, hashed); + G_f1_b6(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8463,15 +8978,15 @@ static tuple_9b generate_keypair_unpacked_a9( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_55(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_23(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_01(copy_of_prf_input0, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_d7(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -8483,10 +8998,10 @@ static tuple_9b generate_keypair_unpacked_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_01(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_d7(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_a5(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -8540,10 +9055,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_f2( +static void closure_57( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -8555,7 +9070,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_af(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -8573,7 +9088,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -8582,18 +9097,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b uu____0 = generate_keypair_unpacked_a9(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_f4(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_f2(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_57(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_93(&ind_cpa_public_key.A[j][i1]); + clone_d5_84(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8603,13 +9118,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_9a( + serialize_public_key_80( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -8653,18 +9168,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e8( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_a9(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_f4(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_9a(pk.t_as_ntt, + serialize_public_key_80(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_e8(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8691,7 +9206,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_97( +static KRML_MUSTINLINE void serialize_kem_secret_key_a8( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8720,7 +9235,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_97( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_af(public_key, ret0); + H_f1_2e(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -8761,7 +9276,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -8771,13 +9286,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_e8(ind_cpa_keypair_randomness); + generate_keypair_ec(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_97( + serialize_kem_secret_key_a8( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -8788,13 +9303,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_e0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_a70(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c( - uu____2, libcrux_ml_kem_types_from_b6_57(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_c90( + uu____2, libcrux_ml_kem_types_from_b6_4c0(copy_of_public_key)); } /** @@ -8810,10 +9325,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_02();); + error_1[i] = ZERO_89_39();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8825,11 +9340,11 @@ sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_77(prf_inputs, prf_outputs); + PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8855,9 +9370,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f0(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_040(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -8866,18 +9381,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d4( +static KRML_MUSTINLINE void invert_ntt_montgomery_86( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_84(&zeta_i, re); - invert_ntt_at_layer_3_75(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_55(re); + invert_ntt_at_layer_1_9f(&zeta_i, re); + invert_ntt_at_layer_2_a6(&zeta_i, re); + invert_ntt_at_layer_3_61(&zeta_i, re); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_2c(re); } /** @@ -8889,14 +9404,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_57( +static KRML_MUSTINLINE void compute_vector_u_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -8918,11 +9433,11 @@ static KRML_MUSTINLINE void compute_vector_u_57( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - add_to_ring_element_89_8e(&result[i1], &product); + ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + add_to_ring_element_89_93(&result[i1], &product); } - invert_ntt_montgomery_d4(&result[i1]); - add_error_reduce_89_b9(&result[i1], &error_1[i1]); + invert_ntt_montgomery_86(&result[i1]); + add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -8939,18 +9454,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c8( +compute_ring_element_v_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_8e(&result, &product);); - invert_ntt_montgomery_d4(&result); - result = add_message_error_reduce_89_11(error_2, message, result); + ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_93(&result, &product);); + invert_ntt_montgomery_86(&result); + result = add_message_error_reduce_89_8b(error_2, message, result); return result; } @@ -8966,7 +9481,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_25( +static void compress_then_serialize_u_24( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8984,7 +9499,7 @@ static void compress_then_serialize_u_25( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_d8(&re, ret); + compress_then_serialize_ring_element_u_2f(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -9051,15 +9566,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_65( +static void encrypt_unpacked_6c( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_01(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_d7(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -9069,7 +9584,7 @@ static void encrypt_unpacked_65( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_38(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_2c(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -9077,32 +9592,32 @@ static void encrypt_unpacked_65( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f0( + PRF_f1_040( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_57(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(copy_of_message); + deserialize_then_decompress_message_f6(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c8(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1f(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_25( + compress_then_serialize_u_24( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_d6( + compress_then_serialize_ring_element_v_31( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -9128,11 +9643,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -9144,7 +9659,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -9159,7 +9674,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_65(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_6c(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -9170,7 +9685,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_f50(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -9191,7 +9706,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_d2(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_6c(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -9213,12 +9728,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_52( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9230,7 +9745,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_52( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -9256,10 +9771,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_52( + deserialize_ring_elements_reduced_72( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -9267,8 +9782,8 @@ static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_55(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_23(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -9302,7 +9817,7 @@ static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_65(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_6c(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -9317,7 +9832,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_69(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_b6(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -9345,15 +9860,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_d2( + entropy_preprocess_af_6c( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -9361,8 +9876,8 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_af(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), + H_f1_2e(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -9370,7 +9885,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -9380,20 +9895,20 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, Eurydice_slice); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_f7(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_0d(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_f50(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_69(shared_secret, shared_secret_array); + kdf_af_b6(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -9417,12 +9932,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_20( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_02();); + u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, @@ -9441,8 +9956,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_20( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_45(u_bytes); - ntt_vector_u_d7(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_89(u_bytes); + ntt_vector_u_ed(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -9462,17 +9977,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_f6( +compute_message_cb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_8e(&result, &product);); - invert_ntt_montgomery_d4(&result); - result = subtract_reduce_89_d2(v, result); + ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_93(&result, &product);); + invert_ntt_montgomery_86(&result); + result = subtract_reduce_89_7d(v, result); return result; } @@ -9510,20 +10025,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_18( +static void decrypt_unpacked_e7( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_20(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_67( + deserialize_then_decompress_ring_element_v_30( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_f6(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_cb(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_ef(message, ret0); + compress_then_serialize_message_3a(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9537,8 +10052,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -9563,14 +10078,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_18(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_e7(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -9582,7 +10097,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -9592,7 +10107,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( + libcrux_ml_kem_utils_into_padded_array_2d3( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -9601,9 +10116,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f( + PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -9612,11 +10127,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_65(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_6c(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f0(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -9637,12 +10152,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_6b( +static KRML_MUSTINLINE void deserialize_secret_key_01( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_02();); + secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9654,7 +10169,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_6b( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_00(secret_bytes); + deserialize_to_uncompressed_ring_element_05(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -9672,10 +10187,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_4a(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c2(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_6b(secret_key, secret_as_ntt); + deserialize_secret_key_01(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -9687,7 +10202,7 @@ static void decrypt_4a(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_18(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e7(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9713,7 +10228,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_71( +void libcrux_ml_kem_ind_cca_decapsulate_4f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -9732,9 +10247,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_71( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_4a(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c2(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -9743,7 +10258,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_71( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -9753,14 +10268,14 @@ void libcrux_ml_kem_ind_cca_decapsulate_71( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f( + PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -9768,17 +10283,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_71( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_f7(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_0d(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_69( + kdf_af_b6( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_69(shared_secret0, shared_secret); + kdf_af_b6(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f0(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 59e15235c..3d3735079 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem_portable_H @@ -39,49 +39,10 @@ void libcrux_ml_kem_hash_functions_portable_H(Eurydice_slice input, #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes); - typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { int16_t elements[16U]; } libcrux_ml_kem_vector_portable_vector_type_PortableVector; -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); - -void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array); @@ -92,55 +53,6 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array); -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; - -uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_slice v); - -void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); - typedef struct uint8_t_x11_s { uint8_t fst; uint8_t snd; @@ -170,9 +82,23 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[22U]); +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; + int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void); + libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); @@ -183,6 +109,22 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a); +void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +extern const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] + [16U]; + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -559,6 +501,55 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]); +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); + +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_slice v); + +void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]); + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); + uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_slice v); @@ -574,6 +565,19 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]); +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); + typedef struct uint8_t_x3_s { uint8_t fst; uint8_t snd; diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index cf02dc3bc..89cc9f803 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_sha3_H @@ -29,7 +29,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd(buf0, buf); + libcrux_sha3_portable_keccakx1_2a(buf0, buf); } /** @@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd0(buf0, buf); + libcrux_sha3_portable_keccakx1_2a0(buf0, buf); } /** @@ -49,7 +49,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd1(buf0, buf); + libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } /** @@ -59,7 +59,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd2(buf0, buf); + libcrux_sha3_portable_keccakx1_2a2(buf0, buf); } /** @@ -69,7 +69,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd3(buf0, buf); + libcrux_sha3_portable_keccakx1_2a3(buf0, buf); } /** @@ -158,7 +158,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd4(buf0, buf); + libcrux_sha3_portable_keccakx1_2a4(buf0, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 814ac74f7..8f3f323a2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -5,69 +5,2313 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ -#include "libcrux_sha3_avx2.h" +#include "internal/libcrux_sha3_avx2.h" + +#include "internal/libcrux_core.h" + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE __m256i zero_ef(void) { + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +} + +static KRML_MUSTINLINE __m256i _veor5q_u64(__m256i a, __m256i b, __m256i c, + __m256i d, __m256i e) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + __m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE __m256i xor5_ef(__m256i a, __m256i b, __m256i c, + __m256i d, __m256i e) { + return _veor5q_u64(a, b, c, d, e); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE __m256i rotate_left_58(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, __m256i)); +} + +static KRML_MUSTINLINE __m256i _vrax1q_u64(__m256i a, __m256i b) { + __m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE __m256i rotate_left1_and_xor_ef(__m256i a, __m256i b) { + return _vrax1q_u64(a, b); +} + +static KRML_MUSTINLINE __m256i _vbcaxq_u64(__m256i a, __m256i b, __m256i c) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE __m256i and_not_xor_ef(__m256i a, __m256i b, __m256i c) { + return _vbcaxq_u64(a, b, c); +} + +static KRML_MUSTINLINE __m256i _veorq_n_u64(__m256i a, uint64_t c) { + __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE __m256i xor_constant_ef(__m256i a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE __m256i xor_ef(__m256i a, __m256i b) { + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +} + +static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, + size_t len, Eurydice_slice ret[4U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, + Eurydice_slice); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, + Eurydice_slice); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE void slice_n_ef(Eurydice_slice a[4U], size_t start, + size_t len, Eurydice_slice ret[4U]) { + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[4U]; + memcpy(copy_of_a, a, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[4U]; + slice_4(copy_of_a, start, len, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); +} + +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +split_at_mut_4(Eurydice_slice out[4U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice out2 = out[2U]; + Eurydice_slice out3 = out[3U]; + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out20 = uu____2.fst; + Eurydice_slice out21 = uu____2.snd; + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out30 = uu____3.fst; + Eurydice_slice out31 = uu____3.snd; + Eurydice_slice_uint8_t_4size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.fst[2U] = out20; + lit.fst[3U] = out30; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + lit.snd[2U] = out21; + lit.snd[3U] = out31; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { + return split_at_mut_4(a, mid); +} + +/** + Create a new Shake128 x4 state. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 +new_1e_16(void) { + libcrux_sha3_generic_keccak_KeccakState_29 lit; + lit.st[0U][0U] = zero_ef(); + lit.st[0U][1U] = zero_ef(); + lit.st[0U][2U] = zero_ef(); + lit.st[0U][3U] = zero_ef(); + lit.st[0U][4U] = zero_ef(); + lit.st[1U][0U] = zero_ef(); + lit.st[1U][1U] = zero_ef(); + lit.st[1U][2U] = zero_ef(); + lit.st[1U][3U] = zero_ef(); + lit.st[1U][4U] = zero_ef(); + lit.st[2U][0U] = zero_ef(); + lit.st[2U][1U] = zero_ef(); + lit.st[2U][2U] = zero_ef(); + lit.st[2U][3U] = zero_ef(); + lit.st[2U][4U] = zero_ef(); + lit.st[3U][0U] = zero_ef(); + lit.st[3U][1U] = zero_ef(); + lit.st[3U][2U] = zero_ef(); + lit.st[3U][3U] = zero_ef(); + lit.st[3U][4U] = zero_ef(); + lit.st[4U][0U] = zero_ef(); + lit.st[4U][1U] = zero_ef(); + lit.st[4U][2U] = zero_ef(); + lit.st[4U][3U] = zero_ef(); + lit.st[4U][4U] = zero_ef(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + __m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + __m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + __m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + __m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, __m256i); + __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, __m256i); + __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, __m256i); + __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, __m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_ef_6a(__m256i (*a)[5U], + Eurydice_slice b[4U]) { + __m256i(*uu____0)[5U] = a; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[4U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); + load_block_c7(uu____0, copy_of_b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE __m256i rotate_left_580(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c1(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_580(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_17(__m256i a, __m256i b) { + return _vxarq_u64_c1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE __m256i rotate_left_581(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c10(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_581(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_170(__m256i a, __m256i b) { + return _vxarq_u64_c10(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE __m256i rotate_left_582(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c11(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_582(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_171(__m256i a, __m256i b) { + return _vxarq_u64_c11(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE __m256i rotate_left_583(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c12(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_583(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_172(__m256i a, __m256i b) { + return _vxarq_u64_c12(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c13(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_58(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_173(__m256i a, __m256i b) { + return _vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE __m256i rotate_left_584(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c14(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_174(__m256i a, __m256i b) { + return _vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE __m256i rotate_left_585(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c15(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_175(__m256i a, __m256i b) { + return _vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE __m256i rotate_left_586(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c16(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_176(__m256i a, __m256i b) { + return _vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE __m256i rotate_left_587(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c17(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_177(__m256i a, __m256i b) { + return _vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE __m256i rotate_left_588(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c18(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_178(__m256i a, __m256i b) { + return _vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE __m256i rotate_left_589(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c19(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_179(__m256i a, __m256i b) { + return _vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5810(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c110(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1710(__m256i a, __m256i b) { + return _vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5811(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c111(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1711(__m256i a, __m256i b) { + return _vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5812(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c112(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1712(__m256i a, __m256i b) { + return _vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5813(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c113(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1713(__m256i a, __m256i b) { + return _vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5814(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c114(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1714(__m256i a, __m256i b) { + return _vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5815(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c115(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1715(__m256i a, __m256i b) { + return _vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5816(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c116(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1716(__m256i a, __m256i b) { + return _vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5817(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c117(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1717(__m256i a, __m256i b) { + return _vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5818(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c118(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1718(__m256i a, __m256i b) { + return _vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5819(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c119(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1719(__m256i a, __m256i b) { + return _vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5820(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c120(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1720(__m256i a, __m256i b) { + return _vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5821(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c121(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1721(__m256i a, __m256i b) { + return _vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5822(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c122(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1722(__m256i a, __m256i b) { + return _vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void theta_rho_71( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + __m256i c[5U] = {xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], + s->st[3U][0U], s->st[4U][0U]), + xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], + s->st[3U][1U], s->st[4U][1U]), + xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], + s->st[3U][2U], s->st[4U][2U]), + xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], + s->st[3U][3U], s->st[4U][3U]), + xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], + s->st[3U][4U], s->st[4U][4U])}; + __m256i uu____0 = + rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + __m256i uu____1 = + rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + __m256i uu____2 = + rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + __m256i uu____3 = + rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + __m256i t[5U] = { + uu____0, uu____1, uu____2, uu____3, + rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); + s->st[1U][0U] = xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[2U][0U] = xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[3U][0U] = xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[4U][0U] = xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[0U][1U] = xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[1U][1U] = xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[2U][1U] = xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[3U][1U] = xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[4U][1U] = xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[0U][2U] = xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[1U][2U] = xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[2U][2U] = xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[3U][2U] = xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[4U][2U] = xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[0U][3U] = xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[1U][3U] = xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[2U][3U] = xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[3U][3U] = xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[4U][3U] = xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[0U][4U] = xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[1U][4U] = xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[2U][4U] = xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[3U][4U] = xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + __m256i uu____27 = xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void pi_01( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void chi_9b( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + s->st[i1][j] = and_not_xor_ef( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]););); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void iota_09( + libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { + s->st[0U][0U] = xor_constant_ef( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void keccakf1600_07( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho_71(s); + pi_01(s); + chi_9b(s); + iota_09(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void absorb_block_37( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { + __m256i(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); + load_block_ef_6a(uu____0, uu____1); + keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_91(__m256i (*s)[5U], + uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block_c7(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_ef_05(__m256i (*a)[5U], + uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_91(uu____0, copy_of_b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + __m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_ef_05(uu____3, uu____4); + keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_0b(__m256i (*s)[5U], + uint8_t ret[4U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + uint8_t out2[200U] = {0U}; + uint8_t out3[200U] = {0U}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + store_block_e9(s, buf); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out0[200U]; + memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out1[200U]; + memcpy(copy_of_out1, out1, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out2[200U]; + memcpy(copy_of_out2, out2, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], copy_of_out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], copy_of_out2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_ef_99(__m256i (*a)[5U], + uint8_t ret[4U][200U]) { + store_block_full_0b(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_a4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + uint8_t b[4U][200U]; + store_block_full_ef_99(s->st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_ef_f6(__m256i (*a)[5U], + Eurydice_slice b[4U]) { + store_block_e9(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_block_e9( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_next_block_1c( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + keccakf1600_07(s); + store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_last_77( + libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { + keccakf1600_07(&s); + uint8_t b[4U][200U]; + store_block_full_ef_99(s.st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], + Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_37(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n_ef(copy_of_data, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_a4(&s, out); + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____4 = + split_at_mut_n_ef(out, (size_t)136U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o1[4U]; + memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e9(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____5 = + split_at_mut_n_ef(o1, (size_t)136U); + Eurydice_slice o[4U]; + memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice orest[4U]; + memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c(&s, o); + memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_77(s, o1); + } + } +} /** Perform 4 SHAKE256 operations in parallel */ -KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, - Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice input2, Eurydice_slice input3, + Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + keccak_14(buf0, buf); } /** Initialise the [`KeccakState`]. */ -KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new_1e_16(); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + __m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + __m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + __m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + __m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, __m256i); + __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, __m256i); + __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, __m256i); + __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, __m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_910(__m256i (*s)[5U], + uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block_c70(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_ef_050(__m256i (*a)[5U], + uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_910(uu____0, copy_of_b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void absorb_final_5e0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + __m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_ef_050(uu____3, uu____4); + keccakf1600_07(s); } /** Absorb */ -KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, +void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + absorb_final_5e0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void store_block_ef_f60(__m256i (*a)[5U], + Eurydice_slice b[4U]) { + store_block_e90(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_next_block_1c0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + keccakf1600_07(s); + store_block_ef_f60(s->st, out); } /** Squeeze another block */ -KRML_MUSTINLINE void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_next_block_1c0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_block_e90( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o2[4U]; + memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o1); + squeeze_next_block_1c0(s, o2); } /** Squeeze three blocks */ -KRML_MUSTINLINE void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o20[4U]; + memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o1); + Eurydice_slice_uint8_t_4size_t__x2 uu____2 = + split_at_mut_n_ef(o20, (size_t)168U); + Eurydice_slice o2[4U]; + memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o30[4U]; + memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o2); + Eurydice_slice_uint8_t_4size_t__x2 uu____3 = + split_at_mut_n_ef(o30, (size_t)168U); + Eurydice_slice o3[4U]; + memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o4[4U]; + memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o3); + squeeze_next_block_1c0(s, o4); } /** @@ -75,22 +2319,20 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_first_five_blocks_e4(s, buf); } /** Absorb */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } /** @@ -98,11 +2340,10 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_first_block_e9(s, buf); } /** @@ -110,9 +2351,8 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_next_block_1c(s, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 2354d05fe..7db033a15 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_sha3_avx2_H @@ -20,7 +20,18 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_sha3_neon.h" +#include "libcrux_core.h" +#include "libcrux_sha3_internal.h" + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_x86___m256i +with const generics +- $4size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { + __m256i st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_29; /** Perform 4 SHAKE256 operations in parallel @@ -30,63 +41,59 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; -} libcrux_sha3_avx2_x4_incremental_KeccakState; - /** Initialise the [`KeccakState`]. */ -libcrux_sha3_avx2_x4_incremental_KeccakState +libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void); /** Absorb */ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); /** Squeeze another block */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Squeeze three blocks */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Squeeze five blocks */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Absorb */ void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); /** Squeeze block */ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Squeeze next block */ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index b0f8e37b8..6ed85eaba 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); } /** @@ -202,7 +202,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_7a(void) { +libcrux_sha3_generic_keccak_new_1e_f2(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -237,7 +237,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -262,11 +262,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de(s, buf); + libcrux_sha3_portable_keccak_load_block_b3(s, buf); } /** @@ -278,13 +278,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); } /** @@ -294,7 +294,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -305,9 +305,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_340(ab); + return libcrux_sha3_portable_keccak_rotate_left_db0(ab); } /** @@ -321,8 +321,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); } /** @@ -332,7 +332,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -343,9 +343,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_341(ab); + return libcrux_sha3_portable_keccak_rotate_left_db1(ab); } /** @@ -359,8 +359,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); } /** @@ -370,7 +370,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -381,9 +381,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_342(ab); + return libcrux_sha3_portable_keccak_rotate_left_db2(ab); } /** @@ -397,8 +397,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); } /** @@ -408,7 +408,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -419,9 +419,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_343(ab); + return libcrux_sha3_portable_keccak_rotate_left_db3(ab); } /** @@ -435,8 +435,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); } /** @@ -446,9 +446,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_34(ab); + return libcrux_sha3_portable_keccak_rotate_left_db(ab); } /** @@ -462,8 +462,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); } /** @@ -473,7 +473,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -484,9 +484,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_344(ab); + return libcrux_sha3_portable_keccak_rotate_left_db4(ab); } /** @@ -500,8 +500,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); } /** @@ -511,7 +511,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -522,9 +522,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_345(ab); + return libcrux_sha3_portable_keccak_rotate_left_db5(ab); } /** @@ -538,8 +538,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); } /** @@ -549,7 +549,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -560,9 +560,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_346(ab); + return libcrux_sha3_portable_keccak_rotate_left_db6(ab); } /** @@ -576,8 +576,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); } /** @@ -587,7 +587,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -598,9 +598,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_347(ab); + return libcrux_sha3_portable_keccak_rotate_left_db7(ab); } /** @@ -614,8 +614,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); } /** @@ -625,7 +625,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -636,9 +636,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_348(ab); + return libcrux_sha3_portable_keccak_rotate_left_db8(ab); } /** @@ -652,8 +652,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); } /** @@ -663,7 +663,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -674,9 +674,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_349(ab); + return libcrux_sha3_portable_keccak_rotate_left_db9(ab); } /** @@ -690,8 +690,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); } /** @@ -701,7 +701,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -712,9 +712,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3410(ab); + return libcrux_sha3_portable_keccak_rotate_left_db10(ab); } /** @@ -728,8 +728,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); } /** @@ -739,7 +739,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -750,9 +750,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3411(ab); + return libcrux_sha3_portable_keccak_rotate_left_db11(ab); } /** @@ -766,8 +766,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); } /** @@ -777,7 +777,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -788,9 +788,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3412(ab); + return libcrux_sha3_portable_keccak_rotate_left_db12(ab); } /** @@ -804,8 +804,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); } /** @@ -815,7 +815,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -826,9 +826,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3413(ab); + return libcrux_sha3_portable_keccak_rotate_left_db13(ab); } /** @@ -842,8 +842,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); } /** @@ -853,7 +853,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -864,9 +864,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3414(ab); + return libcrux_sha3_portable_keccak_rotate_left_db14(ab); } /** @@ -880,8 +880,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); } /** @@ -891,7 +891,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -902,9 +902,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3415(ab); + return libcrux_sha3_portable_keccak_rotate_left_db15(ab); } /** @@ -918,8 +918,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); } /** @@ -929,7 +929,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -940,9 +940,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3416(ab); + return libcrux_sha3_portable_keccak_rotate_left_db16(ab); } /** @@ -956,8 +956,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); } /** @@ -967,7 +967,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -978,9 +978,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3417(ab); + return libcrux_sha3_portable_keccak_rotate_left_db17(ab); } /** @@ -994,8 +994,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); } /** @@ -1005,7 +1005,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1016,9 +1016,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3418(ab); + return libcrux_sha3_portable_keccak_rotate_left_db18(ab); } /** @@ -1032,8 +1032,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); } /** @@ -1043,7 +1043,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1054,9 +1054,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3419(ab); + return libcrux_sha3_portable_keccak_rotate_left_db19(ab); } /** @@ -1070,8 +1070,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); } /** @@ -1081,7 +1081,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1092,9 +1092,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3420(ab); + return libcrux_sha3_portable_keccak_rotate_left_db20(ab); } /** @@ -1108,8 +1108,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); } /** @@ -1119,7 +1119,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1130,9 +1130,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3421(ab); + return libcrux_sha3_portable_keccak_rotate_left_db21(ab); } /** @@ -1146,8 +1146,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); } /** @@ -1157,7 +1157,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1168,9 +1168,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3422(ab); + return libcrux_sha3_portable_keccak_rotate_left_db22(ab); } /** @@ -1184,8 +1184,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); } /** @@ -1194,7 +1194,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1230,53 +1230,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1286,7 +1286,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1322,7 +1322,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1340,7 +1340,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1352,14 +1352,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_8d(s); - libcrux_sha3_generic_keccak_pi_ac(s); - libcrux_sha3_generic_keccak_chi_c7(s); - libcrux_sha3_generic_keccak_iota_4f(s, i0); + libcrux_sha3_generic_keccak_theta_rho_eb(s); + libcrux_sha3_generic_keccak_pi_b8(s); + libcrux_sha3_generic_keccak_chi_1f(s); + libcrux_sha3_generic_keccak_iota_83(s, i0); } } @@ -1371,7 +1371,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1390,8 +1390,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1399,7 +1399,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -1424,9 +1424,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_39(a, b); + libcrux_sha3_portable_keccak_store_block_58(a, b); } /** @@ -1436,10 +1436,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1449,9 +1449,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1459,7 +1459,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1484,11 +1484,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de0(s, buf); + libcrux_sha3_portable_keccak_load_block_b30(s, buf); } /** @@ -1500,13 +1500,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); } /** @@ -1517,7 +1517,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1536,8 +1536,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1545,7 +1545,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1570,9 +1570,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_390(a, b); + libcrux_sha3_portable_keccak_store_block_580(a, b); } /** @@ -1582,9 +1582,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1594,10 +1594,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1609,13 +1609,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); } /** @@ -1625,13 +1625,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1639,12 +1639,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_39(s, buf); + libcrux_sha3_portable_keccak_store_block_58(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1661,9 +1661,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); } /** @@ -1674,10 +1674,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_653( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1700,11 +1700,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1728,10 +1728,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { @@ -1743,7 +1743,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; @@ -1755,12 +1755,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1768,7 +1768,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1786,12 +1786,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); } } } @@ -1802,12 +1802,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf4(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); } /** @@ -1815,7 +1815,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1844,13 +1844,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); } /** @@ -1860,13 +1860,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1874,11 +1874,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de3(s, buf); + libcrux_sha3_portable_keccak_load_block_b33(s, buf); } /** @@ -1890,13 +1890,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); } /** @@ -1907,7 +1907,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1926,8 +1926,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1935,7 +1935,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1956,12 +1956,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_393(s, buf); + libcrux_sha3_portable_keccak_store_block_583(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1978,9 +1978,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); } /** @@ -1991,10 +1991,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_652( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2019,9 +2019,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_393(a, b); + libcrux_sha3_portable_keccak_store_block_583(a, b); } /** @@ -2031,9 +2031,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** @@ -2043,10 +2043,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** @@ -2056,11 +2056,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2084,10 +2084,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { @@ -2099,7 +2099,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; @@ -2111,12 +2111,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2124,7 +2124,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2142,12 +2142,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); } } } @@ -2158,12 +2158,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf3(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); } /** @@ -2171,7 +2171,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2200,13 +2200,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de2(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); } /** @@ -2216,13 +2216,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2230,11 +2230,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de2(s, buf); + libcrux_sha3_portable_keccak_load_block_b32(s, buf); } /** @@ -2246,13 +2246,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); } /** @@ -2263,7 +2263,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2282,8 +2282,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2291,7 +2291,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2312,12 +2312,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_392(s, buf); + libcrux_sha3_portable_keccak_store_block_582(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2334,9 +2334,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); } /** @@ -2347,10 +2347,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_651( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2375,9 +2375,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_392(a, b); + libcrux_sha3_portable_keccak_store_block_582(a, b); } /** @@ -2387,9 +2387,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -2399,10 +2399,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -2412,11 +2412,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2440,10 +2440,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { @@ -2455,7 +2455,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; @@ -2467,12 +2467,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2480,7 +2480,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2498,12 +2498,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); } } } @@ -2514,12 +2514,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf2(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); } /** @@ -2531,13 +2531,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de0(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); } /** @@ -2547,13 +2547,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2561,12 +2561,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_390(s, buf); + libcrux_sha3_portable_keccak_store_block_580(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2583,9 +2583,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); } /** @@ -2596,10 +2596,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_650( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2622,11 +2622,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2650,10 +2650,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2665,7 +2665,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2677,12 +2677,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2690,7 +2690,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2708,12 +2708,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2724,12 +2724,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf1(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); } /** @@ -2740,7 +2740,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2759,8 +2759,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2771,10 +2771,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2786,7 +2786,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2798,12 +2798,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2811,7 +2811,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2829,12 +2829,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2845,12 +2845,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf0(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); } /** @@ -2858,7 +2858,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2887,13 +2887,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de1(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); } /** @@ -2903,13 +2903,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2917,11 +2917,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de1(s, buf); + libcrux_sha3_portable_keccak_load_block_b31(s, buf); } /** @@ -2933,13 +2933,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); } /** @@ -2950,7 +2950,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2969,8 +2969,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2978,7 +2978,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2999,12 +2999,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_391(s, buf); + libcrux_sha3_portable_keccak_store_block_581(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -3020,9 +3020,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); } /** @@ -3033,10 +3033,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_65( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3061,9 +3061,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_391(a, b); + libcrux_sha3_portable_keccak_store_block_581(a, b); } /** @@ -3073,9 +3073,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** @@ -3085,10 +3085,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** @@ -3098,11 +3098,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3126,10 +3126,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { @@ -3141,7 +3141,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; @@ -3153,12 +3153,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3166,7 +3166,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3184,12 +3184,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); } } } @@ -3200,12 +3200,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index d565000e0..a91465cf4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -5,2175 +5,30 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #include "libcrux_sha3_neon.h" -#include "internal/libcrux_core.h" - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE uint64x2_t zero_fa(void) { return _vdupq_n_u64(0ULL); } - -static KRML_MUSTINLINE uint64x2_t _veor5q_u64(uint64x2_t a, uint64x2_t b, - uint64x2_t c, uint64x2_t d, - uint64x2_t e) { - uint64x2_t ab = _veorq_u64(a, b); - uint64x2_t cd = _veorq_u64(c, d); - uint64x2_t abcd = _veorq_u64(ab, cd); - return _veorq_u64(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE uint64x2_t xor5_fa(uint64x2_t a, uint64x2_t b, - uint64x2_t c, uint64x2_t d, - uint64x2_t e) { - return _veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_58(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)1, x, uint64x2_t), - _vshrq_n_u64((int32_t)63, x, uint64x2_t)); -} - -static KRML_MUSTINLINE uint64x2_t _vrax1q_u64(uint64x2_t a, uint64x2_t b) { - uint64x2_t uu____0 = a; - return _veorq_u64(uu____0, rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left1_and_xor_fa(uint64x2_t a, - uint64x2_t b) { - return _vrax1q_u64(a, b); -} - -static KRML_MUSTINLINE uint64x2_t _vbcaxq_u64(uint64x2_t a, uint64x2_t b, - uint64x2_t c) { - return _veorq_u64(a, _vbicq_u64(b, c)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE uint64x2_t and_not_xor_fa(uint64x2_t a, uint64x2_t b, - uint64x2_t c) { - return _vbcaxq_u64(a, b, c); -} - -static KRML_MUSTINLINE uint64x2_t _veorq_n_u64(uint64x2_t a, uint64_t c) { - uint64x2_t c0 = _vdupq_n_u64(c); - return _veorq_u64(a, c0); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE uint64x2_t xor_constant_fa(uint64x2_t a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE uint64x2_t xor_fa(uint64x2_t a, uint64x2_t b) { - return _veorq_u64(a, b); -} - -static KRML_MUSTINLINE void slice_2(Eurydice_slice a[2U], size_t start, - size_t len, Eurydice_slice ret[2U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE void slice_n_fa(Eurydice_slice a[2U], size_t start, - size_t len, Eurydice_slice ret[2U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_a[2U]; - memcpy(copy_of_a, a, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[2U]; - slice_2(copy_of_a, start, len, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); -} - -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -split_at_mut_2(Eurydice_slice out[2U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_2size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - return lit; -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { - return split_at_mut_2(a, mid); -} - -/** - Create a new Shake128 x4 state. -*/ -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc -new_1e_12(void) { - libcrux_sha3_generic_keccak_KeccakState_fc lit; - lit.st[0U][0U] = zero_fa(); - lit.st[0U][1U] = zero_fa(); - lit.st[0U][2U] = zero_fa(); - lit.st[0U][3U] = zero_fa(); - lit.st[0U][4U] = zero_fa(); - lit.st[1U][0U] = zero_fa(); - lit.st[1U][1U] = zero_fa(); - lit.st[1U][2U] = zero_fa(); - lit.st[1U][3U] = zero_fa(); - lit.st[1U][4U] = zero_fa(); - lit.st[2U][0U] = zero_fa(); - lit.st[2U][1U] = zero_fa(); - lit.st[2U][2U] = zero_fa(); - lit.st[2U][3U] = zero_fa(); - lit.st[2U][4U] = zero_fa(); - lit.st[3U][0U] = zero_fa(); - lit.st[3U][1U] = zero_fa(); - lit.st[3U][2U] = zero_fa(); - lit.st[3U][3U] = zero_fa(); - lit.st[3U][4U] = zero_fa(); - lit.st[4U][0U] = zero_fa(); - lit.st[4U][1U] = zero_fa(); - lit.st[4U][2U] = zero_fa(); - lit.st[4U][3U] = zero_fa(); - lit.st[4U][4U] = zero_fa(); - return lit; -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void load_block_3c(uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - _vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - _vtrn2q_u64(v0, v1)); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = _vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = _veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void load_block_fa_0f(uint64x2_t (*a)[5U], - Eurydice_slice b[2U]) { - uint64x2_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[2U]; - memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_580(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)36, x, uint64x2_t), - _vshrq_n_u64((int32_t)28, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c1(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_580(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_581(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)3, x, uint64x2_t), - _vshrq_n_u64((int32_t)61, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c10(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_581(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f0(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c10(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_582(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)41, x, uint64x2_t), - _vshrq_n_u64((int32_t)23, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c11(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_582(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f1(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c11(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_583(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)18, x, uint64x2_t), - _vshrq_n_u64((int32_t)46, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c12(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_583(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f2(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c12(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c13(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_58(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f3(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_584(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)44, x, uint64x2_t), - _vshrq_n_u64((int32_t)20, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c14(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f4(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_585(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)10, x, uint64x2_t), - _vshrq_n_u64((int32_t)54, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c15(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f5(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_586(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)45, x, uint64x2_t), - _vshrq_n_u64((int32_t)19, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c16(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f6(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_587(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)2, x, uint64x2_t), - _vshrq_n_u64((int32_t)62, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c17(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f7(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_588(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)62, x, uint64x2_t), - _vshrq_n_u64((int32_t)2, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c18(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f8(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_589(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)6, x, uint64x2_t), - _vshrq_n_u64((int32_t)58, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c19(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f9(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5810(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)43, x, uint64x2_t), - _vshrq_n_u64((int32_t)21, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c110(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f10(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5811(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)15, x, uint64x2_t), - _vshrq_n_u64((int32_t)49, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c111(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f11(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5812(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)61, x, uint64x2_t), - _vshrq_n_u64((int32_t)3, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c112(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f12(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5813(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)28, x, uint64x2_t), - _vshrq_n_u64((int32_t)36, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c113(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f13(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5814(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)55, x, uint64x2_t), - _vshrq_n_u64((int32_t)9, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c114(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f14(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5815(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)25, x, uint64x2_t), - _vshrq_n_u64((int32_t)39, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c115(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f15(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5816(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)21, x, uint64x2_t), - _vshrq_n_u64((int32_t)43, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c116(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f16(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5817(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)56, x, uint64x2_t), - _vshrq_n_u64((int32_t)8, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c117(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f17(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5818(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)27, x, uint64x2_t), - _vshrq_n_u64((int32_t)37, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c118(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f18(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5819(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)20, x, uint64x2_t), - _vshrq_n_u64((int32_t)44, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c119(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f19(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5820(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)39, x, uint64x2_t), - _vshrq_n_u64((int32_t)25, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c120(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f20(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5821(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)8, x, uint64x2_t), - _vshrq_n_u64((int32_t)56, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c121(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f21(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5822(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)14, x, uint64x2_t), - _vshrq_n_u64((int32_t)50, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c122(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5822(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f22(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void theta_rho_eb( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - uint64x2_t c[5U] = {xor5_fa(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], - s->st[3U][0U], s->st[4U][0U]), - xor5_fa(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], - s->st[3U][1U], s->st[4U][1U]), - xor5_fa(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], - s->st[3U][2U], s->st[4U][2U]), - xor5_fa(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], - s->st[3U][3U], s->st[4U][3U]), - xor5_fa(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], - s->st[3U][4U], s->st[4U][4U])}; - uint64x2_t uu____0 = - rotate_left1_and_xor_fa(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - uint64x2_t uu____1 = - rotate_left1_and_xor_fa(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - uint64x2_t uu____2 = - rotate_left1_and_xor_fa(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - uint64x2_t uu____3 = - rotate_left1_and_xor_fa(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - uint64x2_t t[5U] = { - uu____0, uu____1, uu____2, uu____3, - rotate_left1_and_xor_fa(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = xor_fa(s->st[0U][0U], t[0U]); - s->st[1U][0U] = xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); - s->st[2U][0U] = xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); - s->st[3U][0U] = xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); - s->st[4U][0U] = xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); - s->st[0U][1U] = xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); - s->st[1U][1U] = xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); - s->st[2U][1U] = xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); - s->st[3U][1U] = xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); - s->st[4U][1U] = xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); - s->st[0U][2U] = xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); - s->st[1U][2U] = xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); - s->st[2U][2U] = xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); - s->st[3U][2U] = xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); - s->st[4U][2U] = xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); - s->st[0U][3U] = xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); - s->st[1U][3U] = xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); - s->st[2U][3U] = xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); - s->st[3U][3U] = xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); - s->st[4U][3U] = xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); - s->st[0U][4U] = xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); - s->st[1U][4U] = xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); - s->st[2U][4U] = xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); - s->st[3U][4U] = xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); - uint64x2_t uu____27 = xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void pi_a0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - uint64x2_t old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(uint64x2_t[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void chi_b0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - uint64x2_t old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(uint64x2_t[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; - KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - s->st[i1][j] = and_not_xor_fa( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]););); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void iota_33( - libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { - s->st[0U][0U] = xor_constant_fa( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void keccakf1600_3e( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho_eb(s); - pi_a0(s); - chi_b0(s); - iota_33(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void absorb_block_45( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void load_block_full_3e(uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void load_block_full_fa_07(uint64x2_t (*a)[5U], - uint8_t b[2U][200U]) { - uint64x2_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[2U][200U]; - memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)72U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_07(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void store_block_2f(uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = _vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v0); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v1); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - _vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void store_block_full_9a(uint64x2_t (*s)[5U], - uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out0[200U]; - memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a5(uint64x2_t (*a)[5U], - uint8_t ret[2U][200U]) { - store_block_full_9a(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e7( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a5(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void store_block_fa_90(uint64x2_t (*a)[5U], - Eurydice_slice b[2U]) { - store_block_2f(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_last_70( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a5(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_59(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); - absorb_block_45(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e7(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)72U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)72U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_70(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_59(copy_of_data, out); -} - -/** - A portable SHA3 512 implementation. -*/ -void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[64U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_3c0(uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - _vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - _vtrn2q_u64(v0, v1)); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = _vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = _veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_fa_0f0(uint64x2_t (*a)[5U], - Eurydice_slice b[2U]) { - uint64x2_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[2U]; - memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c0(uu____0, copy_of_b); -} - /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void absorb_block_450( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f0(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_3e0(uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c0(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_fa_070(uint64x2_t (*a)[5U], - uint8_t b[2U][200U]) { - uint64x2_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[2U][200U]; - memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e0(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_070(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_2f0(uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = _vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v0); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v1); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - _vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_9a0(uint64x2_t (*s)[5U], - uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f0(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out0[200U]; - memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a50(uint64x2_t (*a)[5U], - uint8_t ret[2U][200U]) { - store_block_full_9a0(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e70( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a50(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_fa_900(uint64x2_t (*a)[5U], - Eurydice_slice b[2U]) { - store_block_2f0(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_last_700( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a50(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_590(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe0(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_700(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 6 + A portable SHA3 512 implementation. */ -static KRML_MUSTINLINE void keccakx2_6e0(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_590(copy_of_data, out); +void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** A portable SHA3 256 implementation. */ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[32U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e0(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void absorb_final_fe1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_070(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void keccak_591(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe1(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_700(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_591(copy_of_data, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** @@ -2181,690 +36,60 @@ static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], Writes the two results into `out0` and `out1` */ -void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf0[2U] = {input0, input1}; - Eurydice_slice buf[2U] = {out0, out1}; - keccakx2_6e1(buf0, buf); +KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** Initialise the `KeccakState2`. */ -libcrux_sha3_generic_keccak_KeccakState_fc +KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void) { - return new_1e_12(); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_3c1(uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - _vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - _vtrn2q_u64(v0, v1)); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = _vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = _veorq_u64(s[i][j], uvec); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_3e1(uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c1(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_fa_071(uint64x2_t (*a)[5U], - uint8_t b[2U][200U]) { - uint64x2_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[2U][200U]; - memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e1(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void absorb_final_fe2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_071(uu____3, uu____4); - keccakf1600_3e(s); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. */ -void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, +KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { - Eurydice_slice buf[2U] = {data0, data1}; - absorb_final_fe2(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void store_block_2f1(uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = _vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v0); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v1); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - _vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void store_block_fa_901(uint64x2_t (*a)[5U], - Eurydice_slice b[2U]) { - store_block_2f1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_901(s->st, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** Squeeze 2 times the next block in parallel in the [`KeccakState`] and return the output in `out0` and `out1`. */ -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_next_block_5d1(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_three_blocks_2e( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - Eurydice_slice_uint8_t_2size_t__x2 uu____0 = - split_at_mut_n_fa(out, (size_t)168U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o10[2U]; - memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f1(s, o0); - Eurydice_slice_uint8_t_2size_t__x2 uu____1 = - split_at_mut_n_fa(o10, (size_t)168U); - Eurydice_slice o1[2U]; - memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o2[2U]; - memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d1(s, o1); - squeeze_next_block_5d1(s, o2); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** Squeeze 2 times the first three blocks in parallel in the [`KeccakState`] and return the output in `out0` and `out1`. */ -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_first_three_blocks_2e(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void load_block_3c2(uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - _vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - _vtrn2q_u64(v0, v1)); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = _vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = _veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void load_block_fa_0f1(uint64x2_t (*a)[5U], - Eurydice_slice b[2U]) { - uint64x2_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[2U]; - memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c2(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void absorb_block_451( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f1(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void load_block_full_3e2(uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c2(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void load_block_full_fa_072(uint64x2_t (*a)[5U], - uint8_t b[2U][200U]) { - uint64x2_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[2U][200U]; - memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e2(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)144U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_072(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void store_block_2f2(uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = _vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v0); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v1); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - _vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void store_block_full_9a1(uint64x2_t (*s)[5U], - uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f2(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out0[200U]; - memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a51(uint64x2_t (*a)[5U], - uint8_t ret[2U][200U]) { - store_block_full_9a1(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e71( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a51(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void store_block_fa_902(uint64x2_t (*a)[5U], - Eurydice_slice b[2U]) { - store_block_2f2(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_902(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_902(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_last_701( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a51(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_592(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); - absorb_block_451(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe3(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e71(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)144U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f2(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)144U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d2(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_701(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_592(copy_of_data, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** @@ -2872,421 +97,9 @@ static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], */ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[28U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e2(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void load_block_3c3(uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - _vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - _vtrn2q_u64(v0, v1)); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = _vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = _veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void load_block_fa_0f2(uint64x2_t (*a)[5U], - Eurydice_slice b[2U]) { - uint64x2_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[2U]; - memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c3(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void absorb_block_452( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f2(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void load_block_full_3e3(uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c3(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void load_block_full_fa_073(uint64x2_t (*a)[5U], - uint8_t b[2U][200U]) { - uint64x2_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[2U][200U]; - memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e3(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe4( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)104U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_073(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void store_block_2f3(uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = _vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v0); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v1); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - _vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void store_block_full_9a2(uint64x2_t (*s)[5U], - uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f3(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out0[200U]; - memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a52(uint64x2_t (*a)[5U], - uint8_t ret[2U][200U]) { - store_block_full_9a2(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e72( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a52(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void store_block_fa_903(uint64x2_t (*a)[5U], - Eurydice_slice b[2U]) { - store_block_2f3(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_903(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_903(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_last_702( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a52(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_593(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); - absorb_block_452(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe4(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e72(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)104U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f3(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)104U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d3(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_702(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_593(copy_of_data, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** @@ -3294,10 +107,7 @@ static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], */ KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[48U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e3(uu____0, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 983358000..a01df3164 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_sha3_neon_H @@ -20,19 +20,8 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_arm64.h" -#include "libcrux_core.h" #include "libcrux_sha3_internal.h" -/** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- $2size_t -*/ -typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { - uint64x2_t st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_fc; - /** A portable SHA3 512 implementation. */ @@ -51,17 +40,21 @@ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; +} libcrux_sha3_neon_x2_incremental_KeccakState; + /** Initialise the `KeccakState2`. */ -libcrux_sha3_generic_keccak_KeccakState_fc +libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void); /** Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. */ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1); /** @@ -69,7 +62,7 @@ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( [`KeccakState`] and return the output in `out0` and `out1`. */ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); /** @@ -77,7 +70,7 @@ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( [`KeccakState`] and return the output in `out0` and `out1`. */ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); /** From 37727e24f53f0a7f41c129784ad5aa5136c81cbe Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Tue, 13 Aug 2024 09:23:14 -0700 Subject: [PATCH 052/172] Embrace shorter names, for readability --- libcrux-ml-kem/c.yaml | 4 +- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 2 +- .../c/internal/libcrux_mlkem_avx2.h | 2 +- .../c/internal/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- .../c/intrinsics/libcrux_intrinsics_avx2.h | 128 +- libcrux-ml-kem/c/libcrux_core.c | 2 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 1392 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 465 +++--- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- 37 files changed, 939 insertions(+), 1116 deletions(-) diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index e391dab17..db12e833c 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -235,5 +235,5 @@ naming: skip_prefix: - [ core, core_arch, arm_shared, neon ] - [ core, core_arch, x86 ] - # - [libcrux_intrinsics, arm64] - # - [libcrux_intrinsics, avx2] + - [libcrux_intrinsics, arm64] + - [libcrux_intrinsics, avx2] diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 31c8dfd1b..7ca8d2e1a 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 53530427db2941ce784201e64086766504bc5642 Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 +Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index b8b4cc329..6447aecc7 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index ba6f74a0f..122e813a5 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 0436054d3..f631392e3 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 71f9fa63d..b46eec044 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index a2772321d..9b57ccead 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h index d7ebcbe67..6a88e0bc3 100644 --- a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h @@ -22,49 +22,49 @@ typedef __m256i core_core_arch_x86___m256i; // Cast and Convert static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i a) { +mm256_castsi256_si128(core_core_arch_x86___m256i a) { return _mm256_castsi256_si128(a); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i a) { +mm256_cvtepi16_epi32(core_core_arch_x86___m128i a) { return _mm256_cvtepi16_epi32(a); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i a) { +mm256_castsi128_si256(core_core_arch_x86___m128i a) { return _mm256_castsi128_si256(a); } // Initialize, Load, Store static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_setzero_si256(void) { +mm256_setzero_si256(void) { return _mm256_setzero_si256(); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t a) { +mm256_set1_epi16(int16_t a) { return _mm256_set1_epi16(a); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t a) { +mm256_set1_epi32(int32_t a) { return _mm256_set1_epi32(a); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi64x(int64_t a) { +mm256_set1_epi64x(int64_t a) { return _mm256_set1_epi64x(a); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16( +static inline core_core_arch_x86___m128i mm_set1_epi16( int16_t a) { return _mm_set1_epi16(a); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi16(int16_t x0, int16_t x1, int16_t x2, +mm256_set_epi16(int16_t x0, int16_t x1, int16_t x2, int16_t x3, int16_t x4, int16_t x5, int16_t x6, int16_t x7, int16_t x8, int16_t x9, int16_t x10, int16_t x11, @@ -74,7 +74,7 @@ libcrux_intrinsics_avx2_mm256_set_epi16(int16_t x0, int16_t x1, int16_t x2, x13, x14, x15); } -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( +static inline core_core_arch_x86___m256i mm256_set_epi8( int8_t x0, int8_t x1, int8_t x2, int8_t x3, int8_t x4, int8_t x5, int8_t x6, int8_t x7, int8_t x8, int8_t x9, int8_t x10, int8_t x11, int8_t x12, int8_t x13, int8_t x14, int8_t x15, int8_t x16, int8_t x17, int8_t x18, @@ -86,7 +86,7 @@ static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( x24, x25, x26, x27, x28, x29, x30, x31); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( +static inline core_core_arch_x86___m128i mm_set_epi8( uint8_t x0, uint8_t x1, uint8_t x2, uint8_t x3, uint8_t x4, uint8_t x5, uint8_t x6, uint8_t x7, uint8_t x8, uint8_t x9, uint8_t x10, uint8_t x11, uint8_t x12, uint8_t x13, uint8_t x14, uint8_t x15) { @@ -95,43 +95,43 @@ static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi32(int32_t x0, int32_t x1, int32_t x2, +mm256_set_epi32(int32_t x0, int32_t x1, int32_t x2, int32_t x3, int32_t x4, int32_t x5, int32_t x6, int32_t x7) { return _mm256_set_epi32(x0, x1, x2, x3, x4, x5, x6, x7); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice a) { +mm256_loadu_si256_i16(Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice a) { +mm256_loadu_si256_u8(Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128( +static inline core_core_arch_x86___m128i mm_loadu_si128( Eurydice_slice a) { return _mm_loadu_si128((const __m128i*)a.ptr); } -static inline void libcrux_intrinsics_avx2_mm_storeu_bytes_si128( +static inline void mm_storeu_bytes_si128( Eurydice_slice a, core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_i16( +static inline void mm256_storeu_si256_i16( Eurydice_slice a, core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_u8( +static inline void mm256_storeu_si256_u8( Eurydice_slice a, core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm_storeu_si128( +static inline void mm_storeu_si128( Eurydice_slice a, core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } @@ -139,29 +139,29 @@ static inline void libcrux_intrinsics_avx2_mm_storeu_si128( // Arithmetic: Add, Sub static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi16(core_core_arch_x86___m256i a, +mm256_add_epi16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi16(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi32(core_core_arch_x86___m256i a, +mm256_add_epi32(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_add_epi16( +static inline core_core_arch_x86___m128i mm_add_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_add_epi16(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sub_epi16(core_core_arch_x86___m256i a, +mm256_sub_epi16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sub_epi16(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_sub_epi16( +static inline core_core_arch_x86___m128i mm_sub_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_sub_epi16(a, b); } @@ -169,41 +169,41 @@ static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_sub_epi16( // Arithmetic: Mul low and high, Mul-Add combinations static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi16(core_core_arch_x86___m256i a, +mm256_mullo_epi16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi16(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mulhi_epi16(core_core_arch_x86___m256i a, +mm256_mulhi_epi16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mulhi_epi16(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mul_epu32(core_core_arch_x86___m256i a, +mm256_mul_epu32(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mul_epu32(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi32(core_core_arch_x86___m256i a, +mm256_mullo_epi32(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mullo_epi16( +static inline core_core_arch_x86___m128i mm_mullo_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mullo_epi16(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mulhi_epi16( +static inline core_core_arch_x86___m128i mm_mulhi_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mulhi_epi16(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_madd_epi16(core_core_arch_x86___m256i a, +mm256_madd_epi16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_madd_epi16(a, b); } @@ -211,7 +211,7 @@ libcrux_intrinsics_avx2_mm256_madd_epi16(core_core_arch_x86___m256i a, // Comparison static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cmpgt_epi16(core_core_arch_x86___m256i a, +mm256_cmpgt_epi16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_cmpgt_epi16(a, b); } @@ -219,140 +219,140 @@ libcrux_intrinsics_avx2_mm256_cmpgt_epi16(core_core_arch_x86___m256i a, // Bitwise operations static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_and_si256(core_core_arch_x86___m256i a, +mm256_and_si256(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_and_si256(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_andnot_si256(core_core_arch_x86___m256i a, +mm256_andnot_si256(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_andnot_si256(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_xor_si256(core_core_arch_x86___m256i a, +mm256_xor_si256(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_xor_si256(a, b); } -static inline int32_t libcrux_intrinsics_avx2_mm_movemask_epi8( +static inline int32_t mm_movemask_epi8( core_core_arch_x86___m128i a) { return _mm_movemask_epi8(a); } // Shift operations -#define libcrux_intrinsics_avx2_mm256_srai_epi16(a, b, _) \ +#define mm256_srai_epi16(a, b, _) \ (_mm256_srai_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_srli_epi16(a, b, _) \ +#define mm256_srli_epi16(a, b, _) \ (_mm256_srli_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_slli_epi16(a, b, _) \ +#define mm256_slli_epi16(a, b, _) \ (_mm256_slli_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_slli_epi32(a, b, _) \ +#define mm256_slli_epi32(a, b, _) \ (_mm256_slli_epi32(b, a)) static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_slli_epi64_(int32_t a, +mm256_slli_epi64_(int32_t a, core_core_arch_x86___m256i b) { return _mm256_slli_epi64(b, a); } -#define libcrux_intrinsics_avx2_mm256_slli_epi64(a, b, c) \ - (libcrux_intrinsics_avx2_mm256_slli_epi64_(a, b)) +#define mm256_slli_epi64(a, b, c) \ + (mm256_slli_epi64_(a, b)) -#define libcrux_intrinsics_avx2_mm256_srai_epi32(a, b, _) \ +#define mm256_srai_epi32(a, b, _) \ (_mm256_srai_epi32(b, a)) -#define libcrux_intrinsics_avx2_mm256_srli_epi32(a, b, _) \ +#define mm256_srli_epi32(a, b, _) \ (_mm256_srli_epi32(b, a)) static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sllv_epi32(core_core_arch_x86___m256i a, +mm256_sllv_epi32(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sllv_epi32(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi64_(int32_t a, +mm256_srli_epi64_(int32_t a, core_core_arch_x86___m256i b) { return _mm256_srli_epi64(b, a); } -#define libcrux_intrinsics_avx2_mm256_srli_epi64(a, b, c) \ - (libcrux_intrinsics_avx2_mm256_srli_epi64_(a, b)) +#define mm256_srli_epi64(a, b, c) \ + (mm256_srli_epi64_(a, b)) // Shuffle and Vector Interleaving static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi32(core_core_arch_x86___m256i a, +mm256_unpacklo_epi32(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi32(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi64(core_core_arch_x86___m256i a, +mm256_unpacklo_epi64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi64(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi32(core_core_arch_x86___m256i a, +mm256_unpackhi_epi32(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi32(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi64(core_core_arch_x86___m256i a, +mm256_unpackhi_epi64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi64(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_packs_epi32(core_core_arch_x86___m256i a, +mm256_packs_epi32(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_packs_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_packs_epi16( +static inline core_core_arch_x86___m128i mm_packs_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_packs_epi16(a, b); } -#define libcrux_intrinsics_avx2_mm256_shuffle_epi32(a, b, _) \ +#define mm256_shuffle_epi32(a, b, _) \ (_mm256_shuffle_epi32(b, a)) -#define libcrux_intrinsics_avx2_mm256_extracti128_si256(a, b, _) \ +#define mm256_extracti128_si256(a, b, _) \ (_mm256_extracti128_si256(b, a)) -#define libcrux_intrinsics_avx2_mm256_permute4x64_epi64(a, b, _) \ +#define mm256_permute4x64_epi64(a, b, _) \ (_mm256_permute4x64_epi64(b, a)) -#define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a, b, c, d) \ +#define mm256_permute2x128_si256(a, b, c, d) \ (_mm256_permute2x128_si256(b, c, a)) -#define libcrux_intrinsics_avx2_mm256_inserti128_si256(a, b, c, _) \ +#define mm256_inserti128_si256(a, b, c, _) \ (_mm256_inserti128_si256(b, c, a)) -#define libcrux_intrinsics_avx2_mm256_blend_epi16(a, b, c, _) \ +#define mm256_blend_epi16(a, b, c, _) \ (_mm256_blend_epi16(b, c, a)) static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_shuffle_epi8(core_core_arch_x86___m256i a, +mm256_shuffle_epi8(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_shuffle_epi8(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( +mm256_permutevar8x32_epi32( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_permutevar8x32_epi32(a, b); } static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_shuffle_epi8(core_core_arch_x86___m128i a, +mm_shuffle_epi8(core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_shuffle_epi8(a, b); } diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index c1d56db43..d68b3887e 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 40be3b44a..ad9f756f8 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 6d0432bcc..c08529c9c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 6b6dabae9..50e07c62b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 3eb7ab530..30042b65f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 47b7414e5..9abe37717 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 969f1f171..e5ae18614 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index f1b352eb1..a41aba859 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index d62291692..9deb73411 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 05e34bdaf..736ff90ed 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 06ceac83b..51502e519 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index f8f12869b..27cd25734 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 9967f5950..22af455fa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index dd79bbbda..ca06a1920 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index f683880f8..5ede081b1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index d9c847566..72a702c2d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index ae0b2abf7..4b62b2e08 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index b99e1ded1..b8552f9a9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "internal/libcrux_mlkem_avx2.h" @@ -36,7 +36,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { - return libcrux_intrinsics_avx2_mm256_setzero_si256(); + return mm256_setzero_si256(); } /** @@ -49,7 +49,7 @@ __m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); + return mm256_loadu_si256_i16(array); } /** @@ -63,7 +63,7 @@ __m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, int16_t ret[16U]) { int16_t output[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + mm256_storeu_si256_i16( Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); memcpy(ret, output, (size_t)16U * sizeof(int16_t)); } @@ -78,7 +78,7 @@ void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]) { KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs) { - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); + return mm256_add_epi16(lhs, rhs); } /** @@ -91,7 +91,7 @@ __m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs) { KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs) { - return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); + return mm256_sub_epi16(lhs, rhs); } /** @@ -105,8 +105,7 @@ __m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs) { KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); + return mm256_mullo_epi16(vector, mm256_set1_epi16(constant)); } /** @@ -121,8 +120,7 @@ __m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( __m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_and_si256( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); + return mm256_and_si256(vector, mm256_set1_epi16(constant)); } /** @@ -137,16 +135,14 @@ __m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i v_minus_field_modulus = - libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - __m256i sign_mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, __m256i); + __m256i field_modulus = + mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus); + __m256i sign_mask = + mm256_srai_epi16((int32_t)15, v_minus_field_modulus, __m256i); __m256i conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); - return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); + mm256_and_si256(sign_mask, field_modulus); + return mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); } /** @@ -163,19 +159,14 @@ __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector) { */ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { - __m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16( + __m256i t = mm256_mulhi_epi16( + vector, mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - __m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, __m256i); - __m256i quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, - quotient_times_field_modulus); + __m256i t0 = mm256_add_epi16(t, mm256_set1_epi16((int16_t)512)); + __m256i quotient = mm256_srai_epi16((int32_t)10, t0, __m256i); + __m256i quotient_times_field_modulus = mm256_mullo_epi16( + quotient, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return mm256_sub_epi16(vector, quotient_times_field_modulus); } /** @@ -189,20 +180,17 @@ __m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector) { KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( __m256i vector, int16_t constant) { - __m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - __m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i constant0 = mm256_set1_epi16(constant); + __m256i value_low = mm256_mullo_epi16(vector, constant0); + __m256i k = mm256_mullo_epi16( value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( + mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + __m256i k_times_modulus = mm256_mulhi_epi16( + k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = mm256_mulhi_epi16(vector, constant0); + return mm256_sub_epi16(value_high, k_times_modulus); } /** @@ -218,21 +206,16 @@ __m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( __m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi16( + __m256i field_modulus_halved = mm256_set1_epi16( (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)2); - __m256i field_modulus_quartered = libcrux_intrinsics_avx2_mm256_set1_epi16( + __m256i field_modulus_quartered = mm256_set1_epi16( (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)4); - __m256i shifted = - libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - __m256i mask = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, shifted, __m256i); - __m256i shifted_to_positive = - libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + __m256i shifted = mm256_sub_epi16(field_modulus_halved, vector); + __m256i mask = mm256_srai_epi16((int32_t)15, shifted, __m256i); + __m256i shifted_to_positive = mm256_xor_si256(mask, shifted); __m256i shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, __m256i); + mm256_sub_epi16(shifted_to_positive, field_modulus_quartered); + return mm256_srli_epi16((int32_t)15, shifted_to_positive_in_range, __m256i); } /** @@ -246,45 +229,41 @@ __m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector) { KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( __m256i lhs, __m256i rhs) { - __m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - __m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, __m256i), - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, __m256i)); - return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), - libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); + __m256i prod02 = mm256_mul_epu32(lhs, rhs); + __m256i prod13 = + mm256_mul_epu32(mm256_shuffle_epi32((int32_t)245, lhs, __m256i), + mm256_shuffle_epi32((int32_t)245, rhs, __m256i)); + return mm256_unpackhi_epi64(mm256_unpacklo_epi32(prod02, prod13), + mm256_unpackhi_epi32(prod02, prod13)); } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( __m256i v, __m256i c) { - __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i value_low = mm256_mullo_epi16(v, c); + __m256i k = mm256_mullo_epi16( value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( + mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + __m256i k_times_modulus = mm256_mulhi_epi16( + k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = mm256_mulhi_epi16(v, c); + return mm256_sub_epi16(value_high, k_times_modulus); } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, - -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - vector, __m256i); + __m256i zetas = mm256_set_epi16(-zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, + zeta2, zeta2, -zeta1, -zeta1, zeta1, zeta1, + -zeta0, -zeta0, zeta0, zeta0); + __m256i rhs = mm256_shuffle_epi32((int32_t)245, vector, __m256i); __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, - vector, __m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i lhs = mm256_shuffle_epi32((int32_t)160, vector, __m256i); + return mm256_add_epi16(lhs, rhs0); } /** @@ -302,17 +281,15 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( __m256i vector, int16_t zeta0, int16_t zeta1) { - __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, - -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)238, - vector, __m256i); + __m256i zetas = mm256_set_epi16(-zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, + zeta1, zeta1, -zeta0, -zeta0, -zeta0, -zeta0, + zeta0, zeta0, zeta0, zeta0); + __m256i rhs = mm256_shuffle_epi32((int32_t)238, vector, __m256i); __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - __m256i lhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)68, vector, __m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i lhs = mm256_shuffle_epi32((int32_t)68, vector, __m256i); + return mm256_add_epi16(lhs, rhs0); } /** @@ -328,33 +305,30 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, KRML_MUSTINLINE __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( __m128i v, __m128i c) { - __m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - __m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + __m128i value_low = mm_mullo_epi16(v, c); + __m128i k = mm_mullo_epi16( value_low, - libcrux_intrinsics_avx2_mm_set1_epi16( + mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m128i k_times_modulus = libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); + __m128i k_times_modulus = mm_mulhi_epi16( + k, mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m128i value_high = mm_mulhi_epi16(v, c); + return mm_sub_epi16(value_high, k_times_modulus); } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) { - __m128i rhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); + __m128i rhs = mm256_extracti128_si256((int32_t)1, vector, __m128i); __m128i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - __m128i lhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - __m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, __m256i); + rhs, mm_set1_epi16(zeta)); + __m128i lhs = mm256_castsi256_si128(vector); + __m128i lower_coefficients = mm_add_epi16(lhs, rhs0); + __m128i upper_coefficients = mm_sub_epi16(lhs, rhs0); + __m256i combined = mm256_castsi128_si256(lower_coefficients); + return mm256_inserti128_si256((int32_t)1, combined, upper_coefficients, + __m256i); } /** @@ -369,26 +343,22 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - vector, __m256i); - __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, - vector, __m256i); - __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, - (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1)); - __m256i sum0 = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i lhs = mm256_shuffle_epi32((int32_t)245, vector, __m256i); + __m256i rhs = mm256_shuffle_epi32((int32_t)160, vector, __m256i); + __m256i rhs0 = mm256_mullo_epi16( + rhs, mm256_set_epi16((int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1)); + __m256i sum0 = mm256_add_epi16(lhs, rhs0); __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum0, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, - (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, - (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + sum0, + mm256_set_epi16(zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); __m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)204, sum, - sum_times_zetas, __m256i); + return mm256_blend_epi16((int32_t)204, sum, sum_times_zetas, __m256i); } /** @@ -406,25 +376,21 @@ __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( __m256i vector, int16_t zeta0, int16_t zeta1) { - __m256i lhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, __m256i); - __m256i rhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, __m256i); - __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, - (int16_t)1)); - __m256i sum = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i lhs = mm256_permute4x64_epi64((int32_t)245, vector, __m256i); + __m256i rhs = mm256_permute4x64_epi64((int32_t)160, vector, __m256i); + __m256i rhs0 = mm256_mullo_epi16( + rhs, mm256_set_epi16((int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1)); + __m256i sum = mm256_add_epi16(lhs, rhs0); __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, - (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, - (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)240, sum, - sum_times_zetas, __m256i); + sum, + mm256_set_epi16(zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return mm256_blend_epi16((int32_t)240, sum, sum_times_zetas, __m256i); } /** @@ -440,18 +406,16 @@ __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( __m256i vector, int16_t zeta) { - __m128i lhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m128i rhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + __m128i lhs = mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m128i rhs = mm256_castsi256_si128(vector); + __m128i lower_coefficients = mm_add_epi16(lhs, rhs); + __m128i upper_coefficients = mm_sub_epi16(lhs, rhs); __m128i upper_coefficients0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - __m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, __m256i); + upper_coefficients, mm_set1_epi16(zeta)); + __m256i combined = mm256_castsi128_si256(lower_coefficients); + return mm256_inserti128_si256((int32_t)1, combined, upper_coefficients0, + __m256i); } /** @@ -465,87 +429,74 @@ __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { - __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i k = mm256_mullo_epi16( v, - libcrux_intrinsics_avx2_mm256_set1_epi32( + mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, __m256i); - __m256i result = - libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - __m256i result0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, result, __m256i); - return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - __m256i); + __m256i k_times_modulus = mm256_mulhi_epi16( + k, mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = mm256_srli_epi32((int32_t)16, v, __m256i); + __m256i result = mm256_sub_epi16(value_high, k_times_modulus); + __m256i result0 = mm256_slli_epi32((int32_t)16, result, __m256i); + return mm256_srai_epi32((int32_t)16, result0, __m256i); } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - __m256i shuffle_with = libcrux_intrinsics_avx2_mm256_set_epi8( + __m256i shuffle_with = mm256_set_epi8( (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0); - __m256i lhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - __m256i lhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, __m256i); - __m128i lhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - __m256i lhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - __m128i lhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, __m128i); - __m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - __m256i rhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - __m256i rhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, __m256i); - __m128i rhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - __m256i rhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - __m128i rhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, __m128i); - __m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - __m256i left = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - __m256i right = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + __m256i lhs_shuffled = mm256_shuffle_epi8(lhs, shuffle_with); + __m256i lhs_shuffled0 = + mm256_permute4x64_epi64((int32_t)216, lhs_shuffled, __m256i); + __m128i lhs_evens = mm256_castsi256_si128(lhs_shuffled0); + __m256i lhs_evens0 = mm256_cvtepi16_epi32(lhs_evens); + __m128i lhs_odds = + mm256_extracti128_si256((int32_t)1, lhs_shuffled0, __m128i); + __m256i lhs_odds0 = mm256_cvtepi16_epi32(lhs_odds); + __m256i rhs_shuffled = mm256_shuffle_epi8(rhs, shuffle_with); + __m256i rhs_shuffled0 = + mm256_permute4x64_epi64((int32_t)216, rhs_shuffled, __m256i); + __m128i rhs_evens = mm256_castsi256_si128(rhs_shuffled0); + __m256i rhs_evens0 = mm256_cvtepi16_epi32(rhs_evens); + __m128i rhs_odds = + mm256_extracti128_si256((int32_t)1, rhs_shuffled0, __m128i); + __m256i rhs_odds0 = mm256_cvtepi16_epi32(rhs_odds); + __m256i left = mm256_mullo_epi32(lhs_evens0, rhs_evens0); + __m256i right = mm256_mullo_epi32(lhs_odds0, rhs_odds0); __m256i right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - __m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( - right0, - libcrux_intrinsics_avx2_mm256_set_epi32( - -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, - -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - __m256i products_left = libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + __m256i right1 = mm256_mullo_epi32( + right0, mm256_set_epi32(-(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, + (int32_t)zeta2, -(int32_t)zeta1, (int32_t)zeta1, + -(int32_t)zeta0, (int32_t)zeta0)); + __m256i products_left = mm256_add_epi32(left, right1); __m256i products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_left); - __m256i rhs_adjacent_swapped = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + __m256i rhs_adjacent_swapped = mm256_shuffle_epi8( rhs, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, - (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, - (int8_t)1, (int8_t)0, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, - (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, - (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - __m256i products_right = - libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + mm256_set_epi8((int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, + (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, + (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, + (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, + (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, + (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + __m256i products_right = mm256_madd_epi16(lhs, rhs_adjacent_swapped); __m256i products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_right); - __m256i products_right1 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, products_right0, __m256i); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, __m256i); + __m256i products_right1 = + mm256_slli_epi32((int32_t)16, products_right0, __m256i); + return mm256_blend_epi16((int32_t)170, products_left0, products_right1, + __m256i); } /** @@ -562,13 +513,11 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( __m256i vector, uint8_t ret[2U]) { - __m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, __m256i); - __m128i low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - __m128i high_msbs = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, __m128i); - __m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + __m256i lsb_to_msb = mm256_slli_epi16((int32_t)15, vector, __m256i); + __m128i low_msbs = mm256_castsi256_si128(lsb_to_msb); + __m128i high_msbs = mm256_extracti128_si256((int32_t)1, lsb_to_msb, __m128i); + __m128i msbs = mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = mm_movemask_epi8(msbs); uint8_t serialized[2U] = {0U}; serialized[0U] = (uint8_t)bits_packed; serialized[1U] = (uint8_t)(bits_packed >> 8U); @@ -586,48 +535,47 @@ void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - __m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( + __m256i coefficients = + mm256_set_epi16((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t)); + __m256i shift_lsb_to_msb = mm256_set_epi16( (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); __m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, - coefficients_in_msb, __m256i); + mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return mm256_srli_epi16((int32_t)15, coefficients_in_msb, __m256i); } /** @@ -641,27 +589,27 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( __m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, libcrux_intrinsics_avx2_mm256_set_epi16( + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16( (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + __m256i adjacent_8_combined = mm256_shuffle_epi8( adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0)); - __m256i combined = libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - adjacent_8_combined, libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); - __m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); + __m256i combined = mm256_permutevar8x32_epi32( + adjacent_8_combined, + mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); + __m128i combined0 = mm256_castsi256_si128(combined); + mm_storeu_bytes_si128( Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), combined0); uint8_t ret0[8U]; @@ -686,51 +634,50 @@ void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + __m256i coefficients = + mm256_set_epi16((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t)); + __m256i shift_lsbs_to_msbs = mm256_set_epi16( (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients, shift_lsbs_to_msbs); - __m256i coefficients_in_lsb = libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)4, coefficients_in_msb, __m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 4U) - (int16_t)1)); + __m256i coefficients_in_msb = + mm256_mullo_epi16(coefficients, shift_lsbs_to_msbs); + __m256i coefficients_in_lsb = + mm256_srli_epi16((int32_t)4, coefficients_in_msb, __m256i); + return mm256_and_si256(coefficients_in_lsb, + mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); } /** @@ -744,37 +691,34 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( __m256i vector, uint8_t ret[10U]) { uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, libcrux_intrinsics_avx2_mm256_set_epi16( + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16( (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + __m256i adjacent_4_combined = mm256_sllv_epi32( adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22)); - __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)22, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, __m256i); - __m256i adjacent_8_combined0 = libcrux_intrinsics_avx2_mm256_sllv_epi32( + mm256_set_epi32((int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22)); + __m256i adjacent_4_combined0 = + mm256_srli_epi64((int32_t)22, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = + mm256_shuffle_epi32((int32_t)8, adjacent_4_combined0, __m256i); + __m256i adjacent_8_combined0 = mm256_sllv_epi32( adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)12)); - __m256i adjacent_8_combined1 = libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, __m256i); - __m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12)); + __m256i adjacent_8_combined1 = + mm256_srli_epi64((int32_t)12, adjacent_8_combined0, __m256i); + __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined1); + mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice), lower_8); - __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, __m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined1, __m128i); + mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, Eurydice_slice), upper_8); @@ -800,7 +744,7 @@ void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - __m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + __m128i coefficients = mm_set_epi8( Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), @@ -817,29 +761,27 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - __m256i coefficients_loaded = - libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - __m256i coefficients_loaded0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + __m256i coefficients_loaded = mm256_castsi128_si256(coefficients); + __m256i coefficients_loaded0 = mm256_inserti128_si256( (int32_t)1, coefficients_loaded, coefficients, __m256i); - __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + __m256i coefficients0 = mm256_shuffle_epi8( coefficients_loaded0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, (int8_t)8, - (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, (int8_t)4, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, (int8_t)2, - (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - __m256i); + mm256_set_epi8((int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, + (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, + (int8_t)5, (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, + (int8_t)2, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)1, (int8_t)0)); + __m256i coefficients1 = mm256_mullo_epi16( + coefficients0, + mm256_set_epi16((int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return mm256_srli_epi16((int32_t)11, coefficients1, __m256i); } /** @@ -853,38 +795,36 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( __m256i vector, uint8_t ret[20U]) { uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16((int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1)); + __m256i adjacent_4_combined = mm256_sllv_epi32( adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12)); - __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); + __m256i adjacent_4_combined0 = + mm256_srli_epi64((int32_t)12, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = mm256_shuffle_epi8( adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, - (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); - __m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, + (int8_t)1, (int8_t)0)); + __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); + mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice), lower_8); - __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, __m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); + mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, Eurydice_slice), upper_8); @@ -910,36 +850,28 @@ void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + __m256i shift_lsbs_to_msbs = mm256_set_epi16( (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); - __m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, - 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); - __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, - 9U, 8U, 8U, 7U, 7U, 6U)); - __m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, __m256i); - __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)6, coefficients1, __m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 10U) - (int16_t)1)); + __m128i lower_coefficients = mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + __m128i lower_coefficients0 = mm_shuffle_epi8( + lower_coefficients, mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, + 3U, 2U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + __m128i upper_coefficients0 = mm_shuffle_epi8( + upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, + 10U, 9U, 9U, 8U, 8U, 7U, 7U, 6U)); + __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); + __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, + upper_coefficients0, __m256i); + __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = mm256_srli_epi16((int32_t)6, coefficients1, __m256i); + return mm256_and_si256(coefficients2, + mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1)); } /** @@ -953,7 +885,7 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( __m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + mm256_storeu_si256_i16( Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), vector); libcrux_ml_kem_vector_portable_vector_type_PortableVector input = @@ -979,7 +911,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( + return mm256_loadu_si256_i16( Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); } @@ -994,37 +926,36 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( __m256i vector, uint8_t ret[24U]) { uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); - __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)8, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16((int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, + (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, + (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, + (int16_t)1)); + __m256i adjacent_4_combined = mm256_sllv_epi32( + adjacent_2_combined, + mm256_set_epi32((int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); + __m256i adjacent_4_combined0 = + mm256_srli_epi64((int32_t)8, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = mm256_shuffle_epi8( adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, - (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, (int8_t)12, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); - __m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, __m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, + (int8_t)1, (int8_t)0)); + __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); + mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice), lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, Eurydice_slice), upper_8); @@ -1050,36 +981,28 @@ void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + __m256i shift_lsbs_to_msbs = mm256_set_epi16( (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, - 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); - __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, - 10U, 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - __m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, __m256i); - __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)4, coefficients1, __m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 12U) - (int16_t)1)); + __m128i lower_coefficients = mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + __m128i lower_coefficients0 = mm_shuffle_epi8( + lower_coefficients, mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, + 4U, 3U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + __m128i upper_coefficients0 = mm_shuffle_epi8( + upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, + 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); + __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, + upper_coefficients0, __m256i); + __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = mm256_srli_epi16((int32_t)4, coefficients1, __m256i); + return mm256_and_si256(coefficients2, + mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); } /** @@ -1092,13 +1015,12 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( Eurydice_slice input, Eurydice_slice output) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i field_modulus = + mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); __m256i compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); + mm256_cmpgt_epi16(field_modulus, potential_coefficients); uint8_t good[2U]; libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, good); @@ -1107,32 +1029,28 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); - __m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); - __m128i lower_coefficients = - libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + __m128i lower_shuffles0 = mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + __m128i lower_coefficients = mm256_castsi256_si128(potential_coefficients); + __m128i lower_coefficients0 = + mm_shuffle_epi8(lower_coefficients, lower_shuffles0); + mm_storeu_si128(output, lower_coefficients0); size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); uint8_t upper_shuffles[16U]; memcpy(upper_shuffles, libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); - __m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); - __m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, __m128i); - __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), - upper_coefficients0); + __m128i upper_shuffles0 = mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + __m128i upper_coefficients = + mm256_extracti128_si256((int32_t)1, potential_coefficients, __m128i); + __m128i upper_coefficients0 = + mm_shuffle_epi8(upper_coefficients, upper_shuffles0); + mm_storeu_si128(Eurydice_slice_subslice2(output, sampled_count, + sampled_count + (size_t)8U, int16_t, + Eurydice_slice), + upper_coefficients0); size_t uu____0 = sampled_count; return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); } @@ -1259,7 +1177,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE __m256i shift_right_98(__m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); + return mm256_srai_epi16((int32_t)15, vector, __m256i); } /** @@ -3262,47 +3180,41 @@ generics */ static KRML_MUSTINLINE __m256i compress_ciphertext_coefficient_8a(__m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); - __m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)10, coefficients_low0, __m256i); - __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_low, field_modulus_halved); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)10, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)10, coefficients_high0, __m256i); - __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_high, field_modulus_halved); + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)10, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_high2, coefficient_bits_mask); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - compressed_low3, compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3353,47 +3265,41 @@ generics */ static KRML_MUSTINLINE __m256i compress_ciphertext_coefficient_8a0(__m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); - __m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)11, coefficients_low0, __m256i); - __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_low, field_modulus_halved); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)11, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)11, coefficients_high0, __m256i); - __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_high, field_modulus_halved); + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)11, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_high2, coefficient_bits_mask); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - compressed_low3, compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3469,47 +3375,41 @@ generics */ static KRML_MUSTINLINE __m256i compress_ciphertext_coefficient_8a1(__m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); - __m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)4, coefficients_low0, __m256i); - __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_low, field_modulus_halved); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)4, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)4, coefficients_high0, __m256i); - __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_high, field_modulus_halved); + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)4, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_high2, coefficient_bits_mask); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - compressed_low3, compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3558,47 +3458,41 @@ generics */ static KRML_MUSTINLINE __m256i compress_ciphertext_coefficient_8a2(__m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); - __m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)5, coefficients_low0, __m256i); - __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_low, field_modulus_halved); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)5, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)5, coefficients_high0, __m256i); - __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_high, field_modulus_halved); + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)5, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_high2, coefficient_bits_mask); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - compressed_low3, compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4069,42 +3963,37 @@ generics */ static KRML_MUSTINLINE __m256i decompress_ciphertext_coefficient_55(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)1 << (uint32_t)(int32_t)10); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_low0, field_modulus); - __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)10, decompressed_low1, __m256i); - __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_high0, field_modulus); - __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)10, decompressed_high1, __m256i); - __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - decompressed_low3, decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)10, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)10, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4152,42 +4041,37 @@ generics */ static KRML_MUSTINLINE __m256i decompress_ciphertext_coefficient_550(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)1 << (uint32_t)(int32_t)11); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_low0, field_modulus); - __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)11, decompressed_low1, __m256i); - __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_high0, field_modulus); - __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)11, decompressed_high1, __m256i); - __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - decompressed_low3, decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)11, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)11, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4309,42 +4193,37 @@ generics */ static KRML_MUSTINLINE __m256i decompress_ciphertext_coefficient_551(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)1 << (uint32_t)(int32_t)4); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_low0, field_modulus); - __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)4, decompressed_low1, __m256i); - __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_high0, field_modulus); - __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)4, decompressed_high1, __m256i); - __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - decompressed_low3, decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)4, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)4, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4391,42 +4270,37 @@ generics */ static KRML_MUSTINLINE __m256i decompress_ciphertext_coefficient_552(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)1 << (uint32_t)(int32_t)5); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_low0, field_modulus); - __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)5, decompressed_low1, __m256i); - __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_high0, field_modulus); - __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)5, decompressed_high1, __m256i); - __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - decompressed_low3, decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)5, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)5, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index d4cf42d54..0160ca63a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index c14a63754..17829cbe3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index f2358c033..ac6a63ca9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 67dd953b3..12255e9d4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 3d3735079..b0289bed0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 89cc9f803..ccfe7dd6c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 8f3f323a2..3faad892c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "internal/libcrux_sha3_avx2.h" @@ -20,15 +20,15 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ static KRML_MUSTINLINE __m256i zero_ef(void) { - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); + return mm256_set1_epi64x((int64_t)0); } static KRML_MUSTINLINE __m256i _veor5q_u64(__m256i a, __m256i b, __m256i c, __m256i d, __m256i e) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - __m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - __m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); + __m256i ab = mm256_xor_si256(a, b); + __m256i cd = mm256_xor_si256(c, d); + __m256i abcd = mm256_xor_si256(ab, cd); + return mm256_xor_si256(abcd, e); } /** @@ -47,14 +47,13 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE __m256i rotate_left_58(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)1, x, __m256i), + mm256_srli_epi64((int32_t)63, x, __m256i)); } static KRML_MUSTINLINE __m256i _vrax1q_u64(__m256i a, __m256i b) { __m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); + return mm256_xor_si256(uu____0, rotate_left_58(b)); } /** @@ -66,8 +65,7 @@ static KRML_MUSTINLINE __m256i rotate_left1_and_xor_ef(__m256i a, __m256i b) { } static KRML_MUSTINLINE __m256i _vbcaxq_u64(__m256i a, __m256i b, __m256i c) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); + return mm256_xor_si256(a, mm256_andnot_si256(c, b)); } /** @@ -79,8 +77,8 @@ static KRML_MUSTINLINE __m256i and_not_xor_ef(__m256i a, __m256i b, __m256i c) { } static KRML_MUSTINLINE __m256i _veorq_n_u64(__m256i a, uint64_t c) { - __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); + __m256i c0 = mm256_set1_epi64x((int64_t)c); + return mm256_xor_si256(a, c0); } /** @@ -96,7 +94,7 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ static KRML_MUSTINLINE __m256i xor_ef(__m256i a, __m256i b) { - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return mm256_xor_si256(a, b); } static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, @@ -221,55 +219,44 @@ static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - __m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, __m256i); - __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, __m256i); - __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, __m256i); - __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, __m256i); + __m256i v00 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + __m256i v10 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + __m256i v20 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + __m256i v30 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + __m256i v0l = mm256_unpacklo_epi64(v00, v10); + __m256i v1h = mm256_unpackhi_epi64(v00, v10); + __m256i v2l = mm256_unpacklo_epi64(v20, v30); + __m256i v3h = mm256_unpackhi_epi64(v20, v30); + __m256i v0 = mm256_permute2x128_si256((int32_t)32, v0l, v2l, __m256i); + __m256i v1 = mm256_permute2x128_si256((int32_t)32, v1h, v3h, __m256i); + __m256i v2 = mm256_permute2x128_si256((int32_t)49, v0l, v2l, __m256i); + __m256i v3 = mm256_permute2x128_si256((int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( + mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); } size_t rem = (size_t)136U % (size_t)32U; size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); @@ -302,12 +289,11 @@ static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); - __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); + __m256i u = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; Eurydice_slice uu____4 = Eurydice_array_to_subslice2( @@ -338,14 +324,13 @@ static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); - __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + __m256i u0 = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s0, uint8_t, Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = mm256_xor_si256(s[i][j], u0); } } @@ -374,9 +359,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE __m256i rotate_left_580(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)36, x, __m256i), + mm256_srli_epi64((int32_t)28, x, __m256i)); } /** @@ -386,7 +370,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c1(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_580(ab); } @@ -411,9 +395,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE __m256i rotate_left_581(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)3, x, __m256i), + mm256_srli_epi64((int32_t)61, x, __m256i)); } /** @@ -423,7 +406,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c10(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_581(ab); } @@ -448,9 +431,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE __m256i rotate_left_582(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)41, x, __m256i), + mm256_srli_epi64((int32_t)23, x, __m256i)); } /** @@ -460,7 +442,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c11(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_582(ab); } @@ -485,9 +467,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE __m256i rotate_left_583(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)18, x, __m256i), + mm256_srli_epi64((int32_t)46, x, __m256i)); } /** @@ -497,7 +478,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c12(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_583(ab); } @@ -522,7 +503,7 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c13(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_58(ab); } @@ -547,9 +528,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE __m256i rotate_left_584(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)44, x, __m256i), + mm256_srli_epi64((int32_t)20, x, __m256i)); } /** @@ -559,7 +539,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c14(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_584(ab); } @@ -584,9 +564,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE __m256i rotate_left_585(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)10, x, __m256i), + mm256_srli_epi64((int32_t)54, x, __m256i)); } /** @@ -596,7 +575,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c15(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_585(ab); } @@ -621,9 +600,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE __m256i rotate_left_586(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)45, x, __m256i), + mm256_srli_epi64((int32_t)19, x, __m256i)); } /** @@ -633,7 +611,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c16(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_586(ab); } @@ -658,9 +636,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE __m256i rotate_left_587(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)2, x, __m256i), + mm256_srli_epi64((int32_t)62, x, __m256i)); } /** @@ -670,7 +647,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c17(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_587(ab); } @@ -695,9 +672,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE __m256i rotate_left_588(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)62, x, __m256i), + mm256_srli_epi64((int32_t)2, x, __m256i)); } /** @@ -707,7 +683,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c18(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_588(ab); } @@ -732,9 +708,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE __m256i rotate_left_589(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)6, x, __m256i), + mm256_srli_epi64((int32_t)58, x, __m256i)); } /** @@ -744,7 +719,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c19(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_589(ab); } @@ -769,9 +744,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE __m256i rotate_left_5810(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)43, x, __m256i), + mm256_srli_epi64((int32_t)21, x, __m256i)); } /** @@ -781,7 +755,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c110(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5810(ab); } @@ -806,9 +780,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE __m256i rotate_left_5811(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)15, x, __m256i), + mm256_srli_epi64((int32_t)49, x, __m256i)); } /** @@ -818,7 +791,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c111(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5811(ab); } @@ -843,9 +816,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE __m256i rotate_left_5812(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)61, x, __m256i), + mm256_srli_epi64((int32_t)3, x, __m256i)); } /** @@ -855,7 +827,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c112(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5812(ab); } @@ -880,9 +852,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE __m256i rotate_left_5813(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)28, x, __m256i), + mm256_srli_epi64((int32_t)36, x, __m256i)); } /** @@ -892,7 +863,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c113(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5813(ab); } @@ -917,9 +888,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE __m256i rotate_left_5814(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)55, x, __m256i), + mm256_srli_epi64((int32_t)9, x, __m256i)); } /** @@ -929,7 +899,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c114(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5814(ab); } @@ -954,9 +924,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE __m256i rotate_left_5815(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)25, x, __m256i), + mm256_srli_epi64((int32_t)39, x, __m256i)); } /** @@ -966,7 +935,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c115(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5815(ab); } @@ -991,9 +960,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE __m256i rotate_left_5816(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)21, x, __m256i), + mm256_srli_epi64((int32_t)43, x, __m256i)); } /** @@ -1003,7 +971,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c116(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5816(ab); } @@ -1028,9 +996,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE __m256i rotate_left_5817(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)56, x, __m256i), + mm256_srli_epi64((int32_t)8, x, __m256i)); } /** @@ -1040,7 +1007,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c117(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5817(ab); } @@ -1065,9 +1032,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE __m256i rotate_left_5818(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)27, x, __m256i), + mm256_srli_epi64((int32_t)37, x, __m256i)); } /** @@ -1077,7 +1043,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c118(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5818(ab); } @@ -1102,9 +1068,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE __m256i rotate_left_5819(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)20, x, __m256i), + mm256_srli_epi64((int32_t)44, x, __m256i)); } /** @@ -1114,7 +1079,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c119(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5819(ab); } @@ -1139,9 +1104,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE __m256i rotate_left_5820(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)39, x, __m256i), + mm256_srli_epi64((int32_t)25, x, __m256i)); } /** @@ -1151,7 +1115,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c120(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5820(ab); } @@ -1176,9 +1140,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE __m256i rotate_left_5821(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)8, x, __m256i), + mm256_srli_epi64((int32_t)56, x, __m256i)); } /** @@ -1188,7 +1151,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c121(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5821(ab); } @@ -1213,9 +1176,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE __m256i rotate_left_5822(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)14, x, __m256i), + mm256_srli_epi64((int32_t)50, x, __m256i)); } /** @@ -1225,7 +1187,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c122(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5822(ab); } @@ -1478,52 +1440,52 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + __m256i v0l = mm256_permute2x128_si256( (int32_t)32, s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], __m256i); - __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + __m256i v1h = + mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = mm256_permute2x128_si256( (int32_t)49, s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], __m256i); - __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + __m256i v3h = + mm256_permute2x128_si256((int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = mm256_unpackhi_epi64(v2l, v3h); + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice), v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice), v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice), v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice), @@ -1534,7 +1496,7 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), s[i0][j0]); Eurydice_slice uu____0 = Eurydice_slice_subslice2( @@ -1571,7 +1533,7 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), s[i][j]); Eurydice_slice uu____4 = @@ -1846,55 +1808,44 @@ static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - __m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, __m256i); - __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, __m256i); - __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, __m256i); - __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, __m256i); + __m256i v00 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + __m256i v10 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + __m256i v20 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + __m256i v30 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + __m256i v0l = mm256_unpacklo_epi64(v00, v10); + __m256i v1h = mm256_unpackhi_epi64(v00, v10); + __m256i v2l = mm256_unpacklo_epi64(v20, v30); + __m256i v3h = mm256_unpackhi_epi64(v20, v30); + __m256i v0 = mm256_permute2x128_si256((int32_t)32, v0l, v2l, __m256i); + __m256i v1 = mm256_permute2x128_si256((int32_t)32, v1h, v3h, __m256i); + __m256i v2 = mm256_permute2x128_si256((int32_t)49, v0l, v2l, __m256i); + __m256i v3 = mm256_permute2x128_si256((int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( + mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); } size_t rem = (size_t)168U % (size_t)32U; size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); @@ -1927,12 +1878,11 @@ static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); - __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); + __m256i u = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; Eurydice_slice uu____4 = Eurydice_array_to_subslice2( @@ -1963,14 +1913,13 @@ static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); - __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + __m256i u0 = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s0, uint8_t, Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = mm256_xor_si256(s[i][j], u0); } } @@ -2058,52 +2007,52 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + __m256i v0l = mm256_permute2x128_si256( (int32_t)32, s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], __m256i); - __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + __m256i v1h = + mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = mm256_permute2x128_si256( (int32_t)49, s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], __m256i); - __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + __m256i v3h = + mm256_permute2x128_si256((int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = mm256_unpackhi_epi64(v2l, v3h); + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice), v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice), v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice), v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice), @@ -2114,7 +2063,7 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), s[i0][j0]); Eurydice_slice uu____0 = Eurydice_slice_subslice2( @@ -2151,7 +2100,7 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), s[i][j]); Eurydice_slice uu____4 = diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 7db033a15..6a0f4aa3d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 6ed85eaba..5c6e1b03d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index a91465cf4..410cf801c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index a01df3164..f934f6423 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_sha3_neon_H From 97db7bc6fbcaa3763c7579c1259fea71c78bd468 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Tue, 13 Aug 2024 10:01:43 -0700 Subject: [PATCH 053/172] Formatting + recognize builtin slice operations and give them better names --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/eurydice_glue.h | 4 +- libcrux-ml-kem/c/internal/libcrux_core.h | 2 +- .../c/internal/libcrux_mlkem_avx2.h | 2 +- .../c/internal/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- .../c/intrinsics/libcrux_intrinsics_avx2.h | 229 +++++------- libcrux-ml-kem/c/libcrux_core.c | 60 ++- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 349 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 351 ++++++++---------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 153 ++++---- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 148 ++++---- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- 37 files changed, 614 insertions(+), 740 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 7ca8d2e1a..e723c2449 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 53530427db2941ce784201e64086766504bc5642 Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd +Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 7fee796ff..d69631b89 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -79,8 +79,8 @@ typedef struct { EURYDICE_SLICE((t *)x, r, size) #define Eurydice_array_repeat(dst, len, init, t, _ret_t) \ ERROR "should've been desugared" -#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) \ +#define Eurydice_slice_len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) +#define Eurydice_slice_copy(dst, src, t, _ret_t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 6447aecc7..fc8ac46d8 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 122e813a5..0cdbbba23 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index f631392e3..2a1c4a130 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index b46eec044..e8973523d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 9b57ccead..f32525ccb 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h index 6a88e0bc3..df3cab052 100644 --- a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h @@ -21,55 +21,47 @@ typedef __m256i core_core_arch_x86___m256i; // Cast and Convert -static inline core_core_arch_x86___m128i -mm256_castsi256_si128(core_core_arch_x86___m256i a) { +static inline core_core_arch_x86___m128i mm256_castsi256_si128( + core_core_arch_x86___m256i a) { return _mm256_castsi256_si128(a); } -static inline core_core_arch_x86___m256i -mm256_cvtepi16_epi32(core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i mm256_cvtepi16_epi32( + core_core_arch_x86___m128i a) { return _mm256_cvtepi16_epi32(a); } -static inline core_core_arch_x86___m256i -mm256_castsi128_si256(core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i mm256_castsi128_si256( + core_core_arch_x86___m128i a) { return _mm256_castsi128_si256(a); } // Initialize, Load, Store -static inline core_core_arch_x86___m256i -mm256_setzero_si256(void) { +static inline core_core_arch_x86___m256i mm256_setzero_si256(void) { return _mm256_setzero_si256(); } -static inline core_core_arch_x86___m256i -mm256_set1_epi16(int16_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi16(int16_t a) { return _mm256_set1_epi16(a); } -static inline core_core_arch_x86___m256i -mm256_set1_epi32(int32_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi32(int32_t a) { return _mm256_set1_epi32(a); } -static inline core_core_arch_x86___m256i -mm256_set1_epi64x(int64_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi64x(int64_t a) { return _mm256_set1_epi64x(a); } -static inline core_core_arch_x86___m128i mm_set1_epi16( - int16_t a) { +static inline core_core_arch_x86___m128i mm_set1_epi16(int16_t a) { return _mm_set1_epi16(a); } -static inline core_core_arch_x86___m256i -mm256_set_epi16(int16_t x0, int16_t x1, int16_t x2, - int16_t x3, int16_t x4, int16_t x5, - int16_t x6, int16_t x7, int16_t x8, - int16_t x9, int16_t x10, int16_t x11, - int16_t x12, int16_t x13, int16_t x14, - int16_t x15) { +static inline core_core_arch_x86___m256i mm256_set_epi16( + int16_t x0, int16_t x1, int16_t x2, int16_t x3, int16_t x4, int16_t x5, + int16_t x6, int16_t x7, int16_t x8, int16_t x9, int16_t x10, int16_t x11, + int16_t x12, int16_t x13, int16_t x14, int16_t x15) { return _mm256_set_epi16(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15); } @@ -94,59 +86,57 @@ static inline core_core_arch_x86___m128i mm_set_epi8( x13, x14, x15); } -static inline core_core_arch_x86___m256i -mm256_set_epi32(int32_t x0, int32_t x1, int32_t x2, - int32_t x3, int32_t x4, int32_t x5, - int32_t x6, int32_t x7) { +static inline core_core_arch_x86___m256i mm256_set_epi32(int32_t x0, int32_t x1, + int32_t x2, int32_t x3, + int32_t x4, int32_t x5, + int32_t x6, + int32_t x7) { return _mm256_set_epi32(x0, x1, x2, x3, x4, x5, x6, x7); } -static inline core_core_arch_x86___m256i -mm256_loadu_si256_i16(Eurydice_slice a) { +static inline core_core_arch_x86___m256i mm256_loadu_si256_i16( + Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m256i -mm256_loadu_si256_u8(Eurydice_slice a) { +static inline core_core_arch_x86___m256i mm256_loadu_si256_u8( + Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m128i mm_loadu_si128( - Eurydice_slice a) { +static inline core_core_arch_x86___m128i mm_loadu_si128(Eurydice_slice a) { return _mm_loadu_si128((const __m128i*)a.ptr); } -static inline void mm_storeu_bytes_si128( - Eurydice_slice a, core_core_arch_x86___m128i b) { +static inline void mm_storeu_bytes_si128(Eurydice_slice a, + core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } -static inline void mm256_storeu_si256_i16( - Eurydice_slice a, core_core_arch_x86___m256i b) { +static inline void mm256_storeu_si256_i16(Eurydice_slice a, + core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void mm256_storeu_si256_u8( - Eurydice_slice a, core_core_arch_x86___m256i b) { +static inline void mm256_storeu_si256_u8(Eurydice_slice a, + core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void mm_storeu_si128( - Eurydice_slice a, core_core_arch_x86___m128i b) { +static inline void mm_storeu_si128(Eurydice_slice a, + core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } // Arithmetic: Add, Sub -static inline core_core_arch_x86___m256i -mm256_add_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_add_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi16(a, b); } -static inline core_core_arch_x86___m256i -mm256_add_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_add_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi32(a, b); } @@ -155,9 +145,8 @@ static inline core_core_arch_x86___m128i mm_add_epi16( return _mm_add_epi16(a, b); } -static inline core_core_arch_x86___m256i -mm256_sub_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_sub_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sub_epi16(a, b); } @@ -168,27 +157,23 @@ static inline core_core_arch_x86___m128i mm_sub_epi16( // Arithmetic: Mul low and high, Mul-Add combinations -static inline core_core_arch_x86___m256i -mm256_mullo_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mullo_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi16(a, b); } -static inline core_core_arch_x86___m256i -mm256_mulhi_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mulhi_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i -mm256_mul_epu32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mul_epu32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mul_epu32(a, b); } -static inline core_core_arch_x86___m256i -mm256_mullo_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mullo_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi32(a, b); } @@ -202,117 +187,95 @@ static inline core_core_arch_x86___m128i mm_mulhi_epi16( return _mm_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i -mm256_madd_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_madd_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_madd_epi16(a, b); } // Comparison -static inline core_core_arch_x86___m256i -mm256_cmpgt_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_cmpgt_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_cmpgt_epi16(a, b); } // Bitwise operations -static inline core_core_arch_x86___m256i -mm256_and_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_and_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_and_si256(a, b); } -static inline core_core_arch_x86___m256i -mm256_andnot_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_andnot_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_andnot_si256(a, b); } -static inline core_core_arch_x86___m256i -mm256_xor_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_xor_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_xor_si256(a, b); } -static inline int32_t mm_movemask_epi8( - core_core_arch_x86___m128i a) { +static inline int32_t mm_movemask_epi8(core_core_arch_x86___m128i a) { return _mm_movemask_epi8(a); } // Shift operations -#define mm256_srai_epi16(a, b, _) \ - (_mm256_srai_epi16(b, a)) +#define mm256_srai_epi16(a, b, _) (_mm256_srai_epi16(b, a)) -#define mm256_srli_epi16(a, b, _) \ - (_mm256_srli_epi16(b, a)) +#define mm256_srli_epi16(a, b, _) (_mm256_srli_epi16(b, a)) -#define mm256_slli_epi16(a, b, _) \ - (_mm256_slli_epi16(b, a)) +#define mm256_slli_epi16(a, b, _) (_mm256_slli_epi16(b, a)) -#define mm256_slli_epi32(a, b, _) \ - (_mm256_slli_epi32(b, a)) +#define mm256_slli_epi32(a, b, _) (_mm256_slli_epi32(b, a)) -static inline core_core_arch_x86___m256i -mm256_slli_epi64_(int32_t a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_slli_epi64_( + int32_t a, core_core_arch_x86___m256i b) { return _mm256_slli_epi64(b, a); } -#define mm256_slli_epi64(a, b, c) \ - (mm256_slli_epi64_(a, b)) +#define mm256_slli_epi64(a, b, c) (mm256_slli_epi64_(a, b)) -#define mm256_srai_epi32(a, b, _) \ - (_mm256_srai_epi32(b, a)) +#define mm256_srai_epi32(a, b, _) (_mm256_srai_epi32(b, a)) -#define mm256_srli_epi32(a, b, _) \ - (_mm256_srli_epi32(b, a)) +#define mm256_srli_epi32(a, b, _) (_mm256_srli_epi32(b, a)) -static inline core_core_arch_x86___m256i -mm256_sllv_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_sllv_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sllv_epi32(a, b); } -static inline core_core_arch_x86___m256i -mm256_srli_epi64_(int32_t a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_srli_epi64_( + int32_t a, core_core_arch_x86___m256i b) { return _mm256_srli_epi64(b, a); } -#define mm256_srli_epi64(a, b, c) \ - (mm256_srli_epi64_(a, b)) +#define mm256_srli_epi64(a, b, c) (mm256_srli_epi64_(a, b)) // Shuffle and Vector Interleaving -static inline core_core_arch_x86___m256i -mm256_unpacklo_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpacklo_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi32(a, b); } -static inline core_core_arch_x86___m256i -mm256_unpacklo_epi64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpacklo_epi64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi64(a, b); } -static inline core_core_arch_x86___m256i -mm256_unpackhi_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpackhi_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi32(a, b); } -static inline core_core_arch_x86___m256i -mm256_unpackhi_epi64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpackhi_epi64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi64(a, b); } -static inline core_core_arch_x86___m256i -mm256_packs_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_packs_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_packs_epi32(a, b); } @@ -321,39 +284,31 @@ static inline core_core_arch_x86___m128i mm_packs_epi16( return _mm_packs_epi16(a, b); } -#define mm256_shuffle_epi32(a, b, _) \ - (_mm256_shuffle_epi32(b, a)) +#define mm256_shuffle_epi32(a, b, _) (_mm256_shuffle_epi32(b, a)) -#define mm256_extracti128_si256(a, b, _) \ - (_mm256_extracti128_si256(b, a)) +#define mm256_extracti128_si256(a, b, _) (_mm256_extracti128_si256(b, a)) -#define mm256_permute4x64_epi64(a, b, _) \ - (_mm256_permute4x64_epi64(b, a)) +#define mm256_permute4x64_epi64(a, b, _) (_mm256_permute4x64_epi64(b, a)) #define mm256_permute2x128_si256(a, b, c, d) \ (_mm256_permute2x128_si256(b, c, a)) -#define mm256_inserti128_si256(a, b, c, _) \ - (_mm256_inserti128_si256(b, c, a)) +#define mm256_inserti128_si256(a, b, c, _) (_mm256_inserti128_si256(b, c, a)) -#define mm256_blend_epi16(a, b, c, _) \ - (_mm256_blend_epi16(b, c, a)) +#define mm256_blend_epi16(a, b, c, _) (_mm256_blend_epi16(b, c, a)) -static inline core_core_arch_x86___m256i -mm256_shuffle_epi8(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_shuffle_epi8( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_shuffle_epi8(a, b); } -static inline core_core_arch_x86___m256i -mm256_permutevar8x32_epi32( +static inline core_core_arch_x86___m256i mm256_permutevar8x32_epi32( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_permutevar8x32_epi32(a, b); } -static inline core_core_arch_x86___m128i -mm_shuffle_epi8(core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b) { +static inline core_core_arch_x86___m128i mm_shuffle_epi8( + core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_shuffle_epi8(a, b); } diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index d68b3887e..15612ec34 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "internal/libcrux_core.h" @@ -34,8 +34,8 @@ static KRML_NOINLINE uint8_t is_non_zero(uint8_t value) { return inz(value); } */ static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(lhs, uint8_t, size_t); i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t, size_t); + i++) { size_t i0 = i; r = (uint32_t)r | ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) ^ @@ -209,11 +209,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, uint8_t ret[1600U]) { uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } @@ -338,11 +337,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } @@ -451,11 +449,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } @@ -492,11 +489,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } @@ -528,11 +524,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, uint8_t ret[800U]) { uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } @@ -549,11 +544,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index ad9f756f8..75ee93307 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index c08529c9c..35863ace6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 50e07c62b..2741fefc1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 30042b65f..346218da7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 9abe37717..bc1c96e81 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index e5ae18614..2c9ddcf4a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index a41aba859..dfeb04196 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 9deb73411..bd85d0d3f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 736ff90ed..4dfe273b1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 51502e519..ad6bcfffc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 27cd25734..81023ba82 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 22af455fa..648efde9f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index ca06a1920..2203e3d4f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 5ede081b1..47eb50f62 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 72a702c2d..621907540 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 4b62b2e08..600c04eb6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index b8552f9a9..f9b13c6ca 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "internal/libcrux_mlkem_avx2.h" @@ -1119,9 +1119,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, @@ -1153,7 +1151,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -1224,7 +1222,7 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -1247,7 +1245,7 @@ static KRML_MUSTINLINE void serialize_secret_key_ae1( uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -1262,7 +1260,7 @@ static KRML_MUSTINLINE void serialize_secret_key_ae1( uint8_t, Eurydice_slice); uint8_t ret0[384U]; serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -1290,15 +1288,14 @@ static KRML_MUSTINLINE void serialize_public_key_d01( (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; serialize_secret_key_ae1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice_from( + (size_t)1184U, public_key_serialized, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -1762,7 +1759,7 @@ static KRML_MUSTINLINE void sample_matrix_A_a21( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; sample_from_xof_b01(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -1903,8 +1900,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( @@ -1950,8 +1946,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( @@ -2300,7 +2295,7 @@ static KRML_MUSTINLINE void add_to_ring_element_89_971( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, Eurydice_slice), __m256i, size_t); @@ -2364,7 +2359,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], @@ -2374,7 +2369,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -2708,29 +2703,29 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_751( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, + Eurydice_slice), private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, + Eurydice_slice), public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; H_a9_651(public_key, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -2738,13 +2733,12 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_751( uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -3052,7 +3046,7 @@ static KRML_MUSTINLINE void compute_vector_u_001( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], @@ -3062,7 +3056,7 @@ static KRML_MUSTINLINE void compute_vector_u_001( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -3249,7 +3243,7 @@ static KRML_MUSTINLINE void compress_then_serialize_10_2f( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -3345,7 +3339,7 @@ static void compress_then_serialize_u_841( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -3360,7 +3354,7 @@ static void compress_then_serialize_u_841( Eurydice_slice); uint8_t ret[320U]; compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -3441,7 +3435,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_b7( compress_ea_801(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, Eurydice_slice), @@ -3524,7 +3518,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_35( compress_ea_802(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, (size_t)10U * i0 + (size_t)10U, uint8_t, Eurydice_slice), @@ -3689,7 +3683,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, Eurydice_slice), @@ -3713,10 +3707,9 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( encrypt_unpacked_881(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, + uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3745,7 +3738,7 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_e21(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -3771,7 +3764,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -3870,7 +3863,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_501(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -3915,7 +3908,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -4020,9 +4013,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_10_a7(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, @@ -4098,9 +4089,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_11_8d(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, @@ -4160,10 +4149,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b51( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, u_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1088U, ciphertext, + uint8_t, Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -4250,8 +4238,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_4_9a(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, @@ -4327,9 +4314,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_5_75(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, @@ -4424,7 +4409,7 @@ static KRML_MUSTINLINE void compress_then_serialize_message_ec( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), uint8_t, void *);); @@ -4543,7 +4528,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, uint8_t, Eurydice_slice), @@ -4567,8 +4552,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_933( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -4605,9 +4590,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_to_uncompressed_ring_element_63(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, @@ -4633,7 +4616,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_201( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, secret_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4726,7 +4709,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c41( libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -4746,8 +4729,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_c41( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_933( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -4799,7 +4782,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4832,7 +4815,7 @@ static KRML_MUSTINLINE void serialize_secret_key_ae0( uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -4847,7 +4830,7 @@ static KRML_MUSTINLINE void serialize_secret_key_ae0( uint8_t, Eurydice_slice); uint8_t ret0[384U]; serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -4875,15 +4858,14 @@ static KRML_MUSTINLINE void serialize_public_key_d00( (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; serialize_secret_key_ae0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice_from( + (size_t)1568U, public_key_serialized, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -5329,7 +5311,7 @@ static KRML_MUSTINLINE void sample_matrix_A_a20( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; sample_from_xof_b00(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -5479,7 +5461,7 @@ static KRML_MUSTINLINE void add_to_ring_element_89_970( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, Eurydice_slice), __m256i, size_t); @@ -5508,7 +5490,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], @@ -5518,7 +5500,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -5832,29 +5814,29 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_750( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, + Eurydice_slice), private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, + Eurydice_slice), public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; H_a9_650(public_key, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -5862,13 +5844,12 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_750( uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } @@ -6029,7 +6010,7 @@ static KRML_MUSTINLINE void compute_vector_u_000( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], @@ -6039,7 +6020,7 @@ static KRML_MUSTINLINE void compute_vector_u_000( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -6104,7 +6085,7 @@ static KRML_MUSTINLINE void compress_then_serialize_11_d10( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6142,7 +6123,7 @@ static void compress_then_serialize_u_840( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, input, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -6157,7 +6138,7 @@ static void compress_then_serialize_u_840( Eurydice_slice); uint8_t ret[352U]; compress_then_serialize_ring_element_u_b20(&re, ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6321,7 +6302,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, Eurydice_slice), @@ -6345,10 +6326,9 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( encrypt_unpacked_880(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, + uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -6377,7 +6357,7 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_e20(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -6403,7 +6383,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6502,7 +6482,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_500(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -6547,7 +6527,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6636,10 +6616,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b50( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, u_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1568U, ciphertext, + uint8_t, Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -6799,7 +6778,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, uint8_t, Eurydice_slice), @@ -6823,8 +6802,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_931( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -6867,7 +6846,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_200( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, secret_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6961,7 +6940,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c40( libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -6981,8 +6960,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_c40( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_931( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -7034,7 +7013,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7067,7 +7046,7 @@ static KRML_MUSTINLINE void serialize_secret_key_ae( uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -7082,7 +7061,7 @@ static KRML_MUSTINLINE void serialize_secret_key_ae( uint8_t, Eurydice_slice); uint8_t ret0[384U]; serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -7109,15 +7088,14 @@ static KRML_MUSTINLINE void serialize_public_key_d0( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; serialize_secret_key_ae(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice_from( + (size_t)800U, public_key_serialized, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -7551,7 +7529,7 @@ static KRML_MUSTINLINE void sample_matrix_A_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; sample_from_xof_b0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -7706,7 +7684,7 @@ static KRML_MUSTINLINE void add_to_ring_element_89_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, Eurydice_slice), __m256i, size_t); @@ -7735,7 +7713,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], @@ -7745,7 +7723,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -8059,29 +8037,29 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_75( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, + Eurydice_slice), private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, + Eurydice_slice), public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; H_a9_65(public_key, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -8089,13 +8067,12 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_75( uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } @@ -8302,7 +8279,7 @@ static KRML_MUSTINLINE void compute_vector_u_00( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], @@ -8312,7 +8289,7 @@ static KRML_MUSTINLINE void compute_vector_u_00( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -8374,7 +8351,7 @@ static void compress_then_serialize_u_84( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, input, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -8389,7 +8366,7 @@ static void compress_then_serialize_u_84( Eurydice_slice); uint8_t ret[320U]; compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -8540,7 +8517,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, Eurydice_slice), @@ -8564,10 +8541,9 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( encrypt_unpacked_88(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, + uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -8596,7 +8572,7 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_e2(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -8622,7 +8598,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8721,7 +8697,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_50(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -8766,7 +8742,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -8825,10 +8801,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b5( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, u_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)768U, ciphertext, + uint8_t, Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -8976,7 +8951,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, uint8_t, Eurydice_slice), @@ -9000,8 +8975,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_93( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), @@ -9044,7 +9019,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_20( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, secret_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -9137,7 +9112,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c4( libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -9157,8 +9132,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_c4( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_93( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 0160ca63a..387e2688b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 17829cbe3..5e095170d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index ac6a63ca9..b16ccff8b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 12255e9d4..8e3b74136 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "internal/libcrux_mlkem_portable.h" @@ -2228,7 +2228,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { + i < Eurydice_slice_len(a, uint8_t, size_t) / (size_t)3U; i++) { size_t i0 = i; int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, uint8_t, uint8_t *, uint8_t); @@ -2352,9 +2352,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, @@ -2388,7 +2386,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2471,7 +2469,7 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -2494,7 +2492,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f81( uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -2509,7 +2507,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f81( uint8_t, Eurydice_slice); uint8_t ret0[384U]; serialize_uncompressed_ring_element_f6(&re, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -2537,15 +2535,14 @@ static KRML_MUSTINLINE void serialize_public_key_801( (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; serialize_secret_key_f81(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice_from( + (size_t)1568U, public_key_serialized, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -3009,7 +3006,7 @@ static KRML_MUSTINLINE void sample_matrix_A_231( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; sample_from_xof_2b1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -3134,8 +3131,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( @@ -3181,8 +3177,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( @@ -3551,7 +3546,7 @@ static KRML_MUSTINLINE void add_to_ring_element_89_931( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3624,7 +3619,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], @@ -3634,7 +3629,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -3975,29 +3970,29 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f2( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, + Eurydice_slice), private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, + Eurydice_slice), public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; H_f1_2e1(public_key, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -4005,13 +4000,12 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f2( uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } @@ -4331,7 +4325,7 @@ static KRML_MUSTINLINE void compute_vector_u_a11( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], @@ -4341,7 +4335,7 @@ static KRML_MUSTINLINE void compute_vector_u_a11( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -4541,7 +4535,7 @@ static KRML_MUSTINLINE void compress_then_serialize_11_e10( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -4579,7 +4573,7 @@ static void compress_then_serialize_u_241( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, input, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -4594,7 +4588,7 @@ static void compress_then_serialize_u_241( Eurydice_slice); uint8_t ret[352U]; compress_then_serialize_ring_element_u_2f0(&re, ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -4649,7 +4643,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_e5( compress_0d_311(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, Eurydice_slice), @@ -4706,7 +4700,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_a3( compress_0d_312(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, (size_t)10U * i0 + (size_t)10U, uint8_t, Eurydice_slice), @@ -4874,7 +4868,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, Eurydice_slice), @@ -4898,10 +4892,9 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( encrypt_unpacked_6c1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, + uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4930,7 +4923,7 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_44(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -4956,7 +4949,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5056,7 +5049,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_c2(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -5101,7 +5094,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -5188,9 +5181,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_10_e9(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, @@ -5251,9 +5242,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_11_f5(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, @@ -5316,10 +5305,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1568U, ciphertext, + uint8_t, Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -5388,8 +5376,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_4_34(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, @@ -5450,9 +5437,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_5_53(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, @@ -5554,7 +5539,7 @@ static KRML_MUSTINLINE void compress_then_serialize_message_3a( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), uint8_t, void *);); @@ -5675,7 +5660,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, uint8_t, Eurydice_slice), @@ -5699,8 +5684,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -5737,9 +5722,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_to_uncompressed_ring_element_05(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, @@ -5767,7 +5750,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_011( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5861,7 +5844,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -5881,8 +5864,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -5934,7 +5917,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5967,7 +5950,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f80( uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -5982,7 +5965,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f80( uint8_t, Eurydice_slice); uint8_t ret0[384U]; serialize_uncompressed_ring_element_f6(&re, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6009,15 +5992,14 @@ static KRML_MUSTINLINE void serialize_public_key_800( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; serialize_secret_key_f80(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice_from( + (size_t)800U, public_key_serialized, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -6455,7 +6437,7 @@ static KRML_MUSTINLINE void sample_matrix_A_230( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; sample_from_xof_2b0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -6598,7 +6580,7 @@ static KRML_MUSTINLINE void add_to_ring_element_89_930( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6632,7 +6614,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], @@ -6642,7 +6624,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -6960,29 +6942,29 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_41( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, + Eurydice_slice), private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, + Eurydice_slice), public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; H_f1_2e0(public_key, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6990,13 +6972,12 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_41( uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } @@ -7192,7 +7173,7 @@ static KRML_MUSTINLINE void compute_vector_u_a10( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], @@ -7202,7 +7183,7 @@ static KRML_MUSTINLINE void compute_vector_u_a10( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -7267,7 +7248,7 @@ static KRML_MUSTINLINE void compress_then_serialize_10_3b( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -7305,7 +7286,7 @@ static void compress_then_serialize_u_240( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, input, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -7320,7 +7301,7 @@ static void compress_then_serialize_u_240( Eurydice_slice); uint8_t ret[320U]; compress_then_serialize_ring_element_u_2f(&re, ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -7485,7 +7466,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, Eurydice_slice), @@ -7509,10 +7490,9 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( encrypt_unpacked_6c0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, + uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7541,7 +7521,7 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_5d(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -7567,7 +7547,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7667,7 +7647,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_e8(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -7712,7 +7692,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -7801,10 +7781,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)768U, ciphertext, + uint8_t, Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -7964,7 +7943,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, uint8_t, Eurydice_slice), @@ -7988,8 +7967,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), @@ -8032,7 +8011,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_010( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8125,7 +8104,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -8145,8 +8124,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), @@ -8198,7 +8177,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8231,7 +8210,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f8( uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -8246,7 +8225,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f8( uint8_t, Eurydice_slice); uint8_t ret0[384U]; serialize_uncompressed_ring_element_f6(&re, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -8274,15 +8253,14 @@ static KRML_MUSTINLINE void serialize_public_key_80( (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; serialize_secret_key_f8(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice_from( + (size_t)1184U, public_key_serialized, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -8720,7 +8698,7 @@ static KRML_MUSTINLINE void sample_matrix_A_23( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; sample_from_xof_2b(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -8852,7 +8830,7 @@ static KRML_MUSTINLINE void add_to_ring_element_89_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8886,7 +8864,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], @@ -8896,7 +8874,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -9214,29 +9192,29 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_a8( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, + Eurydice_slice), private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, + Eurydice_slice), public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; H_f1_2e(public_key, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -9244,13 +9222,12 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_a8( uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -9413,7 +9390,7 @@ static KRML_MUSTINLINE void compute_vector_u_a1( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], @@ -9423,7 +9400,7 @@ static KRML_MUSTINLINE void compute_vector_u_a1( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -9485,7 +9462,7 @@ static void compress_then_serialize_u_24( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -9500,7 +9477,7 @@ static void compress_then_serialize_u_24( Eurydice_slice); uint8_t ret[320U]; compress_then_serialize_ring_element_u_2f(&re, ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -9653,7 +9630,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, Eurydice_slice), @@ -9677,10 +9654,9 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( encrypt_unpacked_6c(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, + uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -9709,7 +9685,7 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_6c(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -9735,7 +9711,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -9835,7 +9811,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_b6(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -9880,7 +9856,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -9939,10 +9915,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1088U, ciphertext, + uint8_t, Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -10091,7 +10066,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, uint8_t, Eurydice_slice), @@ -10115,8 +10090,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -10159,7 +10134,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_01( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -10252,7 +10227,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -10272,8 +10247,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index b0289bed0..9f1fa404e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index ccfe7dd6c..1db3feef1 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 3faad892c..21018855e 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "internal/libcrux_sha3_avx2.h" @@ -263,28 +263,28 @@ static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], uint8_t u8s[32U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____1 = Eurydice_array_to_subslice2( u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____1, Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____2 = Eurydice_array_to_subslice2( u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____2, Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____3 = Eurydice_array_to_subslice2( u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____3, Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), @@ -298,28 +298,28 @@ static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], uint8_t u8s0[32U] = {0U}; Eurydice_slice uu____4 = Eurydice_array_to_subslice2( u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____4, Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____5 = Eurydice_array_to_subslice2( u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____5, Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____7 = Eurydice_array_to_subslice2( u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____7, Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), @@ -1412,15 +1412,14 @@ with const generics */ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); @@ -1501,32 +1500,28 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], s[i0][j0]); Eurydice_slice uu____0 = Eurydice_slice_subslice2( out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____1 = Eurydice_slice_subslice2( out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____2 = Eurydice_slice_subslice2( out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____3 = Eurydice_slice_subslice2( out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, + uint8_t, Eurydice_slice), + uint8_t, void *); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -1539,7 +1534,7 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], Eurydice_slice uu____4 = Eurydice_slice_subslice2(out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____4, Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice), @@ -1547,7 +1542,7 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], Eurydice_slice uu____5 = Eurydice_slice_subslice2(out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____5, Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice), @@ -1555,7 +1550,7 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], Eurydice_slice uu____6 = Eurydice_slice_subslice2(out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice), @@ -1563,7 +1558,7 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], Eurydice_slice uu____7 = Eurydice_slice_subslice2(out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____7, Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice), @@ -1634,8 +1629,8 @@ static KRML_MUSTINLINE void squeeze_first_and_last_a4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1697,8 +1692,8 @@ static KRML_MUSTINLINE void squeeze_last_77( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1717,8 +1712,7 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -1728,18 +1722,16 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); absorb_block_37(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[4U]; memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - slice_n_ef(copy_of_data, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, + rem, ret); libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -1852,28 +1844,28 @@ static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], uint8_t u8s[32U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____1 = Eurydice_array_to_subslice2( u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____1, Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____2 = Eurydice_array_to_subslice2( u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____2, Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____3 = Eurydice_array_to_subslice2( u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____3, Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), @@ -1887,28 +1879,28 @@ static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], uint8_t u8s0[32U] = {0U}; Eurydice_slice uu____4 = Eurydice_array_to_subslice2( u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____4, Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____5 = Eurydice_array_to_subslice2( u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____5, Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____7 = Eurydice_array_to_subslice2( u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____7, Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), @@ -1969,15 +1961,14 @@ with const generics */ static KRML_MUSTINLINE void absorb_final_5e0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); @@ -2068,32 +2059,28 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], s[i0][j0]); Eurydice_slice uu____0 = Eurydice_slice_subslice2( out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____1 = Eurydice_slice_subslice2( out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____2 = Eurydice_slice_subslice2( out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____3 = Eurydice_slice_subslice2( out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, + uint8_t, Eurydice_slice), + uint8_t, void *); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -2106,7 +2093,7 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], Eurydice_slice uu____4 = Eurydice_slice_subslice2(out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____4, Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice), @@ -2114,7 +2101,7 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], Eurydice_slice uu____5 = Eurydice_slice_subslice2(out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____5, Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice), @@ -2122,7 +2109,7 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], Eurydice_slice uu____6 = Eurydice_slice_subslice2(out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice), @@ -2130,7 +2117,7 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], Eurydice_slice uu____7 = Eurydice_slice_subslice2(out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____7, Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice), diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 6a0f4aa3d..51745acca 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 5c6e1b03d..e9cc05643 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_sha3_internal_H @@ -1373,14 +1373,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1408,7 +1408,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -1519,14 +1519,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1554,7 +1554,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -1684,8 +1684,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1711,8 +1711,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1733,8 +1733,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -1745,18 +1744,17 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( (size_t)168U, ret); libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, + ret); libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { @@ -1909,14 +1907,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -1944,7 +1942,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -2001,8 +1999,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -2067,8 +2065,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -2089,8 +2087,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2101,18 +2098,17 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( (size_t)104U, ret); libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, + ret); libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { @@ -2265,14 +2261,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2300,7 +2296,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -2357,8 +2353,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -2423,8 +2419,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -2445,8 +2441,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2457,18 +2452,17 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( (size_t)144U, ret); libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, + ret); libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { @@ -2606,8 +2600,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -2633,8 +2627,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -2655,8 +2649,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2667,18 +2660,17 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, + ret); libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2742,14 +2734,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2776,8 +2768,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2788,18 +2779,17 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, + ret); libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2952,14 +2942,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2987,7 +2977,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -3043,8 +3033,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -3109,8 +3099,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -3131,8 +3121,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -3143,18 +3132,17 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( (size_t)72U, ret); libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, + ret); libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 410cf801c..0aff077db 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index f934f6423..22527915e 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_sha3_neon_H From 490a8664911fa33e785d629c78d6ee3dd85448e6 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Tue, 13 Aug 2024 15:55:31 -0700 Subject: [PATCH 054/172] More cosmetic changes for core_slice -- align convention with other macros in eurydice_glue.h --- libcrux-ml-kem/c/code_gen.txt | 4 +- libcrux-ml-kem/c/eurydice_glue.h | 14 ++--- libcrux-ml-kem/c/internal/libcrux_core.h | 4 +- .../c/internal/libcrux_mlkem_avx2.h | 4 +- .../c/internal/libcrux_mlkem_portable.h | 4 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 4 +- .../c/internal/libcrux_sha3_internal.h | 4 +- libcrux-ml-kem/c/libcrux_core.c | 4 +- libcrux-ml-kem/c/libcrux_core.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 52 +++++++++---------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 52 +++++++++---------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 4 +- libcrux-ml-kem/c/libcrux_sha3.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 12 ++--- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 6 +-- libcrux-ml-kem/c/libcrux_sha3_neon.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 4 +- 36 files changed, 130 insertions(+), 130 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index e723c2449..f72ded992 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: Charon: 53530427db2941ce784201e64086766504bc5642 -Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 +Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe +Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index d69631b89..a67112e4d 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -95,14 +95,14 @@ typedef struct { #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ Eurydice_array_eq -#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ +#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ +#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ .len = slice.len - mid}}) // Conversion of slice to an array, rewritten (by Eurydice) to name the diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index fc8ac46d8..623ee2e33 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 0cdbbba23..f34f0c2b5 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 2a1c4a130..3440fb4f5 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index e8973523d..8dda8c115 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index f32525ccb..da05fa1bd 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 15612ec34..530c51b41 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 75ee93307..0f2c87c60 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 35863ace6..d3de010b9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 2741fefc1..a1cb8218d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 346218da7..8a0166dc9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index bc1c96e81..6c4f44fb2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 2c9ddcf4a..c05192ca4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index dfeb04196..985badcf2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index bd85d0d3f..4f7ed3b84 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 4dfe273b1..4b2301d20 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index ad6bcfffc..34860cfb5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 81023ba82..ee244c401 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 648efde9f..464479327 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 2203e3d4f..1e3b6b0d7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 47eb50f62..00fc716d5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 621907540..6368a10f6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 600c04eb6..0f4992a7e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index f9b13c6ca..5f9d39d90 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "internal/libcrux_mlkem_avx2.h" @@ -2443,7 +2443,7 @@ static tuple_9b0 generate_keypair_unpacked_6c1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_681(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; @@ -3692,7 +3692,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( G_a9_681( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3916,7 +3916,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( G_a9_681( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4537,7 +4537,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( G_a9_681( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4688,17 +4688,17 @@ with const generics void libcrux_ml_kem_ind_cca_decapsulate_c41( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, Eurydice_slice), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -4718,7 +4718,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c41( G_a9_681( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5574,7 +5574,7 @@ static tuple_54 generate_keypair_unpacked_6c0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_680(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; @@ -6311,7 +6311,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( G_a9_680( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6535,7 +6535,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( G_a9_680( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6787,7 +6787,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( G_a9_680( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6919,17 +6919,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_c40( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, Eurydice_slice), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -6949,7 +6949,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c40( G_a9_680( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7797,7 +7797,7 @@ static tuple_4c generate_keypair_unpacked_6c( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; @@ -8526,7 +8526,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8750,7 +8750,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8960,7 +8960,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -9091,17 +9091,17 @@ with const generics void libcrux_ml_kem_ind_cca_decapsulate_c4( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, Eurydice_slice), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -9121,7 +9121,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c4( G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 387e2688b..581fe5046 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 5e095170d..0c3f273f4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index b16ccff8b..2e870e044 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 8e3b74136..d94183ec5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "internal/libcrux_mlkem_portable.h" @@ -3704,7 +3704,7 @@ static tuple_540 generate_keypair_unpacked_f41( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_b61(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; @@ -4877,7 +4877,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5102,7 +5102,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5669,7 +5669,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5823,17 +5823,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, Eurydice_slice), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -5853,7 +5853,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6699,7 +6699,7 @@ static tuple_4c0 generate_keypair_unpacked_f40( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_b60(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; @@ -7475,7 +7475,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7700,7 +7700,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7952,7 +7952,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8083,17 +8083,17 @@ libcrux_ml_kem_ind_cca_MlKem with const generics void libcrux_ml_kem_ind_cca_decapsulate_4f0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, Eurydice_slice), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -8113,7 +8113,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8949,7 +8949,7 @@ static tuple_9b generate_keypair_unpacked_f4( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_b6(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; @@ -9639,7 +9639,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -9864,7 +9864,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -10075,7 +10075,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -10206,17 +10206,17 @@ libcrux_ml_kem_ind_cca_MlKem with const generics void libcrux_ml_kem_ind_cca_decapsulate_4f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, Eurydice_slice), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -10236,7 +10236,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 9f1fa404e..906bcf5b1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 1db3feef1..ff949e742 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 21018855e..7566cbba9 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "internal/libcrux_sha3_avx2.h" @@ -129,19 +129,19 @@ split_at_mut_4(Eurydice_slice out[4U], size_t mid) { Eurydice_slice out1 = out[1U]; Eurydice_slice out2 = out[2U]; Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at_mut( out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out10 = uu____1.fst; Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at_mut( out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out20 = uu____2.fst; Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at_mut( out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out30 = uu____3.fst; Eurydice_slice out31 = uu____3.snd; diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 51745acca..e52af2318 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index e9cc05643..c220f3851 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_sha3_internal_H @@ -158,7 +158,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a( static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2 libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out[0U], mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 0aff077db..33441c4b0 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 22527915e..392f45269 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_sha3_neon_H From 03567834ef77b245b4ab1aad00d5cce1dac5b407 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 14 Aug 2024 08:41:28 +0200 Subject: [PATCH 055/172] fix(mlkem/fstar): fix regression introduced by hacspec/hax#864 hacspec/hax#864 makes `fstar::before` and `fstar::after` chunks of code defaults to implementation files (fst). This commit backport that change and makes some code go explicitly to interfaces. --- libcrux-ml-kem/src/mlkem1024.rs | 1 + libcrux-ml-kem/src/mlkem512.rs | 1 + libcrux-ml-kem/src/mlkem768.rs | 1 + 3 files changed, 3 insertions(+) diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 78d21d7b9..567c142ac 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -234,6 +234,7 @@ macro_rules! instantiate { #[cfg_attr( hax, hax_lib::fstar::before( + interface, " let _ = (* This module has implicit dependencies, here we make them explicit. *) diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 8f7d72172..adb0ce646 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -227,6 +227,7 @@ macro_rules! instantiate { #[cfg_attr( hax, hax_lib::fstar::before( + interface, " let _ = (* This module has implicit dependencies, here we make them explicit. *) diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 82666e8bc..979524a14 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -230,6 +230,7 @@ macro_rules! instantiate { #[cfg_attr( hax, hax_lib::fstar::before( + interface, " let _ = (* This module has implicit dependencies, here we make them explicit. *) From e19a7609844a9aae74d3c961e16cfb5a6e9bcd77 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 14 Aug 2024 08:44:36 +0200 Subject: [PATCH 056/172] Benchmark pqclean --- libcrux-ml-dsa/benches/bench_utils.rs | 62 ++++++++++++++++++++++----- libcrux-ml-dsa/benches/manual44.rs | 6 +-- libcrux-ml-dsa/benches/manual65.rs | 6 +-- libcrux-ml-dsa/benches/manual87.rs | 6 +-- 4 files changed, 61 insertions(+), 19 deletions(-) diff --git a/libcrux-ml-dsa/benches/bench_utils.rs b/libcrux-ml-dsa/benches/bench_utils.rs index 604bb0364..21d756ee8 100644 --- a/libcrux-ml-dsa/benches/bench_utils.rs +++ b/libcrux-ml-dsa/benches/bench_utils.rs @@ -65,26 +65,29 @@ macro_rules! bench { } #[macro_export] -macro_rules! bench_group { +macro_rules! bench_group_libcrux { ($variant:literal, $mod:ident, $keypair_t:ident, $signature_t:ident) => {{ bench!( - "KeyGen", + "(libcrux) KeyGen", $variant, (), |()| { - let key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE] = bench_utils::random_array(); + let key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE] = + bench_utils::random_array(); key_generation_seed }, |key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE]| { $mod::generate_key_pair(key_generation_seed) } ); + bench!( - "Sign", + "(libcrux) Sign", $variant, (), |()| { - let key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE] = bench_utils::random_array(); + let key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE] = + bench_utils::random_array(); let signing_randomness: [u8; SIGNING_RANDOMNESS_SIZE] = bench_utils::random_array(); let message = bench_utils::random_array::<1023>(); let keypair = $mod::generate_key_pair(key_generation_seed); @@ -99,11 +102,12 @@ macro_rules! bench_group { ); bench!( - "Verify", + "(libcrux) Verify", $variant, (), |()| { - let key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE] = bench_utils::random_array(); + let key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE] = + bench_utils::random_array(); let signing_randomness: [u8; SIGNING_RANDOMNESS_SIZE] = bench_utils::random_array(); let message = bench_utils::random_array::<1023>(); let keypair = $mod::generate_key_pair(key_generation_seed); @@ -119,6 +123,44 @@ macro_rules! bench_group { }}; } - - - +#[macro_export] +macro_rules! bench_group_pqclean { + ($variant:literal, $mod:ident) => {{ + bench!("(pqclean) KeyGen", $variant, (), |()| {}, |()| { + pqcrypto_dilithium::$mod::keypair() + }); + bench!( + "(pqclean) Sign", + $variant, + (), + |()| { + let (_, sk) = pqcrypto_dilithium::$mod::keypair(); + let message = bench_utils::random_array::<1023>(); + (sk, message) + }, + |(sk, message): (pqcrypto_dilithium::$mod::SecretKey, [u8; 1023])| { + let _ = pqcrypto_dilithium::$mod::detached_sign(&message, &sk); + } + ); + bench!( + "(pqclean) Verify", + $variant, + (), + |()| { + let (vk, sk) = pqcrypto_dilithium::$mod::keypair(); + let message = bench_utils::random_array::<1023>(); + let signature = pqcrypto_dilithium::$mod::detached_sign(&message, &sk); + (vk, message, signature) + }, + |(vk, message, signature): ( + pqcrypto_dilithium::$mod::PublicKey, + [u8; 1023], + pqcrypto_dilithium::$mod::DetachedSignature + )| { + let _ = + pqcrypto_dilithium::$mod::verify_detached_signature(&signature, &message, &vk) + .unwrap(); + } + ); + }}; +} diff --git a/libcrux-ml-dsa/benches/manual44.rs b/libcrux-ml-dsa/benches/manual44.rs index 9efe13d9b..1719c7478 100644 --- a/libcrux-ml-dsa/benches/manual44.rs +++ b/libcrux-ml-dsa/benches/manual44.rs @@ -1,15 +1,15 @@ - - use libcrux_ml_dsa::{ ml_dsa_44::{self, MLDSA44KeyPair, MLDSA44Signature}, KEY_GENERATION_RANDOMNESS_SIZE, SIGNING_RANDOMNESS_SIZE, }; +use pqcrypto_dilithium; #[path = "./bench_utils.rs"] #[macro_use] mod bench_utils; fn main() { - bench_group!("44", ml_dsa_44, MLDSA44KeyPair, MLDSA44Signature); + bench_group_libcrux!("44", ml_dsa_44, MLDSA44KeyPair, MLDSA44Signature); + bench_group_pqclean!("44", dilithium2); } diff --git a/libcrux-ml-dsa/benches/manual65.rs b/libcrux-ml-dsa/benches/manual65.rs index 437a7b19f..d65168b3a 100644 --- a/libcrux-ml-dsa/benches/manual65.rs +++ b/libcrux-ml-dsa/benches/manual65.rs @@ -1,15 +1,15 @@ - - use libcrux_ml_dsa::{ ml_dsa_65::{self, MLDSA65KeyPair, MLDSA65Signature}, KEY_GENERATION_RANDOMNESS_SIZE, SIGNING_RANDOMNESS_SIZE, }; +use pqcrypto_dilithium; #[path = "./bench_utils.rs"] #[macro_use] mod bench_utils; fn main() { - bench_group!("65", ml_dsa_65, MLDSA65KeyPair, MLDSA65Signature); + bench_group_libcrux!("65", ml_dsa_65, MLDSA65KeyPair, MLDSA65Signature); + bench_group_pqclean!("65", dilithium3); } diff --git a/libcrux-ml-dsa/benches/manual87.rs b/libcrux-ml-dsa/benches/manual87.rs index d16bbf008..76a4989f6 100644 --- a/libcrux-ml-dsa/benches/manual87.rs +++ b/libcrux-ml-dsa/benches/manual87.rs @@ -1,15 +1,15 @@ - - use libcrux_ml_dsa::{ ml_dsa_87::{self, MLDSA87KeyPair, MLDSA87Signature}, KEY_GENERATION_RANDOMNESS_SIZE, SIGNING_RANDOMNESS_SIZE, }; +use pqcrypto_dilithium; #[path = "./bench_utils.rs"] #[macro_use] mod bench_utils; fn main() { - bench_group!("87", ml_dsa_87, MLDSA87KeyPair, MLDSA87Signature); + bench_group_libcrux!("87", ml_dsa_87, MLDSA87KeyPair, MLDSA87Signature); + bench_group_pqclean!("87", dilithium5); } From 7af24bf2d8b83b90b6f4805047c24fe39b5709bd Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 14 Aug 2024 09:08:32 +0200 Subject: [PATCH 057/172] More meaningful constants --- libcrux-ml-dsa/benches/bench_utils.rs | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/libcrux-ml-dsa/benches/bench_utils.rs b/libcrux-ml-dsa/benches/bench_utils.rs index 21d756ee8..cc1b663eb 100644 --- a/libcrux-ml-dsa/benches/bench_utils.rs +++ b/libcrux-ml-dsa/benches/bench_utils.rs @@ -11,17 +11,17 @@ pub(crate) fn random_array() -> [u8; L] { #[allow(unused)] pub(crate) fn print_time(label: &str, d: std::time::Duration) { let micros = d.as_micros(); - let time = if micros < (1_000 * ITERATIONS as u128) { + let time = if micros < MILLI_PER_ITERATION_THRESHOLD { format!("{} μs", micros / ITERATIONS as u128) - } else if micros < (1_000_000 * ITERATIONS as u128) { + } else if micros < SECOND_PER_ITERATION_THRESHOLD { format!( "{:.2} ms", - (micros as f64 / (1_000_f64 * ITERATIONS as f64)) + (micros as f64 / (MICROS_PER_MILLI * ITERATIONS as f64)) ) } else { format!( "{:.2}s", - (micros as f64 / (1_000_000_f64 * ITERATIONS as f64)) + (micros as f64 / (MICROS_PER_SECOND * ITERATIONS as f64)) ) }; let space = if label.len() < 6 { @@ -33,11 +33,15 @@ pub(crate) fn print_time(label: &str, d: std::time::Duration) { println!("{label}:{space}{time}"); } -#[allow(unused)] pub(crate) const ITERATIONS: usize = 100_000; #[allow(unused)] pub(crate) const WARMUP_ITERATIONS: usize = 1_000; +pub(crate) const MICROS_PER_MILLI: f64 = 1_000.0; +pub(crate) const MICROS_PER_SECOND: f64 = 1_000_000.0; +pub(crate) const MILLI_PER_ITERATION_THRESHOLD: u128 = 1_000 * ITERATIONS as u128; +pub(crate) const SECOND_PER_ITERATION_THRESHOLD: u128 = 1_000_000 * ITERATIONS as u128; + // A benchmarking macro to avoid copying memory and skewing the results. #[macro_export] macro_rules! bench { From af83d1d71082ffb8930e89eeba18666f76fcf95f Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 14 Aug 2024 11:24:15 +0200 Subject: [PATCH 058/172] Remove unnecessary attributes --- libcrux-ml-dsa/benches/manual44.rs | 2 -- libcrux-ml-dsa/benches/manual65.rs | 2 -- libcrux-ml-dsa/benches/manual87.rs | 2 -- 3 files changed, 6 deletions(-) diff --git a/libcrux-ml-dsa/benches/manual44.rs b/libcrux-ml-dsa/benches/manual44.rs index 1719c7478..050296e14 100644 --- a/libcrux-ml-dsa/benches/manual44.rs +++ b/libcrux-ml-dsa/benches/manual44.rs @@ -5,8 +5,6 @@ use libcrux_ml_dsa::{ use pqcrypto_dilithium; -#[path = "./bench_utils.rs"] -#[macro_use] mod bench_utils; fn main() { diff --git a/libcrux-ml-dsa/benches/manual65.rs b/libcrux-ml-dsa/benches/manual65.rs index d65168b3a..18c6598dc 100644 --- a/libcrux-ml-dsa/benches/manual65.rs +++ b/libcrux-ml-dsa/benches/manual65.rs @@ -5,8 +5,6 @@ use libcrux_ml_dsa::{ use pqcrypto_dilithium; -#[path = "./bench_utils.rs"] -#[macro_use] mod bench_utils; fn main() { diff --git a/libcrux-ml-dsa/benches/manual87.rs b/libcrux-ml-dsa/benches/manual87.rs index 76a4989f6..4daf07f24 100644 --- a/libcrux-ml-dsa/benches/manual87.rs +++ b/libcrux-ml-dsa/benches/manual87.rs @@ -5,8 +5,6 @@ use libcrux_ml_dsa::{ use pqcrypto_dilithium; -#[path = "./bench_utils.rs"] -#[macro_use] mod bench_utils; fn main() { From 0c66762ad2fdfb3f110ee362fa210bea0fecd265 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 14 Aug 2024 14:26:40 +0000 Subject: [PATCH 059/172] code update --- libcrux-ml-kem/c/code_gen.txt | 8 +- libcrux-ml-kem/c/internal/libcrux_core.h | 8 +- .../c/internal/libcrux_mlkem_avx2.h | 8 +- .../c/internal/libcrux_mlkem_portable.h | 8 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 8 +- .../c/internal/libcrux_sha3_internal.h | 8 +- libcrux-ml-kem/c/libcrux_core.c | 8 +- libcrux-ml-kem/c/libcrux_core.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 8 +- libcrux-ml-kem/c/libcrux_sha3.h | 8 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 8 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 8 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 8 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 8 +- libcrux-ml-kem/cg.yaml | 3 + libcrux-ml-kem/cg/CMakeLists.txt | 13 +- libcrux-ml-kem/cg/code_gen.txt | 8 +- libcrux-ml-kem/cg/eurydice_glue.h | 32 +- .../cg/intrinsics/libcrux_intrinsics_avx2.h | 8 +- libcrux-ml-kem/cg/karamel/target.h | 8 +- libcrux-ml-kem/cg/libcrux_core.h | 193 ++-- libcrux-ml-kem/cg/libcrux_ct_ops.h | 12 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 987 +++++++++--------- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 916 ++++++++-------- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 231 ++-- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 420 ++++---- libcrux-ml-kem/src/ind_cca.rs | 7 +- 48 files changed, 1615 insertions(+), 1503 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index f72ded992..ba5d875e5 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 53530427db2941ce784201e64086766504bc5642 -Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 +Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 +Eurydice: 99662476dd28a9804b424c103638a01c38192491 Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b -F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 +F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty +Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 623ee2e33..da8519687 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index f34f0c2b5..61e13adf5 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 3440fb4f5..8bb1670f5 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 8dda8c115..a21a1ea77 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index da05fa1bd..d241665d9 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 530c51b41..04876b464 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 0f2c87c60..516d272b4 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index d3de010b9..8c75ddb2b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index a1cb8218d..b88959233 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 8a0166dc9..4df590c69 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 6c4f44fb2..f3972ee47 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index c05192ca4..2d6df8a83 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 985badcf2..4fad52629 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 4f7ed3b84..105246cbd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 4b2301d20..a44306c02 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 34860cfb5..cd8fdcf86 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index ee244c401..fbf4c704a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 464479327..9e38f6ac7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 1e3b6b0d7..7db84cb52 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 00fc716d5..a8b4c34fb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 6368a10f6..1b9a4635c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 0f4992a7e..c2711fec9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 5f9d39d90..1d64639b8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "internal/libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 581fe5046..f3407c5c8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 0c3f273f4..8423fab45 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 2e870e044..da5369479 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index d94183ec5..2740a4100 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 906bcf5b1..43b255e31 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index ff949e742..84ec271c7 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 7566cbba9..2f9a9aad5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index e52af2318..9d01f7976 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index c220f3851..4540827a1 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 33441c4b0..5c3fac29b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 392f45269..cafe0e86c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg.yaml b/libcrux-ml-kem/cg.yaml index d4a28b48e..c306d615c 100644 --- a/libcrux-ml-kem/cg.yaml +++ b/libcrux-ml-kem/cg.yaml @@ -121,3 +121,6 @@ naming: skip_prefix: - [ core, core_arch, arm_shared, neon ] - [ core, core_arch, x86 ] + - [ core, option ] + - [ core, result ] + - [ core, array ] diff --git a/libcrux-ml-kem/cg/CMakeLists.txt b/libcrux-ml-kem/cg/CMakeLists.txt index 036fa6f18..4d33faa9a 100644 --- a/libcrux-ml-kem/cg/CMakeLists.txt +++ b/libcrux-ml-kem/cg/CMakeLists.txt @@ -14,13 +14,9 @@ set(CMAKE_C_STANDARD 11) set(CMAKE_CXX_STANDARD 20) if(NOT MSVC) - # TODO: Clean up add_compile_options( -Wall - # -Wextra - # -pedantic - # -Wconversion - # -Wsign-conversion + -fstack-usage $<$:-g> $<$:-Og> $<$:-g> @@ -28,6 +24,13 @@ if(NOT MSVC) ) endif(NOT MSVC) +if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND + CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.0.0") OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND + CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.1.6")) + add_compile_options(-Werror -Wframe-larger-than=25344) +endif() + set(CMAKE_COLOR_DIAGNOSTICS "ON") include_directories( ${PROJECT_SOURCE_DIR} diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 6acb4d397..ba5d875e5 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 53530427db2941ce784201e64086766504bc5642 -Eurydice: 67f4341506300372fba9cb8de070234935839cb7 -Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 +Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 +Eurydice: 99662476dd28a9804b424c103638a01c38192491 +Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 +Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 2d6575328..5b967874d 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -1,3 +1,10 @@ +/* + * SPDX-FileCopyrightText: 2024 Eurydice Contributors + * SPDX-FileCopyrightText: 2024 Cryspen Sarl + * + * SPDX-License-Identifier: Apache-2.0 + */ + #pragma once #if defined(__cplusplus) @@ -77,8 +84,8 @@ typedef struct { EURYDICE_SLICE((t *)x, 0, r) #define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) \ EURYDICE_SLICE((t *)x, r, size) -#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) \ +#define Eurydice_slice_len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) +#define Eurydice_slice_copy(dst, src, t, _ret_t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) @@ -86,21 +93,21 @@ typedef struct { #define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ len, src, dst, elem_type, _ret_t) \ (memcpy(dst, src, len * sizeof(elem_type))) -#define core_array_TryFromSliceError uint8_t +#define TryFromSliceError uint8_t #define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ Eurydice_array_eq -#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ +#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ +#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ .len = slice.len - mid}}) // Conversion of slice to an array, rewritten (by Eurydice) to name the @@ -153,9 +160,8 @@ static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ (((iter_ptr)->start == (iter_ptr)->end) \ - ? (CLITERAL(ret_t){.tag = core_option_None}) \ - : (CLITERAL(ret_t){.tag = core_option_Some, \ - .f0 = (iter_ptr)->start++})) + ? (CLITERAL(ret_t){.tag = None}) \ + : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++})) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ Eurydice_range_iter_next diff --git a/libcrux-ml-kem/cg/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/cg/intrinsics/libcrux_intrinsics_avx2.h index dd7f4d9c3..b51a17c1d 100644 --- a/libcrux-ml-kem/cg/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-ml-kem/cg/intrinsics/libcrux_intrinsics_avx2.h @@ -1,9 +1,7 @@ /* - This file was generated by KaRaMeL - KaRaMeL invocation: - /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc F* version: KaRaMeL - version: + * SPDX-FileCopyrightText: 2024 Cryspen Sarl + * + * SPDX-License-Identifier: Apache-2.0 */ #ifndef __libcrux_intrinsics_avx2_H diff --git a/libcrux-ml-kem/cg/karamel/target.h b/libcrux-ml-kem/cg/karamel/target.h index 1c90a9bbb..a315a8e0d 100644 --- a/libcrux-ml-kem/cg/karamel/target.h +++ b/libcrux-ml-kem/cg/karamel/target.h @@ -1,5 +1,11 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + * Licensed under the Apache 2.0 License. + * + * SPDX-FileCopyrightText: 2024 INRIA and Microsoft Corporation + * SPDX-FileCopyrightText: 2024 Cryspen Sarl + * + * SPDX-License-Identifier: Apache-2.0 + */ #ifndef __KRML_TARGET_H #define __KRML_TARGET_H diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 07f561d00..a8c471574 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_core_H @@ -30,20 +30,20 @@ typedef struct core_ops_range_Range_b3_s { size_t end; } core_ops_range_Range_b3; -#define core_option_None 0 -#define core_option_Some 1 +#define None 0 +#define Some 1 -typedef uint8_t core_option_Option_ef_tags; +typedef uint8_t Option_ef_tags; /** A monomorphic instance of core.option.Option with types size_t */ -typedef struct core_option_Option_b3_s { - core_option_Option_ef_tags tag; +typedef struct Option_b3_s { + Option_ef_tags tag; size_t f0; -} core_option_Option_b3; +} Option_b3; static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x0, uint16_t x1); @@ -78,23 +78,23 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t snd[1184U]; } libcrux_ml_kem_utils_extraction_helper_Keypair768; -#define core_result_Ok 0 -#define core_result_Err 1 +#define Ok 0 +#define Err 1 -typedef uint8_t core_result_Result_6f_tags; +typedef uint8_t Result_6f_tags; /** A monomorphic instance of core.result.Result with types uint8_t[24size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_6f_s { - core_result_Result_6f_tags tag; +typedef struct Result_6f_s { + Result_6f_tags tag; union { uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; + TryFromSliceError case_Err; } val; -} core_result_Result_6f; +} Result_6f; /** This function found in impl {core::result::Result} @@ -104,9 +104,8 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_1c(core_result_Result_6f self, - uint8_t ret[24U]) { - if (self.tag == core_result_Ok) { +static inline void unwrap_41_1c(Result_6f self, uint8_t ret[24U]) { + if (self.tag == Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); @@ -122,13 +121,13 @@ A monomorphic instance of core.result.Result with types uint8_t[20size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_7a_s { - core_result_Result_6f_tags tag; +typedef struct Result_7a_s { + Result_6f_tags tag; union { uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; + TryFromSliceError case_Err; } val; -} core_result_Result_7a; +} Result_7a; /** This function found in impl {core::result::Result} @@ -138,9 +137,8 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_34(core_result_Result_7a self, - uint8_t ret[20U]) { - if (self.tag == core_result_Ok) { +static inline void unwrap_41_34(Result_7a self, uint8_t ret[20U]) { + if (self.tag == Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); @@ -156,13 +154,13 @@ A monomorphic instance of core.result.Result with types uint8_t[10size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_cd_s { - core_result_Result_6f_tags tag; +typedef struct Result_cd_s { + Result_6f_tags tag; union { uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; + TryFromSliceError case_Err; } val; -} core_result_Result_cd; +} Result_cd; /** This function found in impl {core::result::Result} @@ -172,9 +170,8 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_e8(core_result_Result_cd self, - uint8_t ret[10U]) { - if (self.tag == core_result_Ok) { +static inline void unwrap_41_e8(Result_cd self, uint8_t ret[10U]) { + if (self.tag == Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); @@ -204,10 +201,10 @@ A monomorphic instance of core.option.Option with types libcrux_ml_kem_types_MlKemPublicKey[[$1184size_t]] */ -typedef struct core_option_Option_92_s { - core_option_Option_ef_tags tag; +typedef struct Option_92_s { + Option_ef_tags tag; libcrux_ml_kem_types_MlKemPublicKey_15 f0; -} core_option_Option_92; +} Option_92; typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { uint8_t value[1088U]; @@ -224,26 +221,27 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_8a( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_77( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPublicKey)#15} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_c7 with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_b6_4c(uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); +libcrux_ml_kem_types_from_c7_14(uint8_t *value) { libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); + uint8_t ret[1184U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)1184U, value, ret, uint8_t, void *); + memcpy(lit.value, ret, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -275,27 +273,28 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_c9(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_17_d5(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_22 with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_05_a7(uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); +libcrux_ml_kem_types_from_22_a7(uint8_t *value) { libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); + uint8_t ret[2400U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)2400U, value, ret, uint8_t, void *); + memcpy(lit.value, ret, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -320,11 +319,12 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_f5(uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); +libcrux_ml_kem_types_from_01_9c(uint8_t value[1088U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1088U]; + memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); return lit; } @@ -339,7 +339,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( +static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_c2( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -356,11 +356,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } @@ -370,13 +369,13 @@ A monomorphic instance of core.result.Result with types uint8_t[32size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_00_s { - core_result_Result_6f_tags tag; +typedef struct Result_00_s { + Result_6f_tags tag; union { uint8_t case_Ok[32U]; - core_array_TryFromSliceError case_Err; + TryFromSliceError case_Err; } val; -} core_result_Result_00; +} Result_00; /** This function found in impl {core::result::Result} @@ -386,9 +385,8 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_83(core_result_Result_00 self, - uint8_t ret[32U]) { - if (self.tag == core_result_Ok) { +static inline void unwrap_41_83(Result_00 self, uint8_t ret[32U]) { + if (self.tag == Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); memcpy(ret, f0, (size_t)32U * sizeof(uint8_t)); @@ -411,11 +409,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } @@ -429,7 +426,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_47( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_16( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); @@ -447,11 +444,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } @@ -468,11 +464,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } @@ -482,13 +477,13 @@ A monomorphic instance of core.result.Result with types int16_t[16size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_c0_s { - core_result_Result_6f_tags tag; +typedef struct Result_c0_s { + Result_6f_tags tag; union { int16_t case_Ok[16U]; - core_array_TryFromSliceError case_Err; + TryFromSliceError case_Err; } val; -} core_result_Result_c0; +} Result_c0; /** This function found in impl {core::result::Result} @@ -498,9 +493,8 @@ A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_f9(core_result_Result_c0 self, - int16_t ret[16U]) { - if (self.tag == core_result_Ok) { +static inline void unwrap_41_f9(Result_c0 self, int16_t ret[16U]) { + if (self.tag == Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); memcpy(ret, f0, (size_t)16U * sizeof(int16_t)); @@ -516,13 +510,13 @@ A monomorphic instance of core.result.Result with types uint8_t[8size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_56_s { - core_result_Result_6f_tags tag; +typedef struct Result_56_s { + Result_6f_tags tag; union { uint8_t case_Ok[8U]; - core_array_TryFromSliceError case_Err; + TryFromSliceError case_Err; } val; -} core_result_Result_56; +} Result_56; /** This function found in impl {core::result::Result} @@ -532,9 +526,8 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_ac(core_result_Result_56 self, - uint8_t ret[8U]) { - if (self.tag == core_result_Ok) { +static inline void unwrap_41_ac(Result_56 self, uint8_t ret[8U]) { + if (self.tag == Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); memcpy(ret, f0, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 63d4774f7..391f9ccc3 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_ct_ops_H @@ -46,8 +46,8 @@ libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) { static inline uint8_t libcrux_ml_kem_constant_time_ops_compare( Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(lhs, uint8_t, size_t); i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t, size_t); + i++) { size_t i0 = i; r = (uint32_t)r | ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) ^ diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 09cb085ac..ef1d49a0d 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem768_avx2_H @@ -733,13 +733,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), combined0); uint8_t ret0[8U]; - core_result_Result_56 dst; + Result_56 dst; Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, ret0); + unwrap_41_ac(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -852,13 +852,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( Eurydice_slice), upper_8); uint8_t ret0[10U]; - core_result_Result_cd dst; + Result_cd dst; Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[10U], void *); - core_result_unwrap_41_e8(dst, ret0); + unwrap_41_e8(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -967,13 +967,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( Eurydice_slice), upper_8); uint8_t ret0[20U]; - core_result_Result_7a dst; + Result_7a dst; Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[20U], void *); - core_result_unwrap_41_34(dst, ret0); + unwrap_41_34(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1117,13 +1117,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( Eurydice_slice), upper_8); uint8_t ret0[24U]; - core_result_Result_6f dst; + Result_6f dst; Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[24U], void *); - core_result_unwrap_41_1c(dst, ret0); + unwrap_41_1c(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1291,7 +1291,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_70(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_60(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } @@ -1303,14 +1303,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_3e( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ef( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, @@ -1330,7 +1328,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_40( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_5c( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -1338,7 +1336,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_40( secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -1348,7 +1346,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_40( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_3e( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ef( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1377,7 +1375,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_11(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_bd(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } @@ -1389,7 +1387,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1441,9 +1439,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_49( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac( vector); } @@ -1455,21 +1453,19 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_0e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, Eurydice_slice); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_49( coefficient); } return re; @@ -1483,7 +1479,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac0( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1535,9 +1531,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_490( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac0( vector); } @@ -1549,21 +1545,19 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_ae( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_9f( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, Eurydice_slice); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_490( coefficient); } return re; @@ -1577,9 +1571,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_05( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_0e(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1742,7 +1736,7 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_09( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_98( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U, @@ -1773,7 +1767,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_bb( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -1781,10 +1775,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35( u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1088U, ciphertext, + uint8_t, Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -1799,9 +1792,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_05( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_09(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_98(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1816,7 +1809,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac1( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1868,9 +1861,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_491( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac1( vector); } @@ -1882,20 +1875,19 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_00( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_c0( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, Eurydice_slice); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_491( coefficient); } return re; @@ -1909,7 +1901,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac2( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1961,9 +1953,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df2( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_492( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac2( vector); } @@ -1975,21 +1967,19 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_aa( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_38( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, Eurydice_slice); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df2( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_492( re.coefficients[i0]); } return re; @@ -2003,9 +1993,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8a( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_00(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_c0(serialized); } /** @@ -2091,7 +2081,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, Eurydice_slice), __m256i, size_t); @@ -2109,7 +2099,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_04( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2136,7 +2126,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_18( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2159,7 +2149,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_94( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2180,7 +2170,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_34(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); @@ -2199,7 +2189,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2214,7 +2204,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_34( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2232,20 +2222,20 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_04(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_18(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_94(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)7U); libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); } @@ -2262,7 +2252,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_89_56( +libcrux_ml_kem_polynomial_subtract_reduce_89_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2292,7 +2282,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_d0( +libcrux_ml_kem_matrix_compute_message_8d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -2305,8 +2295,8 @@ libcrux_ml_kem_matrix_compute_message_d0( &u_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_56(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_f4(v, result); return result; } @@ -2317,7 +2307,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_84(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2331,9 +2321,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_4e( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_1a( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_84(vector); } /** @@ -2345,7 +2335,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i libcrux_ml_kem_vector_traits_to_unsigned_representative_a4(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_4e(a); + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_1a(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2359,7 +2349,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_4a( +libcrux_ml_kem_serialize_compress_then_serialize_message_79( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2374,7 +2364,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_4a( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -2417,21 +2407,21 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_87( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_bb(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8a( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_d0(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_8d(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_4a(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_79(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2446,22 +2436,23 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_b1(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_3b(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_40(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key_5c(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_87(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2521,7 +2512,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cc( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } @@ -2540,14 +2531,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c5( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, @@ -2574,7 +2563,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f2( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; @@ -2582,7 +2571,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2592,7 +2581,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c5( ring_element); deserialized_pk[i0] = uu____0; } @@ -2663,9 +2652,11 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_ca( uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_4d(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); + return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_4d( + copy_of_input); } /** @@ -2989,17 +2980,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_ca(uu____0); + libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_ca( + copy_of_seeds); uint8_t randomness0[3U][504U]; libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_4d( &xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; @@ -3007,17 +3001,21 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( uint8_t randomness[3U][168U]; libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_5a( &xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_79(uu____3[i]); + ret0[i] = + libcrux_ml_kem_sampling_sample_from_xof_closure_79(copy_of_out[i]); } memcpy( ret, ret0, @@ -3040,23 +3038,25 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j; } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_b0(uu____1, sampled); + libcrux_ml_kem_sampling_sample_from_xof_b0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -3227,8 +3227,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( @@ -3276,8 +3275,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( @@ -3391,11 +3389,12 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; @@ -3412,13 +3411,14 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], Eurydice_slice)); libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -3434,7 +3434,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_8f(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_96(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } @@ -3451,17 +3451,18 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_00(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; @@ -3478,13 +3479,14 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], Eurydice_slice)); error_1[i0] = uu____1; } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -3529,7 +3531,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_ee(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_a3(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } @@ -3544,7 +3546,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_91( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_46( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3569,7 +3571,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -3579,7 +3581,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], @@ -3589,7 +3591,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -3603,8 +3605,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_91(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_46(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3618,7 +3620,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_91(__m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_52(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3633,7 +3635,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_84( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); @@ -3644,7 +3646,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_91(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_52(coefficient_compressed); } return re; } @@ -3661,7 +3663,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_37( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3692,7 +3694,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_71( +libcrux_ml_kem_matrix_compute_ring_element_v_04( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -3706,8 +3708,8 @@ libcrux_ml_kem_matrix_compute_ring_element_v_71( &r_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_37( error_2, message, result); return result; } @@ -3720,7 +3722,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d4( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3775,9 +3777,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_98( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_f4( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d4( vector); } @@ -3789,13 +3791,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_2f( +libcrux_ml_kem_serialize_compress_then_serialize_10_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_98( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_f4( libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re->coefficients[i0])); uint8_t bytes[20U]; @@ -3803,7 +3805,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_2f( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -3819,7 +3821,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d40( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3874,9 +3876,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_980( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_f40( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d40( vector); } @@ -3888,13 +3890,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_d1( +libcrux_ml_kem_serialize_compress_then_serialize_11_63( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_980( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_f40( libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re->coefficients[i0])); uint8_t bytes[22U]; @@ -3902,7 +3904,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_d1( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -3919,10 +3921,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_2f(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_f0(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3939,11 +3941,11 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_55( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -3957,9 +3959,9 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4d(&re, ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -3974,7 +3976,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d41( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4029,9 +4031,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_981( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_f41( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d41( vector); } @@ -4043,18 +4045,18 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_b7( +libcrux_ml_kem_serialize_compress_then_serialize_4_59( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_981( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_f41( libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, Eurydice_slice), @@ -4071,7 +4073,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d42( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4126,9 +4128,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_982( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_f42( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d42( vector); } @@ -4140,18 +4142,18 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_35( +libcrux_ml_kem_serialize_compress_then_serialize_5_73( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_982( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_f42( libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, (size_t)10U * i0 + (size_t)10U, uint8_t, Eurydice_slice), @@ -4169,9 +4171,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_dd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_b7(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_59(re, out); } /** @@ -4233,24 +4235,26 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15( + copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47( - uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_00( + copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -4266,25 +4270,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_00(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_6c(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_serialize_deserialize_then_decompress_message_84( + copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_71( + libcrux_ml_kem_matrix_compute_ring_element_v_04( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_55( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_dd( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -4309,12 +4315,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_fb(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_8e(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f2( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -4325,36 +4331,40 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_fb(Eurydice_slice public_key, libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); libcrux_ml_kem_matrix_sample_matrix_A_a2(ret0, false, A); uint8_t seed_for_A[32U]; - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, randomness, - ret1); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6(uu____3, copy_of_message, + randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -4370,11 +4380,11 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_da( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_41( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -4403,32 +4413,32 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_be( +static inline void libcrux_ml_kem_ind_cca_decapsulate_13( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, Eurydice_slice), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_3b(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -4437,7 +4447,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be( libcrux_ml_kem_hash_functions_avx2_G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4448,28 +4458,29 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_16(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_8e(uu____5, copy_of_decrypted, + pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da( + libcrux_ml_kem_ind_cca_kdf_43_41( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_43_41(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_16(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -4504,10 +4515,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_73( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_ed( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_be(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_13(private_key, ciphertext, ret); } /** @@ -4521,7 +4532,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_73(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_ed(private_key, ciphertext, ret); } @@ -4581,11 +4592,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_6c( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_87( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -4594,7 +4605,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, uint8_t, Eurydice_slice), @@ -4603,7 +4614,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( libcrux_ml_kem_hash_functions_avx2_G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4618,22 +4629,23 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_16(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6( + uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_16(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -4671,10 +4683,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_82( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_4d( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_10(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_6c(key_pair, ciphertext, ret); } /** @@ -4688,7 +4700,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_82( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_4d( private_key, ciphertext, ret); } @@ -4703,10 +4715,10 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_c9( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -4747,11 +4759,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_93( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_c9( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; @@ -4765,10 +4777,10 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -4776,33 +4788,37 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( libcrux_ml_kem_hash_functions_avx2_G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_encrypt_8e(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_41(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4825,13 +4841,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2d( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_93(uu____0, copy_of_randomness); } /** @@ -4846,10 +4863,11 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2d(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_44( + uu____0, copy_of_randomness); } /** @@ -4871,7 +4889,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_09( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4881,7 +4899,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, Eurydice_slice), @@ -4890,7 +4908,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( libcrux_ml_kem_hash_functions_avx2_G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4898,25 +4916,28 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, - ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, + uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4943,14 +4964,16 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_2e( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_dd( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_09(uu____0, + copy_of_randomness); } /** @@ -4967,10 +4990,11 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_2e( - uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_dd( + uu____0, copy_of_randomness); } /** @@ -5058,7 +5082,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], @@ -5068,7 +5092,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -5146,7 +5170,7 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; @@ -5158,21 +5182,23 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15( + copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____3, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -5180,35 +5206,40 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( libcrux_ml_kem_matrix_compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; + unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); } @@ -5235,7 +5266,7 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -5259,7 +5290,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -5274,7 +5305,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( uint8_t, Eurydice_slice); uint8_t ret0[384U]; libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -5303,15 +5334,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d0( (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice_from( + (size_t)1184U, public_key_serialized, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -5342,13 +5372,19 @@ libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { uint8_t secret_key_serialized[1152U]; libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -5371,29 +5407,29 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, + Eurydice_slice), private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, + Eurydice_slice), public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65(public_key, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -5401,13 +5437,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -5433,7 +5468,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_36(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5455,15 +5490,11 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); + libcrux_ml_kem_types_from_22_a7(secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____1 = private_key; + return libcrux_ml_kem_types_from_17_d5( + uu____1, libcrux_ml_kem_types_from_c7_14(public_key)); } /** @@ -5482,11 +5513,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_f5( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_36(copy_of_randomness); } /** @@ -5495,10 +5527,11 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( - uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_f5( + copy_of_randomness); } /** @@ -5516,7 +5549,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_fb(size_t _j) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_1d(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } @@ -5534,7 +5567,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_7b( +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_a2( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); @@ -5553,7 +5586,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_d5_25( +libcrux_ml_kem_polynomial_clone_d5_7c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5577,7 +5610,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5594,14 +5627,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_7b(i, A[i]); + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_a2(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_25(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_7c(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5624,26 +5657,30 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uint8_t randomness[64U]) { Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); + unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -5665,11 +5702,13 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_ed( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_56( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b1( + copy_of_randomness); } /** @@ -5679,10 +5718,11 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_ed( - uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_56( + copy_of_randomness); } /** @@ -5697,7 +5737,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_3e( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_d7( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5708,10 +5748,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_3e( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_8a(ciphertext), + libcrux_ml_kem_types_as_slice_d4_77(ciphertext), uint8_t, Eurydice_slice), ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -5745,32 +5785,32 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_130( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, Eurydice_slice), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_3b(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -5779,7 +5819,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( libcrux_ml_kem_hash_functions_avx2_G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5790,28 +5830,29 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_16(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_8e(uu____5, copy_of_decrypted, + pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e( + libcrux_ml_kem_ind_cca_kdf_6c_d7( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_6c_d7(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_16(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -5847,10 +5888,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_fd( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_e4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_be0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_130(private_key, ciphertext, ret); } /** @@ -5864,7 +5905,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_fd( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_e4( private_key, ciphertext, ret); } @@ -5879,7 +5920,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_13( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_65(randomness, ret); } @@ -5904,11 +5945,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_930( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_13( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; @@ -5922,10 +5963,10 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -5933,33 +5974,37 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( libcrux_ml_kem_hash_functions_avx2_G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_encrypt_8e(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_d7(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -5985,13 +6030,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0f( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_d3( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_930(uu____0, copy_of_randomness); } /** @@ -6006,10 +6052,11 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0f( - uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_d3( + uu____0, copy_of_randomness); } /** @@ -6021,7 +6068,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c00( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cc0( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } @@ -6041,7 +6088,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f20( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; @@ -6049,7 +6096,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6059,7 +6106,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c5( ring_element); deserialized_pk[i0] = uu____0; } @@ -6077,10 +6124,10 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_cf( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_77( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f20( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); @@ -6108,9 +6155,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_35( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_77(public_key); } /** @@ -6119,16 +6166,14 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( Returns `Some(public_key)` if valid, and `None` otherwise. */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_option_Option_92 -libcrux_ml_kem_mlkem768_avx2_validate_public_key( +static inline Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( + Option_92 uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_35( public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); + uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); + uu____0 = (CLITERAL(Option_92){.tag = None}); } return uu____0; } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 3cd6940e7..90c129eb6 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem768_portable_H @@ -134,13 +134,13 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice array) { libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; int16_t ret[16U]; - core_result_Result_c0 dst; + Result_c0 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, Eurydice_slice), Eurydice_slice, int16_t[16U], void *); - core_result_unwrap_41_f9(dst, ret); + unwrap_41_f9(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -1081,10 +1081,10 @@ libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - core_option_Option_b3 uu____0 = + Option_b3 uu____0 = core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3); - if (!(uu____0.tag == core_option_None)) { + &iter, size_t, Option_b3); + if (!(uu____0.tag == None)) { size_t i = uu____0.f0; if (v.elements[i] >= (int16_t)3329) { size_t uu____1 = i; @@ -2372,7 +2372,7 @@ libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { + i < Eurydice_slice_len(a, uint8_t, size_t) / (size_t)3U; i++) { size_t i0 = i; int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, uint8_t, uint8_t *, uint8_t); @@ -2550,7 +2550,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_17(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_77(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } @@ -2561,14 +2561,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_59( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, @@ -2589,7 +2587,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_3e( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -2597,7 +2595,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2607,7 +2605,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_59( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2635,7 +2633,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_34(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_b8(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } @@ -2684,14 +2682,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_5e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, @@ -2751,14 +2747,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_64( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_51( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, @@ -2780,9 +2774,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f4( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_70( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_5e(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2950,7 +2944,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_65( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_48( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U, @@ -2980,7 +2974,7 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0d( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -2988,10 +2982,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1088U, ciphertext, + uint8_t, Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -3006,9 +2999,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f4( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_70( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_65(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_48(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3060,13 +3053,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_f8( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, @@ -3126,14 +3118,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_93( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_5e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, @@ -3155,9 +3145,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f7( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ce( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_f8(serialized); } /** @@ -3243,7 +3233,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3265,7 +3255,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_d1( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3291,7 +3281,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ac( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3313,7 +3303,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_63( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3335,7 +3325,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_6f( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3356,7 +3346,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3371,7 +3361,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_6f( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3388,20 +3378,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_d1(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ac(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_63(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)7U); libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } @@ -3417,7 +3407,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_79( +libcrux_ml_kem_polynomial_subtract_reduce_89_7f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3449,7 +3439,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_b8( +libcrux_ml_kem_matrix_compute_message_5f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -3462,8 +3452,8 @@ libcrux_ml_kem_matrix_compute_message_b8( &u_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_79(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_7f(v, result); return result; } @@ -3522,7 +3512,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_fb( +libcrux_ml_kem_serialize_compress_then_serialize_message_6a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3539,7 +3529,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_fb( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -3581,21 +3571,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_41( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_7d( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0d(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f7( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ce( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_b8(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_5f(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_fb(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_6a(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3609,22 +3599,23 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_39(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_cc(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_29(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key_3e(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_41(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_7d(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3680,7 +3671,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_06( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_ad( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } @@ -3698,14 +3689,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b8( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, @@ -3733,7 +3722,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; @@ -3741,7 +3730,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -3751,7 +3740,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b8( ring_element); deserialized_pk[i0] = uu____0; } @@ -3813,11 +3802,12 @@ libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_75( &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); } - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[3U]; - memcpy(uu____0, shake128_state, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); libcrux_ml_kem_hash_functions_portable_PortableHash_58 lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -3835,10 +3825,11 @@ generics static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_11( uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_75( - uu____0); + copy_of_input); } /** @@ -4141,18 +4132,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_11( - uu____0); + copy_of_seeds); uint8_t randomness0[3U][504U]; libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_4e( &xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; @@ -4160,17 +4153,21 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( uint8_t randomness[3U][168U]; libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_c1( &xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_99(uu____3[i]); + ret0[i] = + libcrux_ml_kem_sampling_sample_from_xof_closure_99(copy_of_out[i]); } memcpy( ret, ret0, @@ -4193,23 +4190,25 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j; } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_2b(uu____1, sampled); + libcrux_ml_kem_sampling_sample_from_xof_2b(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -4362,8 +4361,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( @@ -4410,8 +4408,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( @@ -4524,11 +4521,12 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; @@ -4545,13 +4543,14 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], Eurydice_slice)); libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -4567,7 +4566,7 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_da(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_de(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } @@ -4584,17 +4583,18 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_76(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; @@ -4611,13 +4611,14 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], Eurydice_slice)); error_1[i0] = uu____1; } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -4659,7 +4660,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_79(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_ce(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } @@ -4673,7 +4674,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_08( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_6b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4700,7 +4701,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -4710,7 +4711,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], @@ -4720,7 +4721,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -4734,8 +4735,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_08(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_6b(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4749,7 +4750,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_89( +libcrux_ml_kem_vector_traits_decompress_1_f3( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4764,7 +4765,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_a7( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); @@ -4777,7 +4778,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_89(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_f3(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4794,7 +4795,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_4e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4827,7 +4828,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_1f( +libcrux_ml_kem_matrix_compute_ring_element_v_9d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4841,8 +4842,8 @@ libcrux_ml_kem_matrix_compute_ring_element_v_1f( &r_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_4e( error_2, message, result); return result; } @@ -4888,7 +4889,7 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_3b( +libcrux_ml_kem_serialize_compress_then_serialize_10_19( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -4903,7 +4904,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_3b( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -4952,7 +4953,7 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_e1( +libcrux_ml_kem_serialize_compress_then_serialize_11_56( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -4967,7 +4968,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_e1( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -4983,10 +4984,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_97( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_3b(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_19(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -5002,11 +5003,11 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -5020,9 +5021,9 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_97(&re, ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -5070,7 +5071,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_e5( +libcrux_ml_kem_serialize_compress_then_serialize_4_07( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -5082,7 +5083,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_e5( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, Eurydice_slice), @@ -5132,7 +5133,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_a3( +libcrux_ml_kem_serialize_compress_then_serialize_5_00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -5144,7 +5145,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_a3( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, (size_t)10U * i0 + (size_t)10U, uint8_t, Eurydice_slice), @@ -5161,9 +5162,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_e5(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_07(re, out); } /** @@ -5225,24 +5226,26 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_61( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7( + copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c( - uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_76( + copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -5258,25 +5261,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_a1(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_a7(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6(uu____4); + libcrux_ml_kem_serialize_deserialize_then_decompress_message_a7( + copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_1f( + libcrux_ml_kem_matrix_compute_ring_element_v_9d( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3d( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_a0( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -5301,12 +5306,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_12(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -5317,36 +5322,40 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); libcrux_ml_kem_matrix_sample_matrix_A_23(ret0, false, A); uint8_t seed_for_A[32U]; - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[3U][3U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, randomness, - ret1); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_61(uu____3, copy_of_message, + randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -5361,11 +5370,11 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_cc( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_0a( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -5393,32 +5402,32 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_88( +static inline void libcrux_ml_kem_ind_cca_decapsulate_5a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, Eurydice_slice), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_39(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_cc(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -5427,7 +5436,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5438,28 +5447,29 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_16(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_12(uu____5, copy_of_decrypted, + pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc( + libcrux_ml_kem_ind_cca_kdf_43_0a( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_43_0a(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_16(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -5494,10 +5504,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_88(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_5a(private_key, ciphertext, ret); } /** @@ -5510,7 +5520,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8e( private_key, ciphertext, ret); } @@ -5570,11 +5580,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_89( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_41( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_7d( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -5583,7 +5593,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, uint8_t, Eurydice_slice), @@ -5592,7 +5602,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5607,22 +5617,23 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_16(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_61( + uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_16(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -5659,10 +5670,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4a( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_05(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_89(key_pair, ciphertext, ret); } /** @@ -5675,7 +5686,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4a( private_key, ciphertext, ret); } @@ -5689,10 +5700,10 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ad( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_d4( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -5731,11 +5742,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_78( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_ad( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_d4( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; @@ -5749,10 +5760,10 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -5760,33 +5771,37 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_encrypt_12(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_0a(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -5808,13 +5823,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_67( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_2d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_78(uu____0, copy_of_randomness); } /** @@ -5828,10 +5844,11 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_67(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_2d( + uu____0, copy_of_randomness); } /** @@ -5853,7 +5870,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_d6( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5863,7 +5880,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, Eurydice_slice), @@ -5872,7 +5889,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5880,25 +5897,28 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, - ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_61(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, + uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -5924,14 +5944,16 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_65( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_69( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_57(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_d6(uu____0, + copy_of_randomness); } /** @@ -5947,10 +5969,11 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_65( - uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_69( + uu____0, copy_of_randomness); } /** @@ -6038,7 +6061,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], @@ -6048,7 +6071,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -6126,7 +6149,7 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; @@ -6138,21 +6161,23 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7( + copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____3, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6160,35 +6185,40 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( libcrux_ml_kem_matrix_compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[3U]; + unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); } @@ -6214,7 +6244,7 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6237,7 +6267,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -6252,7 +6282,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( uint8_t, Eurydice_slice); uint8_t ret0[384U]; libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6(&re, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6280,15 +6310,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_80( (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice_from( + (size_t)1184U, public_key_serialized, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -6319,13 +6348,19 @@ libcrux_ml_kem_ind_cpa_generate_keypair_ec(Eurydice_slice key_generation_seed) { uint8_t secret_key_serialized[1152U]; libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -6347,29 +6382,29 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, + Eurydice_slice), private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, + Eurydice_slice), public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e(public_key, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6377,13 +6412,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -6409,7 +6443,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d7(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6431,15 +6465,11 @@ libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); + libcrux_ml_kem_types_from_22_a7(secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____1 = private_key; + return libcrux_ml_kem_types_from_17_d5( + uu____1, libcrux_ml_kem_types_from_c7_14(public_key)); } /** @@ -6458,11 +6488,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_45( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_d7(copy_of_randomness); } /** @@ -6470,10 +6501,11 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( - uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_45( + copy_of_randomness); } /** @@ -6491,7 +6523,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_34(size_t _j) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_24(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } @@ -6509,7 +6541,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_48( +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_e6( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); @@ -6527,7 +6559,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_d5_5e( +libcrux_ml_kem_polynomial_clone_d5_88( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6554,7 +6586,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_89(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6571,14 +6603,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_48(i, A[i]); + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_e6(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_5e(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_88(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6601,26 +6633,30 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); + unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6641,11 +6677,13 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_59( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_89( + copy_of_randomness); } /** @@ -6654,10 +6692,11 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( - uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_59( + copy_of_randomness); } /** @@ -6671,7 +6710,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_72( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_cd( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -6682,10 +6721,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_72( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_8a(ciphertext), + libcrux_ml_kem_types_as_slice_d4_77(ciphertext), uint8_t, Eurydice_slice), ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6718,32 +6757,32 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_880( +static inline void libcrux_ml_kem_ind_cca_decapsulate_5a0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, Eurydice_slice), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_39(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_cc(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -6752,7 +6791,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6763,28 +6802,29 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_16(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_12(uu____5, copy_of_decrypted, + pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72( + libcrux_ml_kem_ind_cca_kdf_6c_cd( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_6c_cd(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_16(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -6820,10 +6860,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_e6( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_880(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_5a0(private_key, ciphertext, ret); } /** @@ -6836,7 +6876,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_e6( private_key, ciphertext, ret); } @@ -6850,7 +6890,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_2e(randomness, ret); } @@ -6874,11 +6914,11 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_780( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f0( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; @@ -6892,10 +6932,10 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6903,33 +6943,37 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_encrypt_12(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_cd(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6955,13 +6999,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_a7( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_64( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_780(uu____0, copy_of_randomness); } /** @@ -6975,10 +7020,11 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_a7( - uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_64( + uu____0, copy_of_randomness); } /** @@ -6989,7 +7035,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_060( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_ad0( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } @@ -7008,7 +7054,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; @@ -7016,7 +7062,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7026,7 +7072,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b8( ring_element); deserialized_pk[i0] = uu____0; } @@ -7043,10 +7089,10 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_35( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_3f( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); @@ -7073,9 +7119,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_24( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_3f(public_key); } /** @@ -7083,16 +7129,14 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( Returns `Some(public_key)` if valid, and `None` otherwise. */ -static inline core_option_Option_92 -libcrux_ml_kem_mlkem768_portable_validate_public_key( +static inline Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( + Option_92 uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_24( public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); + uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); + uu____0 = (CLITERAL(Option_92){.tag = None}); } return uu____0; } diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index d3a29b153..1f7c19dfa 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_sha3_avx2_H @@ -148,10 +148,11 @@ usize> for core::core_arch::x86::__m256i)} KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_n_ef( Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[4U]; + memcpy(copy_of_a, a, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret0[4U]; - libcrux_sha3_simd_avx2_slice_4(uu____0, start, len, ret0); + libcrux_sha3_simd_avx2_slice_4(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); } @@ -162,19 +163,19 @@ libcrux_sha3_simd_avx2_split_at_mut_4(Eurydice_slice out[4U], size_t mid) { Eurydice_slice out1 = out[1U]; Eurydice_slice out2 = out[2U]; Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at_mut( out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out10 = uu____1.fst; Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at_mut( out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out20 = uu____2.fst; Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at_mut( out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out30 = uu____3.fst; Eurydice_slice out31 = uu____3.snd; @@ -320,28 +321,28 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( uint8_t u8s[32U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____1 = Eurydice_array_to_subslice2( u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____1, Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____2 = Eurydice_array_to_subslice2( u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____2, Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____3 = Eurydice_array_to_subslice2( u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____3, Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), @@ -356,28 +357,28 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( uint8_t u8s0[32U] = {0U}; Eurydice_slice uu____4 = Eurydice_array_to_subslice2( u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____4, Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____5 = Eurydice_array_to_subslice2( u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____5, Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____7 = Eurydice_array_to_subslice2( u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____7, Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), @@ -406,9 +407,10 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( __m256i (*a)[5U], Eurydice_slice b[4U]) { __m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_c7(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[4U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_avx2_load_block_c7(uu____0, copy_of_b); } /** @@ -1660,9 +1662,10 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( __m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_91(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_91(uu____0, copy_of_b); } /** @@ -1676,15 +1679,14 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[4U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -1769,32 +1771,28 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( s[i0][j0]); Eurydice_slice uu____0 = Eurydice_slice_subslice2( out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____1 = Eurydice_slice_subslice2( out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____2 = Eurydice_slice_subslice2( out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____3 = Eurydice_slice_subslice2( out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, + uint8_t, Eurydice_slice), + uint8_t, void *); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -1807,7 +1805,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( Eurydice_slice uu____4 = Eurydice_slice_subslice2(out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____4, Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice), @@ -1815,7 +1813,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( Eurydice_slice uu____5 = Eurydice_slice_subslice2(out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____5, Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice), @@ -1823,7 +1821,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( Eurydice_slice uu____6 = Eurydice_slice_subslice2(out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice), @@ -1831,7 +1829,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( Eurydice_slice uu____7 = Eurydice_slice_subslice2(out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____7, Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice), @@ -1857,17 +1855,20 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; libcrux_sha3_simd_avx2_store_block_e9(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____2[200U]; - memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out0[200U]; + memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out1[200U]; + memcpy(copy_of_out1, out1, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out2[200U]; + memcpy(copy_of_out2, out2, (size_t)200U * sizeof(uint8_t)); uint8_t uu____3[200U]; memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], copy_of_out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], copy_of_out2, (size_t)200U * sizeof(uint8_t)); memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); } @@ -1905,8 +1906,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_a4( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1975,8 +1976,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_77( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1998,28 +1999,28 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( libcrux_sha3_generic_keccak_KeccakState_29 s = libcrux_sha3_generic_keccak_new_1e_16(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - libcrux_sha3_simd_avx2_slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, - ret); + libcrux_sha3_simd_avx2_slice_n_ef(copy_of_data, i0 * (size_t)136U, + (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_37(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2039,8 +2040,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_4size_t__x2 uu____5 = @@ -2149,28 +2150,28 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( uint8_t u8s[32U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____1 = Eurydice_array_to_subslice2( u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____1, Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____2 = Eurydice_array_to_subslice2( u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____2, Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____3 = Eurydice_array_to_subslice2( u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____3, Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), @@ -2185,28 +2186,28 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( uint8_t u8s0[32U] = {0U}; Eurydice_slice uu____4 = Eurydice_array_to_subslice2( u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____4, Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____5 = Eurydice_array_to_subslice2( u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____5, Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____7 = Eurydice_array_to_subslice2( u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____7, Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), @@ -2254,9 +2255,10 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( __m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_910(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_910(uu____0, copy_of_b); } /** @@ -2270,15 +2272,14 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[4U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -2375,32 +2376,28 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( s[i0][j0]); Eurydice_slice uu____0 = Eurydice_slice_subslice2( out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____1 = Eurydice_slice_subslice2( out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____2 = Eurydice_slice_subslice2( out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____3 = Eurydice_slice_subslice2( out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, + uint8_t, Eurydice_slice), + uint8_t, void *); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -2413,7 +2410,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( Eurydice_slice uu____4 = Eurydice_slice_subslice2(out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____4, Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice), @@ -2421,7 +2418,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( Eurydice_slice uu____5 = Eurydice_slice_subslice2(out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____5, Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice), @@ -2429,7 +2426,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( Eurydice_slice uu____6 = Eurydice_slice_subslice2(out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice), @@ -2437,7 +2434,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( Eurydice_slice uu____7 = Eurydice_slice_subslice2(out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____7, Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice), diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 16738841a..68c9b12fa 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_sha3_portable_H @@ -147,17 +147,18 @@ usize> for u64)} */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[1U]; + memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); + libcrux_sha3_portable_keccak_slice_1(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); } static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2 libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out[0U], mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; @@ -241,14 +242,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + Result_56 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); + unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -268,9 +269,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); } /** @@ -1392,9 +1394,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); } /** @@ -1407,15 +1410,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -1443,7 +1445,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -1461,9 +1463,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_58(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -1498,8 +1501,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1564,8 +1567,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1586,28 +1589,28 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { @@ -1627,8 +1630,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = @@ -1655,9 +1658,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); } /** @@ -1680,14 +1684,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + Result_56 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); + unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1707,9 +1711,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); } /** @@ -1752,9 +1757,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); } /** @@ -1767,15 +1773,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -1803,7 +1808,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -1821,9 +1826,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_580(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -1859,8 +1865,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1925,8 +1931,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1947,28 +1953,28 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -1988,8 +1994,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = @@ -2016,9 +2022,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); } /** @@ -2041,15 +2048,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -2076,28 +2082,28 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2117,8 +2123,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = @@ -2145,9 +2151,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); } /** @@ -2267,14 +2274,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + Result_56 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); + unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2306,9 +2313,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); } /** @@ -2321,15 +2329,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -2367,7 +2374,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -2508,14 +2515,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + Result_56 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); + unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2535,9 +2542,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); } /** @@ -2580,9 +2588,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); } /** @@ -2595,15 +2604,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -2631,7 +2639,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -2649,9 +2657,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_582(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2687,8 +2696,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -2753,8 +2762,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -2775,28 +2784,28 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { @@ -2816,8 +2825,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = @@ -2844,9 +2853,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); } /** @@ -2869,14 +2879,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + Result_56 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); + unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2896,9 +2906,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); } /** @@ -2941,9 +2952,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); } /** @@ -2956,15 +2968,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -2992,7 +3003,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -3010,9 +3021,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_583(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -3048,8 +3060,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -3114,8 +3126,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -3136,28 +3148,28 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { @@ -3177,8 +3189,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = @@ -3205,9 +3217,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); } /** @@ -3311,9 +3324,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); } /** @@ -3343,9 +3357,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_581(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -3381,8 +3396,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -3408,8 +3423,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -3430,28 +3445,28 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { @@ -3471,8 +3486,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = @@ -3499,9 +3514,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); } /** diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 7127c1704..4137cab1d 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -1,7 +1,8 @@ use crate::{ constant_time_ops::{ - compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, + compare_ciphertexts_in_constant_time, compare_ciphertexts_select_shared_secret_in_constant_time, + select_shared_secret_in_constant_time, }, constants::{CPA_PKE_KEY_GENERATION_SEED_SIZE, H_DIGEST_SIZE, SHARED_SECRET_SIZE}, hash_functions::Hash, @@ -140,9 +141,9 @@ fn generate_keypair< implicit_rejection_value, ); let private_key: MlKemPrivateKey = - MlKemPrivateKey::from(secret_key_serialized); + MlKemPrivateKey::from(&secret_key_serialized); - MlKemKeyPair::from(private_key, MlKemPublicKey::from(public_key)) + MlKemKeyPair::from(private_key, MlKemPublicKey::from(&public_key)) } fn encapsulate< From 05f346c50828a5c9425969ade7ed12fb62020453 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 14 Aug 2024 10:44:42 -0700 Subject: [PATCH 060/172] More code quality --- libcrux-ml-kem/c/code_gen.txt | 10 +- libcrux-ml-kem/c/eurydice_glue.h | 37 +- libcrux-ml-kem/c/internal/libcrux_core.h | 94 +- .../c/internal/libcrux_mlkem_avx2.h | 52 +- .../c/internal/libcrux_mlkem_portable.h | 52 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 10 +- .../c/internal/libcrux_sha3_internal.h | 10 +- libcrux-ml-kem/c/libcrux_core.c | 197 +- libcrux-ml-kem/c/libcrux_core.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 52 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 52 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 52 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 56 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 52 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 52 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2233 +++++++-------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 16 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2537 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 10 +- libcrux-ml-kem/c/libcrux_sha3.h | 26 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 536 ++-- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 265 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 10 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 10 +- 36 files changed, 2928 insertions(+), 3623 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index ba5d875e5..2546e250a 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 -Eurydice: 99662476dd28a9804b424c103638a01c38192491 -Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b -F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 +Charon: 8de6020c10a3520a56fbf849176f8218e62435cf +Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 +Karamel: 98e5d604741a886e20a526f6673077a15e23cead +F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 +Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index a67112e4d..a97683fa6 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -54,33 +54,33 @@ typedef struct { // which is NOT correct C syntax, so we add a dedicated phase in Eurydice that // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. -#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _, _ret_t) \ +#define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _) \ EURYDICE_SLICE((t *)s.ptr, r.start, r.end) // Variant for when the start and end indices are statically known (i.e., the // range argument `r` is a literal). -#define Eurydice_slice_subslice2(s, start, end, t, _) \ +#define Eurydice_slice_subslice2(s, start, end, t) \ EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) \ +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) \ +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t, _ret_t) \ - EURYDICE_SLICE(x, 0, \ +#define Eurydice_array_to_slice(end, x, t) \ + EURYDICE_SLICE(x, 0, \ end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) \ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ EURYDICE_SLICE((t *)x, r.start, r.end) // Same as above, variant for when start and end are statically known -#define Eurydice_array_to_subslice2(x, start, end, t, _ret_t) \ +#define Eurydice_array_to_subslice2(x, start, end, t) \ EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) \ +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) \ +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t, _ret_t) \ +#define Eurydice_array_repeat(dst, len, init, t) \ ERROR "should've been desugared" -#define Eurydice_slice_len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define Eurydice_slice_copy(dst, src, t, _ret_t) \ +#define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) +#define Eurydice_slice_copy(dst, src, t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) @@ -90,10 +90,11 @@ typedef struct { (memcpy(dst, src, len * sizeof(elem_type))) #define core_array_TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) \ +#define Eurydice_array_eq(sz, a1, a2, t, _) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ - Eurydice_array_eq +#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ + sz, a1, a2, t, _, _ret_t) \ + Eurydice_array_eq(sz, a1, a2, t, _) #define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ (CLITERAL(ret_t){ \ @@ -108,7 +109,7 @@ typedef struct { // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. // N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) \ +#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index da8519687..6c5e73354 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __internal_libcrux_core_H @@ -67,16 +67,16 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { } libcrux_ml_kem_utils_extraction_helper_Keypair768; /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPublicKey)#15} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_c7 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_c7_141( + uint8_t *value); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -91,21 +91,21 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_d51( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_22 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( - uint8_t value[3168U]); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_22_a71( + uint8_t *value); /** This function found in impl {(core::convert::From<@Array> for @@ -116,7 +116,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_9c1( uint8_t value[1568U]); /** @@ -130,7 +130,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( +uint8_t *libcrux_ml_kem_types_as_slice_cb_c21( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -142,7 +142,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_751( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -157,16 +157,16 @@ void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, uint8_t ret[1600U]); /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPublicKey)#15} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_c7 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( - uint8_t value[1184U]); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_c7_140( + uint8_t *value); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -181,21 +181,21 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_d50( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_22 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( - uint8_t value[2400U]); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_22_a70( + uint8_t *value); /** This function found in impl {(core::convert::From<@Array> for @@ -206,7 +206,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_9c0( uint8_t value[1088U]); /** @@ -220,7 +220,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( +uint8_t *libcrux_ml_kem_types_as_slice_cb_c20( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -232,7 +232,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_750( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -247,16 +247,16 @@ void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, uint8_t ret[1120U]); /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPublicKey)#15} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_c7 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( - uint8_t value[800U]); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_c7_14( + uint8_t *value); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -271,21 +271,21 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_d5( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_22 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( - uint8_t value[1632U]); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_22_a7( + uint8_t *value); /** This function found in impl {(core::convert::From<@Array> for @@ -296,7 +296,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_9c( uint8_t value[768U]); /** @@ -310,7 +310,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( +uint8_t *libcrux_ml_kem_types_as_slice_cb_c2( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -367,7 +367,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_75( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 61e13adf5..ff66f1ce5 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -32,7 +32,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_771(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -47,7 +47,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c01(uint8_t randomness[64U]); /** Packed API @@ -70,7 +70,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_361(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -90,7 +90,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -113,7 +113,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_931( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -138,7 +138,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -164,7 +164,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_c41( +void libcrux_ml_kem_ind_cca_decapsulate_ff1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -176,7 +176,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_770(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -191,7 +191,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c00(uint8_t randomness[64U]); /** Packed API @@ -214,7 +214,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_360(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -234,7 +234,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_930( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -282,7 +282,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -308,7 +308,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_c40( +void libcrux_ml_kem_ind_cca_decapsulate_ff0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -320,7 +320,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_77(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -335,7 +335,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c0(uint8_t randomness[64U]); /** Packed API @@ -357,7 +357,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_36( uint8_t randomness[64U]); /** @@ -378,7 +378,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -401,7 +401,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_93( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -426,7 +426,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -452,7 +452,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_c4( +void libcrux_ml_kem_ind_cca_decapsulate_ff( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 8bb1670f5..261c9cea8 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_3f1(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -53,7 +53,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_371(uint8_t randomness[64U]); /** Packed API @@ -77,7 +77,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_d71(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -98,7 +98,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_081( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -121,7 +121,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_781( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -147,7 +147,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -173,7 +173,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f1( +void libcrux_ml_kem_ind_cca_decapsulate_b01( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -185,7 +185,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_3f0(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -201,7 +201,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_370(uint8_t randomness[64U]); /** Packed API @@ -225,7 +225,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_d70(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -246,7 +246,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_080( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -269,7 +269,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_780( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -295,7 +295,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f0( +void libcrux_ml_kem_ind_cca_decapsulate_b00( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -333,7 +333,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_3f(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -349,7 +349,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_37(uint8_t randomness[64U]); /** Packed API @@ -373,7 +373,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_d7(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -394,7 +394,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_08( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -417,7 +417,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_78( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -443,7 +443,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -469,7 +469,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f( +void libcrux_ml_kem_ind_cca_decapsulate_b0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index a21a1ea77..16e9fbe30 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index d241665d9..c4b5afc89 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 04876b464..f914d4cb2 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "internal/libcrux_core.h" @@ -34,12 +34,11 @@ static KRML_NOINLINE uint8_t is_non_zero(uint8_t value) { return inz(value); } */ static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t, size_t); - i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) { size_t i0 = i; r = (uint32_t)r | - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); } return is_non_zero(r); } @@ -61,11 +60,10 @@ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) { size_t i0 = i; - out[i0] = - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)mask) | - ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)~mask); + out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & + (uint32_t)mask) | + ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & + (uint32_t)~mask); } memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -90,21 +88,21 @@ void libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_i } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPublicKey)#15} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_c7 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( - uint8_t value[1568U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1568U]; - memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_c7_141( + uint8_t *value) { libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); + uint8_t ret[1568U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)1568U, value, ret, uint8_t, void *); + memcpy(lit.value, ret, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -121,7 +119,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_d51( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -129,21 +127,21 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_22 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( - uint8_t value[3168U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[3168U]; - memcpy(copy_of_value, value, (size_t)3168U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_22_a71( + uint8_t *value) { libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, copy_of_value, (size_t)3168U * sizeof(uint8_t)); + uint8_t ret[3168U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3168U, value, ret, uint8_t, void *); + memcpy(lit.value, ret, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -156,7 +154,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_9c1( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -177,7 +175,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( +uint8_t *libcrux_ml_kem_types_as_slice_cb_c21( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -191,10 +189,9 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_751( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } /** @@ -211,28 +208,27 @@ void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPublicKey)#15} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_c7 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( - uint8_t value[1184U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1184U]; - memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_c7_140( + uint8_t *value) { libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); + uint8_t ret[1184U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)1184U, value, ret, uint8_t, void *); + memcpy(lit.value, ret, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -249,7 +245,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_d50( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -257,21 +253,21 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_22 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( - uint8_t value[2400U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[2400U]; - memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_22_a70( + uint8_t *value) { libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); + uint8_t ret[2400U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)2400U, value, ret, uint8_t, void *); + memcpy(lit.value, ret, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -284,7 +280,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_9c0( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -305,7 +301,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( +uint8_t *libcrux_ml_kem_types_as_slice_cb_c20( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -319,10 +315,9 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_750( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } /** @@ -339,28 +334,27 @@ void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPublicKey)#15} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_c7 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( - uint8_t value[800U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[800U]; - memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_c7_14( + uint8_t *value) { libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); + uint8_t ret[800U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)800U, value, ret, uint8_t, void *); + memcpy(lit.value, ret, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -377,28 +371,28 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_d5( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_22 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( - uint8_t value[1632U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1632U]; - memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_22_a7( + uint8_t *value) { libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t)); + uint8_t ret[1632U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)1632U, value, ret, uint8_t, void *); + memcpy(lit.value, ret, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -411,7 +405,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_9c( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -432,7 +426,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( +uint8_t *libcrux_ml_kem_types_as_slice_cb_c2( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -451,9 +445,8 @@ void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } @@ -491,9 +484,8 @@ void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } @@ -506,10 +498,9 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_75( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } /** @@ -526,9 +517,8 @@ void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } @@ -546,9 +536,8 @@ void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 516d272b4..621327ab7 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 8c75ddb2b..41e98434c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index b88959233..cd940beb2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "libcrux_mlkem1024_avx2.h" @@ -38,11 +38,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_d8( +static void decapsulate_c7( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c40(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ff0(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_d8(private_key, ciphertext, ret); + decapsulate_c7(private_key, ciphertext, ret); } /** @@ -83,11 +83,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_ca( +static void decapsulate_unpacked_21( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f0(key_pair, ciphertext, ret); } /** @@ -101,7 +101,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_ca(private_key, ciphertext, ret); + decapsulate_unpacked_21(private_key, ciphertext, ret); } /** @@ -121,14 +121,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_b2( +static tuple_21 encapsulate_8e( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_930(uu____0, copy_of_randomness); } /** @@ -145,7 +145,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_b2(uu____0, copy_of_randomness); + return encapsulate_8e(uu____0, copy_of_randomness); } /** @@ -169,7 +169,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_16( +static tuple_21 encapsulate_unpacked_2a( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = @@ -177,7 +177,7 @@ static tuple_21 encapsulate_unpacked_16( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0(uu____0, copy_of_randomness); } @@ -199,7 +199,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_16(uu____0, copy_of_randomness); + return encapsulate_unpacked_2a(uu____0, copy_of_randomness); } /** @@ -216,12 +216,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_f6( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_4b( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c22(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_360(copy_of_randomness); } /** @@ -232,7 +232,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_f6(copy_of_randomness); + return generate_keypair_4b(copy_of_randomness); } /** @@ -251,11 +251,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_d9(uint8_t randomness[64U]) { +generate_keypair_unpacked_4c(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c00( copy_of_randomness); } @@ -268,7 +268,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d9(copy_of_randomness); + return generate_keypair_unpacked_4c(copy_of_randomness); } /** @@ -282,8 +282,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_570(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_cf0(public_key); +static bool validate_public_key_1b0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_770(public_key); } /** @@ -294,7 +294,7 @@ static bool validate_public_key_570(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_570(public_key.value)) { + if (validate_public_key_1b0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 4df590c69..658c5b92c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index f3972ee47..ed6f6e69f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "libcrux_mlkem1024_portable.h" @@ -38,11 +38,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_52( +static void decapsulate_15( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b01(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_52(private_key, ciphertext, ret); + decapsulate_15(private_key, ciphertext, ret); } /** @@ -83,11 +83,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_b6( +static void decapsulate_unpacked_39( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_de1(key_pair, ciphertext, ret); } /** @@ -101,7 +101,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_b6(private_key, ciphertext, ret); + decapsulate_unpacked_39(private_key, ciphertext, ret); } /** @@ -121,14 +121,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_ec( +static tuple_21 encapsulate_09( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_781(uu____0, copy_of_randomness); } /** @@ -145,7 +145,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ec(uu____0, copy_of_randomness); + return encapsulate_09(uu____0, copy_of_randomness); } /** @@ -169,7 +169,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_9a( +static tuple_21 encapsulate_unpacked_62( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = @@ -177,7 +177,7 @@ static tuple_21 encapsulate_unpacked_9a( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_311(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_081(uu____0, copy_of_randomness); } @@ -199,7 +199,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_9a(uu____0, copy_of_randomness); + return encapsulate_unpacked_62(uu____0, copy_of_randomness); } /** @@ -217,12 +217,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_0e( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_b5( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c24(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d71(copy_of_randomness); } /** @@ -233,7 +233,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_0e(copy_of_randomness); + return generate_keypair_b5(copy_of_randomness); } /** @@ -252,11 +252,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_4a(uint8_t randomness[64U]) { +generate_keypair_unpacked_b8(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_371( copy_of_randomness); } @@ -269,7 +269,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_4a(copy_of_randomness); + return generate_keypair_unpacked_b8(copy_of_randomness); } /** @@ -283,8 +283,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_e11(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_351(public_key); +static bool validate_public_key_241(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_3f1(public_key); } /** @@ -295,7 +295,7 @@ static bool validate_public_key_e11(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_e11(public_key.value)) { + if (validate_public_key_241(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 2d6df8a83..e20755c0c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 4fad52629..4181db559 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 105246cbd..31c416846 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "libcrux_mlkem512_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_1d(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_d7(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c4(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ff(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_1d(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_1d(private_key, ciphertext, ret); + decapsulate_d7(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_50( +static void decapsulate_unpacked_30( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_50( void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_50(private_key, ciphertext, ret); + decapsulate_unpacked_30(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_72( +static tuple_ec encapsulate_c4( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_93(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_72(uu____0, copy_of_randomness); + return encapsulate_c4(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_14( +static tuple_ec encapsulate_unpacked_b9( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = @@ -173,7 +173,7 @@ static tuple_ec encapsulate_unpacked_14( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_14(uu____0, copy_of_randomness); + return encapsulate_unpacked_b9(uu____0, copy_of_randomness); } /** @@ -210,12 +210,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_27( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_8f( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c2(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_36(copy_of_randomness); } /** @@ -226,7 +226,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_27(copy_of_randomness); + return generate_keypair_8f(copy_of_randomness); } /** @@ -245,11 +245,11 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_2c(uint8_t randomness[64U]) { +generate_keypair_unpacked_7a(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c0( copy_of_randomness); } @@ -262,7 +262,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_2c(copy_of_randomness); + return generate_keypair_unpacked_7a(copy_of_randomness); } /** @@ -276,8 +276,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_57(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); +static bool validate_public_key_1b(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_77(public_key); } /** @@ -288,7 +288,7 @@ static bool validate_public_key_57(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_57(public_key.value)) { + if (validate_public_key_1b(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index a44306c02..4e8b2bb37 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index cd8fdcf86..9ff79924c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "libcrux_mlkem512_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_be0( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f0(private_key, ciphertext, ret); +static void decapsulate_04(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_b00(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_be0( void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_be0(private_key, ciphertext, ret); + decapsulate_04(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_06( +static void decapsulate_unpacked_d1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_de0(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_06( void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_06(private_key, ciphertext, ret); + decapsulate_unpacked_d1(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_f3( +static tuple_ec encapsulate_0e( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_780(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_f3(uu____0, copy_of_randomness); + return encapsulate_0e(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_01( +static tuple_ec encapsulate_unpacked_2c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = @@ -173,7 +173,7 @@ static tuple_ec encapsulate_unpacked_01( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_310(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_080(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_01(uu____0, copy_of_randomness); + return encapsulate_unpacked_2c(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_df( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_33( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c21(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d70(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_df(copy_of_randomness); + return generate_keypair_33(copy_of_randomness); } /** @@ -246,11 +246,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_c0(uint8_t randomness[64U]) { +generate_keypair_unpacked_fe(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_370( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c0(copy_of_randomness); + return generate_keypair_unpacked_fe(copy_of_randomness); } /** @@ -277,8 +277,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_e10(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_350(public_key); +static bool validate_public_key_240(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_3f0(public_key); } /** @@ -289,7 +289,7 @@ static bool validate_public_key_e10(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_e10(public_key.value)) { + if (validate_public_key_240(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index fbf4c704a..68ee7a5da 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 9e38f6ac7..8cf5f4f40 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 7db84cb52..bd4ebc485 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "libcrux_mlkem768_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_15( +static void decapsulate_2f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c41(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ff1(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_15( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_15(private_key, ciphertext, ret); + decapsulate_2f(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_e1( +static void decapsulate_unpacked_57( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f1(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_e1( void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_e1(private_key, ciphertext, ret); + decapsulate_unpacked_57(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_54( +static tuple_3c encapsulate_23( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_821(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_931(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_54(uu____0, copy_of_randomness); + return encapsulate_23(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_94( +static tuple_3c encapsulate_unpacked_cb( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -173,7 +173,7 @@ static tuple_3c encapsulate_unpacked_94( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_94(uu____0, copy_of_randomness); + return encapsulate_unpacked_cb(uu____0, copy_of_randomness); } /** @@ -210,12 +210,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_e4( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_2e( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c23(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_361(copy_of_randomness); } /** @@ -226,7 +226,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_e4(copy_of_randomness); + return generate_keypair_2e(copy_of_randomness); } /** @@ -245,11 +245,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_35(uint8_t randomness[64U]) { +generate_keypair_unpacked_cf(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c01( copy_of_randomness); } @@ -262,7 +262,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_35(copy_of_randomness); + return generate_keypair_unpacked_cf(copy_of_randomness); } /** @@ -276,8 +276,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_571(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_cf1(public_key); +static bool validate_public_key_1b1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_771(public_key); } /** @@ -288,7 +288,7 @@ static bool validate_public_key_571(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_571(public_key.value)) { + if (validate_public_key_1b1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index a8b4c34fb..9b775c78d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 1b9a4635c..7cc0954b1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "libcrux_mlkem768_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_be( +static void decapsulate_62( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b0(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_be( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_be(private_key, ciphertext, ret); + decapsulate_62(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_d4( +static void decapsulate_unpacked_ad( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_de(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_d4( void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d4(private_key, ciphertext, ret); + decapsulate_unpacked_ad(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_13( +static tuple_3c encapsulate_35( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_78(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_13(uu____0, copy_of_randomness); + return encapsulate_35(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_1b( +static tuple_3c encapsulate_unpacked_be( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -173,7 +173,7 @@ static tuple_3c encapsulate_unpacked_1b( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_31(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_08(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_1b(uu____0, copy_of_randomness); + return encapsulate_unpacked_be(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_45( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c20(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d7(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ff(copy_of_randomness); + return generate_keypair_45(copy_of_randomness); } /** @@ -246,11 +246,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_37(uint8_t randomness[64U]) { +generate_keypair_unpacked_05(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_37( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_37(copy_of_randomness); + return generate_keypair_unpacked_05(copy_of_randomness); } /** @@ -277,8 +277,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_e1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); +static bool validate_public_key_24(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_3f(public_key); } /** @@ -289,7 +289,7 @@ static bool validate_public_key_e1(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_e1(public_key.value)) { + if (validate_public_key_24(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index c2711fec9..4a2c6effd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 1d64639b8..87c5873ba 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "internal/libcrux_mlkem_avx2.h" @@ -21,8 +21,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -30,8 +29,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -63,8 +61,8 @@ __m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, int16_t ret[16U]) { int16_t output[16U] = {0U}; - mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, output, int16_t), + v); memcpy(ret, output, (size_t)16U * sizeof(int16_t)); } @@ -535,39 +533,23 @@ void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - __m256i coefficients = - mm256_set_epi16((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t)); + __m256i coefficients = mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); __m256i shift_lsb_to_msb = mm256_set_epi16( (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, @@ -610,15 +592,13 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); __m128i combined0 = mm256_castsi256_si128(combined); mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0); uint8_t ret0[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -634,39 +614,23 @@ void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - __m256i coefficients = - mm256_set_epi16((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t)); + __m256i coefficients = mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); __m256i shift_lsbs_to_msbs = mm256_set_epi16( (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, @@ -713,22 +677,19 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( mm256_srli_epi64((int32_t)12, adjacent_8_combined0, __m256i); __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined1); mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); __m128i upper_8 = mm256_extracti128_si256((int32_t)1, adjacent_8_combined1, __m128i); mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t), upper_8); uint8_t ret0[10U]; core_result_Result_cd dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), + Eurydice_slice, uint8_t[10U]); core_result_unwrap_41_e8(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -744,23 +705,23 @@ void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - __m128i coefficients = mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + __m128i coefficients = + mm_set_epi8(Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); __m256i coefficients_loaded = mm256_castsi128_si256(coefficients); __m256i coefficients_loaded0 = mm256_inserti128_si256( (int32_t)1, coefficients_loaded, coefficients, __m256i); @@ -819,22 +780,19 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( (int8_t)1, (int8_t)0)); __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); __m128i upper_8 = mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); - mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, - Eurydice_slice), - upper_8); + mm_storeu_bytes_si128(Eurydice_array_to_subslice2(serialized, (size_t)10U, + (size_t)26U, uint8_t), + upper_8); uint8_t ret0[20U]; core_result_Result_7a dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), + Eurydice_slice, uint8_t[20U]); core_result_unwrap_41_34(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -855,13 +813,13 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); - __m128i lower_coefficients = mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + __m128i lower_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); __m128i lower_coefficients0 = mm_shuffle_epi8( lower_coefficients, mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + __m128i upper_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); __m128i upper_coefficients0 = mm_shuffle_epi8( upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, 9U, 8U, 8U, 7U, 7U, 6U)); @@ -885,12 +843,11 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( __m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; - mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), - vector); + mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, array, int16_t), + vector); libcrux_ml_kem_vector_portable_vector_type_PortableVector input = libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)16U, array, int16_t)); uint8_t ret0[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); @@ -912,7 +869,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); return mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)16U, array, int16_t)); } /** @@ -952,20 +909,17 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( __m128i upper_8 = mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, - Eurydice_slice), - upper_8); + mm_storeu_bytes_si128(Eurydice_array_to_subslice2(serialized, (size_t)12U, + (size_t)28U, uint8_t), + upper_8); uint8_t ret0[24U]; core_result_Result_6f dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), + Eurydice_slice, uint8_t[24U]); core_result_unwrap_41_1c(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -986,13 +940,13 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m128i lower_coefficients = mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + __m128i lower_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); __m128i lower_coefficients0 = mm_shuffle_epi8( lower_coefficients, mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + __m128i upper_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); __m128i upper_coefficients0 = mm_shuffle_epi8( upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); @@ -1029,8 +983,8 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); - __m128i lower_shuffles0 = mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + __m128i lower_shuffles0 = mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); __m128i lower_coefficients = mm256_castsi256_si128(potential_coefficients); __m128i lower_coefficients0 = mm_shuffle_epi8(lower_coefficients, lower_shuffles0); @@ -1041,15 +995,14 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); - __m128i upper_shuffles0 = mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + __m128i upper_shuffles0 = mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t)); __m128i upper_coefficients = mm256_extracti128_si256((int32_t)1, potential_coefficients, __m128i); __m128i upper_coefficients0 = mm_shuffle_epi8(upper_coefficients, upper_shuffles0); mm_storeu_si128(Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), + sampled_count + (size_t)8U, int16_t), upper_coefficients0); size_t uu____0 = sampled_count; return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); @@ -1116,14 +1069,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { +deserialize_to_reduced_ring_element_c5(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); @@ -1144,14 +1096,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f24( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -1159,9 +1111,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); + deserialize_to_reduced_ring_element_c5(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1174,7 +1126,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_98(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_b6(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1187,8 +1139,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_ea_92(__m256i vector) { - return shift_right_98(vector); +static __m256i shift_right_ea_07(__m256i vector) { + return shift_right_b6(vector); } /** @@ -1198,7 +1150,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static __m256i to_unsigned_representative_a4(__m256i a) { - __m256i t = shift_right_ea_92(a); + __m256i t = shift_right_ea_07(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -1220,12 +1172,9 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } @@ -1248,22 +1197,19 @@ static KRML_MUSTINLINE void serialize_secret_key_ae1( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_92(&re, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } @@ -1283,19 +1229,16 @@ static KRML_MUSTINLINE void serialize_public_key_d01( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; serialize_secret_key_ae1(t_as_ntt, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice_copy(Eurydice_array_to_subslice_from( - (size_t)1184U, public_key_serialized, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - seed_for_a, uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -1307,18 +1250,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_771(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_5d4( + deserialize_ring_elements_reduced_f24( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; serialize_public_key_d01( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -1372,11 +1315,10 @@ shake128_init_absorb_4d1(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); return state; } @@ -1411,10 +1353,10 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b1( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -1501,12 +1443,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -1536,10 +1477,10 @@ static KRML_MUSTINLINE void shake128_squeeze_block_1b1( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -1625,12 +1566,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -1665,8 +1605,7 @@ from_i16_array_89_10(Eurydice_slice a) { size_t i0 = i; result.coefficients[i0] = libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t)); } return result; } @@ -1679,8 +1618,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -1762,9 +1701,8 @@ static KRML_MUSTINLINE void sample_matrix_A_a21( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -1806,14 +1744,14 @@ static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -1900,23 +1838,22 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -1932,8 +1869,8 @@ sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -1946,20 +1883,19 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -1977,8 +1913,8 @@ sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -2198,11 +2134,11 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; PRFxN_a9_512(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -2295,10 +2231,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_971( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, - Eurydice_slice), - __m256i, size_t); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -2362,9 +2297,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; @@ -2372,9 +2306,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -2444,8 +2377,8 @@ static tuple_9b0 generate_keypair_unpacked_6c1( uint8_t hashed[64U]; G_a9_681(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; @@ -2476,8 +2409,7 @@ static tuple_9b0 generate_keypair_unpacked_6c1( compute_As_plus_e_f01(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; @@ -2526,7 +2458,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_e31( +static void closure_1a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_89_d5();); @@ -2542,7 +2474,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_48( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_25( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -2578,27 +2510,26 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c01(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_e31(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_1a1(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); + clone_d5_25(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -2611,16 +2542,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]) { serialize_public_key_d01( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; @@ -2663,10 +2593,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_d01(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_d01( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1152U]; serialize_secret_key_ae1(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ @@ -2705,40 +2634,35 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_751( size_t uu____2 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_a9_651(public_key, ret0); Eurydice_slice_copy( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy(Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -2763,15 +2687,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_361(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = generate_keypair_e11(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; @@ -2780,23 +2703,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; serialize_kem_secret_key_751( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[2400U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a70(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[1184U]; - memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c90( - uu____2, libcrux_ml_kem_types_from_b6_4c0(copy_of_public_key)); + libcrux_ml_kem_types_from_22_a70(secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____1 = private_key; + return libcrux_ml_kem_types_from_17_d50( + uu____1, libcrux_ml_kem_types_from_c7_140(public_key)); } /** @@ -2811,7 +2725,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_001(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_d5();); @@ -2830,8 +2744,8 @@ sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[3U]; @@ -2854,8 +2768,7 @@ with const generics static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -2880,7 +2793,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_78( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_04( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2904,7 +2817,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_ba( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_18( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2924,7 +2837,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_1f( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_94( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2942,7 +2855,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_df(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_34(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); @@ -2957,7 +2870,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_a2( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_75( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2972,7 +2885,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_a2( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_df( + inv_ntt_layer_int_vec_step_reduce_34( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2989,17 +2902,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_571( +static KRML_MUSTINLINE void invert_ntt_montgomery_be1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_04(&zeta_i, re); + invert_ntt_at_layer_2_18(&zeta_i, re); + invert_ntt_at_layer_3_94(&zeta_i, re); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_99(re); } @@ -3013,7 +2926,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_91( +static KRML_MUSTINLINE void add_error_reduce_89_46( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3037,7 +2950,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_001( +static KRML_MUSTINLINE void compute_vector_u_6c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -3049,9 +2962,8 @@ static KRML_MUSTINLINE void compute_vector_u_001( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; @@ -3059,9 +2971,8 @@ static KRML_MUSTINLINE void compute_vector_u_001( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -3069,8 +2980,8 @@ static KRML_MUSTINLINE void compute_vector_u_001( ntt_multiply_89_48(a_element, &r_as_ntt[j]); add_to_ring_element_89_971(&result[i1], &product); } - invert_ntt_montgomery_571(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); + invert_ntt_montgomery_be1(&result[i1]); + add_error_reduce_89_46(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3083,7 +2994,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_91(__m256i v) { +static __m256i decompress_1_52(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3097,16 +3008,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_b9(uint8_t serialized[32U]) { +deserialize_then_decompress_message_84(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_deserialize_1_ea( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - re.coefficients[i0] = decompress_1_91(coefficient_compressed);); + (size_t)2U * i0 + (size_t)2U, + uint8_t)); + re.coefficients[i0] = decompress_1_52(coefficient_compressed);); return re; } @@ -3121,7 +3032,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_67( +add_message_error_reduce_89_37( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3151,7 +3062,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_711( +compute_ring_element_v_041( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -3161,8 +3072,8 @@ compute_ring_element_v_711( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_571(&result); - result = add_message_error_reduce_89_67(error_2, message, result); + invert_ntt_montgomery_be1(&result); + result = add_message_error_reduce_89_37(error_2, message, result); return result; } @@ -3173,7 +3084,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_8a(__m256i vector) { +compress_ciphertext_coefficient_5d(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3220,8 +3131,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_ea_80(__m256i vector) { - return compress_ciphertext_coefficient_8a(vector); +static __m256i compress_ea_e9(__m256i vector) { + return compress_ciphertext_coefficient_5d(vector); } /** @@ -3230,23 +3141,20 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_2f( +static KRML_MUSTINLINE void compress_then_serialize_10_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_80(to_unsigned_representative_a4(re->coefficients[i0])); + compress_ea_e9(to_unsigned_representative_a4(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -3258,7 +3166,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_8a0(__m256i vector) { +compress_ciphertext_coefficient_5d0(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3305,8 +3213,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_ea_800(__m256i vector) { - return compress_ciphertext_coefficient_8a0(vector); +static __m256i compress_ea_e90(__m256i vector) { + return compress_ciphertext_coefficient_5d0(vector); } /** @@ -3316,10 +3224,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b2( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_2f(re, uu____0); + compress_then_serialize_10_f0(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3335,29 +3243,25 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_841( +static void compress_then_serialize_u_551( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b2(&re, ret); + compress_then_serialize_ring_element_u_4d(&re, ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -3368,7 +3272,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_8a1(__m256i vector) { +compress_ciphertext_coefficient_5d1(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3415,8 +3319,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_ea_801(__m256i vector) { - return compress_ciphertext_coefficient_8a1(vector); +static __m256i compress_ea_e91(__m256i vector) { + return compress_ciphertext_coefficient_5d1(vector); } /** @@ -3425,22 +3329,20 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_b7( +static KRML_MUSTINLINE void compress_then_serialize_4_59( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_801(to_unsigned_representative_a4(re.coefficients[i0])); + compress_ea_e91(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -3451,7 +3353,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_8a2(__m256i vector) { +compress_ciphertext_coefficient_5d2(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3498,8 +3400,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_ea_802(__m256i vector) { - return compress_ciphertext_coefficient_8a2(vector); +static __m256i compress_ea_e92(__m256i vector) { + return compress_ciphertext_coefficient_5d2(vector); } /** @@ -3508,22 +3410,20 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_35( +static KRML_MUSTINLINE void compress_then_serialize_5_73( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_ea_802(to_unsigned_representative_a4(re.coefficients[i0])); + compress_ea_e92(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -3534,9 +3434,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_39( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_dd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_b7(re, out); + compress_then_serialize_4_59(re, out); } /** @@ -3597,7 +3497,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_881( +static void encrypt_unpacked_c61( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -3615,7 +3515,7 @@ static void encrypt_unpacked_881( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_471(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_001(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3623,35 +3523,33 @@ static void encrypt_unpacked_881( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_934( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_a9_934(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_001(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_6c1(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(copy_of_message); + deserialize_then_decompress_message_84(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_711(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_041(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_841( + compress_then_serialize_u_551( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_dd( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -3673,27 +3571,23 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; @@ -3704,17 +3598,17 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_881(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_c61(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, - uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f50(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c0(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -3735,12 +3629,11 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_e21(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_a81(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -3757,14 +3650,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f23( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -3772,9 +3665,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); + deserialize_to_reduced_ring_element_c5(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -3799,22 +3692,21 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_fb1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_8e1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_5d3( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_f23( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_a21(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; @@ -3845,7 +3737,7 @@ static void encrypt_fb1(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_881(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_c61(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -3860,12 +3752,11 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_501(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_4b1(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -3888,55 +3779,47 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_931( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_e21( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_a81( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_a9_651(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), - uint8_t, Eurydice_slice), + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c20(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, - Eurydice_slice); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c20(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_fb1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_8e1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f50(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_501(shared_secret, shared_secret_array); + kdf_af_4b1(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3955,7 +3838,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_55(__m256i vector) { +decompress_ciphertext_coefficient_b7(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3999,8 +3882,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_ea_1d(__m256i vector) { - return decompress_ciphertext_coefficient_55(vector); +static __m256i decompress_ciphertext_coefficient_ea_d8(__m256i vector) { + return decompress_ciphertext_coefficient_b7(vector); } /** @@ -4010,16 +3893,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_a7(Eurydice_slice serialized) { +deserialize_then_decompress_10_29(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)20U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d8(coefficient); } return re; } @@ -4031,7 +3913,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_550(__m256i vector) { +decompress_ciphertext_coefficient_b70(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4075,8 +3957,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_ea_1d0(__m256i vector) { - return decompress_ciphertext_coefficient_550(vector); +static __m256i decompress_ciphertext_coefficient_ea_d80(__m256i vector) { + return decompress_ciphertext_coefficient_b70(vector); } /** @@ -4086,16 +3968,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_8d(Eurydice_slice serialized) { +deserialize_then_decompress_11_77(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)22U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d0(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d80(coefficient); } return re; } @@ -4107,8 +3988,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_10(Eurydice_slice serialized) { - return deserialize_then_decompress_10_a7(serialized); +deserialize_then_decompress_ring_element_u_ca(Eurydice_slice serialized) { + return deserialize_then_decompress_10_29(serialized); } /** @@ -4117,7 +3998,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_fe( +static KRML_MUSTINLINE void ntt_vector_u_29( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); @@ -4142,16 +4023,16 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b51( +static KRML_MUSTINLINE void deserialize_then_decompress_u_861( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, u_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1088U, ciphertext, - uint8_t, Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -4164,9 +4045,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b51( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_10(u_bytes); - ntt_vector_u_fe(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_ca(u_bytes); + ntt_vector_u_29(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4180,7 +4061,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_551(__m256i vector) { +decompress_ciphertext_coefficient_b71(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4224,8 +4105,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_ea_1d1(__m256i vector) { - return decompress_ciphertext_coefficient_551(vector); +static __m256i decompress_ciphertext_coefficient_ea_d81(__m256i vector) { + return decompress_ciphertext_coefficient_b71(vector); } /** @@ -4235,16 +4116,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_9a(Eurydice_slice serialized) { +deserialize_then_decompress_4_a5(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)8U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d81(coefficient); } return re; } @@ -4256,7 +4136,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_552(__m256i vector) { +decompress_ciphertext_coefficient_b72(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4300,8 +4180,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_ea_1d2(__m256i vector) { - return decompress_ciphertext_coefficient_552(vector); +static __m256i decompress_ciphertext_coefficient_ea_d82(__m256i vector) { + return decompress_ciphertext_coefficient_b72(vector); } /** @@ -4311,17 +4191,16 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_75(Eurydice_slice serialized) { +deserialize_then_decompress_5_d9(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)10U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_1d2(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_d82(re.coefficients[i0]); } return re; } @@ -4333,8 +4212,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_5b(Eurydice_slice serialized) { - return deserialize_then_decompress_4_9a(serialized); +deserialize_then_decompress_ring_element_v_ca(Eurydice_slice serialized) { + return deserialize_then_decompress_4_a5(serialized); } /** @@ -4348,7 +4227,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_89_f9(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4376,7 +4255,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_221( +compute_message_4c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -4385,8 +4264,8 @@ compute_message_221( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_571(&result); - result = subtract_reduce_89_63(v, result); + invert_ntt_montgomery_be1(&result); + result = subtract_reduce_89_f9(v, result); return result; } @@ -4396,7 +4275,7 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_ec( +static KRML_MUSTINLINE void compress_then_serialize_message_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( @@ -4407,12 +4286,10 @@ static KRML_MUSTINLINE void compress_then_serialize_message_ec( uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), + uint8_t);); memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } @@ -4450,20 +4327,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_8c1( +static void decrypt_unpacked_f51( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_b51(ciphertext, u_as_ntt); + deserialize_then_decompress_u_861(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b( + deserialize_then_decompress_ring_element_v_ca( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_221(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_4c1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); + compress_then_serialize_message_dc(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4475,8 +4351,7 @@ with const generics static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -4515,67 +4390,61 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_8c1(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_f51(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); + uint8_t, size_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_2d3( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_750(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_933( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &key_pair->public_key.ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_881(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_c61(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_750(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4587,14 +4456,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_63(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_cc(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); } return re; @@ -4609,14 +4477,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_201( +static KRML_MUSTINLINE void deserialize_secret_key_6a1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, secret_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4624,9 +4492,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_201( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); + deserialize_to_uncompressed_ring_element_cc(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4644,10 +4512,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_391(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_741(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_201(secret_key, secret_as_ntt); + deserialize_secret_key_6a1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4659,7 +4527,7 @@ static void decrypt_391(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_8c1(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_f51(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4685,12 +4553,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_c41( +void libcrux_ml_kem_ind_cca_decapsulate_ff1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -4704,22 +4571,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_c41( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_391(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_741(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -4728,36 +4592,32 @@ void libcrux_ml_kem_ind_cca_decapsulate_c41( libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_750(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_933( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_fb1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_8e1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_501( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_4b1(Eurydice_array_to_slice( + (size_t)32U, implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_501(shared_secret0, shared_secret); + kdf_af_4b1(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_750(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4775,14 +4635,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f22( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4790,9 +4650,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); + deserialize_to_reduced_ring_element_c5(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4818,22 +4678,19 @@ static KRML_MUSTINLINE void serialize_secret_key_ae0( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_92(&re, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } @@ -4853,19 +4710,16 @@ static KRML_MUSTINLINE void serialize_public_key_d00( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; serialize_secret_key_ae0(t_as_ntt, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice_copy(Eurydice_array_to_subslice_from( - (size_t)1568U, public_key_serialized, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - seed_for_a, uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -4877,18 +4731,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_770(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_5d2( + deserialize_ring_elements_reduced_f22( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; serialize_public_key_d00( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -4942,11 +4796,10 @@ shake128_init_absorb_4d0(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t)); return state; } @@ -4981,10 +4834,10 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b0( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -5074,12 +4927,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5109,10 +4961,10 @@ static KRML_MUSTINLINE void shake128_squeeze_block_1b0( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -5201,12 +5053,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5231,8 +5082,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -5314,9 +5165,8 @@ static KRML_MUSTINLINE void sample_matrix_A_a20( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -5358,14 +5208,14 @@ static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -5425,11 +5275,11 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; PRFxN_a9_511(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -5461,10 +5311,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_970( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, - Eurydice_slice), - __m256i, size_t); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -5493,9 +5342,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; @@ -5503,9 +5351,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -5575,8 +5422,8 @@ static tuple_54 generate_keypair_unpacked_6c0( uint8_t hashed[64U]; G_a9_680(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; @@ -5607,8 +5454,7 @@ static tuple_54 generate_keypair_unpacked_6c0( compute_As_plus_e_f00(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; @@ -5657,7 +5503,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_e30( +static void closure_1a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_89_d5();); @@ -5689,27 +5535,26 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c00(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_54 uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_e30(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_1a0(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); + clone_d5_25(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5722,16 +5567,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]) { serialize_public_key_d00( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), + H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = ind_cpa_private_key; @@ -5774,10 +5618,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_d00(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_d00( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key_ae0(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ @@ -5816,40 +5659,35 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_750( size_t uu____2 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_a9_650(public_key, ret0); Eurydice_slice_copy( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy(Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } @@ -5874,15 +5712,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_360(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = generate_keypair_e10(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; @@ -5891,23 +5728,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; serialize_kem_secret_key_750( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[3168U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_a71(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[1568U]; - memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c91( - uu____2, libcrux_ml_kem_types_from_b6_4c1(copy_of_public_key)); + libcrux_ml_kem_types_from_22_a71(secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____1 = private_key; + return libcrux_ml_kem_types_from_17_d51( + uu____1, libcrux_ml_kem_types_from_c7_141(public_key)); } /** @@ -5922,7 +5750,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_000(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_d5();); @@ -5941,8 +5769,8 @@ sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[4U]; @@ -5978,17 +5806,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_570( +static KRML_MUSTINLINE void invert_ntt_montgomery_be0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_04(&zeta_i, re); + invert_ntt_at_layer_2_18(&zeta_i, re); + invert_ntt_at_layer_3_94(&zeta_i, re); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_99(re); } @@ -6001,7 +5829,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_000( +static KRML_MUSTINLINE void compute_vector_u_6c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -6013,9 +5841,8 @@ static KRML_MUSTINLINE void compute_vector_u_000( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; @@ -6023,9 +5850,8 @@ static KRML_MUSTINLINE void compute_vector_u_000( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -6033,8 +5859,8 @@ static KRML_MUSTINLINE void compute_vector_u_000( ntt_multiply_89_48(a_element, &r_as_ntt[j]); add_to_ring_element_89_970(&result[i1], &product); } - invert_ntt_montgomery_570(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); + invert_ntt_montgomery_be0(&result[i1]); + add_error_reduce_89_46(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -6051,7 +5877,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_710( +compute_ring_element_v_040( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -6061,8 +5887,8 @@ compute_ring_element_v_710( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_570(&result); - result = add_message_error_reduce_89_67(error_2, message, result); + invert_ntt_montgomery_be0(&result); + result = add_message_error_reduce_89_37(error_2, message, result); return result; } @@ -6072,23 +5898,20 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_d10( +static KRML_MUSTINLINE void compress_then_serialize_11_630( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_800(to_unsigned_representative_a4(re->coefficients[i0])); + compress_ea_e90(to_unsigned_representative_a4(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } @@ -6100,10 +5923,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b20( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_d10(re, uu____0); + compress_then_serialize_11_630(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -6119,29 +5942,25 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_840( +static void compress_then_serialize_u_550( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_b20(&re, ret); + compress_then_serialize_ring_element_u_4d0(&re, ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } } @@ -6152,9 +5971,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_390( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_dd0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_35(re, out); + compress_then_serialize_5_73(re, out); } /** @@ -6215,7 +6034,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_880( +static void encrypt_unpacked_c60( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -6233,7 +6052,7 @@ static void encrypt_unpacked_880( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_470(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_000(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -6241,36 +6060,33 @@ static void encrypt_unpacked_880( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_932( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_a9_932(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_000(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_6c0(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(copy_of_message); + deserialize_then_decompress_message_84(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_710(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_040(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_840( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); + compress_then_serialize_u_550( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, + (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_390( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_dd0( + uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } @@ -6292,27 +6108,23 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; @@ -6323,17 +6135,17 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_880(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_c60(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, - uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f51(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c1(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6354,12 +6166,11 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_e20(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_a80(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -6376,14 +6187,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f21( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6391,9 +6202,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); + deserialize_to_reduced_ring_element_c5(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6418,22 +6229,21 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_fb0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_8e0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_5d1( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_f21( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_a20(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; @@ -6464,7 +6274,7 @@ static void encrypt_fb0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_880(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_c60(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -6479,12 +6289,11 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_500(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_4b0(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -6507,55 +6316,47 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_930( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_e20( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_a80( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_a9_650(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), - uint8_t, Eurydice_slice), + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_c21(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, - Eurydice_slice); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_c21(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_fb0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_8e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f51(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_500(shared_secret, shared_secret_array); + kdf_af_4b0(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6574,8 +6375,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_100(Eurydice_slice serialized) { - return deserialize_then_decompress_11_8d(serialized); +deserialize_then_decompress_ring_element_u_ca0(Eurydice_slice serialized) { + return deserialize_then_decompress_11_77(serialized); } /** @@ -6584,7 +6385,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_fe0( +static KRML_MUSTINLINE void ntt_vector_u_290( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); @@ -6609,16 +6410,16 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b50( +static KRML_MUSTINLINE void deserialize_then_decompress_u_860( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, u_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1568U, ciphertext, - uint8_t, Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -6631,9 +6432,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b50( (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_100(u_bytes); - ntt_vector_u_fe0(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_ca0(u_bytes); + ntt_vector_u_290(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6647,8 +6448,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_5b0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_75(serialized); +deserialize_then_decompress_ring_element_v_ca0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_d9(serialized); } /** @@ -6664,7 +6465,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_220( +compute_message_4c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -6673,8 +6474,8 @@ compute_message_220( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_570(&result); - result = subtract_reduce_89_63(v, result); + invert_ntt_montgomery_be0(&result); + result = subtract_reduce_89_f9(v, result); return result; } @@ -6712,20 +6513,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_8c0( +static void decrypt_unpacked_f50( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_b50(ciphertext, u_as_ntt); + deserialize_then_decompress_u_860(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b0( + deserialize_then_decompress_ring_element_v_ca0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); + (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_220(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_4c0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); + compress_then_serialize_message_dc(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6764,68 +6564,62 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_8c0(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_f50(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); + uint8_t, size_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; libcrux_ml_kem_utils_into_padded_array_2d4( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_751(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_931( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = &key_pair->public_key.ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_880(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_c60(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_751(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6839,14 +6633,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_200( +static KRML_MUSTINLINE void deserialize_secret_key_6a0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, secret_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6854,9 +6648,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_200( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); + deserialize_to_uncompressed_ring_element_cc(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6874,10 +6668,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_390(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_740(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_200(secret_key, secret_as_ntt); + deserialize_secret_key_6a0(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -6889,7 +6683,7 @@ static void decrypt_390(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_8c0(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_f50(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6915,13 +6709,12 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_c40( +void libcrux_ml_kem_ind_cca_decapsulate_ff0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -6935,22 +6728,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_c40( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_390(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_740(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -6959,36 +6749,32 @@ void libcrux_ml_kem_ind_cca_decapsulate_c40( libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_751(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_931( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_fb0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_8e0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_500( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_4b0(Eurydice_array_to_slice( + (size_t)32U, implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_500(shared_secret0, shared_secret); + kdf_af_4b0(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_751(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7006,14 +6792,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f20( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7021,9 +6807,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); + deserialize_to_reduced_ring_element_c5(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7049,22 +6835,19 @@ static KRML_MUSTINLINE void serialize_secret_key_ae( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_92(&re, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } @@ -7085,17 +6868,15 @@ static KRML_MUSTINLINE void serialize_public_key_d0( Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; serialize_secret_key_ae(t_as_ntt, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice_copy(Eurydice_array_to_subslice_from( - (size_t)800U, public_key_serialized, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - seed_for_a, uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -7107,18 +6888,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_77(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_5d0( + deserialize_ring_elements_reduced_f20( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; serialize_public_key_d0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -7172,11 +6953,10 @@ shake128_init_absorb_4d(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); return state; } @@ -7211,10 +6991,10 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -7298,12 +7078,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7333,10 +7112,10 @@ static KRML_MUSTINLINE void shake128_squeeze_block_1b( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -7419,12 +7198,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7449,8 +7227,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -7532,9 +7310,8 @@ static KRML_MUSTINLINE void sample_matrix_A_a2( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -7576,14 +7353,14 @@ static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], uint8_t out2[192U] = {0U}; uint8_t out3[192U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t), + Eurydice_array_to_slice((size_t)192U, out2, uint8_t), + Eurydice_array_to_slice((size_t)192U, out3, uint8_t)); uint8_t uu____0[192U]; memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); @@ -7648,11 +7425,11 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; PRFxN_a9_51(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -7684,10 +7461,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, - Eurydice_slice), - __m256i, size_t); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -7716,9 +7492,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; @@ -7726,9 +7501,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -7798,8 +7572,8 @@ static tuple_4c generate_keypair_unpacked_6c( uint8_t hashed[64U]; G_a9_68(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; @@ -7830,8 +7604,7 @@ static tuple_4c generate_keypair_unpacked_6c( compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; @@ -7880,7 +7653,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_e3( +static void closure_1a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_89_d5();); @@ -7912,27 +7685,26 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_4c uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_e3(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_1a(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); + clone_d5_25(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7945,16 +7717,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]) { serialize_public_key_d0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), + H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = ind_cpa_private_key; @@ -7997,10 +7768,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_d0(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_d0( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ @@ -8039,40 +7809,35 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_75( size_t uu____2 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_a9_65(public_key, ret0); Eurydice_slice_copy( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy(Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } @@ -8096,16 +7861,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_36( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = generate_keypair_e1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; @@ -8114,23 +7878,14 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; serialize_kem_secret_key_75( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1632U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_a7(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[800U]; - memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(copy_of_public_key)); + libcrux_ml_kem_types_from_22_a7(secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____1 = private_key; + return libcrux_ml_kem_types_from_17_d5( + uu____1, libcrux_ml_kem_types_from_c7_14(public_key)); } /** @@ -8147,14 +7902,14 @@ static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -8191,7 +7946,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_00(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_d5();); @@ -8210,8 +7965,8 @@ sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[2U]; @@ -8247,17 +8002,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_57( +static KRML_MUSTINLINE void invert_ntt_montgomery_be( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_04(&zeta_i, re); + invert_ntt_at_layer_2_18(&zeta_i, re); + invert_ntt_at_layer_3_94(&zeta_i, re); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_99(re); } @@ -8270,7 +8025,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_00( +static KRML_MUSTINLINE void compute_vector_u_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -8282,9 +8037,8 @@ static KRML_MUSTINLINE void compute_vector_u_00( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; @@ -8292,9 +8046,8 @@ static KRML_MUSTINLINE void compute_vector_u_00( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -8302,8 +8055,8 @@ static KRML_MUSTINLINE void compute_vector_u_00( ntt_multiply_89_48(a_element, &r_as_ntt[j]); add_to_ring_element_89_97(&result[i1], &product); } - invert_ntt_montgomery_57(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); + invert_ntt_montgomery_be(&result[i1]); + add_error_reduce_89_46(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -8320,7 +8073,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_71( +compute_ring_element_v_04( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -8330,8 +8083,8 @@ compute_ring_element_v_71( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_57(&result); - result = add_message_error_reduce_89_67(error_2, message, result); + invert_ntt_montgomery_be(&result); + result = add_message_error_reduce_89_37(error_2, message, result); return result; } @@ -8347,29 +8100,25 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_84( +static void compress_then_serialize_u_55( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b2(&re, ret); + compress_then_serialize_ring_element_u_4d(&re, ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -8431,7 +8180,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_88( +static void encrypt_unpacked_c6( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -8449,7 +8198,7 @@ static void encrypt_unpacked_88( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_47(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_00(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -8457,35 +8206,33 @@ static void encrypt_unpacked_88( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_930( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_a9_930(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_00(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_6c(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(copy_of_message); + deserialize_then_decompress_message_84(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_71(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_04(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_84( + compress_then_serialize_u_55( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_dd( + uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } @@ -8507,27 +8254,23 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; @@ -8538,17 +8281,17 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_88(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_c6(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, - uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_f5(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -8569,12 +8312,11 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_e2(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_a8(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -8591,14 +8333,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f2( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8606,9 +8348,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); + deserialize_to_reduced_ring_element_c5(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8633,22 +8375,21 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_fb(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_8e(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_5d( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_f2( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_a2(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; @@ -8679,7 +8420,7 @@ static void encrypt_fb(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_88(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_c6(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -8694,12 +8435,11 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_50(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_4b(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -8722,55 +8462,47 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_93( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_e2( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_a8( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_a9_65(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), - uint8_t, Eurydice_slice), + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, - Eurydice_slice); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_fb(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_8e(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_f5(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_50(shared_secret, shared_secret_array); + kdf_af_4b(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8794,16 +8526,16 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b5( +static KRML_MUSTINLINE void deserialize_then_decompress_u_86( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, u_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)768U, ciphertext, - uint8_t, Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -8816,9 +8548,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b5( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_10(u_bytes); - ntt_vector_u_fe(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_ca(u_bytes); + ntt_vector_u_29(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8838,7 +8570,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_22( +compute_message_4c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -8847,8 +8579,8 @@ compute_message_22( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_57(&result); - result = subtract_reduce_89_63(v, result); + invert_ntt_montgomery_be(&result); + result = subtract_reduce_89_f9(v, result); return result; } @@ -8886,20 +8618,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_8c( +static void decrypt_unpacked_f5( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_b5(ciphertext, u_as_ntt); + deserialize_then_decompress_u_86(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b( + deserialize_then_decompress_ring_element_v_ca( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); + (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_22(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_4c(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); + compress_then_serialize_message_dc(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8938,67 +8669,61 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_8c(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_f5(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); + uint8_t, size_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_75(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_93( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = &key_pair->public_key.ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_88(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_c6(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_75(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9012,14 +8737,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_20( +static KRML_MUSTINLINE void deserialize_secret_key_6a( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, secret_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -9027,9 +8752,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_20( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); + deserialize_to_uncompressed_ring_element_cc(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -9047,10 +8772,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_39(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_74(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_20(secret_key, secret_as_ntt); + deserialize_secret_key_6a(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -9062,7 +8787,7 @@ static void decrypt_39(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_8c(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_f5(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9088,12 +8813,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_c4( +void libcrux_ml_kem_ind_cca_decapsulate_ff( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -9107,22 +8831,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_c4( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_39(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_74(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -9131,35 +8852,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_c4( libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_75(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_93( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_fb(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_8e(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_50( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_4b(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_50(shared_secret0, shared_secret); + kdf_af_4b(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_75(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index f3407c5c8..b79663481 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 8423fab45..0f4ebe8f1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "libcrux_mlkem_neon.h" @@ -17,8 +17,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -26,7 +25,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index da5369479..ab7713427 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 2740a4100..4c5b233f3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "internal/libcrux_mlkem_portable.h" @@ -20,8 +20,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -29,8 +28,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -75,10 +73,8 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( int16_t ret[16U]; core_result_Result_c0 dst; Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); + &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), + Eurydice_slice, int16_t[16U]); core_result_unwrap_41_f9(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; @@ -95,68 +91,64 @@ libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { KRML_MUSTINLINE uint8_t_x11 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r0 = (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)31) << 3U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r3 = + (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 2U & + (int16_t)255); uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)127) << 1U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 10U); uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 7U); uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)1) << 7U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); + uint8_t r7 = + (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) >> 1U & + (int16_t)255); uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 9U); uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)7) << 5U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); + uint8_t r10 = + (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) >> 3U); return (CLITERAL(uint8_t_x11){.fst = r0, .snd = r1, .thd = r2, @@ -174,12 +166,11 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[22U]) { uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x11 r11_21 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[22U] = {0U}; result[0U] = r0_10.fst; result[1U] = r0_10.snd; @@ -219,66 +210,56 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 3U; + int16_t r2 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 6U; + int16_t r3 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) >> + 1U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) >> + 4U; + int16_t r5 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 7U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 2U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) >> + 5U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -314,12 +295,10 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) { KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1547,19 +1526,17 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { libcrux_ml_kem_vector_portable_vector_type_zero(); KRML_MAYBE_FOR8( i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U);); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + (uint32_t)i0 & + 1U);); for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); } return result; } @@ -1575,26 +1552,26 @@ libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x4 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); + uint8_t result0 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *); + uint8_t result1 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *); + uint8_t result2 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *); + uint8_t result3 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *); return (CLITERAL(uint8_t_x4){ .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } @@ -1605,11 +1582,11 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( uint8_t_x4 result0_3 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t_x4 result4_7 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[8U] = {0U}; result[0U] = result0_3.fst; result[1U] = result0_3.snd; @@ -1635,32 +1612,32 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 4U & 15U); return (CLITERAL(int16_t_x8){.fst = v0, @@ -1676,11 +1653,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1714,40 +1689,24 @@ libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) << 5U); uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) << 7U); uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) << 4U); uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) >> 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) << 6U); uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) >> 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) << 3U); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1756,11 +1715,10 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[10U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t)); uint8_t result[10U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1788,44 +1746,44 @@ void libcrux_ml_kem_vector_portable_serialize_5_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 2U & 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U) << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 1U & 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) & 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) >> 3U); return (CLITERAL(int16_t_x8){.fst = v0, .snd = v1, @@ -1840,11 +1798,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1877,37 +1833,36 @@ libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U & (int16_t)3); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U & (int16_t)15); uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U & (int16_t)63); - uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U & + (int16_t)255); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1916,17 +1871,15 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[20U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t)); uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, + int16_t)); uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, + int16_t)); uint8_t result[20U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1964,60 +1917,52 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 2U; + int16_t r2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 4U; + int16_t r3 = + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >> + 6U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r5 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 2U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) >> + 4U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 6U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -2031,12 +1976,10 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -2069,20 +2012,17 @@ libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) >> - 8U | - (Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U); - uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 4U & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); + uint8_t r1 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U | + (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & + (int16_t)15) + << 4U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U & + (int16_t)255); return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); } @@ -2090,29 +2030,25 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[24U]) { uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t)); uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t)); uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t)); uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t)); uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, + int16_t)); uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, + int16_t)); uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, + int16_t)); uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, + int16_t)); uint8_t result[24U] = {0U}; result[0U] = r0_2.fst; result[1U] = r0_2.snd; @@ -2154,12 +2090,12 @@ void libcrux_ml_kem_vector_portable_serialize_12_0d( KRML_MUSTINLINE int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice bytes) { - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); + int16_t byte0 = + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t byte1 = + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *); + int16_t byte2 = + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *); int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); @@ -2168,32 +2104,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t)); int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t)); int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t)); int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t)); int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t)); int16_t_x2 v10_11 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t)); int16_t_x2 v12_13 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t)); int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector re = libcrux_ml_kem_vector_portable_vector_type_zero(); re.elements[0U] = v0_1.fst; @@ -2227,15 +2155,15 @@ libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(a, uint8_t, size_t) / (size_t)3U; i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(a, uint8_t) / (size_t)3U; + i++) { size_t i0 = i; int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; bool uu____0; @@ -2247,7 +2175,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( int16_t uu____6; if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1; sampled++; uu____1 = d2; uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -2258,8 +2186,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2276,8 +2203,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2349,14 +2275,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { +deserialize_to_reduced_ring_element_b8(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -2379,14 +2304,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2394,9 +2319,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_b8(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2467,12 +2392,9 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } @@ -2495,22 +2417,19 @@ static KRML_MUSTINLINE void serialize_secret_key_f81( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_f6(&re, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } @@ -2530,19 +2449,16 @@ static KRML_MUSTINLINE void serialize_public_key_801( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; serialize_secret_key_f81(t_as_ntt, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice_copy(Eurydice_array_to_subslice_from( - (size_t)1568U, public_key_serialized, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - seed_for_a, uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -2554,18 +2470,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_3f1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_724( + deserialize_ring_elements_reduced_9f4( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; serialize_public_key_801( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -2630,11 +2546,11 @@ shake128_init_absorb_751(uint8_t input[4U][34U]) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); /* Passing arrays by value in Rust generates a copy in C */ libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[4U]; memcpy(copy_of_shake128_state, shake128_state, @@ -2676,8 +2592,7 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_101( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); } @@ -2755,12 +2670,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2786,11 +2700,11 @@ generics static KRML_MUSTINLINE void shake128_squeeze_block_ed1(PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); } @@ -2868,12 +2782,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2909,8 +2822,7 @@ from_i16_array_89_6b(Eurydice_slice a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_from_i16_array_0d( Eurydice_slice_subslice2(a, i0 * (size_t)16U, - (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + (i0 + (size_t)1U) * (size_t)16U, int16_t)); result.coefficients[i0] = uu____0; } return result; @@ -2925,8 +2837,8 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -3009,9 +2921,8 @@ static KRML_MUSTINLINE void sample_matrix_A_231( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -3048,12 +2959,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } @@ -3131,23 +3041,22 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -3163,8 +3072,8 @@ sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -3177,20 +3086,19 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -3208,8 +3116,8 @@ sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -3447,11 +3355,11 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; PRFxN_f1_892(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -3549,10 +3457,8 @@ static KRML_MUSTINLINE void add_to_ring_element_89_931( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -3622,9 +3528,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; @@ -3632,9 +3537,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -3705,8 +3609,8 @@ static tuple_540 generate_keypair_unpacked_f41( uint8_t hashed[64U]; G_f1_b61(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; @@ -3737,8 +3641,7 @@ static tuple_540 generate_keypair_unpacked_f41( compute_As_plus_e_da1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; @@ -3788,7 +3691,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_571( +static void closure_841( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_89_39();); @@ -3804,7 +3707,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_84( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_14( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3844,27 +3747,26 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_371(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_540 uu____0 = generate_keypair_unpacked_f41(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_571(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_841(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_14(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3877,16 +3779,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { serialize_public_key_801( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = ind_cpa_private_key; @@ -3930,10 +3831,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_801(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_801( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ @@ -3972,40 +3872,35 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f2( size_t uu____2 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_f1_2e1(public_key, ret0); Eurydice_slice_copy( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy(Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } @@ -4031,15 +3926,14 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d71(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = generate_keypair_ec1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; @@ -4048,23 +3942,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; serialize_kem_secret_key_f2( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[3168U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_a71(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[1568U]; - memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c91( - uu____2, libcrux_ml_kem_types_from_b6_4c1(copy_of_public_key)); + libcrux_ml_kem_types_from_22_a71(secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____1 = private_key; + return libcrux_ml_kem_types_from_17_d51( + uu____1, libcrux_ml_kem_types_from_c7_141(public_key)); } /** @@ -4080,7 +3965,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_761(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_39();); @@ -4099,8 +3984,8 @@ sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[4U]; @@ -4123,8 +4008,7 @@ with const generics static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -4149,7 +4033,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_d1( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4173,7 +4057,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_a6( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_ac( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4193,7 +4077,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_61( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_63( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4213,7 +4097,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_87( + inv_ntt_layer_int_vec_step_reduce_6f( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4233,7 +4117,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_9b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4248,7 +4132,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_87( + inv_ntt_layer_int_vec_step_reduce_6f( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4265,17 +4149,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_861( +static KRML_MUSTINLINE void invert_ntt_montgomery_7b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_d1(&zeta_i, re); + invert_ntt_at_layer_2_ac(&zeta_i, re); + invert_ntt_at_layer_3_63(&zeta_i, re); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_2c(re); } @@ -4289,7 +4173,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_08( +static KRML_MUSTINLINE void add_error_reduce_89_6b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4316,7 +4200,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_a11( +static KRML_MUSTINLINE void compute_vector_u_a71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -4328,9 +4212,8 @@ static KRML_MUSTINLINE void compute_vector_u_a11( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; @@ -4338,9 +4221,8 @@ static KRML_MUSTINLINE void compute_vector_u_a11( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -4348,8 +4230,8 @@ static KRML_MUSTINLINE void compute_vector_u_a11( ntt_multiply_89_d5(a_element, &r_as_ntt[j]); add_to_ring_element_89_931(&result[i1], &product); } - invert_ntt_montgomery_861(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_7b1(&result[i1]); + add_error_reduce_89_6b(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4363,7 +4245,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_89(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_f3(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4377,7 +4259,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { +deserialize_then_decompress_message_a7(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; @@ -4386,9 +4268,9 @@ deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { libcrux_ml_kem_vector_portable_deserialize_1_0d( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_89(coefficient_compressed); + decompress_1_f3(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4404,7 +4286,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_8b( +add_message_error_reduce_89_4e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4437,7 +4319,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f1( +compute_ring_element_v_9d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4447,8 +4329,8 @@ compute_ring_element_v_1f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_931(&result, &product);); - invert_ntt_montgomery_861(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + invert_ntt_montgomery_7b1(&result); + result = add_message_error_reduce_89_4e(error_2, message, result); return result; } @@ -4522,7 +4404,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_e10( +static KRML_MUSTINLINE void compress_then_serialize_11_560( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; @@ -4533,12 +4415,9 @@ static KRML_MUSTINLINE void compress_then_serialize_11_e10( uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } @@ -4550,10 +4429,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_970( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_e10(re, uu____0); + compress_then_serialize_11_560(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4569,29 +4448,25 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_241( +static void compress_then_serialize_u_3d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_2f0(&re, ret); + compress_then_serialize_ring_element_u_970(&re, ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } } @@ -4633,7 +4508,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_e5( +static KRML_MUSTINLINE void compress_then_serialize_4_07( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -4645,10 +4520,8 @@ static KRML_MUSTINLINE void compress_then_serialize_4_e5( libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -4690,7 +4563,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_a3( +static KRML_MUSTINLINE void compress_then_serialize_5_00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -4702,10 +4575,8 @@ static KRML_MUSTINLINE void compress_then_serialize_5_a3( libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -4716,9 +4587,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_310( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_a00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_a3(re, out); + compress_then_serialize_5_00(re, out); } /** @@ -4780,7 +4651,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c1( +static void encrypt_unpacked_611( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -4798,7 +4669,7 @@ static void encrypt_unpacked_6c1( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_2c1(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_761(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4806,36 +4677,33 @@ static void encrypt_unpacked_6c1( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_044( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_044(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_a11(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a71(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(copy_of_message); + deserialize_then_decompress_message_a7(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_9d1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_241( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); + compress_then_serialize_u_3d1( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, + (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_310( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_a00( + uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } @@ -4858,27 +4726,23 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_081( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b61( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; @@ -4889,17 +4753,17 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_6c1(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_611(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, - uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f51(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c1(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4920,12 +4784,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_44(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_6b(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -4942,14 +4805,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f3( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4957,9 +4820,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_b8(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4985,22 +4848,21 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_121(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_723( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_9f3( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_231(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; @@ -5031,7 +4893,7 @@ static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_6c1(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_611(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -5046,12 +4908,11 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_c2(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_ef(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -5074,55 +4935,47 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_781( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_44( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_6b( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_f1_2e1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), - uint8_t, Eurydice_slice), + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_c21(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b61( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, - Eurydice_slice); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_c21(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_0d1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_121(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f51(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_c2(shared_secret, shared_secret_array); + kdf_af_ef(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -5178,14 +5031,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_e9(Eurydice_slice serialized) { +deserialize_then_decompress_10_23(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)20U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -5239,14 +5091,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_f5(Eurydice_slice serialized) { +deserialize_then_decompress_11_70(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)22U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -5263,8 +5114,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_890(Eurydice_slice serialized) { - return deserialize_then_decompress_11_f5(serialized); +deserialize_then_decompress_ring_element_u_820(Eurydice_slice serialized) { + return deserialize_then_decompress_11_70(serialized); } /** @@ -5273,7 +5124,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_ed0( +static KRML_MUSTINLINE void ntt_vector_u_180( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); @@ -5298,16 +5149,16 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( +static KRML_MUSTINLINE void deserialize_then_decompress_u_701( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1568U, ciphertext, - uint8_t, Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -5320,9 +5171,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_890(u_bytes); - ntt_vector_u_ed0(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_820(u_bytes); + ntt_vector_u_180(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5373,14 +5224,13 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_34(Eurydice_slice serialized) { +deserialize_then_decompress_4_91(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)8U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -5434,14 +5284,13 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_53(Eurydice_slice serialized) { +deserialize_then_decompress_5_ec(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)10U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = @@ -5458,8 +5307,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_300(Eurydice_slice serialized) { - return deserialize_then_decompress_5_53(serialized); +deserialize_then_decompress_ring_element_v_520(Eurydice_slice serialized) { + return deserialize_then_decompress_5_ec(serialized); } /** @@ -5473,7 +5322,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_7d(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_7e(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5504,7 +5353,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb1( +compute_message_7b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -5513,8 +5362,8 @@ compute_message_cb1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_931(&result, &product);); - invert_ntt_montgomery_861(&result); - result = subtract_reduce_89_7d(v, result); + invert_ntt_montgomery_7b1(&result); + result = subtract_reduce_89_7e(v, result); return result; } @@ -5524,7 +5373,7 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_3a( +static KRML_MUSTINLINE void compress_then_serialize_message_00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( @@ -5537,12 +5386,10 @@ static KRML_MUSTINLINE void compress_then_serialize_message_3a( uint8_t bytes[2U]; libcrux_ml_kem_vector_portable_serialize_1_0d( coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), + uint8_t);); memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } @@ -5580,20 +5427,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_e71( +static void decrypt_unpacked_a71( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_b11(ciphertext, u_as_ntt); + deserialize_then_decompress_u_701(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_300( + deserialize_then_decompress_ring_element_v_520( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); + (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7b1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_00(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5605,8 +5451,7 @@ with const generics static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -5646,68 +5491,62 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e71(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_a71(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); + uint8_t, size_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b61( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; libcrux_ml_kem_utils_into_padded_array_2d4( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_751(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_043( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &key_pair->public_key.ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_6c1(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_611(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_751(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5719,14 +5558,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_05(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_5e(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); re.coefficients[i0] = uu____0; @@ -5743,14 +5581,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_011( +static KRML_MUSTINLINE void deserialize_secret_key_7c1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5758,9 +5596,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_011( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_5e(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5778,10 +5616,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_c21(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_451(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_011(secret_key, secret_as_ntt); + deserialize_secret_key_7c1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5793,7 +5631,7 @@ static void decrypt_c21(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e71(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_a71(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5819,13 +5657,12 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f1( +void libcrux_ml_kem_ind_cca_decapsulate_b01( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -5839,22 +5676,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c21(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_451(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b61( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -5863,36 +5697,32 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_751(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_043( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_0d1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_121(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_c2( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_ef(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_c2(shared_secret0, shared_secret); + kdf_af_ef(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_751(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5910,14 +5740,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f2( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5925,9 +5755,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_b8(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5953,22 +5783,19 @@ static KRML_MUSTINLINE void serialize_secret_key_f80( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_f6(&re, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } @@ -5989,17 +5816,15 @@ static KRML_MUSTINLINE void serialize_public_key_800( Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; serialize_secret_key_f80(t_as_ntt, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice_copy(Eurydice_array_to_subslice_from( - (size_t)800U, public_key_serialized, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - seed_for_a, uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -6011,18 +5836,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_3f0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_722( + deserialize_ring_elements_reduced_9f2( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; serialize_public_key_800( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -6087,11 +5912,11 @@ shake128_init_absorb_750(uint8_t input[2U][34U]) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); /* Passing arrays by value in Rust generates a copy in C */ libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[2U]; memcpy(copy_of_shake128_state, shake128_state, @@ -6133,8 +5958,7 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_100( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); } @@ -6212,12 +6036,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -6243,11 +6066,11 @@ generics static KRML_MUSTINLINE void shake128_squeeze_block_ed0(PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); } @@ -6325,12 +6148,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -6356,8 +6178,8 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -6440,9 +6262,8 @@ static KRML_MUSTINLINE void sample_matrix_A_230( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -6479,12 +6300,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } @@ -6544,11 +6364,11 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; PRFxN_f1_890(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_660( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_660( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -6583,10 +6403,8 @@ static KRML_MUSTINLINE void add_to_ring_element_89_930( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -6617,9 +6435,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; @@ -6627,9 +6444,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -6700,8 +6516,8 @@ static tuple_4c0 generate_keypair_unpacked_f40( uint8_t hashed[64U]; G_f1_b60(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; @@ -6732,8 +6548,7 @@ static tuple_4c0 generate_keypair_unpacked_f40( compute_As_plus_e_da0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; @@ -6783,7 +6598,7 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_570( +static void closure_840( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_89_39();); @@ -6816,27 +6631,26 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_370(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_4c0 uu____0 = generate_keypair_unpacked_f40(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_570(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_840(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_14(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6849,16 +6663,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { serialize_public_key_800( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = ind_cpa_private_key; @@ -6902,10 +6715,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_800(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_800( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ @@ -6944,40 +6756,35 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_41( size_t uu____2 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_f1_2e0(public_key, ret0); Eurydice_slice_copy( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy(Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } @@ -7003,15 +6810,14 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d70(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = generate_keypair_ec0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; @@ -7020,23 +6826,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; serialize_kem_secret_key_41( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1632U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_a7(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[800U]; - memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(copy_of_public_key)); + libcrux_ml_kem_types_from_22_a7(secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____1 = private_key; + return libcrux_ml_kem_types_from_17_d5( + uu____1, libcrux_ml_kem_types_from_c7_14(public_key)); } /** @@ -7048,12 +6845,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } @@ -7085,7 +6881,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_760(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_39();); @@ -7104,8 +6900,8 @@ sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[2U]; @@ -7141,17 +6937,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_860( +static KRML_MUSTINLINE void invert_ntt_montgomery_7b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_d1(&zeta_i, re); + invert_ntt_at_layer_2_ac(&zeta_i, re); + invert_ntt_at_layer_3_63(&zeta_i, re); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_2c(re); } @@ -7164,7 +6960,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_a10( +static KRML_MUSTINLINE void compute_vector_u_a70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -7176,9 +6972,8 @@ static KRML_MUSTINLINE void compute_vector_u_a10( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; @@ -7186,9 +6981,8 @@ static KRML_MUSTINLINE void compute_vector_u_a10( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -7196,8 +6990,8 @@ static KRML_MUSTINLINE void compute_vector_u_a10( ntt_multiply_89_d5(a_element, &r_as_ntt[j]); add_to_ring_element_89_930(&result[i1], &product); } - invert_ntt_montgomery_860(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_7b0(&result[i1]); + add_error_reduce_89_6b(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -7214,7 +7008,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f0( +compute_ring_element_v_9d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -7224,8 +7018,8 @@ compute_ring_element_v_1f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_930(&result, &product);); - invert_ntt_montgomery_860(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + invert_ntt_montgomery_7b0(&result); + result = add_message_error_reduce_89_4e(error_2, message, result); return result; } @@ -7235,7 +7029,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_3b( +static KRML_MUSTINLINE void compress_then_serialize_10_19( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -7246,12 +7040,9 @@ static KRML_MUSTINLINE void compress_then_serialize_10_3b( uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -7263,10 +7054,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_97( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_3b(re, uu____0); + compress_then_serialize_10_19(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -7282,29 +7073,25 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_240( +static void compress_then_serialize_u_3d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_2f(&re, ret); + compress_then_serialize_ring_element_u_97(&re, ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -7315,9 +7102,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_31( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_e5(re, out); + compress_then_serialize_4_07(re, out); } /** @@ -7379,7 +7166,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c0( +static void encrypt_unpacked_610( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -7397,7 +7184,7 @@ static void encrypt_unpacked_6c0( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_2c0(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_760(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7405,35 +7192,33 @@ static void encrypt_unpacked_6c0( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_042( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_042(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_a10(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a70(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(copy_of_message); + deserialize_then_decompress_message_a7(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_9d0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_240( + compress_then_serialize_u_3d0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_31( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_a0( + uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } @@ -7456,27 +7241,23 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_080( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b60( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; @@ -7487,17 +7268,17 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_6c0(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_610(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, - uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_f5(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -7518,12 +7299,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_5d(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_3b(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -7540,14 +7320,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7555,9 +7335,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_b8(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7583,22 +7363,21 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_120(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_721( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_9f1( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_230(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; @@ -7629,7 +7408,7 @@ static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_6c0(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_610(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -7644,12 +7423,11 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_e8(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_e0(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -7672,55 +7450,47 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_780( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_5d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_3b( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_f1_2e0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), - uint8_t, Eurydice_slice), + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b60( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, - Eurydice_slice); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_0d0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_120(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_f5(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_e8(shared_secret, shared_secret_array); + kdf_af_e0(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7739,8 +7509,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_89(Eurydice_slice serialized) { - return deserialize_then_decompress_10_e9(serialized); +deserialize_then_decompress_ring_element_u_82(Eurydice_slice serialized) { + return deserialize_then_decompress_10_23(serialized); } /** @@ -7749,7 +7519,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_ed( +static KRML_MUSTINLINE void ntt_vector_u_18( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); @@ -7774,16 +7544,16 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( +static KRML_MUSTINLINE void deserialize_then_decompress_u_700( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)768U, ciphertext, - uint8_t, Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -7796,9 +7566,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_89(u_bytes); - ntt_vector_u_ed(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_82(u_bytes); + ntt_vector_u_18(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7812,8 +7582,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_30(Eurydice_slice serialized) { - return deserialize_then_decompress_4_34(serialized); +deserialize_then_decompress_ring_element_v_52(Eurydice_slice serialized) { + return deserialize_then_decompress_4_91(serialized); } /** @@ -7829,7 +7599,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb0( +compute_message_7b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -7838,8 +7608,8 @@ compute_message_cb0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_930(&result, &product);); - invert_ntt_montgomery_860(&result); - result = subtract_reduce_89_7d(v, result); + invert_ntt_montgomery_7b0(&result); + result = subtract_reduce_89_7e(v, result); return result; } @@ -7877,20 +7647,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e70( +static void decrypt_unpacked_a70( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_b10(ciphertext, u_as_ntt); + deserialize_then_decompress_u_700(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_30( + deserialize_then_decompress_ring_element_v_52( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); + (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7b0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_00(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7930,67 +7699,61 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e70(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_a70(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); + uint8_t, size_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b60( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_75(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_041( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &key_pair->public_key.ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_6c0(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_610(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_75(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8004,14 +7767,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_010( +static KRML_MUSTINLINE void deserialize_secret_key_7c0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8019,9 +7782,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_010( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_5e(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8039,10 +7802,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_c20(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_450(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_010(secret_key, secret_as_ntt); + deserialize_secret_key_7c0(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -8054,7 +7817,7 @@ static void decrypt_c20(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e70(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_a70(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8080,12 +7843,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f0( +void libcrux_ml_kem_ind_cca_decapsulate_b00( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -8099,22 +7861,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c20(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_450(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b60( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -8123,36 +7882,32 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_75(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_041( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_0d0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_120(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e8( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_e0(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_e8(shared_secret0, shared_secret); + kdf_af_e0(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_75(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8170,14 +7925,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8185,9 +7940,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_b8(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8213,22 +7968,19 @@ static KRML_MUSTINLINE void serialize_secret_key_f8( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_f6(&re, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } @@ -8248,19 +8000,16 @@ static KRML_MUSTINLINE void serialize_public_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; serialize_secret_key_f8(t_as_ntt, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice_copy(Eurydice_array_to_subslice_from( - (size_t)1184U, public_key_serialized, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - seed_for_a, uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -8272,18 +8021,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_3f(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_720( + deserialize_ring_elements_reduced_9f0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; serialize_public_key_80( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -8348,11 +8097,11 @@ shake128_init_absorb_75(uint8_t input[3U][34U]) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); /* Passing arrays by value in Rust generates a copy in C */ libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; memcpy(copy_of_shake128_state, shake128_state, @@ -8394,8 +8143,7 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_10( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } @@ -8473,12 +8221,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -8504,11 +8251,11 @@ generics static KRML_MUSTINLINE void shake128_squeeze_block_ed(PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } @@ -8586,12 +8333,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -8617,8 +8363,8 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -8701,9 +8447,8 @@ static KRML_MUSTINLINE void sample_matrix_A_23( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -8740,12 +8485,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } @@ -8794,11 +8538,11 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; PRFxN_f1_89(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -8833,10 +8577,8 @@ static KRML_MUSTINLINE void add_to_ring_element_89_93( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -8867,9 +8609,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; @@ -8877,9 +8618,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -8950,8 +8690,8 @@ static tuple_9b generate_keypair_unpacked_f4( uint8_t hashed[64U]; G_f1_b6(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; @@ -8982,8 +8722,7 @@ static tuple_9b generate_keypair_unpacked_f4( compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; @@ -9033,7 +8772,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_57( +static void closure_84( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_89_39();); @@ -9066,27 +8805,26 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_37(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_9b uu____0 = generate_keypair_unpacked_f4(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_57(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_84(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_14(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -9099,16 +8837,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { serialize_public_key_80( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; @@ -9152,10 +8889,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_80(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_80( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1152U]; serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ @@ -9194,40 +8930,35 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_a8( size_t uu____2 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_f1_2e(public_key, ret0); Eurydice_slice_copy( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy(Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -9253,15 +8984,14 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d7(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = generate_keypair_ec(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; @@ -9270,23 +9000,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; serialize_kem_secret_key_a8( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[2400U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a70(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[1184U]; - memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c90( - uu____2, libcrux_ml_kem_types_from_b6_4c0(copy_of_public_key)); + libcrux_ml_kem_types_from_22_a70(secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____1 = private_key; + return libcrux_ml_kem_types_from_17_d50( + uu____1, libcrux_ml_kem_types_from_c7_140(public_key)); } /** @@ -9302,7 +9023,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_76(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_39();); @@ -9321,8 +9042,8 @@ sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; @@ -9358,17 +9079,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_86( +static KRML_MUSTINLINE void invert_ntt_montgomery_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_d1(&zeta_i, re); + invert_ntt_at_layer_2_ac(&zeta_i, re); + invert_ntt_at_layer_3_63(&zeta_i, re); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_2c(re); } @@ -9381,7 +9102,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_a1( +static KRML_MUSTINLINE void compute_vector_u_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -9393,9 +9114,8 @@ static KRML_MUSTINLINE void compute_vector_u_a1( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; @@ -9403,9 +9123,8 @@ static KRML_MUSTINLINE void compute_vector_u_a1( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -9413,8 +9132,8 @@ static KRML_MUSTINLINE void compute_vector_u_a1( ntt_multiply_89_d5(a_element, &r_as_ntt[j]); add_to_ring_element_89_93(&result[i1], &product); } - invert_ntt_montgomery_86(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_7b(&result[i1]); + add_error_reduce_89_6b(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -9431,7 +9150,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f( +compute_ring_element_v_9d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -9441,8 +9160,8 @@ compute_ring_element_v_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_93(&result, &product);); - invert_ntt_montgomery_86(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + invert_ntt_montgomery_7b(&result); + result = add_message_error_reduce_89_4e(error_2, message, result); return result; } @@ -9458,29 +9177,25 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_24( +static void compress_then_serialize_u_3d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_2f(&re, ret); + compress_then_serialize_ring_element_u_97(&re, ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -9543,7 +9258,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c( +static void encrypt_unpacked_61( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -9561,7 +9276,7 @@ static void encrypt_unpacked_6c( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_2c(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_76(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -9569,35 +9284,33 @@ static void encrypt_unpacked_6c( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_040( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_040(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a7(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(copy_of_message); + deserialize_then_decompress_message_a7(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_9d(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_24( + compress_then_serialize_u_3d( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_31( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_a0( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -9620,27 +9333,23 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_08( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; @@ -9651,17 +9360,17 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_6c(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_61(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, - uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f50(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c0(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -9682,12 +9391,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_6c(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_47(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -9704,14 +9412,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -9719,9 +9427,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_b8(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -9747,22 +9455,21 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_12(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_72( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_9f( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_23(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; @@ -9793,7 +9500,7 @@ static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_6c(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_61(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -9808,12 +9515,11 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_b6(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_ff(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -9836,55 +9542,47 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_78( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_6c( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_47( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_f1_2e(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), - uint8_t, Eurydice_slice), + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c20(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, - Eurydice_slice); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c20(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_0d(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_12(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f50(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_b6(shared_secret, shared_secret_array); + kdf_af_ff(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -9908,16 +9606,16 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_70( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1088U, ciphertext, - uint8_t, Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -9930,9 +9628,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_89(u_bytes); - ntt_vector_u_ed(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_82(u_bytes); + ntt_vector_u_18(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -9952,7 +9650,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb( +compute_message_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -9961,8 +9659,8 @@ compute_message_cb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_93(&result, &product);); - invert_ntt_montgomery_86(&result); - result = subtract_reduce_89_7d(v, result); + invert_ntt_montgomery_7b(&result); + result = subtract_reduce_89_7e(v, result); return result; } @@ -10000,20 +9698,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e7( +static void decrypt_unpacked_a7( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_b1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_70(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_30( + deserialize_then_decompress_ring_element_v_52( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7b(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_00(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -10053,67 +9750,61 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e7(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_a7(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); + uint8_t, size_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_2d3( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_750(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_6c(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_61(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_750(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -10127,14 +9818,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_01( +static KRML_MUSTINLINE void deserialize_secret_key_7c( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -10142,9 +9833,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_01( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_5e(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -10162,10 +9853,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_c2(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_45(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_01(secret_key, secret_as_ntt); + deserialize_secret_key_7c(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -10177,7 +9868,7 @@ static void decrypt_c2(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e7(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_a7(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -10203,12 +9894,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f( +void libcrux_ml_kem_ind_cca_decapsulate_b0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -10222,22 +9912,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c2(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_45(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -10246,35 +9933,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_750(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_0d(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_12(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_b6( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_ff(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_b6(shared_secret0, shared_secret); + kdf_af_ff(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_750(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 43b255e31..8aec8129c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 84ec271c7..9d21462e9 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_sha3_H @@ -89,8 +89,8 @@ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t), + data); memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } @@ -108,8 +108,8 @@ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + data); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -127,8 +127,8 @@ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t), + data); memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } @@ -146,8 +146,8 @@ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t), + data); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 2f9a9aad5..6fadfc9fd 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "internal/libcrux_sha3_avx2.h" @@ -99,14 +99,10 @@ static KRML_MUSTINLINE __m256i xor_ef(__m256i a, __m256i b) { static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, - Eurydice_slice); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t); } /** @@ -219,18 +215,18 @@ static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - __m256i v00 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - __m256i v10 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - __m256i v20 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - __m256i v30 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); + __m256i v00 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v10 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v20 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v30 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); __m256i v0l = mm256_unpacklo_epi64(v00, v10); __m256i v1h = mm256_unpackhi_epi64(v00, v10); __m256i v2l = mm256_unpacklo_epi64(v20, v30); @@ -261,34 +257,30 @@ static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], size_t rem = (size_t)136U % (size_t)32U; size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); __m256i u = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( (size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; @@ -296,34 +288,30 @@ static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], s[i0][j0] = mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); __m256i u0 = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( (size_t)32U, u8s0, uint8_t, Eurydice_slice)); size_t i = @@ -1373,14 +1361,11 @@ with const generics */ static KRML_MUSTINLINE void load_block_full_91(__m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; load_block_c7(s, buf); } @@ -1412,14 +1397,14 @@ with const generics */ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); @@ -1471,23 +1456,19 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], __m256i v3 = mm256_unpackhi_epi64(v2l, v3h); mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)136U % (size_t)32U; @@ -1495,74 +1476,64 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, - uint8_t, Eurydice_slice), - uint8_t, void *); + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), + s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), + s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } @@ -1578,10 +1549,10 @@ static KRML_MUSTINLINE void store_block_full_0b(__m256i (*s)[5U], uint8_t out2[200U] = {0U}; uint8_t out3[200U] = {0U}; Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out0, uint8_t), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; store_block_e9(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; @@ -1629,12 +1600,11 @@ static KRML_MUSTINLINE void squeeze_first_and_last_a4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); - Eurydice_slice_copy( + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); + core_ops_range_Range_b3), + uint8_t);); } /** @@ -1692,12 +1662,11 @@ static KRML_MUSTINLINE void squeeze_last_77( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); - Eurydice_slice_copy( + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); + core_ops_range_Range_b3), + uint8_t);); } /** @@ -1712,7 +1681,7 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -1722,16 +1691,16 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); absorb_block_37(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[4U]; memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, - rem, ret); + slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, + ret); libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -1800,18 +1769,18 @@ static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - __m256i v00 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - __m256i v10 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - __m256i v20 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - __m256i v30 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); + __m256i v00 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v10 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v20 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v30 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); __m256i v0l = mm256_unpacklo_epi64(v00, v10); __m256i v1h = mm256_unpackhi_epi64(v00, v10); __m256i v2l = mm256_unpacklo_epi64(v20, v30); @@ -1842,34 +1811,30 @@ static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], size_t rem = (size_t)168U % (size_t)32U; size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); __m256i u = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( (size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; @@ -1877,34 +1842,30 @@ static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], s[i0][j0] = mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); __m256i u0 = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( (size_t)32U, u8s0, uint8_t, Eurydice_slice)); size_t i = @@ -1922,14 +1883,11 @@ with const generics */ static KRML_MUSTINLINE void load_block_full_910(__m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; load_block_c70(s, buf); } @@ -1961,14 +1919,14 @@ with const generics */ static KRML_MUSTINLINE void absorb_final_5e0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); @@ -2030,23 +1988,19 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], __m256i v3 = mm256_unpackhi_epi64(v2l, v3h); mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)168U % (size_t)32U; @@ -2054,74 +2008,64 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, - uint8_t, Eurydice_slice), - uint8_t, void *); + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), + s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), + s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 9d01f7976..2e6ab41ab 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 4540827a1..b5e10fd6f 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_sha3_internal_H @@ -137,8 +137,7 @@ libcrux_sha3_portable_keccak_xor_5a(uint64_t a, uint64_t b) { static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_1( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); } /** @@ -246,9 +245,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -264,8 +262,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b3(s, buf); } @@ -1373,14 +1371,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1404,14 +1402,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1468,9 +1463,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1486,8 +1480,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b30(s, buf); } @@ -1519,14 +1513,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1550,14 +1544,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1643,7 +1634,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_58(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -1684,12 +1675,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1711,12 +1702,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1733,7 +1724,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -1744,17 +1735,16 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( (size_t)168U, ret); libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)168U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { @@ -1822,9 +1812,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1874,8 +1863,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b33(s, buf); } @@ -1907,14 +1896,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -1938,14 +1927,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1958,7 +1944,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_583(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -1999,12 +1985,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2065,12 +2051,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2087,7 +2073,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2098,17 +2084,16 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( (size_t)104U, ret); libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)104U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { @@ -2176,9 +2161,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2228,8 +2212,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b32(s, buf); } @@ -2261,14 +2245,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2292,14 +2276,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2312,7 +2293,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_582(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -2353,12 +2334,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2419,12 +2400,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2441,7 +2422,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2452,17 +2433,16 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( (size_t)144U, ret); libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)144U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { @@ -2559,7 +2539,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_580(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -2600,12 +2580,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2627,12 +2607,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2649,7 +2629,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2660,17 +2640,16 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2734,14 +2713,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2768,7 +2747,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2779,17 +2758,16 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2857,9 +2835,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2909,8 +2886,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b31(s, buf); } @@ -2942,14 +2919,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2973,14 +2950,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2993,7 +2967,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_581(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -3033,12 +3007,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3099,12 +3073,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3121,7 +3095,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -3132,17 +3106,16 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( (size_t)72U, ret); libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)72U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 5c3fac29b..3bda4744f 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index cafe0e86c..8098e4972 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_sha3_neon_H From 63adbfbbd05fa6af8ba19b1a07ea45dd84037503 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 18 Aug 2024 18:34:12 +0000 Subject: [PATCH 061/172] fixes for ml-kem C --- libcrux-ml-kem/c.yaml | 11 +- libcrux-ml-kem/c/benches/sha3.cc | 8 +- libcrux-ml-kem/c/code_gen.txt | 8 +- libcrux-ml-kem/c/eurydice_glue.h | 51 +- libcrux-ml-kem/c/internal/libcrux_core.h | 150 +- .../c/internal/libcrux_mlkem_avx2.h | 74 +- .../c/internal/libcrux_mlkem_neon.h | 32 +- .../c/internal/libcrux_mlkem_portable.h | 74 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 12 +- .../c/internal/libcrux_sha3_internal.h | 1166 ++- .../c/intrinsics/libcrux_intrinsics_avx2.h | 245 +- libcrux-ml-kem/c/libcrux_core.c | 299 +- libcrux-ml-kem/c/libcrux_core.h | 20 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 152 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 126 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 152 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 150 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 124 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 150 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 150 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 124 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 150 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 6636 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 261 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 14 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 5157 ++++++------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 90 +- libcrux-ml-kem/c/libcrux_sha3.h | 91 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 1770 +++-- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 37 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 1343 ++-- libcrux-ml-kem/c/libcrux_sha3_neon.c | 39 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 39 +- libcrux-ml-kem/cg/code_gen.txt | 8 +- libcrux-ml-kem/cg/eurydice_glue.h | 30 +- libcrux-ml-kem/cg/karamel/target.h | 17 +- libcrux-ml-kem/cg/libcrux_core.h | 103 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 24 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 1878 +++-- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 2270 +++--- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 677 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2232 ++++-- libcrux-ml-kem/src/ind_cca.rs | 7 +- libcrux-ml-kem/src/ind_cpa.rs | 30 +- libcrux-ml-kem/src/mlkem1024.rs | 1 + libcrux-ml-kem/src/mlkem512.rs | 1 + libcrux-ml-kem/src/mlkem768.rs | 1 + 60 files changed, 13274 insertions(+), 13380 deletions(-) diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index db12e833c..4dab8e235 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -43,8 +43,8 @@ files: # the behavior applies. internal: monomorphizations_exact: - - [libcrux_sha3, generic_keccak, absorb_final_5e ] - - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_27 ] + - [libcrux_sha3, generic_keccak, absorb_final_d9 ] + - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_2a ] api: - [libcrux_sha3, avx2, "*"] private: @@ -230,10 +230,3 @@ files: private: - [libcrux_ml_kem, "*"] inline_static: true - -naming: - skip_prefix: - - [ core, core_arch, arm_shared, neon ] - - [ core, core_arch, x86 ] - - [libcrux_intrinsics, arm64] - - [libcrux_intrinsics, avx2] diff --git a/libcrux-ml-kem/c/benches/sha3.cc b/libcrux-ml-kem/c/benches/sha3.cc index d5b35e949..97cc7a57b 100644 --- a/libcrux-ml-kem/c/benches/sha3.cc +++ b/libcrux-ml-kem/c/benches/sha3.cc @@ -71,14 +71,14 @@ shake128_34_504(benchmark::State &state) Eurydice_slice last[4] = {EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34)}; Eurydice_slice out[4] = {EURYDICE_SLICE(digest0, 0, 504), EURYDICE_SLICE(digest1, 0, 504), EURYDICE_SLICE(digest2, 0, 504), EURYDICE_SLICE(digest3, 0, 504)}; libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_5e(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(&st, out); + libcrux_sha3_generic_keccak_absorb_final_d9(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(&st, out); for (auto _ : state) { libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_5e(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(&st, out); + libcrux_sha3_generic_keccak_absorb_final_d9(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(&st, out); } } diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 2546e250a..5c241aed0 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 8de6020c10a3520a56fbf849176f8218e62435cf -Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 -Karamel: 98e5d604741a886e20a526f6673077a15e23cead +Charon: 53530427db2941ce784201e64086766504bc5642 +Eurydice: 67f4341506300372fba9cb8de070234935839cb7 +Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 +Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index a97683fa6..7fee796ff 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -54,33 +54,33 @@ typedef struct { // which is NOT correct C syntax, so we add a dedicated phase in Eurydice that // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. -#define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _) \ +#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t)s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _, _ret_t) \ EURYDICE_SLICE((t *)s.ptr, r.start, r.end) // Variant for when the start and end indices are statically known (i.e., the // range argument `r` is a literal). -#define Eurydice_slice_subslice2(s, start, end, t) \ +#define Eurydice_slice_subslice2(s, start, end, t, _) \ EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) \ EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) \ EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t) \ - EURYDICE_SLICE(x, 0, \ +#define Eurydice_array_to_slice(end, x, t, _ret_t) \ + EURYDICE_SLICE(x, 0, \ end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) \ EURYDICE_SLICE((t *)x, r.start, r.end) // Same as above, variant for when start and end are statically known -#define Eurydice_array_to_subslice2(x, start, end, t) \ +#define Eurydice_array_to_subslice2(x, start, end, t, _ret_t) \ EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) \ EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) \ EURYDICE_SLICE((t *)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t) \ +#define Eurydice_array_repeat(dst, len, init, t, _ret_t) \ ERROR "should've been desugared" -#define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) -#define Eurydice_slice_copy(dst, src, t) \ +#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) +#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) @@ -90,26 +90,25 @@ typedef struct { (memcpy(dst, src, len * sizeof(elem_type))) #define core_array_TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _) \ +#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ - sz, a1, a2, t, _, _ret_t) \ - Eurydice_array_eq(sz, a1, a2, t, _) +#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ + Eurydice_array_eq -#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ +#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ +#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ .len = slice.len - mid}}) // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. // N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ +#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) \ Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 6c5e73354..c267a11d4 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __internal_libcrux_core_H @@ -67,20 +67,17 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { } libcrux_ml_kem_utils_extraction_helper_Keypair768; /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPublicKey)#15} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#14} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_c7 +A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_c7_141( - uint8_t *value); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_a31( + uint8_t value[1568U]); -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -91,21 +88,21 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_d51( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_eb1( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPrivateKey)#9} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPrivateKey)#8} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_22 +A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_22_a71( - uint8_t *value); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_701( + uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for @@ -116,12 +113,9 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_9c1( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_101( uint8_t value[1568U]); -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -130,7 +124,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_c21( +uint8_t *libcrux_ml_kem_types_as_slice_cb_3b1( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -142,35 +136,29 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_751( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_791( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea4(Eurydice_slice slice, uint8_t ret[1600U]); /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPublicKey)#15} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#14} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_c7 +A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_c7_140( - uint8_t *value); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_a30( + uint8_t value[1184U]); -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -181,21 +169,21 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_d50( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_eb0( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPrivateKey)#9} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPrivateKey)#8} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_22 +A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_22_a70( - uint8_t *value); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_700( + uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for @@ -206,12 +194,9 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_9c0( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_100( uint8_t value[1088U]); -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -220,7 +205,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_c20( +uint8_t *libcrux_ml_kem_types_as_slice_cb_3b0( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -232,35 +217,29 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_750( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_790( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea3(Eurydice_slice slice, uint8_t ret[1120U]); /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPublicKey)#15} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#14} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_c7 +A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_c7_14( - uint8_t *value); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_a3( + uint8_t value[800U]); -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -271,21 +250,21 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_d5( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_eb( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPrivateKey)#9} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPrivateKey)#8} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_22 +A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_22_a7( - uint8_t *value); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_70( + uint8_t value[1632U]); /** This function found in impl {(core::convert::From<@Array> for @@ -296,12 +275,9 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_9c( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_10( uint8_t value[768U]); -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -310,18 +286,15 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_c2( +uint8_t *libcrux_ml_kem_types_as_slice_cb_3b( libcrux_ml_kem_types_MlKemPublicKey_be *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea2(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -330,7 +303,7 @@ with types uint8_t[32size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_00_s { - core_result_Result_00_tags tag; + core_result_Result_86_tags tag; union { uint8_t case_Ok[32U]; core_array_TryFromSliceError case_Err; @@ -347,15 +320,12 @@ with types uint8_t[32size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea1(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -367,29 +337,23 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_75( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_79( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea0(Eurydice_slice slice, uint8_t ret[800U]); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea(Eurydice_slice slice, uint8_t ret[64U]); /** @@ -398,7 +362,7 @@ with types uint8_t[24size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_6f_s { - core_result_Result_00_tags tag; + core_result_Result_86_tags tag; union { uint8_t case_Ok[24U]; core_array_TryFromSliceError case_Err; @@ -421,7 +385,7 @@ with types uint8_t[20size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_7a_s { - core_result_Result_00_tags tag; + core_result_Result_86_tags tag; union { uint8_t case_Ok[20U]; core_array_TryFromSliceError case_Err; @@ -444,7 +408,7 @@ with types uint8_t[10size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_cd_s { - core_result_Result_00_tags tag; + core_result_Result_86_tags tag; union { uint8_t case_Ok[10U]; core_array_TryFromSliceError case_Err; @@ -467,7 +431,7 @@ with types int16_t[16size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_c0_s { - core_result_Result_00_tags tag; + core_result_Result_86_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index ff66f1ce5..400fe304e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -32,7 +32,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_771(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_6c1(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -47,16 +47,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c01(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d1(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -70,7 +62,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_361(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_991(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -90,7 +82,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_361( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -113,7 +105,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_931( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_011( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -138,7 +130,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -164,7 +156,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_ff1( +void libcrux_ml_kem_ind_cca_decapsulate_261( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -176,7 +168,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_770(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_6c0(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -191,16 +183,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c00(uint8_t randomness[64U]); - -/** - Packed API +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d0(uint8_t randomness[64U]); - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -214,7 +198,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_360(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_990(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -234,7 +218,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_360( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -257,7 +241,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_930( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_010( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -282,7 +266,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -308,7 +292,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_ff0( +void libcrux_ml_kem_ind_cca_decapsulate_260( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -320,7 +304,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_77(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_6c(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -335,16 +319,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c0(uint8_t randomness[64U]); - -/** - Packed API - - Generate a key pair. +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d(uint8_t randomness[64U]); - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -357,7 +333,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_36( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_99( uint8_t randomness[64U]); /** @@ -378,7 +354,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_36( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -401,7 +377,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_93( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_01( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -426,7 +402,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -452,7 +428,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_ff( +void libcrux_ml_kem_ind_cca_decapsulate_26( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index 03c96041e..57231a2ff 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 + * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba + * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 */ #ifndef __internal_libcrux_mlkem_neon_H @@ -48,14 +48,6 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -192,14 +184,6 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -336,14 +320,6 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 261c9cea8..02b20eae1 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3f1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_601(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -53,16 +53,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_371(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a1(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -77,7 +69,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d71(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_ef1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -98,7 +90,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_081( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -121,7 +113,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_781( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_fa1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -147,7 +139,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_751( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -173,7 +165,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_b01( +void libcrux_ml_kem_ind_cca_decapsulate_241( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -185,7 +177,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3f0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_600(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -201,16 +193,8 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_370(uint8_t randomness[64U]); - -/** - Packed API +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a0(uint8_t randomness[64U]); - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -225,7 +209,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_d70(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_ef0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -246,7 +230,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_080( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -269,7 +253,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_780( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_fa0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -295,7 +279,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_750( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +305,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_b00( +void libcrux_ml_kem_ind_cca_decapsulate_240( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -333,7 +317,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3f(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_60(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -349,16 +333,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_37(uint8_t randomness[64U]); - -/** - Packed API - - Generate a key pair. +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a(uint8_t randomness[64U]); - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -373,7 +349,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d7(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_ef(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -394,7 +370,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_08( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -417,7 +393,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_78( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_fa( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -443,7 +419,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_75( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -469,7 +445,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_b0( +void libcrux_ml_kem_ind_cca_decapsulate_24( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 16e9fbe30..6b1490d57 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __internal_libcrux_sha3_avx2_H @@ -31,7 +31,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -void libcrux_sha3_generic_keccak_absorb_final_5e( +void libcrux_sha3_generic_keccak_absorb_final_d9( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]); typedef libcrux_sha3_generic_keccak_KeccakState_29 @@ -44,7 +44,7 @@ with const generics - N= 4 - RATE= 168 */ -void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( +void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index c4b5afc89..80cd5b7ab 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __internal_libcrux_sha3_internal_H @@ -24,32 +24,23 @@ extern "C" { typedef libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_KeccakState; -/** - Create a new SHAKE-128 state object. -*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_f4(); } -/** - Absorb -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_72(s, buf); + libcrux_sha3_generic_keccak_absorb_final_c7(s, buf); } -/** - Squeeze another block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, buf); } /** @@ -60,7 +51,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -68,25 +59,22 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_84(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o2); } -/** - Squeeze three blocks -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc(s, buf); } #define libcrux_sha3_Sha224 0 @@ -96,9 +84,6 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( typedef uint8_t libcrux_sha3_Algorithm; -/** - Returns the output size of a digest. -*/ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; switch (mode) { @@ -149,7 +134,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -157,77 +142,1152 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_84(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o4); } -/** - Squeeze five blocks -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f(s, buf); } -/** - Absorb some data for SHAKE-256 for the last time -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_720(s, buf); + libcrux_sha3_generic_keccak_absorb_final_c70(s, buf); } -/** - Create a new SHAKE-256 state object. -*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_f4(); } -/** - Squeeze the first SHAKE-256 block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_840(s, buf); } -/** - Squeeze the next SHAKE-256 block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_fc0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState +with types uint64_t +with const generics +- $1size_t +- $136size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakXofState_4f_s { + libcrux_sha3_generic_keccak_KeccakState_48 inner; + uint8_t buf[1U][136U]; + size_t buf_len; + bool sponge; +} libcrux_sha3_generic_keccak_KeccakXofState_4f; + +typedef libcrux_sha3_generic_keccak_KeccakXofState_4f + libcrux_sha3_portable_incremental_Shake256Absorb; + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b0( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice inputs[1U]) { + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + size_t consumed = (size_t)0U; + if (self->buf_len > (size_t)0U) { + if (self->buf_len + input_len >= (size_t)136U) { + consumed = (size_t)136U - self->buf_len; + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)136U, self->buf[i], self->buf_len, uint8_t, size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice_to(inputs[i], consumed, uint8_t, size_t, + Eurydice_slice), + uint8_t, void *); + } + self->buf_len = self->buf_len + consumed; + } + } + return consumed; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_consumed = + libcrux_sha3_generic_keccak_fill_buffer_9d_b0(uu____0, uu____1); + if (input_consumed > (size_t)0U) { + Eurydice_slice borrowed[1U]; + { + uint8_t buf[136U] = {0U}; + borrowed[0U] = core_array___Array_T__N__23__as_slice( + (size_t)136U, buf, uint8_t, Eurydice_slice); + } + { + size_t i = (size_t)0U; + borrowed[i] = Eurydice_array_to_slice((size_t)136U, self->buf[i], uint8_t, + Eurydice_slice); + } + uint64_t(*uu____2)[5U] = self->inner.st; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_b8(uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + self->buf_len = (size_t)0U; + } + size_t input_to_consume = + core_slice___Slice_T___len(inputs[0U], uint8_t, size_t) - input_consumed; + size_t num_blocks = input_to_consume / (size_t)136U; + size_t remainder = input_to_consume % (size_t)136U; + for (size_t i = (size_t)0U; i < num_blocks; i++) { + size_t i0 = i; + uint64_t(*uu____4)[5U] = self->inner.st; + Eurydice_slice uu____5[1U]; + memcpy(uu____5, inputs, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( + uu____5, input_consumed + i0 * (size_t)136U, (size_t)136U, ret); + libcrux_sha3_portable_keccak_load_block_5a_b8(uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + } + return remainder; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, uu____1); + if (input_remainder_len > (size_t)0U) { + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + { + size_t i = (size_t)0U; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + self->buf[i], self->buf_len, self->buf_len + input_remainder_len, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice_from(inputs[i], + input_len - input_remainder_len, uint8_t, + size_t, Eurydice_slice), + uint8_t, void *); + } + self->buf_len = self->buf_len + input_remainder_len; + } +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for +libcrux_sha3::portable::incremental::Shake256Absorb)#2} +*/ +static inline void libcrux_sha3_portable_incremental_absorb_7d( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak_absorb_9d_7b(self, buf); +} + +typedef libcrux_sha3_generic_keccak_KeccakXofState_4f + libcrux_sha3_portable_incremental_Shake256Squeeze; + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +- DELIMITER= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_25( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, uu____1); + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + { + size_t i = (size_t)0U; + if (self->buf_len > (size_t)0U) { + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, self->buf_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(self->buf[i], (size_t)0U, self->buf_len, + uint8_t, Eurydice_slice), + uint8_t, void *); + } + if (input_remainder_len > (size_t)0U) { + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + blocks[i], self->buf_len, self->buf_len + input_remainder_len, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice_from(inputs[i], + input_len - input_remainder_len, uint8_t, + size_t, Eurydice_slice), + uint8_t, void *); + } + blocks[i][self->buf_len + input_remainder_len] = 31U; + size_t uu____4 = i; + size_t uu____5 = (size_t)136U - (size_t)1U; + blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U; + } + uint64_t(*uu____6)[5U] = self->inner.st; + uint8_t uu____7[1U][200U]; + memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for +libcrux_sha3::portable::incremental::Shake256Absorb)#2} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_4f +libcrux_sha3_portable_incremental_absorb_final_7d( + libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak_absorb_final_9d_25(&self, buf); + return self; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline void libcrux_sha3_generic_keccak_zero_block_9d_e6( + uint8_t ret[136U]) { + ret[0U] = 0U; + ret[1U] = 0U; + ret[2U] = 0U; + ret[3U] = 0U; + ret[4U] = 0U; + ret[5U] = 0U; + ret[6U] = 0U; + ret[7U] = 0U; + ret[8U] = 0U; + ret[9U] = 0U; + ret[10U] = 0U; + ret[11U] = 0U; + ret[12U] = 0U; + ret[13U] = 0U; + ret[14U] = 0U; + ret[15U] = 0U; + ret[16U] = 0U; + ret[17U] = 0U; + ret[18U] = 0U; + ret[19U] = 0U; + ret[20U] = 0U; + ret[21U] = 0U; + ret[22U] = 0U; + ret[23U] = 0U; + ret[24U] = 0U; + ret[25U] = 0U; + ret[26U] = 0U; + ret[27U] = 0U; + ret[28U] = 0U; + ret[29U] = 0U; + ret[30U] = 0U; + ret[31U] = 0U; + ret[32U] = 0U; + ret[33U] = 0U; + ret[34U] = 0U; + ret[35U] = 0U; + ret[36U] = 0U; + ret[37U] = 0U; + ret[38U] = 0U; + ret[39U] = 0U; + ret[40U] = 0U; + ret[41U] = 0U; + ret[42U] = 0U; + ret[43U] = 0U; + ret[44U] = 0U; + ret[45U] = 0U; + ret[46U] = 0U; + ret[47U] = 0U; + ret[48U] = 0U; + ret[49U] = 0U; + ret[50U] = 0U; + ret[51U] = 0U; + ret[52U] = 0U; + ret[53U] = 0U; + ret[54U] = 0U; + ret[55U] = 0U; + ret[56U] = 0U; + ret[57U] = 0U; + ret[58U] = 0U; + ret[59U] = 0U; + ret[60U] = 0U; + ret[61U] = 0U; + ret[62U] = 0U; + ret[63U] = 0U; + ret[64U] = 0U; + ret[65U] = 0U; + ret[66U] = 0U; + ret[67U] = 0U; + ret[68U] = 0U; + ret[69U] = 0U; + ret[70U] = 0U; + ret[71U] = 0U; + ret[72U] = 0U; + ret[73U] = 0U; + ret[74U] = 0U; + ret[75U] = 0U; + ret[76U] = 0U; + ret[77U] = 0U; + ret[78U] = 0U; + ret[79U] = 0U; + ret[80U] = 0U; + ret[81U] = 0U; + ret[82U] = 0U; + ret[83U] = 0U; + ret[84U] = 0U; + ret[85U] = 0U; + ret[86U] = 0U; + ret[87U] = 0U; + ret[88U] = 0U; + ret[89U] = 0U; + ret[90U] = 0U; + ret[91U] = 0U; + ret[92U] = 0U; + ret[93U] = 0U; + ret[94U] = 0U; + ret[95U] = 0U; + ret[96U] = 0U; + ret[97U] = 0U; + ret[98U] = 0U; + ret[99U] = 0U; + ret[100U] = 0U; + ret[101U] = 0U; + ret[102U] = 0U; + ret[103U] = 0U; + ret[104U] = 0U; + ret[105U] = 0U; + ret[106U] = 0U; + ret[107U] = 0U; + ret[108U] = 0U; + ret[109U] = 0U; + ret[110U] = 0U; + ret[111U] = 0U; + ret[112U] = 0U; + ret[113U] = 0U; + ret[114U] = 0U; + ret[115U] = 0U; + ret[116U] = 0U; + ret[117U] = 0U; + ret[118U] = 0U; + ret[119U] = 0U; + ret[120U] = 0U; + ret[121U] = 0U; + ret[122U] = 0U; + ret[123U] = 0U; + ret[124U] = 0U; + ret[125U] = 0U; + ret[126U] = 0U; + ret[127U] = 0U; + ret[128U] = 0U; + ret[129U] = 0U; + ret[130U] = 0U; + ret[131U] = 0U; + ret[132U] = 0U; + ret[133U] = 0U; + ret[134U] = 0U; + ret[135U] = 0U; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_4f +libcrux_sha3_generic_keccak_new_9d_7e(void) { + libcrux_sha3_generic_keccak_KeccakXofState_4f lit; + lit.inner = libcrux_sha3_generic_keccak_new_1e_f4(); + uint8_t ret[136U]; + libcrux_sha3_generic_keccak_zero_block_9d_e6(ret); + memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); + lit.buf_len = (size_t)0U; + lit.sponge = false; + return lit; +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for +libcrux_sha3::portable::incremental::Shake256Absorb)#2} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_4f +libcrux_sha3_portable_incremental_new_7d(void) { + return libcrux_sha3_generic_keccak_new_9d_7e(); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState +with types uint64_t +with const generics +- $1size_t +- $168size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakXofState_78_s { + libcrux_sha3_generic_keccak_KeccakState_48 inner; + uint8_t buf[1U][168U]; + size_t buf_len; + bool sponge; +} libcrux_sha3_generic_keccak_KeccakXofState_78; + +typedef libcrux_sha3_generic_keccak_KeccakXofState_78 + libcrux_sha3_portable_incremental_Shake128Absorb; + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b00( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice inputs[1U]) { + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + size_t consumed = (size_t)0U; + if (self->buf_len > (size_t)0U) { + if (self->buf_len + input_len >= (size_t)168U) { + consumed = (size_t)168U - self->buf_len; + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)168U, self->buf[i], self->buf_len, uint8_t, size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice_to(inputs[i], consumed, uint8_t, size_t, + Eurydice_slice), + uint8_t, void *); + } + self->buf_len = self->buf_len + consumed; + } + } + return consumed; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_consumed = + libcrux_sha3_generic_keccak_fill_buffer_9d_b00(uu____0, uu____1); + if (input_consumed > (size_t)0U) { + Eurydice_slice borrowed[1U]; + { + uint8_t buf[168U] = {0U}; + borrowed[0U] = core_array___Array_T__N__23__as_slice( + (size_t)168U, buf, uint8_t, Eurydice_slice); + } + { + size_t i = (size_t)0U; + borrowed[i] = Eurydice_array_to_slice((size_t)168U, self->buf[i], uint8_t, + Eurydice_slice); + } + uint64_t(*uu____2)[5U] = self->inner.st; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_b80(uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + self->buf_len = (size_t)0U; + } + size_t input_to_consume = + core_slice___Slice_T___len(inputs[0U], uint8_t, size_t) - input_consumed; + size_t num_blocks = input_to_consume / (size_t)168U; + size_t remainder = input_to_consume % (size_t)168U; + for (size_t i = (size_t)0U; i < num_blocks; i++) { + size_t i0 = i; + uint64_t(*uu____4)[5U] = self->inner.st; + Eurydice_slice uu____5[1U]; + memcpy(uu____5, inputs, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( + uu____5, input_consumed + i0 * (size_t)168U, (size_t)168U, ret); + libcrux_sha3_portable_keccak_load_block_5a_b80(uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + } + return remainder; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b0( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, uu____1); + if (input_remainder_len > (size_t)0U) { + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + { + size_t i = (size_t)0U; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + self->buf[i], self->buf_len, self->buf_len + input_remainder_len, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice_from(inputs[i], + input_len - input_remainder_len, uint8_t, + size_t, Eurydice_slice), + uint8_t, void *); + } + self->buf_len = self->buf_len + input_remainder_len; + } +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for +libcrux_sha3::portable::incremental::Shake128Absorb)} +*/ +static inline void libcrux_sha3_portable_incremental_absorb_1c( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak_absorb_9d_7b0(self, buf); +} + +typedef libcrux_sha3_generic_keccak_KeccakXofState_78 + libcrux_sha3_portable_incremental_Shake128Squeeze; + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +- DELIMITER= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_250( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, uu____1); + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + { + size_t i = (size_t)0U; + if (self->buf_len > (size_t)0U) { + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, self->buf_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(self->buf[i], (size_t)0U, self->buf_len, + uint8_t, Eurydice_slice), + uint8_t, void *); + } + if (input_remainder_len > (size_t)0U) { + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + blocks[i], self->buf_len, self->buf_len + input_remainder_len, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice_from(inputs[i], + input_len - input_remainder_len, uint8_t, + size_t, Eurydice_slice), + uint8_t, void *); + } + blocks[i][self->buf_len + input_remainder_len] = 31U; + size_t uu____4 = i; + size_t uu____5 = (size_t)168U - (size_t)1U; + blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U; + } + uint64_t(*uu____6)[5U] = self->inner.st; + uint8_t uu____7[1U][200U]; + memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_d2(uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for +libcrux_sha3::portable::incremental::Shake128Absorb)} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_78 +libcrux_sha3_portable_incremental_absorb_final_1c( + libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak_absorb_final_9d_250(&self, buf); + return self; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline void libcrux_sha3_generic_keccak_zero_block_9d_e60( + uint8_t ret[168U]) { + ret[0U] = 0U; + ret[1U] = 0U; + ret[2U] = 0U; + ret[3U] = 0U; + ret[4U] = 0U; + ret[5U] = 0U; + ret[6U] = 0U; + ret[7U] = 0U; + ret[8U] = 0U; + ret[9U] = 0U; + ret[10U] = 0U; + ret[11U] = 0U; + ret[12U] = 0U; + ret[13U] = 0U; + ret[14U] = 0U; + ret[15U] = 0U; + ret[16U] = 0U; + ret[17U] = 0U; + ret[18U] = 0U; + ret[19U] = 0U; + ret[20U] = 0U; + ret[21U] = 0U; + ret[22U] = 0U; + ret[23U] = 0U; + ret[24U] = 0U; + ret[25U] = 0U; + ret[26U] = 0U; + ret[27U] = 0U; + ret[28U] = 0U; + ret[29U] = 0U; + ret[30U] = 0U; + ret[31U] = 0U; + ret[32U] = 0U; + ret[33U] = 0U; + ret[34U] = 0U; + ret[35U] = 0U; + ret[36U] = 0U; + ret[37U] = 0U; + ret[38U] = 0U; + ret[39U] = 0U; + ret[40U] = 0U; + ret[41U] = 0U; + ret[42U] = 0U; + ret[43U] = 0U; + ret[44U] = 0U; + ret[45U] = 0U; + ret[46U] = 0U; + ret[47U] = 0U; + ret[48U] = 0U; + ret[49U] = 0U; + ret[50U] = 0U; + ret[51U] = 0U; + ret[52U] = 0U; + ret[53U] = 0U; + ret[54U] = 0U; + ret[55U] = 0U; + ret[56U] = 0U; + ret[57U] = 0U; + ret[58U] = 0U; + ret[59U] = 0U; + ret[60U] = 0U; + ret[61U] = 0U; + ret[62U] = 0U; + ret[63U] = 0U; + ret[64U] = 0U; + ret[65U] = 0U; + ret[66U] = 0U; + ret[67U] = 0U; + ret[68U] = 0U; + ret[69U] = 0U; + ret[70U] = 0U; + ret[71U] = 0U; + ret[72U] = 0U; + ret[73U] = 0U; + ret[74U] = 0U; + ret[75U] = 0U; + ret[76U] = 0U; + ret[77U] = 0U; + ret[78U] = 0U; + ret[79U] = 0U; + ret[80U] = 0U; + ret[81U] = 0U; + ret[82U] = 0U; + ret[83U] = 0U; + ret[84U] = 0U; + ret[85U] = 0U; + ret[86U] = 0U; + ret[87U] = 0U; + ret[88U] = 0U; + ret[89U] = 0U; + ret[90U] = 0U; + ret[91U] = 0U; + ret[92U] = 0U; + ret[93U] = 0U; + ret[94U] = 0U; + ret[95U] = 0U; + ret[96U] = 0U; + ret[97U] = 0U; + ret[98U] = 0U; + ret[99U] = 0U; + ret[100U] = 0U; + ret[101U] = 0U; + ret[102U] = 0U; + ret[103U] = 0U; + ret[104U] = 0U; + ret[105U] = 0U; + ret[106U] = 0U; + ret[107U] = 0U; + ret[108U] = 0U; + ret[109U] = 0U; + ret[110U] = 0U; + ret[111U] = 0U; + ret[112U] = 0U; + ret[113U] = 0U; + ret[114U] = 0U; + ret[115U] = 0U; + ret[116U] = 0U; + ret[117U] = 0U; + ret[118U] = 0U; + ret[119U] = 0U; + ret[120U] = 0U; + ret[121U] = 0U; + ret[122U] = 0U; + ret[123U] = 0U; + ret[124U] = 0U; + ret[125U] = 0U; + ret[126U] = 0U; + ret[127U] = 0U; + ret[128U] = 0U; + ret[129U] = 0U; + ret[130U] = 0U; + ret[131U] = 0U; + ret[132U] = 0U; + ret[133U] = 0U; + ret[134U] = 0U; + ret[135U] = 0U; + ret[136U] = 0U; + ret[137U] = 0U; + ret[138U] = 0U; + ret[139U] = 0U; + ret[140U] = 0U; + ret[141U] = 0U; + ret[142U] = 0U; + ret[143U] = 0U; + ret[144U] = 0U; + ret[145U] = 0U; + ret[146U] = 0U; + ret[147U] = 0U; + ret[148U] = 0U; + ret[149U] = 0U; + ret[150U] = 0U; + ret[151U] = 0U; + ret[152U] = 0U; + ret[153U] = 0U; + ret[154U] = 0U; + ret[155U] = 0U; + ret[156U] = 0U; + ret[157U] = 0U; + ret[158U] = 0U; + ret[159U] = 0U; + ret[160U] = 0U; + ret[161U] = 0U; + ret[162U] = 0U; + ret[163U] = 0U; + ret[164U] = 0U; + ret[165U] = 0U; + ret[166U] = 0U; + ret[167U] = 0U; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_78 +libcrux_sha3_generic_keccak_new_9d_7e0(void) { + libcrux_sha3_generic_keccak_KeccakXofState_78 lit; + lit.inner = libcrux_sha3_generic_keccak_new_1e_f4(); + uint8_t ret[168U]; + libcrux_sha3_generic_keccak_zero_block_9d_e60(ret); + memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); + lit.buf_len = (size_t)0U; + lit.sponge = false; + return lit; +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for +libcrux_sha3::portable::incremental::Shake128Absorb)} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_78 +libcrux_sha3_portable_incremental_new_1c(void) { + return libcrux_sha3_generic_keccak_new_9d_7e0(); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_5a +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c( + uint64_t (*state)[5U], Eurydice_slice out[1U]) { + size_t num_full_blocks = + core_slice___Slice_T___len(out[0U], uint8_t, size_t) / (size_t)8U; + size_t last_block_len = + core_slice___Slice_T___len(out[0U], uint8_t, size_t) % (size_t)8U; + for (size_t i = (size_t)0U; i < num_full_blocks; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } + if (last_block_len != (size_t)0U) { + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[0U], num_full_blocks * (size_t)8U, + num_full_blocks * (size_t)8U + last_block_len, uint8_t, Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes( + state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_96( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice out[1U]) { + if (self->sponge) { + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + } + size_t out_len = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = out_len / (size_t)136U; + size_t last = out_len - out_len % (size_t)136U; + size_t mid; + if ((size_t)136U >= out_len) { + mid = out_len; + } else { + mid = (size_t)136U; + } + Eurydice_slice_uint8_t_1size_t__x2 uu____0 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid); + Eurydice_slice out00[1U]; + memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice out_rest[1U]; + memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out00); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____1 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest, + (size_t)136U); + Eurydice_slice out0[1U]; + memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice tmp[1U]; + memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out0); + memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < out_len) { + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out_rest); + } + self->sponge = true; +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofSqueeze<136: usize> for +libcrux_sha3::portable::incremental::Shake256Squeeze)#3} +*/ +static inline void libcrux_sha3_portable_incremental_squeeze_8a( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { + Eurydice_slice buf[1U] = {out}; + libcrux_sha3_generic_keccak_squeeze_9d_96(self, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_5a +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c0( + uint64_t (*state)[5U], Eurydice_slice out[1U]) { + size_t num_full_blocks = + core_slice___Slice_T___len(out[0U], uint8_t, size_t) / (size_t)8U; + size_t last_block_len = + core_slice___Slice_T___len(out[0U], uint8_t, size_t) % (size_t)8U; + for (size_t i = (size_t)0U; i < num_full_blocks; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } + if (last_block_len != (size_t)0U) { + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[0U], num_full_blocks * (size_t)8U, + num_full_blocks * (size_t)8U + last_block_len, uint8_t, Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes( + state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_960( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice out[1U]) { + if (self->sponge) { + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + } + size_t out_len = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = out_len / (size_t)168U; + size_t last = out_len - out_len % (size_t)168U; + size_t mid; + if ((size_t)168U >= out_len) { + mid = out_len; + } else { + mid = (size_t)168U; + } + Eurydice_slice_uint8_t_1size_t__x2 uu____0 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid); + Eurydice_slice out00[1U]; + memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice out_rest[1U]; + memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out00); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____1 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest, + (size_t)168U); + Eurydice_slice out0[1U]; + memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice tmp[1U]; + memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out0); + memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < out_len) { + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out_rest); + } + self->sponge = true; +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofSqueeze<168: usize> for +libcrux_sha3::portable::incremental::Shake128Squeeze)#1} +*/ +static inline void libcrux_sha3_portable_incremental_squeeze_10( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { + Eurydice_slice buf[1U] = {out}; + libcrux_sha3_generic_keccak_squeeze_9d_960(self, buf); } /** diff --git a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h index df3cab052..d7ebcbe67 100644 --- a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h @@ -21,52 +21,60 @@ typedef __m256i core_core_arch_x86___m256i; // Cast and Convert -static inline core_core_arch_x86___m128i mm256_castsi256_si128( - core_core_arch_x86___m256i a) { +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i a) { return _mm256_castsi256_si128(a); } -static inline core_core_arch_x86___m256i mm256_cvtepi16_epi32( - core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i a) { return _mm256_cvtepi16_epi32(a); } -static inline core_core_arch_x86___m256i mm256_castsi128_si256( - core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i a) { return _mm256_castsi128_si256(a); } // Initialize, Load, Store -static inline core_core_arch_x86___m256i mm256_setzero_si256(void) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_setzero_si256(void) { return _mm256_setzero_si256(); } -static inline core_core_arch_x86___m256i mm256_set1_epi16(int16_t a) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t a) { return _mm256_set1_epi16(a); } -static inline core_core_arch_x86___m256i mm256_set1_epi32(int32_t a) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t a) { return _mm256_set1_epi32(a); } -static inline core_core_arch_x86___m256i mm256_set1_epi64x(int64_t a) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set1_epi64x(int64_t a) { return _mm256_set1_epi64x(a); } -static inline core_core_arch_x86___m128i mm_set1_epi16(int16_t a) { +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16( + int16_t a) { return _mm_set1_epi16(a); } -static inline core_core_arch_x86___m256i mm256_set_epi16( - int16_t x0, int16_t x1, int16_t x2, int16_t x3, int16_t x4, int16_t x5, - int16_t x6, int16_t x7, int16_t x8, int16_t x9, int16_t x10, int16_t x11, - int16_t x12, int16_t x13, int16_t x14, int16_t x15) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set_epi16(int16_t x0, int16_t x1, int16_t x2, + int16_t x3, int16_t x4, int16_t x5, + int16_t x6, int16_t x7, int16_t x8, + int16_t x9, int16_t x10, int16_t x11, + int16_t x12, int16_t x13, int16_t x14, + int16_t x15) { return _mm256_set_epi16(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15); } -static inline core_core_arch_x86___m256i mm256_set_epi8( +static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( int8_t x0, int8_t x1, int8_t x2, int8_t x3, int8_t x4, int8_t x5, int8_t x6, int8_t x7, int8_t x8, int8_t x9, int8_t x10, int8_t x11, int8_t x12, int8_t x13, int8_t x14, int8_t x15, int8_t x16, int8_t x17, int8_t x18, @@ -78,7 +86,7 @@ static inline core_core_arch_x86___m256i mm256_set_epi8( x24, x25, x26, x27, x28, x29, x30, x31); } -static inline core_core_arch_x86___m128i mm_set_epi8( +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( uint8_t x0, uint8_t x1, uint8_t x2, uint8_t x3, uint8_t x4, uint8_t x5, uint8_t x6, uint8_t x7, uint8_t x8, uint8_t x9, uint8_t x10, uint8_t x11, uint8_t x12, uint8_t x13, uint8_t x14, uint8_t x15) { @@ -86,229 +94,266 @@ static inline core_core_arch_x86___m128i mm_set_epi8( x13, x14, x15); } -static inline core_core_arch_x86___m256i mm256_set_epi32(int32_t x0, int32_t x1, - int32_t x2, int32_t x3, - int32_t x4, int32_t x5, - int32_t x6, - int32_t x7) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set_epi32(int32_t x0, int32_t x1, int32_t x2, + int32_t x3, int32_t x4, int32_t x5, + int32_t x6, int32_t x7) { return _mm256_set_epi32(x0, x1, x2, x3, x4, x5, x6, x7); } -static inline core_core_arch_x86___m256i mm256_loadu_si256_i16( - Eurydice_slice a) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m256i mm256_loadu_si256_u8( - Eurydice_slice a) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m128i mm_loadu_si128(Eurydice_slice a) { +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice a) { return _mm_loadu_si128((const __m128i*)a.ptr); } -static inline void mm_storeu_bytes_si128(Eurydice_slice a, - core_core_arch_x86___m128i b) { +static inline void libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_slice a, core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } -static inline void mm256_storeu_si256_i16(Eurydice_slice a, - core_core_arch_x86___m256i b) { +static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_slice a, core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void mm256_storeu_si256_u8(Eurydice_slice a, - core_core_arch_x86___m256i b) { +static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice a, core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void mm_storeu_si128(Eurydice_slice a, - core_core_arch_x86___m128i b) { +static inline void libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice a, core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } // Arithmetic: Add, Sub -static inline core_core_arch_x86___m256i mm256_add_epi16( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_add_epi16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_add_epi16(a, b); } -static inline core_core_arch_x86___m256i mm256_add_epi32( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_add_epi32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_add_epi32(a, b); } -static inline core_core_arch_x86___m128i mm_add_epi16( +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_add_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_add_epi16(a, b); } -static inline core_core_arch_x86___m256i mm256_sub_epi16( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_sub_epi16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_sub_epi16(a, b); } -static inline core_core_arch_x86___m128i mm_sub_epi16( +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_sub_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_sub_epi16(a, b); } // Arithmetic: Mul low and high, Mul-Add combinations -static inline core_core_arch_x86___m256i mm256_mullo_epi16( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mullo_epi16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_mullo_epi16(a, b); } -static inline core_core_arch_x86___m256i mm256_mulhi_epi16( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mulhi_epi16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i mm256_mul_epu32( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mul_epu32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_mul_epu32(a, b); } -static inline core_core_arch_x86___m256i mm256_mullo_epi32( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mullo_epi32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_mullo_epi32(a, b); } -static inline core_core_arch_x86___m128i mm_mullo_epi16( +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mullo_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mullo_epi16(a, b); } -static inline core_core_arch_x86___m128i mm_mulhi_epi16( +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mulhi_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i mm256_madd_epi16( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_madd_epi16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_madd_epi16(a, b); } // Comparison -static inline core_core_arch_x86___m256i mm256_cmpgt_epi16( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_cmpgt_epi16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_cmpgt_epi16(a, b); } // Bitwise operations -static inline core_core_arch_x86___m256i mm256_and_si256( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_and_si256(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_and_si256(a, b); } -static inline core_core_arch_x86___m256i mm256_andnot_si256( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_andnot_si256(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_andnot_si256(a, b); } -static inline core_core_arch_x86___m256i mm256_xor_si256( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_xor_si256(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_xor_si256(a, b); } -static inline int32_t mm_movemask_epi8(core_core_arch_x86___m128i a) { +static inline int32_t libcrux_intrinsics_avx2_mm_movemask_epi8( + core_core_arch_x86___m128i a) { return _mm_movemask_epi8(a); } // Shift operations -#define mm256_srai_epi16(a, b, _) (_mm256_srai_epi16(b, a)) +#define libcrux_intrinsics_avx2_mm256_srai_epi16(a, b, _) \ + (_mm256_srai_epi16(b, a)) -#define mm256_srli_epi16(a, b, _) (_mm256_srli_epi16(b, a)) +#define libcrux_intrinsics_avx2_mm256_srli_epi16(a, b, _) \ + (_mm256_srli_epi16(b, a)) -#define mm256_slli_epi16(a, b, _) (_mm256_slli_epi16(b, a)) +#define libcrux_intrinsics_avx2_mm256_slli_epi16(a, b, _) \ + (_mm256_slli_epi16(b, a)) -#define mm256_slli_epi32(a, b, _) (_mm256_slli_epi32(b, a)) +#define libcrux_intrinsics_avx2_mm256_slli_epi32(a, b, _) \ + (_mm256_slli_epi32(b, a)) -static inline core_core_arch_x86___m256i mm256_slli_epi64_( - int32_t a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_slli_epi64_(int32_t a, + core_core_arch_x86___m256i b) { return _mm256_slli_epi64(b, a); } -#define mm256_slli_epi64(a, b, c) (mm256_slli_epi64_(a, b)) +#define libcrux_intrinsics_avx2_mm256_slli_epi64(a, b, c) \ + (libcrux_intrinsics_avx2_mm256_slli_epi64_(a, b)) -#define mm256_srai_epi32(a, b, _) (_mm256_srai_epi32(b, a)) +#define libcrux_intrinsics_avx2_mm256_srai_epi32(a, b, _) \ + (_mm256_srai_epi32(b, a)) -#define mm256_srli_epi32(a, b, _) (_mm256_srli_epi32(b, a)) +#define libcrux_intrinsics_avx2_mm256_srli_epi32(a, b, _) \ + (_mm256_srli_epi32(b, a)) -static inline core_core_arch_x86___m256i mm256_sllv_epi32( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_sllv_epi32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_sllv_epi32(a, b); } -static inline core_core_arch_x86___m256i mm256_srli_epi64_( - int32_t a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srli_epi64_(int32_t a, + core_core_arch_x86___m256i b) { return _mm256_srli_epi64(b, a); } -#define mm256_srli_epi64(a, b, c) (mm256_srli_epi64_(a, b)) +#define libcrux_intrinsics_avx2_mm256_srli_epi64(a, b, c) \ + (libcrux_intrinsics_avx2_mm256_srli_epi64_(a, b)) // Shuffle and Vector Interleaving -static inline core_core_arch_x86___m256i mm256_unpacklo_epi32( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpacklo_epi32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi32(a, b); } -static inline core_core_arch_x86___m256i mm256_unpacklo_epi64( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpacklo_epi64(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi64(a, b); } -static inline core_core_arch_x86___m256i mm256_unpackhi_epi32( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpackhi_epi32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi32(a, b); } -static inline core_core_arch_x86___m256i mm256_unpackhi_epi64( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpackhi_epi64(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi64(a, b); } -static inline core_core_arch_x86___m256i mm256_packs_epi32( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_packs_epi32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_packs_epi32(a, b); } -static inline core_core_arch_x86___m128i mm_packs_epi16( +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_packs_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_packs_epi16(a, b); } -#define mm256_shuffle_epi32(a, b, _) (_mm256_shuffle_epi32(b, a)) +#define libcrux_intrinsics_avx2_mm256_shuffle_epi32(a, b, _) \ + (_mm256_shuffle_epi32(b, a)) -#define mm256_extracti128_si256(a, b, _) (_mm256_extracti128_si256(b, a)) +#define libcrux_intrinsics_avx2_mm256_extracti128_si256(a, b, _) \ + (_mm256_extracti128_si256(b, a)) -#define mm256_permute4x64_epi64(a, b, _) (_mm256_permute4x64_epi64(b, a)) +#define libcrux_intrinsics_avx2_mm256_permute4x64_epi64(a, b, _) \ + (_mm256_permute4x64_epi64(b, a)) -#define mm256_permute2x128_si256(a, b, c, d) \ +#define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a, b, c, d) \ (_mm256_permute2x128_si256(b, c, a)) -#define mm256_inserti128_si256(a, b, c, _) (_mm256_inserti128_si256(b, c, a)) +#define libcrux_intrinsics_avx2_mm256_inserti128_si256(a, b, c, _) \ + (_mm256_inserti128_si256(b, c, a)) -#define mm256_blend_epi16(a, b, c, _) (_mm256_blend_epi16(b, c, a)) +#define libcrux_intrinsics_avx2_mm256_blend_epi16(a, b, c, _) \ + (_mm256_blend_epi16(b, c, a)) -static inline core_core_arch_x86___m256i mm256_shuffle_epi8( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_shuffle_epi8(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_shuffle_epi8(a, b); } -static inline core_core_arch_x86___m256i mm256_permutevar8x32_epi32( +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_permutevar8x32_epi32(a, b); } -static inline core_core_arch_x86___m128i mm_shuffle_epi8( - core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_shuffle_epi8(core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b) { return _mm_shuffle_epi8(a, b); } diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index f914d4cb2..86a49e1e6 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,18 +4,15 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "internal/libcrux_core.h" -/** - Return 1 if `value` is not zero and 0 otherwise. -*/ static uint8_t inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -28,17 +25,14 @@ static uint8_t inz(uint8_t value) { static KRML_NOINLINE uint8_t is_non_zero(uint8_t value) { return inz(value); } -/** - Return 1 if the bytes of `lhs` and `rhs` do not exactly - match and 0 otherwise. -*/ static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(lhs, uint8_t, size_t); i++) { size_t i0 = i; r = (uint32_t)r | - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); } return is_non_zero(r); } @@ -49,10 +43,6 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return compare(lhs, rhs); } -/** - If `selector` is not zero, return the bytes in `rhs`; return the bytes in - `lhs` otherwise. -*/ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); @@ -60,10 +50,11 @@ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) { size_t i0 = i; - out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & - (uint32_t)mask) | - ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & - (uint32_t)~mask); + out[i0] = + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & + (uint32_t)mask) | + ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t) & + (uint32_t)~mask); } memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -88,27 +79,23 @@ void libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_i } /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPublicKey)#15} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#14} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_c7 +A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_c7_141( - uint8_t *value) { +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_a31( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_1f lit; - uint8_t ret[1568U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)1568U, value, ret, uint8_t, void *); - memcpy(lit.value, ret, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -119,7 +106,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_d51( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_eb1( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -127,21 +114,20 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_d51( } /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPrivateKey)#9} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPrivateKey)#8} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_22 +A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_22_a71( - uint8_t *value) { +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_701( + uint8_t value[3168U]) { + uint8_t uu____0[3168U]; + memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - uint8_t ret[3168U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)3168U, value, ret, uint8_t, void *); - memcpy(lit.value, ret, (size_t)3168U * sizeof(uint8_t)); + memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -154,19 +140,15 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_9c1( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_101( uint8_t value[1568U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1568U]; - memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -175,7 +157,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_c21( +uint8_t *libcrux_ml_kem_types_as_slice_cb_3b1( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -189,52 +171,48 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_751( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_791( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, + Eurydice_slice); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea4(Eurydice_slice slice, uint8_t ret[1600U]) { uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, (size_t)0U, + core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, + Eurydice_slice), + slice, uint8_t, void *); memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPublicKey)#15} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#14} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_c7 +A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_c7_140( - uint8_t *value) { +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_a30( + uint8_t value[1184U]) { + uint8_t uu____0[1184U]; + memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; - uint8_t ret[1184U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)1184U, value, ret, uint8_t, void *); - memcpy(lit.value, ret, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); return lit; } -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -245,7 +223,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_d50( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_eb0( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -253,21 +231,20 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_d50( } /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPrivateKey)#9} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPrivateKey)#8} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_22 +A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_22_a70( - uint8_t *value) { +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_700( + uint8_t value[2400U]) { + uint8_t uu____0[2400U]; + memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - uint8_t ret[2400U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)2400U, value, ret, uint8_t, void *); - memcpy(lit.value, ret, (size_t)2400U * sizeof(uint8_t)); + memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -280,19 +257,15 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_9c0( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_100( uint8_t value[1088U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1088U]; - memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); + uint8_t uu____0[1088U]; + memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); + memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); return lit; } -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -301,7 +274,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_c20( +uint8_t *libcrux_ml_kem_types_as_slice_cb_3b0( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -315,52 +288,48 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_750( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_790( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, + Eurydice_slice); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea3(Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, (size_t)0U, + core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, + Eurydice_slice), + slice, uint8_t, void *); memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPublicKey)#15} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#14} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_c7 +A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_c7_14( - uint8_t *value) { +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_a3( + uint8_t value[800U]) { + uint8_t uu____0[800U]; + memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_be lit; - uint8_t ret[800U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)800U, value, ret, uint8_t, void *); - memcpy(lit.value, ret, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); return lit; } -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -371,28 +340,27 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_d5( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_eb( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); } /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPrivateKey)#9} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPrivateKey)#8} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_22 +A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_22_a7( - uint8_t *value) { +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_70( + uint8_t value[1632U]) { + uint8_t uu____0[1632U]; + memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - uint8_t ret[1632U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)1632U, value, ret, uint8_t, void *); - memcpy(lit.value, ret, (size_t)1632U * sizeof(uint8_t)); + memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -405,19 +373,15 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_9c( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_10( uint8_t value[768U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[768U]; - memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____0[768U]; + memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); return lit; } -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -426,27 +390,26 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_c2( +uint8_t *libcrux_ml_kem_types_as_slice_cb_3b( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea2(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, (size_t)0U, + core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, + Eurydice_slice), + slice, uint8_t, void *); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } @@ -470,22 +433,21 @@ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { } } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea1(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, (size_t)0U, + core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, + Eurydice_slice), + slice, uint8_t, void *); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } @@ -498,46 +460,45 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_75( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_79( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, + Eurydice_slice); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea0(Eurydice_slice slice, uint8_t ret[800U]) { uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, (size_t)0U, + core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, + Eurydice_slice), + slice, uint8_t, void *); memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, (size_t)0U, + core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, + Eurydice_slice), + slice, uint8_t, void *); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 621327ab7..4265e7e36 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_core_H @@ -30,6 +30,11 @@ typedef struct core_ops_range_Range_b3_s { size_t end; } core_ops_range_Range_b3; +#define core_result_Ok 0 +#define core_result_Err 1 + +typedef uint8_t core_result_Result_86_tags; + #define core_option_None 0 #define core_option_Some 1 @@ -203,18 +208,13 @@ typedef struct tuple_ec_s { uint8_t snd[32U]; } tuple_ec; -#define core_result_Ok 0 -#define core_result_Err 1 - -typedef uint8_t core_result_Result_00_tags; - /** A monomorphic instance of core.result.Result with types uint8_t[8size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_56_s { - core_result_Result_00_tags tag; + core_result_Result_86_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 41e98434c..276b5327d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index cd940beb2..5b6502758 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem1024_avx2.h" #include "internal/libcrux_mlkem_avx2.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -38,30 +35,20 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_c7( +static void decapsulate_d5( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ff0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_260(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_c7(private_key, ciphertext, ret); + decapsulate_d5(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -83,25 +70,18 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_21( +static void decapsulate_unpacked_05( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f0(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa0(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_21(private_key, ciphertext, ret); + decapsulate_unpacked_05(private_key, ciphertext, ret); } /** @@ -121,36 +101,24 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_8e( +static tuple_21 encapsulate_b7( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_930(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_010(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_8e(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_b7(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -169,42 +137,26 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_2a( +static tuple_21 encapsulate_unpacked_ed( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0(uu____0, - copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_360(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_2a(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_ed(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -216,28 +168,20 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_4b( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_80( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_360(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_990(uu____0); } -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_4b(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_80(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -251,29 +195,20 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_4c(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c00( - copy_of_randomness); +generate_keypair_unpacked_290(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d0(uu____0); } -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_4c(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_290(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -282,19 +217,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_1b0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_770(public_key); +static bool validate_public_key_930(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_6c0(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_1b0(public_key.value)) { + if (validate_public_key_930(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 658c5b92c..f70175faf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem1024_avx2_H @@ -22,71 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index c95f9f673..8f38be0c7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 + * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba + * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 */ #include "libcrux_mlkem1024_neon.h" #include "internal/libcrux_mlkem_neon.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -45,13 +42,6 @@ static void decapsulate_f8( libcrux_ml_kem_ind_cca_decapsulate_82(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -59,9 +49,6 @@ void libcrux_ml_kem_mlkem1024_neon_decapsulate( decapsulate_f8(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -90,13 +77,6 @@ static void decapsulate_unpacked_c2( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -125,32 +105,20 @@ static tuple_21 encapsulate_6b( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6b(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_6b(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -174,37 +142,21 @@ static tuple_21 encapsulate_unpacked_1c( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, - copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_1c(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_1c(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -218,26 +170,18 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_72(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_72(uu____0); } -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_91(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_91(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -252,28 +196,19 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c generate_keypair_unpacked_87(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4( - copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uu____0); } -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_87(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_87(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -286,11 +221,6 @@ static bool validate_public_key_a3(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index 1ed96ad65..dc1d1a4be 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 + * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba + * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 */ #ifndef __libcrux_mlkem1024_neon_H @@ -22,71 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index ed6f6e69f..2b84bcdbd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem1024_portable.h" #include "internal/libcrux_mlkem_portable.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -38,30 +35,20 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_15( +static void decapsulate_8b( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b01(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_241(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_15(private_key, ciphertext, ret); + decapsulate_8b(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -83,25 +70,18 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_39( +static void decapsulate_unpacked_f3( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_de1(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_751(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_39(private_key, ciphertext, ret); + decapsulate_unpacked_f3(private_key, ciphertext, ret); } /** @@ -121,36 +101,24 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_09( +static tuple_21 encapsulate_83( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_781(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_fa1(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_09(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_83(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -169,42 +137,26 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_62( +static tuple_21 encapsulate_unpacked_f4( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_081(uu____0, - copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c1(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_62(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_f4(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -217,28 +169,20 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_b5( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_a9( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_d71(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_ef1(uu____0); } -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b5(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_a9(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -252,29 +196,20 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_b8(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_371( - copy_of_randomness); +generate_keypair_unpacked_10(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a1(uu____0); } -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_b8(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_10(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -283,19 +218,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_241(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_3f1(public_key); +static bool validate_public_key_4d1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_601(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_241(public_key.value)) { + if (validate_public_key_4d1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index e20755c0c..8ea6c71ad 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem1024_portable_H @@ -22,71 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 4181db559..06d05903b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 31c416846..d6917cf59 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem512_avx2.h" #include "internal/libcrux_mlkem_avx2.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -38,28 +35,18 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_d7(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_f1(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ff(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_26(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_d7(private_key, ciphertext, ret); + decapsulate_f1(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -81,23 +68,16 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_30( +static void decapsulate_unpacked_4e( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_30(private_key, ciphertext, ret); + decapsulate_unpacked_4e(private_key, ciphertext, ret); } /** @@ -117,36 +97,24 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_c4( +static tuple_ec encapsulate_ab( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_93(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_01(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_c4(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_ab(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -165,40 +133,26 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_b9( +static tuple_ec encapsulate_unpacked_dc( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b(uu____0, - copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_36(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_b9(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_dc(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -210,28 +164,20 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_8f( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_d4( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_36(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_99(uu____0); } -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_8f(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_d4(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -245,29 +191,20 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_7a(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c0( - copy_of_randomness); +generate_keypair_unpacked_29(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d(uu____0); } -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_7a(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_29(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -276,19 +213,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_1b(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_77(public_key); +static bool validate_public_key_93(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_6c(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_1b(public_key.value)) { + if (validate_public_key_93(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 4e8b2bb37..36f5a4f09 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem512_avx2_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index 5b9b0ad47..906114e72 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 + * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba + * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 */ #include "libcrux_mlkem512_neon.h" #include "internal/libcrux_mlkem_neon.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -44,22 +41,12 @@ static void decapsulate_55(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_ind_cca_decapsulate_821(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_55(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -87,13 +74,6 @@ static void decapsulate_unpacked_53( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { @@ -121,32 +101,20 @@ static tuple_ec encapsulate_f8( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_f8(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_f8(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -170,35 +138,21 @@ static tuple_ec encapsulate_unpacked_ce( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, - copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ce(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_ce(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -212,26 +166,18 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_721(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_721(uu____0); } -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1a(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_1a(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -246,28 +192,19 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 generate_keypair_unpacked_38(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41( - copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uu____0); } -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_38(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_38(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -280,11 +217,6 @@ static bool validate_public_key_a31(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e1(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index 211c714fc..67f26b584 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 + * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba + * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 */ #ifndef __libcrux_mlkem512_neon_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 9ff79924c..e6ed7f596 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem512_portable.h" #include "internal/libcrux_mlkem_portable.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -38,28 +35,18 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_04(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_f8(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b00(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_240(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_04(private_key, ciphertext, ret); + decapsulate_f8(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -81,23 +68,16 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_d1( +static void decapsulate_unpacked_1e( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_de0(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_750(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d1(private_key, ciphertext, ret); + decapsulate_unpacked_1e(private_key, ciphertext, ret); } /** @@ -117,36 +97,24 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_0e( +static tuple_ec encapsulate_6e( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_780(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_fa0(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_0e(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_6e(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -165,40 +133,26 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_2c( +static tuple_ec encapsulate_unpacked_ae( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_080(uu____0, - copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c0(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_2c(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_ae(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -211,28 +165,20 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_33( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_65( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_d70(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_ef0(uu____0); } -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_33(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_65(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -246,29 +192,20 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_fe(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_370( - copy_of_randomness); +generate_keypair_unpacked_16(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a0(uu____0); } -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_fe(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_16(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -277,19 +214,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_240(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_3f0(public_key); +static bool validate_public_key_4d0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_600(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_240(public_key.value)) { + if (validate_public_key_4d0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 68ee7a5da..b307dbf3b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem512_portable_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 8cf5f4f40..14d7b3864 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index bd4ebc485..170f11724 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem768_avx2.h" #include "internal/libcrux_mlkem_avx2.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -38,28 +35,18 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_2f( +static void decapsulate_0b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ff1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_261(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_2f(private_key, ciphertext, ret); + decapsulate_0b(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -81,23 +68,16 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_57( +static void decapsulate_unpacked_3f( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f1(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa1(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_57(private_key, ciphertext, ret); + decapsulate_unpacked_3f(private_key, ciphertext, ret); } /** @@ -117,36 +97,24 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_23( +static tuple_3c encapsulate_98( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_931(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_011(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_23(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_98(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -165,40 +133,26 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_cb( +static tuple_3c encapsulate_unpacked_be( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1(uu____0, - copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_361(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_cb(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_be(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -210,28 +164,20 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_2e( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_32( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_361(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_991(uu____0); } -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_2e(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_32(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -245,29 +191,20 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_cf(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c01( - copy_of_randomness); +generate_keypair_unpacked_09(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d1(uu____0); } -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_cf(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_09(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -276,19 +213,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_1b1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_771(public_key); +static bool validate_public_key_931(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_6c1(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_1b1(public_key.value)) { + if (validate_public_key_931(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 9b775c78d..860111581 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem768_avx2_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index c252832a1..f7f161a44 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 + * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba + * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 */ #include "libcrux_mlkem768_neon.h" #include "internal/libcrux_mlkem_neon.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -44,22 +41,12 @@ static void decapsulate_67( libcrux_ml_kem_ind_cca_decapsulate_820(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_67(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -87,13 +74,6 @@ static void decapsulate_unpacked_70( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -121,32 +101,20 @@ static tuple_3c encapsulate_ea( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ea(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_ea(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -170,35 +138,21 @@ static tuple_3c encapsulate_unpacked_29( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, - copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_29(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_29(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -212,26 +166,18 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_720(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_720(uu____0); } -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1b(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_1b(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -246,28 +192,19 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd generate_keypair_unpacked_42(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40( - copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uu____0); } -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_42(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_42(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -280,11 +217,6 @@ static bool validate_public_key_a30(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e0(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index aaf2756d9..4bbf14bf5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 + * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba + * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 */ #ifndef __libcrux_mlkem768_neon_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 7cc0954b1..145cf96c6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem768_portable.h" #include "internal/libcrux_mlkem_portable.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -38,28 +35,18 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_62( +static void decapsulate_7d( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_24(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_62(private_key, ciphertext, ret); + decapsulate_7d(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -81,23 +68,16 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_ad( +static void decapsulate_unpacked_c8( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_de(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_75(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_ad(private_key, ciphertext, ret); + decapsulate_unpacked_c8(private_key, ciphertext, ret); } /** @@ -117,36 +97,24 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_35( +static tuple_3c encapsulate_72( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_78(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_fa(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_35(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_72(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -165,40 +133,26 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_be( +static tuple_3c encapsulate_unpacked_c9( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_08(uu____0, - copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_be(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_c9(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -211,28 +165,20 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_45( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_21( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_d7(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_ef(uu____0); } -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_45(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_21(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -246,29 +192,20 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_05(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_37( - copy_of_randomness); +generate_keypair_unpacked_2a(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a(uu____0); } -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_05(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_2a(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -277,19 +214,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_24(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_3f(public_key); +static bool validate_public_key_4d(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_60(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_24(public_key.value)) { + if (validate_public_key_4d(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 4a2c6effd..4ed073607 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem768_portable_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 87c5873ba..ed6975218 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "internal/libcrux_mlkem_avx2.h" @@ -21,7 +21,8 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -29,40 +30,43 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { - return mm256_setzero_si256(); +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_zero(void) { + return libcrux_intrinsics_avx2_mm256_setzero_si256(); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { return libcrux_ml_kem_vector_avx2_zero(); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { - return mm256_loadu_si256_i16(array); + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( + Eurydice_slice array) { return libcrux_ml_kem_vector_avx2_from_i16_array(array); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, - int16_t ret[16U]) { +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( + core_core_arch_x86___m256i v, int16_t ret[16U]) { int16_t output[16U] = {0U}; - mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, output, int16_t), - v); + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); memcpy(ret, output, (size_t)16U * sizeof(int16_t)); } @@ -70,452 +74,564 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]) { +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, + int16_t ret[16U]) { libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); } -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, - __m256i rhs) { - return mm256_add_epi16(lhs, rhs); +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); } -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, - __m256i rhs) { - return mm256_sub_epi16(lhs, rhs); +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); } -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, - int16_t constant) { - return mm256_mullo_epi16(vector, mm256_set1_epi16(constant)); +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_mullo_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, - int16_t c) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + core_core_arch_x86___m256i v, int16_t c) { return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - __m256i vector, int16_t constant) { - return mm256_and_si256(vector, mm256_set1_epi16(constant)); + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_and_si256( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - __m256i vector, int16_t constant) { +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( vector, constant); } -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { - __m256i field_modulus = - mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus); - __m256i sign_mask = - mm256_srai_epi16((int32_t)15, v_minus_field_modulus, __m256i); - __m256i conditional_add_field_modulus = - mm256_and_si256(sign_mask, field_modulus); - return mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i v_minus_field_modulus = + libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + core_core_arch_x86___m256i sign_mask = + libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); + core_core_arch_x86___m256i conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); + return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( + core_core_arch_x86___m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); } -/** - See Section 3.2 of the implementation notes document for an explanation - of this code. -*/ -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { - __m256i t = mm256_mulhi_epi16( - vector, mm256_set1_epi16( +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t0 = mm256_add_epi16(t, mm256_set1_epi16((int16_t)512)); - __m256i quotient = mm256_srai_epi16((int32_t)10, t0, __m256i); - __m256i quotient_times_field_modulus = mm256_mullo_epi16( - quotient, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return mm256_sub_epi16(vector, quotient_times_field_modulus); + core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + core_core_arch_x86___m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, + quotient_times_field_modulus); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + core_core_arch_x86___m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - __m256i vector, int16_t constant) { - __m256i constant0 = mm256_set1_epi16(constant); - __m256i value_low = mm256_mullo_epi16(vector, constant0); - __m256i k = mm256_mullo_epi16( + core_core_arch_x86___m256i vector, int16_t constant) { + core_core_arch_x86___m256i constant0 = + libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, - mm256_set1_epi16( + libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = mm256_mulhi_epi16( - k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = mm256_mulhi_epi16(vector, constant0); - return mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - __m256i vector, int16_t constant) { +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( vector, constant); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - __m256i vector) { - __m256i field_modulus_halved = mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)2); - __m256i field_modulus_quartered = mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)4); - __m256i shifted = mm256_sub_epi16(field_modulus_halved, vector); - __m256i mask = mm256_srai_epi16((int32_t)15, shifted, __m256i); - __m256i shifted_to_positive = mm256_xor_si256(mask, shifted); - __m256i shifted_to_positive_in_range = - mm256_sub_epi16(shifted_to_positive, field_modulus_quartered); - return mm256_srli_epi16((int32_t)15, shifted_to_positive_in_range, __m256i); + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)2); + core_core_arch_x86___m256i field_modulus_quartered = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)4); + core_core_arch_x86___m256i shifted = + libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, shifted, core_core_arch_x86___m256i); + core_core_arch_x86___m256i shifted_to_positive = + libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + core_core_arch_x86___m256i shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( + core_core_arch_x86___m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( vector); } -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - __m256i lhs, __m256i rhs) { - __m256i prod02 = mm256_mul_epu32(lhs, rhs); - __m256i prod13 = - mm256_mul_epu32(mm256_shuffle_epi32((int32_t)245, lhs, __m256i), - mm256_shuffle_epi32((int32_t)245, rhs, __m256i)); - return mm256_unpackhi_epi64(mm256_unpacklo_epi32(prod02, prod13), - mm256_unpackhi_epi32(prod02, prod13)); +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { + core_core_arch_x86___m256i prod02 = + libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, + core_core_arch_x86___m256i)); + return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), + libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - __m256i v, __m256i c) { - __m256i value_low = mm256_mullo_epi16(v, c); - __m256i k = mm256_mullo_epi16( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, - mm256_set1_epi16( + libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = mm256_mulhi_epi16( - k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = mm256_mulhi_epi16(v, c); - return mm256_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, - int16_t zeta3) { - __m256i zetas = mm256_set_epi16(-zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, - zeta2, zeta2, -zeta1, -zeta1, zeta1, zeta1, - -zeta0, -zeta0, zeta0, zeta0); - __m256i rhs = mm256_shuffle_epi32((int32_t)245, vector, __m256i); - __m256i rhs0 = + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, + -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - __m256i lhs = mm256_shuffle_epi32((int32_t)160, vector, __m256i); - return mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); } -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - __m256i vector, int16_t zeta0, int16_t zeta1) { - __m256i zetas = mm256_set_epi16(-zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, - zeta1, zeta1, -zeta0, -zeta0, -zeta0, -zeta0, - zeta0, zeta0, zeta0, zeta0); - __m256i rhs = mm256_shuffle_epi32((int32_t)238, vector, __m256i); - __m256i rhs0 = +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, + -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)238, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - __m256i lhs = mm256_shuffle_epi32((int32_t)68, vector, __m256i); - return mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)68, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); } -KRML_MUSTINLINE __m128i +KRML_MUSTINLINE core_core_arch_x86___m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - __m128i v, __m128i c) { - __m128i value_low = mm_mullo_epi16(v, c); - __m128i k = mm_mullo_epi16( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { + core_core_arch_x86___m128i value_low = + libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( value_low, - mm_set1_epi16( + libcrux_intrinsics_avx2_mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m128i k_times_modulus = mm_mulhi_epi16( - k, mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m128i value_high = mm_mulhi_epi16(v, c); - return mm_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) { - __m128i rhs = mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m128i rhs0 = + core_core_arch_x86___m128i k_times_modulus = + libcrux_intrinsics_avx2_mm_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m128i value_high = + libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - rhs, mm_set1_epi16(zeta)); - __m128i lhs = mm256_castsi256_si128(vector); - __m128i lower_coefficients = mm_add_epi16(lhs, rhs0); - __m128i upper_coefficients = mm_sub_epi16(lhs, rhs0); - __m256i combined = mm256_castsi128_si256(lower_coefficients); - return mm256_inserti128_si256((int32_t)1, combined, upper_coefficients, - __m256i); + rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, - int16_t zeta) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); } -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, - int16_t zeta3) { - __m256i lhs = mm256_shuffle_epi32((int32_t)245, vector, __m256i); - __m256i rhs = mm256_shuffle_epi32((int32_t)160, vector, __m256i); - __m256i rhs0 = mm256_mullo_epi16( - rhs, mm256_set_epi16((int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1)); - __m256i sum0 = mm256_add_epi16(lhs, rhs0); - __m256i sum_times_zetas = +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, + (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum0 = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum0, - mm256_set_epi16(zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, - (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, - (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - __m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return mm256_blend_epi16((int32_t)204, sum, sum_times_zetas, __m256i); + sum0, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + core_core_arch_x86___m256i sum = + libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( vector, zeta0, zeta1, zeta2, zeta3); } -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - __m256i vector, int16_t zeta0, int16_t zeta1) { - __m256i lhs = mm256_permute4x64_epi64((int32_t)245, vector, __m256i); - __m256i rhs = mm256_permute4x64_epi64((int32_t)160, vector, __m256i); - __m256i rhs0 = mm256_mullo_epi16( - rhs, mm256_set_epi16((int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1, - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1)); - __m256i sum = mm256_add_epi16(lhs, rhs0); - __m256i sum_times_zetas = +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i lhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum, - mm256_set_epi16(zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, - (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, - (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return mm256_blend_epi16((int32_t)240, sum, sum_times_zetas, __m256i); + sum, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); } -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - __m256i vector, int16_t zeta) { - __m128i lhs = mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m128i rhs = mm256_castsi256_si128(vector); - __m128i lower_coefficients = mm_add_epi16(lhs, rhs); - __m128i upper_coefficients = mm_sub_epi16(lhs, rhs); - __m128i upper_coefficients0 = +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - upper_coefficients, mm_set1_epi16(zeta)); - __m256i combined = mm256_castsi128_si256(lower_coefficients); - return mm256_inserti128_si256((int32_t)1, combined, upper_coefficients0, - __m256i); + upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, - int16_t zeta) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); } -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { - __m256i k = mm256_mullo_epi16( +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v) { + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( v, - mm256_set1_epi32( + libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = mm256_mulhi_epi16( - k, mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = mm256_srli_epi32((int32_t)16, v, __m256i); - __m256i result = mm256_sub_epi16(value_high, k_times_modulus); - __m256i result0 = mm256_slli_epi32((int32_t)16, result, __m256i); - return mm256_srai_epi32((int32_t)16, result0, __m256i); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, - int16_t zeta3) { - __m256i shuffle_with = mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - __m256i lhs_shuffled = mm256_shuffle_epi8(lhs, shuffle_with); - __m256i lhs_shuffled0 = - mm256_permute4x64_epi64((int32_t)216, lhs_shuffled, __m256i); - __m128i lhs_evens = mm256_castsi256_si128(lhs_shuffled0); - __m256i lhs_evens0 = mm256_cvtepi16_epi32(lhs_evens); - __m128i lhs_odds = - mm256_extracti128_si256((int32_t)1, lhs_shuffled0, __m128i); - __m256i lhs_odds0 = mm256_cvtepi16_epi32(lhs_odds); - __m256i rhs_shuffled = mm256_shuffle_epi8(rhs, shuffle_with); - __m256i rhs_shuffled0 = - mm256_permute4x64_epi64((int32_t)216, rhs_shuffled, __m256i); - __m128i rhs_evens = mm256_castsi256_si128(rhs_shuffled0); - __m256i rhs_evens0 = mm256_cvtepi16_epi32(rhs_evens); - __m128i rhs_odds = - mm256_extracti128_si256((int32_t)1, rhs_shuffled0, __m128i); - __m256i rhs_odds0 = mm256_cvtepi16_epi32(rhs_odds); - __m256i left = mm256_mullo_epi32(lhs_evens0, rhs_evens0); - __m256i right = mm256_mullo_epi32(lhs_odds0, rhs_odds0); - __m256i right0 = + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i result = + libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, result, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, + core_core_arch_x86___m256i); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i shuffle_with = + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + core_core_arch_x86___m256i lhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + core_core_arch_x86___m256i lhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + core_core_arch_x86___m256i lhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + core_core_arch_x86___m128i lhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i lhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + core_core_arch_x86___m256i rhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + core_core_arch_x86___m256i rhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i rhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + core_core_arch_x86___m256i rhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + core_core_arch_x86___m128i rhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i rhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + core_core_arch_x86___m256i left = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + core_core_arch_x86___m256i right = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + core_core_arch_x86___m256i right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - __m256i right1 = mm256_mullo_epi32( - right0, mm256_set_epi32(-(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, - (int32_t)zeta2, -(int32_t)zeta1, (int32_t)zeta1, - -(int32_t)zeta0, (int32_t)zeta0)); - __m256i products_left = mm256_add_epi32(left, right1); - __m256i products_left0 = + core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + right0, + libcrux_intrinsics_avx2_mm256_set_epi32( + -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, + -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); + core_core_arch_x86___m256i products_left = + libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + core_core_arch_x86___m256i products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_left); - __m256i rhs_adjacent_swapped = mm256_shuffle_epi8( - rhs, - mm256_set_epi8((int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, - (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, - (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, - (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, - (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, - (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - __m256i products_right = mm256_madd_epi16(lhs, rhs_adjacent_swapped); - __m256i products_right0 = + core_core_arch_x86___m256i rhs_adjacent_swapped = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + rhs, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, + (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, + (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, + (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, + (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, + (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + core_core_arch_x86___m256i products_right = + libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + core_core_arch_x86___m256i products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_right); - __m256i products_right1 = - mm256_slli_epi32((int32_t)16, products_right0, __m256i); - return mm256_blend_epi16((int32_t)170, products_left0, products_right1, - __m256i); + core_core_arch_x86___m256i products_right1 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, + products_right1, + core_core_arch_x86___m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, - int16_t zeta3) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, zeta1, zeta2, zeta3); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - __m256i vector, uint8_t ret[2U]) { - __m256i lsb_to_msb = mm256_slli_epi16((int32_t)15, vector, __m256i); - __m128i low_msbs = mm256_castsi256_si128(lsb_to_msb); - __m128i high_msbs = mm256_extracti128_si256((int32_t)1, lsb_to_msb, __m128i); - __m128i msbs = mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = mm_movemask_epi8(msbs); + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + core_core_arch_x86___m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i low_msbs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + core_core_arch_x86___m128i high_msbs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); + core_core_arch_x86___m128i msbs = + libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); uint8_t serialized[2U] = {0U}; serialized[0U] = (uint8_t)bits_packed; serialized[1U] = (uint8_t)(bits_packed >> 8U); @@ -526,79 +642,110 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, - uint8_t ret[2U]) { +void libcrux_ml_kem_vector_avx2_serialize_1_ea( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - __m256i coefficients = mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i shift_lsb_to_msb = mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); - __m256i coefficients_in_msb = - mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return mm256_srli_epi16((int32_t)15, coefficients_in_msb, __m256i); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsb_to_msb = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)-32768); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - __m256i vector, uint8_t ret[8U]) { + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - __m256i adjacent_8_combined = mm256_shuffle_epi8( - adjacent_2_combined, - mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - __m256i combined = mm256_permutevar8x32_epi32( - adjacent_8_combined, - mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); - __m128i combined0 = mm256_castsi256_si128(combined); - mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0); + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)4, (int32_t)0)); + core_core_arch_x86___m128i combined0 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), + combined0); uint8_t ret0[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -607,89 +754,127 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, - uint8_t ret[8U]) { +void libcrux_ml_kem_vector_avx2_serialize_4_ea( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - __m256i coefficients = mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i shift_lsbs_to_msbs = mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m256i coefficients_in_msb = - mm256_mullo_epi16(coefficients, shift_lsbs_to_msbs); - __m256i coefficients_in_lsb = - mm256_srli_epi16((int32_t)4, coefficients_in_msb, __m256i); - return mm256_and_si256(coefficients_in_lsb, - mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients_in_lsb = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 4U) - (int16_t)1)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - __m256i vector, uint8_t ret[10U]) { + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - __m256i adjacent_4_combined = mm256_sllv_epi32( - adjacent_2_combined, - mm256_set_epi32((int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22)); - __m256i adjacent_4_combined0 = - mm256_srli_epi64((int32_t)22, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = - mm256_shuffle_epi32((int32_t)8, adjacent_4_combined0, __m256i); - __m256i adjacent_8_combined0 = mm256_sllv_epi32( - adjacent_8_combined, - mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12)); - __m256i adjacent_8_combined1 = - mm256_srli_epi64((int32_t)12, adjacent_8_combined0, __m256i); - __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined1); - mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined0 = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_8_combined1 = + libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), lower_8); - __m128i upper_8 = - mm256_extracti128_si256((int32_t)1, adjacent_8_combined1, __m128i); - mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t), + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, + Eurydice_slice), upper_8); uint8_t ret0[10U]; core_result_Result_cd dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), - Eurydice_slice, uint8_t[10U]); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[10U], void *); core_result_unwrap_41_e8(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -698,101 +883,120 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, - uint8_t ret[10U]) { +void libcrux_ml_kem_vector_avx2_serialize_5_ea( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - __m128i coefficients = - mm_set_epi8(Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i coefficients_loaded = mm256_castsi128_si256(coefficients); - __m256i coefficients_loaded0 = mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, __m256i); - __m256i coefficients0 = mm256_shuffle_epi8( - coefficients_loaded0, - mm256_set_epi8((int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, - (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, - (int8_t)5, (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, - (int8_t)2, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)1, (int8_t)0)); - __m256i coefficients1 = mm256_mullo_epi16( - coefficients0, - mm256_set_epi16((int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return mm256_srli_epi16((int32_t)11, coefficients1, __m256i); + core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_x86___m256i coefficients_loaded = + libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + core_core_arch_x86___m256i coefficients_loaded0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + coefficients_loaded0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, + (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, + (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, + core_core_arch_x86___m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - __m256i vector, uint8_t ret[20U]) { + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16((int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1)); - __m256i adjacent_4_combined = mm256_sllv_epi32( - adjacent_2_combined, - mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); - __m256i adjacent_4_combined0 = - mm256_srli_epi64((int32_t)12, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = mm256_shuffle_epi8( - adjacent_4_combined0, - mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, - (int8_t)1, (int8_t)0)); - __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); - mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), lower_8); - __m128i upper_8 = - mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); - mm_storeu_bytes_si128(Eurydice_array_to_subslice2(serialized, (size_t)10U, - (size_t)26U, uint8_t), - upper_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, + Eurydice_slice), + upper_8); uint8_t ret0[20U]; core_result_Result_7a dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), - Eurydice_slice, uint8_t[20U]); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[20U], void *); core_result_unwrap_41_34(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -801,53 +1005,72 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, - uint8_t ret[20U]) { +void libcrux_ml_kem_vector_avx2_serialize_10_ea( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); - __m128i lower_coefficients = mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - __m128i lower_coefficients0 = mm_shuffle_epi8( - lower_coefficients, mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, - 3U, 2U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); - __m128i upper_coefficients0 = mm_shuffle_epi8( - upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, - 10U, 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, - upper_coefficients0, __m256i); - __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = mm256_srli_epi16((int32_t)6, coefficients1, __m256i); - return mm256_and_si256(coefficients2, - mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1)); + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, + 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, + 9U, 9U, 8U, 8U, 7U, 7U, 6U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 10U) - (int16_t)1)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - __m256i vector, uint8_t ret[22U]) { + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; - mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, array, int16_t), - vector); + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), + vector); libcrux_ml_kem_vector_portable_vector_type_PortableVector input = libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t)); + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); uint8_t ret0[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); @@ -857,69 +1080,81 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, - uint8_t ret[22U]) { +void libcrux_ml_kem_vector_avx2_serialize_11_ea( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { libcrux_ml_kem_vector_portable_vector_type_PortableVector output = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - return mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t)); + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - __m256i vector, uint8_t ret[24U]) { + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16((int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, - (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, - (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, - (int16_t)1)); - __m256i adjacent_4_combined = mm256_sllv_epi32( - adjacent_2_combined, - mm256_set_epi32((int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); - __m256i adjacent_4_combined0 = - mm256_srli_epi64((int32_t)8, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = mm256_shuffle_epi8( - adjacent_4_combined0, - mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, - (int8_t)1, (int8_t)0)); - __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); - __m128i upper_8 = - mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); - mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, + (int32_t)8, (int32_t)0, (int32_t)8)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), lower_8); - mm_storeu_bytes_si128(Eurydice_array_to_subslice2(serialized, (size_t)12U, - (size_t)28U, uint8_t), - upper_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, + Eurydice_slice), + upper_8); uint8_t ret0[24U]; core_result_Result_6f dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), - Eurydice_slice, uint8_t[24U]); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[24U], void *); core_result_unwrap_41_1c(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -928,53 +1163,73 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, - uint8_t ret[24U]) { +void libcrux_ml_kem_vector_avx2_serialize_12_ea( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m128i lower_coefficients = mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - __m128i lower_coefficients0 = mm_shuffle_epi8( - lower_coefficients, mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, - 4U, 3U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); - __m128i upper_coefficients0 = mm_shuffle_epi8( - upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, - 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, - upper_coefficients0, __m256i); - __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = mm256_srli_epi16((int32_t)4, coefficients1, __m256i); - return mm256_and_si256(coefficients2, - mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, + 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, + 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 12U) - (int16_t)1)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); } KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( Eurydice_slice input, Eurydice_slice output) { - __m256i field_modulus = - mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i potential_coefficients = + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - __m256i compare_with_field_modulus = - mm256_cmpgt_epi16(field_modulus, potential_coefficients); + core_core_arch_x86___m256i compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); uint8_t good[2U]; libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, good); @@ -983,27 +1238,35 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); - __m128i lower_shuffles0 = mm_loadu_si128( - Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); - __m128i lower_coefficients = mm256_castsi256_si128(potential_coefficients); - __m128i lower_coefficients0 = - mm_shuffle_epi8(lower_coefficients, lower_shuffles0); - mm_storeu_si128(output, lower_coefficients0); + core_core_arch_x86___m128i lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, + lower_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); uint8_t upper_shuffles[16U]; memcpy(upper_shuffles, libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); - __m128i upper_shuffles0 = mm_loadu_si128( - Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t)); - __m128i upper_coefficients = - mm256_extracti128_si256((int32_t)1, potential_coefficients, __m128i); - __m128i upper_coefficients0 = - mm_shuffle_epi8(upper_coefficients, upper_shuffles0); - mm_storeu_si128(Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t), - upper_coefficients0); + core_core_arch_x86___m128i upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, + upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice_subslice2(output, sampled_count, + sampled_count + (size_t)8U, int16_t, + Eurydice_slice), + upper_coefficients0); size_t uu____0 = sampled_count; return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); } @@ -1021,7 +1284,8 @@ size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} */ -inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( + core_core_arch_x86___m256i *self) { return self[0U]; } @@ -1035,7 +1299,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_9b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); @@ -1056,12 +1320,6 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { return lit; } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -1069,26 +1327,24 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_c5(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_to_reduced_ring_element_7f(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); } return re; } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -1096,14 +1352,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f24( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_494( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); + deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -1111,9 +1367,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f24( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_c5(ring_element); + deserialize_to_reduced_ring_element_7f(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1126,8 +1382,10 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_b6(__m256i vector) { - return mm256_srai_epi16((int32_t)15, vector, __m256i); +static KRML_MUSTINLINE core_core_arch_x86___m256i +shift_right_4a(core_core_arch_x86___m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); } /** @@ -1139,8 +1397,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_ea_07(__m256i vector) { - return shift_right_b6(vector); +static core_core_arch_x86___m256i shift_right_ea_25( + core_core_arch_x86___m256i vector) { + return shift_right_4a(vector); } /** @@ -1149,10 +1408,12 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_unsigned_representative_a4(__m256i a) { - __m256i t = shift_right_ea_07(a); - __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); +static core_core_arch_x86___m256i to_unsigned_representative_d2( + core_core_arch_x86___m256i a) { + core_core_arch_x86___m256i t = shift_right_ea_25(a); + core_core_arch_x86___m256i fm = + libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); } @@ -1162,26 +1423,27 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_af( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = to_unsigned_representative_a4(re->coefficients[i0]); + core_core_arch_x86___m256i coefficient = + to_unsigned_representative_d2(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1189,34 +1451,34 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_ae1( +static KRML_MUSTINLINE void serialize_secret_key_7f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + serialize_uncompressed_ring_element_af(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1225,20 +1487,24 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_d01( +static KRML_MUSTINLINE void serialize_public_key_941( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - serialize_secret_key_ae1(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( + serialize_secret_key_7f1(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), - seed_for_a, uint8_t); + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -1250,18 +1516,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_771(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_6c1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_f24( + deserialize_ring_elements_reduced_494( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_d01( + serialize_public_key_941( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -1289,7 +1555,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_a9_681(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_e11(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -1299,10 +1565,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static void closure_b81( +static void closure_b91( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_d5();); + ret[i] = ZERO_89_9b();); } /** @@ -1311,14 +1577,15 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_4d1(uint8_t input[3U][34U]) { +shake128_init_absorb_b41(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); return state; } @@ -1332,11 +1599,10 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_ca1(uint8_t input[3U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[3U][34U]; - memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_4d1(copy_of_input); +shake128_init_absorb_a9_cf1(uint8_t input[3U][34U]) { + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b41(uu____0); } /** @@ -1345,7 +1611,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b1( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_981( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -1353,10 +1619,10 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b1( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -1379,52 +1645,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d1( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_c01( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_6b1(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_three_blocks_981(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -1432,7 +1657,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f93( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1443,11 +1668,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -1469,7 +1695,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_1b1( +static KRML_MUSTINLINE void shake128_squeeze_block_aa1( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -1477,10 +1703,10 @@ static KRML_MUSTINLINE void shake128_squeeze_block_1b1( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -1502,52 +1728,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a1( +static KRML_MUSTINLINE void shake128_squeeze_block_a9_a31( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_1b1(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_block_aa1(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -1555,7 +1740,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f94( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1566,11 +1751,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -1598,14 +1784,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_89_10(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); +from_i16_array_89_46(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; result.coefficients[i0] = libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t)); + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); } return result; } @@ -1616,10 +1803,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_191( int16_t s[272U]) { - return from_i16_array_89_10( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); + return from_i16_array_89_46(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } /** @@ -1628,43 +1815,38 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_b01( +static KRML_MUSTINLINE void sample_from_xof_af1( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[3U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_ca1(copy_of_seeds); + shake128_init_absorb_a9_cf1(uu____0); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_a9_4d1(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[3U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb3( - copy_of_randomness0, sampled_coefficients, out); + shake128_squeeze_three_blocks_a9_c01(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_f93( + uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_block_a9_5a1(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[3U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb4( - copy_of_randomness, sampled_coefficients, out); + shake128_squeeze_block_a9_a31(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_f94( + uu____2, sampled_coefficients, out); } } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[3U][272U]; - memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_791(copy_of_out[i]);); + ret0[i] = closure_191(uu____3[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1676,33 +1858,32 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_a21( +static KRML_MUSTINLINE void sample_matrix_A_ac1( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_b81(A_transpose[i]);); + closure_b91(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[3U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_b01(copy_of_seeds, sampled); + sample_from_xof_af1(uu____1, sampled); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -1711,9 +1892,7 @@ static KRML_MUSTINLINE void sample_matrix_A_a21( } else { A_transpose[i1][j] = sample; } - } - - ); + }); memcpy(ret, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); @@ -1736,7 +1915,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_662(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -1744,14 +1923,14 @@ static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -1774,60 +1953,11 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_a12(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_1c2(input, ret); + PRFxN_662(input, ret); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -1835,25 +1965,27 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_ee(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t); + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *) | + uint8_t *, uint8_t) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -1869,8 +2001,8 @@ sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_10( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); + return from_i16_array_89_46(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } /** @@ -1880,22 +2012,24 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_c4(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t); + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *) | + uint8_t *, uint8_t) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -1913,8 +2047,8 @@ sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_10( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); + return from_i16_array_89_46(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } /** @@ -1924,8 +2058,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_470(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c1(randomness); +sample_from_binomial_distribution_730(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_ee(randomness); } /** @@ -1934,13 +2068,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_45( +static KRML_MUSTINLINE void ntt_at_layer_7_fd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; - __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - re->coefficients[j + step], (int16_t)-1600); + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + re->coefficients[j + step], (int16_t)-1600); re->coefficients[j + step] = libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); re->coefficients[j] = @@ -1949,8 +2084,8 @@ static KRML_MUSTINLINE void ntt_at_layer_7_45( } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { - __m256i fst; - __m256i snd; + core_core_arch_x86___m256i fst; + core_core_arch_x86___m256i snd; } libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; /** @@ -1959,7 +2094,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i montgomery_multiply_fe_9d(__m256i v, int16_t fer) { +static core_core_arch_x86___m256i montgomery_multiply_fe_3e( + core_core_arch_x86___m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -1970,8 +2106,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_f4(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_9d(b, zeta_r); +ntt_layer_int_vec_step_a7(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, int16_t zeta_r) { + core_core_arch_x86___m256i t = montgomery_multiply_fe_3e(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1984,7 +2121,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_65( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_5a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1997,11 +2134,11 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_65( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_f4( + ntt_layer_int_vec_step_a7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - __m256i x = uu____0.fst; - __m256i y = uu____0.snd; + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -2014,7 +2151,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_b4( +static KRML_MUSTINLINE void ntt_at_layer_3_c4( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2030,7 +2167,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_7c( +static KRML_MUSTINLINE void ntt_at_layer_2_2d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2049,7 +2186,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_c2( +static KRML_MUSTINLINE void ntt_at_layer_1_42( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2076,7 +2213,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_99( +static KRML_MUSTINLINE void poly_barrett_reduce_89_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2092,23 +2229,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b5( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_45(re); + ntt_at_layer_7_fd(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c4(&zeta_i, re); + ntt_at_layer_2_2d(&zeta_i, re); + ntt_at_layer_1_42(&zeta_i, re); + poly_barrett_reduce_89_e6(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2117,68 +2250,41 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_081( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + re_as_ntt[i] = ZERO_89_9b();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); + PRFxN_a9_a12(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_730(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_b2(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; memcpy( - copy_of_re_as_ntt, re_as_ntt, + uu____2, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, copy_of_re_as_ntt, + lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; } -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2190,9 +2296,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_89_44(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_9b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2213,10 +2319,6 @@ ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return out; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2227,13 +2329,15 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_971( +static KRML_MUSTINLINE void add_to_ring_element_89_ce1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice( - (size_t)16U, self->coefficients, __m256i), - __m256i); + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -2247,7 +2351,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_standard_domain_42(__m256i v) { +static core_core_arch_x86___m256i to_standard_domain_c8( + core_core_arch_x86___m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -2262,108 +2367,66 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( +static KRML_MUSTINLINE void add_standard_error_reduce_89_06( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - __m256i coefficient_normal_form = - to_standard_domain_42(self->coefficients[j]); + core_core_arch_x86___m256i coefficient_normal_form = + to_standard_domain_c8(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &error->coefficients[j])); } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_f01( +static KRML_MUSTINLINE void compute_As_plus_e_581( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_d5();); + result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_971(&result[i1], &product); + ntt_multiply_89_44(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ce1(&result[i1], &product); } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_06(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2372,75 +2435,69 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b0 generate_keypair_unpacked_6c1( +static tuple_9b0 generate_keypair_unpacked_651( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_681(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); + G_a9_e11(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a21(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_ac1(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_151(copy_of_prf_input0, 0U); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_081(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_151(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_081(uu____3, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_f01(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_581(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____4, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; + memcpy(uu____5, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, + pk.t_as_ntt, uu____4, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____7, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, + sk.secret_as_ntt, uu____7, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); } @@ -2458,10 +2515,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_1a1( +static void closure_761( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_d5();); + ret[i] = ZERO_89_9b();); } /** @@ -2474,13 +2531,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_25( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_6d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - __m256i ret[16U]; + core_core_arch_x86___m256i ret[16U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, __m256i, void *); - memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); + (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * sizeof(core_core_arch_x86___m256i)); return lit; } @@ -2493,7 +2551,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_a11(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -2510,26 +2568,27 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c01(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); + size_t, Eurydice_slice); + tuple_9b0 uu____0 = generate_keypair_unpacked_651(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_1a1(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_761(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_25(&ind_cpa_public_key.A[j][i1]); + clone_d5_6d(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -2539,39 +2598,36 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c01(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_d01( + serialize_public_key_941( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), + uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), + H_a9_a11(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); + uint8_t[32U], void *); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + memcpy(uu____5.implicit_rejection_value, uu____4, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + memcpy(lit.public_key.public_key_hash, uu____7, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -2587,36 +2643,28 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e31( Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(key_generation_seed); + tuple_9b0 uu____0 = generate_keypair_unpacked_651(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_d01( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); + serialize_public_key_941(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_ae1(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1152U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1184U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); + serialize_secret_key_7f1(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -2624,7 +2672,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_751( +static KRML_MUSTINLINE void serialize_kem_secret_key_f61( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2632,48 +2680,46 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_751( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), - uint8_t), - private_key, uint8_t); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t); + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), - uint8_t), - public_key, uint8_t); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t); + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); uint8_t ret0[32U]; - H_a9_651(public_key, ret0); - Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + H_a9_a11(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), - uint8_t), - implicit_rejection_value, uint8_t); + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2687,35 +2733,39 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_361(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_991(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_e11(ind_cpa_keypair_randomness); + generate_keypair_e31(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_751( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), + serialize_kem_secret_key_f61( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_22_a70(secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____1 = private_key; - return libcrux_ml_kem_types_from_17_d50( - uu____1, libcrux_ml_kem_types_from_c7_140(public_key)); + libcrux_ml_kem_types_from_05_700(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_eb0( + uu____2, libcrux_ml_kem_types_from_b6_a30(uu____3)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2725,36 +2775,34 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_001(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_c01(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + error_1[i] = ZERO_89_9b();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); + PRFxN_a9_a12(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + sample_from_binomial_distribution_730(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; memcpy( - copy_of_error_1, error_1, + uu____2, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, copy_of_error_1, + lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -2765,10 +2813,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_450(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -2782,9 +2831,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_934(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_dd4(Eurydice_slice input, uint8_t ret[128U]) { - PRF_420(input, ret); + PRF_450(input, ret); } /** @@ -2793,7 +2842,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_04( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_38( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2817,7 +2866,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_18( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_53( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2837,7 +2886,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_94( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_b7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2855,11 +2904,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_34(__m256i a, __m256i b, int16_t zeta_r) { - __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); +inv_ntt_layer_int_vec_step_reduce_0d(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i a_minus_b = + libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = montgomery_multiply_fe_9d(a_minus_b, zeta_r); + b = montgomery_multiply_fe_3e(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2870,7 +2922,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_75( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_78( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2885,11 +2937,11 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_75( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_34( + inv_ntt_layer_int_vec_step_reduce_0d( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - __m256i x = uu____0.fst; - __m256i y = uu____0.snd; + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -2902,18 +2954,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_be1( +static KRML_MUSTINLINE void invert_ntt_montgomery_241( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_04(&zeta_i, re); - invert_ntt_at_layer_2_18(&zeta_i, re); - invert_ntt_at_layer_3_94(&zeta_i, re); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); + invert_ntt_at_layer_1_38(&zeta_i, re); + invert_ntt_at_layer_2_53(&zeta_i, re); + invert_ntt_at_layer_3_b7(&zeta_i, re); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_e6(re); } /** @@ -2926,13 +2978,13 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_46( +static KRML_MUSTINLINE void add_error_reduce_89_42( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - __m256i coefficient_normal_form = + core_core_arch_x86___m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( self->coefficients[j], (int16_t)1441); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( @@ -2941,47 +2993,46 @@ static KRML_MUSTINLINE void add_error_reduce_89_46( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_6c1( +static KRML_MUSTINLINE void compute_vector_u_7e1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_d5();); + result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_971(&result[i1], &product); + ntt_multiply_89_44(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ce1(&result[i1], &product); } - invert_ntt_montgomery_be1(&result[i1]); - add_error_reduce_89_46(&result[i1], &error_1[i1]); + invert_ntt_montgomery_241(&result[i1]); + add_error_reduce_89_42(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -2994,7 +3045,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_52(__m256i v) { +static core_core_arch_x86___m256i decompress_1_22( + core_core_arch_x86___m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3008,16 +3060,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_84(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_then_decompress_message_5a(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient_compressed = + core_core_arch_x86___m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_deserialize_1_ea( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, - uint8_t)); - re.coefficients[i0] = decompress_1_52(coefficient_compressed);); + (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + re.coefficients[i0] = decompress_1_22(coefficient_compressed);); return re; } @@ -3032,19 +3084,19 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_37( +add_message_error_reduce_89_07( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient_normal_form = + core_core_arch_x86___m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( result.coefficients[i0], (int16_t)1441); - __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea(self->coefficients[i0], - &message->coefficients[i0]); - __m256i tmp0 = + core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &message->coefficients[i0]); + core_core_arch_x86___m256i tmp0 = libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); result.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); @@ -3052,9 +3104,6 @@ add_message_error_reduce_89_37( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3062,18 +3111,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_041( +compute_ring_element_v_af1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_be1(&result); - result = add_message_error_reduce_89_37(error_2, message, result); + ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ce1(&result, &product);); + invert_ntt_montgomery_241(&result); + result = add_message_error_reduce_89_07(error_2, message, result); return result; } @@ -3083,43 +3132,61 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 10 */ -static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_5d(__m256i vector) { - __m256i field_modulus_halved = mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = - mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = - mm256_slli_epi32((int32_t)10, coefficients_low0, __m256i); - __m256i compressed_low0 = - mm256_add_epi32(compressed_low, field_modulus_halved); - __m256i compressed_low1 = +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_ac(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = - mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = - mm256_and_si256(compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = - mm256_slli_epi32((int32_t)10, coefficients_high0, __m256i); - __m256i compressed_high0 = - mm256_add_epi32(compressed_high, field_modulus_halved); - __m256i compressed_high1 = + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - __m256i compressed_high2 = - mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = - mm256_and_si256(compressed_high2, coefficient_bits_mask); - __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); } /** @@ -3131,8 +3198,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_ea_e9(__m256i vector) { - return compress_ciphertext_coefficient_5d(vector); +static core_core_arch_x86___m256i compress_ea_69( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_ac(vector); } /** @@ -3141,20 +3209,23 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_f0( +static KRML_MUSTINLINE void compress_then_serialize_10_b2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = - compress_ea_e9(to_unsigned_representative_a4(re->coefficients[i0])); + core_core_arch_x86___m256i coefficient = + compress_ea_69(to_unsigned_representative_d2(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -3165,43 +3236,61 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 11 */ -static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_5d0(__m256i vector) { - __m256i field_modulus_halved = mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = - mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = - mm256_slli_epi32((int32_t)11, coefficients_low0, __m256i); - __m256i compressed_low0 = - mm256_add_epi32(compressed_low, field_modulus_halved); - __m256i compressed_low1 = +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_ac0(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = - mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = - mm256_and_si256(compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = - mm256_slli_epi32((int32_t)11, coefficients_high0, __m256i); - __m256i compressed_high0 = - mm256_add_epi32(compressed_high, field_modulus_halved); - __m256i compressed_high1 = + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - __m256i compressed_high2 = - mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = - mm256_and_si256(compressed_high2, coefficient_bits_mask); - __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); } /** @@ -3213,8 +3302,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_ea_e90(__m256i vector) { - return compress_ciphertext_coefficient_5d0(vector); +static core_core_arch_x86___m256i compress_ea_690( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_ac0(vector); } /** @@ -3224,16 +3314,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4d( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_36( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_f0(re, uu____0); + compress_then_serialize_10_b2(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3243,25 +3330,29 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_551( +static void compress_then_serialize_u_c51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_4d(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); + compress_then_serialize_ring_element_u_36(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -3271,43 +3362,61 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 4 */ -static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_5d1(__m256i vector) { - __m256i field_modulus_halved = mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = - mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = - mm256_slli_epi32((int32_t)4, coefficients_low0, __m256i); - __m256i compressed_low0 = - mm256_add_epi32(compressed_low, field_modulus_halved); - __m256i compressed_low1 = +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_ac1(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = - mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = - mm256_and_si256(compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = - mm256_slli_epi32((int32_t)4, coefficients_high0, __m256i); - __m256i compressed_high0 = - mm256_add_epi32(compressed_high, field_modulus_halved); - __m256i compressed_high1 = + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - __m256i compressed_high2 = - mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = - mm256_and_si256(compressed_high2, coefficient_bits_mask); - __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); } /** @@ -3319,8 +3428,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_ea_e91(__m256i vector) { - return compress_ciphertext_coefficient_5d1(vector); +static core_core_arch_x86___m256i compress_ea_691( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_ac1(vector); } /** @@ -3329,20 +3439,22 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_59( +static KRML_MUSTINLINE void compress_then_serialize_4_5a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = - compress_ea_e91(to_unsigned_representative_a4(re.coefficients[i0])); + core_core_arch_x86___m256i coefficient = + compress_ea_691(to_unsigned_representative_d2(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -3352,43 +3464,61 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 5 */ -static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_5d2(__m256i vector) { - __m256i field_modulus_halved = mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = - mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = - mm256_slli_epi32((int32_t)5, coefficients_low0, __m256i); - __m256i compressed_low0 = - mm256_add_epi32(compressed_low, field_modulus_halved); - __m256i compressed_low1 = +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_ac2(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = - mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = - mm256_and_si256(compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = - mm256_slli_epi32((int32_t)5, coefficients_high0, __m256i); - __m256i compressed_high0 = - mm256_add_epi32(compressed_high, field_modulus_halved); - __m256i compressed_high1 = + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - __m256i compressed_high2 = - mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = - mm256_and_si256(compressed_high2, coefficient_bits_mask); - __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); } /** @@ -3400,8 +3530,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_ea_e92(__m256i vector) { - return compress_ciphertext_coefficient_5d2(vector); +static core_core_arch_x86___m256i compress_ea_692( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_ac2(vector); } /** @@ -3410,20 +3541,22 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_73( +static KRML_MUSTINLINE void compress_then_serialize_5_a4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = - compress_ea_e92(to_unsigned_representative_a4(re.coefficients[i0])); + core_core_arch_x86___m256i coefficients = + compress_ea_692(to_unsigned_representative_d2(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -3434,52 +3567,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_dd( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_59(re, out); -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + compress_then_serialize_4_5a(re, out); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3497,25 +3589,22 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_c61( +static void encrypt_unpacked_d21( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_151(copy_of_prf_input0, 0U); + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_081(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = - sample_ring_element_cbd_001(copy_of_prf_input, domain_separator0); + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = sample_ring_element_cbd_c01(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3523,33 +3612,34 @@ static void encrypt_unpacked_c61( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_934(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); + PRF_a9_dd4( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + sample_from_binomial_distribution_730(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_6c1(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_7e1(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_84(copy_of_message); + deserialize_then_decompress_message_5a(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_041(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_af1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_551( + compress_then_serialize_u_c51( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); + uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_dd( - uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); + compress_then_serialize_ring_element_v_3c( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -3571,51 +3661,51 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_361( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e11( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_c61(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); + encrypt_unpacked_d21(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_9c0(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_100(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3629,20 +3719,15 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_a81(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_4b1(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - randomness, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -3650,14 +3735,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f23( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_493( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); + deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -3665,9 +3750,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f23( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_c5(ring_element); + deserialize_to_reduced_ring_element_7f(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -3692,52 +3777,49 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_8e1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_351(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_f23( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + deserialize_ring_elements_reduced_493( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a21(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + sample_matrix_A_ac1(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____0, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; + memcpy(uu____1, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + public_key_unpacked.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + memcpy(public_key_unpacked.seed_for_A, uu____2, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, + memcpy(public_key_unpacked.A, uu____1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_c61(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_d21(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -3752,11 +3834,12 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_4b1(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_ab1(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -3779,55 +3862,59 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_931( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_011( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_a81( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); + entropy_preprocess_af_4b1( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); uint8_t ret[32U]; - H_a9_651(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c20(public_key), - uint8_t), + H_a9_a11(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b0(public_key), + uint8_t, Eurydice_slice), ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e11( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c20(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b0(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_8e1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + encrypt_351(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9c0(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_100(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_4b1(shared_secret, shared_secret_array); + kdf_af_ab1(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3837,39 +3924,58 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 10 */ -static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_b7(__m256i vector) { - __m256i field_modulus = - mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = - mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = - mm256_mullo_epi32(coefficients_low0, field_modulus); - __m256i decompressed_low0 = - mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = - mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = - mm256_srli_epi32((int32_t)10, decompressed_low1, __m256i); - __m256i decompressed_low3 = - mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = - mm256_mullo_epi32(coefficients_high0, field_modulus); - __m256i decompressed_high0 = - mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = - mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = - mm256_srli_epi32((int32_t)10, decompressed_high1, __m256i); - __m256i decompressed_high3 = - mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); - __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_15(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)10); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); } /** @@ -3882,8 +3988,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_ea_d8(__m256i vector) { - return decompress_ciphertext_coefficient_b7(vector); +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_7b( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_15(vector); } /** @@ -3893,15 +4000,19 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_29(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_then_decompress_10_46(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d8(coefficient); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_7b(coefficient); } return re; } @@ -3912,39 +4023,58 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 11 */ -static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_b70(__m256i vector) { - __m256i field_modulus = - mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = - mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = - mm256_mullo_epi32(coefficients_low0, field_modulus); - __m256i decompressed_low0 = - mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = - mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = - mm256_srli_epi32((int32_t)11, decompressed_low1, __m256i); - __m256i decompressed_low3 = - mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = - mm256_mullo_epi32(coefficients_high0, field_modulus); - __m256i decompressed_high0 = - mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = - mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = - mm256_srli_epi32((int32_t)11, decompressed_high1, __m256i); - __m256i decompressed_high3 = - mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); - __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_150(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)11); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); } /** @@ -3957,8 +4087,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_ea_d80(__m256i vector) { - return decompress_ciphertext_coefficient_b70(vector); +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_7b0( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_150(vector); } /** @@ -3968,15 +4099,19 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_77(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_then_decompress_11_f4(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d80(coefficient); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_7b0(coefficient); } return re; } @@ -3988,8 +4123,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_ca(Eurydice_slice serialized) { - return deserialize_then_decompress_10_29(serialized); +deserialize_then_decompress_ring_element_u_80(Eurydice_slice serialized) { + return deserialize_then_decompress_10_46(serialized); } /** @@ -3998,23 +4133,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_29( +static KRML_MUSTINLINE void ntt_vector_u_10( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c4(&zeta_i, re); + ntt_at_layer_2_2d(&zeta_i, re); + ntt_at_layer_1_42(&zeta_i, re); + poly_barrett_reduce_89_e6(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4023,16 +4154,17 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_861( +static KRML_MUSTINLINE void deserialize_then_decompress_u_7f1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); + u_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), - uint8_t) / + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -4045,9 +4177,11 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_861( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_ca(u_bytes); - ntt_vector_u_29(&u_as_ntt[i0]); + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_then_decompress_ring_element_u_80(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_10(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4060,39 +4194,58 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 4 */ -static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_b71(__m256i vector) { - __m256i field_modulus = - mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = - mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = - mm256_mullo_epi32(coefficients_low0, field_modulus); - __m256i decompressed_low0 = - mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = - mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = - mm256_srli_epi32((int32_t)4, decompressed_low1, __m256i); - __m256i decompressed_low3 = - mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = - mm256_mullo_epi32(coefficients_high0, field_modulus); - __m256i decompressed_high0 = - mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = - mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = - mm256_srli_epi32((int32_t)4, decompressed_high1, __m256i); - __m256i decompressed_high3 = - mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); - __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_151(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)4); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); } /** @@ -4105,8 +4258,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_ea_d81(__m256i vector) { - return decompress_ciphertext_coefficient_b71(vector); +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_7b1( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_151(vector); } /** @@ -4116,15 +4270,18 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_a5(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_then_decompress_4_34(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d81(coefficient); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_7b1(coefficient); } return re; } @@ -4135,39 +4292,58 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 5 */ -static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_b72(__m256i vector) { - __m256i field_modulus = - mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = - mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = - mm256_mullo_epi32(coefficients_low0, field_modulus); - __m256i decompressed_low0 = - mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = - mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = - mm256_srli_epi32((int32_t)5, decompressed_low1, __m256i); - __m256i decompressed_low3 = - mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = - mm256_mullo_epi32(coefficients_high0, field_modulus); - __m256i decompressed_high0 = - mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = - mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = - mm256_srli_epi32((int32_t)5, decompressed_high1, __m256i); - __m256i decompressed_high3 = - mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); - __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_152(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)5); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); } /** @@ -4180,8 +4356,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_ea_d82(__m256i vector) { - return decompress_ciphertext_coefficient_b72(vector); +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_7b2( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_152(vector); } /** @@ -4191,16 +4368,19 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_d9(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_then_decompress_5_c0(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_d82(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_7b2(re.coefficients[i0]); } return re; } @@ -4212,8 +4392,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_ca(Eurydice_slice serialized) { - return deserialize_then_decompress_4_a5(serialized); +deserialize_then_decompress_ring_element_v_19(Eurydice_slice serialized) { + return deserialize_then_decompress_4_34(serialized); } /** @@ -4227,12 +4407,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_f9(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_89_36(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient_normal_form = + core_core_arch_x86___m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( b.coefficients[i0], (int16_t)1441); b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( @@ -4242,12 +4422,6 @@ subtract_reduce_89_f9(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4255,17 +4429,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_4c1( +compute_message_9b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_be1(&result); - result = subtract_reduce_89_f9(v, result); + ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ce1(&result, &product);); + invert_ntt_montgomery_241(&result); + result = subtract_reduce_89_36(v, result); return result; } @@ -4275,48 +4449,27 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_dc( +static KRML_MUSTINLINE void compress_then_serialize_message_b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_representative_a4(re.coefficients[i0]); - __m256i coefficient_compressed = + core_core_arch_x86___m256i coefficient = + to_unsigned_representative_d2(re.coefficients[i0]); + core_core_arch_x86___m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), - uint8_t);); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4327,19 +4480,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_f51( +static void decrypt_unpacked_131( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_861(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7f1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_ca( + deserialize_then_decompress_ring_element_v_19( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_4c1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_9b1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_dc(message, ret0); + compress_then_serialize_message_b1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4348,10 +4502,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_45(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -4365,8 +4520,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); +static KRML_MUSTINLINE void PRF_a9_dd3(Eurydice_slice input, uint8_t ret[32U]) { + PRF_45(input, ret); } /** @@ -4390,61 +4545,65 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_f51(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_131(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e11( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + libcrux_ml_kem_utils_into_padded_array_ea3( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_750(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_790(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret); + PRF_a9_dd3( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_c61(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_unpacked_d21(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_750(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); + libcrux_ml_kem_types_as_ref_00_790(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4456,35 +4615,35 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_cc(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_to_uncompressed_ring_element_42(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); } return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_6a1( +static KRML_MUSTINLINE void deserialize_secret_key_d61( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); + secret_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4492,9 +4651,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_6a1( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_cc(secret_bytes); + deserialize_to_uncompressed_ring_element_42(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4512,22 +4671,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_741(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_d91(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_6a1(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; + deserialize_secret_key_d61(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____0, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_f51(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_131(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4553,81 +4711,81 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_ff1( +void libcrux_ml_kem_ind_cca_decapsulate_261( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_741(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_d91(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e11( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_750(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_790(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_a9_dd3( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_8e1(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_351(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_4b1(Eurydice_array_to_slice( - (size_t)32U, implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); + kdf_af_ab1( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_4b1(shared_secret0, shared_secret); + kdf_af_ab1(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_750(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), + libcrux_ml_kem_types_as_ref_00_790(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4635,14 +4793,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f22( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_492( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); + deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4650,9 +4808,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f22( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_c5(ring_element); + deserialize_to_reduced_ring_element_7f(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4660,9 +4818,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f22( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4670,34 +4825,34 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_ae0( +static KRML_MUSTINLINE void serialize_secret_key_7f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + serialize_uncompressed_ring_element_af(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4706,20 +4861,24 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_d00( +static KRML_MUSTINLINE void serialize_public_key_940( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; - serialize_secret_key_ae0(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( + serialize_secret_key_7f0(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t), - seed_for_a, uint8_t); + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -4731,18 +4890,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_770(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_6c0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_f22( + deserialize_ring_elements_reduced_492( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_d00( + serialize_public_key_940( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -4770,7 +4929,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_a9_680(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_e10(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -4780,10 +4939,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static void closure_b80( +static void closure_b90( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_d5();); + ret[i] = ZERO_89_9b();); } /** @@ -4792,14 +4951,15 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_4d0(uint8_t input[4U][34U]) { +shake128_init_absorb_b40(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t)); + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); return state; } @@ -4813,11 +4973,10 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_ca0(uint8_t input[4U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[4U][34U]; - memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_4d0(copy_of_input); +shake128_init_absorb_a9_cf0(uint8_t input[4U][34U]) { + uint8_t uu____0[4U][34U]; + memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b40(uu____0); } /** @@ -4826,7 +4985,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b0( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_980( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -4834,10 +4993,10 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b0( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -4863,52 +5022,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d0( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_c00( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_6b0(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_three_blocks_980(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -4916,7 +5034,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f91( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4927,11 +5045,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -4953,7 +5072,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_1b0( +static KRML_MUSTINLINE void shake128_squeeze_block_aa0( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -4961,10 +5080,10 @@ static KRML_MUSTINLINE void shake128_squeeze_block_1b0( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -4989,52 +5108,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a0( +static KRML_MUSTINLINE void shake128_squeeze_block_a9_a30( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_1b0(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_block_aa0(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5042,7 +5120,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f92( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -5053,11 +5131,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5080,10 +5159,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_190( int16_t s[272U]) { - return from_i16_array_89_10( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); + return from_i16_array_89_46(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } /** @@ -5092,43 +5171,38 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_b00( +static KRML_MUSTINLINE void sample_from_xof_af0( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[4U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_ca0(copy_of_seeds); + shake128_init_absorb_a9_cf0(uu____0); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_a9_4d0(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[4U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb1( - copy_of_randomness0, sampled_coefficients, out); + shake128_squeeze_three_blocks_a9_c00(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_f91( + uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_block_a9_5a0(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[4U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb2( - copy_of_randomness, sampled_coefficients, out); + shake128_squeeze_block_a9_a30(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_f92( + uu____2, sampled_coefficients, out); } } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[4U][272U]; - memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_790(copy_of_out[i]);); + ret0[i] = closure_190(uu____3[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -5140,33 +5214,32 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_a20( +static KRML_MUSTINLINE void sample_matrix_A_ac0( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_b80(A_transpose[i]);); + closure_b90(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[4U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_b00(copy_of_seeds, sampled); + sample_from_xof_af0(uu____1, sampled); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -5175,9 +5248,7 @@ static KRML_MUSTINLINE void sample_matrix_A_a20( } else { A_transpose[i1][j] = sample; } - } - - ); + }); memcpy(ret, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); @@ -5200,7 +5271,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_661(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -5208,14 +5279,14 @@ static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -5241,15 +5312,11 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_a11(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_1c1(input, ret); + PRFxN_661(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5258,45 +5325,41 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_080( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + re_as_ntt[i] = ZERO_89_9b();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); + PRFxN_a9_a11(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_730(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_b2(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; memcpy( - copy_of_re_as_ntt, re_as_ntt, + uu____2, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_71 lit; memcpy( - lit.fst, copy_of_re_as_ntt, + lit.fst, uu____2, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -5307,13 +5370,15 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_970( +static KRML_MUSTINLINE void add_to_ring_element_89_ce0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice( - (size_t)16U, self->coefficients, __m256i), - __m256i); + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -5321,94 +5386,52 @@ static KRML_MUSTINLINE void add_to_ring_element_89_970( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_f00( +static KRML_MUSTINLINE void compute_As_plus_e_580( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_d5();); + result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_970(&result[i1], &product); + ntt_multiply_89_44(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ce0(&result[i1], &product); } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_06(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5417,75 +5440,69 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_54 generate_keypair_unpacked_6c0( +static tuple_54 generate_keypair_unpacked_650( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_680(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); + G_a9_e10(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a20(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_ac0(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_150(copy_of_prf_input0, 0U); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_080(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_150(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_080(uu____3, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_f00(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_580(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[4U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____4, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[4U] - [4U]; - memcpy(copy_of_A_transpose, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U][4U]; + memcpy(uu____5, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, + pk.t_as_ntt, uu____4, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[4U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____7, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, + sk.secret_as_ntt, uu____7, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); } @@ -5503,10 +5520,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_1a0( +static void closure_760( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_d5();); + ret[i] = ZERO_89_9b();); } /** @@ -5518,7 +5535,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_a10(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -5535,26 +5552,27 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c00(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_54 uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); + size_t, Eurydice_slice); + tuple_54 uu____0 = generate_keypair_unpacked_650(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_1a0(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_760(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_25(&ind_cpa_public_key.A[j][i1]); + clone_d5_6d(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5564,39 +5582,36 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c00(uint8_t randomness[64U]) { (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_d00( + serialize_public_key_940( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), + uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), + H_a9_a10(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); + uint8_t[32U], void *); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + memcpy(uu____5.implicit_rejection_value, uu____4, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + memcpy(lit.public_key.public_key_hash, uu____7, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -5612,36 +5627,28 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e30( Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_6c0(key_generation_seed); + tuple_54 uu____0 = generate_keypair_unpacked_650(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_d00( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); + serialize_public_key_940(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_ae0(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1536U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1568U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); + serialize_secret_key_7f0(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1536U]; + memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____2[1568U]; + memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -5649,7 +5656,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_750( +static KRML_MUSTINLINE void serialize_kem_secret_key_f60( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5657,48 +5664,46 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_750( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), - uint8_t), - private_key, uint8_t); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t); + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), - uint8_t), - public_key, uint8_t); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t); + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); uint8_t ret0[32U]; - H_a9_650(public_key, ret0); - Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + H_a9_a10(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), - uint8_t), - implicit_rejection_value, uint8_t); + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5712,35 +5717,39 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_360(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_990(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_e10(ind_cpa_keypair_randomness); + generate_keypair_e30(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_750( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), + serialize_kem_secret_key_f60( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[3168U]; + memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_22_a71(secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____1 = private_key; - return libcrux_ml_kem_types_from_17_d51( - uu____1, libcrux_ml_kem_types_from_c7_141(public_key)); + libcrux_ml_kem_types_from_05_701(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_eb1( + uu____2, libcrux_ml_kem_types_from_b6_a31(uu____3)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5750,36 +5759,34 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_000(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_c00(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + error_1[i] = ZERO_89_9b();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); + PRFxN_a9_a11(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + sample_from_binomial_distribution_730(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; memcpy( - copy_of_error_1, error_1, + uu____2, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_71 lit; memcpy( - lit.fst, copy_of_error_1, + lit.fst, uu____2, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -5795,9 +5802,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_932(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_dd2(Eurydice_slice input, uint8_t ret[128U]) { - PRF_420(input, ret); + PRF_450(input, ret); } /** @@ -5806,70 +5813,66 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_be0( +static KRML_MUSTINLINE void invert_ntt_montgomery_240( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_04(&zeta_i, re); - invert_ntt_at_layer_2_18(&zeta_i, re); - invert_ntt_at_layer_3_94(&zeta_i, re); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); + invert_ntt_at_layer_1_38(&zeta_i, re); + invert_ntt_at_layer_2_53(&zeta_i, re); + invert_ntt_at_layer_3_b7(&zeta_i, re); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_e6(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_6c0( +static KRML_MUSTINLINE void compute_vector_u_7e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_d5();); + result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_970(&result[i1], &product); + ntt_multiply_89_44(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ce0(&result[i1], &product); } - invert_ntt_montgomery_be0(&result[i1]); - add_error_reduce_89_46(&result[i1], &error_1[i1]); + invert_ntt_montgomery_240(&result[i1]); + add_error_reduce_89_42(&result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5877,18 +5880,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_040( +compute_ring_element_v_af0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_be0(&result); - result = add_message_error_reduce_89_37(error_2, message, result); + ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ce0(&result, &product);); + invert_ntt_montgomery_240(&result); + result = add_message_error_reduce_89_07(error_2, message, result); return result; } @@ -5898,20 +5901,23 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_630( +static KRML_MUSTINLINE void compress_then_serialize_11_490( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = - compress_ea_e90(to_unsigned_representative_a4(re->coefficients[i0])); + core_core_arch_x86___m256i coefficient = + compress_ea_690(to_unsigned_representative_d2(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } @@ -5923,16 +5929,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4d0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_360( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_630(re, uu____0); + compress_then_serialize_11_490(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5942,25 +5945,29 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_550( +static void compress_then_serialize_u_c50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, + Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_4d0(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); + compress_then_serialize_ring_element_u_360(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -5971,52 +5978,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_dd0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_73(re, out); -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + compress_then_serialize_5_a4(re, out); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -6034,25 +6000,22 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_c60( +static void encrypt_unpacked_d20( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_150(copy_of_prf_input0, 0U); + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_080(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = - sample_ring_element_cbd_000(copy_of_prf_input, domain_separator0); + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = sample_ring_element_cbd_c00(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -6060,33 +6023,35 @@ static void encrypt_unpacked_c60( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_932(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); + PRF_a9_dd2( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + sample_from_binomial_distribution_730(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_6c0(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_7e0(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_84(copy_of_message); + deserialize_then_decompress_message_5a(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_040(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_af0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_550( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, - (size_t)1408U, uint8_t)); + compress_then_serialize_u_c50( + uu____5, + Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, + uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_dd0( - uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); + compress_then_serialize_ring_element_v_3c0( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } @@ -6108,51 +6073,51 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_360( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e10( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_c60(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); + encrypt_unpacked_d20(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_9c1(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_101(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6166,20 +6131,15 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_a80(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_4b0(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - randomness, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6187,14 +6147,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f21( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_491( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); + deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6202,9 +6162,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f21( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_c5(ring_element); + deserialize_to_reduced_ring_element_7f(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6229,52 +6189,49 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_8e0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_350(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_f21( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), + deserialize_ring_elements_reduced_491( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a20(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + sample_matrix_A_ac0(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____0, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[4U][4U]; - memcpy(copy_of_A, A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[4U][4U]; + memcpy(uu____1, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + public_key_unpacked.t_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + memcpy(public_key_unpacked.seed_for_A, uu____2, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, + memcpy(public_key_unpacked.A, uu____1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_c60(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_d20(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -6289,11 +6246,12 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_4b0(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_ab0(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -6316,55 +6274,59 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_930( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_010( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_a80( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); + entropy_preprocess_af_4b0( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); uint8_t ret[32U]; - H_a9_650(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_c21(public_key), - uint8_t), + H_a9_a10(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3b1(public_key), + uint8_t, Eurydice_slice), ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e10( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_c21(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3b1(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_8e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); + encrypt_350(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9c1(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_101(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_4b0(shared_secret, shared_secret_array); + kdf_af_ab0(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6375,8 +6337,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_ca0(Eurydice_slice serialized) { - return deserialize_then_decompress_11_77(serialized); +deserialize_then_decompress_ring_element_u_800(Eurydice_slice serialized) { + return deserialize_then_decompress_11_f4(serialized); } /** @@ -6385,23 +6347,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_290( +static KRML_MUSTINLINE void ntt_vector_u_100( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c4(&zeta_i, re); + ntt_at_layer_2_2d(&zeta_i, re); + ntt_at_layer_1_42(&zeta_i, re); + poly_barrett_reduce_89_e6(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6410,16 +6368,17 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_860( +static KRML_MUSTINLINE void deserialize_then_decompress_u_7f0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); + u_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), - uint8_t) / + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -6432,9 +6391,11 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_860( (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, - uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_ca0(u_bytes); - ntt_vector_u_290(&u_as_ntt[i0]); + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_then_decompress_ring_element_u_800(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_100(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6448,16 +6409,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_ca0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_d9(serialized); +deserialize_then_decompress_ring_element_v_190(Eurydice_slice serialized) { + return deserialize_then_decompress_5_c0(serialized); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6465,44 +6420,20 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_4c0( +compute_message_9b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_be0(&result); - result = subtract_reduce_89_f9(v, result); + ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ce0(&result, &product);); + invert_ntt_montgomery_240(&result); + result = subtract_reduce_89_36(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6513,19 +6444,20 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_f50( +static void decrypt_unpacked_130( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_860(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7f0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_ca0( + deserialize_then_decompress_ring_element_v_190( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_4c0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_9b0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_dc(message, ret0); + compress_then_serialize_message_b1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6539,8 +6471,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); +static KRML_MUSTINLINE void PRF_a9_dd1(Eurydice_slice input, uint8_t ret[32U]) { + PRF_45(input, ret); } /** @@ -6564,83 +6496,84 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_f50(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_130(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e10( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + libcrux_ml_kem_utils_into_padded_array_ea4( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_751(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_791(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret); + PRF_a9_dd1( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_c60(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_unpacked_d20(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_751(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); + libcrux_ml_kem_types_as_ref_00_791(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_6a0( +static KRML_MUSTINLINE void deserialize_secret_key_d60( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); + secret_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6648,9 +6581,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_6a0( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_cc(secret_bytes); + deserialize_to_uncompressed_ring_element_42(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6668,22 +6601,21 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_740(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_d90(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_6a0(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; + deserialize_secret_key_d60(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____0, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + secret_key_unpacked.secret_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_f50(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_130(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6709,82 +6641,82 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_ff0( +void libcrux_ml_kem_ind_cca_decapsulate_260( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_740(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_d90(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e10( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_751(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_791(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_a9_dd1( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_8e0(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_350(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_4b0(Eurydice_array_to_slice( - (size_t)32U, implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); + kdf_af_ab0( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_4b0(shared_secret0, shared_secret); + kdf_af_ab0(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_751(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), + libcrux_ml_kem_types_as_ref_00_791(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6792,14 +6724,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f20( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_490( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); + deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6807,9 +6739,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f20( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_c5(ring_element); + deserialize_to_reduced_ring_element_7f(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6817,9 +6749,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f20( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6827,34 +6756,34 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_ae( +static KRML_MUSTINLINE void serialize_secret_key_7f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + serialize_uncompressed_ring_element_af(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6863,20 +6792,23 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_d0( +static KRML_MUSTINLINE void serialize_public_key_94( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; - serialize_secret_key_ae(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( + serialize_secret_key_7f(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t), - seed_for_a, uint8_t); + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -6888,18 +6820,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_77(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_6c(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_f20( + deserialize_ring_elements_reduced_490( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_d0( + serialize_public_key_94( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -6927,7 +6859,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_a9_68(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_e1(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -6937,10 +6869,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static void closure_b8( +static void closure_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_d5();); + ret[i] = ZERO_89_9b();); } /** @@ -6949,14 +6881,15 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_4d(uint8_t input[2U][34U]) { +shake128_init_absorb_b4(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); return state; } @@ -6970,11 +6903,10 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_ca(uint8_t input[2U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[2U][34U]; - memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_4d(copy_of_input); +shake128_init_absorb_a9_cf(uint8_t input[2U][34U]) { + uint8_t uu____0[2U][34U]; + memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b4(uu____0); } /** @@ -6983,7 +6915,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_98( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -6991,10 +6923,10 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -7014,52 +6946,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_c0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_6b(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_three_blocks_98(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7067,7 +6958,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f9( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -7078,11 +6969,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7104,7 +6996,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_1b( +static KRML_MUSTINLINE void shake128_squeeze_block_aa( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -7112,10 +7004,10 @@ static KRML_MUSTINLINE void shake128_squeeze_block_1b( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -7134,52 +7026,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a( +static KRML_MUSTINLINE void shake128_squeeze_block_a9_a3( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_1b(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_block_aa(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7187,7 +7038,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f90( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -7198,11 +7049,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7225,10 +7077,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_19( int16_t s[272U]) { - return from_i16_array_89_10( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); + return from_i16_array_89_46(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } /** @@ -7237,43 +7089,38 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_b0( +static KRML_MUSTINLINE void sample_from_xof_af( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[2U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_ca(copy_of_seeds); + shake128_init_absorb_a9_cf(uu____0); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_a9_4d(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[2U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb( - copy_of_randomness0, sampled_coefficients, out); + shake128_squeeze_three_blocks_a9_c0(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_f9( + uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_block_a9_5a(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[2U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb0( - copy_of_randomness, sampled_coefficients, out); + shake128_squeeze_block_a9_a3(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_f90( + uu____2, sampled_coefficients, out); } } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[2U][272U]; - memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_79(copy_of_out[i]);); + ret0[i] = closure_19(uu____3[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -7285,33 +7132,32 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_a2( +static KRML_MUSTINLINE void sample_matrix_A_ac( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_b8(A_transpose[i]);); + closure_b9(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[2U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_b0(copy_of_seeds, sampled); + sample_from_xof_af(uu____1, sampled); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -7320,9 +7166,7 @@ static KRML_MUSTINLINE void sample_matrix_A_a2( } else { A_transpose[i1][j] = sample; } - } - - ); + }); memcpy(ret, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); @@ -7345,7 +7189,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_66(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; uint8_t out0[192U] = {0U}; @@ -7353,14 +7197,14 @@ static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], uint8_t out2[192U] = {0U}; uint8_t out3[192U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t), - Eurydice_array_to_slice((size_t)192U, out2, uint8_t), - Eurydice_array_to_slice((size_t)192U, out3, uint8_t)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[192U]; memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); @@ -7380,9 +7224,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_a9_51(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_a1(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_1c(input, ret); + PRFxN_66(input, ret); } /** @@ -7392,14 +7236,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_47(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_43(randomness); +sample_from_binomial_distribution_73(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_c4(randomness); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7408,45 +7248,41 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_08( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + re_as_ntt[i] = ZERO_89_9b();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_a9_51(prf_inputs, prf_outputs); + PRFxN_a9_a1(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_73(Eurydice_array_to_slice( + (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_b2(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; memcpy( - copy_of_re_as_ntt, re_as_ntt, + uu____2, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_74 lit; memcpy( - lit.fst, copy_of_re_as_ntt, + lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -7457,13 +7293,15 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_97( +static KRML_MUSTINLINE void add_to_ring_element_89_ce( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice( - (size_t)16U, self->coefficients, __m256i), - __m256i); + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -7471,94 +7309,52 @@ static KRML_MUSTINLINE void add_to_ring_element_89_97( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_f0( +static KRML_MUSTINLINE void compute_As_plus_e_58( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_d5();); + result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_97(&result[i1], &product); + ntt_multiply_89_44(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ce(&result[i1], &product); } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_06(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7567,75 +7363,69 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_6c( +static tuple_4c generate_keypair_unpacked_65( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); + G_a9_e1(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a2(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_ac(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_15(copy_of_prf_input0, 0U); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_08(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_15(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_08(uu____3, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_58(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[2U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____4, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[2U] - [2U]; - memcpy(copy_of_A_transpose, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U][2U]; + memcpy(uu____5, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, + pk.t_as_ntt, uu____4, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[2U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____7, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, + sk.secret_as_ntt, uu____7, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); } @@ -7653,10 +7443,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_1a( +static void closure_76( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_d5();); + ret[i] = ZERO_89_9b();); } /** @@ -7668,7 +7458,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_a1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -7685,26 +7475,27 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_4c uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); + size_t, Eurydice_slice); + tuple_4c uu____0 = generate_keypair_unpacked_65(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_1a(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_76(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_25(&ind_cpa_public_key.A[j][i1]); + clone_d5_6d(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7714,39 +7505,36 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c0(uint8_t randomness[64U]) { (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_d0( + serialize_public_key_94( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), + uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), + H_a9_a1(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); + uint8_t[32U], void *); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + memcpy(uu____5.implicit_rejection_value, uu____4, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + memcpy(lit.public_key.public_key_hash, uu____7, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -7762,36 +7550,28 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e3( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_6c(key_generation_seed); + tuple_4c uu____0 = generate_keypair_unpacked_65(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_d0( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); + serialize_public_key_94(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[768U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[800U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)800U * sizeof(uint8_t)); + serialize_secret_key_7f(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[768U]; + memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____2[800U]; + memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -7799,7 +7579,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_75( +static KRML_MUSTINLINE void serialize_kem_secret_key_f6( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -7807,48 +7587,46 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_75( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), - uint8_t), - private_key, uint8_t); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t); + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), - uint8_t), - public_key, uint8_t); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t); + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); uint8_t ret0[32U]; - H_a9_65(public_key, ret0); - Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + H_a9_a1(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), - uint8_t), - implicit_rejection_value, uint8_t); + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7861,31 +7639,38 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_36( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_99( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_e1(ind_cpa_keypair_randomness); + generate_keypair_e3(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_75( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), + serialize_kem_secret_key_f6( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[1632U]; + memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_22_a7(secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____1 = private_key; - return libcrux_ml_kem_types_from_17_d5( - uu____1, libcrux_ml_kem_types_from_c7_14(public_key)); + libcrux_ml_kem_types_from_05_70(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; + uint8_t uu____3[800U]; + memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_eb( + uu____2, libcrux_ml_kem_types_from_b6_a3(uu____3)); } /** @@ -7894,7 +7679,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_660(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -7902,14 +7687,14 @@ static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -7929,14 +7714,11 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_a10(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_1c0(input, ret); + PRFxN_660(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7946,36 +7728,34 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_00(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_c0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + error_1[i] = ZERO_89_9b();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_a9_510(prf_inputs, prf_outputs); + PRFxN_a9_a10(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + sample_from_binomial_distribution_730(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; memcpy( - copy_of_error_1, error_1, + uu____2, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_74 lit; memcpy( - lit.fst, copy_of_error_1, + lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -7991,9 +7771,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_930(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_dd0(Eurydice_slice input, uint8_t ret[128U]) { - PRF_420(input, ret); + PRF_450(input, ret); } /** @@ -8002,70 +7782,66 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_be( +static KRML_MUSTINLINE void invert_ntt_montgomery_24( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_04(&zeta_i, re); - invert_ntt_at_layer_2_18(&zeta_i, re); - invert_ntt_at_layer_3_94(&zeta_i, re); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); + invert_ntt_at_layer_1_38(&zeta_i, re); + invert_ntt_at_layer_2_53(&zeta_i, re); + invert_ntt_at_layer_3_b7(&zeta_i, re); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_e6(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_6c( +static KRML_MUSTINLINE void compute_vector_u_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_d5();); + result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_97(&result[i1], &product); + ntt_multiply_89_44(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ce(&result[i1], &product); } - invert_ntt_montgomery_be(&result[i1]); - add_error_reduce_89_46(&result[i1], &error_1[i1]); + invert_ntt_montgomery_24(&result[i1]); + add_error_reduce_89_42(&result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8073,24 +7849,21 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_04( +compute_ring_element_v_af( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_be(&result); - result = add_message_error_reduce_89_37(error_2, message, result); + ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ce(&result, &product);); + invert_ntt_montgomery_24(&result); + result = add_message_error_reduce_89_07(error_2, message, result); return result; } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8100,69 +7873,32 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_55( +static void compress_then_serialize_u_c5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, + Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_4d(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); + compress_then_serialize_ring_element_u_36(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -8180,25 +7916,22 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_c6( +static void encrypt_unpacked_d2( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_15(copy_of_prf_input0, 0U); + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_08(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = - sample_ring_element_cbd_00(copy_of_prf_input, domain_separator0); + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____3 = sample_ring_element_cbd_c0(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -8206,33 +7939,34 @@ static void encrypt_unpacked_c6( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_930(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); + PRF_a9_dd0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + sample_from_binomial_distribution_730(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_6c(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_7e(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_84(copy_of_message); + deserialize_then_decompress_message_5a(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_04(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_af(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_55( + compress_then_serialize_u_c5( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t)); + uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_dd( - uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); + compress_then_serialize_ring_element_v_3c( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } @@ -8254,51 +7988,51 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_36( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_c6(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); + encrypt_unpacked_d2(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_10(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8312,20 +8046,15 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_a8(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_4b(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - randomness, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -8333,14 +8062,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_49( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); + deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8348,9 +8077,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f2( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_c5(ring_element); + deserialize_to_reduced_ring_element_7f(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8375,52 +8104,49 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_8e(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_35(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_f2( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), + deserialize_ring_elements_reduced_49( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a2(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + sample_matrix_A_ac(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____0, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[2U][2U]; - memcpy(copy_of_A, A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[2U][2U]; + memcpy(uu____1, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + public_key_unpacked.t_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + memcpy(public_key_unpacked.seed_for_A, uu____2, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, + memcpy(public_key_unpacked.A, uu____1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_c6(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_d2(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -8435,11 +8161,12 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_4b(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_ab(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -8462,62 +8189,62 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_93( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_01( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_a8( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); + entropy_preprocess_af_4b( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); uint8_t ret[32U]; - H_a9_65(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), - uint8_t), + H_a9_a1(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), + uint8_t, Eurydice_slice), ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_8e(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); + encrypt_35(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_10(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_4b(shared_secret, shared_secret_array); + kdf_af_ab(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8526,16 +8253,17 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_86( +static KRML_MUSTINLINE void deserialize_then_decompress_u_7f( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); + u_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), - uint8_t) / + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -8548,21 +8276,17 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_86( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_ca(u_bytes); - ntt_vector_u_29(&u_as_ntt[i0]); + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_then_decompress_ring_element_u_80(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_10(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8570,44 +8294,20 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_4c( +compute_message_9b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_be(&result); - result = subtract_reduce_89_f9(v, result); + ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ce(&result, &product);); + invert_ntt_montgomery_24(&result); + result = subtract_reduce_89_36(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8618,19 +8318,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_f5( +static void decrypt_unpacked_13( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_86(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7f(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_ca( + deserialize_then_decompress_ring_element_v_19( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_4c(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_9b(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_dc(message, ret0); + compress_then_serialize_message_b1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8644,8 +8345,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); +static KRML_MUSTINLINE void PRF_a9_dd(Eurydice_slice input, uint8_t ret[32U]) { + PRF_45(input, ret); } /** @@ -8669,82 +8370,83 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_f5(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_13(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + libcrux_ml_kem_utils_into_padded_array_ea0( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_75(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_79(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret); + PRF_a9_dd( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_c6(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_unpacked_d2(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_75(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); + libcrux_ml_kem_types_as_ref_00_79(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_6a( +static KRML_MUSTINLINE void deserialize_secret_key_d6( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); + secret_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8752,9 +8454,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_6a( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_cc(secret_bytes); + deserialize_to_uncompressed_ring_element_42(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8772,22 +8474,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_74(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_d9(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_6a(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; + deserialize_secret_key_d6(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____0, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + secret_key_unpacked.secret_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_f5(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_13(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8813,70 +8514,77 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_ff( +void libcrux_ml_kem_ind_cca_decapsulate_26( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_74(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_d9(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_75(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_79(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_a9_dd( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_8e(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_35(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_4b(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); + kdf_af_ab( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_4b(shared_secret0, shared_secret); + kdf_af_ab(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_75(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), + libcrux_ml_kem_types_as_ref_00_79(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index b79663481..449e5df23 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem_avx2_H @@ -30,311 +30,335 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); -__m256i libcrux_ml_kem_vector_avx2_zero(void); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); -__m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( + Eurydice_slice array); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( + Eurydice_slice array); -void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, int16_t ret[16U]); +void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, + int16_t ret[16U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]); +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, + int16_t ret[16U]); -__m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); -__m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); -__m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - __m256i vector, int16_t constant); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, - int16_t c); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + core_core_arch_x86___m256i v, int16_t c); -__m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - __m256i vector, int16_t constant); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - __m256i vector, int16_t constant); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant); -__m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - __m256i vector); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( + core_core_arch_x86___m256i vector); #define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ ((int16_t)20159) -/** - See Section 3.2 of the implementation notes document for an explanation - of this code. -*/ -__m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + core_core_arch_x86___m256i vector); -__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - __m256i vector, int16_t constant); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - __m256i vector, int16_t constant); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant); -__m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - __m256i vector); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( + core_core_arch_x86___m256i vector); -__m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, - __m256i rhs); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); -__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - __m256i v, __m256i c); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); -__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); -__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(__m256i vector, - int16_t zeta0, - int16_t zeta1); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); -__m128i +core_core_arch_x86___m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - __m128i v, __m128i c); + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); -__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, - int16_t zeta); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, - int16_t zeta); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta); -__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); -__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector, - int16_t zeta0, - int16_t zeta1); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); -__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(__m256i vector, - int16_t zeta); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, - int16_t zeta); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta); -__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v); -__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(__m256i lhs, __m256i rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, - int16_t zeta3); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -void libcrux_ml_kem_vector_avx2_serialize_serialize_1(__m256i vector, - uint8_t ret[2U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, uint8_t ret[2U]); +void libcrux_ml_kem_vector_avx2_serialize_1_ea( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_4(__m256i vector, - uint8_t ret[8U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, uint8_t ret[8U]); +void libcrux_ml_kem_vector_avx2_serialize_4_ea( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( + Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_5(__m256i vector, - uint8_t ret[10U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, - uint8_t ret[10U]); +void libcrux_ml_kem_vector_avx2_serialize_5_ea( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( + Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_10(__m256i vector, - uint8_t ret[20U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, - uint8_t ret[20U]); +void libcrux_ml_kem_vector_avx2_serialize_10_ea( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( + Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_11(__m256i vector, - uint8_t ret[22U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, - uint8_t ret[22U]); +void libcrux_ml_kem_vector_avx2_serialize_11_ea( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( + Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_12(__m256i vector, - uint8_t ret[24U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, - uint8_t ret[24U]); +void libcrux_ml_kem_vector_avx2_serialize_12_ea( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( + Eurydice_slice bytes); size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( Eurydice_slice input, Eurydice_slice output); @@ -350,7 +374,8 @@ size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} */ -__m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( + core_core_arch_x86___m256i *self); /** A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement @@ -358,7 +383,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector */ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - __m256i coefficients[16U]; + core_core_arch_x86___m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2; /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 0f4ebe8f1..e82ce94ef 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem_neon.h" @@ -17,7 +17,8 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -25,6 +26,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index ab7713427..138774405 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 4c5b233f3..8cd0d81d5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "internal/libcrux_mlkem_portable.h" @@ -20,7 +20,8 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -28,7 +29,8 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -73,8 +75,10 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( int16_t ret[16U]; core_result_Result_c0 dst; Eurydice_slice_to_array2( - &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), - Eurydice_slice, int16_t[16U]); + &dst, + Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, + Eurydice_slice), + Eurydice_slice, int16_t[16U], void *); core_result_unwrap_41_f9(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; @@ -91,64 +95,68 @@ libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { KRML_MUSTINLINE uint8_t_x11 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *); + uint8_t r0 = + (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)31) << 3U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 8U); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 5U); - uint8_t r3 = - (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 2U & - (int16_t)255); + uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)127) << 1U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 10U); uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 7U); uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)1) << 7U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 4U); - uint8_t r7 = - (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) >> 1U & - (int16_t)255); + uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) >> + 1U & + (int16_t)255); uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 9U); uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)7) << 5U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 6U); - uint8_t r10 = - (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) >> 3U); + uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) >> + 3U); return (CLITERAL(uint8_t_x11){.fst = r0, .snd = r1, .thd = r2, @@ -166,11 +174,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[22U]) { uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); uint8_t_x11 r11_21 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t)); + int16_t, Eurydice_slice)); uint8_t result[22U] = {0U}; result[0U] = r0_10.fst; result[1U] = r0_10.snd; @@ -210,56 +219,66 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes) { - int16_t r0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); - int16_t r1 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> - 3U; - int16_t r2 = - (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> - 6U; - int16_t r3 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) >> - 1U; - int16_t r4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) >> - 4U; - int16_t r5 = - (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> - 7U; - int16_t r6 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> - 2U; - int16_t r7 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) >> - 5U; + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 3U; + int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) >> + 1U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 7U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) >> + 5U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -295,10 +314,12 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) { KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, + Eurydice_slice)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, + Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -997,19 +1018,6 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } -/** - Signed Barrett Reduction - - Given an input `value`, `barrett_reduce` outputs a representative `result` - such that: - - - result ≡ value (mod FIELD_MODULUS) - - the absolute value of `result` is bound as follows: - - `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) - - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { int32_t t = (int32_t)value * @@ -1045,20 +1053,6 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } -/** - Signed Montgomery Reduction - - Given an input `value`, `montgomery_reduce` outputs a representative `o` - such that: - - - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - - the absolute value of `o` is bound as follows: - - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) - - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { int32_t k = @@ -1077,17 +1071,6 @@ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( return value_high - c; } -/** - If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to - `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to - `x · y`, as follows: - - `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` - - `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a - representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod - FIELD_MODULUS)`. -*/ KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { @@ -1119,28 +1102,6 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, r); } -/** - The `compress_*` functions implement the `Compress` function specified in the - NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: - - ```plaintext - Compress_d: ℤq -> ℤ_{2ᵈ} - Compress_d(x) = ⌈(2ᵈ/q)·x⌋ - ``` - - Since `⌈x⌋ = ⌊x + 1/2⌋` we have: - - ```plaintext - Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ - = ⌊(2^{d+1}·x + q) / 2q⌋ - ``` - - For further information about the function implementations, consult the - `implementation_notes.pdf` document in this directory. - - The NIST FIPS 203 standard can be found at - . -*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { int16_t shifted = (int16_t)1664 - (int16_t)fe; @@ -1413,28 +1374,6 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, @@ -1526,17 +1465,19 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { libcrux_ml_kem_vector_portable_vector_type_zero(); KRML_MAYBE_FOR8( i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)0U, uint8_t, uint8_t *) >> - (uint32_t)i0 & - 1U);); + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)i0 & + 1U);); for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)1U, uint8_t, uint8_t *) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); } return result; } @@ -1552,26 +1493,26 @@ libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x4 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *); - uint8_t result1 = - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *); - uint8_t result2 = - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *); - uint8_t result3 = - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *); + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); return (CLITERAL(uint8_t_x4){ .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } @@ -1582,11 +1523,11 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( uint8_t_x4 result0_3 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t)); + int16_t, Eurydice_slice)); uint8_t_x4 result4_7 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t)); + int16_t, Eurydice_slice)); uint8_t result[8U] = {0U}; result[0U] = result0_3.fst; result[1U] = result0_3.snd; @@ -1612,32 +1553,32 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, - uint8_t, uint8_t *) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, - uint8_t, uint8_t *) >> + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> 4U & 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) & + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) >> + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> 4U & 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, - uint8_t, uint8_t *) & + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, - uint8_t, uint8_t *) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> 4U & 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) & + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> 4U & 15U); return (CLITERAL(int16_t_x8){.fst = v0, @@ -1653,9 +1594,11 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, + Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1689,24 +1632,40 @@ libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) << 5U); + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) << 7U); + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) << 4U); + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) >> 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) << 6U); + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) >> 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) << 3U); + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1715,10 +1674,11 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[10U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); uint8_t result[10U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1746,44 +1706,44 @@ void libcrux_ml_kem_vector_portable_serialize_5_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, - uint8_t, uint8_t *) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) & + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & 3U) << 3U | - (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, - uint8_t, uint8_t *) >> + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) >> + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> 2U & 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, - uint8_t, uint8_t *) & + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & 15U) << 1U | - (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) >> + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) & + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & 1U) << 4U | - (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, - uint8_t, uint8_t *) >> + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> 1U & 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, - uint8_t, uint8_t *) & + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & 7U) << 2U | - (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) >> + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, - uint8_t, uint8_t *) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> 3U); return (CLITERAL(int16_t_x8){.fst = v0, .snd = v1, @@ -1798,9 +1758,11 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1833,36 +1795,37 @@ libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & - (int16_t)255); + uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) & + (int16_t)255); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 8U & (int16_t)3); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 6U & (int16_t)15); uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 4U & (int16_t)63); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U & - (int16_t)255); + uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1871,15 +1834,17 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[20U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, + Eurydice_slice)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, + Eurydice_slice)); uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, + Eurydice_slice)); uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, + Eurydice_slice)); uint8_t result[20U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1917,52 +1882,60 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice bytes) { - int16_t r0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) & - (int16_t)255); - int16_t r1 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> - 2U; - int16_t r2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> - 4U; - int16_t r3 = - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >> - 6U; - int16_t r4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & - (int16_t)255); - int16_t r5 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> - 2U; - int16_t r6 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) >> - 4U; - int16_t r7 = - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> - 6U; + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 6U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -1976,10 +1949,12 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, + Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -2012,17 +1987,20 @@ libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & - (int16_t)255); - uint8_t r1 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U | - (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & - (int16_t)15) - << 4U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U & - (int16_t)255); + uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) & + (int16_t)255); + uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) >> + 8U | + (Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U); + uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 4U & + (int16_t)255); return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); } @@ -2030,25 +2008,29 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[24U]) { uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, + Eurydice_slice)); uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, + Eurydice_slice)); uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, + Eurydice_slice)); uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, + Eurydice_slice)); uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, + Eurydice_slice)); uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, + Eurydice_slice)); uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, + Eurydice_slice)); uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, + Eurydice_slice)); uint8_t result[24U] = {0U}; result[0U] = r0_2.fst; result[1U] = r0_2.snd; @@ -2090,12 +2072,12 @@ void libcrux_ml_kem_vector_portable_serialize_12_0d( KRML_MUSTINLINE int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice bytes) { - int16_t byte0 = - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); - int16_t byte1 = - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *); - int16_t byte2 = - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *); + int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); @@ -2104,24 +2086,32 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, + Eurydice_slice)); int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, + Eurydice_slice)); int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, + Eurydice_slice)); int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, + Eurydice_slice)); int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, + Eurydice_slice)); int16_t_x2 v10_11 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, + Eurydice_slice)); int16_t_x2 v12_13 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, + Eurydice_slice)); int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, + Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector re = libcrux_ml_kem_vector_portable_vector_type_zero(); re.elements[0U] = v0_1.fst; @@ -2155,15 +2145,15 @@ libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; - for (size_t i = (size_t)0U; i < Eurydice_slice_len(a, uint8_t) / (size_t)3U; - i++) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { size_t i0 = i; int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *); + uint8_t, uint8_t *, uint8_t); int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *); + uint8_t, uint8_t *, uint8_t); int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *); + uint8_t, uint8_t *, uint8_t); int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; bool uu____0; @@ -2175,7 +2165,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( int16_t uu____6; if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; sampled++; uu____1 = d2; uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -2186,7 +2176,8 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; sampled++; continue; } @@ -2203,7 +2194,8 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; sampled++; continue; } @@ -2241,7 +2233,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_8d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2262,12 +2254,6 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { return lit; } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -2275,13 +2261,16 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_b8(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_to_reduced_ring_element_a4(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -2291,12 +2280,6 @@ deserialize_to_reduced_ring_element_b8(Eurydice_slice serialized) { return re; } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -2304,14 +2287,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2319,9 +2302,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f4( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_b8(ring_element); + deserialize_to_reduced_ring_element_a4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2335,7 +2318,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_f8(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_68(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2354,8 +2337,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_4b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_f8(v); +shift_right_0d_f2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_68(v); } /** @@ -2365,10 +2348,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_78( +to_unsigned_representative_e5( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_4b(a); + shift_right_0d_f2(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2381,27 +2364,27 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_1d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_78(re->coefficients[i0]); + to_unsigned_representative_e5(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2409,34 +2392,34 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_f81( +static KRML_MUSTINLINE void serialize_secret_key_6d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + serialize_uncompressed_ring_element_1d(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2445,20 +2428,24 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_801( +static KRML_MUSTINLINE void serialize_public_key_eb1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; - serialize_secret_key_f81(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( + serialize_secret_key_6d1(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t), - seed_for_a, uint8_t); + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -2470,18 +2457,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3f1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_601(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_9f4( + deserialize_ring_elements_reduced_1d4( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_801( + serialize_public_key_eb1( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -2509,7 +2496,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_b61(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_e41(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2520,10 +2507,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_e81( +static void closure_081( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_8d();); } /** @@ -2541,22 +2528,21 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_751(uint8_t input[4U][34U]) { +shake128_init_absorb_b71(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[4U]; - memcpy(copy_of_shake128_state, shake128_state, + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState_48 uu____0[4U]; + memcpy(uu____0, shake128_state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_d1 lit; - memcpy(lit.shake128_state, copy_of_shake128_state, + memcpy(lit.shake128_state, uu____0, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -2572,11 +2558,10 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_f1_111(uint8_t input[4U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[4U][34U]; - memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_751(copy_of_input); +shake128_init_absorb_f1_8c1(uint8_t input[4U][34U]) { + uint8_t uu____0[4U][34U]; + memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b71(uu____0); } /** @@ -2585,14 +2570,15 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_101( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_ca1( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); } @@ -2606,52 +2592,11 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e1( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_691( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_101(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_three_blocks_ca1(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2659,7 +2604,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c3( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2670,11 +2615,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2697,14 +2643,14 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_ed1(PortableHash_d1 *st, +static KRML_MUSTINLINE void shake128_squeeze_block_dd1(PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); } @@ -2718,52 +2664,11 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_c11( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_601( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_ed1(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_block_dd1(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2771,7 +2676,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c4( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2782,11 +2687,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2814,15 +2720,16 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_89_6b(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); +from_i16_array_89_ca(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_from_i16_array_0d( Eurydice_slice_subslice2(a, i0 * (size_t)16U, - (i0 + (size_t)1U) * (size_t)16U, int16_t)); + (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); result.coefficients[i0] = uu____0; } return result; @@ -2835,10 +2742,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2f1( int16_t s[272U]) { - return from_i16_array_89_6b( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); + return from_i16_array_89_ca(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } /** @@ -2848,42 +2755,37 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_2b1( +static KRML_MUSTINLINE void sample_from_xof_d41( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[4U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_f1_111(copy_of_seeds); + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + PortableHash_d1 xof_state = shake128_init_absorb_f1_8c1(uu____0); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_f1_4e1(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[4U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_053( - copy_of_randomness0, sampled_coefficients, out); + shake128_squeeze_three_blocks_f1_691(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_2c3( + uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_block_f1_c11(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[4U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_054( - copy_of_randomness, sampled_coefficients, out); + shake128_squeeze_block_f1_601(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_2c4( + uu____2, sampled_coefficients, out); } } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[4U][272U]; - memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_991(copy_of_out[i]);); + ret0[i] = closure_2f1(uu____3[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2896,33 +2798,32 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_231( +static KRML_MUSTINLINE void sample_matrix_A_051( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_e81(A_transpose[i]);); + closure_081(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[4U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_2b1(copy_of_seeds, sampled); + sample_from_xof_d41(uu____1, sampled); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -2931,9 +2832,7 @@ static KRML_MUSTINLINE void sample_matrix_A_231( } else { A_transpose[i1][j] = sample; } - } - - ); + }); memcpy(ret, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); @@ -2956,14 +2855,15 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_c52(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } @@ -2977,60 +2877,11 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_932(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_1d2(input, ret); + PRFxN_c52(input, ret); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -3038,25 +2889,27 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_52(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t); + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *) | + uint8_t *, uint8_t) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -3072,8 +2925,8 @@ sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); + return from_i16_array_89_ca(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } /** @@ -3083,22 +2936,24 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_b0(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t); + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *) | + uint8_t *, uint8_t) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -3116,8 +2971,8 @@ sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); + return from_i16_array_89_ca(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } /** @@ -3127,8 +2982,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_66(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_20(randomness); +sample_from_binomial_distribution_34(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_52(randomness); } /** @@ -3137,7 +2992,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_13( +static KRML_MUSTINLINE void ntt_at_layer_7_09( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3145,8 +3000,9 @@ static KRML_MUSTINLINE void ntt_at_layer_7_13( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -3165,7 +3021,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_d5( +montgomery_multiply_fe_a6( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3179,12 +3035,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_d7( + ntt_layer_int_vec_step_a6( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_d5(b, zeta_r); + montgomery_multiply_fe_a6(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3198,7 +3054,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_39( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3211,7 +3067,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_d7( + ntt_layer_int_vec_step_a6( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3228,7 +3084,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_34( +static KRML_MUSTINLINE void ntt_at_layer_3_a6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3246,18 +3102,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_7b( +static KRML_MUSTINLINE void ntt_at_layer_2_23( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } /** @@ -3266,12 +3122,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_4f( +static KRML_MUSTINLINE void ntt_at_layer_1_43( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3281,7 +3137,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_4f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } /** @@ -3294,7 +3150,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_2c( +static KRML_MUSTINLINE void poly_barrett_reduce_89_61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3312,23 +3168,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_88( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_28( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_13(re); + ntt_at_layer_7_09(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_a6(&zeta_i, re); + ntt_at_layer_2_23(&zeta_i, re); + ntt_at_layer_1_43(&zeta_i, re); + poly_barrett_reduce_89_61(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3338,68 +3190,41 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_a71( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + re_as_ntt[i] = ZERO_89_8d();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_932(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = + sample_from_binomial_distribution_34(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_28(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; memcpy( - copy_of_re_as_ntt, re_as_ntt, + uu____2, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 lit; memcpy( - lit.fst, copy_of_re_as_ntt, + lit.fst, uu____2, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; } -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3411,9 +3236,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_89_17(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_8d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3436,10 +3261,6 @@ ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return out; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3450,15 +3271,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_931( +static KRML_MUSTINLINE void add_to_ring_element_89_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector), - libcrux_ml_kem_vector_portable_vector_type_PortableVector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + size_t); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -3475,7 +3298,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_3e( +to_standard_domain_a8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3491,14 +3314,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_99( +static KRML_MUSTINLINE void add_standard_error_reduce_89_22( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_3e(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_a8(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3507,94 +3330,52 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_99( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_da1( +static KRML_MUSTINLINE void compute_As_plus_e_cb1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_931(&result[i1], &product); + ntt_multiply_89_17(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_e81(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_22(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3604,75 +3385,69 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_f41( +static tuple_540 generate_keypair_unpacked_d11( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b61(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); + G_f1_e41(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_231(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_051(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_d71(copy_of_prf_input0, 0U); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_a71(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d71(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_a71(uu____3, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_da1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_cb1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[4U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____4, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[4U] - [4U]; - memcpy(copy_of_A_transpose, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U][4U]; + memcpy(uu____5, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk; memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, + pk.t_as_ntt, uu____4, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[4U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____7, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk; memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, + sk.secret_as_ntt, uu____7, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_540){.fst = sk, .snd = pk}); } @@ -3691,10 +3466,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_841( +static void closure_f01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_8d();); } /** @@ -3707,7 +3482,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_14( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3729,7 +3504,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_1a1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3747,26 +3522,27 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_371(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_540 uu____0 = generate_keypair_unpacked_f41(ind_cpa_keypair_randomness); + size_t, Eurydice_slice); + tuple_540 uu____0 = generate_keypair_unpacked_d11(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_841(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_f01(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_14(&ind_cpa_public_key.A[j][i1]); + clone_d5_3a(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3776,39 +3552,36 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_371(uint8_t randomness[64U]) { (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_801( + serialize_public_key_eb1( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), + uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), + H_f1_1a1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); + uint8_t[32U], void *); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_42 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + memcpy(uu____5.implicit_rejection_value, uu____4, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 uu____6 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + memcpy(lit.public_key.public_key_hash, uu____7, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3825,36 +3598,28 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_c51( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_f41(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_d11(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_801( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); + serialize_public_key_eb1(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1536U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1568U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); + serialize_secret_key_6d1(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1536U]; + memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____2[1568U]; + memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] @@ -3862,7 +3627,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f2( +static KRML_MUSTINLINE void serialize_kem_secret_key_66( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3870,48 +3635,46 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f2( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), - uint8_t), - private_key, uint8_t); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t); + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), - uint8_t), - public_key, uint8_t); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t); + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e1(public_key, ret0); - Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + H_f1_1a1(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), - uint8_t), - implicit_rejection_value, uint8_t); + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3926,35 +3689,39 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d71(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_ef1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_ec1(ind_cpa_keypair_randomness); + generate_keypair_c51(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_f2( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), + serialize_kem_secret_key_66( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[3168U]; + memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_22_a71(secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____1 = private_key; - return libcrux_ml_kem_types_from_17_d51( - uu____1, libcrux_ml_kem_types_from_c7_141(public_key)); + libcrux_ml_kem_types_from_05_701(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_eb1( + uu____2, libcrux_ml_kem_types_from_b6_a31(uu____3)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3965,36 +3732,34 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_761(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_bf1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_39();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + error_1[i] = ZERO_89_8d();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_932(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + sample_from_binomial_distribution_34(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; memcpy( - copy_of_error_1, error_1, + uu____2, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 lit; memcpy( - lit.fst, copy_of_error_1, + lit.fst, uu____2, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -4005,10 +3770,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_2b0(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -4022,9 +3788,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_044(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_ee4(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_2b0(input, ret); } /** @@ -4033,12 +3799,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_d1( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_13( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -4048,7 +3814,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_d1( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } /** @@ -4057,18 +3823,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_ac( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_cd( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } /** @@ -4077,7 +3843,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_63( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_74( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4097,7 +3863,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_6f( + inv_ntt_layer_int_vec_step_reduce_bf( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4105,7 +3871,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_d5(a_minus_b, zeta_r); + b = montgomery_multiply_fe_a6(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4117,7 +3883,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_9b( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_52( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4132,7 +3898,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_9b( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_6f( + inv_ntt_layer_int_vec_step_reduce_bf( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4153,14 +3919,14 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_7b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_d1(&zeta_i, re); - invert_ntt_at_layer_2_ac(&zeta_i, re); - invert_ntt_at_layer_3_63(&zeta_i, re); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_13(&zeta_i, re); + invert_ntt_at_layer_2_cd(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_61(re); } /** @@ -4173,7 +3939,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_6b( +static KRML_MUSTINLINE void add_error_reduce_89_53( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4191,47 +3957,46 @@ static KRML_MUSTINLINE void add_error_reduce_89_6b( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_a71( +static KRML_MUSTINLINE void compute_vector_u_111( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_931(&result[i1], &product); + ntt_multiply_89_17(a_element, &r_as_ntt[j]); + add_to_ring_element_89_e81(&result[i1], &product); } invert_ntt_montgomery_7b1(&result[i1]); - add_error_reduce_89_6b(&result[i1], &error_1[i1]); + add_error_reduce_89_53(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4245,7 +4010,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_f3(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_9f(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4259,8 +4024,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_a7(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_message_c0(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4268,9 +4033,9 @@ deserialize_then_decompress_message_a7(uint8_t serialized[32U]) { libcrux_ml_kem_vector_portable_deserialize_1_0d( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, - uint8_t)); + uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_f3(coefficient_compressed); + decompress_1_9f(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4286,7 +4051,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_4e( +add_message_error_reduce_89_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4309,9 +4074,6 @@ add_message_error_reduce_89_4e( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4319,18 +4081,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_9d1( +compute_ring_element_v_d81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_931(&result, &product);); + ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_e81(&result, &product);); invert_ntt_montgomery_7b1(&result); - result = add_message_error_reduce_89_4e(error_2, message, result); + result = add_message_error_reduce_89_60(error_2, message, result); return result; } @@ -4340,7 +4102,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_13(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4361,9 +4123,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_31( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_99( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be(v); + return compress_13(v); } /** @@ -4372,7 +4134,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_130(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4394,8 +4156,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_310(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be0(v); +compress_0d_990(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_130(v); } /** @@ -4404,20 +4166,23 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_560( +static KRML_MUSTINLINE void compress_then_serialize_11_510( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_310(to_unsigned_representative_78(re->coefficients[i0])); + compress_0d_990(to_unsigned_representative_e5(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } @@ -4429,16 +4194,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_970( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_420( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_560(re, uu____0); + compress_then_serialize_11_510(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4448,25 +4210,29 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_3d1( +static void compress_then_serialize_u_e71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, + Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_970(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); + compress_then_serialize_ring_element_u_420(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -4476,7 +4242,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_131(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4498,8 +4264,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_311(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be1(v); +compress_0d_991(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_131(v); } /** @@ -4508,20 +4274,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_07( +static KRML_MUSTINLINE void compress_then_serialize_4_59( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_311(to_unsigned_representative_78(re.coefficients[i0])); + compress_0d_991(to_unsigned_representative_e5(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -4531,7 +4299,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_132(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4553,8 +4321,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_312(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be2(v); +compress_0d_992(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_132(v); } /** @@ -4563,20 +4331,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_00( +static KRML_MUSTINLINE void compress_then_serialize_5_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_312(to_unsigned_representative_78(re.coefficients[i0])); + compress_0d_992(to_unsigned_representative_e5(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -4587,52 +4357,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_a00( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_1d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_00(re, out); -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + compress_then_serialize_5_ef(re, out); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4651,25 +4380,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_611( +static void encrypt_unpacked_841( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_d71(copy_of_prf_input0, 0U); + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_a71(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = - sample_ring_element_cbd_761(copy_of_prf_input, domain_separator0); + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____3 = sample_ring_element_cbd_bf1(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4677,33 +4403,35 @@ static void encrypt_unpacked_611( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_044(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); + PRF_f1_ee4( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + sample_from_binomial_distribution_34(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_a71(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_111(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_a7(copy_of_message); + deserialize_then_decompress_message_c0(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_9d1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_d81(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_3d1( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, - (size_t)1408U, uint8_t)); + compress_then_serialize_u_e71( + uu____5, + Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, + uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_a00( - uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); + compress_then_serialize_ring_element_v_1d0( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } @@ -4726,51 +4454,51 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_081( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e41( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____2 = &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_611(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); + encrypt_unpacked_841(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_9c1(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_101(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4784,20 +4512,15 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_6b(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_fe(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - randomness, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4805,14 +4528,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f3( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d3( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4820,9 +4543,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f3( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_b8(ring_element); + deserialize_to_reduced_ring_element_a4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4848,52 +4571,49 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_121(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_aa1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_9f3( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), + deserialize_ring_elements_reduced_1d3( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_231(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + sample_matrix_A_051(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____0, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[4U][4U]; - memcpy(copy_of_A, A, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[4U][4U]; + memcpy(uu____1, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + public_key_unpacked.t_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + memcpy(public_key_unpacked.seed_for_A, uu____2, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, + memcpy(public_key_unpacked.A, uu____1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_611(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_841(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -4908,11 +4628,12 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_ef(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_94(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -4935,55 +4656,59 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_781( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_fa1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_6b( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); + entropy_preprocess_af_fe( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_c21(public_key), - uint8_t), + H_f1_1a1(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3b1(public_key), + uint8_t, Eurydice_slice), ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e41( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_c21(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3b1(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_121(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); + encrypt_aa1(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9c1(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_101(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_ef(shared_secret, shared_secret_array); + kdf_af_94(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4994,7 +4719,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b8( +decompress_ciphertext_coefficient_05( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5019,9 +4744,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f4( +decompress_ciphertext_coefficient_0d_83( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b8(v); + return decompress_ciphertext_coefficient_05(v); } /** @@ -5031,17 +4756,20 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_23(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_10_52(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f4(coefficient); + decompress_ciphertext_coefficient_0d_83(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5054,7 +4782,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b80( +decompress_ciphertext_coefficient_050( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5079,9 +4807,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f40( +decompress_ciphertext_coefficient_0d_830( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b80(v); + return decompress_ciphertext_coefficient_050(v); } /** @@ -5091,17 +4819,20 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_70(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_11_4a(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f40(coefficient); + decompress_ciphertext_coefficient_0d_830(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5114,8 +4845,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_820(Eurydice_slice serialized) { - return deserialize_then_decompress_11_70(serialized); +deserialize_then_decompress_ring_element_u_c20(Eurydice_slice serialized) { + return deserialize_then_decompress_11_4a(serialized); } /** @@ -5124,23 +4855,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_180( +static KRML_MUSTINLINE void ntt_vector_u_390( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_a6(&zeta_i, re); + ntt_at_layer_2_23(&zeta_i, re); + ntt_at_layer_1_43(&zeta_i, re); + poly_barrett_reduce_89_61(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5149,16 +4876,17 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_701( +static KRML_MUSTINLINE void deserialize_then_decompress_u_221( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), - uint8_t) / + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -5171,9 +4899,11 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_701( (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, - uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_820(u_bytes); - ntt_vector_u_180(&u_as_ntt[i0]); + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_then_decompress_ring_element_u_c20(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_390(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5187,7 +4917,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b81( +decompress_ciphertext_coefficient_051( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5212,9 +4942,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f41( +decompress_ciphertext_coefficient_0d_831( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b81(v); + return decompress_ciphertext_coefficient_051(v); } /** @@ -5224,17 +4954,19 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_91(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_4_e5(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f41(coefficient); + decompress_ciphertext_coefficient_0d_831(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5247,7 +4979,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b82( +decompress_ciphertext_coefficient_052( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5272,9 +5004,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f42( +decompress_ciphertext_coefficient_0d_832( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b82(v); + return decompress_ciphertext_coefficient_052(v); } /** @@ -5284,17 +5016,21 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_ec(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_5_a7(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); - re.coefficients[i0] = + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); + re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_832(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5307,8 +5043,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_520(Eurydice_slice serialized) { - return deserialize_then_decompress_5_ec(serialized); +deserialize_then_decompress_ring_element_v_680(Eurydice_slice serialized) { + return deserialize_then_decompress_5_a7(serialized); } /** @@ -5322,7 +5058,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_7e(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_c3(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5340,12 +5076,6 @@ subtract_reduce_89_7e(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5353,17 +5083,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_7b1( +compute_message_c11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_931(&result, &product);); + ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_e81(&result, &product);); invert_ntt_montgomery_7b1(&result); - result = subtract_reduce_89_7e(v, result); + result = subtract_reduce_89_c3(v, result); return result; } @@ -5373,50 +5103,28 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_00( +static KRML_MUSTINLINE void compress_then_serialize_message_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_78(re.coefficients[i0]); + to_unsigned_representative_e5(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); uint8_t bytes[2U]; libcrux_ml_kem_vector_portable_serialize_1_0d( coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), - uint8_t);); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5427,19 +5135,20 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_a71( +static void decrypt_unpacked_891( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_701(ciphertext, u_as_ntt); + deserialize_then_decompress_u_221(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_520( + deserialize_then_decompress_ring_element_v_680( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_7b1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c11(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_00(message, ret0); + compress_then_serialize_message_79(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5448,10 +5157,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_2b(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -5465,8 +5175,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_ee3(Eurydice_slice input, uint8_t ret[32U]) { + PRF_2b(input, ret); } /** @@ -5491,62 +5201,66 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_751( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_a71(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_891(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e41( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + libcrux_ml_kem_utils_into_padded_array_ea4( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_751(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_791(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret); + PRF_f1_ee3( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_611(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_unpacked_841(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_751(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); + libcrux_ml_kem_types_as_ref_00_791(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5558,13 +5272,16 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_5e(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_to_uncompressed_ring_element_f3(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); re.coefficients[i0] = uu____0; @@ -5572,23 +5289,20 @@ deserialize_to_uncompressed_ring_element_5e(Eurydice_slice serialized) { return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_7c1( +static KRML_MUSTINLINE void deserialize_secret_key_421( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5596,9 +5310,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_7c1( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_5e(secret_bytes); + deserialize_to_uncompressed_ring_element_f3(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5616,22 +5330,21 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_451(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_ac1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_7c1(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; + deserialize_secret_key_421(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____0, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + secret_key_unpacked.secret_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_a71(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_891(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5657,82 +5370,82 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_b01( +void libcrux_ml_kem_ind_cca_decapsulate_241( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_451(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_ac1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e41( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_751(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_791(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_f1_ee3( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_121(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_aa1(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ef(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); + kdf_af_94( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_ef(shared_secret0, shared_secret); + kdf_af_94(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_751(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), + libcrux_ml_kem_types_as_ref_00_791(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -5740,14 +5453,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d2( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5755,9 +5468,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f2( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_b8(ring_element); + deserialize_to_reduced_ring_element_a4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5765,9 +5478,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f2( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5775,34 +5485,34 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_f80( +static KRML_MUSTINLINE void serialize_secret_key_6d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + serialize_uncompressed_ring_element_1d(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5811,20 +5521,23 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_800( +static KRML_MUSTINLINE void serialize_public_key_eb0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; - serialize_secret_key_f80(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( + serialize_secret_key_6d0(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t), - seed_for_a, uint8_t); + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -5836,18 +5549,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3f0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_600(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_9f2( + deserialize_ring_elements_reduced_1d2( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_800( + serialize_public_key_eb0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -5875,7 +5588,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_b60(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_e40(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5886,10 +5599,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_e80( +static void closure_080( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_8d();); } /** @@ -5907,22 +5620,21 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_750(uint8_t input[2U][34U]) { +shake128_init_absorb_b70(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[2U]; - memcpy(copy_of_shake128_state, shake128_state, + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState_48 uu____0[2U]; + memcpy(uu____0, shake128_state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_8b lit; - memcpy(lit.shake128_state, copy_of_shake128_state, + memcpy(lit.shake128_state, uu____0, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -5938,11 +5650,10 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_f1_110(uint8_t input[2U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[2U][34U]; - memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_750(copy_of_input); +shake128_init_absorb_f1_8c0(uint8_t input[2U][34U]) { + uint8_t uu____0[2U][34U]; + memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b70(uu____0); } /** @@ -5951,14 +5662,15 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_100( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_ca0( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); } @@ -5972,52 +5684,11 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e0( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_690( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_100(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_three_blocks_ca0(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -6025,7 +5696,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c1( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6036,11 +5707,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -6063,14 +5735,14 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_ed0(PortableHash_8b *st, +static KRML_MUSTINLINE void shake128_squeeze_block_dd0(PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); } @@ -6084,52 +5756,11 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_c10( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_600( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_ed0(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_block_dd0(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -6137,7 +5768,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c2( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6148,11 +5779,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -6176,10 +5808,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2f0( int16_t s[272U]) { - return from_i16_array_89_6b( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); + return from_i16_array_89_ca(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } /** @@ -6189,42 +5821,37 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_2b0( +static KRML_MUSTINLINE void sample_from_xof_d40( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[2U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_f1_110(copy_of_seeds); + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + PortableHash_8b xof_state = shake128_init_absorb_f1_8c0(uu____0); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_f1_4e0(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[2U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_051( - copy_of_randomness0, sampled_coefficients, out); + shake128_squeeze_three_blocks_f1_690(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_2c1( + uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_block_f1_c10(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[2U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_052( - copy_of_randomness, sampled_coefficients, out); + shake128_squeeze_block_f1_600(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_2c2( + uu____2, sampled_coefficients, out); } } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[2U][272U]; - memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_990(copy_of_out[i]);); + ret0[i] = closure_2f0(uu____3[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6237,33 +5864,32 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_230( +static KRML_MUSTINLINE void sample_matrix_A_050( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_e80(A_transpose[i]);); + closure_080(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[2U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_2b0(copy_of_seeds, sampled); + sample_from_xof_d40(uu____1, sampled); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -6272,9 +5898,7 @@ static KRML_MUSTINLINE void sample_matrix_A_230( } else { A_transpose[i1][j] = sample; } - } - - ); + }); memcpy(ret, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); @@ -6297,14 +5921,15 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_c50(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } @@ -6318,9 +5943,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_890(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_930(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_1d0(input, ret); + PRFxN_c50(input, ret); } /** @@ -6330,14 +5955,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_660(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_85(randomness); +sample_from_binomial_distribution_340(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_b0(randomness); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6347,45 +5968,41 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_a70( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + re_as_ntt[i] = ZERO_89_8d();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_890(prf_inputs, prf_outputs); + PRFxN_f1_930(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_660( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = + sample_from_binomial_distribution_340(Eurydice_array_to_slice( + (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_28(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( - copy_of_re_as_ntt, re_as_ntt, + uu____2, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_740 lit; memcpy( - lit.fst, copy_of_re_as_ntt, + lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -6396,15 +6013,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_930( +static KRML_MUSTINLINE void add_to_ring_element_89_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector), - libcrux_ml_kem_vector_portable_vector_type_PortableVector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + size_t); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -6414,94 +6033,52 @@ static KRML_MUSTINLINE void add_to_ring_element_89_930( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_da0( +static KRML_MUSTINLINE void compute_As_plus_e_cb0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_930(&result[i1], &product); + ntt_multiply_89_17(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_e80(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_22(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6511,75 +6088,69 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_f40( +static tuple_4c0 generate_keypair_unpacked_d10( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b60(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); + G_f1_e40(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_230(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_050(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_d70(copy_of_prf_input0, 0U); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_a70(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d70(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_a70(uu____3, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_da0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_cb0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[2U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____4, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[2U] - [2U]; - memcpy(copy_of_A_transpose, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U][2U]; + memcpy(uu____5, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk; memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, + pk.t_as_ntt, uu____4, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[2U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____7, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk; memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, + sk.secret_as_ntt, uu____7, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); } @@ -6598,10 +6169,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_840( +static void closure_f00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_8d();); } /** @@ -6613,7 +6184,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_1a0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -6631,26 +6202,27 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_370(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_4c0 uu____0 = generate_keypair_unpacked_f40(ind_cpa_keypair_randomness); + size_t, Eurydice_slice); + tuple_4c0 uu____0 = generate_keypair_unpacked_d10(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_840(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_f00(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_14(&ind_cpa_public_key.A[j][i1]); + clone_d5_3a(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6660,39 +6232,36 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_370(uint8_t randomness[64U]) { (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_800( + serialize_public_key_eb0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), + uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), + H_f1_1a0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); + uint8_t[32U], void *); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_ae uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + memcpy(uu____5.implicit_rejection_value, uu____4, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae uu____6 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + memcpy(lit.public_key.public_key_hash, uu____7, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6709,36 +6278,28 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_c50( Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_f40(key_generation_seed); + tuple_4c0 uu____0 = generate_keypair_unpacked_d10(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_800( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); + serialize_public_key_eb0(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[768U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[800U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)800U * sizeof(uint8_t)); + serialize_secret_key_6d0(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[768U]; + memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____2[800U]; + memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] @@ -6746,7 +6307,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_41( +static KRML_MUSTINLINE void serialize_kem_secret_key_12( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6754,48 +6315,46 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_41( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), - uint8_t), - private_key, uint8_t); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t); + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), - uint8_t), - public_key, uint8_t); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t); + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e0(public_key, ret0); - Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + H_f1_1a0(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), - uint8_t), - implicit_rejection_value, uint8_t); + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6810,30 +6369,37 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_d70(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_ef0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_ec0(ind_cpa_keypair_randomness); + generate_keypair_c50(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_41( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), + serialize_kem_secret_key_12( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[1632U]; + memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_22_a7(secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____1 = private_key; - return libcrux_ml_kem_types_from_17_d5( - uu____1, libcrux_ml_kem_types_from_c7_14(public_key)); + libcrux_ml_kem_types_from_05_70(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; + uint8_t uu____3[800U]; + memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_eb( + uu____2, libcrux_ml_kem_types_from_b6_a3(uu____3)); } /** @@ -6842,14 +6408,15 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_c51(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } @@ -6863,14 +6430,11 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_931(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_1d1(input, ret); + PRFxN_c51(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6881,36 +6445,34 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_760(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_bf0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_39();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + error_1[i] = ZERO_89_8d();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_891(prf_inputs, prf_outputs); + PRFxN_f1_931(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + sample_from_binomial_distribution_34(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( - copy_of_error_1, error_1, + uu____2, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_740 lit; memcpy( - lit.fst, copy_of_error_1, + lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -6926,9 +6488,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_042(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_ee2(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_2b0(input, ret); } /** @@ -6941,66 +6503,62 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_7b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_d1(&zeta_i, re); - invert_ntt_at_layer_2_ac(&zeta_i, re); - invert_ntt_at_layer_3_63(&zeta_i, re); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_13(&zeta_i, re); + invert_ntt_at_layer_2_cd(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_61(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_a70( +static KRML_MUSTINLINE void compute_vector_u_110( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_930(&result[i1], &product); + ntt_multiply_89_17(a_element, &r_as_ntt[j]); + add_to_ring_element_89_e80(&result[i1], &product); } invert_ntt_montgomery_7b0(&result[i1]); - add_error_reduce_89_6b(&result[i1], &error_1[i1]); + add_error_reduce_89_53(&result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7008,18 +6566,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_9d0( +compute_ring_element_v_d80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_930(&result, &product);); + ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_e80(&result, &product);); invert_ntt_montgomery_7b0(&result); - result = add_message_error_reduce_89_4e(error_2, message, result); + result = add_message_error_reduce_89_60(error_2, message, result); return result; } @@ -7029,20 +6587,23 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_19( +static KRML_MUSTINLINE void compress_then_serialize_10_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_31(to_unsigned_representative_78(re->coefficients[i0])); + compress_0d_99(to_unsigned_representative_e5(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -7054,16 +6615,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_97( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_42( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_19(re, uu____0); + compress_then_serialize_10_7b(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7073,25 +6631,29 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_3d0( +static void compress_then_serialize_u_e70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, + Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_97(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); + compress_then_serialize_ring_element_u_42(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -7102,52 +6664,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_a0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_1d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_07(re, out); -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + compress_then_serialize_4_59(re, out); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -7166,25 +6687,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_610( +static void encrypt_unpacked_840( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_d70(copy_of_prf_input0, 0U); + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_a70(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = - sample_ring_element_cbd_760(copy_of_prf_input, domain_separator0); + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____3 = sample_ring_element_cbd_bf0(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7192,33 +6710,34 @@ static void encrypt_unpacked_610( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_042(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); + PRF_f1_ee2( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + sample_from_binomial_distribution_34(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_a70(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_110(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_a7(copy_of_message); + deserialize_then_decompress_message_c0(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_9d0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_d80(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_3d0( + compress_then_serialize_u_e70( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t)); + uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_a0( - uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); + compress_then_serialize_ring_element_v_1d( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } @@ -7241,51 +6760,51 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_080( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e40( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____2 = &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_610(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); + encrypt_unpacked_840(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_10(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -7299,20 +6818,15 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_3b(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_23(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - randomness, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7320,14 +6834,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7335,9 +6849,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f1( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_b8(ring_element); + deserialize_to_reduced_ring_element_a4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7363,52 +6877,49 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_120(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_aa0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_9f1( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), + deserialize_ring_elements_reduced_1d1( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_230(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + sample_matrix_A_050(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____0, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[2U][2U]; - memcpy(copy_of_A, A, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[2U][2U]; + memcpy(uu____1, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + public_key_unpacked.t_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + memcpy(public_key_unpacked.seed_for_A, uu____2, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, + memcpy(public_key_unpacked.A, uu____1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_610(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_840(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -7423,11 +6934,12 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_e0(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_06(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -7450,55 +6962,59 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_780( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_fa0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_3b( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); + entropy_preprocess_af_23( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), - uint8_t), + H_f1_1a0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), + uint8_t, Eurydice_slice), ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e40( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_120(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); + encrypt_aa0(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_10(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_e0(shared_secret, shared_secret_array); + kdf_af_06(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -7509,8 +7025,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_82(Eurydice_slice serialized) { - return deserialize_then_decompress_10_23(serialized); +deserialize_then_decompress_ring_element_u_c2(Eurydice_slice serialized) { + return deserialize_then_decompress_10_52(serialized); } /** @@ -7519,23 +7035,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_18( +static KRML_MUSTINLINE void ntt_vector_u_39( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_a6(&zeta_i, re); + ntt_at_layer_2_23(&zeta_i, re); + ntt_at_layer_1_43(&zeta_i, re); + poly_barrett_reduce_89_61(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7544,16 +7056,17 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_700( +static KRML_MUSTINLINE void deserialize_then_decompress_u_220( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), - uint8_t) / + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -7566,9 +7079,11 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_700( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_82(u_bytes); - ntt_vector_u_18(&u_as_ntt[i0]); + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_then_decompress_ring_element_u_c2(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_39(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7582,16 +7097,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_52(Eurydice_slice serialized) { - return deserialize_then_decompress_4_91(serialized); +deserialize_then_decompress_ring_element_v_68(Eurydice_slice serialized) { + return deserialize_then_decompress_4_e5(serialized); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7599,44 +7108,20 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_7b0( +compute_message_c10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_930(&result, &product);); + ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_e80(&result, &product);); invert_ntt_montgomery_7b0(&result); - result = subtract_reduce_89_7e(v, result); + result = subtract_reduce_89_c3(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7647,19 +7132,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_a70( +static void decrypt_unpacked_890( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_700(ciphertext, u_as_ntt); + deserialize_then_decompress_u_220(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_52( + deserialize_then_decompress_ring_element_v_68( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_7b0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c10(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_00(message, ret0); + compress_then_serialize_message_79(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7673,8 +7159,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_ee1(Eurydice_slice input, uint8_t ret[32U]) { + PRF_2b(input, ret); } /** @@ -7699,82 +7185,83 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_750( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_a70(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_890(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e40( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + libcrux_ml_kem_utils_into_padded_array_ea0( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_75(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_79(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret); + PRF_f1_ee1( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_610(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_unpacked_840(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_75(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); + libcrux_ml_kem_types_as_ref_00_79(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_7c0( +static KRML_MUSTINLINE void deserialize_secret_key_420( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7782,9 +7269,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_7c0( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_5e(secret_bytes); + deserialize_to_uncompressed_ring_element_f3(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7802,22 +7289,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_450(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_ac0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_7c0(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; + deserialize_secret_key_420(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____0, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + secret_key_unpacked.secret_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_a70(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_890(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7843,81 +7329,81 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_b00( +void libcrux_ml_kem_ind_cca_decapsulate_240( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_450(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_ac0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e40( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_75(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_79(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_f1_ee1( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_120(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_aa0(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e0(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); + kdf_af_06( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_e0(shared_secret0, shared_secret); + kdf_af_06(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_75(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), + libcrux_ml_kem_types_as_ref_00_79(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7925,14 +7411,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7940,9 +7426,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f0( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_b8(ring_element); + deserialize_to_reduced_ring_element_a4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7950,9 +7436,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f0( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7960,34 +7443,34 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_f8( +static KRML_MUSTINLINE void serialize_secret_key_6d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + serialize_uncompressed_ring_element_1d(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7996,20 +7479,24 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_80( +static KRML_MUSTINLINE void serialize_public_key_eb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - serialize_secret_key_f8(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( + serialize_secret_key_6d(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), - seed_for_a, uint8_t); + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -8021,18 +7508,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3f(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_60(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_9f0( + deserialize_ring_elements_reduced_1d0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_80( + serialize_public_key_eb( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -8060,7 +7547,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_b6(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_e4(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -8071,10 +7558,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_e8( +static void closure_08( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_8d();); } /** @@ -8092,22 +7579,21 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_75(uint8_t input[3U][34U]) { +shake128_init_absorb_b7(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; - memcpy(copy_of_shake128_state, shake128_state, + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState_48 uu____0[3U]; + memcpy(uu____0, shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_58 lit; - memcpy(lit.shake128_state, copy_of_shake128_state, + memcpy(lit.shake128_state, uu____0, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -8123,11 +7609,10 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_f1_11(uint8_t input[3U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[3U][34U]; - memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_75(copy_of_input); +shake128_init_absorb_f1_8c(uint8_t input[3U][34U]) { + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b7(uu____0); } /** @@ -8136,14 +7621,15 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_10( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_ca( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } @@ -8157,52 +7643,11 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_69( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_10(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_three_blocks_ca(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -8210,7 +7655,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -8221,11 +7666,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -8248,14 +7694,14 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_ed(PortableHash_58 *st, +static KRML_MUSTINLINE void shake128_squeeze_block_dd(PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } @@ -8269,52 +7715,11 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_c1( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_60( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_ed(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_block_dd(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -8322,7 +7727,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c0( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -8333,11 +7738,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -8361,10 +7767,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2f( int16_t s[272U]) { - return from_i16_array_89_6b( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); + return from_i16_array_89_ca(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } /** @@ -8374,42 +7780,37 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_2b( +static KRML_MUSTINLINE void sample_from_xof_d4( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[3U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_f1_11(copy_of_seeds); + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + PortableHash_58 xof_state = shake128_init_absorb_f1_8c(uu____0); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_f1_4e(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[3U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_05( - copy_of_randomness0, sampled_coefficients, out); + shake128_squeeze_three_blocks_f1_69(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_2c( + uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_block_f1_c1(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[3U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_050( - copy_of_randomness, sampled_coefficients, out); + shake128_squeeze_block_f1_60(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_2c0( + uu____2, sampled_coefficients, out); } } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[3U][272U]; - memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_99(copy_of_out[i]);); + ret0[i] = closure_2f(uu____3[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8422,33 +7823,32 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_23( +static KRML_MUSTINLINE void sample_matrix_A_05( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_e8(A_transpose[i]);); + closure_08(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[3U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_2b(copy_of_seeds, sampled); + sample_from_xof_d4(uu____1, sampled); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -8457,9 +7857,7 @@ static KRML_MUSTINLINE void sample_matrix_A_23( } else { A_transpose[i1][j] = sample; } - } - - ); + }); memcpy(ret, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); @@ -8482,14 +7880,15 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_c5(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } @@ -8503,15 +7902,11 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_93(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_1d(input, ret); + PRFxN_c5(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8521,45 +7916,41 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_a7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + re_as_ntt[i] = ZERO_89_8d();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_93(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = + sample_from_binomial_distribution_34(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_28(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( - copy_of_re_as_ntt, re_as_ntt, + uu____2, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, copy_of_re_as_ntt, + lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -8570,15 +7961,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_93( +static KRML_MUSTINLINE void add_to_ring_element_89_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector), - libcrux_ml_kem_vector_portable_vector_type_PortableVector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + size_t); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -8588,94 +7981,52 @@ static KRML_MUSTINLINE void add_to_ring_element_89_93( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_da( +static KRML_MUSTINLINE void compute_As_plus_e_cb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_93(&result[i1], &product); + ntt_multiply_89_17(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_e8(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_22(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8685,75 +8036,69 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_f4( +static tuple_9b generate_keypair_unpacked_d1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b6(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); + G_f1_e4(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_23(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_05(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_d7(copy_of_prf_input0, 0U); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_a7(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d7(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_a7(uu____3, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_cb(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[3U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____4, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U][3U]; + memcpy(uu____5, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, + pk.t_as_ntt, uu____4, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[3U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____7, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, + sk.secret_as_ntt, uu____7, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); } @@ -8772,10 +8117,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_84( +static void closure_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_8d();); } /** @@ -8787,7 +8132,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_1a(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -8805,26 +8150,27 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_37(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_9b uu____0 = generate_keypair_unpacked_f4(ind_cpa_keypair_randomness); + size_t, Eurydice_slice); + tuple_9b uu____0 = generate_keypair_unpacked_d1(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_84(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_f0(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_14(&ind_cpa_public_key.A[j][i1]); + clone_d5_3a(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8834,39 +8180,36 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_37(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_80( + serialize_public_key_eb( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), + uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), + H_f1_1a(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); + uint8_t[32U], void *); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + memcpy(uu____5.implicit_rejection_value, uu____4, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + memcpy(lit.public_key.public_key_hash, uu____7, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8883,36 +8226,28 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_c5( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_f4(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_d1(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_80( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); + serialize_public_key_eb(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1152U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1184U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); + serialize_secret_key_6d(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -8920,7 +8255,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_a8( +static KRML_MUSTINLINE void serialize_kem_secret_key_5e( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8928,48 +8263,46 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_a8( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), - uint8_t), - private_key, uint8_t); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t); + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), - uint8_t), - public_key, uint8_t); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t); + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e(public_key, ret0); - Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + H_f1_1a(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), - uint8_t), - implicit_rejection_value, uint8_t); + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8984,35 +8317,39 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d7(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_ef(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_ec(ind_cpa_keypair_randomness); + generate_keypair_c5(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_a8( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), + serialize_kem_secret_key_5e( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_22_a70(secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____1 = private_key; - return libcrux_ml_kem_types_from_17_d50( - uu____1, libcrux_ml_kem_types_from_c7_140(public_key)); + libcrux_ml_kem_types_from_05_700(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_eb0( + uu____2, libcrux_ml_kem_types_from_b6_a30(uu____3)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -9023,36 +8360,34 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_76(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_bf(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_39();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + error_1[i] = ZERO_89_8d();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_93(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + sample_from_binomial_distribution_34(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( - copy_of_error_1, error_1, + uu____2, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, copy_of_error_1, + lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -9068,9 +8403,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_040(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_ee0(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_2b0(input, ret); } /** @@ -9083,66 +8418,62 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_d1(&zeta_i, re); - invert_ntt_at_layer_2_ac(&zeta_i, re); - invert_ntt_at_layer_3_63(&zeta_i, re); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_13(&zeta_i, re); + invert_ntt_at_layer_2_cd(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_61(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_a7( +static KRML_MUSTINLINE void compute_vector_u_11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_93(&result[i1], &product); + ntt_multiply_89_17(a_element, &r_as_ntt[j]); + add_to_ring_element_89_e8(&result[i1], &product); } invert_ntt_montgomery_7b(&result[i1]); - add_error_reduce_89_6b(&result[i1], &error_1[i1]); + add_error_reduce_89_53(&result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9150,24 +8481,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_9d( +compute_ring_element_v_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_93(&result, &product);); + ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_e8(&result, &product);); invert_ntt_montgomery_7b(&result); - result = add_message_error_reduce_89_4e(error_2, message, result); + result = add_message_error_reduce_89_60(error_2, message, result); return result; } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9177,69 +8505,32 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_3d( +static void compress_then_serialize_u_e7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_97(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); + compress_then_serialize_ring_element_u_42(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -9258,25 +8549,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_61( +static void encrypt_unpacked_84( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_d7(copy_of_prf_input0, 0U); + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_a7(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = - sample_ring_element_cbd_76(copy_of_prf_input, domain_separator0); + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = sample_ring_element_cbd_bf(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -9284,33 +8572,34 @@ static void encrypt_unpacked_61( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_040(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); + PRF_f1_ee0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + sample_from_binomial_distribution_34(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_a7(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_11(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_a7(copy_of_message); + deserialize_then_decompress_message_c0(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_9d(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_d8(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_3d( + compress_then_serialize_u_e7( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); + uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_a0( - uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); + compress_then_serialize_ring_element_v_1d( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -9333,51 +8622,51 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_08( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_61(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); + encrypt_unpacked_84(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_9c0(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_100(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -9391,20 +8680,15 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_47(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_5a(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - randomness, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -9412,14 +8696,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -9427,9 +8711,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_b8(ring_element); + deserialize_to_reduced_ring_element_a4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -9455,52 +8739,49 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_12(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_aa(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_9f( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + deserialize_ring_elements_reduced_1d( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_23(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + sample_matrix_A_05(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____0, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[3U][3U]; + memcpy(uu____1, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + public_key_unpacked.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + memcpy(public_key_unpacked.seed_for_A, uu____2, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, + memcpy(public_key_unpacked.A, uu____1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_61(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_84(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -9515,11 +8796,12 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_ff(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_ee(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -9542,62 +8824,62 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_78( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_fa( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_47( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); + entropy_preprocess_af_5a( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c20(public_key), - uint8_t), + H_f1_1a(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b0(public_key), + uint8_t, Eurydice_slice), ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c20(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b0(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_12(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + encrypt_aa(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9c0(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_100(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_ff(shared_secret, shared_secret_array); + kdf_af_ee(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9606,16 +8888,17 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_70( +static KRML_MUSTINLINE void deserialize_then_decompress_u_22( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), - uint8_t) / + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -9628,21 +8911,17 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_70( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_82(u_bytes); - ntt_vector_u_18(&u_as_ntt[i0]); + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_then_decompress_ring_element_u_c2(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_39(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9650,44 +8929,20 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_7b( +compute_message_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_93(&result, &product);); + ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_e8(&result, &product);); invert_ntt_montgomery_7b(&result); - result = subtract_reduce_89_7e(v, result); + result = subtract_reduce_89_c3(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9698,19 +8953,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_a7( +static void decrypt_unpacked_89( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_70(ciphertext, u_as_ntt); + deserialize_then_decompress_u_22(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_52( + deserialize_then_decompress_ring_element_v_68( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_7b(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_00(message, ret0); + compress_then_serialize_message_79(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9724,8 +8980,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_ee(Eurydice_slice input, uint8_t ret[32U]) { + PRF_2b(input, ret); } /** @@ -9750,82 +9006,83 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_75( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_a7(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_89(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + libcrux_ml_kem_utils_into_padded_array_ea3( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_750(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_790(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret); + PRF_f1_ee( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_61(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_unpacked_84(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_750(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); + libcrux_ml_kem_types_as_ref_00_790(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_7c( +static KRML_MUSTINLINE void deserialize_secret_key_42( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -9833,9 +9090,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_7c( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_5e(secret_bytes); + deserialize_to_uncompressed_ring_element_f3(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -9853,22 +9110,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_45(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_ac(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_7c(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; + deserialize_secret_key_42(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____0, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_a7(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_89(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9894,70 +9150,77 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_b0( +void libcrux_ml_kem_ind_cca_decapsulate_24( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_45(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_ac(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_750(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_790(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_f1_ee( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_12(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_aa(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ff(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); + kdf_af_ee( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_ff(shared_secret0, shared_secret); + kdf_af_ee(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_750(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), + libcrux_ml_kem_types_as_ref_00_790(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 8aec8129c..3e6277eff 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem_portable_H @@ -205,19 +205,6 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) -/** - Signed Barrett Reduction - - Given an input `value`, `barrett_reduce` outputs a representative `result` - such that: - - - result ≡ value (mod FIELD_MODULUS) - - the absolute value of `result` is bound as follows: - - `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) - - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value); @@ -239,34 +226,9 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) -/** - Signed Montgomery Reduction - - Given an input `value`, `montgomery_reduce` outputs a representative `o` - such that: - - - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - - the absolute value of `o` is bound as follows: - - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) - - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value); -/** - If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to - `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to - `x · y`, as follows: - - `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` - - `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a - representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod - FIELD_MODULUS)`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer); @@ -282,28 +244,6 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r); -/** - The `compress_*` functions implement the `Compress` function specified in the - NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: - - ```plaintext - Compress_d: ℤq -> ℤ_{2ᵈ} - Compress_d(x) = ⌈(2ᵈ/q)·x⌋ - ``` - - Since `⌈x⌋ = ⌊x + 1/2⌋` we have: - - ```plaintext - Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ - = ⌊(2^{d+1}·x + q) / 2q⌋ - ``` - - For further information about the function implementations, consult the - `implementation_notes.pdf` document in this directory. - - The NIST FIPS 203 standard can be found at - . -*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe); @@ -413,28 +353,6 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 9d21462e9..d25fce762 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_sha3_H @@ -22,160 +22,105 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3_internal.h" -/** - A portable SHA3 512 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_ce(buf0, buf); } -/** - A portable SHA3 256 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_ce0(buf0, buf); } -/** - A portable SHAKE256 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_ce1(buf0, buf); } -/** - A portable SHA3 224 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_ce2(buf0, buf); } -/** - A portable SHA3 384 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); + libcrux_sha3_portable_keccakx1_ce3(buf0, buf); } -/** - SHA3 224 - - Preconditions: - - `digest.len() == 28` -*/ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } -/** - SHA3 224 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t), - data); + libcrux_sha3_sha224_ema( + Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } -/** - SHA3 256 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } -/** - SHA3 256 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - data); + libcrux_sha3_sha256_ema( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - SHA3 384 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } -/** - SHA3 384 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t), - data); + libcrux_sha3_sha384_ema( + Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } -/** - SHA3 512 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } -/** - SHA3 512 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t), - data); + libcrux_sha3_sha512_ema( + Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -/** - A portable SHAKE128 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); + libcrux_sha3_portable_keccakx1_ce4(buf0, buf); } -/** - SHAKE 128 - - Writes `out.len()` bytes. -*/ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } -/** - SHAKE 256 - - Writes `out.len()` bytes. -*/ static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 6fadfc9fd..e606bafb5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "internal/libcrux_sha3_avx2.h" @@ -19,24 +19,29 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE __m256i zero_ef(void) { - return mm256_set1_epi64x((int64_t)0); +static KRML_MUSTINLINE core_core_arch_x86___m256i zero_ef(void) { + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); } -static KRML_MUSTINLINE __m256i _veor5q_u64(__m256i a, __m256i b, __m256i c, - __m256i d, __m256i e) { - __m256i ab = mm256_xor_si256(a, b); - __m256i cd = mm256_xor_si256(c, d); - __m256i abcd = mm256_xor_si256(ab, cd); - return mm256_xor_si256(abcd, e); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_veor5q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + core_core_arch_x86___m256i abcd = + libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE __m256i xor5_ef(__m256i a, __m256i b, __m256i c, - __m256i d, __m256i e) { +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor5_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { return _veor5q_u64(a, b, c, d, e); } @@ -46,46 +51,60 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE __m256i rotate_left_58(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)1, x, __m256i), - mm256_srli_epi64((int32_t)63, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_58(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, + core_core_arch_x86___m256i)); } -static KRML_MUSTINLINE __m256i _vrax1q_u64(__m256i a, __m256i b) { - __m256i uu____0 = a; - return mm256_xor_si256(uu____0, rotate_left_58(b)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE __m256i rotate_left1_and_xor_ef(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i rotate_left1_and_xor_ef( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vrax1q_u64(a, b); } -static KRML_MUSTINLINE __m256i _vbcaxq_u64(__m256i a, __m256i b, __m256i c) { - return mm256_xor_si256(a, mm256_andnot_si256(c, b)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vbcaxq_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE __m256i and_not_xor_ef(__m256i a, __m256i b, __m256i c) { +static KRML_MUSTINLINE core_core_arch_x86___m256i +and_not_xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { return _vbcaxq_u64(a, b, c); } -static KRML_MUSTINLINE __m256i _veorq_n_u64(__m256i a, uint64_t c) { - __m256i c0 = mm256_set1_epi64x((int64_t)c); - return mm256_xor_si256(a, c0); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { + core_core_arch_x86___m256i c0 = + libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE __m256i xor_constant_ef(__m256i a, uint64_t c) { +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { return _veorq_n_u64(a, c); } @@ -93,16 +112,21 @@ static KRML_MUSTINLINE __m256i xor_constant_ef(__m256i a, uint64_t c) { This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE __m256i xor_ef(__m256i a, __m256i b) { - return mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); } static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, + Eurydice_slice); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, + Eurydice_slice); } /** @@ -111,11 +135,10 @@ usize> for core::core_arch::x86::__m256i)} */ static KRML_MUSTINLINE void slice_n_ef(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_a[4U]; - memcpy(copy_of_a, a, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice uu____0[4U]; + memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret0[4U]; - slice_4(copy_of_a, start, len, ret0); + slice_4(uu____0, start, len, ret0); memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); } @@ -125,19 +148,19 @@ split_at_mut_4(Eurydice_slice out[4U], size_t mid) { Eurydice_slice out1 = out[1U]; Eurydice_slice out2 = out[2U]; Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at_mut( + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out10 = uu____1.fst; Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at_mut( + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out20 = uu____2.fst; Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at_mut( + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out30 = uu____3.fst; Eurydice_slice out31 = uu____3.snd; @@ -162,9 +185,6 @@ split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { return split_at_mut_4(a, mid); } -/** - Create a new Shake128 x4 state. -*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -176,7 +196,7 @@ with const generics - N= 4 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_1e_16(void) { +new_1e_bf(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = zero_ef(); lit.st[0U][1U] = zero_ef(); @@ -211,114 +231,144 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - __m256i v00 = mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - __m256i v10 = mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - __m256i v20 = mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - __m256i v30 = mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - __m256i v0l = mm256_unpacklo_epi64(v00, v10); - __m256i v1h = mm256_unpackhi_epi64(v00, v10); - __m256i v2l = mm256_unpacklo_epi64(v20, v30); - __m256i v3h = mm256_unpackhi_epi64(v20, v30); - __m256i v0 = mm256_permute2x128_si256((int32_t)32, v0l, v2l, __m256i); - __m256i v1 = mm256_permute2x128_si256((int32_t)32, v1h, v3h, __m256i); - __m256i v2 = mm256_permute2x128_si256((int32_t)49, v0l, v2l, __m256i); - __m256i v3 = mm256_permute2x128_si256((int32_t)49, v1h, v3h, __m256i); + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); } size_t rem = (size_t)136U % (size_t)32U; size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); - Eurydice_slice_copy( + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____1 = - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); - Eurydice_slice_copy( + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____2 = - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); - Eurydice_slice_copy( + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____3 = - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); - Eurydice_slice_copy( + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), - uint8_t); - __m256i u = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( - (size_t)32U, u8s, uint8_t, Eurydice_slice)); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - s[i0][j0] = mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); - Eurydice_slice_copy(uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____5 = - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); - Eurydice_slice_copy(uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____6 = - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); - Eurydice_slice_copy(uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____7 = - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); - Eurydice_slice_copy(uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - __m256i u0 = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( - (size_t)32U, u8s0, uint8_t, Eurydice_slice)); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = mm256_xor_si256(s[i][j], u0); + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); } } @@ -329,15 +379,14 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void load_block_ef_6a(__m256i (*a)[5U], - Eurydice_slice b[4U]) { - __m256i(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[4U]; - memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block_c7(uu____0, copy_of_b); +static KRML_MUSTINLINE void load_block_ef_65( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); + load_block_c7(uu____0, uu____1); } /** @@ -346,9 +395,13 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE __m256i rotate_left_580(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)36, x, __m256i), - mm256_srli_epi64((int32_t)28, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_580(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, + core_core_arch_x86___m256i)); } /** @@ -357,8 +410,9 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c1(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c1(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_580(ab); } @@ -372,7 +426,8 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_17(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_17( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c1(a, b); } @@ -382,9 +437,13 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE __m256i rotate_left_581(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)3, x, __m256i), - mm256_srli_epi64((int32_t)61, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_581(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, + core_core_arch_x86___m256i)); } /** @@ -393,8 +452,9 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c10(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c10(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_581(ab); } @@ -408,7 +468,8 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_170(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_170( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c10(a, b); } @@ -418,9 +479,13 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE __m256i rotate_left_582(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)41, x, __m256i), - mm256_srli_epi64((int32_t)23, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_582(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, + core_core_arch_x86___m256i)); } /** @@ -429,8 +494,9 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c11(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c11(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_582(ab); } @@ -444,7 +510,8 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_171(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_171( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c11(a, b); } @@ -454,9 +521,13 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE __m256i rotate_left_583(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)18, x, __m256i), - mm256_srli_epi64((int32_t)46, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_583(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, + core_core_arch_x86___m256i)); } /** @@ -465,8 +536,9 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c12(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c12(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_583(ab); } @@ -480,7 +552,8 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_172(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_172( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c12(a, b); } @@ -490,8 +563,9 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c13(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_58(ab); } @@ -505,7 +579,8 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_173(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_173( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c13(a, b); } @@ -515,9 +590,13 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE __m256i rotate_left_584(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)44, x, __m256i), - mm256_srli_epi64((int32_t)20, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_584(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, + core_core_arch_x86___m256i)); } /** @@ -526,8 +605,9 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c14(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c14(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_584(ab); } @@ -541,7 +621,8 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_174(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_174( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c14(a, b); } @@ -551,9 +632,13 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE __m256i rotate_left_585(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)10, x, __m256i), - mm256_srli_epi64((int32_t)54, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_585(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, + core_core_arch_x86___m256i)); } /** @@ -562,8 +647,9 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c15(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c15(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_585(ab); } @@ -577,7 +663,8 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_175(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_175( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c15(a, b); } @@ -587,9 +674,13 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE __m256i rotate_left_586(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)45, x, __m256i), - mm256_srli_epi64((int32_t)19, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_586(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, + core_core_arch_x86___m256i)); } /** @@ -598,8 +689,9 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c16(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_586(ab); } @@ -613,7 +705,8 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_176(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_176( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c16(a, b); } @@ -623,9 +716,13 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE __m256i rotate_left_587(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)2, x, __m256i), - mm256_srli_epi64((int32_t)62, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_587(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, + core_core_arch_x86___m256i)); } /** @@ -634,8 +731,9 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c17(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c17(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_587(ab); } @@ -649,7 +747,8 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_177(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_177( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c17(a, b); } @@ -659,9 +758,13 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE __m256i rotate_left_588(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)62, x, __m256i), - mm256_srli_epi64((int32_t)2, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_588(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, + core_core_arch_x86___m256i)); } /** @@ -670,8 +773,9 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c18(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c18(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_588(ab); } @@ -685,7 +789,8 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_178(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_178( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c18(a, b); } @@ -695,9 +800,13 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE __m256i rotate_left_589(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)6, x, __m256i), - mm256_srli_epi64((int32_t)58, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_589(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, + core_core_arch_x86___m256i)); } /** @@ -706,8 +815,9 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c19(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c19(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_589(ab); } @@ -721,7 +831,8 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_179(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_179( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c19(a, b); } @@ -731,9 +842,13 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE __m256i rotate_left_5810(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)43, x, __m256i), - mm256_srli_epi64((int32_t)21, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5810(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, + core_core_arch_x86___m256i)); } /** @@ -742,8 +857,9 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c110(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c110(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5810(ab); } @@ -757,7 +873,8 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1710(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1710( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c110(a, b); } @@ -767,9 +884,13 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE __m256i rotate_left_5811(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)15, x, __m256i), - mm256_srli_epi64((int32_t)49, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5811(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, + core_core_arch_x86___m256i)); } /** @@ -778,8 +899,9 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c111(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c111(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5811(ab); } @@ -793,7 +915,8 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1711(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1711( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c111(a, b); } @@ -803,9 +926,13 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE __m256i rotate_left_5812(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)61, x, __m256i), - mm256_srli_epi64((int32_t)3, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5812(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, + core_core_arch_x86___m256i)); } /** @@ -814,8 +941,9 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c112(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c112(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5812(ab); } @@ -829,7 +957,8 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1712(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1712( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c112(a, b); } @@ -839,9 +968,13 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE __m256i rotate_left_5813(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)28, x, __m256i), - mm256_srli_epi64((int32_t)36, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5813(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, + core_core_arch_x86___m256i)); } /** @@ -850,8 +983,9 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c113(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c113(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5813(ab); } @@ -865,7 +999,8 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1713(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1713( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c113(a, b); } @@ -875,9 +1010,13 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE __m256i rotate_left_5814(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)55, x, __m256i), - mm256_srli_epi64((int32_t)9, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5814(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, + core_core_arch_x86___m256i)); } /** @@ -886,8 +1025,9 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c114(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c114(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5814(ab); } @@ -901,7 +1041,8 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1714(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1714( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c114(a, b); } @@ -911,9 +1052,13 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE __m256i rotate_left_5815(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)25, x, __m256i), - mm256_srli_epi64((int32_t)39, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5815(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, + core_core_arch_x86___m256i)); } /** @@ -922,8 +1067,9 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c115(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c115(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5815(ab); } @@ -937,7 +1083,8 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1715(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1715( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c115(a, b); } @@ -947,9 +1094,13 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE __m256i rotate_left_5816(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)21, x, __m256i), - mm256_srli_epi64((int32_t)43, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5816(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, + core_core_arch_x86___m256i)); } /** @@ -958,8 +1109,9 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c116(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c116(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5816(ab); } @@ -973,7 +1125,8 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1716(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1716( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c116(a, b); } @@ -983,9 +1136,13 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE __m256i rotate_left_5817(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)56, x, __m256i), - mm256_srli_epi64((int32_t)8, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5817(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, + core_core_arch_x86___m256i)); } /** @@ -994,8 +1151,9 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c117(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c117(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5817(ab); } @@ -1009,7 +1167,8 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1717(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1717( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c117(a, b); } @@ -1019,9 +1178,13 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE __m256i rotate_left_5818(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)27, x, __m256i), - mm256_srli_epi64((int32_t)37, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5818(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, + core_core_arch_x86___m256i)); } /** @@ -1030,8 +1193,9 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c118(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c118(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5818(ab); } @@ -1045,7 +1209,8 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1718(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1718( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c118(a, b); } @@ -1055,9 +1220,13 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE __m256i rotate_left_5819(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)20, x, __m256i), - mm256_srli_epi64((int32_t)44, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5819(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, + core_core_arch_x86___m256i)); } /** @@ -1066,8 +1235,9 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c119(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c119(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5819(ab); } @@ -1081,7 +1251,8 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1719(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1719( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c119(a, b); } @@ -1091,9 +1262,13 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE __m256i rotate_left_5820(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)39, x, __m256i), - mm256_srli_epi64((int32_t)25, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5820(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, + core_core_arch_x86___m256i)); } /** @@ -1102,8 +1277,9 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c120(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c120(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5820(ab); } @@ -1117,7 +1293,8 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1720(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1720( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c120(a, b); } @@ -1127,9 +1304,13 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE __m256i rotate_left_5821(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)8, x, __m256i), - mm256_srli_epi64((int32_t)56, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5821(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, + core_core_arch_x86___m256i)); } /** @@ -1138,8 +1319,9 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c121(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c121(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5821(ab); } @@ -1153,7 +1335,8 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1721(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1721( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c121(a, b); } @@ -1163,9 +1346,13 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE __m256i rotate_left_5822(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)14, x, __m256i), - mm256_srli_epi64((int32_t)50, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5822(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, + core_core_arch_x86___m256i)); } /** @@ -1174,8 +1361,9 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c122(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c122(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5822(ab); } @@ -1189,7 +1377,8 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1722(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1722( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c122(a, b); } @@ -1199,59 +1388,107 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void theta_rho_71( +static KRML_MUSTINLINE void theta_rho_74( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - __m256i c[5U] = {xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], - s->st[3U][0U], s->st[4U][0U]), - xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], - s->st[3U][1U], s->st[4U][1U]), - xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], - s->st[3U][2U], s->st[4U][2U]), - xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], - s->st[3U][3U], s->st[4U][3U]), - xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], - s->st[3U][4U], s->st[4U][4U])}; - __m256i uu____0 = + core_core_arch_x86___m256i c[5U] = { + xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_x86___m256i uu____0 = rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], c[((size_t)0U + (size_t)1U) % (size_t)5U]); - __m256i uu____1 = + core_core_arch_x86___m256i uu____1 = rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], c[((size_t)1U + (size_t)1U) % (size_t)5U]); - __m256i uu____2 = + core_core_arch_x86___m256i uu____2 = rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], c[((size_t)2U + (size_t)1U) % (size_t)5U]); - __m256i uu____3 = + core_core_arch_x86___m256i uu____3 = rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], c[((size_t)3U + (size_t)1U) % (size_t)5U]); - __m256i t[5U] = { + core_core_arch_x86___m256i t[5U] = { uu____0, uu____1, uu____2, uu____3, rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - s->st[1U][0U] = xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[2U][0U] = xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[3U][0U] = xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[4U][0U] = xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[0U][1U] = xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[1U][1U] = xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[2U][1U] = xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[3U][1U] = xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[4U][1U] = xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[0U][2U] = xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[1U][2U] = xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[2U][2U] = xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[3U][2U] = xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[4U][2U] = xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[0U][3U] = xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[1U][3U] = xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[2U][3U] = xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[3U][3U] = xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[4U][3U] = xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[0U][4U] = xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[1U][4U] = xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[2U][4U] = xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[3U][4U] = xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - __m256i uu____27 = xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + core_core_arch_x86___m256i uu____4 = + xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + core_core_arch_x86___m256i uu____5 = + xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + core_core_arch_x86___m256i uu____6 = + xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + core_core_arch_x86___m256i uu____7 = + xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + core_core_arch_x86___m256i uu____8 = + xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + core_core_arch_x86___m256i uu____9 = + xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + core_core_arch_x86___m256i uu____10 = + xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + core_core_arch_x86___m256i uu____11 = + xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + core_core_arch_x86___m256i uu____12 = + xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + core_core_arch_x86___m256i uu____13 = + xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + core_core_arch_x86___m256i uu____14 = + xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + core_core_arch_x86___m256i uu____15 = + xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + core_core_arch_x86___m256i uu____16 = + xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + core_core_arch_x86___m256i uu____17 = + xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + core_core_arch_x86___m256i uu____18 = + xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + core_core_arch_x86___m256i uu____19 = + xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + core_core_arch_x86___m256i uu____20 = + xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + core_core_arch_x86___m256i uu____21 = + xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + core_core_arch_x86___m256i uu____22 = + xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + core_core_arch_x86___m256i uu____23 = + xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + core_core_arch_x86___m256i uu____24 = + xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + core_core_arch_x86___m256i uu____25 = + xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + core_core_arch_x86___m256i uu____26 = + xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; + core_core_arch_x86___m256i uu____27 = + xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1261,10 +1498,10 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void pi_01( +static KRML_MUSTINLINE void pi_35( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - __m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); s->st[0U][1U] = old[1U][1U]; s->st[0U][2U] = old[2U][2U]; s->st[0U][3U] = old[3U][3U]; @@ -1297,10 +1534,10 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void chi_9b( +static KRML_MUSTINLINE void chi_09( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - __m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); KRML_MAYBE_FOR5( i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; @@ -1315,7 +1552,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void iota_09( +static KRML_MUSTINLINE void iota_5b( libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { s->st[0U][0U] = xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1327,14 +1564,14 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void keccakf1600_07( +static KRML_MUSTINLINE void keccakf1600_f8( libcrux_sha3_generic_keccak_KeccakState_29 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - theta_rho_71(s); - pi_01(s); - chi_9b(s); - iota_09(s, i0); + theta_rho_74(s); + pi_35(s); + chi_09(s); + iota_5b(s, i0); } } @@ -1345,13 +1582,13 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void absorb_block_37( +static KRML_MUSTINLINE void absorb_block_1d( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { - __m256i(*uu____0)[5U] = s->st; + core_core_arch_x86___m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - load_block_ef_6a(uu____0, uu____1); - keccakf1600_07(s); + load_block_ef_65(uu____0, uu____1); + keccakf1600_f8(s); } /** @@ -1359,13 +1596,16 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_full_91(__m256i (*s)[5U], - uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), - Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), - Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), - Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; +static KRML_MUSTINLINE void load_block_full_91( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; load_block_c7(s, buf); } @@ -1376,15 +1616,14 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void load_block_full_ef_05(__m256i (*a)[5U], - uint8_t b[4U][200U]) { - __m256i(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[4U][200U]; - memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_91(uu____0, copy_of_b); +static KRML_MUSTINLINE void load_block_full_ef_e9( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_91(uu____0, uu____1); } /** @@ -1395,24 +1634,25 @@ with const generics - RATE= 136 - DELIM= 31 */ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_d9( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i0], uint8_t); + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - __m256i(*uu____3)[5U] = s->st; + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_05(uu____3, uu____4); - keccakf1600_07(s); + load_block_full_ef_e9(uu____3, uu____4); + keccakf1600_f8(s); } /** @@ -1420,55 +1660,67 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - __m256i v0l = mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - __m256i); - __m256i v1h = - mm256_permute2x128_si256((int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v2l = mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - __m256i); - __m256i v3h = - mm256_permute2x128_si256((int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v0 = mm256_unpacklo_epi64(v0l, v1h); - __m256i v1 = mm256_unpackhi_epi64(v0l, v1h); - __m256i v2 = mm256_unpacklo_epi64(v2l, v3h); - __m256i v3 = mm256_unpackhi_epi64(v2l, v3h); - mm256_storeu_si256_u8( + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), v0); - mm256_storeu_si256_u8( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), v1); - mm256_storeu_si256_u8( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), v2); - mm256_storeu_si256_u8( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), v3); } size_t rem = (size_t)136U % (size_t)32U; @@ -1476,64 +1728,78 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), - s[i0][j0]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____2 = - Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), - uint8_t); - Eurydice_slice uu____3 = - Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), - uint8_t); + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), - s[i][j]); - Eurydice_slice uu____4 = Eurydice_slice_subslice2( - out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____5 = Eurydice_slice_subslice2( - out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____6 = Eurydice_slice_subslice2( - out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), - uint8_t); - Eurydice_slice uu____7 = Eurydice_slice_subslice2( - out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), - uint8_t); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); } } @@ -1542,32 +1808,29 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_full_0b(__m256i (*s)[5U], - uint8_t ret[4U][200U]) { +static KRML_MUSTINLINE void store_block_full_0b( + core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { uint8_t out0[200U] = {0U}; uint8_t out1[200U] = {0U}; uint8_t out2[200U] = {0U}; uint8_t out3[200U] = {0U}; Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; store_block_e9(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out0[200U]; - memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out1[200U]; - memcpy(copy_of_out1, out1, (size_t)200U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out2[200U]; - memcpy(copy_of_out2, out2, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____2[200U]; + memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); uint8_t uu____3[200U]; memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], copy_of_out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], copy_of_out2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); } @@ -1578,10 +1841,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void store_block_full_ef_99(__m256i (*a)[5U], - uint8_t ret[4U][200U]) { +static KRML_MUSTINLINE void store_block_full_ef_43( + core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { store_block_full_0b(a, ret); } @@ -1592,19 +1855,20 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_first_and_last_a4( +static KRML_MUSTINLINE void squeeze_first_and_last_c5( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; - store_block_full_ef_99(s->st, b); + store_block_full_ef_43(s->st, b); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t);); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); } /** @@ -1614,10 +1878,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void store_block_ef_f6(__m256i (*a)[5U], - Eurydice_slice b[4U]) { +static KRML_MUSTINLINE void store_block_ef_58( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { store_block_e9(a, b); } @@ -1628,9 +1892,9 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_first_block_e9( +static KRML_MUSTINLINE void squeeze_first_block_9b( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f6(s->st, out); + store_block_ef_58(s->st, out); } /** @@ -1640,10 +1904,10 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_next_block_1c( +static KRML_MUSTINLINE void squeeze_next_block_b4( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f6(s->st, out); + keccakf1600_f8(s); + store_block_ef_58(s->st, out); } /** @@ -1653,20 +1917,21 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_last_77( +static KRML_MUSTINLINE void squeeze_last_74( libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - keccakf1600_07(&s); + keccakf1600_f8(&s); uint8_t b[4U][200U]; - store_block_full_ef_99(s.st, b); + store_block_full_ef_43(s.st, b); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t);); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); } /** @@ -1677,34 +1942,35 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], +static KRML_MUSTINLINE void keccak_4f(Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); + libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_bf(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[4U]; - memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[4U]; + memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_37(uu____0, ret); + slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_1d(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[4U]; - memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[4U]; + memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, + slice_n_ef(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + libcrux_sha3_generic_keccak_absorb_final_d9(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - squeeze_first_and_last_a4(&s, out); + squeeze_first_and_last_c5(&s, out); } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = split_at_mut_n_ef(out, (size_t)136U); @@ -1712,7 +1978,7 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e9(&s, o0); + squeeze_first_block_9b(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1730,34 +1996,28 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c(&s, o); + squeeze_next_block_b4(&s, o); memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { - squeeze_last_77(s, o1); + squeeze_last_74(s, o1); } } } -/** - Perform 4 SHAKE256 operations in parallel -*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - keccak_14(buf0, buf); + keccak_4f(buf0, buf); } -/** - Initialise the [`KeccakState`]. -*/ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return new_1e_16(); + return new_1e_bf(); } /** @@ -1765,114 +2025,144 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - __m256i v00 = mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - __m256i v10 = mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - __m256i v20 = mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - __m256i v30 = mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - __m256i v0l = mm256_unpacklo_epi64(v00, v10); - __m256i v1h = mm256_unpackhi_epi64(v00, v10); - __m256i v2l = mm256_unpacklo_epi64(v20, v30); - __m256i v3h = mm256_unpackhi_epi64(v20, v30); - __m256i v0 = mm256_permute2x128_si256((int32_t)32, v0l, v2l, __m256i); - __m256i v1 = mm256_permute2x128_si256((int32_t)32, v1h, v3h, __m256i); - __m256i v2 = mm256_permute2x128_si256((int32_t)49, v0l, v2l, __m256i); - __m256i v3 = mm256_permute2x128_si256((int32_t)49, v1h, v3h, __m256i); + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); } size_t rem = (size_t)168U % (size_t)32U; size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); - Eurydice_slice_copy( + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____1 = - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); - Eurydice_slice_copy( + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____2 = - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); - Eurydice_slice_copy( + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____3 = - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); - Eurydice_slice_copy( + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), - uint8_t); - __m256i u = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( - (size_t)32U, u8s, uint8_t, Eurydice_slice)); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - s[i0][j0] = mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); - Eurydice_slice_copy(uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____5 = - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); - Eurydice_slice_copy(uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____6 = - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); - Eurydice_slice_copy(uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____7 = - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); - Eurydice_slice_copy(uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - __m256i u0 = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( - (size_t)32U, u8s0, uint8_t, Eurydice_slice)); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = mm256_xor_si256(s[i][j], u0); + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); } } @@ -1881,13 +2171,16 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_full_910(__m256i (*s)[5U], - uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), - Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), - Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), - Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; +static KRML_MUSTINLINE void load_block_full_910( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; load_block_c70(s, buf); } @@ -1898,15 +2191,14 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ -static KRML_MUSTINLINE void load_block_full_ef_050(__m256i (*a)[5U], - uint8_t b[4U][200U]) { - __m256i(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[4U][200U]; - memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_910(uu____0, copy_of_b); +static KRML_MUSTINLINE void load_block_full_ef_e90( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_910(uu____0, uu____1); } /** @@ -1917,34 +2209,32 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void absorb_final_5e0( +static KRML_MUSTINLINE void absorb_final_d90( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i0], uint8_t); + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - __m256i(*uu____3)[5U] = s->st; + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_050(uu____3, uu____4); - keccakf1600_07(s); + load_block_full_ef_e90(uu____3, uu____4); + keccakf1600_f8(s); } -/** - Absorb -*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - absorb_final_5e0(s, buf); + absorb_final_d90(s, buf); } /** @@ -1952,55 +2242,67 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - __m256i v0l = mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - __m256i); - __m256i v1h = - mm256_permute2x128_si256((int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v2l = mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - __m256i); - __m256i v3h = - mm256_permute2x128_si256((int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v0 = mm256_unpacklo_epi64(v0l, v1h); - __m256i v1 = mm256_unpackhi_epi64(v0l, v1h); - __m256i v2 = mm256_unpacklo_epi64(v2l, v3h); - __m256i v3 = mm256_unpackhi_epi64(v2l, v3h); - mm256_storeu_si256_u8( + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), v0); - mm256_storeu_si256_u8( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), v1); - mm256_storeu_si256_u8( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), v2); - mm256_storeu_si256_u8( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), v3); } size_t rem = (size_t)168U % (size_t)32U; @@ -2008,64 +2310,78 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), - s[i0][j0]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____2 = - Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), - uint8_t); - Eurydice_slice uu____3 = - Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), - uint8_t); + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), - s[i][j]); - Eurydice_slice uu____4 = Eurydice_slice_subslice2( - out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____5 = Eurydice_slice_subslice2( - out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____6 = Eurydice_slice_subslice2( - out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), - uint8_t); - Eurydice_slice uu____7 = Eurydice_slice_subslice2( - out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), - uint8_t); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); } } @@ -2076,10 +2392,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ -static KRML_MUSTINLINE void store_block_ef_f60(__m256i (*a)[5U], - Eurydice_slice b[4U]) { +static KRML_MUSTINLINE void store_block_ef_580( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { store_block_e90(a, b); } @@ -2090,20 +2406,17 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_next_block_1c0( +static KRML_MUSTINLINE void squeeze_next_block_b40( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f60(s->st, out); + keccakf1600_f8(s); + store_block_ef_580(s->st, out); } -/** - Squeeze another block -*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c0(s, buf); + squeeze_next_block_b40(s, buf); } /** @@ -2113,9 +2426,9 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_block_e90( +static KRML_MUSTINLINE void squeeze_first_block_9b0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f60(s->st, out); + store_block_ef_580(s->st, out); } /** @@ -2125,7 +2438,7 @@ with const generics - N= 4 - RATE= 168 */ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2133,25 +2446,22 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); + squeeze_first_block_9b0(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); - squeeze_next_block_1c0(s, o2); + squeeze_next_block_b40(s, o1); + squeeze_next_block_b40(s, o2); } -/** - Squeeze three blocks -*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(s, buf); } /** @@ -2161,7 +2471,7 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( +static KRML_MUSTINLINE void squeeze_first_five_blocks_69( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2169,70 +2479,58 @@ static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); + squeeze_first_block_9b0(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); + squeeze_next_block_b40(s, o1); Eurydice_slice_uint8_t_4size_t__x2 uu____2 = split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o2); + squeeze_next_block_b40(s, o2); Eurydice_slice_uint8_t_4size_t__x2 uu____3 = split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o3); - squeeze_next_block_1c0(s, o4); + squeeze_next_block_b40(s, o3); + squeeze_next_block_b40(s, o4); } -/** - Squeeze five blocks -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_five_blocks_e4(s, buf); + squeeze_first_five_blocks_69(s, buf); } -/** - Absorb -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); + libcrux_sha3_generic_keccak_absorb_final_d9(s, buf); } -/** - Squeeze block -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_block_e9(s, buf); + squeeze_first_block_9b(s, buf); } -/** - Squeeze next block -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c(s, buf); + squeeze_next_block_b4(s, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 2e6ab41ab..39046c730 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_sha3_avx2_H @@ -30,68 +30,41 @@ with const generics - $4size_t */ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { - __m256i st[5U][5U]; + core_core_arch_x86___m256i st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_29; -/** - Perform 4 SHAKE256 operations in parallel -*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Initialise the [`KeccakState`]. -*/ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void); -/** - Absorb -*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); -/** - Squeeze another block -*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Squeeze three blocks -*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Squeeze five blocks -*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Absorb -*/ void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); -/** - Squeeze block -*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Squeeze next block -*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index b5e10fd6f..aa2382f2b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_cb(b); } /** @@ -137,7 +137,8 @@ libcrux_sha3_portable_keccak_xor_5a(uint64_t a, uint64_t b) { static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_1( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); } /** @@ -146,18 +147,17 @@ usize> for u64)} */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_a[1U]; - memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(copy_of_a, start, len, ret0); + libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); } static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2 libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( out[0U], mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; @@ -187,9 +187,6 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; -/** - Create a new Shake128 x4 state. -*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -201,7 +198,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_1e_f4(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -236,7 +233,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -245,8 +242,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -260,11 +258,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_2c(s, buf); } /** @@ -274,15 +272,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df(uu____0, uu____1); } /** @@ -292,7 +289,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -303,9 +300,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_42(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb0(ab); } /** @@ -319,8 +316,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_42(a, b); } /** @@ -330,7 +327,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -341,9 +338,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_420(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb1(ab); } /** @@ -357,8 +354,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_420(a, b); } /** @@ -368,7 +365,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -379,9 +376,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_421(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb2(ab); } /** @@ -395,8 +392,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_421(a, b); } /** @@ -406,7 +403,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -417,9 +414,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_422(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb3(ab); } /** @@ -433,8 +430,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_422(a, b); } /** @@ -444,9 +441,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_423(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb(ab); } /** @@ -460,8 +457,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_423(a, b); } /** @@ -471,7 +468,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -482,9 +479,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_424(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb4(ab); } /** @@ -498,8 +495,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_424(a, b); } /** @@ -509,7 +506,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -520,9 +517,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_425(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb5(ab); } /** @@ -536,8 +533,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_425(a, b); } /** @@ -547,7 +544,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -558,9 +555,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_426(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb6(ab); } /** @@ -574,8 +571,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_426(a, b); } /** @@ -585,7 +582,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -596,9 +593,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_427(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb7(ab); } /** @@ -612,8 +609,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_427(a, b); } /** @@ -623,7 +620,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -634,9 +631,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_428(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb8(ab); } /** @@ -650,8 +647,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_428(a, b); } /** @@ -661,7 +658,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -672,9 +669,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_429(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb9(ab); } /** @@ -688,8 +685,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_429(a, b); } /** @@ -699,7 +696,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -710,9 +707,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4210(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb10(ab); } /** @@ -726,8 +723,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4210(a, b); } /** @@ -737,7 +734,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -748,9 +745,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4211(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb11(ab); } /** @@ -764,8 +761,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4211(a, b); } /** @@ -775,7 +772,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -786,9 +783,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4212(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb12(ab); } /** @@ -802,8 +799,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4212(a, b); } /** @@ -813,7 +810,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -824,9 +821,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4213(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb13(ab); } /** @@ -840,8 +837,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4213(a, b); } /** @@ -851,7 +848,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -862,9 +859,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4214(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb14(ab); } /** @@ -878,8 +875,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4214(a, b); } /** @@ -889,7 +886,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -900,9 +897,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4215(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb15(ab); } /** @@ -916,8 +913,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4215(a, b); } /** @@ -927,7 +924,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -938,9 +935,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4216(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb16(ab); } /** @@ -954,8 +951,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4216(a, b); } /** @@ -965,7 +962,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -976,9 +973,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4217(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb17(ab); } /** @@ -992,8 +989,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4217(a, b); } /** @@ -1003,7 +1000,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1014,9 +1011,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4218(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb18(ab); } /** @@ -1030,8 +1027,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4218(a, b); } /** @@ -1041,7 +1038,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1052,9 +1049,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4219(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb19(ab); } /** @@ -1068,8 +1065,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4219(a, b); } /** @@ -1079,7 +1076,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1090,9 +1087,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4220(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb20(ab); } /** @@ -1106,8 +1103,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4220(a, b); } /** @@ -1117,7 +1114,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1128,9 +1125,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4221(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb21(ab); } /** @@ -1144,8 +1141,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4221(a, b); } /** @@ -1155,7 +1152,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1166,9 +1163,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4222(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb22(ab); } /** @@ -1182,8 +1179,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4222(a, b); } /** @@ -1192,7 +1189,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_16( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1227,54 +1224,77 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); - s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); - s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); - s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); - s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); - s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); - s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); - s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); - s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); - s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); - s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); - s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); - s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); - s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); - s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); - s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); - s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); - s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); - s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); - s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); - s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); - s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); - s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); + uint64_t uu____4 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + uint64_t uu____5 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + uint64_t uu____6 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + uint64_t uu____7 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + uint64_t uu____8 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + uint64_t uu____9 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + uint64_t uu____10 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + uint64_t uu____11 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + uint64_t uu____12 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + uint64_t uu____13 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + uint64_t uu____14 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + uint64_t uu____15 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + uint64_t uu____16 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + uint64_t uu____17 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + uint64_t uu____18 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + uint64_t uu____19 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + uint64_t uu____20 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + uint64_t uu____21 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + uint64_t uu____22 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + uint64_t uu____23 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + uint64_t uu____24 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + uint64_t uu____25 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + uint64_t uu____26 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1284,7 +1304,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_1d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1320,7 +1340,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_12( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1338,7 +1358,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_62( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1350,14 +1370,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_21( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_16(s); + libcrux_sha3_generic_keccak_pi_1d(s); + libcrux_sha3_generic_keccak_chi_12(s); + libcrux_sha3_generic_keccak_iota_62(s, i0); } } @@ -1369,16 +1389,16 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c7( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i], uint8_t); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1388,8 +1408,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1402,11 +1422,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -1417,9 +1440,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_59( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_58(a, b); } @@ -1431,10 +1454,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out); } /** @@ -1444,9 +1467,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_84( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out); } /** @@ -1454,7 +1477,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c0( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1463,8 +1486,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1478,11 +1502,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_2c0(s, buf); } /** @@ -1492,15 +1516,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d20( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df0(uu____0, uu____1); } /** @@ -1511,16 +1534,16 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c70( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i], uint8_t); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1530,8 +1553,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1544,11 +1567,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -1559,9 +1585,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_590( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_580(a, b); } @@ -1573,9 +1599,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_840( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out); } /** @@ -1585,10 +1611,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out); } /** @@ -1598,15 +1624,31 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 168 +- RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b8( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c0(uu____0, uu____1); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b80( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c(uu____0, uu____1); } /** @@ -1616,13 +1658,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b80(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1630,16 +1672,15 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_58(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); } /** @@ -1649,12 +1690,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_293(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d3(a, ret); } /** @@ -1665,22 +1706,22 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c54( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_293(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -1691,23 +1732,23 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf3( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_293(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -1719,36 +1760,37 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df3(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_c7(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c54(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1756,7 +1798,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_84(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1774,12 +1816,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf3(s, o1); } } } @@ -1790,12 +1832,11 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e94(uu____0, out); } /** @@ -1803,7 +1844,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1812,8 +1853,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1829,15 +1871,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b83( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c3(uu____0, uu____1); } /** @@ -1847,13 +1888,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b83(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1861,11 +1902,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_2c3(s, buf); } /** @@ -1875,15 +1916,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d23( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df3(uu____0, uu____1); } /** @@ -1894,16 +1934,16 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c74( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i], uint8_t); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -1913,8 +1953,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d23(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1927,11 +1967,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -1940,16 +1983,15 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_583(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); } /** @@ -1959,12 +2001,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_292(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d2(a, ret); } /** @@ -1975,22 +2017,22 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c53( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_292(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -2001,9 +2043,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_593( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_583(a, b); } @@ -2015,9 +2057,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_843( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out); } /** @@ -2027,10 +2069,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out); } /** @@ -2040,23 +2082,23 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf2( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_292(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -2068,36 +2110,37 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df2(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_c74(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c53(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2105,7 +2148,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_843(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2123,12 +2166,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc3(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf2(s, o1); } } } @@ -2139,12 +2182,11 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e93(uu____0, out); } /** @@ -2152,7 +2194,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c2( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2161,8 +2203,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2178,15 +2221,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b82( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c2(uu____0, uu____1); } /** @@ -2196,13 +2238,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b82(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2210,11 +2252,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_2c2(s, buf); } /** @@ -2224,15 +2266,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d22( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df2(uu____0, uu____1); } /** @@ -2243,16 +2284,16 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c73( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i], uint8_t); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2262,8 +2303,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d22(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2276,11 +2317,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -2289,16 +2333,15 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_582(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); } /** @@ -2308,12 +2351,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_291(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d1(a, ret); } /** @@ -2324,22 +2367,22 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c52( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_291(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -2350,9 +2393,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_592( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_582(a, b); } @@ -2364,9 +2407,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_842( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out); } /** @@ -2376,10 +2419,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out); } /** @@ -2389,23 +2432,23 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf1( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_291(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -2417,36 +2460,37 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df1(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_c73(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c52(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2454,7 +2498,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_842(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2472,12 +2516,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf1(s, o1); } } } @@ -2488,30 +2532,11 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e92(uu____0, out); } /** @@ -2521,13 +2546,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b8(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2535,16 +2560,15 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_580(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); } /** @@ -2554,12 +2578,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_290(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d0(a, ret); } /** @@ -2570,22 +2594,22 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c51( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_290(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -2596,23 +2620,23 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf0( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_290(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -2624,36 +2648,37 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_c70(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c51(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2661,7 +2686,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2679,12 +2704,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1); } } } @@ -2695,12 +2720,11 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e91(uu____0, out); } /** @@ -2711,16 +2735,16 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i], uint8_t); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2730,8 +2754,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2742,36 +2766,37 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_c72(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c51(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2779,7 +2804,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2797,12 +2822,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1); } } } @@ -2813,12 +2838,11 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e90(uu____0, out); } /** @@ -2826,7 +2850,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c1( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2835,8 +2859,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2852,15 +2877,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b81( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c1(uu____0, uu____1); } /** @@ -2870,13 +2894,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b81(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2884,11 +2908,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_2c1(s, buf); } /** @@ -2898,15 +2922,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d21( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df1(uu____0, uu____1); } /** @@ -2917,16 +2940,16 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c71( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i], uint8_t); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2936,8 +2959,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d21(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2950,11 +2973,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -2963,16 +2989,15 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_581(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); } /** @@ -2982,11 +3007,11 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_29( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d(a, ret); } /** @@ -2997,22 +3022,22 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c50( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_29(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -3023,9 +3048,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_591( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_581(a, b); } @@ -3037,9 +3062,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_841( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out); } /** @@ -3049,10 +3074,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out); } /** @@ -3062,23 +3087,23 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_29(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -3090,36 +3115,37 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_c71(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3127,7 +3153,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_841(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3145,12 +3171,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf(s, o1); } } } @@ -3161,12 +3187,11 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e9(uu____0, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 3bda4744f..654c8b7ee 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,38 +4,27 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_sha3_neon.h" -/** - A portable SHA3 512 implementation. -*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } -/** - A portable SHA3 256 implementation. -*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } -/** - Run SHAKE256 on both inputs in parallel. - - Writes the two results into `out0` and `out1` -*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, @@ -45,9 +34,6 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, KRML_HOST_EXIT(255U); } -/** - Initialise the `KeccakState2`. -*/ KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -55,9 +41,6 @@ libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EXIT(255U); } -/** - Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. -*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { @@ -66,10 +49,6 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( KRML_HOST_EXIT(255U); } -/** - Squeeze 2 times the next block in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -79,10 +58,6 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( KRML_HOST_EXIT(255U); } -/** - Squeeze 2 times the first three blocks in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -92,9 +67,6 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( KRML_HOST_EXIT(255U); } -/** - A portable SHA3 224 implementation. -*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -102,9 +74,6 @@ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, KRML_HOST_EXIT(255U); } -/** - A portable SHA3 384 implementation. -*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 8098e4972..1fc256403 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_sha3_neon_H @@ -22,21 +22,10 @@ extern "C" { #include "intrinsics/libcrux_intrinsics_arm64.h" #include "libcrux_sha3_internal.h" -/** - A portable SHA3 512 implementation. -*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); -/** - A portable SHA3 256 implementation. -*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); -/** - Run SHAKE256 on both inputs in parallel. - - Writes the two results into `out0` and `out1` -*/ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); @@ -44,43 +33,23 @@ typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; } libcrux_sha3_neon_x2_incremental_KeccakState; -/** - Initialise the `KeccakState2`. -*/ libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void); -/** - Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1); -/** - Squeeze 2 times the next block in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); -/** - Squeeze 2 times the first three blocks in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); -/** - A portable SHA3 224 implementation. -*/ void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); -/** - A portable SHA3 384 implementation. -*/ void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index ba5d875e5..abfaa400b 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 -Eurydice: 99662476dd28a9804b424c103638a01c38192491 -Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b +Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 +Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 +Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 +Libcrux: b1d4135b68cb8c89ceb03c1a5829a6eb04a5309a diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 5b967874d..4b994a998 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -61,31 +61,31 @@ typedef struct { // which is NOT correct C syntax, so we add a dedicated phase in Eurydice that // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. -#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _, _ret_t) \ +#define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _) \ EURYDICE_SLICE((t *)s.ptr, r.start, r.end) // Variant for when the start and end indices are statically known (i.e., the // range argument `r` is a literal). -#define Eurydice_slice_subslice2(s, start, end, t, _) \ +#define Eurydice_slice_subslice2(s, start, end, t) \ EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) \ +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) \ +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t, _ret_t) \ - EURYDICE_SLICE(x, 0, \ +#define Eurydice_array_to_slice(end, x, t) \ + EURYDICE_SLICE(x, 0, \ end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) \ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ EURYDICE_SLICE((t *)x, r.start, r.end) // Same as above, variant for when start and end are statically known -#define Eurydice_array_to_subslice2(x, start, end, t, _ret_t) \ +#define Eurydice_array_to_subslice2(x, start, end, t) \ EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) \ +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) \ +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, r, size) -#define Eurydice_slice_len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define Eurydice_slice_copy(dst, src, t, _ret_t) \ +#define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) +#define Eurydice_slice_copy(dst, src, t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) @@ -95,7 +95,7 @@ typedef struct { (memcpy(dst, src, len * sizeof(elem_type))) #define TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) \ +#define Eurydice_array_eq(sz, a1, a2, t, _a, _b) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ Eurydice_array_eq @@ -113,7 +113,7 @@ typedef struct { // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. // N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) \ +#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) diff --git a/libcrux-ml-kem/cg/karamel/target.h b/libcrux-ml-kem/cg/karamel/target.h index a315a8e0d..b8ed3fd02 100644 --- a/libcrux-ml-kem/cg/karamel/target.h +++ b/libcrux-ml-kem/cg/karamel/target.h @@ -26,20 +26,9 @@ #define KRML_HOST_EXIT exit #endif -// This does not actually force inline for now because this would require the -// caller to compile with the same target features as the function. -#ifndef KRML_MUSTINLINE -#if defined(_MSC_VER) -#define KRML_MUSTINLINE inline __forceinline -#elif defined(__GNUC__) -#define KRML_MUSTINLINE inline __attribute__((always_inline)) -#else -#define KRML_MUSTINLINE -#warning "The KRML_MUSTINLINE macro is not defined for this toolchain!" -#warning \ - "Please locate target.h and try to fill it out with a suitable definition for this compiler." -#endif -#endif +// This does not actually force inline. +// Forcing inline increases stack usage beyond acceptable limits +#define KRML_MUSTINLINE inline #ifndef KRML_NOINLINE #if defined(_MSC_VER) diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index a8c471574..86dfb31de 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Libcrux: b1d4135b68cb8c89ceb03c1a5829a6eb04a5309a */ #ifndef __libcrux_core_H @@ -30,6 +30,11 @@ typedef struct core_ops_range_Range_b3_s { size_t end; } core_ops_range_Range_b3; +#define Ok 0 +#define Err 1 + +typedef uint8_t Result_86_tags; + #define None 0 #define Some 1 @@ -78,18 +83,13 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t snd[1184U]; } libcrux_ml_kem_utils_extraction_helper_Keypair768; -#define Ok 0 -#define Err 1 - -typedef uint8_t Result_6f_tags; - /** A monomorphic instance of core.result.Result with types uint8_t[24size_t], core_array_TryFromSliceError */ typedef struct Result_6f_s { - Result_6f_tags tag; + Result_86_tags tag; union { uint8_t case_Ok[24U]; TryFromSliceError case_Err; @@ -122,7 +122,7 @@ with types uint8_t[20size_t], core_array_TryFromSliceError */ typedef struct Result_7a_s { - Result_6f_tags tag; + Result_86_tags tag; union { uint8_t case_Ok[20U]; TryFromSliceError case_Err; @@ -155,7 +155,7 @@ with types uint8_t[10size_t], core_array_TryFromSliceError */ typedef struct Result_cd_s { - Result_6f_tags tag; + Result_86_tags tag; union { uint8_t case_Ok[10U]; TryFromSliceError case_Err; @@ -221,27 +221,27 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_77( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_b6( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPublicKey)#15} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#14} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_c7 +A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_c7_14(uint8_t *value) { +libcrux_ml_kem_types_from_b6_8e(uint8_t value[1184U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1184U]; + memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; - uint8_t ret[1184U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)1184U, value, ret, uint8_t, void *); - memcpy(lit.value, ret, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -273,28 +273,28 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_d5(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_17_12(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPrivateKey)#9} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPrivateKey)#8} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_22 +A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_22_a7(uint8_t *value) { +libcrux_ml_kem_types_from_05_db(uint8_t value[2400U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[2400U]; + memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - uint8_t ret[2400U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)2400U, value, ret, uint8_t, void *); - memcpy(lit.value, ret, (size_t)2400U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -319,7 +319,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_9c(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_14(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -339,7 +339,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_c2( +static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_6f( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -352,15 +352,14 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea2( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } @@ -370,7 +369,7 @@ with types uint8_t[32size_t], core_array_TryFromSliceError */ typedef struct Result_00_s { - Result_6f_tags tag; + Result_86_tags tag; union { uint8_t case_Ok[32U]; TryFromSliceError case_Err; @@ -405,15 +404,14 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea1( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } @@ -426,10 +424,9 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_16( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_99( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } /** @@ -440,15 +437,14 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea0( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } @@ -460,15 +456,14 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } @@ -478,7 +473,7 @@ with types int16_t[16size_t], core_array_TryFromSliceError */ typedef struct Result_c0_s { - Result_6f_tags tag; + Result_86_tags tag; union { int16_t case_Ok[16U]; TryFromSliceError case_Err; @@ -511,7 +506,7 @@ with types uint8_t[8size_t], core_array_TryFromSliceError */ typedef struct Result_56_s { - Result_6f_tags tag; + Result_86_tags tag; union { uint8_t case_Ok[8U]; TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 391f9ccc3..7d8c39486 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Libcrux: b1d4135b68cb8c89ceb03c1a5829a6eb04a5309a */ #ifndef __libcrux_ct_ops_H @@ -46,12 +46,11 @@ libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) { static inline uint8_t libcrux_ml_kem_constant_time_ops_compare( Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t, size_t); - i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) { size_t i0 = i; r = (uint32_t)r | - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); } return libcrux_ml_kem_constant_time_ops_is_non_zero(r); } @@ -75,11 +74,10 @@ static inline void libcrux_ml_kem_constant_time_ops_select_ct( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) { size_t i0 = i; - out[i0] = - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)mask) | - ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)~mask); + out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & + (uint32_t)mask) | + ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & + (uint32_t)~mask); } memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index ef1d49a0d..587974bbf 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Libcrux: b1d4135b68cb8c89ceb03c1a5829a6eb04a5309a */ #ifndef __libcrux_mlkem768_avx2_H @@ -30,8 +30,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -40,8 +39,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -82,7 +80,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( __m256i v, int16_t ret[16U]) { int16_t output[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + Eurydice_array_to_slice((size_t)16U, output, int16_t), v); memcpy(ret, output, (size_t)16U * sizeof(int16_t)); } @@ -652,38 +650,22 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); __m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, @@ -730,15 +712,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); __m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0); uint8_t ret0[8U]; Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); unwrap_41_ac(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -757,38 +737,22 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, @@ -842,22 +806,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined1, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t), upper_8); uint8_t ret0[10U]; Result_cd dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), + Eurydice_slice, uint8_t[10U]); unwrap_41_e8(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -876,22 +837,22 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { __m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); __m256i coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); __m256i coefficients_loaded0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( @@ -957,22 +918,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, + uint8_t), upper_8); uint8_t ret0[20U]; Result_7a dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), + Eurydice_slice, uint8_t[20U]); unwrap_41_34(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -995,16 +954,14 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); - __m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( lower_coefficients, libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, @@ -1037,11 +994,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( __m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), - vector); + Eurydice_array_to_slice((size_t)16U, array, int16_t), vector); libcrux_ml_kem_vector_portable_vector_type_PortableVector input = libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)16U, array, int16_t)); uint8_t ret0[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); @@ -1065,7 +1021,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)16U, array, int16_t)); } /** @@ -1109,20 +1065,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, + uint8_t), upper_8); uint8_t ret0[24U]; Result_6f dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), + Eurydice_slice, uint8_t[24U]); unwrap_41_1c(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1145,16 +1099,14 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( lower_coefficients, libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, @@ -1201,9 +1153,8 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); - __m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + __m128i lower_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); __m128i lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( @@ -1215,17 +1166,15 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); - __m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + __m128i upper_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t)); __m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, potential_coefficients, __m128i); __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( upper_coefficients, upper_shuffles0); libcrux_intrinsics_avx2_mm_storeu_si128( Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), + sampled_count + (size_t)8U, int16_t), upper_coefficients0); size_t uu____0 = sampled_count; return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); @@ -1262,7 +1211,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_89_d5(void) { +libcrux_ml_kem_polynomial_ZERO_89_9b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); @@ -1291,8 +1240,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_60(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_9a(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -1303,16 +1252,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ef( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_34( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); } return re; @@ -1328,15 +1276,15 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_5c( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_68( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -1344,9 +1292,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_5c( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ef( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_34( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1375,8 +1323,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_bd(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_53(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -1387,7 +1335,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a0( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1439,9 +1387,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_49( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_85( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a0( vector); } @@ -1453,19 +1401,18 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_0e( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_67( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)20U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_49( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_85( coefficient); } return re; @@ -1479,7 +1426,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac0( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a00( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1531,9 +1478,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_490( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_850( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac0( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a00( vector); } @@ -1545,19 +1492,18 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_9f( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_e1( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)22U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_490( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_850( coefficient); } return re; @@ -1571,9 +1517,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_05( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_01( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_0e(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_67(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1588,7 +1534,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d( +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_3e( __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -1601,9 +1547,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4(__m256i a, __m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a7(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_3e(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1617,7 +1563,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1630,7 +1576,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -1648,7 +1594,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_b4( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_c4( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1667,7 +1613,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7c( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_2d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1689,7 +1635,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c2( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_42( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1719,7 +1665,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1736,21 +1682,21 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_98( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_37( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_c4(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_2d(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_42(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_e6(re); } /** @@ -1767,17 +1713,17 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_bb( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_06( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1088U, ciphertext, - uint8_t, Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -1790,11 +1736,11 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_bb( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); + uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_05( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_01( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_98(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_37(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1809,7 +1755,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac1( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a01( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1861,9 +1807,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_491( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_851( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac1( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a01( vector); } @@ -1875,19 +1821,18 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_c0( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_49( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)8U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_491( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_851( coefficient); } return re; @@ -1901,7 +1846,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac2( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a02( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1953,9 +1898,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_492( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_852( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac2( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a02( vector); } @@ -1967,19 +1912,18 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_38( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_1d( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)10U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_492( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_852( re.coefficients[i0]); } return re; @@ -1993,9 +1937,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8a( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_58( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_c0(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_49(serialized); } /** @@ -2037,11 +1981,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_89_48( +libcrux_ml_kem_polynomial_ntt_multiply_89_44( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2077,14 +2021,13 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_97( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_ce( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, - Eurydice_slice), - __m256i, size_t); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -2099,7 +2042,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_04( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_3d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2126,7 +2069,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_18( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_64( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2149,7 +2092,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_94( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_fb( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2170,13 +2113,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_34(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_eb(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_3e(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2189,7 +2132,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2204,7 +2147,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_34( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_eb( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2222,22 +2165,22 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_04(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_18(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_94(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_3d(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_64(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_fb(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_e6(re); } /** @@ -2252,7 +2195,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_89_f4( +libcrux_ml_kem_polynomial_subtract_reduce_89_1e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2282,21 +2225,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_8d( +libcrux_ml_kem_matrix_compute_message_db( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_f4(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_e6(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_1e(v, result); return result; } @@ -2307,7 +2250,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_84(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_1f(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2321,9 +2264,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_1a( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_8a( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_84(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_1f(vector); } /** @@ -2334,8 +2277,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_a4(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_1a(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_14(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_8a(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2349,25 +2292,22 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_79( +libcrux_ml_kem_serialize_compress_then_serialize_message_d1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } @@ -2407,21 +2347,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_87( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_bb(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_06(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8a( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_58( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_8d(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_db(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_79(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_d1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2436,11 +2375,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_3b(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_76(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_5c(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_68(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2452,7 +2391,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_3b(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_87(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2467,7 +2406,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_68( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_e1( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -2478,12 +2417,11 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_42( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_45( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -2498,9 +2436,9 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_42(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_45(input, ret); } /** @@ -2512,9 +2450,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cc( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c1( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -2531,16 +2469,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c5( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_71( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); @@ -2563,15 +2500,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f2( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a8( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2579,9 +2516,9 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f2( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c5( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_71( ring_element); deserialized_pk[i0] = uu____0; } @@ -2598,8 +2535,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_a6(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_11(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -2609,10 +2546,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_b8( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_b9( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } } @@ -2626,16 +2563,15 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_4d( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_b4( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); return state; } @@ -2650,12 +2586,12 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_ca( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_cf( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_4d( + return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_b4( copy_of_input); } @@ -2667,7 +2603,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_6b( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_98( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -2675,10 +2611,10 @@ libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_6b( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -2703,9 +2639,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_4d( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_c0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_6b(self, + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_98(self, ret); } @@ -2759,7 +2695,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f9( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2768,14 +2704,13 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, + r * (size_t)24U + (size_t)24U, uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } @@ -2802,7 +2737,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_1b( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_aa( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -2810,10 +2745,10 @@ libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_1b( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -2837,9 +2772,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_5a( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_a3( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_1b(self, ret); + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_aa(self, ret); } /** @@ -2892,7 +2827,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f90( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2901,14 +2836,13 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, + r * (size_t)24U + (size_t)24U, uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } @@ -2940,16 +2874,15 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_89_46(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; result.coefficients[i0] = libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t)); } return result; } @@ -2962,10 +2895,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_79(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_10( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, - Eurydice_slice)); +libcrux_ml_kem_sampling_sample_from_xof_closure_19(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_46( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -2975,7 +2907,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_af( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -2984,28 +2916,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_ca( + libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_cf( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_4d( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_c0( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f9( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_5a( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_a3( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f90( copy_of_randomness, sampled_coefficients, out); } } @@ -3015,7 +2947,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_79(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_19(copy_of_out[i]); } memcpy( ret, ret0, @@ -3029,12 +2961,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ac( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_b8(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_b9(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -3054,14 +2986,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_b0(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_af(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -3111,8 +3042,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_aa(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_d3(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -3122,7 +3053,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_1c( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_66( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -3130,14 +3061,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_1c( uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -3161,9 +3092,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_a1( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_avx2_PRFxN_1c(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRFxN_66(input, ret); } /** @@ -3223,27 +3154,26 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ee( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -3259,8 +3189,8 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return libcrux_ml_kem_polynomial_from_i16_array_89_46( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -3271,24 +3201,23 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_c4( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -3306,8 +3235,8 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return libcrux_ml_kem_polynomial_from_i16_array_89_46( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -3318,9 +3247,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ee( randomness); } @@ -3331,7 +3260,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_45( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_fd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3353,20 +3282,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_45(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_fd(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_c4(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_2d(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_42(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_e6(re); } /** @@ -3383,11 +3312,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3402,14 +3331,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_a1(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]); + libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b2(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; @@ -3434,8 +3362,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_96(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_24(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -3451,11 +3379,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_00(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_58(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3470,13 +3398,12 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_00(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_a1(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); + libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } /* Passing arrays by value in Rust generates a copy in C */ @@ -3498,12 +3425,11 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_420( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_450( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -3518,9 +3444,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd0( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_420(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_450(input, ret); } /** @@ -3531,8 +3457,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_a3(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_matrix_compute_vector_u_closure_ae(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -3546,7 +3472,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_46( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3571,22 +3497,21 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_6c( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_54( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; @@ -3594,19 +3519,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_6c( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_89_44(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_46(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_e6(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_c7(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3620,7 +3544,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_52(__m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_d7(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3635,18 +3559,18 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_84( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_d3( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_52(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_d7(coefficient_compressed); } return re; } @@ -3663,7 +3587,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_37( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_6a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3694,22 +3618,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_04( +libcrux_ml_kem_matrix_compute_ring_element_v_f9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_37( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_e6(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_6a( error_2, message, result); return result; } @@ -3722,7 +3646,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d4( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_94( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3777,9 +3701,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_f4( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_ab( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d4( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_94( vector); } @@ -3791,24 +3715,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_f0( +libcrux_ml_kem_serialize_compress_then_serialize_10_d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_f4( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_ab( + libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -3821,7 +3742,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d40( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_940( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3876,9 +3797,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_f40( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_ab0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d40( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_940( vector); } @@ -3890,24 +3811,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_63( +libcrux_ml_kem_serialize_compress_then_serialize_11_28( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_f40( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_ab0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -3921,10 +3839,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4d( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_56( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_f0(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_d0(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3941,30 +3859,26 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_55( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_9b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4d(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_56(&re, ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -3976,7 +3890,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d41( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_941( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4031,9 +3945,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_f41( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_ab1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d41( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_941( vector); } @@ -4045,23 +3959,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_59( +libcrux_ml_kem_serialize_compress_then_serialize_4_fb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_f41( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_ab1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -4073,7 +3985,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d42( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_942( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4128,9 +4040,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_f42( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_ab2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d42( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_942( vector); } @@ -4142,23 +4054,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_73( +libcrux_ml_kem_serialize_compress_then_serialize_5_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_f42( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_ab2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -4171,9 +4081,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_dd( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_59(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_fb(re, out); } /** @@ -4235,15 +4145,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -4253,7 +4163,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_00( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_58( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4262,38 +4172,35 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_6c(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_54(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_84( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_d3( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_04( + libcrux_ml_kem_matrix_compute_ring_element_v_f9( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_55( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_9b( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_dd( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6d( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -4315,24 +4222,23 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_8e(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_e0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f2( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a8( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_a2(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_ac(ret0, false, A); uint8_t seed_for_A[32U]; Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; @@ -4363,7 +4269,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_8e(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -4380,13 +4286,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_41( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_ca( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -4413,12 +4318,11 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_13( +static inline void libcrux_ml_kem_ind_cca_decapsulate_33( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -4432,61 +4336,57 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_13( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_3b(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_76(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_avx2_G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_16(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_8e(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_e0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_41( + libcrux_ml_kem_ind_cca_kdf_43_ca( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), + uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_41(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_43_ca(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_16(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4515,10 +4415,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_ed( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_51( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_13(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_33(private_key, ciphertext, ret); } /** @@ -4532,7 +4432,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_ed(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_51(private_key, ciphertext, ret); } @@ -4592,48 +4492,45 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_6c( +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_41( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_87( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); + uint8_t, size_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_avx2_G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + libcrux_ml_kem_utils_into_padded_array_ea0( + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_16(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -4641,18 +4538,17 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_6c( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_16(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4683,10 +4579,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_4d( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_5f( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_6c(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_41(key_pair, ciphertext, ret); } /** @@ -4700,7 +4596,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_4d( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_5f( private_key, ciphertext, ret); } @@ -4715,12 +4611,11 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_c9( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_b8( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -4734,7 +4629,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_65( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -4759,57 +4654,50 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_93( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e6( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_c9( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + libcrux_ml_kem_ind_cca_entropy_preprocess_43_b8( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_c2(public_key), - uint8_t, Eurydice_slice), + libcrux_ml_kem_types_as_slice_cb_6f(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_avx2_G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, - Eurydice_slice); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_8e(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_41(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_ca(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4841,14 +4729,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_44( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_c7( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_93(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_e6(uu____0, copy_of_randomness); } /** @@ -4866,7 +4754,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_44( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_c7( uu____0, copy_of_randomness); } @@ -4889,27 +4777,24 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_09( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_2f( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_avx2_G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; @@ -4920,17 +4805,17 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_09( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, - uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4964,7 +4849,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_dd( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_5d( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -4972,7 +4857,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_dd( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_09(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_2f(uu____0, copy_of_randomness); } @@ -4993,23 +4878,10 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_dd( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_5d( uu____0, copy_of_randomness); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; -} tuple_9b0; - /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5018,8 +4890,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_66(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_dc(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -5029,7 +4901,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_42( +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_c8( __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5047,14 +4919,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_06( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_42( + libcrux_ml_kem_vector_traits_to_standard_domain_c8( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, @@ -5072,22 +4944,21 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_58( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; @@ -5095,20 +4966,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_89_44(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_06( &result[i1], &error_as_ntt[i1]); } memcpy( @@ -5116,134 +4986,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_a2(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(copy_of_prf_input, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_f0(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - /** A monomorphic instance of libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types @@ -5252,24 +4994,21 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_aa( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } @@ -5285,7 +5024,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_79( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5293,22 +5032,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_aa(&re, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } @@ -5325,23 +5061,20 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d0( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_5a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_79(t_as_ntt, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice_copy(Eurydice_array_to_subslice_from( - (size_t)1184U, public_key_serialized, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - seed_for_a, uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -5358,19 +5091,54 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; +libcrux_ml_kem_ind_cpa_generate_keypair_93(Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_e1(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_ac(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( + copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(copy_of_prf_input, + domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e_58(A_transpose, secret_as_ntt, + error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( - pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, - Eurydice_slice), + libcrux_ml_kem_ind_cpa_serialize_public_key_5a( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_79(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5399,7 +5167,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_8e( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5409,40 +5177,35 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( size_t uu____2 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65(public_key, ret0); + libcrux_ml_kem_hash_functions_avx2_H_a9_a1(public_key, ret0); Eurydice_slice_copy( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy(Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -5468,33 +5231,37 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_36(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_0d(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_e1(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_93(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_8e( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_22_a7(secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____1 = private_key; - return libcrux_ml_kem_types_from_17_d5( - uu____1, libcrux_ml_kem_types_from_c7_14(public_key)); + libcrux_ml_kem_types_from_05_db(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_12( + uu____2, libcrux_ml_kem_types_from_b6_8e(copy_of_public_key)); } /** @@ -5513,12 +5280,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_f5( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_15( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_36(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_0d(copy_of_randomness); } /** @@ -5530,10 +5297,150 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_f5( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_15( copy_of_randomness); } +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] + +*/ +typedef struct tuple_9b0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; +} tuple_9b0; + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_2a( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_e1(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_ac(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( + copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(copy_of_prf_input, + domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e_58(A_transpose, secret_as_ntt, + error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; + memcpy( + pk.t_as_ntt, copy_of_t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; + memcpy( + sk.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure.closure with types @@ -5549,8 +5456,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_1d(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_68(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -5567,10 +5474,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_a2( +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_d1( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } } @@ -5586,7 +5493,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_d5_7c( +libcrux_ml_kem_polynomial_clone_d5_f5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5610,16 +5517,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_30(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( + size_t); + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_2a( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; @@ -5627,14 +5533,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b1(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_a2(i, A[i]); + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_d1(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_7c(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_f5(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5646,20 +5552,19 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b1(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + libcrux_ml_kem_ind_cpa_serialize_public_key_5a( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + libcrux_ml_kem_hash_functions_avx2_H_a9_a1( + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; @@ -5702,12 +5607,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_56( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_4f( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b1( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_30( copy_of_randomness); } @@ -5721,7 +5626,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_56( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_4f( copy_of_randomness); } @@ -5737,28 +5642,25 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_d7( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_a4( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_ea(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_77(ciphertext), - uint8_t, Eurydice_slice), + libcrux_ml_kem_types_as_slice_d4_b6(ciphertext), + uint8_t), ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), - ret1); + libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( + Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -5785,12 +5687,11 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_130( +static inline void libcrux_ml_kem_ind_cca_decapsulate_330( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -5804,61 +5705,57 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_130( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_3b(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_76(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_avx2_G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_16(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_8e(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_e0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_d7( + libcrux_ml_kem_ind_cca_kdf_6c_a4( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), + uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_d7(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_6c_a4(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_16(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5888,10 +5785,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_e4( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_b0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_130(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_330(private_key, ciphertext, ret); } /** @@ -5905,7 +5802,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_e4( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_b0( private_key, ciphertext, ret); } @@ -5920,9 +5817,9 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_13( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_0d( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H_a9_65(randomness, ret); + libcrux_ml_kem_hash_functions_avx2_H_a9_a1(randomness, ret); } /** @@ -5945,57 +5842,50 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_930( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e60( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_13( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_0d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_c2(public_key), - uint8_t, Eurydice_slice), + libcrux_ml_kem_types_as_slice_cb_6f(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_avx2_G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, - Eurydice_slice); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_8e(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_d7(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_a4(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6030,14 +5920,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_d3( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_89( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_930(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_e60(uu____0, copy_of_randomness); } /** @@ -6055,7 +5945,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_d3( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_89( uu____0, copy_of_randomness); } @@ -6068,9 +5958,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cc0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c10( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -6088,15 +5978,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f20( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a80( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6104,9 +5994,9 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f20( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c5( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_71( ring_element); deserialized_pk[i0] = uu____0; } @@ -6124,19 +6014,19 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_77( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_f9( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f20( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a80( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + libcrux_ml_kem_ind_cpa_serialize_public_key_5a( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -6155,9 +6045,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_35( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_9d( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_77(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_f9(public_key); } /** @@ -6169,7 +6059,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_35( + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_9d( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 90c129eb6..751241b38 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Libcrux: b1d4135b68cb8c89ceb03c1a5829a6eb04a5309a */ #ifndef __libcrux_mlkem768_portable_H @@ -32,8 +32,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -41,8 +40,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -54,8 +52,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -63,8 +60,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -136,10 +132,8 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( int16_t ret[16U]; Result_c0 dst; Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); + &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), + Eurydice_slice, int16_t[16U]); unwrap_41_f9(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; @@ -170,68 +164,64 @@ typedef struct uint8_t_x11_s { static KRML_MUSTINLINE uint8_t_x11 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r0 = (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)31) << 3U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r3 = + (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 2U & + (int16_t)255); uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)127) << 1U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 10U); uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 7U); uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)1) << 7U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); + uint8_t r7 = + (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) >> 1U & + (int16_t)255); uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 9U); uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)7) << 5U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); + uint8_t r10 = + (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) >> 3U); return (CLITERAL(uint8_t_x11){.fst = r0, .snd = r1, .thd = r2, @@ -250,12 +240,11 @@ libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[22U]) { uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x11 r11_21 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[22U] = {0U}; result[0U] = r0_10.fst; result[1U] = r0_10.snd; @@ -306,66 +295,56 @@ typedef struct int16_t_x8_s { static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 3U; + int16_t r2 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 6U; + int16_t r3 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) >> + 1U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) >> + 4U; + int16_t r5 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 7U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 2U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) >> + 5U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -401,12 +380,10 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) { static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1659,20 +1636,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { libcrux_ml_kem_vector_portable_vector_type_zero(); for (size_t i = (size_t)0U; i < (size_t)8U; i++) { size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + (uint32_t)i0 & + 1U); } for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); } return result; } @@ -1695,26 +1670,26 @@ typedef struct uint8_t_x4_s { static KRML_MUSTINLINE uint8_t_x4 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); + uint8_t result0 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *); + uint8_t result1 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *); + uint8_t result2 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *); + uint8_t result3 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *); return (CLITERAL(uint8_t_x4){ .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } @@ -1726,11 +1701,11 @@ libcrux_ml_kem_vector_portable_serialize_serialize_4( uint8_t_x4 result0_3 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t_x4 result4_7 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[8U] = {0U}; result[0U] = result0_3.fst; result[1U] = result0_3.snd; @@ -1756,32 +1731,32 @@ static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 4U & 15U); return (CLITERAL(int16_t_x8){.fst = v0, @@ -1797,11 +1772,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1843,40 +1816,24 @@ typedef struct uint8_t_x5_s { static KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) << 5U); uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) << 7U); uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) << 4U); uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) >> 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) << 6U); uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) >> 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) << 3U); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1886,11 +1843,10 @@ libcrux_ml_kem_vector_portable_serialize_serialize_5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[10U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t)); uint8_t result[10U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1918,44 +1874,44 @@ static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 2U & 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U) << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 1U & 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) & 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) >> 3U); return (CLITERAL(int16_t_x8){.fst = v0, .snd = v1, @@ -1970,11 +1926,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -2007,37 +1961,36 @@ libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { static KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U & (int16_t)3); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U & (int16_t)15); uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U & (int16_t)63); - uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U & + (int16_t)255); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -2047,17 +2000,15 @@ libcrux_ml_kem_vector_portable_serialize_serialize_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[20U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t)); uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, + int16_t)); uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, + int16_t)); uint8_t result[20U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -2095,60 +2046,52 @@ static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 2U; + int16_t r2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 4U; + int16_t r3 = + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >> + 6U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r5 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 2U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) >> + 4U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 6U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -2162,12 +2105,10 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -2206,20 +2147,17 @@ typedef struct uint8_t_x3_s { static KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) >> - 8U | - (Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U); - uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 4U & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); + uint8_t r1 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U | + (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & + (int16_t)15) + << 4U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U & + (int16_t)255); return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); } @@ -2228,29 +2166,25 @@ libcrux_ml_kem_vector_portable_serialize_serialize_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[24U]) { uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t)); uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t)); uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t)); uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t)); uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, + int16_t)); uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, + int16_t)); uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, + int16_t)); uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, + int16_t)); uint8_t result[24U] = {0U}; result[0U] = r0_2.fst; result[1U] = r0_2.snd; @@ -2297,12 +2231,12 @@ typedef struct int16_t_x2_s { static KRML_MUSTINLINE int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice bytes) { - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); + int16_t byte0 = + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t byte1 = + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *); + int16_t byte2 = + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *); int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); @@ -2311,32 +2245,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t)); int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t)); int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t)); int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t)); int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t)); int16_t_x2 v10_11 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t)); int16_t_x2 v12_13 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t)); int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector re = libcrux_ml_kem_vector_portable_vector_type_zero(); re.elements[0U] = v0_1.fst; @@ -2371,15 +2297,15 @@ static KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(a, uint8_t, size_t) / (size_t)3U; i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(a, uint8_t) / (size_t)3U; + i++) { size_t i0 = i; int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; bool uu____0; @@ -2391,7 +2317,7 @@ libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, int16_t uu____6; if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1; sampled++; uu____1 = d2; uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -2402,8 +2328,7 @@ libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2420,8 +2345,7 @@ libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2522,7 +2446,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_89_39(void) { +libcrux_ml_kem_polynomial_ZERO_89_8d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2550,8 +2474,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_77(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_7b(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -2561,16 +2485,15 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_5f( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); re.coefficients[i0] = uu____0; @@ -2587,15 +2510,15 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_3e( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_57( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2603,9 +2526,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_3e( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_5f( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2633,8 +2556,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_b8(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_1a(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -2644,7 +2567,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_05( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2669,9 +2592,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_83( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_05( v); } @@ -2682,20 +2605,19 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_5e( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_ce( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)20U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_83( coefficient); re.coefficients[i0] = uu____0; } @@ -2709,7 +2631,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_050( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2734,9 +2656,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_830( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_050( v); } @@ -2747,20 +2669,19 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_51( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_41( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)22U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_830( coefficient); re.coefficients[i0] = uu____0; } @@ -2774,9 +2695,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_70( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_be( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_5e(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_ce(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2791,7 +2712,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2805,12 +2726,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2824,7 +2745,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2837,7 +2758,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2854,7 +2775,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_34( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_a6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2874,7 +2795,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_23( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2896,7 +2817,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_43( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2926,7 +2847,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2944,21 +2865,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_48( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_64( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_a6(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_23(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_43(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_61(re); } /** @@ -2974,17 +2895,17 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0d( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0e( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1088U, ciphertext, - uint8_t, Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -2997,11 +2918,11 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0d( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); + uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_70( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_be( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_48(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_64(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3015,7 +2936,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_051( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3040,9 +2961,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_831( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_051( v); } @@ -3053,20 +2974,19 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_f8( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_b3( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)8U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_831( coefficient); re.coefficients[i0] = uu____0; } @@ -3080,7 +3000,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_052( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3105,9 +3025,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_832( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_052( v); } @@ -3118,20 +3038,19 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_5e( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_e8( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)10U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_832( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3145,9 +3064,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ce( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a4( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_f8(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_b3(serialized); } /** @@ -3188,11 +3107,11 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_89_d5( +libcrux_ml_kem_polynomial_ntt_multiply_89_17( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3229,17 +3148,15 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_93( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -3255,7 +3172,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_d1( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_46( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3281,7 +3198,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ac( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3303,7 +3220,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_63( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_17( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3325,7 +3242,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_6f( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_d9( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3333,7 +3250,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3346,7 +3263,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3361,7 +3278,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_6f( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_d9( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3378,22 +3295,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_95( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_d1(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ac(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_63(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_46(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_17(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_61(re); } /** @@ -3407,7 +3324,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_7f( +libcrux_ml_kem_polynomial_subtract_reduce_89_66( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3439,21 +3356,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_5f( +libcrux_ml_kem_matrix_compute_message_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_7f(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_95(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_66(v, result); return result; } @@ -3463,7 +3380,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_68( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3483,9 +3400,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_4b( +libcrux_ml_kem_vector_portable_shift_right_0d_f2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_68(v); } /** @@ -3495,10 +3412,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_78( +libcrux_ml_kem_vector_traits_to_unsigned_representative_57( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_4b(a); + libcrux_ml_kem_vector_portable_shift_right_0d_f2(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3512,13 +3429,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_6a( +libcrux_ml_kem_serialize_compress_then_serialize_message_04( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_traits_to_unsigned_representative_57( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3527,12 +3444,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_6a( libcrux_ml_kem_vector_portable_serialize_1_0d(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } @@ -3571,21 +3485,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_7d( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_71( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0d(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0e(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ce( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a4( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_5f(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_b5(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_6a(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_04(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3599,11 +3512,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_cc(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_87(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_3e(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_57(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3615,7 +3528,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_cc(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_7d(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_71(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3629,7 +3542,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_b6( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_e4( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -3639,12 +3552,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_2b( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -3658,9 +3570,9 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_04( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_3a(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_2b(input, ret); } /** @@ -3671,9 +3583,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_ad( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_45( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -3689,16 +3601,15 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b8( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e1( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -3722,15 +3633,15 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -3738,9 +3649,9 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b8( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e1( ring_element); deserialized_pk[i0] = uu____0; } @@ -3757,8 +3668,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_25(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_2a(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -3768,10 +3679,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_e8( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_08( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } } @@ -3790,7 +3701,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_75( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_b7( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3799,8 +3710,8 @@ libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_75( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], - uint8_t, Eurydice_slice)); + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t)); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; @@ -3823,12 +3734,12 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_11( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_8c( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_75( + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_b7( copy_of_input); } @@ -3839,7 +3750,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_10( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_ca( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; @@ -3847,8 +3758,7 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_10( size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t)); } memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } @@ -3864,10 +3774,10 @@ const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_4e( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_69( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_10(self, + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_ca(self, ret); } @@ -3920,7 +3830,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_2c( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3929,14 +3839,13 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, + r * (size_t)24U + (size_t)24U, uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } @@ -3963,7 +3872,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_ed( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_dd( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; @@ -3971,8 +3880,7 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_ed( size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_next_block( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t)); } memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } @@ -3988,10 +3896,10 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_c1( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_60( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_ed(self, ret); + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_dd(self, ret); } /** @@ -4043,7 +3951,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_2c0( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -4052,14 +3960,13 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, + r * (size_t)24U + (size_t)24U, uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } @@ -4090,17 +3997,16 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_89_ca(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_from_i16_array_0d( Eurydice_slice_subslice2(a, i0 * (size_t)16U, - (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + (i0 + (size_t)1U) * (size_t)16U, int16_t)); result.coefficients[i0] = uu____0; } return result; @@ -4114,10 +4020,9 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_99(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_6b( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, - Eurydice_slice)); +libcrux_ml_kem_sampling_sample_from_xof_closure_2f(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_ca( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -4127,7 +4032,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_d4( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -4136,28 +4041,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_11( + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_8c( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_4e( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_69( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_2c( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_c1( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_60( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_2c0( copy_of_randomness, sampled_coefficients, out); } } @@ -4167,7 +4072,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_99(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_2f(copy_of_out[i]); } memcpy( ret, ret0, @@ -4181,12 +4086,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_05( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_e8(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_08(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -4206,14 +4111,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_2b(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_d4(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -4263,8 +4167,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_56(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_71(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -4273,15 +4177,14 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_1d( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_c5( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t)); } memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } @@ -4296,9 +4199,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_1d(input, ret); + libcrux_ml_kem_hash_functions_portable_PRFxN_c5(input, ret); } /** @@ -4357,27 +4260,26 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_52( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -4393,8 +4295,8 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return libcrux_ml_kem_polynomial_from_i16_array_89_ca( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -4404,24 +4306,23 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_b0( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -4439,8 +4340,8 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return libcrux_ml_kem_polynomial_from_i16_array_89_ca( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -4450,9 +4351,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_52( randomness); } @@ -4462,7 +4363,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_09( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4485,20 +4386,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_28( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_13(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_09(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_a6(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_23(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_43(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_61(re); } /** @@ -4515,11 +4416,11 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4534,14 +4435,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]); + libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_28(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; @@ -4566,8 +4466,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_de(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_d0(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -4583,11 +4483,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_76(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4602,13 +4502,12 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_76(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); + libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } /* Passing arrays by value in Rust generates a copy in C */ @@ -4629,12 +4528,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_2b0( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -4648,9 +4546,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_040( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_3a0(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_2b0(input, ret); } /** @@ -4660,8 +4558,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_ce(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_compute_vector_u_closure_ca(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -4674,7 +4572,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_6b( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_c3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4701,22 +4599,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a7( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_22( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; @@ -4724,19 +4621,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a7( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_89_17(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_6b(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_95(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_c3(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4750,7 +4646,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_f3( +libcrux_ml_kem_vector_traits_decompress_1_b3( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4765,10 +4661,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_a7( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_6c( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4776,9 +4672,9 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_a7( libcrux_ml_kem_vector_portable_deserialize_1_0d( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_f3(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_b3(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4795,7 +4691,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_4e( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4828,22 +4724,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_9d( +libcrux_ml_kem_matrix_compute_ring_element_v_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_4e( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_95(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_a1( error_2, message, result); return result; } @@ -4854,7 +4750,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be( +libcrux_ml_kem_vector_portable_compress_compress_13( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4877,9 +4773,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_31( +libcrux_ml_kem_vector_portable_compress_0d_99( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be(v); + return libcrux_ml_kem_vector_portable_compress_compress_13(v); } /** @@ -4889,25 +4785,22 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_19( +libcrux_ml_kem_serialize_compress_then_serialize_10_c9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_31( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_99( + libcrux_ml_kem_vector_traits_to_unsigned_representative_57( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -4918,7 +4811,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be0( +libcrux_ml_kem_vector_portable_compress_compress_130( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4941,9 +4834,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_310( +libcrux_ml_kem_vector_portable_compress_0d_990( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be0(v); + return libcrux_ml_kem_vector_portable_compress_compress_130(v); } /** @@ -4953,25 +4846,22 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_56( +libcrux_ml_kem_serialize_compress_then_serialize_11_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_310( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_990( + libcrux_ml_kem_vector_traits_to_unsigned_representative_57( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -4984,10 +4874,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_97( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_54( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_19(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_c9(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -5003,30 +4893,26 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3d( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_62( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_97(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_54(&re, ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -5036,7 +4922,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be1( +libcrux_ml_kem_vector_portable_compress_compress_131( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5059,9 +4945,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_311( +libcrux_ml_kem_vector_portable_compress_0d_991( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be1(v); + return libcrux_ml_kem_vector_portable_compress_compress_131(v); } /** @@ -5071,24 +4957,22 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_07( +libcrux_ml_kem_serialize_compress_then_serialize_4_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_311( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_991( + libcrux_ml_kem_vector_traits_to_unsigned_representative_57( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -5098,7 +4982,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be2( +libcrux_ml_kem_vector_portable_compress_compress_132( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5121,9 +5005,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_312( +libcrux_ml_kem_vector_portable_compress_0d_992( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be2(v); + return libcrux_ml_kem_vector_portable_compress_compress_132(v); } /** @@ -5133,24 +5017,22 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_00( +libcrux_ml_kem_serialize_compress_then_serialize_5_06( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_312( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_992( + libcrux_ml_kem_vector_traits_to_unsigned_representative_57( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -5162,9 +5044,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_a0( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_07(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_f6(re, out); } /** @@ -5226,15 +5108,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_61( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_09( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -5244,7 +5126,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_61( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_76( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5253,38 +5135,35 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_61( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_040( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_a7(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_22(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_a7( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_6c( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_9d( + libcrux_ml_kem_matrix_compute_ring_element_v_ba( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3d( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_62( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_a0( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_20( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -5306,24 +5185,23 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_12(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_dd(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_23(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_05(ret0, false, A); uint8_t seed_for_A[32U]; Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; @@ -5354,7 +5232,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_12(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_61(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_09(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -5370,13 +5248,12 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_0a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_6d( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -5402,12 +5279,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_5a( +static inline void libcrux_ml_kem_ind_cca_decapsulate_b5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -5421,61 +5297,57 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_5a( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_cc(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_87(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_16(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_12(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_dd(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_0a( + libcrux_ml_kem_ind_cca_kdf_43_6d( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), + uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_0a(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_43_6d(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_16(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5504,10 +5376,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8e( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_08( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_5a(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b5(private_key, ciphertext, ret); } /** @@ -5520,7 +5392,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8e( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8e( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_08( private_key, ciphertext, ret); } @@ -5580,48 +5452,45 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_89( +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0a( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_7d( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_71( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); + uint8_t, size_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + libcrux_ml_kem_utils_into_padded_array_ea0( + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_16(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -5629,18 +5498,17 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_89( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_61( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_09( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_16(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5670,10 +5538,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4a( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4b( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_89(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_0a(key_pair, ciphertext, ret); } /** @@ -5686,7 +5554,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4a( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4a( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4b( private_key, ciphertext, ret); } @@ -5700,12 +5568,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_d4( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ff( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -5718,7 +5585,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_2e( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5742,57 +5609,50 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_78( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_d4( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + libcrux_ml_kem_ind_cca_entropy_preprocess_43_ff( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_c2(public_key), - uint8_t, Eurydice_slice), + libcrux_ml_kem_types_as_slice_cb_6f(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, - Eurydice_slice); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_12(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_dd(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_0a(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_6d(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5823,14 +5683,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_2d( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_fc( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_78(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_41(uu____0, copy_of_randomness); } /** @@ -5847,7 +5707,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_2d( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_fc( uu____0, copy_of_randomness); } @@ -5870,27 +5730,24 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_d6( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; @@ -5901,17 +5758,17 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_d6( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_61(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_09(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, - uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5944,7 +5801,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_69( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_d4( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -5952,7 +5809,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_69( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_d6(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e(uu____0, copy_of_randomness); } @@ -5972,23 +5829,10 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_69( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_d4( uu____0, copy_of_randomness); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]] - -*/ -typedef struct tuple_9b_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 snd; -} tuple_9b; - /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5996,8 +5840,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_ab(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_bd(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -6007,7 +5851,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_3e( +libcrux_ml_kem_vector_traits_to_standard_domain_a8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -6024,7 +5868,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_22( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -6032,7 +5876,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_3e( + libcrux_ml_kem_vector_traits_to_standard_domain_a8( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -6051,22 +5895,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_cb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; @@ -6074,20 +5917,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_89_17(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_22( &result[i1], &error_as_ntt[i1]); } memcpy( @@ -6095,134 +5937,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_23(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(copy_of_prf_input, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_da(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); -} - /** A monomorphic instance of libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types @@ -6230,24 +5944,21 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_traits_to_unsigned_representative_57( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } @@ -6262,7 +5973,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_87( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -6270,22 +5981,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_3a(&re, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } @@ -6301,23 +6009,20 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_80( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_04( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_87(t_as_ntt, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice_copy(Eurydice_array_to_subslice_from( - (size_t)1184U, public_key_serialized, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - seed_for_a, uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -6334,19 +6039,54 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_ec(Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; +libcrux_ml_kem_ind_cpa_generate_keypair_6e(Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable_G_f1_e4(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_05(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7( + copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7(copy_of_prf_input, + domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e_cb(A_transpose, secret_as_ntt, + error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( - pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, - Eurydice_slice), + libcrux_ml_kem_ind_cpa_serialize_public_key_04( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_87(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6374,7 +6114,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_4c( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -6384,40 +6124,35 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( size_t uu____2 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e(public_key, ret0); + libcrux_ml_kem_hash_functions_portable_H_f1_1a(public_key, ret0); Eurydice_slice_copy( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy(Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -6443,33 +6178,37 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d7(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f9(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_ec(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_6e(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_4c( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_22_a7(secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____1 = private_key; - return libcrux_ml_kem_types_from_17_d5( - uu____1, libcrux_ml_kem_types_from_c7_14(public_key)); + libcrux_ml_kem_types_from_05_db(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_12( + uu____2, libcrux_ml_kem_types_from_b6_8e(copy_of_public_key)); } /** @@ -6488,12 +6227,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_45( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_c1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_d7(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f9(copy_of_randomness); } /** @@ -6504,10 +6243,150 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_45( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_c1( copy_of_randomness); } +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]] + +*/ +typedef struct tuple_9b_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 snd; +} tuple_9b; + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_95( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable_G_f1_e4(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_05(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7( + copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7(copy_of_prf_input, + domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e_cb(A_transpose, secret_as_ntt, + error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; + memcpy( + pk.t_as_ntt, copy_of_t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; + memcpy( + sk.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure.closure with types @@ -6523,8 +6402,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_24(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_4e(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -6541,10 +6420,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_e6( +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_ef( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } } @@ -6559,7 +6438,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_d5_88( +libcrux_ml_kem_polynomial_clone_d5_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6586,16 +6465,15 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_89(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_62(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( + size_t); + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_95( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -6603,14 +6481,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_89(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_e6(i, A[i]); + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_ef(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_88(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_60(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6622,20 +6500,19 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_89(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( + libcrux_ml_kem_ind_cpa_serialize_public_key_04( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + libcrux_ml_kem_hash_functions_portable_H_f1_1a( + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; @@ -6677,12 +6554,12 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_59( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_20( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_89( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_62( copy_of_randomness); } @@ -6695,7 +6572,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_59( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_20( copy_of_randomness); } @@ -6710,28 +6587,25 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_cd( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_57( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_ea(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_77(ciphertext), - uint8_t, Eurydice_slice), + libcrux_ml_kem_types_as_slice_d4_b6(ciphertext), + uint8_t), ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( - Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), - ret1); + libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( + Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -6757,12 +6631,11 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_5a0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_b50( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -6776,61 +6649,57 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_5a0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_cc(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_87(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_16(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_12(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_dd(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_cd( + libcrux_ml_kem_ind_cca_kdf_6c_57( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), + uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_cd(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_6c_57(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_16(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6860,10 +6729,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_e6( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_d4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_5a0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b50(private_key, ciphertext, ret); } /** @@ -6876,7 +6745,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_e6( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_e6( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_d4( private_key, ciphertext, ret); } @@ -6890,9 +6759,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_a8( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_2e(randomness, ret); + libcrux_ml_kem_hash_functions_portable_H_f1_1a(randomness, ret); } /** @@ -6914,57 +6783,50 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_780( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_410( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_a8( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_c2(public_key), - uint8_t, Eurydice_slice), + libcrux_ml_kem_types_as_slice_cb_6f(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, - Eurydice_slice); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_12(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_dd(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_cd(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_57(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6999,14 +6861,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_64( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_48( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_780(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_410(uu____0, copy_of_randomness); } /** @@ -7023,7 +6885,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_64( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_48( uu____0, copy_of_randomness); } @@ -7035,9 +6897,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_ad0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_450( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -7054,15 +6916,15 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7070,9 +6932,9 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f0( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b8( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e1( ring_element); deserialized_pk[i0] = uu____0; } @@ -7089,19 +6951,19 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_3f( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_c2( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f0( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( + libcrux_ml_kem_ind_cpa_serialize_public_key_04( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -7119,9 +6981,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_24( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_9d( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_3f(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_c2(public_key); } /** @@ -7132,7 +6994,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_24( static inline Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_24( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_9d( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 1f7c19dfa..b99183fea 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Libcrux: b1d4135b68cb8c89ceb03c1a5829a6eb04a5309a */ #ifndef __libcrux_sha3_avx2_H @@ -131,14 +131,10 @@ static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2_xor_ef(__m256i a, KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_4( Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, - Eurydice_slice); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t); } /** @@ -226,7 +222,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -libcrux_sha3_generic_keccak_new_1e_16(void) { +libcrux_sha3_generic_keccak_new_1e_bf(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); @@ -266,22 +262,18 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( __m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - __m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + __m256i v00 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v10 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v20 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v30 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); @@ -319,34 +311,30 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( size_t rem = (size_t)136U % (size_t)32U; size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); @@ -355,34 +343,30 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice)); @@ -401,10 +385,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_65( __m256i (*a)[5U], Eurydice_slice b[4U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ @@ -1438,7 +1422,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_74( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i c[5U] = {libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], @@ -1530,7 +1514,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_01( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_35( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1567,7 +1551,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_9b( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_09( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1589,7 +1573,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_5b( libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1602,14 +1586,14 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_07( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_f8( libcrux_sha3_generic_keccak_KeccakState_29 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_71(s); - libcrux_sha3_generic_keccak_pi_01(s); - libcrux_sha3_generic_keccak_chi_9b(s); - libcrux_sha3_generic_keccak_iota_09(s, i0); + libcrux_sha3_generic_keccak_theta_rho_74(s); + libcrux_sha3_generic_keccak_pi_35(s); + libcrux_sha3_generic_keccak_chi_09(s); + libcrux_sha3_generic_keccak_iota_5b(s, i0); } } @@ -1621,13 +1605,13 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_37( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_1d( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_ef_6a(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_load_block_ef_65(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_f8(s); } /** @@ -1638,14 +1622,11 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_91( __m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; libcrux_sha3_simd_avx2_load_block_c7(s, buf); } @@ -1656,10 +1637,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_e9( __m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ @@ -1677,16 +1658,16 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_d9( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -1696,8 +1677,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_05(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_load_block_full_ef_e9(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_f8(s); } /** @@ -1742,23 +1723,19 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)136U % (size_t)32U; @@ -1767,32 +1744,31 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, - uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -1800,40 +1776,31 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } @@ -1850,10 +1817,10 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( uint8_t out2[200U] = {0U}; uint8_t out3[200U] = {0U}; Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out0, uint8_t), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; libcrux_sha3_simd_avx2_store_block_e9(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; @@ -1879,10 +1846,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_99( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_43( __m256i (*a)[5U], uint8_t ret[4U][200U]) { libcrux_sha3_simd_avx2_store_block_full_0b(a, ret); } @@ -1896,22 +1863,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_a4( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c54( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_99(s->st, b); + libcrux_sha3_simd_avx2_store_block_full_ef_43(s->st, b); for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1922,10 +1889,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f6( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_58( __m256i (*a)[5U], Eurydice_slice b[4U]) { libcrux_sha3_simd_avx2_store_block_e9(a, b); } @@ -1938,9 +1905,9 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e9( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_9b( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); + libcrux_sha3_simd_avx2_store_block_ef_58(s->st, out); } /** @@ -1951,10 +1918,10 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_b4( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(s); - libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_f8(s); + libcrux_sha3_simd_avx2_store_block_ef_58(s->st, out); } /** @@ -1965,23 +1932,23 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_77( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_74( libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(&s); + libcrux_sha3_generic_keccak_keccakf1600_f8(&s); uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_99(s.st, b); + libcrux_sha3_simd_avx2_store_block_full_ef_43(s.st, b); for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1994,12 +1961,12 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_4f( Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_1e_16(); + libcrux_sha3_generic_keccak_new_1e_bf(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2008,23 +1975,22 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_37(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_1d(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[4U]; memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_d9(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_a4(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c54(&s, out); } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)136U); @@ -2032,7 +1998,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e9(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_9b(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2050,12 +2016,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_b4(&s, o); memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_77(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_74(s, o1); } } } @@ -2070,7 +2036,7 @@ static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_keccak_14(buf0, buf); + libcrux_sha3_generic_keccak_keccak_4f(buf0, buf); } typedef libcrux_sha3_generic_keccak_KeccakState_29 @@ -2082,7 +2048,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_29 KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return libcrux_sha3_generic_keccak_new_1e_16(); + return libcrux_sha3_generic_keccak_new_1e_bf(); } /** @@ -2095,22 +2061,18 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( __m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - __m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + __m256i v00 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v10 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v20 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v30 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); @@ -2148,34 +2110,30 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( size_t rem = (size_t)168U % (size_t)32U; size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); @@ -2184,34 +2142,30 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice)); @@ -2231,14 +2185,11 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_910( __m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; libcrux_sha3_simd_avx2_load_block_c70(s, buf); } @@ -2249,10 +2200,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_e90( __m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ @@ -2270,16 +2221,16 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_d90( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -2289,8 +2240,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_050(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_load_block_full_ef_e90(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_f8(s); } /** @@ -2302,7 +2253,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e0(s, buf); + libcrux_sha3_generic_keccak_absorb_final_d90(s, buf); } /** @@ -2347,23 +2298,19 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)168U % (size_t)32U; @@ -2372,32 +2319,31 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, - uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -2405,40 +2351,31 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } @@ -2449,10 +2386,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f60( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_580( __m256i (*a)[5U], Eurydice_slice b[4U]) { libcrux_sha3_simd_avx2_store_block_e90(a, b); } @@ -2465,10 +2402,10 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_b40( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(s); - libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_f8(s); + libcrux_sha3_simd_avx2_store_block_ef_580(s->st, out); } /** @@ -2480,7 +2417,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, buf); } /** @@ -2491,9 +2428,9 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e90( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_9b0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); + libcrux_sha3_simd_avx2_store_block_ef_580(s->st, out); } /** @@ -2505,7 +2442,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2513,15 +2450,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_9b0(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o2); } /** @@ -2533,7 +2470,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(s, buf); } /** @@ -2545,7 +2482,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_69( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2553,29 +2490,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_9b0(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o1); Eurydice_slice_uint8_t_4size_t__x2 uu____2 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o2); Eurydice_slice_uint8_t_4size_t__x2 uu____3 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o4); } /** @@ -2587,7 +2524,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_69(s, buf); } /** @@ -2599,7 +2536,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); + libcrux_sha3_generic_keccak_absorb_final_d9(s, buf); } /** @@ -2611,7 +2548,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_block_e9(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_9b(s, buf); } /** @@ -2623,7 +2560,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_1c(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_b4(s, buf); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 68c9b12fa..933b72278 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Libcrux: b1d4135b68cb8c89ceb03c1a5829a6eb04a5309a */ #ifndef __libcrux_sha3_portable_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_cb(b); } /** @@ -137,8 +137,7 @@ libcrux_sha3_portable_keccak_xor_5a(uint64_t a, uint64_t b) { static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_1( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); } /** @@ -202,7 +201,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_1e_f4(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -237,7 +236,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -246,9 +245,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -264,15 +262,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b8( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_2c(uu____0, copy_of_b); } /** @@ -282,7 +280,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -293,9 +291,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_42(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb0(ab); } /** @@ -309,8 +307,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_42(a, b); } /** @@ -320,7 +318,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -331,9 +329,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_420(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb1(ab); } /** @@ -347,8 +345,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_420(a, b); } /** @@ -358,7 +356,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -369,9 +367,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_421(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb2(ab); } /** @@ -385,8 +383,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_421(a, b); } /** @@ -396,7 +394,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -407,9 +405,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_422(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb3(ab); } /** @@ -423,8 +421,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_422(a, b); } /** @@ -434,9 +432,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_423(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb(ab); } /** @@ -450,8 +448,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_423(a, b); } /** @@ -461,7 +459,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -472,9 +470,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_424(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb4(ab); } /** @@ -488,8 +486,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_424(a, b); } /** @@ -499,7 +497,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -510,9 +508,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_425(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb5(ab); } /** @@ -526,8 +524,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_425(a, b); } /** @@ -537,7 +535,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -548,9 +546,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_426(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb6(ab); } /** @@ -564,8 +562,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_426(a, b); } /** @@ -575,7 +573,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -586,9 +584,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_427(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb7(ab); } /** @@ -602,8 +600,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_427(a, b); } /** @@ -613,7 +611,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -624,9 +622,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_428(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb8(ab); } /** @@ -640,8 +638,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_428(a, b); } /** @@ -651,7 +649,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -662,9 +660,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_429(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb9(ab); } /** @@ -678,8 +676,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_429(a, b); } /** @@ -689,7 +687,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -700,9 +698,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4210(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb10(ab); } /** @@ -716,8 +714,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4210(a, b); } /** @@ -727,7 +725,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -738,9 +736,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4211(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb11(ab); } /** @@ -754,8 +752,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4211(a, b); } /** @@ -765,7 +763,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -776,9 +774,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4212(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb12(ab); } /** @@ -792,8 +790,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4212(a, b); } /** @@ -803,7 +801,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -814,9 +812,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4213(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb13(ab); } /** @@ -830,8 +828,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4213(a, b); } /** @@ -841,7 +839,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -852,9 +850,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4214(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb14(ab); } /** @@ -868,8 +866,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4214(a, b); } /** @@ -879,7 +877,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -890,9 +888,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4215(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb15(ab); } /** @@ -906,8 +904,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4215(a, b); } /** @@ -917,7 +915,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -928,9 +926,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4216(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb16(ab); } /** @@ -944,8 +942,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4216(a, b); } /** @@ -955,7 +953,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -966,9 +964,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4217(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb17(ab); } /** @@ -982,8 +980,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4217(a, b); } /** @@ -993,7 +991,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1004,9 +1002,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4218(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb18(ab); } /** @@ -1020,8 +1018,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4218(a, b); } /** @@ -1031,7 +1029,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1042,9 +1040,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4219(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb19(ab); } /** @@ -1058,8 +1056,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4219(a, b); } /** @@ -1069,7 +1067,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1080,9 +1078,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4220(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb20(ab); } /** @@ -1096,8 +1094,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4220(a, b); } /** @@ -1107,7 +1105,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1118,9 +1116,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4221(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb21(ab); } /** @@ -1134,8 +1132,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4221(a, b); } /** @@ -1145,7 +1143,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1156,9 +1154,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4222(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb22(ab); } /** @@ -1172,8 +1170,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4222(a, b); } /** @@ -1182,7 +1180,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_16( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1218,53 +1216,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1274,7 +1272,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_1d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1310,7 +1308,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_12( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1331,7 +1329,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_62( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1343,14 +1341,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_21( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_16(s); + libcrux_sha3_generic_keccak_pi_1d(s); + libcrux_sha3_generic_keccak_chi_12(s); + libcrux_sha3_generic_keccak_iota_62(s, i0); } } @@ -1361,13 +1359,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b8(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1375,11 +1373,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; + libcrux_sha3_portable_keccak_load_block_2c(s, buf); } /** @@ -1389,15 +1387,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_df(uu____0, copy_of_b); } /** @@ -1408,16 +1406,16 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c7( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -1427,8 +1425,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1441,14 +1439,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1457,11 +1452,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_58(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -1476,11 +1471,11 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_29( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d(a, ret); } /** @@ -1491,22 +1486,22 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c5( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_29(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1517,9 +1512,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_59( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_58(a, b); } @@ -1531,9 +1526,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_84( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out); } /** @@ -1543,10 +1538,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out); } /** @@ -1556,23 +1551,23 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_29(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1584,12 +1579,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -1598,23 +1593,22 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)72U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_c7(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c5(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -1622,7 +1616,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_84(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1640,12 +1634,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf(s, o1); } } } @@ -1656,12 +1650,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_e9(copy_of_data, out); } /** @@ -1671,7 +1665,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_ce(buf0, buf); } /** @@ -1679,7 +1673,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c0( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1688,9 +1682,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1706,15 +1699,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b80( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_2c0(uu____0, copy_of_b); } /** @@ -1724,13 +1717,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b80(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1738,11 +1731,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; + libcrux_sha3_portable_keccak_load_block_2c0(s, buf); } /** @@ -1752,15 +1745,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d20( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_df0(uu____0, copy_of_b); } /** @@ -1771,16 +1764,16 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c70( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -1790,8 +1783,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1804,14 +1797,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1820,11 +1810,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_580(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -1839,12 +1829,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_290(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d0(a, ret); } /** @@ -1855,22 +1845,22 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c50( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_290(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1881,9 +1871,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_590( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_580(a, b); } @@ -1895,9 +1885,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_840( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out); } /** @@ -1907,10 +1897,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out); } /** @@ -1920,23 +1910,23 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf0( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_290(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1948,12 +1938,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -1962,23 +1952,22 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_c70(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -1986,7 +1975,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2004,12 +1993,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1); } } } @@ -2020,12 +2009,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_e90(copy_of_data, out); } /** @@ -2035,7 +2024,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_ce0(buf0, buf); } /** @@ -2046,16 +2035,16 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c71( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -2065,8 +2054,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2077,12 +2066,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2091,23 +2080,22 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_c71(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2115,7 +2103,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2133,12 +2121,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1); } } } @@ -2149,12 +2137,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_e91(copy_of_data, out); } /** @@ -2164,7 +2152,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_ce1(buf0, buf); } /** @@ -2261,7 +2249,7 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_f4(); } /** @@ -2269,7 +2257,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c1( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -2278,9 +2266,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2294,11 +2281,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; + libcrux_sha3_portable_keccak_load_block_2c1(s, buf); } /** @@ -2308,15 +2295,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d21( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_df1(uu____0, copy_of_b); } /** @@ -2327,16 +2314,16 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -2346,8 +2333,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d21(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2357,7 +2344,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_722(s, buf); + libcrux_sha3_generic_keccak_absorb_final_c72(s, buf); } /** @@ -2370,14 +2357,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2388,9 +2372,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_591( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_581(a, b); } @@ -2402,10 +2386,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out); } /** @@ -2415,7 +2399,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, buf); } /** @@ -2425,9 +2409,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_841( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out); } /** @@ -2438,7 +2422,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -2446,15 +2430,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_841(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o2); } /** @@ -2464,7 +2448,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc(s, buf); } #define libcrux_sha3_Sha224 0 @@ -2510,7 +2494,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c2( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2519,9 +2503,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2537,15 +2520,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b81( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_2c2(uu____0, copy_of_b); } /** @@ -2555,13 +2538,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b81(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2569,11 +2552,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; + libcrux_sha3_portable_keccak_load_block_2c2(s, buf); } /** @@ -2583,15 +2566,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d22( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_df2(uu____0, copy_of_b); } /** @@ -2602,16 +2585,16 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c73( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -2621,8 +2604,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d22(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2635,14 +2618,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2651,11 +2631,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_582(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -2670,12 +2650,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_291(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d1(a, ret); } /** @@ -2686,22 +2666,22 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c51( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_291(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2712,9 +2692,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_592( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_582(a, b); } @@ -2726,9 +2706,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_842( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out); } /** @@ -2738,10 +2718,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out); } /** @@ -2751,23 +2731,23 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf1( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_291(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2779,12 +2759,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2793,23 +2773,22 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df1(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)144U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_c73(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c51(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2817,7 +2796,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_842(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2835,12 +2814,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf1(s, o1); } } } @@ -2851,12 +2830,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_e92(copy_of_data, out); } /** @@ -2866,7 +2845,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_ce2(buf0, buf); } /** @@ -2874,7 +2853,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -2883,9 +2862,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2901,15 +2879,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b82( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_2c3(uu____0, copy_of_b); } /** @@ -2919,13 +2897,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b82(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2933,11 +2911,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; + libcrux_sha3_portable_keccak_load_block_2c3(s, buf); } /** @@ -2947,15 +2925,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d23( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_df3(uu____0, copy_of_b); } /** @@ -2966,16 +2944,16 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c74( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -2985,8 +2963,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d23(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2999,14 +2977,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -3015,11 +2990,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_583(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -3034,12 +3009,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_292(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d2(a, ret); } /** @@ -3050,22 +3025,22 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c52( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_292(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3076,9 +3051,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_593( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_583(a, b); } @@ -3090,9 +3065,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_843( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out); } /** @@ -3102,10 +3077,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out); } /** @@ -3115,23 +3090,23 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf2( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_292(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3143,12 +3118,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -3157,23 +3132,22 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df2(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)104U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_c74(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c52(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -3181,7 +3155,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_843(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3199,12 +3173,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc3(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf2(s, o1); } } } @@ -3215,12 +3189,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_e93(copy_of_data, out); } /** @@ -3230,7 +3204,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); + libcrux_sha3_portable_keccakx1_ce3(buf0, buf); } /** @@ -3250,8 +3224,8 @@ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t), + data); memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } @@ -3269,8 +3243,8 @@ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + data); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -3288,8 +3262,8 @@ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t), + data); memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } @@ -3307,8 +3281,8 @@ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t), + data); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } @@ -3319,15 +3293,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b83( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_2c1(uu____0, copy_of_b); } /** @@ -3337,13 +3311,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b83(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -3351,11 +3325,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_581(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -3370,12 +3344,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_293(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d3(a, ret); } /** @@ -3386,22 +3360,22 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c53( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_293(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3412,23 +3386,23 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf3( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_293(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3440,12 +3414,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -3454,23 +3428,22 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df3(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)168U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_c72(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c53(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3478,7 +3451,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_841(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3496,12 +3469,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf3(s, o1); } } } @@ -3512,12 +3485,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_e94(copy_of_data, out); } /** @@ -3527,7 +3500,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); + libcrux_sha3_portable_keccakx1_ce4(buf0, buf); } /** @@ -3592,7 +3565,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3600,29 +3573,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_841(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o4); } /** @@ -3632,7 +3605,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f(s, buf); } /** @@ -3642,7 +3615,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_721(s, buf); + libcrux_sha3_generic_keccak_absorb_final_c71(s, buf); } /** @@ -3650,7 +3623,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_f4(); } /** @@ -3660,7 +3633,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_840(s, buf); } /** @@ -3670,7 +3643,1176 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_fc0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState +with types uint64_t +with const generics +- $1size_t +- $136size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakXofState_4f_s { + libcrux_sha3_generic_keccak_KeccakState_48 inner; + uint8_t buf[1U][136U]; + size_t buf_len; + bool sponge; +} libcrux_sha3_generic_keccak_KeccakXofState_4f; + +typedef libcrux_sha3_generic_keccak_KeccakXofState_4f + libcrux_sha3_portable_incremental_Shake256Absorb; + +/** + Consume the internal buffer and the required amount of the input to pad to + `RATE`. + + Returns the `consumed` bytes from `inputs` if there's enough buffered + content to consume, and `0` otherwise. + If `consumed > 0` is returned, `self.buf` contains a full block to be + loaded. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b0( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice inputs[1U]) { + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); + size_t consumed = (size_t)0U; + if (self->buf_len > (size_t)0U) { + if (self->buf_len + input_len >= (size_t)136U) { + consumed = (size_t)136U - self->buf_len; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)136U, self->buf[i0], self->buf_len, uint8_t, size_t); + Eurydice_slice_copy( + uu____0, + Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t), + uint8_t); + } + self->buf_len = self->buf_len + consumed; + } + } + return consumed; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs0[1U]; + memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_consumed = + libcrux_sha3_generic_keccak_fill_buffer_9d_b0(uu____0, copy_of_inputs0); + if (input_consumed > (size_t)0U) { + Eurydice_slice borrowed[1U]; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + uint8_t buf[136U] = {0U}; + borrowed[i] = core_array___Array_T__N__23__as_slice( + (size_t)136U, buf, uint8_t, Eurydice_slice); + } + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + borrowed[i0] = + Eurydice_array_to_slice((size_t)136U, self->buf[i0], uint8_t); + } + uint64_t(*uu____2)[5U] = self->inner.st; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_b80(uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + self->buf_len = (size_t)0U; + } + size_t input_to_consume = + Eurydice_slice_len(inputs[0U], uint8_t) - input_consumed; + size_t num_blocks = input_to_consume / (size_t)136U; + size_t remainder = input_to_consume % (size_t)136U; + for (size_t i = (size_t)0U; i < num_blocks; i++) { + size_t i0 = i; + uint64_t(*uu____4)[5U] = self->inner.st; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( + copy_of_inputs, input_consumed + i0 * (size_t)136U, (size_t)136U, ret); + libcrux_sha3_portable_keccak_load_block_5a_b80(uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + } + return remainder; +} + +/** + Absorb + + This function takes any number of bytes to absorb and buffers if it's not + enough. The function assumes that all input slices in `blocks` have the same + length. + + Only a multiple of `RATE` blocks are absorbed. + For the remaining bytes [`absorb_final`] needs to be called. + + This works best with relatively small `inputs`. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, copy_of_inputs); + if (input_remainder_len > (size_t)0U) { + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + self->buf[i0], self->buf_len, self->buf_len + input_remainder_len, + uint8_t); + Eurydice_slice_copy( + uu____2, + Eurydice_slice_subslice_from( + inputs[i0], input_len - input_remainder_len, uint8_t, size_t), + uint8_t); + } + self->buf_len = self->buf_len + input_remainder_len; + } +} + +/** + Shake256 absorb +*/ +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for +libcrux_sha3::portable::incremental::Shake256Absorb)#2} +*/ +static inline void libcrux_sha3_portable_incremental_absorb_7d( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak_absorb_9d_7b(self, buf); +} + +typedef libcrux_sha3_generic_keccak_KeccakXofState_4f + libcrux_sha3_portable_incremental_Shake256Squeeze; + +/** + Absorb a final block. + + The `inputs` block may be empty. Everything in the `inputs` block beyond + `RATE` bytes is ignored. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +- DELIMITER= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_25( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, copy_of_inputs); + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + if (self->buf_len > (size_t)0U) { + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, self->buf_len, uint8_t); + Eurydice_slice_copy(uu____2, + Eurydice_array_to_subslice2(self->buf[i0], (size_t)0U, + self->buf_len, uint8_t), + uint8_t); + } + if (input_remainder_len > (size_t)0U) { + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + blocks[i0], self->buf_len, self->buf_len + input_remainder_len, + uint8_t); + Eurydice_slice_copy( + uu____3, + Eurydice_slice_subslice_from( + inputs[i0], input_len - input_remainder_len, uint8_t, size_t), + uint8_t); + } + blocks[i0][self->buf_len + input_remainder_len] = 31U; + size_t uu____4 = i0; + size_t uu____5 = (size_t)136U - (size_t)1U; + blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U; + } + uint64_t(*uu____6)[5U] = self->inner.st; + uint8_t uu____7[1U][200U]; + memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); +} + +/** + Shake256 absorb final +*/ +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for +libcrux_sha3::portable::incremental::Shake256Absorb)#2} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_4f +libcrux_sha3_portable_incremental_absorb_final_7d( + libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak_absorb_final_9d_25(&self, buf); + return self; +} + +/** + An all zero block +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline void libcrux_sha3_generic_keccak_zero_block_9d_e6( + uint8_t ret[136U]) { + ret[0U] = 0U; + ret[1U] = 0U; + ret[2U] = 0U; + ret[3U] = 0U; + ret[4U] = 0U; + ret[5U] = 0U; + ret[6U] = 0U; + ret[7U] = 0U; + ret[8U] = 0U; + ret[9U] = 0U; + ret[10U] = 0U; + ret[11U] = 0U; + ret[12U] = 0U; + ret[13U] = 0U; + ret[14U] = 0U; + ret[15U] = 0U; + ret[16U] = 0U; + ret[17U] = 0U; + ret[18U] = 0U; + ret[19U] = 0U; + ret[20U] = 0U; + ret[21U] = 0U; + ret[22U] = 0U; + ret[23U] = 0U; + ret[24U] = 0U; + ret[25U] = 0U; + ret[26U] = 0U; + ret[27U] = 0U; + ret[28U] = 0U; + ret[29U] = 0U; + ret[30U] = 0U; + ret[31U] = 0U; + ret[32U] = 0U; + ret[33U] = 0U; + ret[34U] = 0U; + ret[35U] = 0U; + ret[36U] = 0U; + ret[37U] = 0U; + ret[38U] = 0U; + ret[39U] = 0U; + ret[40U] = 0U; + ret[41U] = 0U; + ret[42U] = 0U; + ret[43U] = 0U; + ret[44U] = 0U; + ret[45U] = 0U; + ret[46U] = 0U; + ret[47U] = 0U; + ret[48U] = 0U; + ret[49U] = 0U; + ret[50U] = 0U; + ret[51U] = 0U; + ret[52U] = 0U; + ret[53U] = 0U; + ret[54U] = 0U; + ret[55U] = 0U; + ret[56U] = 0U; + ret[57U] = 0U; + ret[58U] = 0U; + ret[59U] = 0U; + ret[60U] = 0U; + ret[61U] = 0U; + ret[62U] = 0U; + ret[63U] = 0U; + ret[64U] = 0U; + ret[65U] = 0U; + ret[66U] = 0U; + ret[67U] = 0U; + ret[68U] = 0U; + ret[69U] = 0U; + ret[70U] = 0U; + ret[71U] = 0U; + ret[72U] = 0U; + ret[73U] = 0U; + ret[74U] = 0U; + ret[75U] = 0U; + ret[76U] = 0U; + ret[77U] = 0U; + ret[78U] = 0U; + ret[79U] = 0U; + ret[80U] = 0U; + ret[81U] = 0U; + ret[82U] = 0U; + ret[83U] = 0U; + ret[84U] = 0U; + ret[85U] = 0U; + ret[86U] = 0U; + ret[87U] = 0U; + ret[88U] = 0U; + ret[89U] = 0U; + ret[90U] = 0U; + ret[91U] = 0U; + ret[92U] = 0U; + ret[93U] = 0U; + ret[94U] = 0U; + ret[95U] = 0U; + ret[96U] = 0U; + ret[97U] = 0U; + ret[98U] = 0U; + ret[99U] = 0U; + ret[100U] = 0U; + ret[101U] = 0U; + ret[102U] = 0U; + ret[103U] = 0U; + ret[104U] = 0U; + ret[105U] = 0U; + ret[106U] = 0U; + ret[107U] = 0U; + ret[108U] = 0U; + ret[109U] = 0U; + ret[110U] = 0U; + ret[111U] = 0U; + ret[112U] = 0U; + ret[113U] = 0U; + ret[114U] = 0U; + ret[115U] = 0U; + ret[116U] = 0U; + ret[117U] = 0U; + ret[118U] = 0U; + ret[119U] = 0U; + ret[120U] = 0U; + ret[121U] = 0U; + ret[122U] = 0U; + ret[123U] = 0U; + ret[124U] = 0U; + ret[125U] = 0U; + ret[126U] = 0U; + ret[127U] = 0U; + ret[128U] = 0U; + ret[129U] = 0U; + ret[130U] = 0U; + ret[131U] = 0U; + ret[132U] = 0U; + ret[133U] = 0U; + ret[134U] = 0U; + ret[135U] = 0U; +} + +/** + Generate a new keccak xof state. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_4f +libcrux_sha3_generic_keccak_new_9d_7e(void) { + libcrux_sha3_generic_keccak_KeccakXofState_4f lit; + lit.inner = libcrux_sha3_generic_keccak_new_1e_f4(); + uint8_t ret[136U]; + libcrux_sha3_generic_keccak_zero_block_9d_e6(ret); + memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); + lit.buf_len = (size_t)0U; + lit.sponge = false; + return lit; +} + +/** + Shake256 new state +*/ +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for +libcrux_sha3::portable::incremental::Shake256Absorb)#2} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_4f +libcrux_sha3_portable_incremental_new_7d(void) { + return libcrux_sha3_generic_keccak_new_9d_7e(); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState +with types uint64_t +with const generics +- $1size_t +- $168size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakXofState_78_s { + libcrux_sha3_generic_keccak_KeccakState_48 inner; + uint8_t buf[1U][168U]; + size_t buf_len; + bool sponge; +} libcrux_sha3_generic_keccak_KeccakXofState_78; + +typedef libcrux_sha3_generic_keccak_KeccakXofState_78 + libcrux_sha3_portable_incremental_Shake128Absorb; + +/** + Consume the internal buffer and the required amount of the input to pad to + `RATE`. + + Returns the `consumed` bytes from `inputs` if there's enough buffered + content to consume, and `0` otherwise. + If `consumed > 0` is returned, `self.buf` contains a full block to be + loaded. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b00( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice inputs[1U]) { + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); + size_t consumed = (size_t)0U; + if (self->buf_len > (size_t)0U) { + if (self->buf_len + input_len >= (size_t)168U) { + consumed = (size_t)168U - self->buf_len; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)168U, self->buf[i0], self->buf_len, uint8_t, size_t); + Eurydice_slice_copy( + uu____0, + Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t), + uint8_t); + } + self->buf_len = self->buf_len + consumed; + } + } + return consumed; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs0[1U]; + memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_consumed = + libcrux_sha3_generic_keccak_fill_buffer_9d_b00(uu____0, copy_of_inputs0); + if (input_consumed > (size_t)0U) { + Eurydice_slice borrowed[1U]; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + uint8_t buf[168U] = {0U}; + borrowed[i] = core_array___Array_T__N__23__as_slice( + (size_t)168U, buf, uint8_t, Eurydice_slice); + } + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + borrowed[i0] = + Eurydice_array_to_slice((size_t)168U, self->buf[i0], uint8_t); + } + uint64_t(*uu____2)[5U] = self->inner.st; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_b83(uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + self->buf_len = (size_t)0U; + } + size_t input_to_consume = + Eurydice_slice_len(inputs[0U], uint8_t) - input_consumed; + size_t num_blocks = input_to_consume / (size_t)168U; + size_t remainder = input_to_consume % (size_t)168U; + for (size_t i = (size_t)0U; i < num_blocks; i++) { + size_t i0 = i; + uint64_t(*uu____4)[5U] = self->inner.st; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( + copy_of_inputs, input_consumed + i0 * (size_t)168U, (size_t)168U, ret); + libcrux_sha3_portable_keccak_load_block_5a_b83(uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + } + return remainder; +} + +/** + Absorb + + This function takes any number of bytes to absorb and buffers if it's not + enough. The function assumes that all input slices in `blocks` have the same + length. + + Only a multiple of `RATE` blocks are absorbed. + For the remaining bytes [`absorb_final`] needs to be called. + + This works best with relatively small `inputs`. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b0( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, copy_of_inputs); + if (input_remainder_len > (size_t)0U) { + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + self->buf[i0], self->buf_len, self->buf_len + input_remainder_len, + uint8_t); + Eurydice_slice_copy( + uu____2, + Eurydice_slice_subslice_from( + inputs[i0], input_len - input_remainder_len, uint8_t, size_t), + uint8_t); + } + self->buf_len = self->buf_len + input_remainder_len; + } +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for +libcrux_sha3::portable::incremental::Shake128Absorb)} +*/ +static inline void libcrux_sha3_portable_incremental_absorb_1c( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak_absorb_9d_7b0(self, buf); +} + +typedef libcrux_sha3_generic_keccak_KeccakXofState_78 + libcrux_sha3_portable_incremental_Shake128Squeeze; + +/** + Absorb a final block. + + The `inputs` block may be empty. Everything in the `inputs` block beyond + `RATE` bytes is ignored. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +- DELIMITER= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_250( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, copy_of_inputs); + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + if (self->buf_len > (size_t)0U) { + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, self->buf_len, uint8_t); + Eurydice_slice_copy(uu____2, + Eurydice_array_to_subslice2(self->buf[i0], (size_t)0U, + self->buf_len, uint8_t), + uint8_t); + } + if (input_remainder_len > (size_t)0U) { + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + blocks[i0], self->buf_len, self->buf_len + input_remainder_len, + uint8_t); + Eurydice_slice_copy( + uu____3, + Eurydice_slice_subslice_from( + inputs[i0], input_len - input_remainder_len, uint8_t, size_t), + uint8_t); + } + blocks[i0][self->buf_len + input_remainder_len] = 31U; + size_t uu____4 = i0; + size_t uu____5 = (size_t)168U - (size_t)1U; + blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U; + } + uint64_t(*uu____6)[5U] = self->inner.st; + uint8_t uu____7[1U][200U]; + memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_d21(uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for +libcrux_sha3::portable::incremental::Shake128Absorb)} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_78 +libcrux_sha3_portable_incremental_absorb_final_1c( + libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak_absorb_final_9d_250(&self, buf); + return self; +} + +/** + An all zero block +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline void libcrux_sha3_generic_keccak_zero_block_9d_e60( + uint8_t ret[168U]) { + ret[0U] = 0U; + ret[1U] = 0U; + ret[2U] = 0U; + ret[3U] = 0U; + ret[4U] = 0U; + ret[5U] = 0U; + ret[6U] = 0U; + ret[7U] = 0U; + ret[8U] = 0U; + ret[9U] = 0U; + ret[10U] = 0U; + ret[11U] = 0U; + ret[12U] = 0U; + ret[13U] = 0U; + ret[14U] = 0U; + ret[15U] = 0U; + ret[16U] = 0U; + ret[17U] = 0U; + ret[18U] = 0U; + ret[19U] = 0U; + ret[20U] = 0U; + ret[21U] = 0U; + ret[22U] = 0U; + ret[23U] = 0U; + ret[24U] = 0U; + ret[25U] = 0U; + ret[26U] = 0U; + ret[27U] = 0U; + ret[28U] = 0U; + ret[29U] = 0U; + ret[30U] = 0U; + ret[31U] = 0U; + ret[32U] = 0U; + ret[33U] = 0U; + ret[34U] = 0U; + ret[35U] = 0U; + ret[36U] = 0U; + ret[37U] = 0U; + ret[38U] = 0U; + ret[39U] = 0U; + ret[40U] = 0U; + ret[41U] = 0U; + ret[42U] = 0U; + ret[43U] = 0U; + ret[44U] = 0U; + ret[45U] = 0U; + ret[46U] = 0U; + ret[47U] = 0U; + ret[48U] = 0U; + ret[49U] = 0U; + ret[50U] = 0U; + ret[51U] = 0U; + ret[52U] = 0U; + ret[53U] = 0U; + ret[54U] = 0U; + ret[55U] = 0U; + ret[56U] = 0U; + ret[57U] = 0U; + ret[58U] = 0U; + ret[59U] = 0U; + ret[60U] = 0U; + ret[61U] = 0U; + ret[62U] = 0U; + ret[63U] = 0U; + ret[64U] = 0U; + ret[65U] = 0U; + ret[66U] = 0U; + ret[67U] = 0U; + ret[68U] = 0U; + ret[69U] = 0U; + ret[70U] = 0U; + ret[71U] = 0U; + ret[72U] = 0U; + ret[73U] = 0U; + ret[74U] = 0U; + ret[75U] = 0U; + ret[76U] = 0U; + ret[77U] = 0U; + ret[78U] = 0U; + ret[79U] = 0U; + ret[80U] = 0U; + ret[81U] = 0U; + ret[82U] = 0U; + ret[83U] = 0U; + ret[84U] = 0U; + ret[85U] = 0U; + ret[86U] = 0U; + ret[87U] = 0U; + ret[88U] = 0U; + ret[89U] = 0U; + ret[90U] = 0U; + ret[91U] = 0U; + ret[92U] = 0U; + ret[93U] = 0U; + ret[94U] = 0U; + ret[95U] = 0U; + ret[96U] = 0U; + ret[97U] = 0U; + ret[98U] = 0U; + ret[99U] = 0U; + ret[100U] = 0U; + ret[101U] = 0U; + ret[102U] = 0U; + ret[103U] = 0U; + ret[104U] = 0U; + ret[105U] = 0U; + ret[106U] = 0U; + ret[107U] = 0U; + ret[108U] = 0U; + ret[109U] = 0U; + ret[110U] = 0U; + ret[111U] = 0U; + ret[112U] = 0U; + ret[113U] = 0U; + ret[114U] = 0U; + ret[115U] = 0U; + ret[116U] = 0U; + ret[117U] = 0U; + ret[118U] = 0U; + ret[119U] = 0U; + ret[120U] = 0U; + ret[121U] = 0U; + ret[122U] = 0U; + ret[123U] = 0U; + ret[124U] = 0U; + ret[125U] = 0U; + ret[126U] = 0U; + ret[127U] = 0U; + ret[128U] = 0U; + ret[129U] = 0U; + ret[130U] = 0U; + ret[131U] = 0U; + ret[132U] = 0U; + ret[133U] = 0U; + ret[134U] = 0U; + ret[135U] = 0U; + ret[136U] = 0U; + ret[137U] = 0U; + ret[138U] = 0U; + ret[139U] = 0U; + ret[140U] = 0U; + ret[141U] = 0U; + ret[142U] = 0U; + ret[143U] = 0U; + ret[144U] = 0U; + ret[145U] = 0U; + ret[146U] = 0U; + ret[147U] = 0U; + ret[148U] = 0U; + ret[149U] = 0U; + ret[150U] = 0U; + ret[151U] = 0U; + ret[152U] = 0U; + ret[153U] = 0U; + ret[154U] = 0U; + ret[155U] = 0U; + ret[156U] = 0U; + ret[157U] = 0U; + ret[158U] = 0U; + ret[159U] = 0U; + ret[160U] = 0U; + ret[161U] = 0U; + ret[162U] = 0U; + ret[163U] = 0U; + ret[164U] = 0U; + ret[165U] = 0U; + ret[166U] = 0U; + ret[167U] = 0U; +} + +/** + Generate a new keccak xof state. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_78 +libcrux_sha3_generic_keccak_new_9d_7e0(void) { + libcrux_sha3_generic_keccak_KeccakXofState_78 lit; + lit.inner = libcrux_sha3_generic_keccak_new_1e_f4(); + uint8_t ret[168U]; + libcrux_sha3_generic_keccak_zero_block_9d_e60(ret); + memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); + lit.buf_len = (size_t)0U; + lit.sponge = false; + return lit; +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for +libcrux_sha3::portable::incremental::Shake128Absorb)} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_78 +libcrux_sha3_portable_incremental_new_1c(void) { + return libcrux_sha3_generic_keccak_new_9d_7e0(); +} + +/** + `out` has the exact size we want here. It must be less than or equal to `RATE`. +*/ +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_5a +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c( + uint64_t (*state)[5U], Eurydice_slice out[1U]) { + size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U; + size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U; + for (size_t i = (size_t)0U; i < num_full_blocks; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); + } + if (last_block_len != (size_t)0U) { + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[0U], num_full_blocks * (size_t)8U, + num_full_blocks * (size_t)8U + last_block_len, uint8_t); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes( + state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); + Eurydice_slice_copy( + uu____1, + Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t), + uint8_t); + } +} + +/** + Squeeze `N` x `LEN` bytes. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_96( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice out[1U]) { + if (self->sponge) { + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + } + size_t out_len = Eurydice_slice_len(out[0U], uint8_t); + size_t blocks = out_len / (size_t)136U; + size_t last = out_len - out_len % (size_t)136U; + size_t mid; + if ((size_t)136U >= out_len) { + mid = out_len; + } else { + mid = (size_t)136U; + } + Eurydice_slice_uint8_t_1size_t__x2 uu____0 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid); + Eurydice_slice out00[1U]; + memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice out_rest[1U]; + memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out00); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, Option_b3) + .tag == None) { + break; + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____1 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest, + (size_t)136U); + Eurydice_slice out0[1U]; + memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice tmp[1U]; + memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out0); + memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < out_len) { + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out_rest); + } + self->sponge = true; +} + +/** + Shake256 squeeze +*/ +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofSqueeze<136: usize> for +libcrux_sha3::portable::incremental::Shake256Squeeze)#3} +*/ +static inline void libcrux_sha3_portable_incremental_squeeze_8a( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { + Eurydice_slice buf[1U] = {out}; + libcrux_sha3_generic_keccak_squeeze_9d_96(self, buf); +} + +/** + `out` has the exact size we want here. It must be less than or equal to `RATE`. +*/ +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_5a +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c0( + uint64_t (*state)[5U], Eurydice_slice out[1U]) { + size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U; + size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U; + for (size_t i = (size_t)0U; i < num_full_blocks; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); + } + if (last_block_len != (size_t)0U) { + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[0U], num_full_blocks * (size_t)8U, + num_full_blocks * (size_t)8U + last_block_len, uint8_t); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes( + state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); + Eurydice_slice_copy( + uu____1, + Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t), + uint8_t); + } +} + +/** + Squeeze `N` x `LEN` bytes. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_960( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice out[1U]) { + if (self->sponge) { + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + } + size_t out_len = Eurydice_slice_len(out[0U], uint8_t); + size_t blocks = out_len / (size_t)168U; + size_t last = out_len - out_len % (size_t)168U; + size_t mid; + if ((size_t)168U >= out_len) { + mid = out_len; + } else { + mid = (size_t)168U; + } + Eurydice_slice_uint8_t_1size_t__x2 uu____0 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid); + Eurydice_slice out00[1U]; + memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice out_rest[1U]; + memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out00); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, Option_b3) + .tag == None) { + break; + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____1 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest, + (size_t)168U); + Eurydice_slice out0[1U]; + memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice tmp[1U]; + memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out0); + memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < out_len) { + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out_rest); + } + self->sponge = true; +} + +/** + Shake128 squeeze +*/ +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofSqueeze<168: usize> for +libcrux_sha3::portable::incremental::Shake128Squeeze)#1} +*/ +static inline void libcrux_sha3_portable_incremental_squeeze_10( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { + Eurydice_slice buf[1U] = {out}; + libcrux_sha3_generic_keccak_squeeze_9d_960(self, buf); } /** diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 4137cab1d..7127c1704 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -1,8 +1,7 @@ use crate::{ constant_time_ops::{ - compare_ciphertexts_in_constant_time, + compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, compare_ciphertexts_select_shared_secret_in_constant_time, - select_shared_secret_in_constant_time, }, constants::{CPA_PKE_KEY_GENERATION_SEED_SIZE, H_DIGEST_SIZE, SHARED_SECRET_SIZE}, hash_functions::Hash, @@ -141,9 +140,9 @@ fn generate_keypair< implicit_rejection_value, ); let private_key: MlKemPrivateKey = - MlKemPrivateKey::from(&secret_key_serialized); + MlKemPrivateKey::from(secret_key_serialized); - MlKemKeyPair::from(private_key, MlKemPublicKey::from(&public_key)) + MlKemKeyPair::from(private_key, MlKemPublicKey::from(public_key)) } fn encapsulate< diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 0c3bc7f65..ac045ae13 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -221,19 +221,37 @@ pub(crate) fn generate_keypair< >( key_generation_seed: &[u8], ) -> ([u8; PRIVATE_KEY_SIZE], [u8; PUBLIC_KEY_SIZE]) { - let (sk, pk) = generate_keypair_unpacked::( - key_generation_seed, - ); + // We don't use the unpacked function here in order to reduce stack size. + + // (ρ,σ) := G(d) + let hashed = Hasher::G(key_generation_seed); + let (seed_for_A, seed_for_secret_and_error) = hashed.split_at(32); + + let A_transpose = sample_matrix_A::(into_padded_array(seed_for_A), true); + + let prf_input: [u8; 33] = into_padded_array(seed_for_secret_and_error); + let (secret_as_ntt, domain_separator) = + sample_vector_cbd_then_ntt::(prf_input, 0); + let (error_as_ntt, _) = + sample_vector_cbd_then_ntt::( + prf_input, + domain_separator, + ); + + // tˆ := Aˆ ◦ sˆ + eˆ + let t_as_ntt = compute_As_plus_e(&A_transpose, &secret_as_ntt, &error_as_ntt); + + let seed_for_A: [u8; 32] = seed_for_A.try_into().unwrap(); // pk := (Encode_12(tˆ mod^{+}q) || ρ) let public_key_serialized = serialize_public_key::( - &pk.t_as_ntt, - &pk.seed_for_A, + &t_as_ntt, + &seed_for_A, ); // sk := Encode_12(sˆ mod^{+}q) - let secret_key_serialized = serialize_secret_key(&sk.secret_as_ntt); + let secret_key_serialized = serialize_secret_key(&secret_as_ntt); (secret_key_serialized, public_key_serialized) } diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 78d21d7b9..567c142ac 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -234,6 +234,7 @@ macro_rules! instantiate { #[cfg_attr( hax, hax_lib::fstar::before( + interface, " let _ = (* This module has implicit dependencies, here we make them explicit. *) diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 8f7d72172..adb0ce646 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -227,6 +227,7 @@ macro_rules! instantiate { #[cfg_attr( hax, hax_lib::fstar::before( + interface, " let _ = (* This module has implicit dependencies, here we make them explicit. *) diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 82666e8bc..979524a14 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -230,6 +230,7 @@ macro_rules! instantiate { #[cfg_attr( hax, hax_lib::fstar::before( + interface, " let _ = (* This module has implicit dependencies, here we make them explicit. *) From 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 18 Aug 2024 19:15:03 +0000 Subject: [PATCH 062/172] update C extraction --- .docker/c/install.sh | 12 +- libcrux-ml-kem/c.yaml | 7 + libcrux-ml-kem/c/code_gen.txt | 10 +- libcrux-ml-kem/c/eurydice_glue.h | 51 +- libcrux-ml-kem/c/internal/libcrux_core.h | 82 +- .../c/internal/libcrux_mlkem_avx2.h | 76 +- .../c/internal/libcrux_mlkem_neon.h | 32 +- .../c/internal/libcrux_mlkem_portable.h | 76 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 10 +- .../c/internal/libcrux_sha3_internal.h | 351 +- .../c/intrinsics/libcrux_intrinsics_avx2.h | 245 +- libcrux-ml-kem/c/libcrux_core.c | 241 +- libcrux-ml-kem/c/libcrux_core.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 154 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 52 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 126 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 154 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 52 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 152 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 124 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 148 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 152 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 124 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 152 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 6195 +++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 263 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 16 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 4668 ++++++++----- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 92 +- libcrux-ml-kem/c/libcrux_sha3.h | 81 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 1638 ++--- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 39 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 607 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 41 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 41 +- 46 files changed, 9507 insertions(+), 7153 deletions(-) diff --git a/.docker/c/install.sh b/.docker/c/install.sh index 596d0c366..86bbb3f9f 100644 --- a/.docker/c/install.sh +++ b/.docker/c/install.sh @@ -25,24 +25,24 @@ unzip hacl-star.zip rm -rf hacl-star.zip mv hacl-star-2a8b61343a1a7232611cb763b0dc3e4dff84d656/ hacl-star -curl -L https://github.com/AeneasVerif/charon/archive/53530427db2941ce784201e64086766504bc5642.zip \ +curl -L https://github.com/AeneasVerif/charon/archive/962f26311ccdf09a6a3cfeacbccafba22bf3d405.zip \ --output charon.zip unzip charon.zip rm -rf charon.zip -mv charon-53530427db2941ce784201e64086766504bc5642/ charon +mv charon-962f26311ccdf09a6a3cfeacbccafba22bf3d405/ charon -curl -L https://github.com/FStarLang/karamel/archive/2bd16e63cfbfa2b81d3c45d597b811ca2a12d430.zip \ +curl -L https://github.com/FStarLang/karamel/archive/7862fdc3899b718d39ec98568f78ec40592a622a.zip \ --output karamel.zip unzip karamel.zip rm -rf karamel.zip -mv karamel-2bd16e63cfbfa2b81d3c45d597b811ca2a12d430/ karamel +mv karamel-7862fdc3899b718d39ec98568f78ec40592a622a/ karamel -curl -L https://github.com/AeneasVerif/eurydice/archive/05ade3c33b87927d9873736212cc5078c1fc3d69.zip \ +curl -L https://github.com/AeneasVerif/eurydice/archive/e66abbc2119485abfafa17c1911bdbdada5b04f3.zip \ --output eurydice.zip unzip eurydice.zip rm -rf eurydice.zip -mv eurydice-05ade3c33b87927d9873736212cc5078c1fc3d69/ eurydice +mv eurydice-e66abbc2119485abfafa17c1911bdbdada5b04f3/ eurydice echo "export FSTAR_HOME=$HOME/fstar" >>$HOME/.profile echo "export HACL_HOME=$HOME/hacl-star" >>$HOME/.profile diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 4dab8e235..2af7c36be 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -230,3 +230,10 @@ files: private: - [libcrux_ml_kem, "*"] inline_static: true + +naming: + skip_prefix: + - [ core, core_arch, arm_shared, neon ] + - [ core, core_arch, x86 ] + - [libcrux_intrinsics, arm64] + - [libcrux_intrinsics, avx2] diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 5c241aed0..a2424cd2d 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 53530427db2941ce784201e64086766504bc5642 -Eurydice: 67f4341506300372fba9cb8de070234935839cb7 -Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 -F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 +Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 +Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 +Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a +F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty +Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 7fee796ff..a97683fa6 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -54,33 +54,33 @@ typedef struct { // which is NOT correct C syntax, so we add a dedicated phase in Eurydice that // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. -#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _, _ret_t) \ +#define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _) \ EURYDICE_SLICE((t *)s.ptr, r.start, r.end) // Variant for when the start and end indices are statically known (i.e., the // range argument `r` is a literal). -#define Eurydice_slice_subslice2(s, start, end, t, _) \ +#define Eurydice_slice_subslice2(s, start, end, t) \ EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) \ +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) \ +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t, _ret_t) \ - EURYDICE_SLICE(x, 0, \ +#define Eurydice_array_to_slice(end, x, t) \ + EURYDICE_SLICE(x, 0, \ end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) \ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ EURYDICE_SLICE((t *)x, r.start, r.end) // Same as above, variant for when start and end are statically known -#define Eurydice_array_to_subslice2(x, start, end, t, _ret_t) \ +#define Eurydice_array_to_subslice2(x, start, end, t) \ EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) \ +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) \ +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t, _ret_t) \ +#define Eurydice_array_repeat(dst, len, init, t) \ ERROR "should've been desugared" -#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) \ +#define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) +#define Eurydice_slice_copy(dst, src, t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) @@ -90,25 +90,26 @@ typedef struct { (memcpy(dst, src, len * sizeof(elem_type))) #define core_array_TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) \ +#define Eurydice_array_eq(sz, a1, a2, t, _) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ - Eurydice_array_eq +#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ + sz, a1, a2, t, _, _ret_t) \ + Eurydice_array_eq(sz, a1, a2, t, _) -#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ +#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ +#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ .len = slice.len - mid}}) // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. // N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) \ +#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index c267a11d4..74e72ff40 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __internal_libcrux_core_H @@ -75,9 +75,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_a31( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_8e1( uint8_t value[1568U]); +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -88,7 +91,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_eb1( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_121( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -101,7 +104,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_701( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_db1( uint8_t value[3168U]); /** @@ -113,9 +116,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_101( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_141( uint8_t value[1568U]); +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -124,7 +130,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_3b1( +uint8_t *libcrux_ml_kem_types_as_slice_cb_6f1( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -136,9 +142,12 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_791( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -156,9 +165,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_a30( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_8e0( uint8_t value[1184U]); +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -169,7 +181,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_eb0( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_120( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -182,7 +194,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_700( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_db0( uint8_t value[2400U]); /** @@ -194,9 +206,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_100( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_140( uint8_t value[1088U]); +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -205,7 +220,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_3b0( +uint8_t *libcrux_ml_kem_types_as_slice_cb_6f0( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -217,9 +232,12 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_790( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -237,9 +255,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_a3( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_8e( uint8_t value[800U]); +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -250,7 +271,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_eb( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_12( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -263,7 +284,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_70( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_db( uint8_t value[1632U]); /** @@ -275,9 +296,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_10( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_14( uint8_t value[768U]); +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -286,9 +310,12 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_3b( +uint8_t *libcrux_ml_kem_types_as_slice_cb_6f( libcrux_ml_kem_types_MlKemPublicKey_be *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -320,6 +347,9 @@ with types uint8_t[32size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -337,9 +367,12 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_79( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -348,6 +381,9 @@ with const generics void libcrux_ml_kem_utils_into_padded_array_ea0(Eurydice_slice slice, uint8_t ret[800U]); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 400fe304e..fddfc05eb 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -32,7 +32,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6c1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_f91(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -47,8 +47,16 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_881(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -62,7 +70,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_991(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_0d1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -82,7 +90,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_361( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_721( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -105,7 +113,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_011( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e61( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -130,7 +138,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_261( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -156,7 +164,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_261( +void libcrux_ml_kem_ind_cca_decapsulate_b61( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -168,7 +176,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6c0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_f90(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -183,8 +191,16 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_880(uint8_t randomness[64U]); + +/** + Packed API + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -198,7 +214,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_990(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_0d0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -218,7 +234,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_360( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_720( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -241,7 +257,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_010( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e60( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -266,7 +282,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_260( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -292,7 +308,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_260( +void libcrux_ml_kem_ind_cca_decapsulate_b60( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -304,7 +320,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6c(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_f9(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -319,8 +335,16 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_88(uint8_t randomness[64U]); + +/** + Packed API + + Generate a key pair. + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -333,7 +357,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_99( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0d( uint8_t randomness[64U]); /** @@ -354,7 +378,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_36( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_72( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -377,7 +401,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_01( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e6( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -402,7 +426,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_26( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -428,7 +452,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_26( +void libcrux_ml_kem_ind_cca_decapsulate_b6( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index 57231a2ff..03c96041e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __internal_libcrux_mlkem_neon_H @@ -48,6 +48,14 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -184,6 +192,14 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -320,6 +336,14 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 02b20eae1..dec2addfe 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_601(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_c21(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -53,8 +53,16 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -69,7 +77,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_ef1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f91(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -90,7 +98,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -113,7 +121,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_fa1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_411( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -139,7 +147,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_751( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_441( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -165,7 +173,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_241( +void libcrux_ml_kem_ind_cca_decapsulate_b21( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -177,7 +185,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_600(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_c20(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -193,8 +201,16 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]); + +/** + Packed API + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -209,7 +225,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_ef0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f90(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -230,7 +246,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -253,7 +269,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_fa0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_410( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -279,7 +295,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_750( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_440( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -305,7 +321,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_240( +void libcrux_ml_kem_ind_cca_decapsulate_b20( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -317,7 +333,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_60(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_c2(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -333,8 +349,16 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]); + +/** + Packed API + + Generate a key pair. + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -349,7 +373,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_ef(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f9(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -370,7 +394,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -393,7 +417,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_fa( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -419,7 +443,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_75( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_44( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -445,7 +469,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_24( +void libcrux_ml_kem_ind_cca_decapsulate_b2( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 6b1490d57..7ed30875a 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 80cd5b7ab..43b7619f7 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __internal_libcrux_sha3_internal_H @@ -24,11 +24,17 @@ extern "C" { typedef libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_KeccakState; +/** + Create a new SHAKE-128 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { return libcrux_sha3_generic_keccak_new_1e_f4(); } +/** + Absorb +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { @@ -36,6 +42,9 @@ libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_absorb_final_c7(s, buf); } +/** + Squeeze another block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -70,6 +79,9 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc( libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o2); } +/** + Squeeze three blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -84,6 +96,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( typedef uint8_t libcrux_sha3_Algorithm; +/** + Returns the output size of a digest. +*/ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; switch (mode) { @@ -167,6 +182,9 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f( libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o4); } +/** + Squeeze five blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -174,6 +192,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f(s, buf); } +/** + Absorb some data for SHAKE-256 for the last time +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { @@ -181,11 +202,17 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_c70(s, buf); } +/** + Create a new SHAKE-256 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { return libcrux_sha3_generic_keccak_new_1e_f4(); } +/** + Squeeze the first SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { @@ -193,6 +220,9 @@ libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_squeeze_first_block_840(s, buf); } +/** + Squeeze the next SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { @@ -217,6 +247,15 @@ typedef struct libcrux_sha3_generic_keccak_KeccakXofState_4f_s { typedef libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_Shake256Absorb; +/** + Consume the internal buffer and the required amount of the input to pad to + `RATE`. + + Returns the `consumed` bytes from `inputs` if there's enough buffered + content to consume, and `0` otherwise. + If `consumed > 0` is returned, `self.buf` contains a full block to be + loaded. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -231,7 +270,7 @@ with const generics static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b0( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { - size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); size_t consumed = (size_t)0U; if (self->buf_len > (size_t)0U) { if (self->buf_len + input_len >= (size_t)136U) { @@ -239,13 +278,11 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b0( { size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)136U, self->buf[i], self->buf_len, uint8_t, size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + (size_t)136U, self->buf[i], self->buf_len, uint8_t, size_t); + Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice_to(inputs[i], consumed, uint8_t, size_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice_to(inputs[i], consumed, uint8_t, size_t), + uint8_t); } self->buf_len = self->buf_len + consumed; } @@ -268,10 +305,11 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs0[1U]; + memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_b0(uu____0, uu____1); + libcrux_sha3_generic_keccak_fill_buffer_9d_b0(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -281,8 +319,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( } { size_t i = (size_t)0U; - borrowed[i] = Eurydice_array_to_slice((size_t)136U, self->buf[i], uint8_t, - Eurydice_slice); + borrowed[i] = + Eurydice_array_to_slice((size_t)136U, self->buf[i], uint8_t); } uint64_t(*uu____2)[5U] = self->inner.st; Eurydice_slice uu____3[1U]; @@ -292,23 +330,36 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( self->buf_len = (size_t)0U; } size_t input_to_consume = - core_slice___Slice_T___len(inputs[0U], uint8_t, size_t) - input_consumed; + Eurydice_slice_len(inputs[0U], uint8_t) - input_consumed; size_t num_blocks = input_to_consume / (size_t)136U; size_t remainder = input_to_consume % (size_t)136U; for (size_t i = (size_t)0U; i < num_blocks; i++) { size_t i0 = i; uint64_t(*uu____4)[5U] = self->inner.st; - Eurydice_slice uu____5[1U]; - memcpy(uu____5, inputs, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____5, input_consumed + i0 * (size_t)136U, (size_t)136U, ret); + copy_of_inputs, input_consumed + i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_portable_keccak_load_block_5a_b8(uu____4, ret); libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); } return remainder; } +/** + Absorb + + This function takes any number of bytes to absorb and buffers if it's not + enough. The function assumes that all input slices in `blocks` have the same + length. + + Only a multiple of `RATE` blocks are absorbed. + For the remaining bytes [`absorb_final`] needs to be called. + + This works best with relatively small `inputs`. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -324,28 +375,31 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, uu____1); + libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { - size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { size_t i = (size_t)0U; Eurydice_slice uu____2 = Eurydice_array_to_subslice2( self->buf[i], self->buf_len, self->buf_len + input_remainder_len, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice_from(inputs[i], - input_len - input_remainder_len, uint8_t, - size_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice_from( + inputs[i], input_len - input_remainder_len, uint8_t, size_t), + uint8_t); } self->buf_len = self->buf_len + input_remainder_len; } } +/** + Shake256 absorb +*/ /** This function found in impl {(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for @@ -360,6 +414,12 @@ static inline void libcrux_sha3_portable_incremental_absorb_7d( typedef libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_Shake256Squeeze; +/** + Absorb a final block. + + The `inputs` block may be empty. Everything in the `inputs` block beyond + `RATE` bytes is ignored. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -376,33 +436,32 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_25( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, uu____1); - size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, copy_of_inputs); + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (self->buf_len > (size_t)0U) { Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, self->buf_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(self->buf[i], (size_t)0U, self->buf_len, - uint8_t, Eurydice_slice), - uint8_t, void *); + blocks[i], (size_t)0U, self->buf_len, uint8_t); + Eurydice_slice_copy(uu____2, + Eurydice_array_to_subslice2(self->buf[i], (size_t)0U, + self->buf_len, uint8_t), + uint8_t); } if (input_remainder_len > (size_t)0U) { Eurydice_slice uu____3 = Eurydice_array_to_subslice2( blocks[i], self->buf_len, self->buf_len + input_remainder_len, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice_from(inputs[i], - input_len - input_remainder_len, uint8_t, - size_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice_from( + inputs[i], input_len - input_remainder_len, uint8_t, size_t), + uint8_t); } blocks[i][self->buf_len + input_remainder_len] = 31U; size_t uu____4 = i; @@ -416,6 +475,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_25( libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); } +/** + Shake256 absorb final +*/ /** This function found in impl {(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for @@ -429,6 +491,9 @@ libcrux_sha3_portable_incremental_absorb_final_7d( return self; } +/** + An all zero block +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -580,6 +645,9 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_e6( ret[135U] = 0U; } +/** + Generate a new keccak xof state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -603,6 +671,9 @@ libcrux_sha3_generic_keccak_new_9d_7e(void) { return lit; } +/** + Shake256 new state +*/ /** This function found in impl {(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for @@ -630,6 +701,15 @@ typedef struct libcrux_sha3_generic_keccak_KeccakXofState_78_s { typedef libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_Shake128Absorb; +/** + Consume the internal buffer and the required amount of the input to pad to + `RATE`. + + Returns the `consumed` bytes from `inputs` if there's enough buffered + content to consume, and `0` otherwise. + If `consumed > 0` is returned, `self.buf` contains a full block to be + loaded. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -644,7 +724,7 @@ with const generics static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b00( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { - size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); size_t consumed = (size_t)0U; if (self->buf_len > (size_t)0U) { if (self->buf_len + input_len >= (size_t)168U) { @@ -652,13 +732,11 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b00( { size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)168U, self->buf[i], self->buf_len, uint8_t, size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + (size_t)168U, self->buf[i], self->buf_len, uint8_t, size_t); + Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice_to(inputs[i], consumed, uint8_t, size_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice_to(inputs[i], consumed, uint8_t, size_t), + uint8_t); } self->buf_len = self->buf_len + consumed; } @@ -681,10 +759,11 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs0[1U]; + memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_b00(uu____0, uu____1); + libcrux_sha3_generic_keccak_fill_buffer_9d_b00(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -694,8 +773,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( } { size_t i = (size_t)0U; - borrowed[i] = Eurydice_array_to_slice((size_t)168U, self->buf[i], uint8_t, - Eurydice_slice); + borrowed[i] = + Eurydice_array_to_slice((size_t)168U, self->buf[i], uint8_t); } uint64_t(*uu____2)[5U] = self->inner.st; Eurydice_slice uu____3[1U]; @@ -705,23 +784,36 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( self->buf_len = (size_t)0U; } size_t input_to_consume = - core_slice___Slice_T___len(inputs[0U], uint8_t, size_t) - input_consumed; + Eurydice_slice_len(inputs[0U], uint8_t) - input_consumed; size_t num_blocks = input_to_consume / (size_t)168U; size_t remainder = input_to_consume % (size_t)168U; for (size_t i = (size_t)0U; i < num_blocks; i++) { size_t i0 = i; uint64_t(*uu____4)[5U] = self->inner.st; - Eurydice_slice uu____5[1U]; - memcpy(uu____5, inputs, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____5, input_consumed + i0 * (size_t)168U, (size_t)168U, ret); + copy_of_inputs, input_consumed + i0 * (size_t)168U, (size_t)168U, ret); libcrux_sha3_portable_keccak_load_block_5a_b80(uu____4, ret); libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); } return remainder; } +/** + Absorb + + This function takes any number of bytes to absorb and buffers if it's not + enough. The function assumes that all input slices in `blocks` have the same + length. + + Only a multiple of `RATE` blocks are absorbed. + For the remaining bytes [`absorb_final`] needs to be called. + + This works best with relatively small `inputs`. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -737,23 +829,23 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, uu____1); + libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { - size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { size_t i = (size_t)0U; Eurydice_slice uu____2 = Eurydice_array_to_subslice2( self->buf[i], self->buf_len, self->buf_len + input_remainder_len, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice_from(inputs[i], - input_len - input_remainder_len, uint8_t, - size_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice_from( + inputs[i], input_len - input_remainder_len, uint8_t, size_t), + uint8_t); } self->buf_len = self->buf_len + input_remainder_len; } @@ -773,6 +865,12 @@ static inline void libcrux_sha3_portable_incremental_absorb_1c( typedef libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_Shake128Squeeze; +/** + Absorb a final block. + + The `inputs` block may be empty. Everything in the `inputs` block beyond + `RATE` bytes is ignored. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -789,33 +887,32 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_250( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, uu____1); - size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, copy_of_inputs); + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (self->buf_len > (size_t)0U) { Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, self->buf_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(self->buf[i], (size_t)0U, self->buf_len, - uint8_t, Eurydice_slice), - uint8_t, void *); + blocks[i], (size_t)0U, self->buf_len, uint8_t); + Eurydice_slice_copy(uu____2, + Eurydice_array_to_subslice2(self->buf[i], (size_t)0U, + self->buf_len, uint8_t), + uint8_t); } if (input_remainder_len > (size_t)0U) { Eurydice_slice uu____3 = Eurydice_array_to_subslice2( blocks[i], self->buf_len, self->buf_len + input_remainder_len, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice_from(inputs[i], - input_len - input_remainder_len, uint8_t, - size_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice_from( + inputs[i], input_len - input_remainder_len, uint8_t, size_t), + uint8_t); } blocks[i][self->buf_len + input_remainder_len] = 31U; size_t uu____4 = i; @@ -842,6 +939,9 @@ libcrux_sha3_portable_incremental_absorb_final_1c( return self; } +/** + An all zero block +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -1025,6 +1125,9 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_e60( ret[167U] = 0U; } +/** + Generate a new keccak xof state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -1058,6 +1161,9 @@ libcrux_sha3_portable_incremental_new_1c(void) { return libcrux_sha3_generic_keccak_new_9d_7e0(); } +/** + `out` has the exact size we want here. It must be less than or equal to `RATE`. +*/ /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: usize> for u64)} @@ -1069,37 +1175,34 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c( uint64_t (*state)[5U], Eurydice_slice out[1U]) { - size_t num_full_blocks = - core_slice___Slice_T___len(out[0U], uint8_t, size_t) / (size_t)8U; - size_t last_block_len = - core_slice___Slice_T___len(out[0U], uint8_t, size_t) % (size_t)8U; + size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U; + size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U; for (size_t i = (size_t)0U; i < num_full_blocks; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } if (last_block_len != (size_t)0U) { Eurydice_slice uu____1 = Eurydice_slice_subslice2( out[0U], num_full_blocks * (size_t)8U, - num_full_blocks * (size_t)8U + last_block_len, uint8_t, Eurydice_slice); + num_full_blocks * (size_t)8U + last_block_len, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes( state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____1, - Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t), + uint8_t); } } +/** + Squeeze `N` x `LEN` bytes. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -1117,7 +1220,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_96( if (self->sponge) { libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); } - size_t out_len = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t out_len = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = out_len / (size_t)136U; size_t last = out_len - out_len % (size_t)136U; size_t mid; @@ -1163,6 +1266,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_96( self->sponge = true; } +/** + Shake256 squeeze +*/ /** This function found in impl {(libcrux_sha3::portable::incremental::XofSqueeze<136: usize> for @@ -1174,6 +1280,9 @@ static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_squeeze_9d_96(self, buf); } +/** + `out` has the exact size we want here. It must be less than or equal to `RATE`. +*/ /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: usize> for u64)} @@ -1185,37 +1294,34 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c0( uint64_t (*state)[5U], Eurydice_slice out[1U]) { - size_t num_full_blocks = - core_slice___Slice_T___len(out[0U], uint8_t, size_t) / (size_t)8U; - size_t last_block_len = - core_slice___Slice_T___len(out[0U], uint8_t, size_t) % (size_t)8U; + size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U; + size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U; for (size_t i = (size_t)0U; i < num_full_blocks; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } if (last_block_len != (size_t)0U) { Eurydice_slice uu____1 = Eurydice_slice_subslice2( out[0U], num_full_blocks * (size_t)8U, - num_full_blocks * (size_t)8U + last_block_len, uint8_t, Eurydice_slice); + num_full_blocks * (size_t)8U + last_block_len, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes( state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____1, - Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t), + uint8_t); } } +/** + Squeeze `N` x `LEN` bytes. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -1233,7 +1339,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_960( if (self->sponge) { libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); } - size_t out_len = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t out_len = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = out_len / (size_t)168U; size_t last = out_len - out_len % (size_t)168U; size_t mid; @@ -1279,6 +1385,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_960( self->sponge = true; } +/** + Shake128 squeeze +*/ /** This function found in impl {(libcrux_sha3::portable::incremental::XofSqueeze<168: usize> for diff --git a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h index d7ebcbe67..df3cab052 100644 --- a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h @@ -21,60 +21,52 @@ typedef __m256i core_core_arch_x86___m256i; // Cast and Convert -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i a) { +static inline core_core_arch_x86___m128i mm256_castsi256_si128( + core_core_arch_x86___m256i a) { return _mm256_castsi256_si128(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i mm256_cvtepi16_epi32( + core_core_arch_x86___m128i a) { return _mm256_cvtepi16_epi32(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i mm256_castsi128_si256( + core_core_arch_x86___m128i a) { return _mm256_castsi128_si256(a); } // Initialize, Load, Store -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_setzero_si256(void) { +static inline core_core_arch_x86___m256i mm256_setzero_si256(void) { return _mm256_setzero_si256(); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi16(int16_t a) { return _mm256_set1_epi16(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi32(int32_t a) { return _mm256_set1_epi32(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi64x(int64_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi64x(int64_t a) { return _mm256_set1_epi64x(a); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16( - int16_t a) { +static inline core_core_arch_x86___m128i mm_set1_epi16(int16_t a) { return _mm_set1_epi16(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi16(int16_t x0, int16_t x1, int16_t x2, - int16_t x3, int16_t x4, int16_t x5, - int16_t x6, int16_t x7, int16_t x8, - int16_t x9, int16_t x10, int16_t x11, - int16_t x12, int16_t x13, int16_t x14, - int16_t x15) { +static inline core_core_arch_x86___m256i mm256_set_epi16( + int16_t x0, int16_t x1, int16_t x2, int16_t x3, int16_t x4, int16_t x5, + int16_t x6, int16_t x7, int16_t x8, int16_t x9, int16_t x10, int16_t x11, + int16_t x12, int16_t x13, int16_t x14, int16_t x15) { return _mm256_set_epi16(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15); } -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( +static inline core_core_arch_x86___m256i mm256_set_epi8( int8_t x0, int8_t x1, int8_t x2, int8_t x3, int8_t x4, int8_t x5, int8_t x6, int8_t x7, int8_t x8, int8_t x9, int8_t x10, int8_t x11, int8_t x12, int8_t x13, int8_t x14, int8_t x15, int8_t x16, int8_t x17, int8_t x18, @@ -86,7 +78,7 @@ static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( x24, x25, x26, x27, x28, x29, x30, x31); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( +static inline core_core_arch_x86___m128i mm_set_epi8( uint8_t x0, uint8_t x1, uint8_t x2, uint8_t x3, uint8_t x4, uint8_t x5, uint8_t x6, uint8_t x7, uint8_t x8, uint8_t x9, uint8_t x10, uint8_t x11, uint8_t x12, uint8_t x13, uint8_t x14, uint8_t x15) { @@ -94,266 +86,229 @@ static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( x13, x14, x15); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi32(int32_t x0, int32_t x1, int32_t x2, - int32_t x3, int32_t x4, int32_t x5, - int32_t x6, int32_t x7) { +static inline core_core_arch_x86___m256i mm256_set_epi32(int32_t x0, int32_t x1, + int32_t x2, int32_t x3, + int32_t x4, int32_t x5, + int32_t x6, + int32_t x7) { return _mm256_set_epi32(x0, x1, x2, x3, x4, x5, x6, x7); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice a) { +static inline core_core_arch_x86___m256i mm256_loadu_si256_i16( + Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice a) { +static inline core_core_arch_x86___m256i mm256_loadu_si256_u8( + Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice a) { +static inline core_core_arch_x86___m128i mm_loadu_si128(Eurydice_slice a) { return _mm_loadu_si128((const __m128i*)a.ptr); } -static inline void libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_slice a, core_core_arch_x86___m128i b) { +static inline void mm_storeu_bytes_si128(Eurydice_slice a, + core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_slice a, core_core_arch_x86___m256i b) { +static inline void mm256_storeu_si256_i16(Eurydice_slice a, + core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice a, core_core_arch_x86___m256i b) { +static inline void mm256_storeu_si256_u8(Eurydice_slice a, + core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice a, core_core_arch_x86___m128i b) { +static inline void mm_storeu_si128(Eurydice_slice a, + core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } // Arithmetic: Add, Sub -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_add_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_add_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_add_epi16( +static inline core_core_arch_x86___m128i mm_add_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_add_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sub_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_sub_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sub_epi16(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_sub_epi16( +static inline core_core_arch_x86___m128i mm_sub_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_sub_epi16(a, b); } // Arithmetic: Mul low and high, Mul-Add combinations -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mullo_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mulhi_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mulhi_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mul_epu32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mul_epu32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mul_epu32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mullo_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mullo_epi16( +static inline core_core_arch_x86___m128i mm_mullo_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mullo_epi16(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mulhi_epi16( +static inline core_core_arch_x86___m128i mm_mulhi_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_madd_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_madd_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_madd_epi16(a, b); } // Comparison -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cmpgt_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_cmpgt_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_cmpgt_epi16(a, b); } // Bitwise operations -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_and_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_and_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_and_si256(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_andnot_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_andnot_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_andnot_si256(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_xor_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_xor_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_xor_si256(a, b); } -static inline int32_t libcrux_intrinsics_avx2_mm_movemask_epi8( - core_core_arch_x86___m128i a) { +static inline int32_t mm_movemask_epi8(core_core_arch_x86___m128i a) { return _mm_movemask_epi8(a); } // Shift operations -#define libcrux_intrinsics_avx2_mm256_srai_epi16(a, b, _) \ - (_mm256_srai_epi16(b, a)) +#define mm256_srai_epi16(a, b, _) (_mm256_srai_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_srli_epi16(a, b, _) \ - (_mm256_srli_epi16(b, a)) +#define mm256_srli_epi16(a, b, _) (_mm256_srli_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_slli_epi16(a, b, _) \ - (_mm256_slli_epi16(b, a)) +#define mm256_slli_epi16(a, b, _) (_mm256_slli_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_slli_epi32(a, b, _) \ - (_mm256_slli_epi32(b, a)) +#define mm256_slli_epi32(a, b, _) (_mm256_slli_epi32(b, a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_slli_epi64_(int32_t a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_slli_epi64_( + int32_t a, core_core_arch_x86___m256i b) { return _mm256_slli_epi64(b, a); } -#define libcrux_intrinsics_avx2_mm256_slli_epi64(a, b, c) \ - (libcrux_intrinsics_avx2_mm256_slli_epi64_(a, b)) +#define mm256_slli_epi64(a, b, c) (mm256_slli_epi64_(a, b)) -#define libcrux_intrinsics_avx2_mm256_srai_epi32(a, b, _) \ - (_mm256_srai_epi32(b, a)) +#define mm256_srai_epi32(a, b, _) (_mm256_srai_epi32(b, a)) -#define libcrux_intrinsics_avx2_mm256_srli_epi32(a, b, _) \ - (_mm256_srli_epi32(b, a)) +#define mm256_srli_epi32(a, b, _) (_mm256_srli_epi32(b, a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sllv_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_sllv_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sllv_epi32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi64_(int32_t a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_srli_epi64_( + int32_t a, core_core_arch_x86___m256i b) { return _mm256_srli_epi64(b, a); } -#define libcrux_intrinsics_avx2_mm256_srli_epi64(a, b, c) \ - (libcrux_intrinsics_avx2_mm256_srli_epi64_(a, b)) +#define mm256_srli_epi64(a, b, c) (mm256_srli_epi64_(a, b)) // Shuffle and Vector Interleaving -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpacklo_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpacklo_epi64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi64(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpackhi_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpackhi_epi64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi64(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_packs_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_packs_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_packs_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_packs_epi16( +static inline core_core_arch_x86___m128i mm_packs_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_packs_epi16(a, b); } -#define libcrux_intrinsics_avx2_mm256_shuffle_epi32(a, b, _) \ - (_mm256_shuffle_epi32(b, a)) +#define mm256_shuffle_epi32(a, b, _) (_mm256_shuffle_epi32(b, a)) -#define libcrux_intrinsics_avx2_mm256_extracti128_si256(a, b, _) \ - (_mm256_extracti128_si256(b, a)) +#define mm256_extracti128_si256(a, b, _) (_mm256_extracti128_si256(b, a)) -#define libcrux_intrinsics_avx2_mm256_permute4x64_epi64(a, b, _) \ - (_mm256_permute4x64_epi64(b, a)) +#define mm256_permute4x64_epi64(a, b, _) (_mm256_permute4x64_epi64(b, a)) -#define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a, b, c, d) \ +#define mm256_permute2x128_si256(a, b, c, d) \ (_mm256_permute2x128_si256(b, c, a)) -#define libcrux_intrinsics_avx2_mm256_inserti128_si256(a, b, c, _) \ - (_mm256_inserti128_si256(b, c, a)) +#define mm256_inserti128_si256(a, b, c, _) (_mm256_inserti128_si256(b, c, a)) -#define libcrux_intrinsics_avx2_mm256_blend_epi16(a, b, c, _) \ - (_mm256_blend_epi16(b, c, a)) +#define mm256_blend_epi16(a, b, c, _) (_mm256_blend_epi16(b, c, a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_shuffle_epi8(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_shuffle_epi8( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_shuffle_epi8(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( +static inline core_core_arch_x86___m256i mm256_permutevar8x32_epi32( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_permutevar8x32_epi32(a, b); } -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_shuffle_epi8(core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b) { +static inline core_core_arch_x86___m128i mm_shuffle_epi8( + core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_shuffle_epi8(a, b); } diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 86a49e1e6..51173e23c 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,15 +4,18 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "internal/libcrux_core.h" +/** + Return 1 if `value` is not zero and 0 otherwise. +*/ static uint8_t inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -25,14 +28,17 @@ static uint8_t inz(uint8_t value) { static KRML_NOINLINE uint8_t is_non_zero(uint8_t value) { return inz(value); } +/** + Return 1 if the bytes of `lhs` and `rhs` do not exactly + match and 0 otherwise. +*/ static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(lhs, uint8_t, size_t); i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) { size_t i0 = i; r = (uint32_t)r | - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); } return is_non_zero(r); } @@ -43,6 +49,10 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return compare(lhs, rhs); } +/** + If `selector` is not zero, return the bytes in `rhs`; return the bytes in + `lhs` otherwise. +*/ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); @@ -50,11 +60,10 @@ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) { size_t i0 = i; - out[i0] = - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)mask) | - ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)~mask); + out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & + (uint32_t)mask) | + ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & + (uint32_t)~mask); } memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -87,15 +96,19 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_a31( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_8e1( uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -106,7 +119,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_eb1( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_121( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -122,12 +135,13 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_701( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_db1( uint8_t value[3168U]) { - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[3168U]; + memcpy(copy_of_value, value, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -140,15 +154,19 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_101( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_141( uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -157,7 +175,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_3b1( +uint8_t *libcrux_ml_kem_types_as_slice_cb_6f1( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -171,12 +189,14 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_791( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -186,12 +206,10 @@ void libcrux_ml_kem_utils_into_padded_array_ea4(Eurydice_slice slice, uint8_t ret[1600U]) { uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } @@ -204,15 +222,19 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_a30( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_8e0( uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1184U]; + memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); return lit; } +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -223,7 +245,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_eb0( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_120( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -239,12 +261,13 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_700( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_db0( uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[2400U]; + memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -257,15 +280,19 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_100( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_140( uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1088U]; + memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); return lit; } +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -274,7 +301,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_3b0( +uint8_t *libcrux_ml_kem_types_as_slice_cb_6f0( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -288,12 +315,14 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_790( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -303,12 +332,10 @@ void libcrux_ml_kem_utils_into_padded_array_ea3(Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } @@ -321,15 +348,19 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_a3( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_8e( uint8_t value[800U]) { - uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[800U]; + memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); return lit; } +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -340,7 +371,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_eb( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_12( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -355,12 +386,13 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_70( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_db( uint8_t value[1632U]) { - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1632U]; + memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -373,15 +405,19 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_10( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_14( uint8_t value[768U]) { - uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[768U]; + memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); return lit; } +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -390,11 +426,14 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_3b( +uint8_t *libcrux_ml_kem_types_as_slice_cb_6f( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -404,12 +443,10 @@ void libcrux_ml_kem_utils_into_padded_array_ea2(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } @@ -433,6 +470,9 @@ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { } } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -442,12 +482,10 @@ void libcrux_ml_kem_utils_into_padded_array_ea1(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } @@ -460,12 +498,14 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_79( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -475,15 +515,16 @@ void libcrux_ml_kem_utils_into_padded_array_ea0(Eurydice_slice slice, uint8_t ret[800U]) { uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -493,12 +534,10 @@ void libcrux_ml_kem_utils_into_padded_array_ea(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 4265e7e36..b527d22f6 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 276b5327d..59edf1b4e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 5b6502758..432eb7c2c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "libcrux_mlkem1024_avx2.h" #include "internal/libcrux_mlkem_avx2.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -35,20 +38,30 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_d5( +static void decapsulate_cd( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_260(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b60(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_d5(private_key, ciphertext, ret); + decapsulate_cd(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -70,18 +83,25 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_05( +static void decapsulate_unpacked_ea( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa0(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_260(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_05(private_key, ciphertext, ret); + decapsulate_unpacked_ea(private_key, ciphertext, ret); } /** @@ -101,24 +121,36 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_b7( +static tuple_21 encapsulate_32( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_010(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_e60(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_b7(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_32(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -137,26 +169,42 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_ed( +static tuple_21 encapsulate_unpacked_14( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_360(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_720(uu____0, + copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ed(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_14(uu____0, copy_of_randomness); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -168,20 +216,28 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_80( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_88( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_990(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_0d0(copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_80(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_88(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -195,20 +251,29 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_290(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d0(uu____0); +generate_keypair_unpacked_af(uint8_t randomness[64U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_880( + copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_290(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_af(copy_of_randomness); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -217,14 +282,19 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_930(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_6c0(public_key); +static bool validate_public_key_520(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_f90(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_930(public_key.value)) { + if (validate_public_key_520(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index f70175faf..02a1e0ab9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem1024_avx2_H @@ -22,29 +22,71 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index 8f38be0c7..c95f9f673 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem1024_neon.h" #include "internal/libcrux_mlkem_neon.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -42,6 +45,13 @@ static void decapsulate_f8( libcrux_ml_kem_ind_cca_decapsulate_82(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -49,6 +59,9 @@ void libcrux_ml_kem_mlkem1024_neon_decapsulate( decapsulate_f8(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -77,6 +90,13 @@ static void decapsulate_unpacked_c2( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -105,20 +125,32 @@ static tuple_21 encapsulate_6b( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6b(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_6b(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -142,21 +174,37 @@ static tuple_21 encapsulate_unpacked_1c( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, + copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_1c(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_1c(uu____0, copy_of_randomness); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -170,18 +218,26 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_72(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_72(copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_91(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_91(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -196,19 +252,28 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c generate_keypair_unpacked_87(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4( + copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_87(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_87(copy_of_randomness); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -221,6 +286,11 @@ static bool validate_public_key_a3(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index dc1d1a4be..1ed96ad65 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem1024_neon_H @@ -22,29 +22,71 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 2b84bcdbd..1cb401481 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "libcrux_mlkem1024_portable.h" #include "internal/libcrux_mlkem_portable.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -35,20 +38,30 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_8b( +static void decapsulate_ee( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_241(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b21(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_8b(private_key, ciphertext, ret); + decapsulate_ee(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -70,18 +83,25 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_f3( +static void decapsulate_unpacked_28( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_751(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_441(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_f3(private_key, ciphertext, ret); + decapsulate_unpacked_28(private_key, ciphertext, ret); } /** @@ -101,24 +121,36 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_83( +static tuple_21 encapsulate_1a( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_fa1(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_411(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_83(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_1a(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -137,26 +169,42 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_f4( +static tuple_21 encapsulate_unpacked_4e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c1(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1(uu____0, + copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_f4(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_4e(uu____0, copy_of_randomness); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -169,20 +217,28 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_a9( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_00( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_ef1(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_f91(copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_a9(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_00(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -196,20 +252,29 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_10(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a1(uu____0); +generate_keypair_unpacked_b3(uint8_t randomness[64U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41( + copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_10(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_b3(copy_of_randomness); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -218,14 +283,19 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_4d1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_601(public_key); +static bool validate_public_key_9d1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_c21(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_4d1(public_key.value)) { + if (validate_public_key_9d1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 8ea6c71ad..18df930ab 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem1024_portable_H @@ -22,29 +22,71 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 06d05903b..6c5fa87f5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index d6917cf59..5367ea6e2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "libcrux_mlkem512_avx2.h" #include "internal/libcrux_mlkem_avx2.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -35,18 +38,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_f1(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_4f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_26(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b6(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_f1(private_key, ciphertext, ret); + decapsulate_4f(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -68,16 +81,23 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_4e( +static void decapsulate_unpacked_d3( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_26(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_4e(private_key, ciphertext, ret); + decapsulate_unpacked_d3(private_key, ciphertext, ret); } /** @@ -97,24 +117,36 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_ab( +static tuple_ec encapsulate_a5( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_01(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_e6(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ab(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_a5(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -133,26 +165,40 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_dc( +static tuple_ec encapsulate_unpacked_bd( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_36(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_72(uu____0, + copy_of_randomness); } +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_dc(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_bd(uu____0, copy_of_randomness); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -164,20 +210,28 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_d4( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_ab( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_99(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_0d(copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_d4(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_ab(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -191,20 +245,29 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_29(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d(uu____0); +generate_keypair_unpacked_d6(uint8_t randomness[64U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_88( + copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_29(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_d6(copy_of_randomness); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -213,14 +276,19 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_93(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_6c(public_key); +static bool validate_public_key_52(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_f9(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_93(public_key.value)) { + if (validate_public_key_52(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 36f5a4f09..de016f75b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem512_avx2_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index 906114e72..5b9b0ad47 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem512_neon.h" #include "internal/libcrux_mlkem_neon.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -41,12 +44,22 @@ static void decapsulate_55(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_ind_cca_decapsulate_821(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_55(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -74,6 +87,13 @@ static void decapsulate_unpacked_53( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { @@ -101,20 +121,32 @@ static tuple_ec encapsulate_f8( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_f8(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_f8(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -138,21 +170,35 @@ static tuple_ec encapsulate_unpacked_ce( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, + copy_of_randomness); } +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ce(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_ce(uu____0, copy_of_randomness); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -166,18 +212,26 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_721(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_721(copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1a(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_1a(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -192,19 +246,28 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 generate_keypair_unpacked_38(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41( + copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_38(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_38(copy_of_randomness); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -217,6 +280,11 @@ static bool validate_public_key_a31(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e1(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index 67f26b584..211c714fc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem512_neon_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index e6ed7f596..cf889ae06 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "libcrux_mlkem512_portable.h" #include "internal/libcrux_mlkem_portable.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -38,15 +41,25 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics static void decapsulate_f8(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_240(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b20(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_f8(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -68,16 +81,23 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_1e( +static void decapsulate_unpacked_0c( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_750(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_440(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_1e(private_key, ciphertext, ret); + decapsulate_unpacked_0c(private_key, ciphertext, ret); } /** @@ -97,24 +117,36 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_6e( +static tuple_ec encapsulate_33( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_fa0(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_410(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6e(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_33(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -133,26 +165,40 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_ae( +static tuple_ec encapsulate_unpacked_f7( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c0(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0(uu____0, + copy_of_randomness); } +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ae(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_f7(uu____0, copy_of_randomness); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -165,20 +211,28 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_65( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_68( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_ef0(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_f90(copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_65(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_68(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -192,20 +246,29 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_16(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a0(uu____0); +generate_keypair_unpacked_fe(uint8_t randomness[64U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40( + copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_16(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_fe(copy_of_randomness); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -214,14 +277,19 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_4d0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_600(public_key); +static bool validate_public_key_9d0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_c20(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_4d0(public_key.value)) { + if (validate_public_key_9d0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index b307dbf3b..3ca4b0b85 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem512_portable_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 14d7b3864..645dd5ef8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 170f11724..576acabef 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "libcrux_mlkem768_avx2.h" #include "internal/libcrux_mlkem_avx2.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -35,18 +38,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_0b( +static void decapsulate_99( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_261(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b61(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_0b(private_key, ciphertext, ret); + decapsulate_99(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -68,16 +81,23 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_3f( +static void decapsulate_unpacked_25( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa1(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_261(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_3f(private_key, ciphertext, ret); + decapsulate_unpacked_25(private_key, ciphertext, ret); } /** @@ -97,24 +117,36 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_98( +static tuple_3c encapsulate_60( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_011(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_e61(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_98(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_60(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -133,26 +165,40 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_be( +static tuple_3c encapsulate_unpacked_27( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_361(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_721(uu____0, + copy_of_randomness); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_be(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_27(uu____0, copy_of_randomness); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -164,20 +210,28 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_32( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c0( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_991(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_0d1(copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_32(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_c0(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -191,20 +245,29 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_09(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d1(uu____0); +generate_keypair_unpacked_0b(uint8_t randomness[64U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_881( + copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_09(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_0b(copy_of_randomness); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -213,14 +276,19 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_931(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_6c1(public_key); +static bool validate_public_key_521(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_f91(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_931(public_key.value)) { + if (validate_public_key_521(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 860111581..8c8af3f91 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem768_avx2_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index f7f161a44..c252832a1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem768_neon.h" #include "internal/libcrux_mlkem_neon.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -41,12 +44,22 @@ static void decapsulate_67( libcrux_ml_kem_ind_cca_decapsulate_820(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_67(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -74,6 +87,13 @@ static void decapsulate_unpacked_70( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -101,20 +121,32 @@ static tuple_3c encapsulate_ea( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ea(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_ea(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -138,21 +170,35 @@ static tuple_3c encapsulate_unpacked_29( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, + copy_of_randomness); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_29(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_29(uu____0, copy_of_randomness); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -166,18 +212,26 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_720(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_720(copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1b(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_1b(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -192,19 +246,28 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd generate_keypair_unpacked_42(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40( + copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_42(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_42(copy_of_randomness); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -217,6 +280,11 @@ static bool validate_public_key_a30(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e0(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index 4bbf14bf5..aaf2756d9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem768_neon_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 145cf96c6..f8904ea1a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "libcrux_mlkem768_portable.h" #include "internal/libcrux_mlkem_portable.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -35,18 +38,28 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_7d( +static void decapsulate_e7( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_24(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b2(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_7d(private_key, ciphertext, ret); + decapsulate_e7(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -68,16 +81,23 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_c8( +static void decapsulate_unpacked_bd( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_75(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_44(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_c8(private_key, ciphertext, ret); + decapsulate_unpacked_bd(private_key, ciphertext, ret); } /** @@ -97,24 +117,36 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_72( +static tuple_3c encapsulate_fd( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_fa(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_41(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_72(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_fd(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -133,26 +165,40 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_c9( +static tuple_3c encapsulate_unpacked_e9( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b(uu____0, + copy_of_randomness); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_c9(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_e9(uu____0, copy_of_randomness); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -165,20 +211,28 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_21( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c1( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_ef(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_f9(copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_21(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_c1(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -192,20 +246,29 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_2a(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a(uu____0); +generate_keypair_unpacked_78(uint8_t randomness[64U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4( + copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_2a(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_78(copy_of_randomness); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -214,14 +277,19 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_4d(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_60(public_key); +static bool validate_public_key_9d(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_c2(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_4d(public_key.value)) { + if (validate_public_key_9d(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 4ed073607..9251372d3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem768_portable_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index ed6975218..105b03788 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "internal/libcrux_mlkem_avx2.h" @@ -21,8 +21,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -30,43 +29,40 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_zero(void) { - return libcrux_intrinsics_avx2_mm256_setzero_si256(); +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { + return mm256_setzero_si256(); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { +__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { return libcrux_ml_kem_vector_avx2_zero(); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); + return mm256_loadu_si256_i16(array); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( - Eurydice_slice array) { +__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { return libcrux_ml_kem_vector_avx2_from_i16_array(array); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( - core_core_arch_x86___m256i v, int16_t ret[16U]) { +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, + int16_t ret[16U]) { int16_t output[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, output, int16_t), + v); memcpy(ret, output, (size_t)16U * sizeof(int16_t)); } @@ -74,564 +70,452 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, - int16_t ret[16U]) { +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]) { libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, + __m256i rhs) { + return mm256_add_epi16(lhs, rhs); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { +__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, + __m256i rhs) { + return mm256_sub_epi16(lhs, rhs); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { +__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, + int16_t constant) { + return mm256_mullo_epi16(vector, mm256_set1_epi16(constant)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - core_core_arch_x86___m256i v, int16_t c) { +__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, + int16_t c) { return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_and_si256( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); + __m256i vector, int16_t constant) { + return mm256_and_si256(vector, mm256_set1_epi16(constant)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { +__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( vector, constant); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i v_minus_field_modulus = - libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); - core_core_arch_x86___m256i conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); - return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { + __m256i field_modulus = + mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus); + __m256i sign_mask = + mm256_srai_epi16((int32_t)15, v_minus_field_modulus, __m256i); + __m256i conditional_add_field_modulus = + mm256_and_si256(sign_mask, field_modulus); + return mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector) { +__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16( +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { + __m256i t = mm256_mulhi_epi16( + vector, mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, - quotient_times_field_modulus); + __m256i t0 = mm256_add_epi16(t, mm256_set1_epi16((int16_t)512)); + __m256i quotient = mm256_srai_epi16((int32_t)10, t0, __m256i); + __m256i quotient_times_field_modulus = mm256_mullo_epi16( + quotient, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return mm256_sub_epi16(vector, quotient_times_field_modulus); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector) { +__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i constant0 = - libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i vector, int16_t constant) { + __m256i constant0 = mm256_set1_epi16(constant); + __m256i value_low = mm256_mullo_epi16(vector, constant0); + __m256i k = mm256_mullo_epi16( value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( + mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + __m256i k_times_modulus = mm256_mulhi_epi16( + k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = mm256_mulhi_epi16(vector, constant0); + return mm256_sub_epi16(value_high, k_times_modulus); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { +__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( vector, constant); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)2); - core_core_arch_x86___m256i field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)4); - core_core_arch_x86___m256i shifted = - libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, shifted, core_core_arch_x86___m256i); - core_core_arch_x86___m256i shifted_to_positive = - libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); + __m256i vector) { + __m256i field_modulus_halved = mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)2); + __m256i field_modulus_quartered = mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)4); + __m256i shifted = mm256_sub_epi16(field_modulus_halved, vector); + __m256i mask = mm256_srai_epi16((int32_t)15, shifted, __m256i); + __m256i shifted_to_positive = mm256_xor_si256(mask, shifted); + __m256i shifted_to_positive_in_range = + mm256_sub_epi16(shifted_to_positive, field_modulus_quartered); + return mm256_srli_epi16((int32_t)15, shifted_to_positive_in_range, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( - core_core_arch_x86___m256i vector) { +__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( vector); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - core_core_arch_x86___m256i prod02 = - libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, - core_core_arch_x86___m256i)); - return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), - libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + __m256i lhs, __m256i rhs) { + __m256i prod02 = mm256_mul_epu32(lhs, rhs); + __m256i prod13 = + mm256_mul_epu32(mm256_shuffle_epi32((int32_t)245, lhs, __m256i), + mm256_shuffle_epi32((int32_t)245, rhs, __m256i)); + return mm256_unpackhi_epi64(mm256_unpacklo_epi32(prod02, prod13), + mm256_unpackhi_epi32(prod02, prod13)); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i v, __m256i c) { + __m256i value_low = mm256_mullo_epi16(v, c); + __m256i k = mm256_mullo_epi16( value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( + mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, - -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = + __m256i k_times_modulus = mm256_mulhi_epi16( + k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = mm256_mulhi_epi16(v, c); + return mm256_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i zetas = mm256_set_epi16(-zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, + zeta2, zeta2, -zeta1, -zeta1, zeta1, zeta1, + -zeta0, -zeta0, zeta0, zeta0); + __m256i rhs = mm256_shuffle_epi32((int32_t)245, vector, __m256i); + __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i lhs = mm256_shuffle_epi32((int32_t)160, vector, __m256i); + return mm256_add_epi16(lhs, rhs0); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, - -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)238, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + __m256i vector, int16_t zeta0, int16_t zeta1) { + __m256i zetas = mm256_set_epi16(-zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, + zeta1, zeta1, -zeta0, -zeta0, -zeta0, -zeta0, + zeta0, zeta0, zeta0, zeta0); + __m256i rhs = mm256_shuffle_epi32((int32_t)238, vector, __m256i); + __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)68, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i lhs = mm256_shuffle_epi32((int32_t)68, vector, __m256i); + return mm256_add_epi16(lhs, rhs0); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); } -KRML_MUSTINLINE core_core_arch_x86___m128i +KRML_MUSTINLINE __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { - core_core_arch_x86___m128i value_low = - libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + __m128i v, __m128i c) { + __m128i value_low = mm_mullo_epi16(v, c); + __m128i k = mm_mullo_epi16( value_low, - libcrux_intrinsics_avx2_mm_set1_epi16( + mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = - libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs0 = + __m128i k_times_modulus = mm_mulhi_epi16( + k, mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m128i value_high = mm_mulhi_epi16(v, c); + return mm_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) { + __m128i rhs = mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m128i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); + rhs, mm_set1_epi16(zeta)); + __m128i lhs = mm256_castsi256_si128(vector); + __m128i lower_coefficients = mm_add_epi16(lhs, rhs0); + __m128i upper_coefficients = mm_sub_epi16(lhs, rhs0); + __m256i combined = mm256_castsi128_si256(lower_coefficients); + return mm256_inserti128_si256((int32_t)1, combined, upper_coefficients, + __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, - (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum0 = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i lhs = mm256_shuffle_epi32((int32_t)245, vector, __m256i); + __m256i rhs = mm256_shuffle_epi32((int32_t)160, vector, __m256i); + __m256i rhs0 = mm256_mullo_epi16( + rhs, mm256_set_epi16((int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1)); + __m256i sum0 = mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum0, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, - (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, - (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - core_core_arch_x86___m256i sum = - libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); + sum0, + mm256_set_epi16(zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + __m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return mm256_blend_epi16((int32_t)204, sum, sum_times_zetas, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( vector, zeta0, zeta1, zeta2, zeta3); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + __m256i vector, int16_t zeta0, int16_t zeta1) { + __m256i lhs = mm256_permute4x64_epi64((int32_t)245, vector, __m256i); + __m256i rhs = mm256_permute4x64_epi64((int32_t)160, vector, __m256i); + __m256i rhs0 = mm256_mullo_epi16( + rhs, mm256_set_epi16((int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1)); + __m256i sum = mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, - (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, - (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); + sum, + mm256_set_epi16(zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return mm256_blend_epi16((int32_t)240, sum, sum_times_zetas, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients0 = +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + __m256i vector, int16_t zeta) { + __m128i lhs = mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m128i rhs = mm256_castsi256_si128(vector); + __m128i lower_coefficients = mm_add_epi16(lhs, rhs); + __m128i upper_coefficients = mm_sub_epi16(lhs, rhs); + __m128i upper_coefficients0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); + upper_coefficients, mm_set1_epi16(zeta)); + __m256i combined = mm256_castsi128_si256(lower_coefficients); + return mm256_inserti128_si256((int32_t)1, combined, upper_coefficients0, + __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v) { - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { + __m256i k = mm256_mullo_epi16( v, - libcrux_intrinsics_avx2_mm256_set1_epi32( + mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i result = - libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, result, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - core_core_arch_x86___m256i); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - core_core_arch_x86___m256i lhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i lhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i rhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i rhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i rhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i left = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i right = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i right0 = + __m256i k_times_modulus = mm256_mulhi_epi16( + k, mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = mm256_srli_epi32((int32_t)16, v, __m256i); + __m256i result = mm256_sub_epi16(value_high, k_times_modulus); + __m256i result0 = mm256_slli_epi32((int32_t)16, result, __m256i); + return mm256_srai_epi32((int32_t)16, result0, __m256i); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i shuffle_with = mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + __m256i lhs_shuffled = mm256_shuffle_epi8(lhs, shuffle_with); + __m256i lhs_shuffled0 = + mm256_permute4x64_epi64((int32_t)216, lhs_shuffled, __m256i); + __m128i lhs_evens = mm256_castsi256_si128(lhs_shuffled0); + __m256i lhs_evens0 = mm256_cvtepi16_epi32(lhs_evens); + __m128i lhs_odds = + mm256_extracti128_si256((int32_t)1, lhs_shuffled0, __m128i); + __m256i lhs_odds0 = mm256_cvtepi16_epi32(lhs_odds); + __m256i rhs_shuffled = mm256_shuffle_epi8(rhs, shuffle_with); + __m256i rhs_shuffled0 = + mm256_permute4x64_epi64((int32_t)216, rhs_shuffled, __m256i); + __m128i rhs_evens = mm256_castsi256_si128(rhs_shuffled0); + __m256i rhs_evens0 = mm256_cvtepi16_epi32(rhs_evens); + __m128i rhs_odds = + mm256_extracti128_si256((int32_t)1, rhs_shuffled0, __m128i); + __m256i rhs_odds0 = mm256_cvtepi16_epi32(rhs_odds); + __m256i left = mm256_mullo_epi32(lhs_evens0, rhs_evens0); + __m256i right = mm256_mullo_epi32(lhs_odds0, rhs_odds0); + __m256i right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( - right0, - libcrux_intrinsics_avx2_mm256_set_epi32( - -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, - -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - core_core_arch_x86___m256i products_left = - libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i products_left0 = + __m256i right1 = mm256_mullo_epi32( + right0, mm256_set_epi32(-(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, + (int32_t)zeta2, -(int32_t)zeta1, (int32_t)zeta1, + -(int32_t)zeta0, (int32_t)zeta0)); + __m256i products_left = mm256_add_epi32(left, right1); + __m256i products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_left); - core_core_arch_x86___m256i rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - rhs, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, - (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, - (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, - (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, - (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, - (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - core_core_arch_x86___m256i products_right = - libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i products_right0 = + __m256i rhs_adjacent_swapped = mm256_shuffle_epi8( + rhs, + mm256_set_epi8((int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, + (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, + (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, + (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, + (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, + (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + __m256i products_right = mm256_madd_epi16(lhs, rhs_adjacent_swapped); + __m256i products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_right); - core_core_arch_x86___m256i products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, - core_core_arch_x86___m256i); + __m256i products_right1 = + mm256_slli_epi32((int32_t)16, products_right0, __m256i); + return mm256_blend_epi16((int32_t)170, products_left0, products_right1, + __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { +__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, zeta1, zeta2, zeta3); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - core_core_arch_x86___m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i low_msbs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = - libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + __m256i vector, uint8_t ret[2U]) { + __m256i lsb_to_msb = mm256_slli_epi16((int32_t)15, vector, __m256i); + __m128i low_msbs = mm256_castsi256_si128(lsb_to_msb); + __m128i high_msbs = mm256_extracti128_si256((int32_t)1, lsb_to_msb, __m128i); + __m128i msbs = mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = mm_movemask_epi8(msbs); uint8_t serialized[2U] = {0U}; serialized[0U] = (uint8_t)bits_packed; serialized[1U] = (uint8_t)(bits_packed >> 8U); @@ -642,110 +526,79 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { +void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, + uint8_t ret[2U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, - (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, - (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, - (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, - (int16_t)-32768); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); + __m256i coefficients = mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); + __m256i shift_lsb_to_msb = mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); + __m256i coefficients_in_msb = + mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return mm256_srli_epi16((int32_t)15, coefficients_in_msb, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + __m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)4, (int32_t)0)); - core_core_arch_x86___m128i combined0 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + __m256i adjacent_8_combined = mm256_shuffle_epi8( + adjacent_2_combined, + mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); + __m256i combined = mm256_permutevar8x32_epi32( + adjacent_8_combined, + mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); + __m128i combined0 = mm256_castsi256_si128(combined); + mm_storeu_bytes_si128( + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0); uint8_t ret0[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -754,127 +607,89 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { +void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, + uint8_t ret[8U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 4U) - (int16_t)1)); + __m256i coefficients = mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); + __m256i shift_lsbs_to_msbs = mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m256i coefficients_in_msb = + mm256_mullo_epi16(coefficients, shift_lsbs_to_msbs); + __m256i coefficients_in_lsb = + mm256_srli_epi16((int32_t)4, coefficients_in_msb, __m256i); + return mm256_and_si256(coefficients_in_lsb, + mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + __m256i vector, uint8_t ret[10U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + __m256i adjacent_4_combined = mm256_sllv_epi32( + adjacent_2_combined, + mm256_set_epi32((int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22)); + __m256i adjacent_4_combined0 = + mm256_srli_epi64((int32_t)22, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = + mm256_shuffle_epi32((int32_t)8, adjacent_4_combined0, __m256i); + __m256i adjacent_8_combined0 = mm256_sllv_epi32( + adjacent_8_combined, + mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12)); + __m256i adjacent_8_combined1 = + mm256_srli_epi64((int32_t)12, adjacent_8_combined0, __m256i); + __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined1); + mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, - Eurydice_slice), + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined1, __m128i); + mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t), upper_8); uint8_t ret0[10U]; core_result_Result_cd dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), + Eurydice_slice, uint8_t[10U]); core_result_unwrap_41_e8(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -883,120 +698,101 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { +void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, + uint8_t ret[10U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i coefficients_loaded = - libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, - (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, - (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - core_core_arch_x86___m256i); + __m128i coefficients = + mm_set_epi8(Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); + __m256i coefficients_loaded = mm256_castsi128_si256(coefficients); + __m256i coefficients_loaded0 = mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, __m256i); + __m256i coefficients0 = mm256_shuffle_epi8( + coefficients_loaded0, + mm256_set_epi8((int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, + (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, + (int8_t)5, (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, + (int8_t)2, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)1, (int8_t)0)); + __m256i coefficients1 = mm256_mullo_epi16( + coefficients0, + mm256_set_epi16((int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return mm256_srli_epi16((int32_t)11, coefficients1, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + __m256i vector, uint8_t ret[20U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16((int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1)); + __m256i adjacent_4_combined = mm256_sllv_epi32( + adjacent_2_combined, + mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); + __m256i adjacent_4_combined0 = + mm256_srli_epi64((int32_t)12, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = mm256_shuffle_epi8( + adjacent_4_combined0, + mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, + (int8_t)1, (int8_t)0)); + __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); + mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, - Eurydice_slice), - upper_8); + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); + mm_storeu_bytes_si128(Eurydice_array_to_subslice2(serialized, (size_t)10U, + (size_t)26U, uint8_t), + upper_8); uint8_t ret0[20U]; core_result_Result_7a dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), + Eurydice_slice, uint8_t[20U]); core_result_unwrap_41_34(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1005,72 +801,53 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { +void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, + uint8_t ret[20U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, - (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, - (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, - 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, - 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 10U) - (int16_t)1)); + __m256i shift_lsbs_to_msbs = mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); + __m128i lower_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); + __m128i lower_coefficients0 = mm_shuffle_epi8( + lower_coefficients, mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, + 3U, 2U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); + __m128i upper_coefficients0 = mm_shuffle_epi8( + upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, + 10U, 9U, 9U, 8U, 8U, 7U, 7U, 6U)); + __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); + __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, + upper_coefficients0, __m256i); + __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = mm256_srli_epi16((int32_t)6, coefficients1, __m256i); + return mm256_and_si256(coefficients2, + mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + __m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), - vector); + mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, array, int16_t), + vector); libcrux_ml_kem_vector_portable_vector_type_PortableVector input = libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)16U, array, int16_t)); uint8_t ret0[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); @@ -1080,81 +857,69 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { +void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, + uint8_t ret[22U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { libcrux_ml_kem_vector_portable_vector_type_PortableVector output = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + return mm256_loadu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + __m256i vector, uint8_t ret[24U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, - (int32_t)8, (int32_t)0, (int32_t)8)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16((int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, + (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, + (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, + (int16_t)1)); + __m256i adjacent_4_combined = mm256_sllv_epi32( + adjacent_2_combined, + mm256_set_epi32((int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); + __m256i adjacent_4_combined0 = + mm256_srli_epi64((int32_t)8, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = mm256_shuffle_epi8( + adjacent_4_combined0, + mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, + (int8_t)1, (int8_t)0)); + __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); + mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, - Eurydice_slice), - upper_8); + mm_storeu_bytes_si128(Eurydice_array_to_subslice2(serialized, (size_t)12U, + (size_t)28U, uint8_t), + upper_8); uint8_t ret0[24U]; core_result_Result_6f dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), + Eurydice_slice, uint8_t[24U]); core_result_unwrap_41_1c(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1163,73 +928,53 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { +void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, + uint8_t ret[24U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, - 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, - 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 12U) - (int16_t)1)); + __m256i shift_lsbs_to_msbs = mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m128i lower_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); + __m128i lower_coefficients0 = mm_shuffle_epi8( + lower_coefficients, mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, + 4U, 3U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); + __m128i upper_coefficients0 = mm_shuffle_epi8( + upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, + 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); + __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, + upper_coefficients0, __m256i); + __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = mm256_srli_epi16((int32_t)4, coefficients1, __m256i); + return mm256_and_si256(coefficients2, + mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); } KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( Eurydice_slice input, Eurydice_slice output) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i potential_coefficients = + __m256i field_modulus = + mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); + __m256i compare_with_field_modulus = + mm256_cmpgt_epi16(field_modulus, potential_coefficients); uint8_t good[2U]; libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, good); @@ -1238,35 +983,27 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + __m128i lower_shuffles0 = mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); + __m128i lower_coefficients = mm256_castsi256_si128(potential_coefficients); + __m128i lower_coefficients0 = + mm_shuffle_epi8(lower_coefficients, lower_shuffles0); + mm_storeu_si128(output, lower_coefficients0); size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); uint8_t upper_shuffles[16U]; memcpy(upper_shuffles, libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), - upper_coefficients0); + __m128i upper_shuffles0 = mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t)); + __m128i upper_coefficients = + mm256_extracti128_si256((int32_t)1, potential_coefficients, __m128i); + __m128i upper_coefficients0 = + mm_shuffle_epi8(upper_coefficients, upper_shuffles0); + mm_storeu_si128(Eurydice_slice_subslice2(output, sampled_count, + sampled_count + (size_t)8U, int16_t), + upper_coefficients0); size_t uu____0 = sampled_count; return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); } @@ -1284,8 +1021,7 @@ size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} */ -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self) { +inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { return self[0U]; } @@ -1320,6 +1056,12 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_9b(void) { return lit; } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -1327,24 +1069,26 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_7f(Eurydice_slice serialized) { +deserialize_to_reduced_ring_element_71(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); } return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -1352,14 +1096,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_494( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a84( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -1367,9 +1111,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_494( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_7f(ring_element); + deserialize_to_reduced_ring_element_71(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1382,10 +1126,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -shift_right_4a(core_core_arch_x86___m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i shift_right_17(__m256i vector) { + return mm256_srai_epi16((int32_t)15, vector, __m256i); } /** @@ -1397,9 +1139,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static core_core_arch_x86___m256i shift_right_ea_25( - core_core_arch_x86___m256i vector) { - return shift_right_4a(vector); +static __m256i shift_right_ea_08(__m256i vector) { + return shift_right_17(vector); } /** @@ -1408,12 +1149,10 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i to_unsigned_representative_d2( - core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = shift_right_ea_25(a); - core_core_arch_x86___m256i fm = - libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); +static __m256i to_unsigned_representative_14(__m256i a) { + __m256i t = shift_right_ea_08(a); + __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); } @@ -1423,27 +1162,26 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_af( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_aa( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative_d2(re->coefficients[i0]); + __m256i coefficient = to_unsigned_representative_14(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1451,34 +1189,34 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_7f1( +static KRML_MUSTINLINE void serialize_secret_key_791( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_af(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + serialize_uncompressed_ring_element_aa(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1487,24 +1225,20 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_941( +static KRML_MUSTINLINE void serialize_public_key_5a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_7f1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + serialize_secret_key_791(t_as_ntt, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -1516,18 +1250,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6c1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_f91(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_494( + deserialize_ring_elements_reduced_a84( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_941( + serialize_public_key_5a1( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -1581,11 +1315,10 @@ shake128_init_absorb_b41(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); return state; } @@ -1600,9 +1333,10 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState shake128_init_absorb_a9_cf1(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_b41(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b41(copy_of_input); } /** @@ -1619,10 +1353,10 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_981( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -1650,6 +1384,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_c01( shake128_squeeze_three_blocks_981(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -1668,12 +1443,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f93( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -1703,10 +1477,10 @@ static KRML_MUSTINLINE void shake128_squeeze_block_aa1( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -1733,6 +1507,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_a9_a31( shake128_squeeze_block_aa1(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -1751,12 +1566,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f94( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -1791,8 +1605,7 @@ from_i16_array_89_46(Eurydice_slice a) { size_t i0 = i; result.coefficients[i0] = libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t)); } return result; } @@ -1805,8 +1618,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_191( int16_t s[272U]) { - return from_i16_array_89_46(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_46( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -1820,33 +1633,38 @@ static KRML_MUSTINLINE void sample_from_xof_af1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_cf1(uu____0); + shake128_init_absorb_a9_cf1(copy_of_seeds); uint8_t randomness0[3U][504U]; shake128_squeeze_three_blocks_a9_c01(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_f93( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; shake128_squeeze_block_a9_a31(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_f94( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_191(uu____3[i]);); + ret0[i] = closure_191(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1866,24 +1684,25 @@ static KRML_MUSTINLINE void sample_matrix_A_ac1( closure_b91(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_af1(uu____1, sampled); + sample_from_xof_af1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -1892,7 +1711,9 @@ static KRML_MUSTINLINE void sample_matrix_A_ac1( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); @@ -1923,14 +1744,14 @@ static KRML_MUSTINLINE void PRFxN_662(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -1958,6 +1779,55 @@ static KRML_MUSTINLINE void PRFxN_a9_a12(uint8_t (*input)[33U], PRFxN_662(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -1968,24 +1838,22 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample_from_binomial_distribution_2_ee(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -2001,8 +1869,8 @@ sample_from_binomial_distribution_2_ee(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_46(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_46( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -2015,21 +1883,19 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample_from_binomial_distribution_3_c4(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -2047,8 +1913,8 @@ sample_from_binomial_distribution_3_c4(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_46(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_46( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -2073,9 +1939,8 @@ static KRML_MUSTINLINE void ntt_at_layer_7_fd( size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - re->coefficients[j + step], (int16_t)-1600); + __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + re->coefficients[j + step], (int16_t)-1600); re->coefficients[j + step] = libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); re->coefficients[j] = @@ -2084,8 +1949,8 @@ static KRML_MUSTINLINE void ntt_at_layer_7_fd( } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; + __m256i fst; + __m256i snd; } libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; /** @@ -2094,8 +1959,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i montgomery_multiply_fe_3e( - core_core_arch_x86___m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_3e(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -2106,9 +1970,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_a7(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, int16_t zeta_r) { - core_core_arch_x86___m256i t = montgomery_multiply_fe_3e(b, zeta_r); +ntt_layer_int_vec_step_a7(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_3e(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -2137,8 +2000,8 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_5a( ntt_layer_int_vec_step_a7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -2242,6 +2105,10 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b2( poly_barrett_reduce_89_e6(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2255,12 +2122,13 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_081( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, re_as_ntt[i] = ZERO_89_9b();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -2268,23 +2136,49 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_081( PRFxN_a9_a12(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_730(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_b2(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2319,6 +2213,10 @@ ntt_multiply_89_44(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2333,11 +2231,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_ce1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -2351,8 +2247,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i to_standard_domain_c8( - core_core_arch_x86___m256i v) { +static __m256i to_standard_domain_c8(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -2373,7 +2268,7 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_06( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = to_standard_domain_c8(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, @@ -2381,6 +2276,9 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_06( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2396,22 +2294,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_581( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -2427,6 +2323,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_581( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2435,13 +2372,13 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b0 generate_keypair_unpacked_651( +static tuple_9b0 generate_keypair_unpacked_5c1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_e11(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; @@ -2451,53 +2388,59 @@ static tuple_9b0 generate_keypair_unpacked_651( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_081(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_081(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_081(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_081(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; compute_As_plus_e_581(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); } @@ -2515,7 +2458,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_761( +static void closure_a21( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_89_9b();); @@ -2531,14 +2474,13 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_6d( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_6f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - core_core_arch_x86___m256i ret[16U]; + __m256i ret[16U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * sizeof(core_core_arch_x86___m256i)); + (size_t)16U, self->coefficients, ret, __m256i, void *); + memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); return lit; } @@ -2568,27 +2510,26 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_881(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b0 uu____0 = generate_keypair_unpacked_651(ind_cpa_keypair_randomness); + size_t); + tuple_9b0 uu____0 = generate_keypair_unpacked_5c1(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_761(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_a21(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_6d(&ind_cpa_public_key.A[j][i1]); + clone_d5_6f(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -2598,36 +2539,39 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d1(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_941( + serialize_public_key_5a1( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_a11(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + H_a9_a11(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -2643,28 +2587,70 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e31( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_931( Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_651(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; + uint8_t hashed[64U]; + G_a9_e11(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_ac1(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_081(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_081(copy_of_prf_input, domain_separator).fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + compute_As_plus_e_581(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - serialize_public_key_941(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_5a1( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_7f1(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + serialize_secret_key_791(secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -2672,7 +2658,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f61( +static KRML_MUSTINLINE void serialize_kem_secret_key_8e1( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2680,46 +2666,48 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f61( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_a9_a11(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2733,39 +2721,42 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_991(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_0d1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_e31(ind_cpa_keypair_randomness); + generate_keypair_931(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_f61( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + serialize_kem_secret_key_8e1( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_700(uu____1); + libcrux_ml_kem_types_from_05_db0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_eb0( - uu____2, libcrux_ml_kem_types_from_b6_a30(uu____3)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_120( + uu____2, libcrux_ml_kem_types_from_b6_8e0(copy_of_public_key)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2775,16 +2766,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_c01(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_581(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_9b();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -2793,16 +2785,17 @@ sample_ring_element_cbd_c01(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_730(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -2816,8 +2809,7 @@ with const generics static KRML_MUSTINLINE void PRF_450(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -2842,7 +2834,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_38( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_3d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2866,7 +2858,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_53( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_64( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2886,7 +2878,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_b7( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_fb( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2904,11 +2896,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_0d(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i a_minus_b = - libcrux_ml_kem_vector_avx2_sub_ea(b, &a); +inv_ntt_layer_int_vec_step_reduce_eb(__m256i a, __m256i b, int16_t zeta_r) { + __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); b = montgomery_multiply_fe_3e(a_minus_b, zeta_r); @@ -2922,7 +2911,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_78( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_39( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2937,11 +2926,11 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_78( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_0d( + inv_ntt_layer_int_vec_step_reduce_eb( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -2954,17 +2943,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_241( +static KRML_MUSTINLINE void invert_ntt_montgomery_e61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_38(&zeta_i, re); - invert_ntt_at_layer_2_53(&zeta_i, re); - invert_ntt_at_layer_3_b7(&zeta_i, re); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_3d(&zeta_i, re); + invert_ntt_at_layer_2_64(&zeta_i, re); + invert_ntt_at_layer_3_fb(&zeta_i, re); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_e6(re); } @@ -2978,13 +2967,13 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_42( +static KRML_MUSTINLINE void add_error_reduce_89_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( self->coefficients[j], (int16_t)1441); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( @@ -2993,13 +2982,16 @@ static KRML_MUSTINLINE void add_error_reduce_89_42( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_7e1( +static KRML_MUSTINLINE void compute_vector_u_541( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -3008,22 +3000,20 @@ static KRML_MUSTINLINE void compute_vector_u_7e1( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -3031,8 +3021,8 @@ static KRML_MUSTINLINE void compute_vector_u_7e1( ntt_multiply_89_44(a_element, &r_as_ntt[j]); add_to_ring_element_89_ce1(&result[i1], &product); } - invert_ntt_montgomery_241(&result[i1]); - add_error_reduce_89_42(&result[i1], &error_1[i1]); + invert_ntt_montgomery_e61(&result[i1]); + add_error_reduce_89_c7(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3045,8 +3035,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i decompress_1_22( - core_core_arch_x86___m256i v) { +static __m256i decompress_1_d7(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3060,16 +3049,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_5a(uint8_t serialized[32U]) { +deserialize_then_decompress_message_d3(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient_compressed = + __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_deserialize_1_ea( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - re.coefficients[i0] = decompress_1_22(coefficient_compressed);); + (size_t)2U * i0 + (size_t)2U, + uint8_t)); + re.coefficients[i0] = decompress_1_d7(coefficient_compressed);); return re; } @@ -3084,19 +3073,19 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_07( +add_message_error_reduce_89_6a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( result.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &message->coefficients[i0]); - core_core_arch_x86___m256i tmp0 = + __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea(self->coefficients[i0], + &message->coefficients[i0]); + __m256i tmp0 = libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); result.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); @@ -3104,6 +3093,9 @@ add_message_error_reduce_89_07( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3111,7 +3103,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_af1( +compute_ring_element_v_f91( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -3121,8 +3113,8 @@ compute_ring_element_v_af1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_ce1(&result, &product);); - invert_ntt_montgomery_241(&result); - result = add_message_error_reduce_89_07(error_2, message, result); + invert_ntt_montgomery_e61(&result); + result = add_message_error_reduce_89_6a(error_2, message, result); return result; } @@ -3132,61 +3124,43 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 10 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_ac(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_d4(__m256i vector) { + __m256i field_modulus_halved = mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)10, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)10, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3198,9 +3172,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i compress_ea_69( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_ac(vector); +static __m256i compress_ea_0e(__m256i vector) { + return compress_ciphertext_coefficient_d4(vector); } /** @@ -3209,23 +3182,20 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_b2( +static KRML_MUSTINLINE void compress_then_serialize_10_d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_ea_69(to_unsigned_representative_d2(re->coefficients[i0])); + __m256i coefficient = + compress_ea_0e(to_unsigned_representative_14(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -3236,61 +3206,43 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 11 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_ac0(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_d40(__m256i vector) { + __m256i field_modulus_halved = mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)11, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)11, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3302,9 +3254,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i compress_ea_690( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_ac0(vector); +static __m256i compress_ea_0e0(__m256i vector) { + return compress_ciphertext_coefficient_d40(vector); } /** @@ -3314,13 +3265,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_36( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_56( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_b2(re, uu____0); + compress_then_serialize_10_d0(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3330,29 +3284,25 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_c51( +static void compress_then_serialize_u_9b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_36(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + compress_then_serialize_ring_element_u_56(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -3362,61 +3312,43 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 4 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_ac1(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_d41(__m256i vector) { + __m256i field_modulus_halved = mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)4, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)4, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3428,9 +3360,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i compress_ea_691( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_ac1(vector); +static __m256i compress_ea_0e1(__m256i vector) { + return compress_ciphertext_coefficient_d41(vector); } /** @@ -3439,22 +3370,20 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_5a( +static KRML_MUSTINLINE void compress_then_serialize_4_fb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_ea_691(to_unsigned_representative_d2(re.coefficients[i0])); + __m256i coefficient = + compress_ea_0e1(to_unsigned_representative_14(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -3464,61 +3393,43 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 5 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_ac2(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_d42(__m256i vector) { + __m256i field_modulus_halved = mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)5, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)5, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3530,9 +3441,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i compress_ea_692( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_ac2(vector); +static __m256i compress_ea_0e2(__m256i vector) { + return compress_ciphertext_coefficient_d42(vector); } /** @@ -3541,22 +3451,20 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_a4( +static KRML_MUSTINLINE void compress_then_serialize_5_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficients = - compress_ea_692(to_unsigned_representative_d2(re.coefficients[i0])); + __m256i coefficients = + compress_ea_0e2(to_unsigned_representative_14(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -3567,11 +3475,52 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3c( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_6d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_5a(re, out); -} - + compress_then_serialize_4_fb(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3589,22 +3538,25 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_d21( +static void encrypt_unpacked_a31( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_081(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_081(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = sample_ring_element_cbd_c01(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = + sample_ring_element_cbd_581(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3612,34 +3564,33 @@ static void encrypt_unpacked_d21( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_dd4( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_a9_dd4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_730(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_7e1(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_541(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_5a(uu____4); + deserialize_then_decompress_message_d3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_af1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_f91(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_c51( + compress_then_serialize_u_9b1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_3c( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_6d( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -3661,51 +3612,51 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_361( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_721( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_e11( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e11(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_d21(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_a31(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_100(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_140(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3719,15 +3670,20 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_4b1(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_811(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -3735,14 +3691,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_493( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a83( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -3750,9 +3706,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_493( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_7f(ring_element); + deserialize_to_reduced_ring_element_71(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -3777,49 +3733,52 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_351(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_e01(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_493( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_a83( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_ac1(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_d21(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_a31(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -3834,12 +3793,11 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_ab1(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_9a1(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -3862,59 +3820,55 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_011( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e61( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_4b1( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_811( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_a9_a11(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b0(public_key), - uint8_t, Eurydice_slice), + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f0(public_key), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_e11( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e11(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b0(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f0(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_351(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + encrypt_e01(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_100(uu____4); + libcrux_ml_kem_types_from_01_140(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_ab1(shared_secret, shared_secret_array); + kdf_af_9a1(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3924,58 +3878,39 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 10 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_15(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_8b(__m256i vector) { + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)10, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)10, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3988,9 +3923,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_7b( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_15(vector); +static __m256i decompress_ciphertext_coefficient_ea_9b(__m256i vector) { + return decompress_ciphertext_coefficient_8b(vector); } /** @@ -4000,19 +3934,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_46(Eurydice_slice serialized) { +deserialize_then_decompress_10_92(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_7b(coefficient); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_9b(coefficient); } return re; } @@ -4023,58 +3953,39 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 11 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_150(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_8b0(__m256i vector) { + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)11, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)11, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4087,9 +3998,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_7b0( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_150(vector); +static __m256i decompress_ciphertext_coefficient_ea_9b0(__m256i vector) { + return decompress_ciphertext_coefficient_8b0(vector); } /** @@ -4099,19 +4009,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_f4(Eurydice_slice serialized) { +deserialize_then_decompress_11_79(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_7b0(coefficient); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_9b0(coefficient); } return re; } @@ -4123,8 +4029,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_80(Eurydice_slice serialized) { - return deserialize_then_decompress_10_46(serialized); +deserialize_then_decompress_ring_element_u_28(Eurydice_slice serialized) { + return deserialize_then_decompress_10_92(serialized); } /** @@ -4133,7 +4039,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_10( +static KRML_MUSTINLINE void ntt_vector_u_b2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); @@ -4146,6 +4052,10 @@ static KRML_MUSTINLINE void ntt_vector_u_10( poly_barrett_reduce_89_e6(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4154,17 +4064,16 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7f1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_1c1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, u_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -4177,11 +4086,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f1( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_80(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_10(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_28(u_bytes); + ntt_vector_u_b2(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4194,58 +4101,39 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 4 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_151(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_8b1(__m256i vector) { + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)4, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)4, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4258,9 +4146,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_7b1( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_151(vector); +static __m256i decompress_ciphertext_coefficient_ea_9b1(__m256i vector) { + return decompress_ciphertext_coefficient_8b1(vector); } /** @@ -4270,18 +4157,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_34(Eurydice_slice serialized) { +deserialize_then_decompress_4_c8(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_7b1(coefficient); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_9b1(coefficient); } return re; } @@ -4292,58 +4176,39 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 5 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_152(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_8b2(__m256i vector) { + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)5, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)5, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4356,9 +4221,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_7b2( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_152(vector); +static __m256i decompress_ciphertext_coefficient_ea_9b2(__m256i vector) { + return decompress_ciphertext_coefficient_8b2(vector); } /** @@ -4368,19 +4232,16 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_c0(Eurydice_slice serialized) { +deserialize_then_decompress_5_c7(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_7b2(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_9b2(re.coefficients[i0]); } return re; } @@ -4392,8 +4253,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_19(Eurydice_slice serialized) { - return deserialize_then_decompress_4_34(serialized); +deserialize_then_decompress_ring_element_v_4f(Eurydice_slice serialized) { + return deserialize_then_decompress_4_c8(serialized); } /** @@ -4407,12 +4268,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_36(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_89_e1(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( b.coefficients[i0], (int16_t)1441); b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( @@ -4422,6 +4283,12 @@ subtract_reduce_89_36(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4429,7 +4296,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_9b1( +compute_message_a51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -4438,8 +4305,8 @@ compute_message_9b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_ce1(&result, &product);); - invert_ntt_montgomery_241(&result); - result = subtract_reduce_89_36(v, result); + invert_ntt_montgomery_e61(&result); + result = subtract_reduce_89_e1(v, result); return result; } @@ -4449,27 +4316,48 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_b1( +static KRML_MUSTINLINE void compress_then_serialize_message_66( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative_d2(re.coefficients[i0]); - core_core_arch_x86___m256i coefficient_compressed = + __m256i coefficient = to_unsigned_representative_14(re.coefficients[i0]); + __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), + uint8_t);); memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4480,20 +4368,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_131( +static void decrypt_unpacked_c11( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_7f1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_1c1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_19( + deserialize_then_decompress_ring_element_v_4f( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_9b1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_a51(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_b1(message, ret0); + compress_then_serialize_message_66(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4505,8 +4392,7 @@ with const generics static KRML_MUSTINLINE void PRF_45(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -4545,65 +4431,61 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_261( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_131(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_c11(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_e11( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e11(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_ea3( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_790(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_dd3( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_a9_dd3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_d21(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_a31(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_790(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4615,35 +4497,35 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_42(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_35(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); } return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_d61( +static KRML_MUSTINLINE void deserialize_secret_key_f61( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, secret_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4651,9 +4533,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_d61( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_42(secret_bytes); + deserialize_to_uncompressed_ring_element_35(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4671,21 +4553,22 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_d91(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_491(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_d61(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + deserialize_secret_key_f61(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_131(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_c11(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4711,41 +4594,37 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_261( +void libcrux_ml_kem_ind_cca_decapsulate_b61( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_d91(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_491(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_e11( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e11(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -4754,38 +4633,42 @@ void libcrux_ml_kem_ind_cca_decapsulate_261( libcrux_ml_kem_utils_into_padded_array_ea3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_790(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_dd3( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_a9_dd3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_351(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_e01(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ab1( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_9a1(Eurydice_array_to_slice( + (size_t)32U, implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_ab1(shared_secret0, shared_secret); + kdf_af_9a1(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_790(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4793,14 +4676,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_492( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a82( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4808,9 +4691,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_492( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_7f(ring_element); + deserialize_to_reduced_ring_element_71(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4818,6 +4701,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_492( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4825,34 +4711,34 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_7f0( +static KRML_MUSTINLINE void serialize_secret_key_790( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_af(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + serialize_uncompressed_ring_element_aa(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4861,24 +4747,20 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_940( +static KRML_MUSTINLINE void serialize_public_key_5a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_7f0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + serialize_secret_key_790(t_as_ntt, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1536U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -4890,18 +4772,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6c0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_f90(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_492( + deserialize_ring_elements_reduced_a82( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_940( + serialize_public_key_5a0( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -4955,11 +4837,10 @@ shake128_init_absorb_b40(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t)); return state; } @@ -4974,9 +4855,10 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState shake128_init_absorb_a9_cf0(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_b40(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[4U][34U]; + memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b40(copy_of_input); } /** @@ -4993,10 +4875,10 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_980( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -5027,6 +4909,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_c00( shake128_squeeze_three_blocks_980(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5045,12 +4968,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f91( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5080,10 +5002,10 @@ static KRML_MUSTINLINE void shake128_squeeze_block_aa0( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -5113,6 +5035,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_a9_a30( shake128_squeeze_block_aa0(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5131,12 +5094,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f92( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5161,8 +5123,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_190( int16_t s[272U]) { - return from_i16_array_89_46(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_46( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -5176,33 +5138,38 @@ static KRML_MUSTINLINE void sample_from_xof_af0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_cf0(uu____0); + shake128_init_absorb_a9_cf0(copy_of_seeds); uint8_t randomness0[4U][504U]; shake128_squeeze_three_blocks_a9_c00(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[4U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_f91( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; shake128_squeeze_block_a9_a30(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[4U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)4U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_f92( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[4U][272U]; + memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_190(uu____3[i]);); + ret0[i] = closure_190(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -5222,24 +5189,25 @@ static KRML_MUSTINLINE void sample_matrix_A_ac0( closure_b90(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_af0(uu____1, sampled); + sample_from_xof_af0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -5248,7 +5216,9 @@ static KRML_MUSTINLINE void sample_matrix_A_ac0( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); @@ -5279,14 +5249,14 @@ static KRML_MUSTINLINE void PRFxN_661(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -5317,6 +5287,10 @@ static KRML_MUSTINLINE void PRFxN_a9_a11(uint8_t (*input)[33U], PRFxN_661(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5330,12 +5304,13 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_080( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, re_as_ntt[i] = ZERO_89_9b();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -5343,23 +5318,26 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_080( PRFxN_a9_a11(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_730(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_b2(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_71 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -5374,11 +5352,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_ce0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -5386,6 +5362,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_ce0( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5401,22 +5380,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_580( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -5432,6 +5409,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_580( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5440,13 +5458,13 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_54 generate_keypair_unpacked_650( +static tuple_54 generate_keypair_unpacked_5c0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_e10(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; @@ -5456,53 +5474,59 @@ static tuple_54 generate_keypair_unpacked_650( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_080(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_080(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_080(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_080(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; compute_As_plus_e_580(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U][4U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[4U] + [4U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); } @@ -5520,7 +5544,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_760( +static void closure_a20( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_89_9b();); @@ -5552,27 +5576,26 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_880(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_54 uu____0 = generate_keypair_unpacked_650(ind_cpa_keypair_randomness); + size_t); + tuple_54 uu____0 = generate_keypair_unpacked_5c0(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_760(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_a20(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_6d(&ind_cpa_public_key.A[j][i1]); + clone_d5_6f(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5582,36 +5605,39 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d0(uint8_t randomness[64U]) { (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_940( + serialize_public_key_5a0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_a10(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), + H_a9_a10(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -5627,28 +5653,70 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e30( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_930( Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_650(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; + uint8_t hashed[64U]; + G_a9_e10(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_ac0(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_080(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_080(copy_of_prf_input, domain_separator).fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + compute_As_plus_e_580(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[1568U]; - serialize_public_key_940(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_5a0( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_7f0(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + serialize_secret_key_790(secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1536U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1568U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -5656,7 +5724,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f60( +static KRML_MUSTINLINE void serialize_kem_secret_key_8e0( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5664,46 +5732,48 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f60( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_a9_a10(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5717,39 +5787,42 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_990(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_0d0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_e30(ind_cpa_keypair_randomness); + generate_keypair_930(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_f60( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), + serialize_kem_secret_key_8e0( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[3168U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_701(uu____1); + libcrux_ml_kem_types_from_05_db1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_eb1( - uu____2, libcrux_ml_kem_types_from_b6_a31(uu____3)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1568U]; + memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_121( + uu____2, libcrux_ml_kem_types_from_b6_8e1(copy_of_public_key)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5759,16 +5832,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_c00(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_580(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_9b();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -5777,16 +5851,17 @@ sample_ring_element_cbd_c00(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_730(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[4U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_71 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -5813,27 +5888,30 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_240( +static KRML_MUSTINLINE void invert_ntt_montgomery_e60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_38(&zeta_i, re); - invert_ntt_at_layer_2_53(&zeta_i, re); - invert_ntt_at_layer_3_b7(&zeta_i, re); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_3d(&zeta_i, re); + invert_ntt_at_layer_2_64(&zeta_i, re); + invert_ntt_at_layer_3_fb(&zeta_i, re); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_e6(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_7e0( +static KRML_MUSTINLINE void compute_vector_u_540( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -5842,22 +5920,20 @@ static KRML_MUSTINLINE void compute_vector_u_7e0( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -5865,14 +5941,17 @@ static KRML_MUSTINLINE void compute_vector_u_7e0( ntt_multiply_89_44(a_element, &r_as_ntt[j]); add_to_ring_element_89_ce0(&result[i1], &product); } - invert_ntt_montgomery_240(&result[i1]); - add_error_reduce_89_42(&result[i1], &error_1[i1]); + invert_ntt_montgomery_e60(&result[i1]); + add_error_reduce_89_c7(&result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5880,7 +5959,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_af0( +compute_ring_element_v_f90( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -5890,8 +5969,8 @@ compute_ring_element_v_af0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_ce0(&result, &product);); - invert_ntt_montgomery_240(&result); - result = add_message_error_reduce_89_07(error_2, message, result); + invert_ntt_montgomery_e60(&result); + result = add_message_error_reduce_89_6a(error_2, message, result); return result; } @@ -5901,23 +5980,20 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_490( +static KRML_MUSTINLINE void compress_then_serialize_11_280( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_ea_690(to_unsigned_representative_d2(re->coefficients[i0])); + __m256i coefficient = + compress_ea_0e0(to_unsigned_representative_14(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } @@ -5929,13 +6005,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_360( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_560( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_490(re, uu____0); + compress_then_serialize_11_280(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5945,29 +6024,25 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_c50( +static void compress_then_serialize_u_9b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_360(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + compress_then_serialize_ring_element_u_560(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } } @@ -5978,11 +6053,52 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3c0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_6d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_a4(re, out); -} - + compress_then_serialize_5_8e(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -6000,22 +6116,25 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_d20( +static void encrypt_unpacked_a30( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_080(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_080(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = sample_ring_element_cbd_c00(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = + sample_ring_element_cbd_580(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -6023,35 +6142,33 @@ static void encrypt_unpacked_d20( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_dd2( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_a9_dd2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_730(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_7e0(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_540(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_5a(uu____4); + deserialize_then_decompress_message_d3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_af0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_f90(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_c50( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); + compress_then_serialize_u_9b0( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, + (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_3c0( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_6d0( + uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } @@ -6073,51 +6190,51 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_360( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_720( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_e10( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e10(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_d20(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_a30(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_101(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_141(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6131,15 +6248,20 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_4b0(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_810(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6147,14 +6269,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_491( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a81( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6162,9 +6284,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_491( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_7f(ring_element); + deserialize_to_reduced_ring_element_71(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6189,49 +6311,52 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_350(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_e00(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_491( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_a81( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_ac0(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[4U][4U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[4U][4U]; + memcpy(copy_of_A, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_d20(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_a30(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -6246,12 +6371,11 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_ab0(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_9a0(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -6274,59 +6398,55 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_010( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e60( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_4b0( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_810( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_a9_a10(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3b1(public_key), - uint8_t, Eurydice_slice), + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_6f1(public_key), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_e10( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e10(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3b1(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_6f1(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_350(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + encrypt_e00(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_101(uu____4); + libcrux_ml_kem_types_from_01_141(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_ab0(shared_secret, shared_secret_array); + kdf_af_9a0(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6337,8 +6457,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_800(Eurydice_slice serialized) { - return deserialize_then_decompress_11_f4(serialized); +deserialize_then_decompress_ring_element_u_280(Eurydice_slice serialized) { + return deserialize_then_decompress_11_79(serialized); } /** @@ -6347,7 +6467,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_100( +static KRML_MUSTINLINE void ntt_vector_u_b20( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); @@ -6360,6 +6480,10 @@ static KRML_MUSTINLINE void ntt_vector_u_100( poly_barrett_reduce_89_e6(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6368,17 +6492,16 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7f0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_1c0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, u_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -6391,11 +6514,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f0( (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_800(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_100(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_280(u_bytes); + ntt_vector_u_b20(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6409,10 +6530,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_190(Eurydice_slice serialized) { - return deserialize_then_decompress_5_c0(serialized); +deserialize_then_decompress_ring_element_v_4f0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_c7(serialized); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6420,7 +6547,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_9b0( +compute_message_a50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -6429,11 +6556,35 @@ compute_message_9b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_ce0(&result, &product);); - invert_ntt_montgomery_240(&result); - result = subtract_reduce_89_36(v, result); + invert_ntt_montgomery_e60(&result); + result = subtract_reduce_89_e1(v, result); return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6444,20 +6595,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_130( +static void decrypt_unpacked_c10( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_7f0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_1c0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_190( + deserialize_then_decompress_ring_element_v_4f0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); + (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_9b0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_a50(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_b1(message, ret0); + compress_then_serialize_message_66(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6496,84 +6646,83 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_260( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_130(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_c10(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_e10( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e10(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; libcrux_ml_kem_utils_into_padded_array_ea4( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_791(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_dd1( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_a9_dd1(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_d20(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_a30(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_791(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_d60( +static KRML_MUSTINLINE void deserialize_secret_key_f60( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, secret_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6581,9 +6730,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_d60( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_42(secret_bytes); + deserialize_to_uncompressed_ring_element_35(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6601,21 +6750,22 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_d90(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_490(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_d60(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; + deserialize_secret_key_f60(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_130(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_c10(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6641,42 +6791,38 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_260( +void libcrux_ml_kem_ind_cca_decapsulate_b60( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_d90(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_490(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_e10( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e10(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -6685,38 +6831,42 @@ void libcrux_ml_kem_ind_cca_decapsulate_260( libcrux_ml_kem_utils_into_padded_array_ea4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_791(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_dd1( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_a9_dd1(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_350(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_e00(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ab0( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_9a0(Eurydice_array_to_slice( + (size_t)32U, implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_ab0(shared_secret0, shared_secret); + kdf_af_9a0(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_791(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6724,14 +6874,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_490( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a80( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6739,9 +6889,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_490( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_7f(ring_element); + deserialize_to_reduced_ring_element_71(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6749,6 +6899,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_490( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6756,34 +6909,34 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_7f( +static KRML_MUSTINLINE void serialize_secret_key_79( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_af(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + serialize_uncompressed_ring_element_aa(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6792,23 +6945,20 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_94( +static KRML_MUSTINLINE void serialize_public_key_5a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_7f(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + serialize_secret_key_79(t_as_ntt, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)768U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -6820,18 +6970,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6c(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_f9(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_490( + deserialize_ring_elements_reduced_a80( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_94( + serialize_public_key_5a( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -6885,11 +7035,10 @@ shake128_init_absorb_b4(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); return state; } @@ -6904,9 +7053,10 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState shake128_init_absorb_a9_cf(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_b4(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[2U][34U]; + memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b4(copy_of_input); } /** @@ -6923,10 +7073,10 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_98( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -6951,6 +7101,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_c0( shake128_squeeze_three_blocks_98(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -6969,12 +7160,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f9( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7004,10 +7194,10 @@ static KRML_MUSTINLINE void shake128_squeeze_block_aa( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -7031,6 +7221,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_a9_a3( shake128_squeeze_block_aa(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7049,12 +7280,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f90( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7079,8 +7309,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_19( int16_t s[272U]) { - return from_i16_array_89_46(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_46( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -7094,33 +7324,38 @@ static KRML_MUSTINLINE void sample_from_xof_af( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_cf(uu____0); + shake128_init_absorb_a9_cf(copy_of_seeds); uint8_t randomness0[2U][504U]; shake128_squeeze_three_blocks_a9_c0(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[2U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_f9( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; shake128_squeeze_block_a9_a3(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[2U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)2U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_f90( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[2U][272U]; + memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_19(uu____3[i]);); + ret0[i] = closure_19(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -7140,24 +7375,25 @@ static KRML_MUSTINLINE void sample_matrix_A_ac( closure_b9(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_af(uu____1, sampled); + sample_from_xof_af(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -7166,7 +7402,9 @@ static KRML_MUSTINLINE void sample_matrix_A_ac( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); @@ -7197,14 +7435,14 @@ static KRML_MUSTINLINE void PRFxN_66(uint8_t (*input)[33U], uint8_t out2[192U] = {0U}; uint8_t out3[192U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t), + Eurydice_array_to_slice((size_t)192U, out2, uint8_t), + Eurydice_array_to_slice((size_t)192U, out3, uint8_t)); uint8_t uu____0[192U]; memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); @@ -7240,6 +7478,10 @@ sample_from_binomial_distribution_73(Eurydice_slice randomness) { return sample_from_binomial_distribution_3_c4(randomness); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7253,12 +7495,13 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_08( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, re_as_ntt[i] = ZERO_89_9b();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -7266,23 +7509,26 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_08( PRFxN_a9_a1(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_73(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_73( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_b2(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_74 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -7297,11 +7543,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_ce( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -7309,6 +7553,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_ce( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7324,22 +7571,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_58( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -7355,6 +7600,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_58( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7363,13 +7649,13 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_65( +static tuple_4c generate_keypair_unpacked_5c( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_e1(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; @@ -7379,53 +7665,59 @@ static tuple_4c generate_keypair_unpacked_65( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_08(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_08(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_08(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_08(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; compute_As_plus_e_58(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U][2U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[2U] + [2U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); } @@ -7443,7 +7735,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_76( +static void closure_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_89_9b();); @@ -7475,27 +7767,26 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_88(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_4c uu____0 = generate_keypair_unpacked_65(ind_cpa_keypair_randomness); + size_t); + tuple_4c uu____0 = generate_keypair_unpacked_5c(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_76(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_a2(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_6d(&ind_cpa_public_key.A[j][i1]); + clone_d5_6f(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7505,36 +7796,39 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d(uint8_t randomness[64U]) { (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_94( + serialize_public_key_5a( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_a1(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), + H_a9_a1(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -7550,28 +7844,70 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e3( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_93( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_65(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; + uint8_t hashed[64U]; + G_a9_e1(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_ac(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_08(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_08(copy_of_prf_input, domain_separator).fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + compute_As_plus_e_58(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[800U]; - serialize_public_key_94(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_5a( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_7f(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + serialize_secret_key_79(secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[768U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[800U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)800U * sizeof(uint8_t)); return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -7579,7 +7915,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f6( +static KRML_MUSTINLINE void serialize_kem_secret_key_8e( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -7587,46 +7923,48 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f6( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_a9_a1(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7639,38 +7977,38 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_99( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0d( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_e3(ind_cpa_keypair_randomness); + generate_keypair_93(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_f6( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), + serialize_kem_secret_key_8e( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1632U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_70(uu____1); + libcrux_ml_kem_types_from_05_db(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_eb( - uu____2, libcrux_ml_kem_types_from_b6_a3(uu____3)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[800U]; + memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_12( + uu____2, libcrux_ml_kem_types_from_b6_8e(copy_of_public_key)); } /** @@ -7687,14 +8025,14 @@ static KRML_MUSTINLINE void PRFxN_660(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -7719,6 +8057,9 @@ static KRML_MUSTINLINE void PRFxN_a9_a10(uint8_t (*input)[33U], PRFxN_660(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7728,16 +8069,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_c0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_58(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_9b();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -7746,16 +8088,17 @@ sample_ring_element_cbd_c0(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_730(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[2U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_74 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -7782,27 +8125,30 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_24( +static KRML_MUSTINLINE void invert_ntt_montgomery_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_38(&zeta_i, re); - invert_ntt_at_layer_2_53(&zeta_i, re); - invert_ntt_at_layer_3_b7(&zeta_i, re); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_3d(&zeta_i, re); + invert_ntt_at_layer_2_64(&zeta_i, re); + invert_ntt_at_layer_3_fb(&zeta_i, re); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_e6(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_7e( +static KRML_MUSTINLINE void compute_vector_u_54( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -7811,22 +8157,20 @@ static KRML_MUSTINLINE void compute_vector_u_7e( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -7834,14 +8178,17 @@ static KRML_MUSTINLINE void compute_vector_u_7e( ntt_multiply_89_44(a_element, &r_as_ntt[j]); add_to_ring_element_89_ce(&result[i1], &product); } - invert_ntt_montgomery_24(&result[i1]); - add_error_reduce_89_42(&result[i1], &error_1[i1]); + invert_ntt_montgomery_e6(&result[i1]); + add_error_reduce_89_c7(&result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7849,7 +8196,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_af( +compute_ring_element_v_f9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -7859,11 +8206,14 @@ compute_ring_element_v_af( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_ce(&result, &product);); - invert_ntt_montgomery_24(&result); - result = add_message_error_reduce_89_07(error_2, message, result); + invert_ntt_montgomery_e6(&result); + result = add_message_error_reduce_89_6a(error_2, message, result); return result; } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7873,32 +8223,69 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_c5( +static void compress_then_serialize_u_9b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_36(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + compress_then_serialize_ring_element_u_56(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7916,22 +8303,25 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_d2( +static void encrypt_unpacked_a3( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_08(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_08(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = sample_ring_element_cbd_c0(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____3 = + sample_ring_element_cbd_58(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7939,34 +8329,33 @@ static void encrypt_unpacked_d2( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_dd0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_a9_dd0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_730(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_7e(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_54(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_5a(uu____4); + deserialize_then_decompress_message_d3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_af(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_f9(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_c5( + compress_then_serialize_u_9b( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_3c( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_6d( + uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } @@ -7988,51 +8377,51 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_36( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_72( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_e1( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_d2(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_a3(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_10(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8046,15 +8435,20 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_4b(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_81(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -8062,14 +8456,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_49( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a8( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8077,9 +8471,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_49( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_7f(ring_element); + deserialize_to_reduced_ring_element_71(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8104,49 +8498,52 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_35(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_e0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_49( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_a8( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_ac(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[2U][2U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[2U][2U]; + memcpy(copy_of_A, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_d2(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_a3(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -8161,12 +8558,11 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_ab(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_9a(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -8189,62 +8585,62 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_01( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e6( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_4b( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_81( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_a9_a1(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), - uint8_t, Eurydice_slice), + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_e1( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_35(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + encrypt_e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_10(uu____4); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_ab(shared_secret, shared_secret_array); + kdf_af_9a(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8253,17 +8649,16 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7f( +static KRML_MUSTINLINE void deserialize_then_decompress_u_1c( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, u_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -8276,17 +8671,21 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_80(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_10(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_28(u_bytes); + ntt_vector_u_b2(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8294,7 +8693,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_9b( +compute_message_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -8303,11 +8702,35 @@ compute_message_9b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_ce(&result, &product);); - invert_ntt_montgomery_24(&result); - result = subtract_reduce_89_36(v, result); + invert_ntt_montgomery_e6(&result); + result = subtract_reduce_89_e1(v, result); return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8318,20 +8741,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_13( +static void decrypt_unpacked_c1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_7f(ciphertext, u_as_ntt); + deserialize_then_decompress_u_1c(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_19( + deserialize_then_decompress_ring_element_v_4f( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); + (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_9b(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_a5(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_b1(message, ret0); + compress_then_serialize_message_66(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8370,83 +8792,82 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_26( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_13(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_c1(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_e1( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; libcrux_ml_kem_utils_into_padded_array_ea0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_79(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_dd( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_a9_dd(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_d2(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_a3(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_79(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_d6( +static KRML_MUSTINLINE void deserialize_secret_key_f6( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, secret_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8454,9 +8875,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_d6( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_42(secret_bytes); + deserialize_to_uncompressed_ring_element_35(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8474,21 +8895,22 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_d9(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_49(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_d6(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; + deserialize_secret_key_f6(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_13(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_c1(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8514,41 +8936,37 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_26( +void libcrux_ml_kem_ind_cca_decapsulate_b6( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_d9(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_49(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_e1( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -8557,34 +8975,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_26( libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_79(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_dd( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_a9_dd(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_35(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_e0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ab( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_9a(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_ab(shared_secret0, shared_secret); + kdf_af_9a(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_79(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 449e5df23..af80f721d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem_avx2_H @@ -30,335 +30,311 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); +__m256i libcrux_ml_kem_vector_avx2_zero(void); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); +__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( - Eurydice_slice array); +__m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( - Eurydice_slice array); +__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array); -void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, - int16_t ret[16U]); +void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, int16_t ret[16U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, - int16_t ret[16U]); +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); +__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); +__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + __m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - core_core_arch_x86___m256i v, int16_t c); +__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, + int16_t c); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + __m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + __m256i vector, int16_t constant); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + __m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector); #define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ ((int16_t)20159) -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector); +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ +__m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + __m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + __m256i vector, int16_t constant); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + __m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); +__m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, + __m256i rhs); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + __m256i v, __m256i c); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(__m256i vector, + int16_t zeta0, + int16_t zeta1); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1); -core_core_arch_x86___m128i +__m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); + __m128i v, __m128i c); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, + int16_t zeta); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector, + int16_t zeta0, + int16_t zeta1); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(__m256i vector, + int16_t zeta); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(__m256i lhs, __m256i rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, + int16_t zeta3); -void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_1(__m256i vector, + uint8_t ret[2U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); +void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, uint8_t ret[2U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_4(__m256i vector, + uint8_t ret[8U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); +void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, uint8_t ret[8U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_5(__m256i vector, + uint8_t ret[10U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); +void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, + uint8_t ret[10U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_10(__m256i vector, + uint8_t ret[20U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); +void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, + uint8_t ret[20U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_11(__m256i vector, + uint8_t ret[22U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); +void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, + uint8_t ret[22U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_12(__m256i vector, + uint8_t ret[24U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); +void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, + uint8_t ret[24U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes); size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( Eurydice_slice input, Eurydice_slice output); @@ -374,8 +350,7 @@ size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self); +__m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self); /** A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement @@ -383,7 +358,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector */ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - core_core_arch_x86___m256i coefficients[16U]; + __m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2; /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index e82ce94ef..5a72462c0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "libcrux_mlkem_neon.h" @@ -17,8 +17,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -26,7 +25,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 138774405..87456599c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 8cd0d81d5..cbd69752e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "internal/libcrux_mlkem_portable.h" @@ -20,8 +20,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -29,8 +28,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -75,10 +73,8 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( int16_t ret[16U]; core_result_Result_c0 dst; Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); + &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), + Eurydice_slice, int16_t[16U]); core_result_unwrap_41_f9(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; @@ -95,68 +91,64 @@ libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { KRML_MUSTINLINE uint8_t_x11 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r0 = (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)31) << 3U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r3 = + (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 2U & + (int16_t)255); uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)127) << 1U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 10U); uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 7U); uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)1) << 7U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); + uint8_t r7 = + (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) >> 1U & + (int16_t)255); uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 9U); uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)7) << 5U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); + uint8_t r10 = + (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) >> 3U); return (CLITERAL(uint8_t_x11){.fst = r0, .snd = r1, .thd = r2, @@ -174,12 +166,11 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[22U]) { uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x11 r11_21 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[22U] = {0U}; result[0U] = r0_10.fst; result[1U] = r0_10.snd; @@ -219,66 +210,56 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 3U; + int16_t r2 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 6U; + int16_t r3 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) >> + 1U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) >> + 4U; + int16_t r5 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 7U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 2U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) >> + 5U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -314,12 +295,10 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) { KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1018,6 +997,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { int32_t t = (int32_t)value * @@ -1053,6 +1045,20 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { int32_t k = @@ -1071,6 +1077,17 @@ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( return value_high - c; } +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { @@ -1102,6 +1119,28 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, r); } +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { int16_t shifted = (int16_t)1664 - (int16_t)fe; @@ -1374,6 +1413,28 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, @@ -1465,19 +1526,17 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { libcrux_ml_kem_vector_portable_vector_type_zero(); KRML_MAYBE_FOR8( i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U);); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + (uint32_t)i0 & + 1U);); for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); } return result; } @@ -1493,26 +1552,26 @@ libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x4 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); + uint8_t result0 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *); + uint8_t result1 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *); + uint8_t result2 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *); + uint8_t result3 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *); return (CLITERAL(uint8_t_x4){ .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } @@ -1523,11 +1582,11 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( uint8_t_x4 result0_3 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t_x4 result4_7 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[8U] = {0U}; result[0U] = result0_3.fst; result[1U] = result0_3.snd; @@ -1553,32 +1612,32 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 4U & 15U); return (CLITERAL(int16_t_x8){.fst = v0, @@ -1594,11 +1653,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1632,40 +1689,24 @@ libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) << 5U); uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) << 7U); uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) << 4U); uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) >> 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) << 6U); uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) >> 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) << 3U); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1674,11 +1715,10 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[10U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t)); uint8_t result[10U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1706,44 +1746,44 @@ void libcrux_ml_kem_vector_portable_serialize_5_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 2U & 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U) << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 1U & 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) & 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) >> 3U); return (CLITERAL(int16_t_x8){.fst = v0, .snd = v1, @@ -1758,11 +1798,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1795,37 +1833,36 @@ libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U & (int16_t)3); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U & (int16_t)15); uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U & (int16_t)63); - uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U & + (int16_t)255); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1834,17 +1871,15 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[20U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t)); uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, + int16_t)); uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, + int16_t)); uint8_t result[20U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1882,60 +1917,52 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 2U; + int16_t r2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 4U; + int16_t r3 = + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >> + 6U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r5 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 2U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) >> + 4U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 6U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -1949,12 +1976,10 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1987,20 +2012,17 @@ libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) >> - 8U | - (Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U); - uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 4U & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); + uint8_t r1 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U | + (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & + (int16_t)15) + << 4U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U & + (int16_t)255); return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); } @@ -2008,29 +2030,25 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[24U]) { uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t)); uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t)); uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t)); uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t)); uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, + int16_t)); uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, + int16_t)); uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, + int16_t)); uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, + int16_t)); uint8_t result[24U] = {0U}; result[0U] = r0_2.fst; result[1U] = r0_2.snd; @@ -2072,12 +2090,12 @@ void libcrux_ml_kem_vector_portable_serialize_12_0d( KRML_MUSTINLINE int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice bytes) { - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); + int16_t byte0 = + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t byte1 = + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *); + int16_t byte2 = + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *); int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); @@ -2086,32 +2104,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t)); int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t)); int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t)); int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t)); int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t)); int16_t_x2 v10_11 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t)); int16_t_x2 v12_13 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t)); int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector re = libcrux_ml_kem_vector_portable_vector_type_zero(); re.elements[0U] = v0_1.fst; @@ -2145,15 +2155,15 @@ libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(a, uint8_t) / (size_t)3U; + i++) { size_t i0 = i; int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; bool uu____0; @@ -2165,7 +2175,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( int16_t uu____6; if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1; sampled++; uu____1 = d2; uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -2176,8 +2186,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2194,8 +2203,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2254,6 +2262,12 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_8d(void) { return lit; } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -2261,16 +2275,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_a4(Eurydice_slice serialized) { +deserialize_to_reduced_ring_element_e1(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -2280,6 +2291,12 @@ deserialize_to_reduced_ring_element_a4(Eurydice_slice serialized) { return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -2287,14 +2304,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2302,9 +2319,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d4( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a4(ring_element); + deserialize_to_reduced_ring_element_e1(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2348,7 +2365,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_e5( +to_unsigned_representative_57( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = shift_right_0d_f2(a); @@ -2364,27 +2381,27 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_1d( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_e5(re->coefficients[i0]); + to_unsigned_representative_57(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2392,34 +2409,34 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_6d1( +static KRML_MUSTINLINE void serialize_secret_key_871( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_1d(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + serialize_uncompressed_ring_element_3a(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2428,24 +2445,20 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_eb1( +static KRML_MUSTINLINE void serialize_public_key_041( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_6d1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + serialize_secret_key_871(t_as_ntt, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1536U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -2457,18 +2470,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_601(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_c21(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_1d4( + deserialize_ring_elements_reduced_9d4( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_eb1( + serialize_public_key_041( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -2533,16 +2546,17 @@ shake128_init_absorb_b71(uint8_t input[4U][34U]) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[4U]; - memcpy(uu____0, shake128_state, + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[4U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_d1 lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -2559,9 +2573,10 @@ generics */ static KRML_MUSTINLINE PortableHash_d1 shake128_init_absorb_f1_8c1(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_b71(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[4U][34U]; + memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b71(copy_of_input); } /** @@ -2577,8 +2592,7 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_ca1( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); } @@ -2597,6 +2611,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_691( shake128_squeeze_three_blocks_ca1(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2615,12 +2670,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c3( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2646,11 +2700,11 @@ generics static KRML_MUSTINLINE void shake128_squeeze_block_dd1(PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); } @@ -2669,6 +2723,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_f1_601( shake128_squeeze_block_dd1(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2687,12 +2782,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c4( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2728,8 +2822,7 @@ from_i16_array_89_ca(Eurydice_slice a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_from_i16_array_0d( Eurydice_slice_subslice2(a, i0 * (size_t)16U, - (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + (i0 + (size_t)1U) * (size_t)16U, int16_t)); result.coefficients[i0] = uu____0; } return result; @@ -2744,8 +2837,8 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2f1( int16_t s[272U]) { - return from_i16_array_89_ca(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_ca( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -2760,32 +2853,37 @@ static KRML_MUSTINLINE void sample_from_xof_d41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_f1_8c1(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + PortableHash_d1 xof_state = shake128_init_absorb_f1_8c1(copy_of_seeds); uint8_t randomness0[4U][504U]; shake128_squeeze_three_blocks_f1_691(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[4U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_2c3( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; shake128_squeeze_block_f1_601(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[4U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)4U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_2c4( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[4U][272U]; + memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_2f1(uu____3[i]);); + ret0[i] = closure_2f1(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2806,24 +2904,25 @@ static KRML_MUSTINLINE void sample_matrix_A_051( closure_081(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_d41(uu____1, sampled); + sample_from_xof_d41(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -2832,7 +2931,9 @@ static KRML_MUSTINLINE void sample_matrix_A_051( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); @@ -2858,12 +2959,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_c52(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } @@ -2882,6 +2982,55 @@ static KRML_MUSTINLINE void PRFxN_f1_932(uint8_t (*input)[33U], PRFxN_c52(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -2892,24 +3041,22 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample_from_binomial_distribution_2_52(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -2925,8 +3072,8 @@ sample_from_binomial_distribution_2_52(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_ca(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_ca( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -2939,21 +3086,19 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample_from_binomial_distribution_3_b0(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -2971,8 +3116,8 @@ sample_from_binomial_distribution_3_b0(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_ca(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_ca( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -3000,9 +3145,8 @@ static KRML_MUSTINLINE void ntt_at_layer_7_09( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[j + step] = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -3107,13 +3251,13 @@ static KRML_MUSTINLINE void ntt_at_layer_2_23( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } /** @@ -3127,7 +3271,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_43( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3137,7 +3281,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_43( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } /** @@ -3181,6 +3325,10 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_28( poly_barrett_reduce_89_61(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3195,12 +3343,13 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_a71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, re_as_ntt[i] = ZERO_89_8d();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -3208,23 +3357,49 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_a71( PRFxN_f1_932(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_34(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_28(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3261,6 +3436,10 @@ ntt_multiply_89_17(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3275,13 +3454,11 @@ static KRML_MUSTINLINE void add_to_ring_element_89_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -3330,6 +3507,9 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_22( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3345,22 +3525,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_cb1( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -3376,6 +3554,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_cb1( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3385,13 +3604,13 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_d11( +static tuple_540 generate_keypair_unpacked_0f1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_e41(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; @@ -3401,53 +3620,59 @@ static tuple_540 generate_keypair_unpacked_d11( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_a71(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_a71(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_a71(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_a71(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; compute_As_plus_e_cb1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U][4U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[4U] + [4U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_540){.fst = sk, .snd = pk}); } @@ -3466,7 +3691,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_f01( +static void closure_411( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_89_8d();); @@ -3482,7 +3707,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_3a( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_13( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3522,27 +3747,26 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_540 uu____0 = generate_keypair_unpacked_d11(ind_cpa_keypair_randomness); + size_t); + tuple_540 uu____0 = generate_keypair_unpacked_0f1(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_f01(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_411(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_3a(&ind_cpa_public_key.A[j][i1]); + clone_d5_13(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3552,36 +3776,39 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a1(uint8_t randomness[64U]) { (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_eb1( + serialize_public_key_041( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_1a1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_1a1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_42 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3598,28 +3825,70 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_c51( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_6e1( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_d11(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; + uint8_t hashed[64U]; + G_f1_e41(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_051(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_a71(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_a71(copy_of_prf_input, domain_separator).fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; + compute_As_plus_e_cb1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[1568U]; - serialize_public_key_eb1(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_041( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_6d1(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + serialize_secret_key_871(secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1536U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1568U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] @@ -3627,7 +3896,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_66( +static KRML_MUSTINLINE void serialize_kem_secret_key_d8( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3635,46 +3904,48 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_66( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_f1_1a1(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3689,39 +3960,42 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_ef1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f91(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_c51(ind_cpa_keypair_randomness); + generate_keypair_6e1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_66( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), + serialize_kem_secret_key_d8( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[3168U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_701(uu____1); + libcrux_ml_kem_types_from_05_db1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_eb1( - uu____2, libcrux_ml_kem_types_from_b6_a31(uu____3)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1568U]; + memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_121( + uu____2, libcrux_ml_kem_types_from_b6_8e1(copy_of_public_key)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3732,16 +4006,17 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_bf1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_8d();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -3750,16 +4025,17 @@ sample_ring_element_cbd_bf1(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_34(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[4U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -3773,8 +4049,7 @@ with const generics static KRML_MUSTINLINE void PRF_2b0(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -3799,12 +4074,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_13( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_46( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3814,7 +4089,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_13( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } /** @@ -3823,18 +4098,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_cd( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_53( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } /** @@ -3843,7 +4118,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_74( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_17( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3863,7 +4138,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_bf( + inv_ntt_layer_int_vec_step_reduce_d9( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3883,7 +4158,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_52( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_1a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3898,7 +4173,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_52( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_bf( + inv_ntt_layer_int_vec_step_reduce_d9( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3915,17 +4190,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_7b1( +static KRML_MUSTINLINE void invert_ntt_montgomery_951( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_13(&zeta_i, re); - invert_ntt_at_layer_2_cd(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_46(&zeta_i, re); + invert_ntt_at_layer_2_53(&zeta_i, re); + invert_ntt_at_layer_3_17(&zeta_i, re); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_61(re); } @@ -3939,7 +4214,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_53( +static KRML_MUSTINLINE void add_error_reduce_89_c3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -3957,13 +4232,16 @@ static KRML_MUSTINLINE void add_error_reduce_89_53( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_111( +static KRML_MUSTINLINE void compute_vector_u_221( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -3972,22 +4250,20 @@ static KRML_MUSTINLINE void compute_vector_u_111( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -3995,8 +4271,8 @@ static KRML_MUSTINLINE void compute_vector_u_111( ntt_multiply_89_17(a_element, &r_as_ntt[j]); add_to_ring_element_89_e81(&result[i1], &product); } - invert_ntt_montgomery_7b1(&result[i1]); - add_error_reduce_89_53(&result[i1], &error_1[i1]); + invert_ntt_montgomery_951(&result[i1]); + add_error_reduce_89_c3(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4010,7 +4286,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_9f(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_b3(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4024,7 +4300,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_c0(uint8_t serialized[32U]) { +deserialize_then_decompress_message_6c(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; @@ -4033,9 +4309,9 @@ deserialize_then_decompress_message_c0(uint8_t serialized[32U]) { libcrux_ml_kem_vector_portable_deserialize_1_0d( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_9f(coefficient_compressed); + decompress_1_b3(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4051,7 +4327,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_60( +add_message_error_reduce_89_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4074,6 +4350,9 @@ add_message_error_reduce_89_60( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4081,7 +4360,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_d81( +compute_ring_element_v_ba1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4091,8 +4370,8 @@ compute_ring_element_v_d81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_e81(&result, &product);); - invert_ntt_montgomery_7b1(&result); - result = add_message_error_reduce_89_60(error_2, message, result); + invert_ntt_montgomery_951(&result); + result = add_message_error_reduce_89_a1(error_2, message, result); return result; } @@ -4166,23 +4445,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_510( +static KRML_MUSTINLINE void compress_then_serialize_11_f80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_990(to_unsigned_representative_e5(re->coefficients[i0])); + compress_0d_990(to_unsigned_representative_57(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } @@ -4194,13 +4470,16 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_420( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_540( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_510(re, uu____0); + compress_then_serialize_11_f80(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4210,29 +4489,25 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_e71( +static void compress_then_serialize_u_621( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_420(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + compress_then_serialize_ring_element_u_540(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } } @@ -4274,22 +4549,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_59( +static KRML_MUSTINLINE void compress_then_serialize_4_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_991(to_unsigned_representative_e5(re.coefficients[i0])); + compress_0d_991(to_unsigned_representative_57(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -4331,22 +4604,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_ef( +static KRML_MUSTINLINE void compress_then_serialize_5_06( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_992(to_unsigned_representative_e5(re.coefficients[i0])); + compress_0d_992(to_unsigned_representative_57(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -4357,11 +4628,52 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_1d0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_200( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_ef(re, out); -} - + compress_then_serialize_5_06(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4380,22 +4692,25 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_841( +static void encrypt_unpacked_091( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_a71(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_a71(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = sample_ring_element_cbd_bf1(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____3 = + sample_ring_element_cbd_381(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4403,35 +4718,33 @@ static void encrypt_unpacked_841( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_ee4( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_ee4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_34(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_111(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_221(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_c0(uu____4); + deserialize_then_decompress_message_6c(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_d81(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_ba1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_e71( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); + compress_then_serialize_u_621( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, + (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_1d0( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_200( + uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } @@ -4454,51 +4767,51 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_e41( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e41(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_841(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_091(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_101(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_141(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4512,15 +4825,20 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_fe(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_93(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4528,14 +4846,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d3( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d3( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4543,9 +4861,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d3( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a4(ring_element); + deserialize_to_reduced_ring_element_e1(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4571,49 +4889,52 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_aa1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_dd1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_1d3( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_9d3( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_051(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[4U][4U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[4U][4U]; + memcpy(copy_of_A, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_841(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_091(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -4628,12 +4949,11 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_94(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_13(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -4656,59 +4976,55 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_fa1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_411( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_fe( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_93( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_f1_1a1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3b1(public_key), - uint8_t, Eurydice_slice), + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_6f1(public_key), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_e41( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e41(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3b1(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_6f1(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_aa1(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + encrypt_dd1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_101(uu____4); + libcrux_ml_kem_types_from_01_141(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_94(shared_secret, shared_secret_array); + kdf_af_13(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4756,16 +5072,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_52(Eurydice_slice serialized) { +deserialize_then_decompress_10_43(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -4819,16 +5132,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_4a(Eurydice_slice serialized) { +deserialize_then_decompress_11_6a(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -4845,8 +5155,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_c20(Eurydice_slice serialized) { - return deserialize_then_decompress_11_4a(serialized); +deserialize_then_decompress_ring_element_u_170(Eurydice_slice serialized) { + return deserialize_then_decompress_11_6a(serialized); } /** @@ -4855,7 +5165,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_390( +static KRML_MUSTINLINE void ntt_vector_u_c00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); @@ -4868,6 +5178,10 @@ static KRML_MUSTINLINE void ntt_vector_u_390( poly_barrett_reduce_89_61(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4876,17 +5190,16 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_221( +static KRML_MUSTINLINE void deserialize_then_decompress_u_471( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, u_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -4899,11 +5212,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_221( (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_c20(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_390(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_170(u_bytes); + ntt_vector_u_c00(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4954,15 +5265,13 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_e5(Eurydice_slice serialized) { +deserialize_then_decompress_4_82(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -5016,19 +5325,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_a7(Eurydice_slice serialized) { +deserialize_then_decompress_5_89(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); + re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); - re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = decompress_ciphertext_coefficient_0d_832(re.coefficients[i0]); re.coefficients[i0] = uu____1; @@ -5043,8 +5348,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_680(Eurydice_slice serialized) { - return deserialize_then_decompress_5_a7(serialized); +deserialize_then_decompress_ring_element_v_210(Eurydice_slice serialized) { + return deserialize_then_decompress_5_89(serialized); } /** @@ -5058,7 +5363,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_c3(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_fc(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5076,6 +5381,12 @@ subtract_reduce_89_c3(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5083,7 +5394,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_c11( +compute_message_2f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -5092,8 +5403,8 @@ compute_message_c11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_e81(&result, &product);); - invert_ntt_montgomery_7b1(&result); - result = subtract_reduce_89_c3(v, result); + invert_ntt_montgomery_951(&result); + result = subtract_reduce_89_fc(v, result); return result; } @@ -5103,28 +5414,50 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_79( +static KRML_MUSTINLINE void compress_then_serialize_message_2e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_e5(re.coefficients[i0]); + to_unsigned_representative_57(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); uint8_t bytes[2U]; libcrux_ml_kem_vector_portable_serialize_1_0d( coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), + uint8_t);); memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5135,20 +5468,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_891( +static void decrypt_unpacked_821( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_221(ciphertext, u_as_ntt); + deserialize_then_decompress_u_471(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_680( + deserialize_then_decompress_ring_element_v_210( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); + (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_c11(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_2f1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_79(message, ret0); + compress_then_serialize_message_2e(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5160,8 +5492,7 @@ with const generics static KRML_MUSTINLINE void PRF_2b(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -5201,66 +5532,62 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_751( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_441( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_891(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_821(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_e41( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e41(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; libcrux_ml_kem_utils_into_padded_array_ea4( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_791(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_ee3( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_ee3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_841(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_091(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_791(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5272,16 +5599,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_f3(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_61(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); re.coefficients[i0] = uu____0; @@ -5289,20 +5613,23 @@ deserialize_to_uncompressed_ring_element_f3(Eurydice_slice serialized) { return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_421( +static KRML_MUSTINLINE void deserialize_secret_key_281( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, secret_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5310,9 +5637,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_421( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_f3(secret_bytes); + deserialize_to_uncompressed_ring_element_61(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5330,21 +5657,22 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_ac1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_691(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_421(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; + deserialize_secret_key_281(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_891(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_821(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5370,42 +5698,38 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_241( +void libcrux_ml_kem_ind_cca_decapsulate_b21( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_ac1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_691(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_e41( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e41(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -5414,38 +5738,42 @@ void libcrux_ml_kem_ind_cca_decapsulate_241( libcrux_ml_kem_utils_into_padded_array_ea4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_791(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_ee3( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_ee3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_aa1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_dd1(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_94( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_13(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_94(shared_secret0, shared_secret); + kdf_af_13(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_791(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -5453,14 +5781,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d2( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5468,9 +5796,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d2( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a4(ring_element); + deserialize_to_reduced_ring_element_e1(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5478,6 +5806,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d2( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5485,34 +5816,34 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_6d0( +static KRML_MUSTINLINE void serialize_secret_key_870( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_1d(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + serialize_uncompressed_ring_element_3a(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5521,23 +5852,20 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_eb0( +static KRML_MUSTINLINE void serialize_public_key_040( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_6d0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + serialize_secret_key_870(t_as_ntt, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)768U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -5549,18 +5877,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_600(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_c20(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_1d2( + deserialize_ring_elements_reduced_9d2( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_eb0( + serialize_public_key_040( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -5625,16 +5953,17 @@ shake128_init_absorb_b70(uint8_t input[2U][34U]) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[2U]; - memcpy(uu____0, shake128_state, + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[2U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_8b lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -5651,9 +5980,10 @@ generics */ static KRML_MUSTINLINE PortableHash_8b shake128_init_absorb_f1_8c0(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_b70(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[2U][34U]; + memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b70(copy_of_input); } /** @@ -5669,8 +5999,7 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_ca0( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); } @@ -5689,6 +6018,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_690( shake128_squeeze_three_blocks_ca0(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5707,12 +6077,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5738,11 +6107,11 @@ generics static KRML_MUSTINLINE void shake128_squeeze_block_dd0(PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); } @@ -5761,6 +6130,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_f1_600( shake128_squeeze_block_dd0(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5779,12 +6189,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c2( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5810,8 +6219,8 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2f0( int16_t s[272U]) { - return from_i16_array_89_ca(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_ca( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -5826,32 +6235,37 @@ static KRML_MUSTINLINE void sample_from_xof_d40( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_f1_8c0(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + PortableHash_8b xof_state = shake128_init_absorb_f1_8c0(copy_of_seeds); uint8_t randomness0[2U][504U]; shake128_squeeze_three_blocks_f1_690(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[2U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_2c1( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; shake128_squeeze_block_f1_600(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[2U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)2U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_2c2( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[2U][272U]; + memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_2f0(uu____3[i]);); + ret0[i] = closure_2f0(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5872,24 +6286,25 @@ static KRML_MUSTINLINE void sample_matrix_A_050( closure_080(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_d40(uu____1, sampled); + sample_from_xof_d40(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -5898,7 +6313,9 @@ static KRML_MUSTINLINE void sample_matrix_A_050( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); @@ -5924,12 +6341,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_c50(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } @@ -5959,6 +6375,10 @@ sample_from_binomial_distribution_340(Eurydice_slice randomness) { return sample_from_binomial_distribution_3_b0(randomness); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5973,12 +6393,13 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_a70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, re_as_ntt[i] = ZERO_89_8d();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -5986,23 +6407,26 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_a70( PRFxN_f1_930(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_340(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_340( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_28(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_740 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -6017,13 +6441,11 @@ static KRML_MUSTINLINE void add_to_ring_element_89_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -6033,6 +6455,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_e80( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6048,22 +6473,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_cb0( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -6079,6 +6502,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_cb0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6088,13 +6552,13 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_d10( +static tuple_4c0 generate_keypair_unpacked_0f0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_e40(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; @@ -6104,53 +6568,59 @@ static tuple_4c0 generate_keypair_unpacked_d10( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_a70(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_a70(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_a70(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_a70(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; compute_As_plus_e_cb0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U][2U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[2U] + [2U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); } @@ -6169,7 +6639,7 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_f00( +static void closure_410( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_89_8d();); @@ -6202,27 +6672,26 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_4c0 uu____0 = generate_keypair_unpacked_d10(ind_cpa_keypair_randomness); + size_t); + tuple_4c0 uu____0 = generate_keypair_unpacked_0f0(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_f00(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_410(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_3a(&ind_cpa_public_key.A[j][i1]); + clone_d5_13(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6232,36 +6701,39 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a0(uint8_t randomness[64U]) { (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_eb0( + serialize_public_key_040( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_1a0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_1a0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_ae uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6278,28 +6750,70 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_c50( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_6e0( Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_d10(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; + uint8_t hashed[64U]; + G_f1_e40(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_050(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_a70(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_a70(copy_of_prf_input, domain_separator).fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; + compute_As_plus_e_cb0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[800U]; - serialize_public_key_eb0(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_040( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_6d0(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + serialize_secret_key_870(secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[768U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[800U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)800U * sizeof(uint8_t)); return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] @@ -6307,7 +6821,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_12( +static KRML_MUSTINLINE void serialize_kem_secret_key_48( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6315,46 +6829,48 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_12( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_f1_1a0(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6369,37 +6885,37 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_ef0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f90(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_c50(ind_cpa_keypair_randomness); + generate_keypair_6e0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_12( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), + serialize_kem_secret_key_48( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1632U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_70(uu____1); + libcrux_ml_kem_types_from_05_db(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_eb( - uu____2, libcrux_ml_kem_types_from_b6_a3(uu____3)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[800U]; + memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_12( + uu____2, libcrux_ml_kem_types_from_b6_8e(copy_of_public_key)); } /** @@ -6411,12 +6927,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_c51(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } @@ -6435,6 +6950,9 @@ static KRML_MUSTINLINE void PRFxN_f1_931(uint8_t (*input)[33U], PRFxN_c51(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6445,16 +6963,17 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_bf0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_8d();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -6463,16 +6982,17 @@ sample_ring_element_cbd_bf0(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_34(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[2U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_740 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -6499,27 +7019,30 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_7b0( +static KRML_MUSTINLINE void invert_ntt_montgomery_950( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_13(&zeta_i, re); - invert_ntt_at_layer_2_cd(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_46(&zeta_i, re); + invert_ntt_at_layer_2_53(&zeta_i, re); + invert_ntt_at_layer_3_17(&zeta_i, re); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_61(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_110( +static KRML_MUSTINLINE void compute_vector_u_220( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -6528,22 +7051,20 @@ static KRML_MUSTINLINE void compute_vector_u_110( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -6551,14 +7072,17 @@ static KRML_MUSTINLINE void compute_vector_u_110( ntt_multiply_89_17(a_element, &r_as_ntt[j]); add_to_ring_element_89_e80(&result[i1], &product); } - invert_ntt_montgomery_7b0(&result[i1]); - add_error_reduce_89_53(&result[i1], &error_1[i1]); + invert_ntt_montgomery_950(&result[i1]); + add_error_reduce_89_c3(&result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6566,7 +7090,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_d80( +compute_ring_element_v_ba0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -6576,8 +7100,8 @@ compute_ring_element_v_d80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_e80(&result, &product);); - invert_ntt_montgomery_7b0(&result); - result = add_message_error_reduce_89_60(error_2, message, result); + invert_ntt_montgomery_950(&result); + result = add_message_error_reduce_89_a1(error_2, message, result); return result; } @@ -6587,23 +7111,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_7b( +static KRML_MUSTINLINE void compress_then_serialize_10_c9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_99(to_unsigned_representative_e5(re->coefficients[i0])); + compress_0d_99(to_unsigned_representative_57(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -6615,13 +7136,16 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_42( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_54( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_7b(re, uu____0); + compress_then_serialize_10_c9(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6631,29 +7155,25 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_e70( +static void compress_then_serialize_u_620( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_42(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + compress_then_serialize_ring_element_u_54(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -6664,11 +7184,52 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_1d( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_59(re, out); -} - + compress_then_serialize_4_f6(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6687,22 +7248,25 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_840( +static void encrypt_unpacked_090( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_a70(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_a70(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = sample_ring_element_cbd_bf0(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____3 = + sample_ring_element_cbd_380(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6710,34 +7274,33 @@ static void encrypt_unpacked_840( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_ee2( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_ee2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_34(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_110(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_220(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_c0(uu____4); + deserialize_then_decompress_message_6c(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_d80(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_ba0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_e70( + compress_then_serialize_u_620( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_1d( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_20( + uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } @@ -6760,51 +7323,51 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_e40( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e40(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_840(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_090(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_10(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6818,15 +7381,20 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_23(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_ca(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6834,14 +7402,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6849,9 +7417,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d1( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a4(ring_element); + deserialize_to_reduced_ring_element_e1(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6877,49 +7445,52 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_aa0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_dd0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_1d1( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_9d1( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_050(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[2U][2U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[2U][2U]; + memcpy(copy_of_A, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_840(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_090(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -6934,12 +7505,11 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_06(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_6d(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -6962,59 +7532,55 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_fa0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_410( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_23( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_ca( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_f1_1a0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), - uint8_t, Eurydice_slice), + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_e40( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e40(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_aa0(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + encrypt_dd0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_10(uu____4); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_06(shared_secret, shared_secret_array); + kdf_af_6d(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -7025,8 +7591,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_c2(Eurydice_slice serialized) { - return deserialize_then_decompress_10_52(serialized); +deserialize_then_decompress_ring_element_u_17(Eurydice_slice serialized) { + return deserialize_then_decompress_10_43(serialized); } /** @@ -7035,7 +7601,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_39( +static KRML_MUSTINLINE void ntt_vector_u_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); @@ -7048,6 +7614,10 @@ static KRML_MUSTINLINE void ntt_vector_u_39( poly_barrett_reduce_89_61(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7056,17 +7626,16 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_220( +static KRML_MUSTINLINE void deserialize_then_decompress_u_470( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, u_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -7079,11 +7648,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_220( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_c2(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_39(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_17(u_bytes); + ntt_vector_u_c0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7097,10 +7664,16 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_68(Eurydice_slice serialized) { - return deserialize_then_decompress_4_e5(serialized); +deserialize_then_decompress_ring_element_v_21(Eurydice_slice serialized) { + return deserialize_then_decompress_4_82(serialized); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7108,7 +7681,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_c10( +compute_message_2f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -7117,11 +7690,35 @@ compute_message_c10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_e80(&result, &product);); - invert_ntt_montgomery_7b0(&result); - result = subtract_reduce_89_c3(v, result); + invert_ntt_montgomery_950(&result); + result = subtract_reduce_89_fc(v, result); return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7132,20 +7729,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_890( +static void decrypt_unpacked_820( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_220(ciphertext, u_as_ntt); + deserialize_then_decompress_u_470(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_68( + deserialize_then_decompress_ring_element_v_21( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); + (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_c10(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_2f0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_79(message, ret0); + compress_then_serialize_message_2e(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7185,83 +7781,82 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_750( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_440( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_890(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_820(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_e40( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e40(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; libcrux_ml_kem_utils_into_padded_array_ea0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_79(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_ee1( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_ee1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_840(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_090(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_79(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_420( +static KRML_MUSTINLINE void deserialize_secret_key_280( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, secret_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7269,9 +7864,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_420( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_f3(secret_bytes); + deserialize_to_uncompressed_ring_element_61(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7289,21 +7884,22 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_ac0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_690(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_420(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; + deserialize_secret_key_280(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_890(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_820(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7329,41 +7925,37 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_240( +void libcrux_ml_kem_ind_cca_decapsulate_b20( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_ac0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_690(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_e40( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e40(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -7372,38 +7964,42 @@ void libcrux_ml_kem_ind_cca_decapsulate_240( libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_79(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_ee1( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_ee1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_aa0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_dd0(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_06( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_6d(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_06(shared_secret0, shared_secret); + kdf_af_6d(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_79(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7411,14 +8007,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7426,9 +8022,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d0( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a4(ring_element); + deserialize_to_reduced_ring_element_e1(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7436,6 +8032,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d0( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7443,34 +8042,34 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_6d( +static KRML_MUSTINLINE void serialize_secret_key_87( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_1d(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + serialize_uncompressed_ring_element_3a(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7479,24 +8078,20 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_eb( +static KRML_MUSTINLINE void serialize_public_key_04( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_6d(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + serialize_secret_key_87(t_as_ntt, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -7508,18 +8103,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_60(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_c2(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_1d0( + deserialize_ring_elements_reduced_9d0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_eb( + serialize_public_key_04( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -7584,16 +8179,17 @@ shake128_init_absorb_b7(uint8_t input[3U][34U]) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[3U]; - memcpy(uu____0, shake128_state, + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_58 lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -7610,9 +8206,10 @@ generics */ static KRML_MUSTINLINE PortableHash_58 shake128_init_absorb_f1_8c(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_b7(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b7(copy_of_input); } /** @@ -7628,8 +8225,7 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_ca( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } @@ -7648,6 +8244,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_69( shake128_squeeze_three_blocks_ca(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7666,12 +8303,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7697,11 +8333,11 @@ generics static KRML_MUSTINLINE void shake128_squeeze_block_dd(PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } @@ -7720,6 +8356,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_f1_60( shake128_squeeze_block_dd(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7738,12 +8415,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7769,8 +8445,8 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2f( int16_t s[272U]) { - return from_i16_array_89_ca(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_ca( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -7785,32 +8461,37 @@ static KRML_MUSTINLINE void sample_from_xof_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_f1_8c(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + PortableHash_58 xof_state = shake128_init_absorb_f1_8c(copy_of_seeds); uint8_t randomness0[3U][504U]; shake128_squeeze_three_blocks_f1_69(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_2c( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; shake128_squeeze_block_f1_60(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_2c0( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_2f(uu____3[i]);); + ret0[i] = closure_2f(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7831,24 +8512,25 @@ static KRML_MUSTINLINE void sample_matrix_A_05( closure_08(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_d4(uu____1, sampled); + sample_from_xof_d4(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -7857,7 +8539,9 @@ static KRML_MUSTINLINE void sample_matrix_A_05( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); @@ -7883,12 +8567,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_c5(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } @@ -7907,6 +8590,10 @@ static KRML_MUSTINLINE void PRFxN_f1_93(uint8_t (*input)[33U], PRFxN_c5(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -7921,12 +8608,13 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, re_as_ntt[i] = ZERO_89_8d();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -7934,23 +8622,26 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_a7( PRFxN_f1_93(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_34(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_28(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -7965,13 +8656,11 @@ static KRML_MUSTINLINE void add_to_ring_element_89_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -7981,6 +8670,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_e8( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7996,22 +8688,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_cb( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -8027,6 +8717,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_cb( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8036,13 +8767,13 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_d1( +static tuple_9b generate_keypair_unpacked_0f( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_e4(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; @@ -8052,53 +8783,59 @@ static tuple_9b generate_keypair_unpacked_d1( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_a7(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_a7(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_a7(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_a7(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; compute_As_plus_e_cb(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); } @@ -8117,7 +8854,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_f0( +static void closure_41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_89_8d();); @@ -8150,27 +8887,26 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b uu____0 = generate_keypair_unpacked_d1(ind_cpa_keypair_randomness); + size_t); + tuple_9b uu____0 = generate_keypair_unpacked_0f(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_f0(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_41(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_3a(&ind_cpa_public_key.A[j][i1]); + clone_d5_13(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8180,36 +8916,39 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_eb( + serialize_public_key_04( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_1a(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_1a(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8226,28 +8965,70 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_c5( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_6e( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_d1(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; + uint8_t hashed[64U]; + G_f1_e4(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_05(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_a7(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_a7(copy_of_prf_input, domain_separator).fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; + compute_As_plus_e_cb(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - serialize_public_key_eb(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_04( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_6d(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + serialize_secret_key_87(secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -8255,7 +9036,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_5e( +static KRML_MUSTINLINE void serialize_kem_secret_key_4c( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8263,46 +9044,48 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_5e( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_f1_1a(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8317,39 +9100,42 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_ef(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f9(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_c5(ind_cpa_keypair_randomness); + generate_keypair_6e(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_5e( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + serialize_kem_secret_key_4c( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_700(uu____1); + libcrux_ml_kem_types_from_05_db0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_eb0( - uu____2, libcrux_ml_kem_types_from_b6_a30(uu____3)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_120( + uu____2, libcrux_ml_kem_types_from_b6_8e0(copy_of_public_key)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8360,16 +9146,17 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_bf(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_8d();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -8378,16 +9165,17 @@ sample_ring_element_cbd_bf(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_34(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -8414,27 +9202,30 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_7b( +static KRML_MUSTINLINE void invert_ntt_montgomery_95( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_13(&zeta_i, re); - invert_ntt_at_layer_2_cd(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_46(&zeta_i, re); + invert_ntt_at_layer_2_53(&zeta_i, re); + invert_ntt_at_layer_3_17(&zeta_i, re); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_61(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_11( +static KRML_MUSTINLINE void compute_vector_u_22( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -8443,22 +9234,20 @@ static KRML_MUSTINLINE void compute_vector_u_11( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -8466,14 +9255,17 @@ static KRML_MUSTINLINE void compute_vector_u_11( ntt_multiply_89_17(a_element, &r_as_ntt[j]); add_to_ring_element_89_e8(&result[i1], &product); } - invert_ntt_montgomery_7b(&result[i1]); - add_error_reduce_89_53(&result[i1], &error_1[i1]); + invert_ntt_montgomery_95(&result[i1]); + add_error_reduce_89_c3(&result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8481,7 +9273,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_d8( +compute_ring_element_v_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -8491,11 +9283,14 @@ compute_ring_element_v_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_e8(&result, &product);); - invert_ntt_montgomery_7b(&result); - result = add_message_error_reduce_89_60(error_2, message, result); + invert_ntt_montgomery_95(&result); + result = add_message_error_reduce_89_a1(error_2, message, result); return result; } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8505,32 +9300,69 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_e7( +static void compress_then_serialize_u_62( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_42(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + compress_then_serialize_ring_element_u_54(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8549,22 +9381,25 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_84( +static void encrypt_unpacked_09( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_a7(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_a7(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = sample_ring_element_cbd_bf(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = + sample_ring_element_cbd_38(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8572,34 +9407,33 @@ static void encrypt_unpacked_84( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_ee0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_ee0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_34(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_11(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_22(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_c0(uu____4); + deserialize_then_decompress_message_6c(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_d8(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_ba(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_e7( + compress_then_serialize_u_62( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_1d( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_20( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -8622,51 +9456,51 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_e4( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e4(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_84(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_09(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_100(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_140(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8680,15 +9514,20 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_5a(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_4c(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -8696,14 +9535,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8711,9 +9550,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a4(ring_element); + deserialize_to_reduced_ring_element_e1(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8739,49 +9578,52 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_aa(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_dd(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_1d( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_9d( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_05(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[3U][3U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_84(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_09(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -8796,12 +9638,11 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_ee(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_08(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -8824,62 +9665,62 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_fa( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_5a( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_4c( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_f1_1a(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b0(public_key), - uint8_t, Eurydice_slice), + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f0(public_key), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_e4( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e4(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b0(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f0(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_aa(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + encrypt_dd(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_100(uu____4); + libcrux_ml_kem_types_from_01_140(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_ee(shared_secret, shared_secret_array); + kdf_af_08(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8888,17 +9729,16 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_22( +static KRML_MUSTINLINE void deserialize_then_decompress_u_47( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, u_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -8911,17 +9751,21 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_22( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_c2(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_39(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_17(u_bytes); + ntt_vector_u_c0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8929,7 +9773,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_c1( +compute_message_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -8938,11 +9782,35 @@ compute_message_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_e8(&result, &product);); - invert_ntt_montgomery_7b(&result); - result = subtract_reduce_89_c3(v, result); + invert_ntt_montgomery_95(&result); + result = subtract_reduce_89_fc(v, result); return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8953,20 +9821,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_89( +static void decrypt_unpacked_82( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_22(ciphertext, u_as_ntt); + deserialize_then_decompress_u_47(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_68( + deserialize_then_decompress_ring_element_v_21( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_c1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_2f(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_79(message, ret0); + compress_then_serialize_message_2e(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9006,83 +9873,82 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_75( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_44( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_89(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_82(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_e4( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e4(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_ea3( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_790(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_ee( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_ee(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_84(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_09(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_790(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_42( +static KRML_MUSTINLINE void deserialize_secret_key_28( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, secret_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -9090,9 +9956,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_42( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_f3(secret_bytes); + deserialize_to_uncompressed_ring_element_61(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -9110,21 +9976,22 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_ac(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_69(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_42(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + deserialize_secret_key_28(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_89(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_82(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9150,41 +10017,37 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_24( +void libcrux_ml_kem_ind_cca_decapsulate_b2( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_ac(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_69(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_e4( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e4(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -9193,34 +10056,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_24( libcrux_ml_kem_utils_into_padded_array_ea3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_790(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_ee( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_ee(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_aa(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_dd(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ee( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_08(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_ee(shared_secret0, shared_secret); + kdf_af_08(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_790(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 3e6277eff..b345560f3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem_portable_H @@ -205,6 +205,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value); @@ -226,9 +239,34 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value); +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer); @@ -244,6 +282,28 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r); +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe); @@ -353,6 +413,28 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index d25fce762..4b687c6e4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_sha3_H @@ -22,6 +22,9 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3_internal.h" +/** + A portable SHA3 512 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -29,6 +32,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_ce(buf0, buf); } +/** + A portable SHA3 256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -36,6 +42,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_ce0(buf0, buf); } +/** + A portable SHAKE256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -43,6 +52,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( libcrux_sha3_portable_keccakx1_ce1(buf0, buf); } +/** + A portable SHA3 224 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -50,6 +62,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_ce2(buf0, buf); } +/** + A portable SHA3 384 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -57,58 +72,88 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_ce3(buf0, buf); } +/** + SHA3 224 + + Preconditions: + - `digest.len() == 28` +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } +/** + SHA3 224 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t), + data); memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + data); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t), + data); memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t), + data); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +/** + A portable SHAKE128 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -116,11 +161,21 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( libcrux_sha3_portable_keccakx1_ce4(buf0, buf); } +/** + SHAKE 128 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } +/** + SHAKE 256 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index e606bafb5..45c073926 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "internal/libcrux_sha3_avx2.h" @@ -19,29 +19,24 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i zero_ef(void) { - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +static KRML_MUSTINLINE __m256i zero_ef(void) { + return mm256_set1_epi64x((int64_t)0); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_veor5q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +static KRML_MUSTINLINE __m256i _veor5q_u64(__m256i a, __m256i b, __m256i c, + __m256i d, __m256i e) { + __m256i ab = mm256_xor_si256(a, b); + __m256i cd = mm256_xor_si256(c, d); + __m256i abcd = mm256_xor_si256(ab, cd); + return mm256_xor_si256(abcd, e); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor5_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { +static KRML_MUSTINLINE __m256i xor5_ef(__m256i a, __m256i b, __m256i c, + __m256i d, __m256i e) { return _veor5q_u64(a, b, c, d, e); } @@ -51,60 +46,46 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_58(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_58(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)1, x, __m256i), + mm256_srli_epi64((int32_t)63, x, __m256i)); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); +static KRML_MUSTINLINE __m256i _vrax1q_u64(__m256i a, __m256i b) { + __m256i uu____0 = a; + return mm256_xor_si256(uu____0, rotate_left_58(b)); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i rotate_left1_and_xor_ef( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i rotate_left1_and_xor_ef(__m256i a, __m256i b) { return _vrax1q_u64(a, b); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vbcaxq_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +static KRML_MUSTINLINE __m256i _vbcaxq_u64(__m256i a, __m256i b, __m256i c) { + return mm256_xor_si256(a, mm256_andnot_si256(c, b)); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -and_not_xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { +static KRML_MUSTINLINE __m256i and_not_xor_ef(__m256i a, __m256i b, __m256i c) { return _vbcaxq_u64(a, b, c); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +static KRML_MUSTINLINE __m256i _veorq_n_u64(__m256i a, uint64_t c) { + __m256i c0 = mm256_set1_epi64x((int64_t)c); + return mm256_xor_si256(a, c0); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { +static KRML_MUSTINLINE __m256i xor_constant_ef(__m256i a, uint64_t c) { return _veorq_n_u64(a, c); } @@ -112,21 +93,16 @@ xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i xor_ef(__m256i a, __m256i b) { + return mm256_xor_si256(a, b); } static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, - Eurydice_slice); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t); } /** @@ -135,10 +111,11 @@ usize> for core::core_arch::x86::__m256i)} */ static KRML_MUSTINLINE void slice_n_ef(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[4U]; + memcpy(copy_of_a, a, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret0[4U]; - slice_4(uu____0, start, len, ret0); + slice_4(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); } @@ -148,19 +125,19 @@ split_at_mut_4(Eurydice_slice out[4U], size_t mid) { Eurydice_slice out1 = out[1U]; Eurydice_slice out2 = out[2U]; Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at_mut( out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out10 = uu____1.fst; Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at_mut( out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out20 = uu____2.fst; Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at_mut( out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out30 = uu____3.fst; Eurydice_slice out31 = uu____3.snd; @@ -185,6 +162,9 @@ split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { return split_at_mut_4(a, mid); } +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -231,144 +211,114 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + __m256i v00 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v10 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v20 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v30 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v0l = mm256_unpacklo_epi64(v00, v10); + __m256i v1h = mm256_unpackhi_epi64(v00, v10); + __m256i v2l = mm256_unpacklo_epi64(v20, v30); + __m256i v3h = mm256_unpackhi_epi64(v20, v30); + __m256i v0 = mm256_permute2x128_si256((int32_t)32, v0l, v2l, __m256i); + __m256i v1 = mm256_permute2x128_si256((int32_t)32, v1h, v3h, __m256i); + __m256i v2 = mm256_permute2x128_si256((int32_t)49, v0l, v2l, __m256i); + __m256i v3 = mm256_permute2x128_si256((int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( + mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); } size_t rem = (size_t)136U % (size_t)32U; size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); + __m256i u = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + __m256i u0 = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s0, uint8_t, Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = mm256_xor_si256(s[i][j], u0); } } @@ -381,12 +331,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_ef_65( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block_c7(uu____0, uu____1); +static KRML_MUSTINLINE void load_block_ef_65(__m256i (*a)[5U], + Eurydice_slice b[4U]) { + __m256i(*uu____0)[5U] = a; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[4U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); + load_block_c7(uu____0, copy_of_b); } /** @@ -395,13 +346,9 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_580(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_580(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)36, x, __m256i), + mm256_srli_epi64((int32_t)28, x, __m256i)); } /** @@ -410,9 +357,8 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c1(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c1(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_580(ab); } @@ -426,8 +372,7 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_17( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_17(__m256i a, __m256i b) { return _vxarq_u64_c1(a, b); } @@ -437,13 +382,9 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_581(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_581(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)3, x, __m256i), + mm256_srli_epi64((int32_t)61, x, __m256i)); } /** @@ -452,9 +393,8 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c10(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c10(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_581(ab); } @@ -468,8 +408,7 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_170( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_170(__m256i a, __m256i b) { return _vxarq_u64_c10(a, b); } @@ -479,13 +418,9 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_582(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_582(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)41, x, __m256i), + mm256_srli_epi64((int32_t)23, x, __m256i)); } /** @@ -494,9 +429,8 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c11(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c11(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_582(ab); } @@ -510,8 +444,7 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_171( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_171(__m256i a, __m256i b) { return _vxarq_u64_c11(a, b); } @@ -521,13 +454,9 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_583(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_583(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)18, x, __m256i), + mm256_srli_epi64((int32_t)46, x, __m256i)); } /** @@ -536,9 +465,8 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c12(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c12(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_583(ab); } @@ -552,8 +480,7 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_172( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_172(__m256i a, __m256i b) { return _vxarq_u64_c12(a, b); } @@ -563,9 +490,8 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c13(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_58(ab); } @@ -579,8 +505,7 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_173( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_173(__m256i a, __m256i b) { return _vxarq_u64_c13(a, b); } @@ -590,13 +515,9 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_584(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_584(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)44, x, __m256i), + mm256_srli_epi64((int32_t)20, x, __m256i)); } /** @@ -605,9 +526,8 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c14(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c14(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_584(ab); } @@ -621,8 +541,7 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_174( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_174(__m256i a, __m256i b) { return _vxarq_u64_c14(a, b); } @@ -632,13 +551,9 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_585(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_585(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)10, x, __m256i), + mm256_srli_epi64((int32_t)54, x, __m256i)); } /** @@ -647,9 +562,8 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c15(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c15(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_585(ab); } @@ -663,8 +577,7 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_175( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_175(__m256i a, __m256i b) { return _vxarq_u64_c15(a, b); } @@ -674,13 +587,9 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_586(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_586(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)45, x, __m256i), + mm256_srli_epi64((int32_t)19, x, __m256i)); } /** @@ -689,9 +598,8 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c16(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_586(ab); } @@ -705,8 +613,7 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_176( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_176(__m256i a, __m256i b) { return _vxarq_u64_c16(a, b); } @@ -716,13 +623,9 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_587(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_587(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)2, x, __m256i), + mm256_srli_epi64((int32_t)62, x, __m256i)); } /** @@ -731,9 +634,8 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c17(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c17(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_587(ab); } @@ -747,8 +649,7 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_177( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_177(__m256i a, __m256i b) { return _vxarq_u64_c17(a, b); } @@ -758,13 +659,9 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_588(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_588(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)62, x, __m256i), + mm256_srli_epi64((int32_t)2, x, __m256i)); } /** @@ -773,9 +670,8 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c18(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c18(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_588(ab); } @@ -789,8 +685,7 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_178( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_178(__m256i a, __m256i b) { return _vxarq_u64_c18(a, b); } @@ -800,13 +695,9 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_589(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_589(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)6, x, __m256i), + mm256_srli_epi64((int32_t)58, x, __m256i)); } /** @@ -815,9 +706,8 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c19(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c19(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_589(ab); } @@ -831,8 +721,7 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_179( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_179(__m256i a, __m256i b) { return _vxarq_u64_c19(a, b); } @@ -842,13 +731,9 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5810(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5810(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)43, x, __m256i), + mm256_srli_epi64((int32_t)21, x, __m256i)); } /** @@ -857,9 +742,8 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c110(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c110(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5810(ab); } @@ -873,8 +757,7 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1710( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1710(__m256i a, __m256i b) { return _vxarq_u64_c110(a, b); } @@ -884,13 +767,9 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5811(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5811(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)15, x, __m256i), + mm256_srli_epi64((int32_t)49, x, __m256i)); } /** @@ -899,9 +778,8 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c111(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c111(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5811(ab); } @@ -915,8 +793,7 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1711( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1711(__m256i a, __m256i b) { return _vxarq_u64_c111(a, b); } @@ -926,13 +803,9 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5812(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5812(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)61, x, __m256i), + mm256_srli_epi64((int32_t)3, x, __m256i)); } /** @@ -941,9 +814,8 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c112(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c112(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5812(ab); } @@ -957,8 +829,7 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1712( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1712(__m256i a, __m256i b) { return _vxarq_u64_c112(a, b); } @@ -968,13 +839,9 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5813(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5813(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)28, x, __m256i), + mm256_srli_epi64((int32_t)36, x, __m256i)); } /** @@ -983,9 +850,8 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c113(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c113(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5813(ab); } @@ -999,8 +865,7 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1713( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1713(__m256i a, __m256i b) { return _vxarq_u64_c113(a, b); } @@ -1010,13 +875,9 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5814(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5814(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)55, x, __m256i), + mm256_srli_epi64((int32_t)9, x, __m256i)); } /** @@ -1025,9 +886,8 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c114(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c114(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5814(ab); } @@ -1041,8 +901,7 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1714( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1714(__m256i a, __m256i b) { return _vxarq_u64_c114(a, b); } @@ -1052,13 +911,9 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5815(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5815(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)25, x, __m256i), + mm256_srli_epi64((int32_t)39, x, __m256i)); } /** @@ -1067,9 +922,8 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c115(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c115(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5815(ab); } @@ -1083,8 +937,7 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1715( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1715(__m256i a, __m256i b) { return _vxarq_u64_c115(a, b); } @@ -1094,13 +947,9 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5816(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5816(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)21, x, __m256i), + mm256_srli_epi64((int32_t)43, x, __m256i)); } /** @@ -1109,9 +958,8 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c116(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c116(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5816(ab); } @@ -1125,8 +973,7 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1716( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1716(__m256i a, __m256i b) { return _vxarq_u64_c116(a, b); } @@ -1136,13 +983,9 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5817(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5817(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)56, x, __m256i), + mm256_srli_epi64((int32_t)8, x, __m256i)); } /** @@ -1151,9 +994,8 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c117(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c117(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5817(ab); } @@ -1167,8 +1009,7 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1717( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1717(__m256i a, __m256i b) { return _vxarq_u64_c117(a, b); } @@ -1178,13 +1019,9 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5818(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5818(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)27, x, __m256i), + mm256_srli_epi64((int32_t)37, x, __m256i)); } /** @@ -1193,9 +1030,8 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c118(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c118(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5818(ab); } @@ -1209,8 +1045,7 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1718( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1718(__m256i a, __m256i b) { return _vxarq_u64_c118(a, b); } @@ -1220,13 +1055,9 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5819(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5819(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)20, x, __m256i), + mm256_srli_epi64((int32_t)44, x, __m256i)); } /** @@ -1235,9 +1066,8 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c119(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c119(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5819(ab); } @@ -1251,8 +1081,7 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1719( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1719(__m256i a, __m256i b) { return _vxarq_u64_c119(a, b); } @@ -1262,13 +1091,9 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5820(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5820(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)39, x, __m256i), + mm256_srli_epi64((int32_t)25, x, __m256i)); } /** @@ -1277,9 +1102,8 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c120(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c120(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5820(ab); } @@ -1293,8 +1117,7 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1720( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1720(__m256i a, __m256i b) { return _vxarq_u64_c120(a, b); } @@ -1304,13 +1127,9 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5821(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5821(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)8, x, __m256i), + mm256_srli_epi64((int32_t)56, x, __m256i)); } /** @@ -1319,9 +1138,8 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c121(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c121(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5821(ab); } @@ -1335,8 +1153,7 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1721( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1721(__m256i a, __m256i b) { return _vxarq_u64_c121(a, b); } @@ -1346,13 +1163,9 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5822(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5822(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)14, x, __m256i), + mm256_srli_epi64((int32_t)50, x, __m256i)); } /** @@ -1361,9 +1174,8 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c122(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c122(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5822(ab); } @@ -1377,8 +1189,7 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1722( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1722(__m256i a, __m256i b) { return _vxarq_u64_c122(a, b); } @@ -1390,105 +1201,57 @@ with const generics */ static KRML_MUSTINLINE void theta_rho_74( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i c[5U] = { - xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____0 = + __m256i c[5U] = {xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], + s->st[3U][0U], s->st[4U][0U]), + xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], + s->st[3U][1U], s->st[4U][1U]), + xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], + s->st[3U][2U], s->st[4U][2U]), + xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], + s->st[3U][3U], s->st[4U][3U]), + xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], + s->st[3U][4U], s->st[4U][4U])}; + __m256i uu____0 = rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____1 = + __m256i uu____1 = rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____2 = + __m256i uu____2 = rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____3 = + __m256i uu____3 = rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { + __m256i t[5U] = { uu____0, uu____1, uu____2, uu____3, rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - core_core_arch_x86___m256i uu____4 = - xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_x86___m256i uu____5 = - xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_x86___m256i uu____6 = - xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_x86___m256i uu____7 = - xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_x86___m256i uu____8 = - xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_x86___m256i uu____9 = - xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_x86___m256i uu____10 = - xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_x86___m256i uu____11 = - xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_x86___m256i uu____12 = - xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_x86___m256i uu____13 = - xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_x86___m256i uu____14 = - xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_x86___m256i uu____15 = - xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_x86___m256i uu____16 = - xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_x86___m256i uu____17 = - xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_x86___m256i uu____18 = - xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_x86___m256i uu____19 = - xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_x86___m256i uu____20 = - xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_x86___m256i uu____21 = - xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_x86___m256i uu____22 = - xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_x86___m256i uu____23 = - xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_x86___m256i uu____24 = - xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_x86___m256i uu____25 = - xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_x86___m256i uu____26 = - xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_x86___m256i uu____27 = - xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + s->st[1U][0U] = xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[2U][0U] = xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[3U][0U] = xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[4U][0U] = xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[0U][1U] = xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[1U][1U] = xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[2U][1U] = xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[3U][1U] = xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[4U][1U] = xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[0U][2U] = xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[1U][2U] = xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[2U][2U] = xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[3U][2U] = xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[4U][2U] = xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[0U][3U] = xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[1U][3U] = xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[2U][3U] = xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[3U][3U] = xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[4U][3U] = xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[0U][4U] = xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[1U][4U] = xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[2U][4U] = xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[3U][4U] = xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + __m256i uu____27 = xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1500,8 +1263,8 @@ with const generics */ static KRML_MUSTINLINE void pi_35( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); s->st[0U][1U] = old[1U][1U]; s->st[0U][2U] = old[2U][2U]; s->st[0U][3U] = old[3U][3U]; @@ -1536,8 +1299,8 @@ with const generics */ static KRML_MUSTINLINE void chi_09( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); KRML_MAYBE_FOR5( i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; @@ -1584,7 +1347,7 @@ with const generics */ static KRML_MUSTINLINE void absorb_block_1d( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); load_block_ef_65(uu____0, uu____1); @@ -1596,16 +1359,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_full_91( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; +static KRML_MUSTINLINE void load_block_full_91(__m256i (*s)[5U], + uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; load_block_c7(s, buf); } @@ -1618,12 +1378,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_full_ef_e9( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_91(uu____0, uu____1); +static KRML_MUSTINLINE void load_block_full_ef_e9(__m256i (*a)[5U], + uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_91(uu____0, copy_of_b); } /** @@ -1636,19 +1397,18 @@ with const generics */ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_d9( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); load_block_full_ef_e9(uu____3, uu____4); @@ -1660,67 +1420,55 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + __m256i v0l = mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = + mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = + mm256_permute2x128_si256((int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = mm256_unpackhi_epi64(v2l, v3h); + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)136U % (size_t)32U; @@ -1728,78 +1476,64 @@ static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), + s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), + s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } @@ -1808,29 +1542,32 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_full_0b( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { +static KRML_MUSTINLINE void store_block_full_0b(__m256i (*s)[5U], + uint8_t ret[4U][200U]) { uint8_t out0[200U] = {0U}; uint8_t out1[200U] = {0U}; uint8_t out2[200U] = {0U}; uint8_t out3[200U] = {0U}; Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out0, uint8_t), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; store_block_e9(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____2[200U]; - memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out0[200U]; + memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out1[200U]; + memcpy(copy_of_out1, out1, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out2[200U]; + memcpy(copy_of_out2, out2, (size_t)200U * sizeof(uint8_t)); uint8_t uu____3[200U]; memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], copy_of_out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], copy_of_out2, (size_t)200U * sizeof(uint8_t)); memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); } @@ -1843,8 +1580,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_full_ef_43( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { +static KRML_MUSTINLINE void store_block_full_ef_43(__m256i (*a)[5U], + uint8_t ret[4U][200U]) { store_block_full_0b(a, ret); } @@ -1863,12 +1600,11 @@ static KRML_MUSTINLINE void squeeze_first_and_last_c5( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); + core_ops_range_Range_b3), + uint8_t);); } /** @@ -1880,8 +1616,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_ef_58( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { +static KRML_MUSTINLINE void store_block_ef_58(__m256i (*a)[5U], + Eurydice_slice b[4U]) { store_block_e9(a, b); } @@ -1926,12 +1662,11 @@ static KRML_MUSTINLINE void squeeze_last_74( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); + core_ops_range_Range_b3), + uint8_t);); } /** @@ -1946,27 +1681,26 @@ static KRML_MUSTINLINE void keccak_4f(Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_bf(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); absorb_block_1d(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - slice_n_ef(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_d9(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2006,6 +1740,9 @@ static KRML_MUSTINLINE void keccak_4f(Eurydice_slice data[4U], } } +/** + Perform 4 SHAKE256 operations in parallel +*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, @@ -2015,6 +1752,9 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, keccak_4f(buf0, buf); } +/** + Initialise the [`KeccakState`]. +*/ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { return new_1e_bf(); @@ -2025,144 +1765,114 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + __m256i v00 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v10 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v20 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v30 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v0l = mm256_unpacklo_epi64(v00, v10); + __m256i v1h = mm256_unpackhi_epi64(v00, v10); + __m256i v2l = mm256_unpacklo_epi64(v20, v30); + __m256i v3h = mm256_unpackhi_epi64(v20, v30); + __m256i v0 = mm256_permute2x128_si256((int32_t)32, v0l, v2l, __m256i); + __m256i v1 = mm256_permute2x128_si256((int32_t)32, v1h, v3h, __m256i); + __m256i v2 = mm256_permute2x128_si256((int32_t)49, v0l, v2l, __m256i); + __m256i v3 = mm256_permute2x128_si256((int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( + mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); } size_t rem = (size_t)168U % (size_t)32U; size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); + __m256i u = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + __m256i u0 = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s0, uint8_t, Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = mm256_xor_si256(s[i][j], u0); } } @@ -2171,16 +1881,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_full_910( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; +static KRML_MUSTINLINE void load_block_full_910(__m256i (*s)[5U], + uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; load_block_c70(s, buf); } @@ -2193,12 +1900,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_full_ef_e90( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_910(uu____0, uu____1); +static KRML_MUSTINLINE void load_block_full_ef_e90(__m256i (*a)[5U], + uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_910(uu____0, copy_of_b); } /** @@ -2211,25 +1919,27 @@ with const generics */ static KRML_MUSTINLINE void absorb_final_d90( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); load_block_full_ef_e90(uu____3, uu____4); keccakf1600_f8(s); } +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { @@ -2242,67 +1952,55 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + __m256i v0l = mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = + mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = + mm256_permute2x128_si256((int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = mm256_unpackhi_epi64(v2l, v3h); + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)168U % (size_t)32U; @@ -2310,78 +2008,64 @@ static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), + s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), + s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } @@ -2394,8 +2078,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - RATE= 168 */ -static KRML_MUSTINLINE void store_block_ef_580( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { +static KRML_MUSTINLINE void store_block_ef_580(__m256i (*a)[5U], + Eurydice_slice b[4U]) { store_block_e90(a, b); } @@ -2412,6 +2096,9 @@ static KRML_MUSTINLINE void squeeze_next_block_b40( store_block_ef_580(s->st, out); } +/** + Squeeze another block +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { @@ -2457,6 +2144,9 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a( squeeze_next_block_b40(s, o2); } +/** + Squeeze three blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { @@ -2504,6 +2194,9 @@ static KRML_MUSTINLINE void squeeze_first_five_blocks_69( squeeze_next_block_b40(s, o4); } +/** + Squeeze five blocks +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, @@ -2512,6 +2205,9 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( squeeze_first_five_blocks_69(s, buf); } +/** + Absorb +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { @@ -2519,6 +2215,9 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_d9(s, buf); } +/** + Squeeze block +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, @@ -2527,6 +2226,9 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( squeeze_first_block_9b(s, buf); } +/** + Squeeze next block +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 39046c730..775fd2fe0 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_sha3_avx2_H @@ -30,41 +30,68 @@ with const generics - $4size_t */ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { - core_core_arch_x86___m256i st[5U][5U]; + __m256i st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_29; +/** + Perform 4 SHAKE256 operations in parallel +*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Initialise the [`KeccakState`]. +*/ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void); +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); +/** + Squeeze another block +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze three blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze five blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); +/** + Squeeze block +*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze next block +*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index aa2382f2b..3f1586149 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_sha3_internal_H @@ -137,8 +137,7 @@ libcrux_sha3_portable_keccak_xor_5a(uint64_t a, uint64_t b) { static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_1( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); } /** @@ -147,17 +146,18 @@ usize> for u64)} */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[1U]; + memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); + libcrux_sha3_portable_keccak_slice_1(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); } static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2 libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out[0U], mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; @@ -187,6 +187,9 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -242,9 +245,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -260,8 +262,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_2c(s, buf); } @@ -277,9 +279,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df(uu____0, copy_of_b); } /** @@ -1224,75 +1227,52 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_16( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - uint64_t uu____4 = + s->st[1U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - uint64_t uu____5 = + s->st[2U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - uint64_t uu____6 = + s->st[3U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - uint64_t uu____7 = + s->st[4U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - uint64_t uu____8 = + s->st[0U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - uint64_t uu____9 = + s->st[1U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - uint64_t uu____10 = + s->st[2U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - uint64_t uu____11 = + s->st[3U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - uint64_t uu____12 = + s->st[4U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - uint64_t uu____13 = + s->st[0U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - uint64_t uu____14 = + s->st[1U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - uint64_t uu____15 = + s->st[2U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - uint64_t uu____16 = + s->st[3U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - uint64_t uu____17 = + s->st[4U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - uint64_t uu____18 = + s->st[0U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - uint64_t uu____19 = + s->st[1U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - uint64_t uu____20 = + s->st[2U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - uint64_t uu____21 = + s->st[3U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - uint64_t uu____22 = + s->st[4U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - uint64_t uu____23 = + s->st[0U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - uint64_t uu____24 = + s->st[1U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - uint64_t uu____25 = + s->st[2U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - uint64_t uu____26 = + s->st[3U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; uint64_t uu____27 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; @@ -1391,14 +1371,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c7( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1422,14 +1402,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1486,9 +1463,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c0( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1504,8 +1480,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_2c0(s, buf); } @@ -1521,9 +1497,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d20( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df0(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df0(uu____0, copy_of_b); } /** @@ -1536,14 +1513,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c70( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1567,14 +1544,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1629,9 +1603,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b8( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c0(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c0(uu____0, copy_of_b); } /** @@ -1646,9 +1621,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b80( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c(uu____0, copy_of_b); } /** @@ -1676,11 +1652,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_58(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -1716,12 +1693,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_c54( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1743,12 +1720,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf3( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1765,28 +1742,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); libcrux_sha3_generic_keccak_absorb_block_df3(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_c7(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { @@ -1834,9 +1810,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e94(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e94(copy_of_data, out); } /** @@ -1853,9 +1830,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c3( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1876,9 +1852,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b83( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c3(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c3(uu____0, copy_of_b); } /** @@ -1904,8 +1881,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_2c3(s, buf); } @@ -1921,9 +1898,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d23( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df3(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df3(uu____0, copy_of_b); } /** @@ -1936,14 +1914,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c74( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -1967,14 +1945,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1987,11 +1962,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_583(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2027,12 +2003,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_c53( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2093,12 +2069,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf2( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2115,28 +2091,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); libcrux_sha3_generic_keccak_absorb_block_df2(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_c74(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { @@ -2184,9 +2159,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e93(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e93(copy_of_data, out); } /** @@ -2203,9 +2179,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c2( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2226,9 +2201,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b82( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c2(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c2(uu____0, copy_of_b); } /** @@ -2254,8 +2230,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_2c2(s, buf); } @@ -2271,9 +2247,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d22( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df2(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df2(uu____0, copy_of_b); } /** @@ -2286,14 +2263,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c73( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2317,14 +2294,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2337,11 +2311,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_582(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2377,12 +2352,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_c52( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2443,12 +2418,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf1( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2465,28 +2440,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); libcrux_sha3_generic_keccak_absorb_block_df1(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_c73(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { @@ -2534,9 +2508,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e92(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e92(copy_of_data, out); } /** @@ -2564,11 +2539,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_580(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2604,12 +2580,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_c51( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2631,12 +2607,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf0( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2653,28 +2629,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_c70(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2722,9 +2697,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e91(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e91(copy_of_data, out); } /** @@ -2737,14 +2713,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2771,28 +2747,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_c72(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2840,9 +2815,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e90(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e90(copy_of_data, out); } /** @@ -2859,9 +2835,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c1( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2882,9 +2857,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b81( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c1(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c1(uu____0, copy_of_b); } /** @@ -2910,8 +2886,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_2c1(s, buf); } @@ -2927,9 +2903,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d21( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df1(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df1(uu____0, copy_of_b); } /** @@ -2942,14 +2919,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c71( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2973,14 +2950,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2993,11 +2967,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_581(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -3032,12 +3007,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_c50( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3098,12 +3073,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3120,28 +3095,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); libcrux_sha3_generic_keccak_absorb_block_df(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_c71(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { @@ -3189,9 +3163,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e9(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e9(copy_of_data, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 654c8b7ee..21b8d1d44 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,27 +4,38 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "libcrux_sha3_neon.h" +/** + A portable SHA3 512 implementation. +*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } +/** + A portable SHA3 256 implementation. +*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, @@ -34,6 +45,9 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, KRML_HOST_EXIT(255U); } +/** + Initialise the `KeccakState2`. +*/ KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -41,6 +55,9 @@ libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EXIT(255U); } +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { @@ -49,6 +66,10 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -58,6 +79,10 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -67,6 +92,9 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( KRML_HOST_EXIT(255U); } +/** + A portable SHA3 224 implementation. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -74,6 +102,9 @@ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + A portable SHA3 384 implementation. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 1fc256403..fc14ae7e7 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_sha3_neon_H @@ -22,10 +22,21 @@ extern "C" { #include "intrinsics/libcrux_intrinsics_arm64.h" #include "libcrux_sha3_internal.h" +/** + A portable SHA3 512 implementation. +*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); +/** + A portable SHA3 256 implementation. +*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); @@ -33,23 +44,43 @@ typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; } libcrux_sha3_neon_x2_incremental_KeccakState; +/** + Initialise the `KeccakState2`. +*/ libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void); +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1); +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); +/** + A portable SHA3 224 implementation. +*/ void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); +/** + A portable SHA3 384 implementation. +*/ void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); #if defined(__cplusplus) From c5406ba11b76acf240566da4784ed53182f97df3 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 18 Aug 2024 19:35:11 +0000 Subject: [PATCH 063/172] inline ind_cpa encrypt for stack --- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 74 +-- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 533 +++++++++--------- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 469 +++++++-------- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- libcrux-ml-kem/src/ind_cpa.rs | 72 ++- 8 files changed, 609 insertions(+), 547 deletions(-) diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 3ad6971ff..d9db0038c 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 63adbfbbd05fa6af8ba19b1a07ea45dd84037503 +Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 0899f6ecd..7ce61b53b 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 63adbfbbd05fa6af8ba19b1a07ea45dd84037503 + * Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 */ #ifndef __libcrux_core_H @@ -221,7 +221,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_b6( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_3e( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -298,6 +298,39 @@ libcrux_ml_kem_types_from_05_db(uint8_t value[2400U]) { return lit; } +/** +A monomorphic instance of core.result.Result +with types uint8_t[32size_t], core_array_TryFromSliceError + +*/ +typedef struct Result_00_s { + Result_86_tags tag; + union { + uint8_t case_Ok[32U]; + TryFromSliceError case_Err; + } val; +} Result_00; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[32size_t], core_array_TryFromSliceError + +*/ +static inline void unwrap_41_83(Result_00 self, uint8_t ret[32U]) { + if (self.tag == Ok) { + uint8_t f0[32U]; + memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)32U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + /** A monomorphic instance of K. with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]], @@ -319,7 +352,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_14(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_ec(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -363,39 +396,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea2( memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } -/** -A monomorphic instance of core.result.Result -with types uint8_t[32size_t], core_array_TryFromSliceError - -*/ -typedef struct Result_00_s { - Result_86_tags tag; - union { - uint8_t case_Ok[32U]; - TryFromSliceError case_Err; - } val; -} Result_00; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[32size_t], core_array_TryFromSliceError - -*/ -static inline void unwrap_41_83(Result_00 self, uint8_t ret[32U]) { - if (self.tag == Ok) { - uint8_t f0[32U]; - memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)32U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - /** Pad the `slice` with `0`s at the end. */ @@ -424,7 +424,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_99( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_e0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index a95500c8f..e3b12090d 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 63adbfbbd05fa6af8ba19b1a07ea45dd84037503 + * Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 8b0344cec..6d8885e7b 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 63adbfbbd05fa6af8ba19b1a07ea45dd84037503 + * Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 */ #ifndef __libcrux_mlkem768_avx2_H @@ -1240,7 +1240,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_9a(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_29(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_9b(); } @@ -1252,7 +1252,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_34( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_fe( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -1276,7 +1276,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_68( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_23( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -1294,7 +1294,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_68( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_34( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_fe( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1323,7 +1323,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_53(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_5b(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_9b(); } @@ -1335,7 +1335,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a0( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_84( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1387,9 +1387,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_85( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_22( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a0( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_84( vector); } @@ -1401,7 +1401,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_67( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_2b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -1412,7 +1412,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_67( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_85( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_22( coefficient); } return re; @@ -1426,7 +1426,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a00( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_840( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1478,9 +1478,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_850( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_220( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a00( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_840( vector); } @@ -1492,7 +1492,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_e1( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_4a( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -1503,7 +1503,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_e1( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_850( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_220( coefficient); } return re; @@ -1517,9 +1517,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_01( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5d( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_67(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_2b(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1682,7 +1682,7 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_37( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_92( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U, @@ -1713,7 +1713,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_06( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_5e( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -1738,9 +1738,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_06( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_01( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5d( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_37(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_92(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1755,7 +1755,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a01( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_841( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1807,9 +1807,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_851( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_221( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a01( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_841( vector); } @@ -1821,7 +1821,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_49( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_02( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -1832,7 +1832,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_49( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_851( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_221( coefficient); } return re; @@ -1846,7 +1846,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a02( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_842( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1898,9 +1898,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_852( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_222( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a02( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_842( vector); } @@ -1912,7 +1912,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_1d( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_75( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -1923,7 +1923,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_1d( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_852( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_222( re.coefficients[i0]); } return re; @@ -1937,9 +1937,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_58( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_69( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_49(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_02(serialized); } /** @@ -2195,7 +2195,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_89_1e( +libcrux_ml_kem_polynomial_subtract_reduce_89_d9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2225,7 +2225,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_db( +libcrux_ml_kem_matrix_compute_message_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -2239,7 +2239,7 @@ libcrux_ml_kem_matrix_compute_message_db( libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_e6(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_1e(v, result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_d9(v, result); return result; } @@ -2250,7 +2250,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_1f(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_5b(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2264,9 +2264,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_8a( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_36( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_1f(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_5b(vector); } /** @@ -2278,7 +2278,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i libcrux_ml_kem_vector_traits_to_unsigned_representative_14(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_8a(a); + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_36(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2292,7 +2292,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_d1( +libcrux_ml_kem_serialize_compress_then_serialize_message_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2347,20 +2347,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_06(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_5e(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_58( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_69( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_db(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_a7(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_d1(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_ef(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2375,11 +2375,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_76(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_8e(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_68(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_23(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2391,7 +2391,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_76(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3008,18 +3008,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ac( sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; - /** A monomorphic instance of K. with types libcrux_ml_kem_polynomial_PolynomialRingElement @@ -3701,7 +3689,7 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_ab( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_85( __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_94( vector); @@ -3721,7 +3709,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_d0( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_ab( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_85( libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re->coefficients[i0])); uint8_t bytes[20U]; @@ -3797,7 +3785,7 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_ab0( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_850( __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_940( vector); @@ -3817,7 +3805,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_28( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_ab0( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_850( libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re->coefficients[i0])); uint8_t bytes[22U]; @@ -3945,7 +3933,7 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_ab1( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_851( __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_941( vector); @@ -3965,7 +3953,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_fb( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_ab1( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_851( libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re.coefficients[i0])); uint8_t bytes[8U]; @@ -4040,7 +4028,7 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_ab2( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_852( __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_942( vector); @@ -4060,7 +4048,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_8e( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_ab2( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_852( libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re.coefficients[i0])); uint8_t bytes[10U]; @@ -4087,48 +4075,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6d( } /** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -4145,9 +4092,20 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { +static inline void libcrux_ml_kem_ind_cpa_encrypt_a3(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a8( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_ac(ret0, false, A); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ @@ -4178,8 +4136,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_54(public_key->A, r_as_ntt, error_1, - u); + libcrux_ml_kem_matrix_compute_vector_u_54(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); @@ -4188,7 +4145,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = libcrux_ml_kem_matrix_compute_ring_element_v_f9( - public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( @@ -4204,76 +4161,6 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_e0(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a8( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_ac(ret0, false, A); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3(uu____3, copy_of_message, - randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - /** This function found in impl {(libcrux_ml_kem::ind_cca::Variant for libcrux_ml_kem::ind_cca::MlKem)#1} @@ -4286,7 +4173,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_ca( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_73( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -4318,7 +4205,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_33( +static inline void libcrux_ml_kem_ind_cca_decapsulate_e7( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4336,7 +4223,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_33( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_76(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_8e(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -4360,7 +4247,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_33( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( @@ -4371,18 +4258,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_33( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_e0(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_a3(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_ca( + libcrux_ml_kem_ind_cca_kdf_43_73( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_ca(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_43_73(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_99(ciphertext), + libcrux_ml_kem_types_as_ref_00_e0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4415,10 +4302,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_51( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_5f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_33(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e7(private_key, ciphertext, ret); } /** @@ -4432,7 +4319,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_51(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_5f(private_key, ciphertext, ret); } @@ -4448,6 +4335,18 @@ typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { uint8_t implicit_rejection_value[32U]; } libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4470,6 +4369,124 @@ typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_3b( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( + copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_58( + copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; + libcrux_ml_kem_matrix_compute_vector_u_54(public_key->A, r_as_ntt, error_1, + u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message_d3( + copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + libcrux_ml_kem_matrix_compute_ring_element_v_f9( + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_9b( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6d( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -4492,11 +4509,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_41( +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_4a( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -4526,7 +4543,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_41( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_e0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( @@ -4538,11 +4555,11 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_41( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_3b( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_99(ciphertext), + libcrux_ml_kem_types_as_ref_00_e0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4579,10 +4596,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_5f( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_20( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_41(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_4a(key_pair, ciphertext, ret); } /** @@ -4596,7 +4613,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_5f( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_20( private_key, ciphertext, ret); } @@ -4611,7 +4628,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_b8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_9b( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4654,11 +4671,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e6( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_b8( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_9b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -4689,15 +4706,15 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e6( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_e0(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_a3(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_ca(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_73(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4729,14 +4746,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_c7( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_67( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e6(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_41(uu____0, copy_of_randomness); } /** @@ -4754,7 +4771,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_c7( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_67( uu____0, copy_of_randomness); } @@ -4777,7 +4794,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_2f( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_42( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4805,7 +4822,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_2f( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_3b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4815,7 +4832,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_2f( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4849,7 +4866,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_5d( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_29( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -4857,7 +4874,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_5d( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_2f(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_42(uu____0, copy_of_randomness); } @@ -4878,7 +4895,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_5d( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_29( uu____0, copy_of_randomness); } @@ -5280,7 +5297,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_15( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_98( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -5297,7 +5314,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_15( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_98( copy_of_randomness); } @@ -5364,7 +5381,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_2a( +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_bc( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_e1(key_generation_seed, hashed); @@ -5456,7 +5473,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_68(size_t _j) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_3d(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_89_9b(); } @@ -5474,7 +5491,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_d1( +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_8a( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -5493,7 +5510,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_d5_f5( +libcrux_ml_kem_polynomial_clone_d5_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5517,7 +5534,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_30(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_03(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5525,7 +5542,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_30(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_2a( + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_bc( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; @@ -5533,14 +5550,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_30(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_d1(i, A[i]); + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_8a(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_f5(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_f0(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5607,12 +5624,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_4f( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_03( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_30( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_03( copy_of_randomness); } @@ -5626,7 +5643,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_4f( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_03( copy_of_randomness); } @@ -5642,7 +5659,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_a4( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_41( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5653,7 +5670,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_a4( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_b6(ciphertext), + libcrux_ml_kem_types_as_slice_d4_3e(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -5687,7 +5704,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_330( +static inline void libcrux_ml_kem_ind_cca_decapsulate_e70( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5705,7 +5722,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_330( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_76(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_8e(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5729,7 +5746,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_330( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( @@ -5740,18 +5757,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_330( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_e0(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_a3(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_a4( + libcrux_ml_kem_ind_cca_kdf_6c_41( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_a4(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_6c_41(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_99(ciphertext), + libcrux_ml_kem_types_as_ref_00_e0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5785,10 +5802,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_b0( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_67( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_330(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e70(private_key, ciphertext, ret); } /** @@ -5802,7 +5819,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_b0( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_67( private_key, ciphertext, ret); } @@ -5817,7 +5834,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_0d( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_a0( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_a1(randomness, ret); } @@ -5842,11 +5859,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e60( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_410( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_0d( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_a0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5877,15 +5894,15 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e60( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_e0(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_a3(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_a4(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_41(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5920,14 +5937,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_89( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ee( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e60(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_410(uu____0, copy_of_randomness); } /** @@ -5945,7 +5962,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_89( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ee( uu____0, copy_of_randomness); } @@ -6045,7 +6062,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_9d( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ab( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_f9(public_key); } @@ -6059,7 +6076,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_9d( + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ab( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index a233478c5..24236e9f0 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 63adbfbbd05fa6af8ba19b1a07ea45dd84037503 + * Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 */ #ifndef __libcrux_mlkem768_portable_H @@ -2474,7 +2474,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_7b(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_3a(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_8d(); } @@ -2485,7 +2485,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_5f( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_18( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -2510,7 +2510,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_57( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_26( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -2528,7 +2528,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_57( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_5f( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_18( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2556,7 +2556,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_1a(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_b5(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_8d(); } @@ -2605,7 +2605,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_ce( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_fb( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -2669,7 +2669,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_41( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_fb( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -2695,9 +2695,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_be( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d6( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_ce(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_fb(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2865,7 +2865,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_64( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U, @@ -2895,7 +2895,7 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0e( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0d( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -2920,9 +2920,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0e( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_be( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d6( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_64(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_8e(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2974,7 +2974,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_b3( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_be( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -3038,7 +3038,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_e8( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_09( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -3064,9 +3064,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a4( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_04( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_b3(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_be(serialized); } /** @@ -3324,7 +3324,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_66( +libcrux_ml_kem_polynomial_subtract_reduce_89_2a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3356,7 +3356,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_b5( +libcrux_ml_kem_matrix_compute_message_06( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -3370,7 +3370,7 @@ libcrux_ml_kem_matrix_compute_message_b5( libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_95(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_66(v, result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_2a(v, result); return result; } @@ -3429,7 +3429,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_04( +libcrux_ml_kem_serialize_compress_then_serialize_message_71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3485,20 +3485,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_71( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_26( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0e(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0d(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a4( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_04( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_b5(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_06(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_04(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_71(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3512,11 +3512,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_87(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_35(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_57(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_26(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3528,7 +3528,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_87(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_71(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_26(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4133,18 +4133,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_05( sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8; - /** A monomorphic instance of K. with types libcrux_ml_kem_polynomial_PolynomialRingElement @@ -5050,48 +5038,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_20( } /** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -5108,9 +5055,20 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_09( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { +static inline void libcrux_ml_kem_ind_cpa_encrypt_09(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_05(ret0, false, A); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ @@ -5141,8 +5099,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_09( libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_22(public_key->A, r_as_ntt, error_1, - u); + libcrux_ml_kem_matrix_compute_vector_u_22(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); @@ -5151,7 +5108,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_09( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = libcrux_ml_kem_matrix_compute_ring_element_v_ba( - public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( @@ -5167,76 +5124,6 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_09( memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline void libcrux_ml_kem_ind_cpa_encrypt_dd(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_05(ret0, false, A); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_09(uu____3, copy_of_message, - randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - /** This function found in impl {(libcrux_ml_kem::ind_cca::Variant for libcrux_ml_kem::ind_cca::MlKem)#1} @@ -5248,7 +5135,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_6d( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_b8( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -5279,7 +5166,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_b5( +static inline void libcrux_ml_kem_ind_cca_decapsulate_54( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5297,7 +5184,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b5( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_87(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_35(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5321,7 +5208,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b5( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( @@ -5332,18 +5219,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b5( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_dd(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_09(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_6d( + libcrux_ml_kem_ind_cca_kdf_43_b8( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_6d(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_43_b8(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_99(ciphertext), + libcrux_ml_kem_types_as_ref_00_e0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5376,10 +5263,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_08( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_d4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b5(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_54(private_key, ciphertext, ret); } /** @@ -5392,7 +5279,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_08( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_08( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_d4( private_key, ciphertext, ret); } @@ -5408,6 +5295,18 @@ typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { uint8_t implicit_rejection_value[32U]; } libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8; + /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5430,6 +5329,124 @@ typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8_s { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8; +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_27( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7( + copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator0 = uu____1.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38( + copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; + libcrux_ml_kem_matrix_compute_vector_u_22(public_key->A, r_as_ntt, error_1, + u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message_6c( + copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = + libcrux_ml_kem_matrix_compute_ring_element_v_ba( + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_62( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_20( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5452,11 +5469,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0a( +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_71( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_26( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5486,7 +5503,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0a( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_e0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( @@ -5498,11 +5515,11 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0a( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_09( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_27( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_99(ciphertext), + libcrux_ml_kem_types_as_ref_00_e0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5538,10 +5555,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4b( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_ea( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_0a(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6(key_pair, ciphertext, ret); } /** @@ -5554,7 +5571,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4b( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4b( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_ea( private_key, ciphertext, ret); } @@ -5568,7 +5585,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ff( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_a2( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5609,11 +5626,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_ff( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_a2( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5644,15 +5661,15 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_dd(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_09(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_6d(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_b8(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5683,14 +5700,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_fc( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_56( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_41(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8f(uu____0, copy_of_randomness); } /** @@ -5707,7 +5724,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_fc( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_56( uu____0, copy_of_randomness); } @@ -5730,7 +5747,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_c0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5758,7 +5775,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_09(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_27(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5768,7 +5785,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5801,7 +5818,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_d4( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_6f( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -5809,7 +5826,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_d4( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_c0(uu____0, copy_of_randomness); } @@ -5829,7 +5846,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_d4( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_6f( uu____0, copy_of_randomness); } @@ -6310,7 +6327,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_95( +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_32( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_e4(key_generation_seed, hashed); @@ -6402,7 +6419,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_4e(size_t _j) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_b8(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_89_8d(); } @@ -6420,7 +6437,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_ef( +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_27( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -6438,7 +6455,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_d5_60( +libcrux_ml_kem_polynomial_clone_d5_28( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6465,7 +6482,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_62(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_34(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6473,7 +6490,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_62(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_95( + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_32( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -6481,14 +6498,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_62(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_ef(i, A[i]); + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_27(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_60(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_28(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6554,12 +6571,12 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_20( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_c3( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_62( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_34( copy_of_randomness); } @@ -6572,7 +6589,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_20( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_c3( copy_of_randomness); } @@ -6587,7 +6604,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_57( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_ee( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -6598,7 +6615,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_57( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_b6(ciphertext), + libcrux_ml_kem_types_as_slice_d4_3e(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -6631,7 +6648,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_b50( +static inline void libcrux_ml_kem_ind_cca_decapsulate_540( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6649,7 +6666,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b50( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_87(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_35(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -6673,7 +6690,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b50( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( @@ -6684,18 +6701,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b50( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_dd(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_09(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_57( + libcrux_ml_kem_ind_cca_kdf_6c_ee( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_57(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_6c_ee(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_99(ciphertext), + libcrux_ml_kem_types_as_ref_00_e0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6729,10 +6746,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_d4( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_a6( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b50(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_540(private_key, ciphertext, ret); } /** @@ -6745,7 +6762,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_d4( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_d4( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_a6( private_key, ciphertext, ret); } @@ -6759,7 +6776,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_a8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_cf( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_1a(randomness, ret); } @@ -6783,11 +6800,11 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_410( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8f0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_a8( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_cf( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -6818,15 +6835,15 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_410( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_dd(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_09(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_57(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_ee(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6861,14 +6878,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_48( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_54( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_410(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8f0(uu____0, copy_of_randomness); } /** @@ -6885,7 +6902,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_48( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_54( uu____0, copy_of_randomness); } diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 3458d6b5f..eaf91e1fb 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 63adbfbbd05fa6af8ba19b1a07ea45dd84037503 + * Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index a63c6faa4..a79b33184 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 63adbfbbd05fa6af8ba19b1a07ea45dd84037503 + * Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 */ #ifndef __libcrux_sha3_portable_H diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index ac045ae13..7219c8891 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -426,28 +426,56 @@ pub(crate) fn encrypt< // end for let seed = &public_key[T_AS_NTT_ENCODED_SIZE..]; let A = sample_matrix_A::(into_padded_array(seed), false); - let seed_for_A: [u8; 32] = seed.try_into().unwrap(); - let public_key_unpacked = IndCpaPublicKeyUnpacked { - t_as_ntt, - A, - seed_for_A, - }; - encrypt_unpacked::< - K, - CIPHERTEXT_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_LEN, - C2_LEN, - U_COMPRESSION_FACTOR, - V_COMPRESSION_FACTOR, - BLOCK_LEN, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - Vector, - Hasher, - >(&public_key_unpacked, message, randomness) + + // Note that we do not use the unpacked function internally here and instead + // duplicate the code to avoid blowing up the stack. + + // for i from 0 to k−1 do + // r[i] := CBD{η1}(PRF(r, N)) + // N := N + 1 + // end for + // rˆ := NTT(r) + let mut prf_input: [u8; 33] = into_padded_array(randomness); + let (r_as_ntt, domain_separator) = + sample_vector_cbd_then_ntt::(prf_input, 0); + + // for i from 0 to k−1 do + // e1[i] := CBD_{η2}(PRF(r,N)) + // N := N + 1 + // end for + let (error_1, domain_separator) = + sample_ring_element_cbd::( + prf_input, + domain_separator, + ); + + // e_2 := CBD{η2}(PRF(r, N)) + prf_input[32] = domain_separator; + let prf_output: [u8; ETA2_RANDOMNESS_SIZE] = Hasher::PRF(&prf_input); + let error_2 = sample_from_binomial_distribution::(&prf_output); + + // u := NTT^{-1}(AˆT ◦ rˆ) + e_1 + let u = compute_vector_u(&A, &r_as_ntt, &error_1); + + // v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) + let message_as_ring_element = deserialize_then_decompress_message(message); + let v = compute_ring_element_v(&t_as_ntt, &r_as_ntt, &error_2, &message_as_ring_element); + + let mut ciphertext = [0u8; CIPHERTEXT_SIZE]; + + // c_1 := Encode_{du}(Compress_q(u,d_u)) + compress_then_serialize_u::( + u, + &mut ciphertext[0..C1_LEN], + ); + + // c_2 := Encode_{dv}(Compress_q(v,d_v)) + compress_then_serialize_ring_element_v::( + v, + &mut ciphertext[C1_LEN..], + ); + + ciphertext } /// Call [`deserialize_then_decompress_ring_element_u`] on each ring element From 322297aa4545eea6f5ba5d5fdd1565a790e5f726 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 18 Aug 2024 21:36:17 +0200 Subject: [PATCH 064/172] sha3 benchmarks --- libcrux-ml-kem/cg/benches/sha3.cc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/cg/benches/sha3.cc b/libcrux-ml-kem/cg/benches/sha3.cc index 802449e33..b9a8fc540 100644 --- a/libcrux-ml-kem/cg/benches/sha3.cc +++ b/libcrux-ml-kem/cg/benches/sha3.cc @@ -126,11 +126,12 @@ shake256_33_128(benchmark::State &state) } } -BENCHMARK(sha3_256_1184); -BENCHMARK(sha3_512_64); BENCHMARK(shake128_34_504); BENCHMARK(shake256_1120_32); BENCHMARK(shake256_33_128); #endif +BENCHMARK(sha3_256_1184); +BENCHMARK(sha3_512_64); + BENCHMARK_MAIN(); From 573b064d92668df0a274c6a23ec3b43632556d6f Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 18 Aug 2024 19:52:00 +0000 Subject: [PATCH 065/172] update mlkem c extraction --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 60 +- .../c/internal/libcrux_mlkem_avx2.h | 32 +- .../c/internal/libcrux_mlkem_portable.h | 32 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 54 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 40 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 32 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 40 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 32 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 40 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 32 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 584 ++++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 494 ++++++++------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- 35 files changed, 807 insertions(+), 711 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index a2424cd2d..65ad8e763 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b +Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 74e72ff40..bc7d92069 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __internal_libcrux_core_H @@ -116,7 +116,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_141( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_ec1( uint8_t value[1568U]); /** @@ -142,7 +142,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd1( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_b41( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -206,7 +206,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_140( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_ec0( uint8_t value[1088U]); /** @@ -232,7 +232,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd0( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_b40( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -287,6 +287,29 @@ with const generics libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_db( uint8_t value[1632U]); +/** +A monomorphic instance of core.result.Result +with types uint8_t[32size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_00_s { + core_result_Result_86_tags tag; + union { + uint8_t case_Ok[32U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_00; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[32size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); + /** This function found in impl {(core::convert::From<@Array> for libcrux_ml_kem::types::MlKemCiphertext)#2} @@ -296,7 +319,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_14( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_ec( uint8_t value[768U]); /** @@ -324,29 +347,6 @@ with const generics void libcrux_ml_kem_utils_into_padded_array_ea2(Eurydice_slice slice, uint8_t ret[33U]); -/** -A monomorphic instance of core.result.Result -with types uint8_t[32size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_00_s { - core_result_Result_86_tags tag; - union { - uint8_t case_Ok[32U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_00; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[32size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); - /** Pad the `slice` with `0`s at the end. */ @@ -367,7 +367,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_b4( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index fddfc05eb..45a032565 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -47,7 +47,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_881(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_271(uint8_t randomness[64U]); /** Packed API @@ -90,7 +90,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_721( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -113,7 +113,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e61( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_411( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -138,7 +138,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_261( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -164,7 +164,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_b61( +void libcrux_ml_kem_ind_cca_decapsulate_6e1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -191,7 +191,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_880(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_270(uint8_t randomness[64U]); /** Packed API @@ -234,7 +234,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_720( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e60( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_410( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -282,7 +282,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_260( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -308,7 +308,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_b60( +void libcrux_ml_kem_ind_cca_decapsulate_6e0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -335,7 +335,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_88(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_27(uint8_t randomness[64U]); /** Packed API @@ -378,7 +378,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_72( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -401,7 +401,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e6( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_41( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -426,7 +426,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_26( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -452,7 +452,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_b6( +void libcrux_ml_kem_ind_cca_decapsulate_6e( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index dec2addfe..8476cfc9b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -53,7 +53,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c81(uint8_t randomness[64U]); /** Packed API @@ -98,7 +98,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_de1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -121,7 +121,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_411( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_8f1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -147,7 +147,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_441( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -173,7 +173,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_b21( +void libcrux_ml_kem_ind_cca_decapsulate_811( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -201,7 +201,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c80(uint8_t randomness[64U]); /** Packed API @@ -246,7 +246,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_de0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -269,7 +269,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_410( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_8f0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -295,7 +295,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_440( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_b20( +void libcrux_ml_kem_ind_cca_decapsulate_810( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -349,7 +349,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c8(uint8_t randomness[64U]); /** Packed API @@ -394,7 +394,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_de( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -417,7 +417,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -443,7 +443,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_44( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -469,7 +469,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_b2( +void libcrux_ml_kem_ind_cca_decapsulate_81( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 7ed30875a..24e4c990b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 43b7619f7..b8e6978ec 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 51173e23c..86b12376b 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "internal/libcrux_core.h" @@ -154,7 +154,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_141( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_ec1( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -189,7 +189,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd1( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_b41( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -280,7 +280,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_140( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_ec0( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -315,7 +315,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd0( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_b40( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -396,6 +396,26 @@ libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_db( return lit; } +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[32size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[32U]; + memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)32U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + /** This function found in impl {(core::convert::From<@Array> for libcrux_ml_kem::types::MlKemCiphertext)#2} @@ -405,7 +425,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_14( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_ec( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -450,26 +470,6 @@ void libcrux_ml_kem_utils_into_padded_array_ea2(Eurydice_slice slice, memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[32size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[32U]; - memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)32U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - /** Pad the `slice` with `0`s at the end. */ @@ -498,7 +498,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_b4( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index b527d22f6..b502bf359 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 59edf1b4e..729432ad7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 432eb7c2c..85a1dce7f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "libcrux_mlkem1024_avx2.h" @@ -38,11 +38,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_cd( +static void decapsulate_ea( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b60(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6e0(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_cd(private_key, ciphertext, ret); + decapsulate_ea(private_key, ciphertext, ret); } /** @@ -83,11 +83,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_ea( +static void decapsulate_unpacked_d0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_260(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f0(key_pair, ciphertext, ret); } /** @@ -101,7 +101,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_ea(private_key, ciphertext, ret); + decapsulate_unpacked_d0(private_key, ciphertext, ret); } /** @@ -121,14 +121,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_32( +static tuple_21 encapsulate_14( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e60(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_410(uu____0, copy_of_randomness); } /** @@ -145,7 +145,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_32(uu____0, copy_of_randomness); + return encapsulate_14(uu____0, copy_of_randomness); } /** @@ -169,7 +169,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_14( +static tuple_21 encapsulate_unpacked_4c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = @@ -177,7 +177,7 @@ static tuple_21 encapsulate_unpacked_14( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_720(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e0(uu____0, copy_of_randomness); } @@ -199,7 +199,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_14(uu____0, copy_of_randomness); + return encapsulate_unpacked_4c(uu____0, copy_of_randomness); } /** @@ -216,7 +216,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_88( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_1a( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -232,7 +232,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_88(copy_of_randomness); + return generate_keypair_1a(copy_of_randomness); } /** @@ -251,11 +251,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_af(uint8_t randomness[64U]) { +generate_keypair_unpacked_c0(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_880( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_270( copy_of_randomness); } @@ -268,7 +268,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_af(copy_of_randomness); + return generate_keypair_unpacked_c0(copy_of_randomness); } /** @@ -282,7 +282,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_520(uint8_t *public_key) { +static bool validate_public_key_c90(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_f90(public_key); } @@ -294,7 +294,7 @@ static bool validate_public_key_520(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_520(public_key.value)) { + if (validate_public_key_c90(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 02a1e0ab9..b99bd8543 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 1cb401481..a207fbbab 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "libcrux_mlkem1024_portable.h" @@ -38,11 +38,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_ee( +static void decapsulate_3c( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b21(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_811(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_ee(private_key, ciphertext, ret); + decapsulate_3c(private_key, ciphertext, ret); } /** @@ -83,11 +83,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_28( +static void decapsulate_unpacked_d0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_441(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c1(key_pair, ciphertext, ret); } /** @@ -101,7 +101,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_28(private_key, ciphertext, ret); + decapsulate_unpacked_d0(private_key, ciphertext, ret); } /** @@ -121,14 +121,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_1a( +static tuple_21 encapsulate_a5( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_411(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8f1(uu____0, copy_of_randomness); } /** @@ -145,7 +145,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_1a(uu____0, copy_of_randomness); + return encapsulate_a5(uu____0, copy_of_randomness); } /** @@ -169,7 +169,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_4e( +static tuple_21 encapsulate_unpacked_5a( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = @@ -177,7 +177,7 @@ static tuple_21 encapsulate_unpacked_4e( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_de1(uu____0, copy_of_randomness); } @@ -199,7 +199,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_4e(uu____0, copy_of_randomness); + return encapsulate_unpacked_5a(uu____0, copy_of_randomness); } /** @@ -252,11 +252,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_b3(uint8_t randomness[64U]) { +generate_keypair_unpacked_d2(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c81( copy_of_randomness); } @@ -269,7 +269,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_b3(copy_of_randomness); + return generate_keypair_unpacked_d2(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 18df930ab..daa5a6f2c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 6c5fa87f5..387170991 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 5367ea6e2..31357fee4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "libcrux_mlkem512_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_4f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_d3(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b6(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6e(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_4f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_4f(private_key, ciphertext, ret); + decapsulate_d3(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_d3( +static void decapsulate_unpacked_d9( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_26(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_d3( void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d3(private_key, ciphertext, ret); + decapsulate_unpacked_d9(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_a5( +static tuple_ec encapsulate_bd( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e6(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_41(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_a5(uu____0, copy_of_randomness); + return encapsulate_bd(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_bd( +static tuple_ec encapsulate_unpacked_2e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = @@ -173,7 +173,7 @@ static tuple_ec encapsulate_unpacked_bd( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_72(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_bd(uu____0, copy_of_randomness); + return encapsulate_unpacked_2e(uu____0, copy_of_randomness); } /** @@ -210,7 +210,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_ab( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_3e( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -226,7 +226,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ab(copy_of_randomness); + return generate_keypair_3e(copy_of_randomness); } /** @@ -245,11 +245,11 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_d6(uint8_t randomness[64U]) { +generate_keypair_unpacked_7f(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_88( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_27( copy_of_randomness); } @@ -262,7 +262,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d6(copy_of_randomness); + return generate_keypair_unpacked_7f(copy_of_randomness); } /** @@ -276,7 +276,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_52(uint8_t *public_key) { +static bool validate_public_key_c9(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_f9(public_key); } @@ -288,7 +288,7 @@ static bool validate_public_key_52(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_52(public_key.value)) { + if (validate_public_key_c9(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index de016f75b..f0594d0a7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index cf889ae06..e2ee05849 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "libcrux_mlkem512_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_f8(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_60(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b20(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_810(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_f8(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_f8(private_key, ciphertext, ret); + decapsulate_60(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_0c( +static void decapsulate_unpacked_4f( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_440(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c0(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_0c( void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_0c(private_key, ciphertext, ret); + decapsulate_unpacked_4f(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_33( +static tuple_ec encapsulate_51( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_410(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8f0(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_33(uu____0, copy_of_randomness); + return encapsulate_51(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_f7( +static tuple_ec encapsulate_unpacked_b3( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = @@ -173,7 +173,7 @@ static tuple_ec encapsulate_unpacked_f7( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_de0(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_f7(uu____0, copy_of_randomness); + return encapsulate_unpacked_b3(uu____0, copy_of_randomness); } /** @@ -246,11 +246,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_fe(uint8_t randomness[64U]) { +generate_keypair_unpacked_9e(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c80( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_fe(copy_of_randomness); + return generate_keypair_unpacked_9e(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 3ca4b0b85..0042942bc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 645dd5ef8..d36bab9af 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 576acabef..f34aece0b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "libcrux_mlkem768_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_99( +static void decapsulate_25( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b61(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6e1(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_99( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_99(private_key, ciphertext, ret); + decapsulate_25(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_25( +static void decapsulate_unpacked_b4( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_261(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f1(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_25( void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_25(private_key, ciphertext, ret); + decapsulate_unpacked_b4(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_60( +static tuple_3c encapsulate_27( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e61(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_411(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_60(uu____0, copy_of_randomness); + return encapsulate_27(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_27( +static tuple_3c encapsulate_unpacked_ff( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -173,7 +173,7 @@ static tuple_3c encapsulate_unpacked_27( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_721(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e1(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_27(uu____0, copy_of_randomness); + return encapsulate_unpacked_ff(uu____0, copy_of_randomness); } /** @@ -210,7 +210,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c0( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_93( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -226,7 +226,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_c0(copy_of_randomness); + return generate_keypair_93(copy_of_randomness); } /** @@ -245,11 +245,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_0b(uint8_t randomness[64U]) { +generate_keypair_unpacked_51(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_881( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_271( copy_of_randomness); } @@ -262,7 +262,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_0b(copy_of_randomness); + return generate_keypair_unpacked_51(copy_of_randomness); } /** @@ -276,7 +276,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_521(uint8_t *public_key) { +static bool validate_public_key_c91(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_f91(public_key); } @@ -288,7 +288,7 @@ static bool validate_public_key_521(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_521(public_key.value)) { + if (validate_public_key_c91(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 8c8af3f91..43657f081 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index f8904ea1a..617074ec1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "libcrux_mlkem768_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_e7( +static void decapsulate_e3( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b2(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_81(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_e7( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_e7(private_key, ciphertext, ret); + decapsulate_e3(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_bd( +static void decapsulate_unpacked_fc( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_44(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_bd( void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_bd(private_key, ciphertext, ret); + decapsulate_unpacked_fc(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_fd( +static tuple_3c encapsulate_30( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_41(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8f(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_fd(uu____0, copy_of_randomness); + return encapsulate_30(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_e9( +static tuple_3c encapsulate_unpacked_d1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -173,7 +173,7 @@ static tuple_3c encapsulate_unpacked_e9( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_de(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_e9(uu____0, copy_of_randomness); + return encapsulate_unpacked_d1(uu____0, copy_of_randomness); } /** @@ -246,11 +246,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_78(uint8_t randomness[64U]) { +generate_keypair_unpacked_05(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c8( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_78(copy_of_randomness); + return generate_keypair_unpacked_05(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 9251372d3..85ac2699f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 105b03788..a1cafa4cd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "internal/libcrux_mlkem_avx2.h" @@ -1126,7 +1126,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_17(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_66(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1139,8 +1139,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_ea_08(__m256i vector) { - return shift_right_17(vector); +static __m256i shift_right_ea_fc(__m256i vector) { + return shift_right_66(vector); } /** @@ -1150,7 +1150,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static __m256i to_unsigned_representative_14(__m256i a) { - __m256i t = shift_right_ea_08(a); + __m256i t = shift_right_ea_fc(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2372,7 +2372,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b0 generate_keypair_unpacked_5c1( +static tuple_9b0 generate_keypair_unpacked_e81( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_e11(key_generation_seed, hashed); @@ -2458,7 +2458,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_a21( +static void closure_a71( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_89_9b();); @@ -2474,7 +2474,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_6f( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_d6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -2510,7 +2510,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_881(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_271(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2518,18 +2518,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_881(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = generate_keypair_unpacked_5c1(ind_cpa_keypair_randomness); + tuple_9b0 uu____0 = generate_keypair_unpacked_e81(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_a21(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_a71(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_6f(&ind_cpa_public_key.A[j][i1]); + clone_d5_d6(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -3125,7 +3125,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_d4(__m256i vector) { +compress_ciphertext_coefficient_e0(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3172,8 +3172,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_ea_0e(__m256i vector) { - return compress_ciphertext_coefficient_d4(vector); +static __m256i compress_ea_9b(__m256i vector) { + return compress_ciphertext_coefficient_e0(vector); } /** @@ -3189,7 +3189,7 @@ static KRML_MUSTINLINE void compress_then_serialize_10_d0( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_0e(to_unsigned_representative_14(re->coefficients[i0])); + compress_ea_9b(to_unsigned_representative_14(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3207,7 +3207,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_d40(__m256i vector) { +compress_ciphertext_coefficient_e00(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3254,8 +3254,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_ea_0e0(__m256i vector) { - return compress_ciphertext_coefficient_d40(vector); +static __m256i compress_ea_9b0(__m256i vector) { + return compress_ciphertext_coefficient_e00(vector); } /** @@ -3313,7 +3313,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_d41(__m256i vector) { +compress_ciphertext_coefficient_e01(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3360,8 +3360,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_ea_0e1(__m256i vector) { - return compress_ciphertext_coefficient_d41(vector); +static __m256i compress_ea_9b1(__m256i vector) { + return compress_ciphertext_coefficient_e01(vector); } /** @@ -3377,7 +3377,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_fb( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_0e1(to_unsigned_representative_14(re.coefficients[i0])); + compress_ea_9b1(to_unsigned_representative_14(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); Eurydice_slice_copy( @@ -3394,7 +3394,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_d42(__m256i vector) { +compress_ciphertext_coefficient_e02(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3441,8 +3441,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_ea_0e2(__m256i vector) { - return compress_ciphertext_coefficient_d42(vector); +static __m256i compress_ea_9b2(__m256i vector) { + return compress_ciphertext_coefficient_e02(vector); } /** @@ -3458,7 +3458,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_8e( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_ea_0e2(to_unsigned_representative_14(re.coefficients[i0])); + compress_ea_9b2(to_unsigned_representative_14(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); Eurydice_slice_copy( @@ -3538,7 +3538,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_a31( +static void encrypt_unpacked_af1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -3612,7 +3612,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_721( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -3639,7 +3639,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_721( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_a31(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_af1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -3649,7 +3649,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_721( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_140(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec0(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -3670,7 +3670,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_811(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_c11(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3733,7 +3733,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_e01(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_a31(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; deserialize_ring_elements_reduced_a83( @@ -3745,41 +3745,57 @@ static void encrypt_e01(Eurydice_slice public_key, uint8_t message[32U], uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_ac1(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_081(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - public_key_unpacked; + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = + sample_ring_element_cbd_581(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + error_1, uu____3.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &public_key_unpacked; + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_dd4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; + compute_vector_u_541(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_a31(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_d3(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_f91(t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_9b1( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_6d( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } /** @@ -3793,7 +3809,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_9a1(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_be1(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3820,11 +3836,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e61( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_411( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_811( + entropy_preprocess_af_c11( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -3853,14 +3869,14 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e61( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_e01(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_a31(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_140(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_9a1(shared_secret, shared_secret_array); + kdf_af_be1(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3879,7 +3895,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_8b(__m256i vector) { +decompress_ciphertext_coefficient_57(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3923,8 +3939,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_ea_9b(__m256i vector) { - return decompress_ciphertext_coefficient_8b(vector); +static __m256i decompress_ciphertext_coefficient_ea_8c(__m256i vector) { + return decompress_ciphertext_coefficient_57(vector); } /** @@ -3934,7 +3950,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_92(Eurydice_slice serialized) { +deserialize_then_decompress_10_94(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { @@ -3942,7 +3958,7 @@ deserialize_then_decompress_10_92(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_9b(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_8c(coefficient); } return re; } @@ -3954,7 +3970,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_8b0(__m256i vector) { +decompress_ciphertext_coefficient_570(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3998,8 +4014,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_ea_9b0(__m256i vector) { - return decompress_ciphertext_coefficient_8b0(vector); +static __m256i decompress_ciphertext_coefficient_ea_8c0(__m256i vector) { + return decompress_ciphertext_coefficient_570(vector); } /** @@ -4009,7 +4025,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_79(Eurydice_slice serialized) { +deserialize_then_decompress_11_ec(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { @@ -4017,7 +4033,7 @@ deserialize_then_decompress_11_79(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_9b0(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_8c0(coefficient); } return re; } @@ -4029,8 +4045,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_28(Eurydice_slice serialized) { - return deserialize_then_decompress_10_92(serialized); +deserialize_then_decompress_ring_element_u_0e(Eurydice_slice serialized) { + return deserialize_then_decompress_10_94(serialized); } /** @@ -4039,7 +4055,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_b2( +static KRML_MUSTINLINE void ntt_vector_u_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); @@ -4064,7 +4080,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_1c1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_7a1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -4087,8 +4103,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1c1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_28(u_bytes); - ntt_vector_u_b2(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_0e(u_bytes); + ntt_vector_u_c1(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4102,7 +4118,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_8b1(__m256i vector) { +decompress_ciphertext_coefficient_571(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4146,8 +4162,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_ea_9b1(__m256i vector) { - return decompress_ciphertext_coefficient_8b1(vector); +static __m256i decompress_ciphertext_coefficient_ea_8c1(__m256i vector) { + return decompress_ciphertext_coefficient_571(vector); } /** @@ -4157,7 +4173,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_c8(Eurydice_slice serialized) { +deserialize_then_decompress_4_cc(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { @@ -4165,7 +4181,7 @@ deserialize_then_decompress_4_c8(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_9b1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_8c1(coefficient); } return re; } @@ -4177,7 +4193,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_8b2(__m256i vector) { +decompress_ciphertext_coefficient_572(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4221,8 +4237,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_ea_9b2(__m256i vector) { - return decompress_ciphertext_coefficient_8b2(vector); +static __m256i decompress_ciphertext_coefficient_ea_8c2(__m256i vector) { + return decompress_ciphertext_coefficient_572(vector); } /** @@ -4232,7 +4248,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_c7(Eurydice_slice serialized) { +deserialize_then_decompress_5_21(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { @@ -4241,7 +4257,7 @@ deserialize_then_decompress_5_c7(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_9b2(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_8c2(re.coefficients[i0]); } return re; } @@ -4253,8 +4269,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_4f(Eurydice_slice serialized) { - return deserialize_then_decompress_4_c8(serialized); +deserialize_then_decompress_ring_element_v_13(Eurydice_slice serialized) { + return deserialize_then_decompress_4_cc(serialized); } /** @@ -4268,7 +4284,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_e1(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_89_97(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4296,7 +4312,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_a51( +compute_message_3b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -4306,7 +4322,7 @@ compute_message_a51( ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_ce1(&result, &product);); invert_ntt_montgomery_e61(&result); - result = subtract_reduce_89_e1(v, result); + result = subtract_reduce_89_97(v, result); return result; } @@ -4316,7 +4332,7 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_66( +static KRML_MUSTINLINE void compress_then_serialize_message_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( @@ -4368,19 +4384,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_c11( +static void decrypt_unpacked_8c1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_1c1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7a1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_4f( + deserialize_then_decompress_ring_element_v_13( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_a51(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3b1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_66(message, ret0); + compress_then_serialize_message_97(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4431,11 +4447,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_261( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_c11(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_8c1(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -4464,7 +4480,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_261( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b40(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_dd3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4475,11 +4491,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_261( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_a31(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_af1(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + libcrux_ml_kem_types_as_ref_00_b40(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4497,7 +4513,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_35(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_0e(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -4518,7 +4534,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_f61( +static KRML_MUSTINLINE void deserialize_secret_key_d71( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -4535,7 +4551,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_f61( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_35(secret_bytes); + deserialize_to_uncompressed_ring_element_0e(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4553,10 +4569,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_491(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_191(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_f61(secret_key, secret_as_ntt); + deserialize_secret_key_d71(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4568,7 +4584,7 @@ static void decrypt_491(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_c11(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_8c1(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4594,7 +4610,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_b61( +void libcrux_ml_kem_ind_cca_decapsulate_6e1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4612,7 +4628,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b61( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_491(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_191(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -4634,7 +4650,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b61( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b40(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_dd3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4644,17 +4660,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_b61( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_e01(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_a31(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_9a1(Eurydice_array_to_slice( + kdf_af_be1(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_9a1(shared_secret0, shared_secret); + kdf_af_be1(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + libcrux_ml_kem_types_as_ref_00_b40(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5458,7 +5474,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_54 generate_keypair_unpacked_5c0( +static tuple_54 generate_keypair_unpacked_e80( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_e10(key_generation_seed, hashed); @@ -5544,7 +5560,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_a20( +static void closure_a70( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_89_9b();); @@ -5576,7 +5592,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_880(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_270(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5584,18 +5600,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_880(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_54 uu____0 = generate_keypair_unpacked_5c0(ind_cpa_keypair_randomness); + tuple_54 uu____0 = generate_keypair_unpacked_e80(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_a20(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_a70(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_6f(&ind_cpa_public_key.A[j][i1]); + clone_d5_d6(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5987,7 +6003,7 @@ static KRML_MUSTINLINE void compress_then_serialize_11_280( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_0e0(to_unsigned_representative_14(re->coefficients[i0])); + compress_ea_9b0(to_unsigned_representative_14(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6116,7 +6132,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_a30( +static void encrypt_unpacked_af0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -6190,7 +6206,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_720( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6217,7 +6233,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_720( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_a30(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_af0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6227,7 +6243,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_720( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_141(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec1(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6248,7 +6264,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_810(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_c10(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6311,7 +6327,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_e00(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_a30(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; deserialize_ring_elements_reduced_a81( @@ -6323,41 +6339,57 @@ static void encrypt_e00(Eurydice_slice public_key, uint8_t message[32U], uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_ac0(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_080(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[4U][4U]; - memcpy(copy_of_A, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 - public_key_unpacked; + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = + sample_ring_element_cbd_580(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + error_1, uu____3.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = - &public_key_unpacked; + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_dd2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; + compute_vector_u_540(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_a30(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_d3(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_f90(t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_9b0( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, + (size_t)1408U, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_6d0( + uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } /** @@ -6371,7 +6403,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_9a0(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_be0(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6398,11 +6430,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e60( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_410( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_810( + entropy_preprocess_af_c10( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -6431,14 +6463,14 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e60( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_e00(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_a30(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_141(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_9a0(shared_secret, shared_secret_array); + kdf_af_be0(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6457,8 +6489,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_280(Eurydice_slice serialized) { - return deserialize_then_decompress_11_79(serialized); +deserialize_then_decompress_ring_element_u_0e0(Eurydice_slice serialized) { + return deserialize_then_decompress_11_ec(serialized); } /** @@ -6467,7 +6499,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_b20( +static KRML_MUSTINLINE void ntt_vector_u_c10( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); @@ -6492,7 +6524,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_1c0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_7a0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; @@ -6515,8 +6547,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1c0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_280(u_bytes); - ntt_vector_u_b20(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_0e0(u_bytes); + ntt_vector_u_c10(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6530,8 +6562,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_4f0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_c7(serialized); +deserialize_then_decompress_ring_element_v_130(Eurydice_slice serialized) { + return deserialize_then_decompress_5_21(serialized); } /** @@ -6547,7 +6579,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_a50( +compute_message_3b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -6557,7 +6589,7 @@ compute_message_a50( ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_ce0(&result, &product);); invert_ntt_montgomery_e60(&result); - result = subtract_reduce_89_e1(v, result); + result = subtract_reduce_89_97(v, result); return result; } @@ -6595,19 +6627,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_c10( +static void decrypt_unpacked_8c0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_1c0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7a0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_4f0( + deserialize_then_decompress_ring_element_v_130( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_a50(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3b0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_66(message, ret0); + compress_then_serialize_message_97(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6646,12 +6678,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_260( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_c10(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_8c0(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -6680,7 +6712,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_260( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b41(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_dd1(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -6691,11 +6723,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_260( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_a30(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_af0(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + libcrux_ml_kem_types_as_ref_00_b41(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -6715,7 +6747,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_f60( +static KRML_MUSTINLINE void deserialize_secret_key_d70( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; @@ -6732,7 +6764,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_f60( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_35(secret_bytes); + deserialize_to_uncompressed_ring_element_0e(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6750,10 +6782,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_490(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_190(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_f60(secret_key, secret_as_ntt); + deserialize_secret_key_d70(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -6765,7 +6797,7 @@ static void decrypt_490(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_c10(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_8c0(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6791,7 +6823,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_b60( +void libcrux_ml_kem_ind_cca_decapsulate_6e0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6810,7 +6842,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b60( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_490(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_190(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -6832,7 +6864,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b60( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b41(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_dd1(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -6842,17 +6874,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_b60( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_e00(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_a30(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_9a0(Eurydice_array_to_slice( + kdf_af_be0(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_9a0(shared_secret0, shared_secret); + kdf_af_be0(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + libcrux_ml_kem_types_as_ref_00_b41(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7649,7 +7681,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_5c( +static tuple_4c generate_keypair_unpacked_e8( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_e1(key_generation_seed, hashed); @@ -7735,7 +7767,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_a2( +static void closure_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_89_9b();); @@ -7767,7 +7799,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_88(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_27(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -7775,18 +7807,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_88(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c uu____0 = generate_keypair_unpacked_5c(ind_cpa_keypair_randomness); + tuple_4c uu____0 = generate_keypair_unpacked_e8(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_a2(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_a7(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_6f(&ind_cpa_public_key.A[j][i1]); + clone_d5_d6(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -8303,7 +8335,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_a3( +static void encrypt_unpacked_af( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -8377,7 +8409,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_72( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -8404,7 +8436,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_72( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_a3(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_af(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -8414,7 +8446,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_72( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -8435,7 +8467,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_81(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_c1(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8498,7 +8530,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_e0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_a3(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; deserialize_ring_elements_reduced_a8( @@ -8510,41 +8542,57 @@ static void encrypt_e0(Eurydice_slice public_key, uint8_t message[32U], uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_ac(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_08(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[2U][2U]; - memcpy(copy_of_A, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 - public_key_unpacked; + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____3 = + sample_ring_element_cbd_58(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + error_1, uu____3.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = - &public_key_unpacked; + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_dd0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; + compute_vector_u_54(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_a3(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_d3(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_f9(t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_9b( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, + uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_6d( + uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } /** @@ -8558,7 +8606,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_9a(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_be(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8585,11 +8633,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e6( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_41( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_81( + entropy_preprocess_af_c1( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -8618,14 +8666,14 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e6( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_a3(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_9a(shared_secret, shared_secret_array); + kdf_af_be(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8649,7 +8697,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_1c( +static KRML_MUSTINLINE void deserialize_then_decompress_u_7a( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; @@ -8672,8 +8720,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1c( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_28(u_bytes); - ntt_vector_u_b2(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_0e(u_bytes); + ntt_vector_u_c1(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8693,7 +8741,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_a5( +compute_message_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -8703,7 +8751,7 @@ compute_message_a5( ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_ce(&result, &product);); invert_ntt_montgomery_e6(&result); - result = subtract_reduce_89_e1(v, result); + result = subtract_reduce_89_97(v, result); return result; } @@ -8741,19 +8789,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_c1( +static void decrypt_unpacked_8c( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_1c(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7a(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_4f( + deserialize_then_decompress_ring_element_v_13( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_a5(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3b(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_66(message, ret0); + compress_then_serialize_message_97(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8792,11 +8840,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_26( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_c1(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_8c(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -8825,7 +8873,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_26( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b4(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_dd(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -8836,11 +8884,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_26( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_a3(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_af(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + libcrux_ml_kem_types_as_ref_00_b4(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -8860,7 +8908,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_f6( +static KRML_MUSTINLINE void deserialize_secret_key_d7( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; @@ -8877,7 +8925,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_f6( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_35(secret_bytes); + deserialize_to_uncompressed_ring_element_0e(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8895,10 +8943,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_49(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_19(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_f6(secret_key, secret_as_ntt); + deserialize_secret_key_d7(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -8910,7 +8958,7 @@ static void decrypt_49(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_c1(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_8c(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8936,7 +8984,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_b6( +void libcrux_ml_kem_ind_cca_decapsulate_6e( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8954,7 +9002,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b6( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_49(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_19(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -8976,7 +9024,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b6( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b4(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_dd(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -8986,16 +9034,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_b6( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_e0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_a3(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_9a(Eurydice_array_to_slice((size_t)32U, + kdf_af_be(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_9a(shared_secret0, shared_secret); + kdf_af_be(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + libcrux_ml_kem_types_as_ref_00_b4(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index af80f721d..ed45eece4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 5a72462c0..f7e24f0e5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 87456599c..e066c6784 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index cbd69752e..d2ac40a4f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "internal/libcrux_mlkem_portable.h" @@ -3604,7 +3604,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_0f1( +static tuple_540 generate_keypair_unpacked_421( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_e41(key_generation_seed, hashed); @@ -3691,7 +3691,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_411( +static void closure_881( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_89_8d();); @@ -3707,7 +3707,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_13( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_84( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3747,7 +3747,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c81(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3755,18 +3755,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_540 uu____0 = generate_keypair_unpacked_0f1(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_421(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_411(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_881(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_13(&ind_cpa_public_key.A[j][i1]); + clone_d5_84(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -4692,7 +4692,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_091( +static void encrypt_unpacked_c51( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -4767,7 +4767,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_de1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4794,7 +4794,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_091(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_c51(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4804,7 +4804,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_141(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec1(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4825,7 +4825,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_93(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_77(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4889,7 +4889,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_dd1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_091(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; deserialize_ring_elements_reduced_9d3( @@ -4901,41 +4901,57 @@ static void encrypt_dd1(Eurydice_slice public_key, uint8_t message[32U], uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_051(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_a71(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[4U][4U]; - memcpy(copy_of_A, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 - public_key_unpacked; + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____3 = + sample_ring_element_cbd_381(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + error_1, uu____3.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = - &public_key_unpacked; + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_f1_ee4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = + sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; + compute_vector_u_221(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_091(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = + deserialize_then_decompress_message_6c(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = + compute_ring_element_v_ba1(t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + compress_then_serialize_u_621( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, + (size_t)1408U, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; + compress_then_serialize_ring_element_v_200( + uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } /** @@ -4949,7 +4965,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_13(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_11(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4976,11 +4992,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_411( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_8f1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_93( + entropy_preprocess_af_77( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5009,14 +5025,14 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_411( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_dd1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_091(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_141(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_13(shared_secret, shared_secret_array); + kdf_af_11(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -5072,7 +5088,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_43(Eurydice_slice serialized) { +deserialize_then_decompress_10_12(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { @@ -5132,7 +5148,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_6a(Eurydice_slice serialized) { +deserialize_then_decompress_11_3a(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { @@ -5155,8 +5171,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_170(Eurydice_slice serialized) { - return deserialize_then_decompress_11_6a(serialized); +deserialize_then_decompress_ring_element_u_a00(Eurydice_slice serialized) { + return deserialize_then_decompress_11_3a(serialized); } /** @@ -5165,7 +5181,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_c00( +static KRML_MUSTINLINE void ntt_vector_u_500( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); @@ -5190,7 +5206,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_471( +static KRML_MUSTINLINE void deserialize_then_decompress_u_d71( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; @@ -5213,8 +5229,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_471( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_170(u_bytes); - ntt_vector_u_c00(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a00(u_bytes); + ntt_vector_u_500(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5265,7 +5281,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_82(Eurydice_slice serialized) { +deserialize_then_decompress_4_1f(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { @@ -5325,7 +5341,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_89(Eurydice_slice serialized) { +deserialize_then_decompress_5_e2(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { @@ -5348,8 +5364,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_210(Eurydice_slice serialized) { - return deserialize_then_decompress_5_89(serialized); +deserialize_then_decompress_ring_element_v_8e0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_e2(serialized); } /** @@ -5363,7 +5379,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_fc(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_7e(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5394,7 +5410,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_2f1( +compute_message_601( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -5404,7 +5420,7 @@ compute_message_2f1( ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_e81(&result, &product);); invert_ntt_montgomery_951(&result); - result = subtract_reduce_89_fc(v, result); + result = subtract_reduce_89_7e(v, result); return result; } @@ -5414,7 +5430,7 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_2e( +static KRML_MUSTINLINE void compress_then_serialize_message_15( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( @@ -5472,15 +5488,15 @@ static void decrypt_unpacked_821( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_471(ciphertext, u_as_ntt); + deserialize_then_decompress_u_d71(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_210( + deserialize_then_decompress_ring_element_v_8e0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_2f1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_601(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_2e(message, ret0); + compress_then_serialize_message_15(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5532,7 +5548,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_441( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5566,7 +5582,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_441( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b41(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_ee3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5577,11 +5593,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_441( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_091(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_c51(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + libcrux_ml_kem_types_as_ref_00_b41(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5599,7 +5615,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_61(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_22(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -5622,7 +5638,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_281( +static KRML_MUSTINLINE void deserialize_secret_key_bb1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; @@ -5639,7 +5655,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_281( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_61(secret_bytes); + deserialize_to_uncompressed_ring_element_22(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5657,10 +5673,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_691(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_501(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_281(secret_key, secret_as_ntt); + deserialize_secret_key_bb1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5698,7 +5714,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_b21( +void libcrux_ml_kem_ind_cca_decapsulate_811( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5717,7 +5733,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b21( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_691(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_501(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5739,7 +5755,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b21( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b41(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_ee3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5749,17 +5765,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_b21( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_dd1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_091(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_13(Eurydice_array_to_slice((size_t)32U, + kdf_af_11(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_13(shared_secret0, shared_secret); + kdf_af_11(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + libcrux_ml_kem_types_as_ref_00_b41(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6552,7 +6568,7 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_0f0( +static tuple_4c0 generate_keypair_unpacked_420( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_e40(key_generation_seed, hashed); @@ -6639,7 +6655,7 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_410( +static void closure_880( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_89_8d();); @@ -6672,7 +6688,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c80(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6680,18 +6696,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c0 uu____0 = generate_keypair_unpacked_0f0(ind_cpa_keypair_randomness); + tuple_4c0 uu____0 = generate_keypair_unpacked_420(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_410(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_880(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_13(&ind_cpa_public_key.A[j][i1]); + clone_d5_84(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7248,7 +7264,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_090( +static void encrypt_unpacked_c50( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -7323,7 +7339,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_de0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -7350,7 +7366,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_090(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_c50(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -7360,7 +7376,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -7381,7 +7397,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_ca(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_cc(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7445,7 +7461,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_dd0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_090(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; deserialize_ring_elements_reduced_9d1( @@ -7457,41 +7473,57 @@ static void encrypt_dd0(Eurydice_slice public_key, uint8_t message[32U], uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_050(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_a70(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[2U][2U]; - memcpy(copy_of_A, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae - public_key_unpacked; + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____3 = + sample_ring_element_cbd_380(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + error_1, uu____3.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = - &public_key_unpacked; + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_f1_ee2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = + sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; + compute_vector_u_220(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_090(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = + deserialize_then_decompress_message_6c(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = + compute_ring_element_v_ba0(t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + compress_then_serialize_u_620( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, + uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; + compress_then_serialize_ring_element_v_20( + uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } /** @@ -7505,7 +7537,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_6d(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_04(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7532,11 +7564,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_410( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_8f0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_ca( + entropy_preprocess_af_cc( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -7565,14 +7597,14 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_410( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_dd0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_090(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_6d(shared_secret, shared_secret_array); + kdf_af_04(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7591,8 +7623,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_17(Eurydice_slice serialized) { - return deserialize_then_decompress_10_43(serialized); +deserialize_then_decompress_ring_element_u_a0(Eurydice_slice serialized) { + return deserialize_then_decompress_10_12(serialized); } /** @@ -7601,7 +7633,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_c0( +static KRML_MUSTINLINE void ntt_vector_u_50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); @@ -7626,7 +7658,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_470( +static KRML_MUSTINLINE void deserialize_then_decompress_u_d70( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; @@ -7649,8 +7681,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_470( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_17(u_bytes); - ntt_vector_u_c0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a0(u_bytes); + ntt_vector_u_50(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7664,8 +7696,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_21(Eurydice_slice serialized) { - return deserialize_then_decompress_4_82(serialized); +deserialize_then_decompress_ring_element_v_8e(Eurydice_slice serialized) { + return deserialize_then_decompress_4_1f(serialized); } /** @@ -7681,7 +7713,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_2f0( +compute_message_600( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -7691,7 +7723,7 @@ compute_message_2f0( ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_e80(&result, &product);); invert_ntt_montgomery_950(&result); - result = subtract_reduce_89_fc(v, result); + result = subtract_reduce_89_7e(v, result); return result; } @@ -7733,15 +7765,15 @@ static void decrypt_unpacked_820( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_470(ciphertext, u_as_ntt); + deserialize_then_decompress_u_d70(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_21( + deserialize_then_decompress_ring_element_v_8e( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_2f0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_600(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_2e(message, ret0); + compress_then_serialize_message_15(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7781,7 +7813,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_440( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; @@ -7814,7 +7846,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_440( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b4(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_ee1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7825,11 +7857,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_440( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_090(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_c50(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + libcrux_ml_kem_types_as_ref_00_b4(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -7849,7 +7881,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_280( +static KRML_MUSTINLINE void deserialize_secret_key_bb0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; @@ -7866,7 +7898,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_280( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_61(secret_bytes); + deserialize_to_uncompressed_ring_element_22(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7884,10 +7916,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_690(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_500(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_280(secret_key, secret_as_ntt); + deserialize_secret_key_bb0(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7925,7 +7957,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_b20( +void libcrux_ml_kem_ind_cca_decapsulate_810( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7943,7 +7975,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b20( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_690(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_500(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7965,7 +7997,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b20( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b4(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_ee1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7975,17 +8007,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_b20( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_dd0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_090(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_6d(Eurydice_array_to_slice((size_t)32U, + kdf_af_04(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_6d(shared_secret0, shared_secret); + kdf_af_04(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + libcrux_ml_kem_types_as_ref_00_b4(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -8767,7 +8799,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_0f( +static tuple_9b generate_keypair_unpacked_42( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_e4(key_generation_seed, hashed); @@ -8854,7 +8886,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_41( +static void closure_88( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_89_8d();); @@ -8887,7 +8919,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c8(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8895,18 +8927,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = generate_keypair_unpacked_0f(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_42(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_41(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_88(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_13(&ind_cpa_public_key.A[j][i1]); + clone_d5_84(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -9381,7 +9413,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_09( +static void encrypt_unpacked_c5( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -9456,7 +9488,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_de( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -9483,7 +9515,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_09(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_c5(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -9493,7 +9525,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_140(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec0(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -9514,7 +9546,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_4c(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_75(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -9578,7 +9610,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_dd(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_09(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; deserialize_ring_elements_reduced_9d( @@ -9590,41 +9622,57 @@ static void encrypt_dd(Eurydice_slice public_key, uint8_t message[32U], uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_05(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_a7(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - public_key_unpacked; + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = + sample_ring_element_cbd_38(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + error_1, uu____3.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = - &public_key_unpacked; + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_f1_ee0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = + sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; + compute_vector_u_22(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_09(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = + deserialize_then_decompress_message_6c(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = + compute_ring_element_v_ba(t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + compress_then_serialize_u_62( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; + compress_then_serialize_ring_element_v_20( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } /** @@ -9638,7 +9686,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_08(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_73(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -9665,11 +9713,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_4c( + entropy_preprocess_af_75( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -9698,14 +9746,14 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_dd(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_09(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_140(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_08(shared_secret, shared_secret_array); + kdf_af_73(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -9729,7 +9777,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_47( +static KRML_MUSTINLINE void deserialize_then_decompress_u_d7( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -9752,8 +9800,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_47( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_17(u_bytes); - ntt_vector_u_c0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a0(u_bytes); + ntt_vector_u_50(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -9773,7 +9821,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_2f( +compute_message_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -9783,7 +9831,7 @@ compute_message_2f( ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_e8(&result, &product);); invert_ntt_montgomery_95(&result); - result = subtract_reduce_89_fc(v, result); + result = subtract_reduce_89_7e(v, result); return result; } @@ -9825,15 +9873,15 @@ static void decrypt_unpacked_82( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_47(ciphertext, u_as_ntt); + deserialize_then_decompress_u_d7(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_21( + deserialize_then_decompress_ring_element_v_8e( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_2f(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_60(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_2e(message, ret0); + compress_then_serialize_message_15(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9873,7 +9921,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_44( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; @@ -9906,7 +9954,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_44( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b40(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_ee(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -9917,11 +9965,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_44( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_09(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_c5(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + libcrux_ml_kem_types_as_ref_00_b40(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -9941,7 +9989,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_28( +static KRML_MUSTINLINE void deserialize_secret_key_bb( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -9958,7 +10006,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_28( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_61(secret_bytes); + deserialize_to_uncompressed_ring_element_22(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -9976,10 +10024,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_69(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_50(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_28(secret_key, secret_as_ntt); + deserialize_secret_key_bb(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -10017,7 +10065,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_b2( +void libcrux_ml_kem_ind_cca_decapsulate_81( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -10035,7 +10083,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b2( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_69(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_50(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -10057,7 +10105,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b2( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b40(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_ee(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -10067,16 +10115,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_b2( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_dd(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_09(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_08(Eurydice_array_to_slice((size_t)32U, + kdf_af_73(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_08(shared_secret0, shared_secret); + kdf_af_73(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + libcrux_ml_kem_types_as_ref_00_b40(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index b345560f3..ab2e72412 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 4b687c6e4..840bfcb9a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 45c073926..d9f06d3ce 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 775fd2fe0..1348c2b96 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 3f1586149..7bed880f5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 21b8d1d44..a66762532 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index fc14ae7e7..805558782 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_sha3_neon_H From 501f7710a662943cece67835b773e4b94c0ba3d4 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 19 Aug 2024 12:32:45 +0200 Subject: [PATCH 066/172] Add LICENSE-MIT --- LICENSE-MIT | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 LICENSE-MIT diff --git a/LICENSE-MIT b/LICENSE-MIT new file mode 100644 index 000000000..e37060b8f --- /dev/null +++ b/LICENSE-MIT @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2024 Cryspen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. From 0d342460229cc3276385953cd361229903e7c9f8 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 19 Aug 2024 13:27:25 +0200 Subject: [PATCH 067/172] Update test vectors to include domain separation for key generation --- libcrux-ml-kem/tests/kats/mlkem.py | 2 +- .../tests/kats/nistkats_mlkem_1024.json | 800 +++++++++--------- .../tests/kats/nistkats_mlkem_512.json | 800 +++++++++--------- .../tests/kats/nistkats_mlkem_768.json | 800 +++++++++--------- 4 files changed, 1201 insertions(+), 1201 deletions(-) diff --git a/libcrux-ml-kem/tests/kats/mlkem.py b/libcrux-ml-kem/tests/kats/mlkem.py index 60b6463fe..33aabfedf 100644 --- a/libcrux-ml-kem/tests/kats/mlkem.py +++ b/libcrux-ml-kem/tests/kats/mlkem.py @@ -292,7 +292,7 @@ def constantTimeSelectOnEquality(a, b, ifEq, ifNeq): def InnerKeyGen(seed, params): assert len(seed) == 32 - rho, sigma = G(seed) + rho, sigma = G(seed + bytes([params.k])) A = sampleMatrix(rho, params.k) s = sampleNoise(sigma, params.eta1, 0, params.k) e = sampleNoise(sigma, params.eta1, params.k, params.k) diff --git a/libcrux-ml-kem/tests/kats/nistkats_mlkem_1024.json b/libcrux-ml-kem/tests/kats/nistkats_mlkem_1024.json index 3d5739981..a7d9388bc 100644 --- a/libcrux-ml-kem/tests/kats/nistkats_mlkem_1024.json +++ b/libcrux-ml-kem/tests/kats/nistkats_mlkem_1024.json @@ -1,802 +1,802 @@ [ { "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d8626ed79d451140800e03b59b956f8210e556067407d13dc90fa9e8b872bfb8f", - "sha3_256_hash_of_public_key": "8a39e87d531f3527c207edcc1db7faddcf9628391879b335c707839a0db051a8", - "sha3_256_hash_of_secret_key": "ed1f6cb687c37931ea2aa80d9c956f277a9df532649661035c6e2f9872132638", + "sha3_256_hash_of_public_key": "ebbe41cd4dea489dedd00e76ae0bcf54aa8550202920eb64d5892ad02b13f2e5", + "sha3_256_hash_of_secret_key": "ecfa369ec7e834204291fccb4d59c3fd1557b0ec3ab2ed7d50c98c01f292612e", "encapsulation_seed": "147c03f7a5bebba406c8fae1874d7f13c80efe79a3a9a874cc09fe76f6997615", - "sha3_256_hash_of_ciphertext": "5ef5d180bf8d4493ef8e8ddc23c22e428840c362a05a25fd306c6c528bd90f8c", - "shared_secret": "63a1039074f01f2651213ad9350d6561cb03a60400e74118bb4464d87b9db205" + "sha3_256_hash_of_ciphertext": "507dcdae0432f558189a09c5e79fd69896e2f830e37ae4d598b00566e55f20f5", + "shared_secret": "489dd1e9c2be4af3482bdb35bb26ce760e6e414da6ecbe489985748a825f1cd6" }, { "key_generation_seed": "d60b93492a1d8c1c7ba6fc0b733137f3406cee8110a93f170e7a78658af326d9003271531cf27285b8721ed5cb46853043b346a66cba6cf765f1b0eaa40bf672", - "sha3_256_hash_of_public_key": "c9ede13be3dbb0edc3ab08226cae11771ff4c0b04a564b64a0d9ff10e373e986", - "sha3_256_hash_of_secret_key": "9b5876610793ae42f683d94f736d8d7e0e033bee588bab07a31c9cdb4ab99a5d", + "sha3_256_hash_of_public_key": "cfb6fc18d6419f5438a0573693f421d3793e5ddf3d846678552aaddc19265946", + "sha3_256_hash_of_secret_key": "af6dbb5f11b3570e9372988cb2846f7b10ffe3c19b153242e3cf70e46a4f0b39", "encapsulation_seed": "cde797df8ce67231f6c5d15811843e01eb2ab84c7490931240822adbddd72046", - "sha3_256_hash_of_ciphertext": "bef440cb5a14bfa652ff69fc431b59980147a2408df8a893f0fafded11d6cfa3", - "shared_secret": "856d56ee09279a13f9abdca14ecbe8ca9968495f09a0758b6d1c8376099365eb" + "sha3_256_hash_of_ciphertext": "e43c464573dca153ca5ee869688d9ca23313415a21e8277d690288238d1f50f3", + "shared_secret": "425ada67204ff5b30a9d1cb545bcb4a6dbbd923cb3ca284911a1c5fe491ffb39" }, { "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345e82fcc97ca60ccb27bf6938c975658aeb8b4d37cffbde25d97e561f36c219ade", - "sha3_256_hash_of_public_key": "ff2546623aee72025fb6746fba736bae0e80e257e66edbf09d8d4dc11049cda4", - "sha3_256_hash_of_secret_key": "57155298b53d3af5d6db214dfa91a9e16f8d5de570bbff5dba5f4cd84098f255", + "sha3_256_hash_of_public_key": "cb74eb00a87eb1651271050e74552291b66a29053bef5e49690d4eec7b7bd352", + "sha3_256_hash_of_secret_key": "1814830755e0bc59ca8763fc299b0b1503e8205eb1e24e13e22394b9cf7edc6c", "encapsulation_seed": "f43f68fbd694f0a6d307297110ecd4739876489fdf07eb9b03364e2ed0ff96e9", - "sha3_256_hash_of_ciphertext": "28e308a6f91068b01a7065b8579fcb6234ecd9bb8d3172b6dfc5a3a470050ea7", - "shared_secret": "c33a4432cc441b7683605c29afdecc81922cf234e02be8c2fbc4e2a7a3b4b078" + "sha3_256_hash_of_ciphertext": "0d8830c371bc3a02c24f2a0289a17b4dc4550d8b06ed79f7da3c909af98f00d2", + "shared_secret": "2bd0703c81210c5d9bdf59f8cbb7c32e30e042c20743c96c74db89545eba4fa2" }, { "key_generation_seed": "050d58f9f757edc1e8180e3808b806f5bbb3586db3470b069826d1bb9a4efc2cde950541fd53a8a47aaa8cdfe80d928262a5ef7f8129ec3ef92f78d7cc32ef60", - "sha3_256_hash_of_public_key": "25b786a67de17d61b2fc0e85a13924398aab931896b6174089569f08b7260687", - "sha3_256_hash_of_secret_key": "d188a2637dfe80dbd0fc25165eb4898923888a82c10f6ff0b8ddb5bf251c0650", + "sha3_256_hash_of_public_key": "4ada82049cbac3e8c6830334021c22894085dbc8382fb43cbe318e8e6ada9955", + "sha3_256_hash_of_secret_key": "4886d92462e3899b347073916ff8f75fe5d406a2515715f39292d0ff8fd033f8", "encapsulation_seed": "ea74fbc3c546500ed684bed6fe3c496d3b86d2d6dfaf223969b942e9a8c95e85", - "sha3_256_hash_of_ciphertext": "8427a1684769e63ec43e97ecbe7b7e654b6e63433bccd23340849904e02767dd", - "shared_secret": "7c14fb353ba421705de44f2a12ddc5ad9b11e30e7b0e163cebebe2da79a7293f" + "sha3_256_hash_of_ciphertext": "ed64332b4a54bf40b47d189d80d1f6c8ada29779c5819e78ff386a758f364de3", + "shared_secret": "f6baf98028ce4f75cc14f6a75dd50502c4adc4d1377d72671c9396d4c26fac69" }, { "key_generation_seed": "66b79b844e0c2adad694e0478661ac46fe6b6001f6a71ff8e2f034b1fd8833d3be2d3c64d38269a1ee8660b9a2beaeb9f5ac022e8f0a357feebfd13b06813854", - "sha3_256_hash_of_public_key": "d35e259a200d16048302df38d8e7f9e1c3352502c43f086fe166325048fdce9c", - "sha3_256_hash_of_secret_key": "020ba30e5832867a6db83cdb1e60ddf0b0a88fb33919edb84b246a345d11da6c", + "sha3_256_hash_of_public_key": "edc529d14502bab03d1b7fc370f2ede22c7190bd47cc88028adb3294029e264a", + "sha3_256_hash_of_secret_key": "96aeba6845ce707a752d778945ce3b93ff3b062582164a014411ab860bab1027", "encapsulation_seed": "64efa87a12cb96f98b9b81a7e5128a959c74e5332aaab0444fca7b4a5e5e0216", - "sha3_256_hash_of_ciphertext": "b52dc0a41015132b3e7a1ae6f544f12601869bf0673625964e5c4e05cbe656e0", - "shared_secret": "35d2a2ab0e91d365a3e2e99bbe3f5121f2eeb528305cc7730f679e10ec1c9b8a" + "sha3_256_hash_of_ciphertext": "04015a8aa6e50547eaafc570396c16ecb409965f2c5ad13d3829afdf330ac518", + "shared_secret": "52b1d99af018531b8f3b6226d7ae23843ca7b84d8f9cef28ead85ab3840906d5" }, { "key_generation_seed": "7ec408f52c9aa723d0c41d9987682a5f4ce6c9da7cd0215af60bbaf5484ab353a08ccf451b049fd51d7a9ad77ae14a81569df8c9bd3a8f1ebea86fdcfb823082", - "sha3_256_hash_of_public_key": "5a5db7d619be642bd87294527b3f859372b279a1e6074824d9632b5d7f616e42", - "sha3_256_hash_of_secret_key": "630f093cb1ff96bff76ede70e970a009a9e5d28fed660e68127d31c3b6dbdb2a", + "sha3_256_hash_of_public_key": "80db50ddb1aff6498e12eac2d5dcdd68be66c7a569b0153ab4aeba37a75dc973", + "sha3_256_hash_of_secret_key": "8ca86fc77b1d59004ee108431292ef71e254bde4714a9f9d33b14bc1542c3104", "encapsulation_seed": "8a95d71228acaa5f9ae6f9d9ca8ae55fde296463b41083a39e833e37c4c90f88", - "sha3_256_hash_of_ciphertext": "4714a5497351399718258f490da0ce28ce8211aad6975546cb4351c8ebe61917", - "shared_secret": "8084cfff3d54b7680e737ed71c37e449f1f9d74bf6735696c46910b13d42d1f1" + "sha3_256_hash_of_ciphertext": "cebeb8cf34cc7a440e9dccc00b5699a792321abf6b16df2da3265909dcb60741", + "shared_secret": "392242412070b869a67b7ab071fd796e83b4e3b5af669ed7a8c4fd1d8d3ecfe2" }, { "key_generation_seed": "c121915bfef6abdfc177dae2f5a24218f9abda2559afc6741b08e0e61ab433eb84ef52db5eaa6df8ec3a0bc5ffa730db0dde8c5f38f266d5c680a78d264a7b96", - "sha3_256_hash_of_public_key": "f0d1acd4fe1bd3bad938c23ec5a7f320766e01005e32769724abb4ebac578def", - "sha3_256_hash_of_secret_key": "664f3632f56ebc5c509931ff3b7e1845265e42a76e20550b683527d7d24e8df8", + "sha3_256_hash_of_public_key": "a0237f5f24fca5a18f8f98c916c3e3304d2669330c1042829573e197597d7294", + "sha3_256_hash_of_secret_key": "ff9be46e9cf8a703446f7563b786f9b851fea88bf0279d1cf1b949df0e46fe9d", "encapsulation_seed": "90d79d75d0bbb8921cf70d46bab497022a8e750efdc99e5f1bae653275441c7b", - "sha3_256_hash_of_ciphertext": "4ebd3e44b82b03c01ec2aa9e8805e53b8c8022e987fc9eca59c9a5cfcb1c4a84", - "shared_secret": "3e94b68a80291e957f9dd0a15b112ad75bfa07951ccb36c2de610e6755a4a0d6" + "sha3_256_hash_of_ciphertext": "4f7b8cbf2c9f28c5eb892d040ee2435eca1168bbc06236e084f559b632e79c88", + "shared_secret": "0472c7777196fbf335dcbec891e291c5666791991a332ea676778e01b7379e72" }, { "key_generation_seed": "d86634ecf96cc2603761e284c0e36734cedec64e7ff486469e38539c71141c5a99daf37400cfe59841afc412ec97f2929dc84a6f3c36f378ee84ce3e46cd1209", - "sha3_256_hash_of_public_key": "7008db565f7ab9c362dc38dcd3e30e5da873c559e9a9222710e8d2e7f6417ce6", - "sha3_256_hash_of_secret_key": "9e774cb57c18575de3ec6a9677e40626c2026e47c389c7a3dc5422d8a83b747b", + "sha3_256_hash_of_public_key": "c266d76c52b2a849f00690ffb252699d5b3e9f66e0abd3c1362c39cedbc69850", + "sha3_256_hash_of_secret_key": "898b613ac0c89b5e001c9577766e44a07ab540dbe1d9a9cc76e0908cbf428abd", "encapsulation_seed": "be8a32f97b9a8d596382c02fa2a0eeebc15c083e970ddaa4f2622b91d6718663", - "sha3_256_hash_of_ciphertext": "1cb3879c49c65c184d605bc6daa22f63affd2a005e145103e6c1ac1ad683d976", - "shared_secret": "900649130f9c28082eab5ce3d128593eeaae89667d7fa4da23fcdfc1573995fa" + "sha3_256_hash_of_ciphertext": "7d2cf7c60e6b6c8c3053f676a13f9f0c799c65c1829e7bcefab59eea43c5fdf8", + "shared_secret": "1518e22b08f28512506461e0c46e60d73f7211cbba08f2880fe612817ce9f933" }, { "key_generation_seed": "0610678ff4dc3128e1619f915dc192c220f8fad94da1943b90aaec401683a492da1804ddb5aa9b1c6a47a98f8505a49bae2affde5fe75e69e828e546a6771004", - "sha3_256_hash_of_public_key": "143b9c53320cdb1b7e8d71efd1f0a1ad5ad1e1ce84dd9fe7c92f19c926388e3c", - "sha3_256_hash_of_secret_key": "63707e33c30114732374ac21fd5be61e6dfa7dd85a36eef2e2bae6b3d0599a71", + "sha3_256_hash_of_public_key": "2bfa2721399623d76222e93d092c34792aa8308d8999aac7e17433da2166292b", + "sha3_256_hash_of_secret_key": "f6ceea917c60dd7bf38aa44c779156a6c293f0c3d96a2fc97d1c105ae3462a5a", "encapsulation_seed": "da2cfaf69e25b2a89ff2557bbb6f69e01d8e2e7bb27a7a1ce7e40fead16f33b2", - "sha3_256_hash_of_ciphertext": "780162548f2d85c00f0276f1db2d6566421cf718679147740d279660fb742544", - "shared_secret": "084aafffcc38ac80dfc02548df07f6e7809eb0644385abce0fc569821a907011" + "sha3_256_hash_of_ciphertext": "46b552d7bc80095052bb90c895cafb30c5d40a6d35f54fb70cc21cca03af83dd", + "shared_secret": "31828b1321febce31e35e6843462b302d13162eed40f0f495fef0654e67faabb" }, { "key_generation_seed": "d322d56d8ef067ba1f24c92492b9c56df3a6ef54a304adc1b69913766a1ce69756047447b810cc094d400ab204cf9ae71e3afa68b88586ecb6498c68ac0e51b9", - "sha3_256_hash_of_public_key": "f2d009cde4abd55a2c7417c9341792e60eaa8e26b53a3aae805746401c4c446f", - "sha3_256_hash_of_secret_key": "2a53faa8053fa21b7b07a96ea259c052ef78746c5d53e2857e9f30bd20d3f2b6", + "sha3_256_hash_of_public_key": "517dd00566aba5f53253d778ce06e380b14c9019095028f3944a31a1aa4816d5", + "sha3_256_hash_of_secret_key": "9845e6e757e2badabc4409a0411c8ed01c6ace5c6ce2c6fcb9767c6b16506dc3", "encapsulation_seed": "511c2ab40782322c06111e144e505328c4e5bfc890a5980a2bbc44aeda4c738b", - "sha3_256_hash_of_ciphertext": "9b7ead45e0e00c615fce96105720d82ba431692f92e1a73e14b490219c8dda2b", - "shared_secret": "a7fd777a337219e1d0ad2cdb47fa18f4685ac343bc537dba6c97326340ab3ebb" + "sha3_256_hash_of_ciphertext": "53374df7489393e2f209c93eaabbaa8d9305d7bdcf93af7ca675ef3f155daa38", + "shared_secret": "3c2d5cd46985e0e37e487c51af3850c5516673fa376d128fb32e63ae84d5de70" }, { "key_generation_seed": "2f1d8a3bebb34540324b9485fdf3d5be3b858f544abc3fc641b5728cafab03ba8d6c42e7270ee2b77b6045385f3d175984a0e260363166c73b0c70c971644363", - "sha3_256_hash_of_public_key": "1f06190bdfd692cf499be99bacc4beccf048c89926769f1b254cca9a9a44089a", - "sha3_256_hash_of_secret_key": "faa641eaff01077bd2fc261ccb91d5c3b468a940e25e8d5d794d564b663315c3", + "sha3_256_hash_of_public_key": "d2d4c9cfe0e22188f2bb5e538a054c904cdd0d6dd921af93591f4a37e9ea2b5c", + "sha3_256_hash_of_secret_key": "803fbd40cdeb06eb515bc9be1b7a8e24809bca250573bf3ab88c42728c36f0a2", "encapsulation_seed": "dca92dbec9b260dd97e8886f876862d6effc3b91fcf3fbc986cf56ab93ae79a2", - "sha3_256_hash_of_ciphertext": "3a22350624e9ffcfeaf0a68c265dc03036e7d5bdbb102474fd2aed257fce04ed", - "shared_secret": "17672805d3953f1f374dc8671137dabb0136de43700fea82a2ca23292bd0d562" + "sha3_256_hash_of_ciphertext": "8ad710fb21ff1df4705a2f648bc0be79fa0d99fb15c50f898f6878ba060f116a", + "shared_secret": "8916871d69a1d3eff8176775f01e75198ca74da4ef8d8f410706cadf9bfcbb91" }, { "key_generation_seed": "31beda3462627f601cbc56f3ddf4424e1529c04737ef0ef2af6d7401f653b8a1812083bfa3b670e3eaf9b443702fb6db16ac1197656bbd61a8e25ed523b8d1e5", - "sha3_256_hash_of_public_key": "cc20155074cd7cbd43ec2380dc6a71b3a88c9a4bf168ab2bf426a899706fa597", - "sha3_256_hash_of_secret_key": "6084f1eb2fe4b9055d6004bfccadad7bd64f623595dd0b5e0c0100d647313279", + "sha3_256_hash_of_public_key": "ad2b1951f0dce0b0afd296d3f22bafe4f13638ee2540caf8a6bf7d0387265bf8", + "sha3_256_hash_of_secret_key": "69110aba50531ef8983b3d67cd553fd47137dbc1c2c73e92709256338438e296", "encapsulation_seed": "57c170e691d7a914a901b9a11c62b8b569b3806427557a9dbac9faa720ec3641", - "sha3_256_hash_of_ciphertext": "43291afa9c1a8098770d5ed9dd4cd71688c52d616e9e68798f8718e4555e0caa", - "shared_secret": "8813fdb7bcec5369e6238322be653d920ba26e0aa63a3c3b4e4218c48c1d6dfb" + "sha3_256_hash_of_ciphertext": "1c30fedca78d8cbd38d08ceb0cc0a05b89729e5815a131b893528356ee510e66", + "shared_secret": "3ae3603ac2c25b00d16e4db451d8e13dc77a3c0fa4f775c74e028abafab70164" }, { "key_generation_seed": "cbdff028766d558af4466ef14043a1a9cf765f7748c63cc09dceb59ab39a4e4d8e9a30597e4b52ffa87a54b83c91d12a5e9c2cd90fcac2c11b3a348240411a4c", - "sha3_256_hash_of_public_key": "77fbe004761fc37fe7597638e5dae8b44bd44c8d6efa2893a0a84b104ace6ac4", - "sha3_256_hash_of_secret_key": "608099f3fa437094212b3aa2696d592a9ba45f697b9c1020b69ec1d6e178b76c", + "sha3_256_hash_of_public_key": "58672899468fc0a35e2a8c6fcbb35b2912e4aefb8c396bb9738e3c16c95ccf75", + "sha3_256_hash_of_secret_key": "cf6d958c589b9bd5fd9fa36ad4033035cd4b795c9a605894577fff640f8d663d", "encapsulation_seed": "6b5a14e1473abf5a33d44975ca2088bd8fa6fddcb3f80e8fd5c45b9d90c24a5c", - "sha3_256_hash_of_ciphertext": "368fcbdfa009642b3ca8fe0261d10d18db5566bc43938e193d9dae45adf2d41e", - "shared_secret": "b00167b499d5130ef82a91f83d1f1563185de735e74f89afea0b45ae1b90cea8" + "sha3_256_hash_of_ciphertext": "3ec1ad08fac922b09448e558b2ef4030cd3f34f12fec7a8022053660cd07ab01", + "shared_secret": "480307819049683defc30e7eb2f711a150d8c5503e52d93e95875754046004dc" }, { "key_generation_seed": "4c04310bea66305c6ca8ba6b8f61ca96257a67663afc11761f13fb5c7b324b6b8aec87a9a79204cee2986867a2906eb851b734b8b22b91d6749b1a5f07c44e3b", - "sha3_256_hash_of_public_key": "49cbe8daa7dac02d7795e907b037e2ae56624fdc8d7c6320f9e1e69dd0f6286f", - "sha3_256_hash_of_secret_key": "de7838a99458b56d0f1de343315d1a7d460269ded85551f70335b1e002742b5f", + "sha3_256_hash_of_public_key": "5bfb6d44c0e7348fba37d50b05031c0489d4294be6cfdc6f4146740e54fa5d69", + "sha3_256_hash_of_secret_key": "a028bf71ba6a1f5ec4cf1af0cb9ad9388c037c71143b8fcde05572452a343475", "encapsulation_seed": "40e593754e6eddb7f9cf176ba2d5fd1087c90ad377556d0b0f686537b1a3165e", - "sha3_256_hash_of_ciphertext": "04c5a66da97cec8a22bca38de71927b176310004175b3496c5a2737e91b18e00", - "shared_secret": "c55179382eb5d4bbd91e45f4b3dcc5d1022110aa209c002600fe0d55a5b3333d" + "sha3_256_hash_of_ciphertext": "514b71dd5fba9c30a58582a39845195b0f19b1e15a984fabd7bef885769ddd08", + "shared_secret": "8d0ebe7aafeba5ef991b1647872cf097d625a671203c53a05c4dd624c087855f" }, { "key_generation_seed": "38a0d5f41d7dc1896efd1b45b0485634cef149828751b96087a0a6dd81b4d58aa2acf359556df4a2abaeb9dcee945829beb71185b4d6bd18b76e5668f253383a", - "sha3_256_hash_of_public_key": "a333d474be9bacbea4c301148be2ddf13c3c25d7e4f52447a549a27b6d12710d", - "sha3_256_hash_of_secret_key": "731e7c1597fcea477249114301154b9fda1050e71617827da0c9cc149c1cb99b", + "sha3_256_hash_of_public_key": "22599b58af4bf05a9815c270046161175cfdbc167293cfd50e9d74851ef1d1df", + "sha3_256_hash_of_secret_key": "15a922260f11e5815f882c96786d106f029f193d6d047cbd5ac63f31692132c1", "encapsulation_seed": "c152523abd8248bed40c3827bcf0f8e8127037a55c780695e2c28ea3e041a44c", - "sha3_256_hash_of_ciphertext": "841415e768ab08549533578cdb506a9f72e8d01b472b64746322328c0c035080", - "shared_secret": "91c0a23c78351e8f8de8e38c5a10e41e5290ef96266f93839169c05842820e41" + "sha3_256_hash_of_ciphertext": "108fdcd2b41e467400feee2cda893fd5fc3844845cf6dbc07ecbce8eb10ddfd4", + "shared_secret": "fcd665fd50eafdf62b40f8eee25c6f38b5b4d110e329399460596d4f5c0bee30" }, { "key_generation_seed": "97b5665676e59e3538ebadaa8cd50df1f9fda1502d9894c616a946078e56b621df05318b5f655efe36f1b678cf4b875108a18db2fa312261caf839f84bd956c5", - "sha3_256_hash_of_public_key": "35d109f57ea2764642ea3473a4f192cedfbe153a37f131cdf447b60e92310eea", - "sha3_256_hash_of_secret_key": "0420ee0853629da644872d3e2a9b0a89c9dece1a6748247d2f8f39721af21e12", + "sha3_256_hash_of_public_key": "4f71da07c289afd5cafba73184b9723c238da81e3ae109daca1873ae1e34d84a", + "sha3_256_hash_of_secret_key": "ad2b5c14ccfc67736dc7ec1697fff3fed2723c7277c8d30488c14c651cbbe080", "encapsulation_seed": "ad6466dd59f26b762fb02b19eedf5f79964da68bce0459b91c3a6ee5a7e01183", - "sha3_256_hash_of_ciphertext": "82c120326a2ab109d5c3910a95ec69dc3b1c1c05570728164791870d9c9c1a3f", - "shared_secret": "ffd93f9141d4b2abf600c1c258ee78e0f752513bb002677221060cca3ff1e5a6" + "sha3_256_hash_of_ciphertext": "8f3f0267fccbd0f302d33b25d10f9a065fb6371a1f182508c492d225962ce764", + "shared_secret": "b7928b922df5a82fc6217de5f086de8cfedf91cc521f1207f3d912b2274fcebb" }, { "key_generation_seed": "ef99224a03a85a46ef115474ec5b5d620da6795d6efcca4c9135d19958a9de62df7d92dda83e6b2ef4cce08c9134563063068a196d7b1a1a13623e48ae12528e", - "sha3_256_hash_of_public_key": "cd65fd07a78e48c1a02e235ec76fdb509cf9903a4f5a850c51d9d3fda383cc67", - "sha3_256_hash_of_secret_key": "951cf21e37dcba710b581e49a6df1c75c65186e9672d647e9cd7239eb4bb975d", + "sha3_256_hash_of_public_key": "482c88cdc80345768e4cb54d17aebf2947b07c716dde8da26e0b7114f85dfd29", + "sha3_256_hash_of_secret_key": "3ff42377c65eb0b3168e7ca342599db6e3a105fdcb2f8fbd6101ddd0198cf4fe", "encapsulation_seed": "1a4d5dff5847cfb48333e33bb00ca7301b144aa89dcd412ff5a3b1081d775b7f", - "sha3_256_hash_of_ciphertext": "0217f113b6d5786c3995b366adff6984d0c8d91a388f798a9556d7d3a8252b9c", - "shared_secret": "550b4e8c00bb5ece74059879fd14f5a0a89073d8a54f8bf1597f1ebf198a61fc" + "sha3_256_hash_of_ciphertext": "af9ca3a38669b3e5f142a43e64965e6365a1f48d44b1b06a6da32dfb5331b7e5", + "shared_secret": "c653e05ceaae3783b2cd20961c12a4331f920ed695b6047ba6eaf5d256b8af1e" }, { "key_generation_seed": "b12f6fd965ea9c5b947db80fc60c83d5e232dca82e7263027c19bd62e5a6ff550f6aa3e88f7fa8a96067f8cdaeceeac90c2d0b5e277e56e9c405ec9420c30252", - "sha3_256_hash_of_public_key": "376f022313718aba325ef4c3b720e2c3ab314ace74e983948ba2e43ee3a6ebde", - "sha3_256_hash_of_secret_key": "e697899409d15ce13113a2ad86448157a248ff0701b40eec11fb4afac7b9f2fe", + "sha3_256_hash_of_public_key": "a8f24545f5c1f2244d7712dce7596ce08146dae6a7f474daab4056da2d22c4ad", + "sha3_256_hash_of_secret_key": "edc603aa05fa07ce3bf2a4542a68261229444a7177f88609a4b20db24838904c", "encapsulation_seed": "34f44ec2092eeaf686f2ea170591a98527cbb03a4fa9477a7aef6b41a54feeb2", - "sha3_256_hash_of_ciphertext": "26c5a91a627899cf23122c5881bd00b0a4f76e0aaf5de60d1d273e8e635b574e", - "shared_secret": "e5b98a3c32a5563c49df725e661a9f44a20390cf83a9779ecf5e7d9f5aff0143" + "sha3_256_hash_of_ciphertext": "614c867453faf49d81bd1ca0381d5dcfb5b966341fa1dff67caf36d579221ad8", + "shared_secret": "9fa99f495d5ec88b908a180594ea391556d73b5043fd53e60413cbdce7512ed6" }, { "key_generation_seed": "9f52af92ca165fdc38788f2b59ba02e01c8281ff7c1e60504688043a5fe814b04f3029e1be4e1c0258c3a22ff5b50b2674cc094ba7018da2a61569845c17d26f", - "sha3_256_hash_of_public_key": "7944e5d79dabf7b7259df5ced02669c81b7dc4590e0b10764729d812f6bd85d7", - "sha3_256_hash_of_secret_key": "301fb18a9ec0d975414abc4d41ed0c553e2b9aa2b03bf2765476e3288f760ee7", + "sha3_256_hash_of_public_key": "1c931f81fc67b2316f99db7f55d799363828f7de74b5e979fd7620c7449132d4", + "sha3_256_hash_of_secret_key": "e88eb4552ec4793dbbb3d6d95e91c8fbd8574097051968ac5ba32b4c48eef54c", "encapsulation_seed": "6250c81126572eec2da330271db36ee591f060fc7e53eeefe2e1c476c675fa33", - "sha3_256_hash_of_ciphertext": "c7474d6b8d9b3677b39b69030f40415e2234e637e200c689f90d6b37da3c4a8d", - "shared_secret": "169929e655f214d7ddca31eae7ecd2e01d9ee0601fd4a2c3a59eb701ed9522ab" + "sha3_256_hash_of_ciphertext": "1ee0d223d53a3f9578eeb5260e6827ead7749898198ff47b22485fdc327e6c36", + "shared_secret": "9b93f91e8134042ed4915b713269a6a3239b08ed049def076439151344e508e8" }, { "key_generation_seed": "851ea90fd3854cbf28fe39fb81f68e4b14345cf0d6eee7ec4ce772513df8410d1c0ec046899a777655233e4e1b5ca44e9afbdc67964bfd5d5e3dbb45e60d03cf", - "sha3_256_hash_of_public_key": "692176b38737a053dce0551b63e3eca81884bbf95e1d8975671a2f7f1dfae251", - "sha3_256_hash_of_secret_key": "1ae55a55d87ea8d58b51f842c7d6990a1ae6932eccf5c39e97f56bb481a16b7d", + "sha3_256_hash_of_public_key": "c11d5e63a349785e242cc58bf790539d3adf4844176afb3ade1db843a9e6ae9f", + "sha3_256_hash_of_secret_key": "688265f913868027cbbc9dfa94448be736e2a5f0b92bbf93058fadb350030fae", "encapsulation_seed": "35d470bcc5880872754810dfb3f2796da2fd7f397537146f6488c27804072b34", - "sha3_256_hash_of_ciphertext": "7509dec8c1dd6f29855e08d61a56ade71c6bd9a47102a12b3d4c9784010bc5d0", - "shared_secret": "be36ca6f5e0d3da0b5c144ebccd725900a06782fae7b2707ce7c5cb6818c8991" + "sha3_256_hash_of_ciphertext": "7f65f239ce22eaba7c7ab316cebbfae0969cc2290cb71f440034994cf90dbbb1", + "shared_secret": "b616ad16ce3e737184ea0f5b25f8439ffe0bbe9647e0c2c725d23d4eb2f13464" }, { "key_generation_seed": "d304c9389cc973477f169788abcb9d511f843219d246a9b587822f422a70c2386590a2e5c7ed86cf2c5c2a898662bc9a81418720bbb632ef9cf0b845ed052d73", - "sha3_256_hash_of_public_key": "2f54bedb19919171eca777186dd743b11ec9489aea09534c157faa75adf1c77c", - "sha3_256_hash_of_secret_key": "4bea180ffc80875ac731f18365224bd3eefc8d11fad63c7376adc1a37adc67bc", + "sha3_256_hash_of_public_key": "5955b9c5a4f2ca172535d5a32ef67d54f334bf726829082485a7b83d43b46b23", + "sha3_256_hash_of_secret_key": "7809270364124d24715bc895edf612bac243172af3b02ec93d5bfd9cff0e109f", "encapsulation_seed": "8d667921c5db401a86fe1c35dfcf164a6bb2ab7400fd6a0b67eafd4a0ed11940", - "sha3_256_hash_of_ciphertext": "def0451ac37ac39a0ef5b94406de4e313b3d12d899d6a4e92f3ee37c84869efe", - "shared_secret": "9769b7f3571089f1a086606f3545dcd094097befd492e3c9889f9a97c7b181a4" + "sha3_256_hash_of_ciphertext": "82424d5f00c6d9c6fed4e457ccf6ec1a8924d1991d069d61af6225de70265cef", + "shared_secret": "634ce1c824fa766f69c30548e34a772e828248e5ea4c4a7780ff38e2d7d3a4ea" }, { "key_generation_seed": "89a6e3be304a3518fb82b18ca730f0b359cd6ba90664a493fb4f8edaf965b9c3b6591121e25d64010c25a18676033e1d7278ac5f2d0b43a31f3a4156ae710465", - "sha3_256_hash_of_public_key": "7a9232085a0222b9c863931ec3bdbdd51be3f16d6cab3009c138e0c8cb692563", - "sha3_256_hash_of_secret_key": "a01d03ab913ef4672c49664d2c95fecdd98fcfc19e8d8b839e79a8f6fb9bdf42", + "sha3_256_hash_of_public_key": "1f40abf556c865cd096c702d21239de7c22713d70626f1a3a4c4cfbdf3faca62", + "sha3_256_hash_of_secret_key": "7be795e3cf1129fd66006f863810789bcfae7b470f48dc67e56420c528fc7161", "encapsulation_seed": "ec750b3939385a3f8df868119dc76f77ca845567ef068de6ada5478a56bc78b6", - "sha3_256_hash_of_ciphertext": "45c35e22eaa9d63a6b57f60ad2e6a35290b290c01761030dea1c9aa7947c965f", - "shared_secret": "7a190640b245b6b4de7ac38fa6d4c50e935c0062c2089c926e4e8c31f233fbba" + "sha3_256_hash_of_ciphertext": "ef56de7b20b69ffaf2fa99b4e97b0c1a35c714ef33ad6bcf1a5db52825ddc57d", + "shared_secret": "ee1b62c612b20db1f35a37f94f3cdcf4d3c02f1a7e2ed944764ca65711cc7cdf" }, { "key_generation_seed": "d569b935ce015c85f792f8f7fb0d83c4f53b492959361dd4f75fb764d656450176eae84d11c4528382828f7a689a0d5cff87b8ca0bba97feacb39b935a8788cb", - "sha3_256_hash_of_public_key": "1642d52117145ea2956bd5e446b895609be84a9344ff0f5cd1ec62af9ea9e3c0", - "sha3_256_hash_of_secret_key": "e2d190c6c423252af301186a3e49892da8c22e4c0fb61586d119119fb7b07447", + "sha3_256_hash_of_public_key": "d5d6b62e0449476f7c6f9ea3621237bce0f97b11fe0e65776f1e92da38362cb3", + "sha3_256_hash_of_secret_key": "4ffc1c18bf762ca3b1050d2a4f583a63a5aaa6326fcade7673d49d8a4921ff17", "encapsulation_seed": "74f1d52af09b12c36eb062ea7528550cb4c18a3ce8e4f4ea9fac43ae383bc925", - "sha3_256_hash_of_ciphertext": "0e67bf478bf93c925eee2cdfc285161c1b6dd2ba3a479dfb5fd9203ffdcd3c85", - "shared_secret": "5de71ca6710d2d588f53059a15e3a266eab4ed2230502b597f088014fbe9b659" + "sha3_256_hash_of_ciphertext": "e1328b21914b182fa2908f7ed771da784ad836a85bf341f56bd748d16c64c768", + "shared_secret": "1554300d6dd3d2dbb7a1647991daceaac9bd28f6bc937cc8bd3246c48e219f65" }, { "key_generation_seed": "5cbb141c2763425c274f7404fe530d9116e08c33f9f200a20b011cf563a28990fc9ebbe336dc464489861db8253606971bd0a9008a433ed17752d04023781552", - "sha3_256_hash_of_public_key": "0163017a26dba83777c4c0f46f31375ba02680ffaba588a9fe91f97ccb99c445", - "sha3_256_hash_of_secret_key": "5d101bd4f51fad047a1161e7a95197f6307e7cb88e57fcf9fb28a2be43e9f4a0", + "sha3_256_hash_of_public_key": "269505d6cb8212b9dad2fa70171035fd4107ff47c02696b3489650d5ef9c6f19", + "sha3_256_hash_of_secret_key": "018eb767bd3dc2eab26a00ad9f83c0335711512d57932cd0261fbdea92b66da8", "encapsulation_seed": "4b3a70d85f640d1a2a852fb6fe96704af56a7415a8ee4282e9207bc3a2dc116a", - "sha3_256_hash_of_ciphertext": "7e38f78738ad21d1015a2e79860e8108e807a3e7070515185ae581345e08f6e4", - "shared_secret": "42ffbb3ae86b744b00f36a01f9cb34e8a08916f455c9ea0e5e6ce81bb5042cae" + "sha3_256_hash_of_ciphertext": "b2fe82f12289cde84395d5757b2f0cf5a3a968827d03bd7c25995052eb71798c", + "shared_secret": "321f4ce476ad84c9f9d3b906a733b8bbd8aa0c3301d81d9cf7587345c098157c" }, { "key_generation_seed": "293abb6d1c207927945417cf84883ef010823e11b487ed55239e466e83696d0cff8563038aad865a817cab9ce98846ba75be9363718ecf5fea538aea90b2a558", - "sha3_256_hash_of_public_key": "fb21cf5cc9a8a47a07cb2a154f73676d39a98a7d12a4abbd37378595c6332f46", - "sha3_256_hash_of_secret_key": "3c5041ff25ab5e854e792eccf12721be4f820020ed7895d5ccb7b1ba4bb7b193", + "sha3_256_hash_of_public_key": "3e8ca044ed0e215c83f03eb98b6da9da137ff2433b319d9ccbd0bf054135d63b", + "sha3_256_hash_of_secret_key": "0082aadf73da0e894dfcf587c66f00d42c9619c48d09d5560faeb3396dfbf8f3", "encapsulation_seed": "26e38ac804fb5b4d59ddf747715e7e6041d875f99c7b638024b4af82d622da60", - "sha3_256_hash_of_ciphertext": "e2b8a6842755e5a408a47a32c2093dcf3aa0d32448ddb1f1a154315634f1b701", - "shared_secret": "90ca5a797490eb35c3cc24af19fca6dc71d41aa58d68e0061c1bdb8481e691d7" + "sha3_256_hash_of_ciphertext": "3c1dc77214aece55f05e63e8d83fc4186c445d2d2f54846b5422a362ef058d6e", + "shared_secret": "3f9a0a1579989654c58a2d33470a0ab5b6587419be2e9cf4c5027ed252c48494" }, { "key_generation_seed": "74d87c7556f2671f2d666854a4d6e073e69f35421e6e1a428cccea49c37f972ce1fb7456ac0aa1b97068f452cba64ebdc138bcf5d36b0a0fada2a3b374141eb9", - "sha3_256_hash_of_public_key": "591aa9c81277503a34441fbd6cb59c6d1ecd5e00298fa56be9df562576250c52", - "sha3_256_hash_of_secret_key": "2e9c26235e0db1383671ad4ef147c1cbe3724bf800be90e356a5a381e3d9aa12", + "sha3_256_hash_of_public_key": "b4ecd70cf455e2195477c581fa72af1ae232e7b5efb374d9607fd958447b7c67", + "sha3_256_hash_of_secret_key": "d609a934cad16aedacb4af3a071387c24b0421a7747310ae045ff5da10ca337b", "encapsulation_seed": "a319d2b8f114f1acd866478bcdeba6fd164dc4e37b0adfa8d8034afb3e197376", - "sha3_256_hash_of_ciphertext": "02f85b52a3684cab8bc416b74de36ac686cf3a3a495440cd444c1fe7d84b2e07", - "shared_secret": "bd58345e9e19483cde256be650975b954e167bd8b0a9036a95c98ebf037e87ec" + "sha3_256_hash_of_ciphertext": "a54658518ce500e04544f0774dcecff4c0c17ea6170941cbf6b670fe5e9a1ed4", + "shared_secret": "a28945631e9d080f64dea8dc345de2a4cb95048d5b78cc573afac0fd86ce57b3" }, { "key_generation_seed": "013bab0212d04ecd54b478daf72748003a25e2cb060ba6cc50bf95c292b8206b9da0c5da5f195b80fbb99c2e8b06926074f3f604b3f6195b5a5b9737876bba72", - "sha3_256_hash_of_public_key": "1c6c4009e28f6a20aad0c0b14b7cc0a01aeca507c366913ba5cadefe6656881b", - "sha3_256_hash_of_secret_key": "a9d3487d20af12309fb8d12b71a3fc3ad9109a9cc2720a0fa409ec5a491943b4", + "sha3_256_hash_of_public_key": "a97ab878370142b7b2b346179050eff0a4153943be66d9ce47c6772362ba795b", + "sha3_256_hash_of_secret_key": "505631cb623779f8c05817160d13c7d5bc3ab641ac31cb0eee3025a204a4a3b2", "encapsulation_seed": "ff646071b2509e6b75790917e08e4f0b0d9f0116ec6291c0b59eaa4b583ad830", - "sha3_256_hash_of_ciphertext": "7a5d4cb38e9fb2beefd925d54155ae91d60bd95696db2de45e2307658341f2e7", - "shared_secret": "53d22dbfb623f5282ac68ff607b69b9ce559ec3b70aae668c684d90dcbbca13d" + "sha3_256_hash_of_ciphertext": "1ede2d6f454578ca9d2b0c1324d9342b484eed64f6bb788a6d377b262e53d719", + "shared_secret": "5a2913f3ed09c2f765977781f18823602437334e5a5c210a71f4cd734fd10b07" }, { "key_generation_seed": "ccb073c4b90be0ad746e26fb093b60c70110bd1dcbcddb566a8cffb7b3caf80e71600a8982c350df524cde514431ded7aec23576530894bcbf0ec0bfef0bb64f", - "sha3_256_hash_of_public_key": "4576536d1bace29aa7c31f7681222ddd15a3cf6ea6bbd3528d2ec8610d68d134", - "sha3_256_hash_of_secret_key": "0f1d74d5cd2fd6a9aa7022a0f06bdb6272a0bc23f115796d6e04692aa44de4ab", + "sha3_256_hash_of_public_key": "13035e253575fcae389887037cdbff8ea508ff9e5337e2fb607919747cc53df8", + "sha3_256_hash_of_secret_key": "5db526c73d60025195493b0ee21c47c762bb95107e7a9037e2bc3d15eabb08cf", "encapsulation_seed": "0584270ec26f3b9818e4af074d17b2d51037cc8dfdcbe3b140fa4fed5deebc54", - "sha3_256_hash_of_ciphertext": "8448f623dc438ea4a849544c4fbcf3dc493b18dbacb911b83ed651155a145c53", - "shared_secret": "cdca5387453ba0f0fe9f126702ada05c3612388b70185b6c2e69dbf98c2803ec" + "sha3_256_hash_of_ciphertext": "550adbedf0e28eb616e477f2ffd925575f2339b9650b5282493dbc20efaa7b0a", + "shared_secret": "3084c8b9e79c5eea12b89c5acd1a5cc6d9835656138a1f5d68d27fbb56988d57" }, { "key_generation_seed": "2e889f44e28901e9ac7ca6b2fffcb124c8979401b17064d7e1d51a7e3c3adbfa0e145e44aae52cfc609e6f47fd7a6f6af877190ff52256d0ac5b05b89c3f449f", - "sha3_256_hash_of_public_key": "eea5db7a82254d19c0a0c552ccc92db9c3eef74cd73a9937b7b7298171313f12", - "sha3_256_hash_of_secret_key": "d4d3196a516686b8da051e915241f141b04af55e83effb968c52f23a19ccf79d", + "sha3_256_hash_of_public_key": "0409f3dfebc62eda14a11b1c03d59d46382c2c2a579009c0355da8a58440c49a", + "sha3_256_hash_of_secret_key": "5b1cd45db8082dff58e3242c2f37d14a682fb38843394879e95f9edd56268ad9", "encapsulation_seed": "51e05c7b4ca3079781e8293f4eccebeeb2f8c8b4c59468eddb62a21bcb4ab8a3", - "sha3_256_hash_of_ciphertext": "84e87b27235041a1815c98ca4cf9ce031d7700a48f602bc9dcc98f876ae50c62", - "shared_secret": "b15db77dc79f2d64e13445c4dfa997afb191e0bb2bbf6a210a5d64263b2408f5" + "sha3_256_hash_of_ciphertext": "b95d4e0919a1e4659fc88c49a3a5635215ce65a74f40076fb5b24e0e3499209c", + "shared_secret": "2c9aa133dc5aa592b7c73f23ddcb85faed4c69d249363f9cd7fdfadc7329ff86" }, { "key_generation_seed": "174aaa36410566dc15a5e62874218d7abdde0b2c0f30d877bb80b1abd5f5a0a450a7a2354f7e5cefa6f4a4e9a1c411eb9364506e9e1204a8acb3cb77fbd2c4ed", - "sha3_256_hash_of_public_key": "72998cc3abc79487ca0a4db5b17514e9961916d30ab9b500430ba748c5c79226", - "sha3_256_hash_of_secret_key": "362b40ba4e015b703f639f4c784fa9f114f2cf65de5f6645e8f9d37fb33fd044", + "sha3_256_hash_of_public_key": "a964f69c975bc276b67b828d04997c8caaf20600da330ec642633f9789858f73", + "sha3_256_hash_of_secret_key": "43c8d52432e0cd004cb84f3ae8b6e2c4657357f3535740404189a47b9549b14e", "encapsulation_seed": "9eca0fe36c80fc5eba171c3ae66a5b1c923faa50b4521bb055e7bf51005c93df", - "sha3_256_hash_of_ciphertext": "44b60f83deff617231e92c5ece08a24243841d3df34de2517c29bdc89ff51400", - "shared_secret": "8ca9424860c35214636855849bb039cdcb4c722c5b81ce18ac1a1090034dafc1" + "sha3_256_hash_of_ciphertext": "a22b43056ca8a6a318b06142a7d1fc71c7d5b72c269f14cb86c531800b2d9862", + "shared_secret": "cedbcc4a7eb422e8a50f22ff47da0bd8b6f2337cb2aea98fcd80288c14da7d92" }, { "key_generation_seed": "351fe4313e2da7fac83d509f3103caf7b4c64a4d458fefdf636785ac361a1390f072d9b5a99f9c7a0a011e4dc10f6b600d611f40bba75071e7bee61d23fd5eda", - "sha3_256_hash_of_public_key": "e9631b6d4237dd6884ae3647dd8622fc13d1cc689f3c8ed94ec6bcd4bbdb6980", - "sha3_256_hash_of_secret_key": "96736bf10a73d079e56f5812f65e3465957b8228423fdae4059feaf918fba361", + "sha3_256_hash_of_public_key": "2a63040993f86bda57d8006a152c436e383ae407c7d9bd7a715a2f9efa507422", + "sha3_256_hash_of_secret_key": "304cf25b7cb02f8ba61b73f24441c9f73076f43da697b73462d33c08e22889e7", "encapsulation_seed": "0c5719261caab51ae66b8c32e21c34e6d86ee4aa127d1b0195663c066497b2e9", - "sha3_256_hash_of_ciphertext": "eda93794649d2ba24fb277e8cb0e5788102a4796cb21388caa25eb10bafefc5f", - "shared_secret": "b056e2904d66c51dc817acf961f141c2de7d201ca8e52d19564d0fb4e1310aa9" + "sha3_256_hash_of_ciphertext": "b1fdace65d63dbde3b624bccf02ae3859209bc7597ec464c1955604b69b98247", + "shared_secret": "cd0a41e85f2afaabcd7f00c2a9be9bacc6d6f79e0ae6b7ef64de31dcdfa02b91" }, { "key_generation_seed": "9bc5315580207c6c16dcf3a30c48daf278de12e8c27df6733e62f799068ad23d5a4d0a8a41c4f666854e9b13673071ceb2fd61def9a850c211e7c50071b1ddad", - "sha3_256_hash_of_public_key": "847db13de94d97a88d5a3deae31c246f5f04d0c7d7f337859e024764337a08f2", - "sha3_256_hash_of_secret_key": "7fc950abb115ea2236036c300c95c76015606539ddd2409ff1b39a99b86a179f", + "sha3_256_hash_of_public_key": "4016ac096bf081a60fd2726d6b275f550c50021d42608c49c93385828573f89f", + "sha3_256_hash_of_secret_key": "9570199a1807116c7f724a899ff769f20dff8052fa0c9c9715f0c64438884144", "encapsulation_seed": "0e59f6f9047c784c1f00b24454aa4f1bd32c92ae7e626549972f86fab90e7e89", - "sha3_256_hash_of_ciphertext": "af6d97857d131ebccf9d356e78a4fbbb66c7d5ad68fd42d356c3ef14aa756d47", - "shared_secret": "663bcd21601942f0ce47640325c9efcfc3eb3b022f0cfaed168893b1b6e5dcfc" + "sha3_256_hash_of_ciphertext": "58307716aa46e4259f8bd30ee56b62d9bdbc750dcbf454833f2d7ee8c39c4444", + "shared_secret": "1537e848472d0efdb11567f6ae943c8d16d37f91285fa7f77bf589ecc5e33d10" }, { "key_generation_seed": "d8b907b34d152ff8603b73051f772daa71eb902c47b7e2f070508269d757e02e36b817736cbc5f7b1dd6eef5fe6332fb1a598f3871e5470d440fd2ea631da28a", - "sha3_256_hash_of_public_key": "f122b76b83c343de27054985634387fb7138f6f6f105cd4cd3f5b02698a964b0", - "sha3_256_hash_of_secret_key": "620b4d0dc53a26e175c69ae7a8f2d749d4adf1d0429852b84839d334e024ab06", + "sha3_256_hash_of_public_key": "a08c74eb9f3d9296c268dcd23c66bf0250b222854a5c31830b7431ccd3ed53fd", + "sha3_256_hash_of_secret_key": "47a4e26c07937e29c94d64ffd1819bfb707ef600869f58407c21d7c259ca5490", "encapsulation_seed": "a3963ade17d69debbc358dda82c7bebe2c39d25b36813058e7a161542e3f8c2b", - "sha3_256_hash_of_ciphertext": "51f8a50f2dbcb1255619a7a9868eece507b55d2138707a0550a4113a7e162d5c", - "shared_secret": "cad5816f1b2057a410cf917f52040aad9cdef2122ce59211ccef77c4a7c23a6b" + "sha3_256_hash_of_ciphertext": "cc98832ef8d034a40761d82fbca633cc1534bf5cdfe2326b68ad088222e04221", + "shared_secret": "5aad40b5528d175e52ceeeb0e70f31d8eaebb691d69f87029c966f191c6e5a59" }, { "key_generation_seed": "684a29e4e5480a5f2533e1526b5fac8cdf5927f3d85087c71f928c59690eb56575d12195ec32a8686d0600e45d4a7f54219b0d7a3826d193a51b9156ecf2edd6", - "sha3_256_hash_of_public_key": "4c3182ca7a48afe60eb85790dcb50b8005b568921dbc724130b0ce83f1278454", - "sha3_256_hash_of_secret_key": "44b1c2b3487cdda8a8e9205d95dca710093e981e7bf2ea30d1d2502b164375fd", + "sha3_256_hash_of_public_key": "37e94def940045d3fd9ddec0289680ae2f96d9d43f5d774a81b86ae7a4761ab2", + "sha3_256_hash_of_secret_key": "0164daef54c215fcd310fea777ace0a20ed964a64ce6fab3c5816da5bf11fd1d", "encapsulation_seed": "97beafabf2c8575586487c7a80e8af5fc50f94b6051c1bc66a5ae9f66be3cea7", - "sha3_256_hash_of_ciphertext": "f231d9b8e3cb86e9daddae8d4555779a9125a16a6d2984ef55914a27d7912fbb", - "shared_secret": "e8f4dd3d2bb2c2f110bd410b2c37beee6d3bc7c7c4dc477c358234c54bbbd4ca" + "sha3_256_hash_of_ciphertext": "135ef47f41dbc48f35afdca64081e9185c69c63740ef27b107e0b0bebc8add69", + "shared_secret": "fdf3ed80a2b98a72be0cc079b8e1af0ee6491fee10520a1fa694fd692d70787e" }, { "key_generation_seed": "d76b3573f596eb286ab5231feec7499686b13021be36cb126c7ebeb9d7030daf248c0a21ea0bb6d6f56f12300e8584d8e9a34e0e6f52227281151ae4c305fb8f", - "sha3_256_hash_of_public_key": "4359601c371b50b50b5306de33cfd476d3b5f811700dc4918beb345840244e3a", - "sha3_256_hash_of_secret_key": "6f2d2c913b4a19bb07b531d74edb549659a35d1330b1ddd62c74dac4bc5f061c", + "sha3_256_hash_of_public_key": "ee3fad17b073dded30b6531f854523002db21673437ae275e8a4d702ef311619", + "sha3_256_hash_of_secret_key": "092c1cde9a894c7ac542397cd7ad5c147055259fed7a91db55d761b01e0d5dba", "encapsulation_seed": "75461decd34c50d6a094b4a64fb75e5e9479f8f9250d82bb7d729dedeb2d4b65", - "sha3_256_hash_of_ciphertext": "a6130d387a04846c8b920f94f59d6c65b4954b6ced0f0d6a8566a0110c198a08", - "shared_secret": "249855eb724db68f7367385c45a3206fa19c521644f8841b7a73f536ca47c26c" + "sha3_256_hash_of_ciphertext": "28692f010feb0f736aa9c04aba9200857d9aa9dac6efe22dacf9b4c1d3d53163", + "shared_secret": "fa205e16b79ab208250601b4ec37f6a13f6851b94d93a0899a395d623f543836" }, { "key_generation_seed": "b87439fde81c9e39eebe7cf741c685785532c1dd23e8ef868b9ce7a541010f3d1646460817a0fce5836bdfe124a7448e7adf7b8ecc2652ac6d280e986682df71", - "sha3_256_hash_of_public_key": "e1f6c5a99a49d6b1b4aa18089439bb4c56ca465785bb36594ef2ebd3af20d564", - "sha3_256_hash_of_secret_key": "fcc14cdacdcebc6d1933f1ec9d430c643ff5fdbd78d2fe053a8880e6ee8ef129", + "sha3_256_hash_of_public_key": "71c37cff80f992f3359ded64b566956adfa3266cb05f171eb644711d3a2cb4b4", + "sha3_256_hash_of_secret_key": "9a8f61cf678f26d95f894db02b0954989bb3371a63846951e5cc7a80cc876d27", "encapsulation_seed": "2607dcf4fd6ca1c614c21b5e37c24981c32b91c8c3e6955777da8a3f5d9c9335", - "sha3_256_hash_of_ciphertext": "73a09eadd34a8be74772db44187ab49a2bc086b91848c6ff09f1306c264f6fe4", - "shared_secret": "f1be516b31ed89cb70bcf428a2ba2c22b3919f8a9824a59b875ff1e697095ae2" + "sha3_256_hash_of_ciphertext": "be65e0ed279809360ad843946e4d130197990be0a3c5fcd1abdec60d5657a62d", + "shared_secret": "11e27d94d4dd5a8e8088e281608ed424a9384bfe96ffee3b6305d17cddf698fa" }, { "key_generation_seed": "056661b38038da4fdd7426f32a81576c73ed84843b305168a374f934e27a4e1b79238a80dcfd7c992d84b2dffa67493e669243d4fa38c46b090bdf86bc548411", - "sha3_256_hash_of_public_key": "b8aa8568431ffc4681caacecd4475c838cf7348402a06413e7a9590ba405ea5e", - "sha3_256_hash_of_secret_key": "f1e4bb0178d949637c06e252493235480d3ed16687e9a1c36df0721b29a7573c", + "sha3_256_hash_of_public_key": "6af202d9ad3f2c7ca61993e238140ce8550a5f0c39147130a5313c8c02d68de7", + "sha3_256_hash_of_secret_key": "2c29ab0dce04a8f397880e3439e36d03be54ced504f1cf632e42fcde3dd4e1f7", "encapsulation_seed": "38c89bbe7145c29e9a831c11431eb9929cb24fb4992db20737e4687d397fd732", - "sha3_256_hash_of_ciphertext": "24392701d3f5204f5cad5662bd6526a178567186cc070d951e03593e5722eb46", - "shared_secret": "6ec4f71386c0f0c16294e4d76966c69c512d4e5e00a6e05c5aa544e542454225" + "sha3_256_hash_of_ciphertext": "775897e9e4f79c835ebd2199d71a9749fe0dec91377e6d95e4027fd91cb468d4", + "shared_secret": "86d765b2917cb98458fc5f5d26cc9a28426655a73109ea65f61377532c83c280" }, { "key_generation_seed": "a1b52d871612a1c611ae0944f9e71858f35d3bd14f20e96a931720668bdf0a6b1f135cf64b6403e103afae34da038613e2853bbfc36baafa3c6a95347193f37c", - "sha3_256_hash_of_public_key": "984f4c4ef2371654067ce0f22bbe4648dc9d87eee23842f31affcdc36328e8db", - "sha3_256_hash_of_secret_key": "240fe3ab98047b1985b22240622da9669f7ecec81801861ea0859704f3263f6c", + "sha3_256_hash_of_public_key": "eba48a8a50609e70baaf4c552f680f0b02afab2da76d8833a2cbc3b6f782b36a", + "sha3_256_hash_of_secret_key": "1c5f35b107f7681236d5d4ec8bd88a20f5788ac034394fe92b5b3c43fd77c03a", "encapsulation_seed": "b2c35e33c72d90182791f0e12a0324f5b216efcab2c8da1bee025dfbe13f4152", - "sha3_256_hash_of_ciphertext": "f190fb70fe762db7125e3ba3b459e32bf99775c3c1efb84ae1776b50206db7df", - "shared_secret": "464274dd39f2862a97833631ac446642b3c3dd6467c7d2404aaa46a8f5f65b3f" + "sha3_256_hash_of_ciphertext": "76f10ecdf3391c19c9485c6e4057a3bb4c942bda9498e552a9b4d653e031ab29", + "shared_secret": "5f83d8b07d320694b387d4ac6084fea240a41f02e66a12a7280e5078ae0ce208" }, { "key_generation_seed": "952b49c803d6d6fba69f4375adce8594847a00bcae2179da49af2aed0423250262d7033947ae42ca53522a65fbafe18d3bc3e0cb66164e9a094fe4b44d8977ed", - "sha3_256_hash_of_public_key": "74841a59db1202eb2e3744bb36b9c5a229a33cf9eeafca4b3d02d155d870b6bf", - "sha3_256_hash_of_secret_key": "e808e7b999c5bedc14a1763428a3f2b3eb9c3f90743f8a1922c87b5874acd79a", + "sha3_256_hash_of_public_key": "69835f3a1f1d9511e257abfead77d365076a5c423ebf1554cecc7b29c0a61b67", + "sha3_256_hash_of_secret_key": "94e39fcd2bb008cfae04f152dda76e80fa77b4c0f38d736e873d4fefeb09cd60", "encapsulation_seed": "afb7d6dc2b7eb6d84acc080c1be63c98afe7b07786b5801f716444a3e8e64800", - "sha3_256_hash_of_ciphertext": "675ff34f87383d52203c979d1502e2fd35d9da09cc095b44caa073cf58562ba1", - "shared_secret": "99dd968e1f5c94c6c4d92e7eee393c802d8ea4a34d39de2048eebfb21a0a4b9c" + "sha3_256_hash_of_ciphertext": "969609353a83a8073e72f1e2f3b2f3e618bb4199fbc3bd1fb884cef8ca6f3c37", + "shared_secret": "070da4db5d59e004607fef8f49379692999d0d4cb63dab350cf8c546fd954ee1" }, { "key_generation_seed": "3c815e57e9233e975fa1630208aab206b71ae0db37a7a8789ac683d9f9b2d29801c8e376fdb140ee343106c093af7cb149b316ba79446ceb4e5e0cedb9b164f9", - "sha3_256_hash_of_public_key": "f7243d71bcbb46b9a423431b3b30947eda5fd81b526cce79a36730d8ee1be42c", - "sha3_256_hash_of_secret_key": "b1e6993caef04e00ffcf42c81ae97c6d89c5c19bc3b3e1235c48829151f8b4cd", + "sha3_256_hash_of_public_key": "3649c5c2f1142a51eafdc3edbdcb3c5150c608d828b7e1b9c1ace00f9a548fce", + "sha3_256_hash_of_secret_key": "636e040204dd2c953f1178927d44462d7f58fd2da80f35dc4a86b82abe1c0a00", "encapsulation_seed": "28f5e9dbda122b2cf8f3754fe9e0c73a84ad4b0c093522e0b62cf815d60bbc3c", - "sha3_256_hash_of_ciphertext": "319744b03f01b7676b3975b70d20698972d5492a2b0c8e0833837de36945c699", - "shared_secret": "0642533fe87a2913a37847843f7336a0e4c47f778afe5cc95433948a76ee7ecb" + "sha3_256_hash_of_ciphertext": "4fd78ed5eeaa3692fcccd2d876499203ac064c46955839c3f8c3cd0d96114647", + "shared_secret": "16d4d64c78114b5fecbb99dfeb59623cc33725e9fde5fbfe1f805c05ea7c6c4c" }, { "key_generation_seed": "588760826dcfbd36d9abe6ae44a669bb3ebba6a218eab69e30f18a3bd536576e0e860576285483bb5fd36e2f944d32c4317bebc1e441470c1372046a790d79d4", - "sha3_256_hash_of_public_key": "4092d5afa2f038f879184f7344800ea49a63543be9600bdc2b18420744588290", - "sha3_256_hash_of_secret_key": "18b8bfec268d6e1d6edd376689f2bc5ffbcdc859cee0a26ccf550fb42863d57d", + "sha3_256_hash_of_public_key": "f651c0028e1e5653a53302082d4e89b76b6b6a939a2f2f5b6b7d5931ff3ed6c5", + "sha3_256_hash_of_secret_key": "bea5f349a7d0d1b43888db9ffb786c53a2cdc44b9ee3609a761d54e2cc0967ae", "encapsulation_seed": "b0d713cbef0bb1df70cbb425d1e9373e9f7790fdc7980cc96a240dfc53f1e8e2", - "sha3_256_hash_of_ciphertext": "4fb1c5f9a918a9077f822c79ec0697dd6dd7b23ff3cfffafaa272dfb1233bf8a", - "shared_secret": "a226b83601ae0e6f76f9f08b0a2f6eb30a3afaa39ecf5c5671e988a354fde9a7" + "sha3_256_hash_of_ciphertext": "f1cd1b7442fe0ecc78a1367ef6e8312ca049acca88defb0b8f2a8c41c30b7fa6", + "shared_secret": "7822319b0d51be73985bf8e42d01dba870be788b62f9fe8bac94a109cf202111" }, { "key_generation_seed": "47550e9edacb6ddce3d9ab81f6b61080dd4f2693854acb05e0ccc7a4fb6390fbf89d7d99d5c3e0d10d6ef9af054d842375f695abb28e3b8eb495100f04306e92", - "sha3_256_hash_of_public_key": "ad7166f31b2650d125c8ef23b5825fe11afe25d0cda306fa6c7a824b4c2d31d4", - "sha3_256_hash_of_secret_key": "0124d8202fcb0c40d7a6cbc1570df65602f376854abd55ea664f66e3923b3d56", + "sha3_256_hash_of_public_key": "63a647d85d1d66436cdf42ca198a44b31aa9f9d28b0311fb858cb5ecf74eb770", + "sha3_256_hash_of_secret_key": "c1b16c7d12d066bb93a9cd540a3d0867571946feef80ea31d2dfa91d612332de", "encapsulation_seed": "32bdcdb7059fe27f6409901980c080308951ffd90deffa8317b4d213a5f04495", - "sha3_256_hash_of_ciphertext": "74501710705cbe8837e88dc8986d78310ea57196185e3ee3ecc8d17d8cafa7ac", - "shared_secret": "3040e7e4eeb844c1385a78dc3c8a6375880ce8fab92827460de1825a4915c3b6" + "sha3_256_hash_of_ciphertext": "4cd20e03ec01cc4b675248b92afec87e56abe0550059302686c82e3ee40c7021", + "shared_secret": "3f338dfaa091406b88dc39f5e82ec7582b90e4066882aca5ec4be352d4cff72d" }, { "key_generation_seed": "610afb64be8cc1df288cfb016ee2f44c6c07113de7f6fee071fe0c3fe31c6215cd292e4c5f9e1a55e0489bceffb204d672a6215f4f3980a646d9f880817c52dd", - "sha3_256_hash_of_public_key": "37933cfd8c0e61085f2ae264d85c4ae05f8bd40bf29976c6d52e4f1c7ff709cc", - "sha3_256_hash_of_secret_key": "e9a6c0af326ca00c7f8ee0b6ef5661be3a84c39165ff60fea5510cb219b8f788", + "sha3_256_hash_of_public_key": "53729573ce2f4f51da212385808ef436eecdb8fb9f3c8346800beb4b9e537d1d", + "sha3_256_hash_of_secret_key": "fa421cb5d87cab0678d9a45a0c195d97cbe2441d2d15b6dc5c7a3342c74bc87b", "encapsulation_seed": "4ed7c92d83bd03b2a25b567f17ae55542e2f6a4308ec0f3fe69f8ba5ae24331b", - "sha3_256_hash_of_ciphertext": "3fc676cfc433cccd2d248824c4f51406491cfd99bd05f863cb4200155ac471c0", - "shared_secret": "d990008c5eceab7097524d6755c663ba04599eda80560d59088b21cd73243462" + "sha3_256_hash_of_ciphertext": "3bb045c0ebb24dc551fdb039d5148b92c54bb8fcc2d0ff0db51dc458b271ebfb", + "shared_secret": "59c094e831e466b4329ecc5f2f627c2bff4d0a1f1f3454f5b052fd1be7d6358e" }, { "key_generation_seed": "e1953800acaa85ac02a906c72cb8e8d704e8d27820345f88f71e89c1f549afcc8c64c049c6dfc0f1476cffd520b055756162f7ec94243de6b14ac0b9e5fb366c", - "sha3_256_hash_of_public_key": "ae96ec4edc7ee08108fe6c0411a96f48731066ae4be12edeb7fc667039c9c1de", - "sha3_256_hash_of_secret_key": "7110c8c6d14a3cf5dba3e5f2ecda1ed1490e62b032f798139b779054da20985b", + "sha3_256_hash_of_public_key": "60166dfba8564a4a16e7f53e467431528a6e2d8b62b614d427846b701fbff5f4", + "sha3_256_hash_of_secret_key": "fa278d498d445abcaef069f687508dee4f48a676739bf3cc1330216df98930d4", "encapsulation_seed": "060ea5d2ed1dd88144a9885e79278590821c22917b55a48920f96b53ebe0e689", - "sha3_256_hash_of_ciphertext": "9b33f0f26252a0e1b92f55f4c0f979efd5ef68ef1ed6f23bf23e5eab1c732ba2", - "shared_secret": "bd50423b4ef27559d67532abbfad2a3a388e3dbf4d7b6488c2b48f19cee07ad4" + "sha3_256_hash_of_ciphertext": "32171c5243f2acfa4801076b43263d7d0db72262638e39f149afdc488026dece", + "shared_secret": "b2420d66a17633b60ca68b5c7adcf36ce7b39ea418b39e63bf68288a5af09112" }, { "key_generation_seed": "c719f9b2d16399b7326ce4eca30dabefe8fdaab18e9f6df888b0a134ef355570e40771856eb77e4633504899fcb86c6a3d433d0b8d60e26f07bd61f1d4ed69bd", - "sha3_256_hash_of_public_key": "4e23909b028699d6677eabe6bac4bc4e8437acbc52b0b17f1df5760c0455c2b5", - "sha3_256_hash_of_secret_key": "63ace19297953d106cbc1df1a25143a15772197c05aefb070825ef568eafcf23", + "sha3_256_hash_of_public_key": "a96998e3f52b93dc875dbbd503bc67beeee7f1e46083868f96edb9ec3601dad0", + "sha3_256_hash_of_secret_key": "963ad136496def586d9fedfa3897bfa4a59ef153bd7aa0578dd6fa773d1b141c", "encapsulation_seed": "10ef9426f8c4a13b52325c5bb4ead4596ecf2c6b5bd2d37d8350e90d4164fdd9", - "sha3_256_hash_of_ciphertext": "7747110bc34f1a35fea13d10fffb950a85bd6d9247c89b2071afce7544b312bf", - "shared_secret": "38e3d97b0547e648b2b722c4844f59ed43dcc4b40fa7dcfe6184c2fe62ab3530" + "sha3_256_hash_of_ciphertext": "7957941bc3aca55fa93fbe56e95e52e6ab9a47011849892a933d0db1d6e2874f", + "shared_secret": "a108c039dd241e403afae065b37d609b13afe12380471f5b398f5a66ccc78f66" }, { "key_generation_seed": "e9acbb774be970206c3a738e243b420805a509fa59fa902044be2f0d013650d2ded5edaec5de3bf5b4d7c2f2e18e87f499c1968993eff196753db8045e2c8ba8", - "sha3_256_hash_of_public_key": "513906f5bef81445bd210d63fc4c9b9ef0b61c17b0cd5b229a45908fcbaddcec", - "sha3_256_hash_of_secret_key": "11added546dd697edc51e8ed16ca3ccc9da9629c4ce0c8404d04de1aa8b8114c", + "sha3_256_hash_of_public_key": "087881ddff4095efebaea305138bf83f0e3071f5494c3ea5bec8f775128ce60a", + "sha3_256_hash_of_secret_key": "4c80c1ce1f92782a34fc9f5d6c87e345abaf8a04e09106b5b6add9661db03246", "encapsulation_seed": "a4bd30a64cbf29a4e290fa1cc1dfb99e68348713041e4409a1af23c5d80c15c4", - "sha3_256_hash_of_ciphertext": "569f8e9da2051bde67bd3ff8e81e3b4e749b198586e2ec8d0544e6a8793aa782", - "shared_secret": "cca4f1d172212f8c23eb5da77144640d821d2671f66f0b3015d0b46e274e193c" + "sha3_256_hash_of_ciphertext": "5147c831bab955521767f2e664b5670b04e7771b253e70f3190673fd7fc61fa3", + "shared_secret": "f37800ef70ba18d14be289229810194a8f3f6f8c3a8e71d85afc29d133663964" }, { "key_generation_seed": "c1b3cbffad4b306f9af0cdd3028876486dbe858875c9b6497fe20172a986c82b1c96249919cedc2369d8d739ab125e0d2ccb82dfebcd90240a545cdfe07511f2", - "sha3_256_hash_of_public_key": "4f8b3e9ae47d3b5b95c080d4f18440c24b0691c19f06f5547554697bdfe97b01", - "sha3_256_hash_of_secret_key": "cf4be19205cf0c2bd0eb0c1e7aabd40e265792bfc302bb0f28716c406585ca37", + "sha3_256_hash_of_public_key": "367bf894b2bffe5be757d54623b972fdb9093b0f54568b4f6f2e688f86ab2eab", + "sha3_256_hash_of_secret_key": "a5e2e3699996d1bbafc7cd22c8208d1290d5f102546c8d29049e467417c33485", "encapsulation_seed": "f4b66a7d3b65b896dfe100b2cad24b175a1168cfd2ae11fd704b835f6bcd311a", - "sha3_256_hash_of_ciphertext": "ce6e0b8523fc48a54f1b10be23b1e990a390e4e823d4483681ffbd2ad09f4977", - "shared_secret": "dd7816a8a015b2001258e665dc0e576ae19b10dba9704be9c484e4c8ba645522" + "sha3_256_hash_of_ciphertext": "d8298025f586761a680a382d3fdb421ad479864fd433ae2a3f3521d697dfb0c9", + "shared_secret": "cfab6ccf400c22dd43b0094cf8161fb453e5291fefb299719ac2e7000325d1b8" }, { "key_generation_seed": "ff7495b8575b5a98e4fd21fb4c3e58cbb60f14bef21aa74cf8802e3153f14807bdc370460375a778d1a31d01c42b66367ed8d9e8f84551002f552f0e52102b5d", - "sha3_256_hash_of_public_key": "c1b4fdc4929c2c7e4501ba7a9feb0be571e27c43fa96f9a7f934636ed9a86110", - "sha3_256_hash_of_secret_key": "5b475ff0aeb273c017d1e7d7cd380e41d50e634840e443a762608c09282f3007", + "sha3_256_hash_of_public_key": "fcda92e6bdb853f01617133d65b67c0d6cc83710c053a18263aa91dbdbef7b85", + "sha3_256_hash_of_secret_key": "a74fafd6744f0b25c1a5bac19526cbf0c233a56259a9dceecc8289762f188464", "encapsulation_seed": "1d7b03d3c5eefb8ae5799dc569aa668f1bcb8c86607b089d3530cf61d6380147", - "sha3_256_hash_of_ciphertext": "556aebca384b3876ec2c00d446239855602625800bd1ecf1b7eb3411d101d442", - "shared_secret": "e911f73a4c23637a2708739bd5ef842ccc57d32993f30d6ee1f88acf5093ebcc" + "sha3_256_hash_of_ciphertext": "156bd98a0b0cf3609f8b746a77e2e5ccb3f91b3c7a99490c4bcb79703717e946", + "shared_secret": "abdf30bf8e4ed92c05241b6f00895dc0d56759ac668245a88c7ffa59cdb48fdb" }, { "key_generation_seed": "bdc3fba1c32751139fc45bacffb3ea97f26573d804a5f27a459293d95190ed8efd5a08f656a6eb8cd20679930a31caa6a6331c4b133a6838c223ef9f769f6246", - "sha3_256_hash_of_public_key": "df4f164c11041dbe981d8ff2008757b7e694f564a298b92cd182129ade5e72bc", - "sha3_256_hash_of_secret_key": "1f836ed803ea8abe63224c016dc15468719599e06564c11e9f641eeb3634350c", + "sha3_256_hash_of_public_key": "2b8799c6382723886f5b8371ee58a35fbb48022d9c107ba6fb6dc5fdbd4ff573", + "sha3_256_hash_of_secret_key": "80a7112e497073a71d6dd3b94d017ae9fc091495ef66895f74016f80dbce65aa", "encapsulation_seed": "554f3385b382f4a46314de37ee3885addfc5332bd4038785094e0a832e9e8c2c", - "sha3_256_hash_of_ciphertext": "5dec68120c8c2182ac2b2995eac56b91df2ee9c9bce8e801853e2cee14c0d8a2", - "shared_secret": "572994fb967815fe8bf36cf41560dc69aeba8e32b13e1d25128585dbb0e71068" + "sha3_256_hash_of_ciphertext": "1f247b6e0f744630d3e273532f0cfda8dd904327558fbce528f9a0b3c02981aa", + "shared_secret": "9ac4dcbe2ce4c1b26961fd95fbdc719296829c8107260b8a21cf3dedb292eb7c" }, { "key_generation_seed": "447f6076a627bbc5ad7773fbfeb14b4ba9ac43a0f8b99fb6dcd5e452aa3c47ec20a7237801f470fcc2bd9fd7bea8322859b850f7882d362947432913dd068c01", - "sha3_256_hash_of_public_key": "ed722667caf175df48a3a346ec7cb1bcc37d67d3137ff7b7c70a07f202893a33", - "sha3_256_hash_of_secret_key": "272df80631771996565e673a4dd92318e87e625097f74fae14c688a24b558216", + "sha3_256_hash_of_public_key": "9590cca5e4b82099b66c7175c5f858851eaca730fd0c55edf9ae451e07bd366d", + "sha3_256_hash_of_secret_key": "7513342267898e9672039730d70ee926361527f5e705fc8b0c94326720f5e380", "encapsulation_seed": "38bf0033b779edf5367d9ebc01c988af90904c560970815837380650e4749eea", - "sha3_256_hash_of_ciphertext": "4214ca50c6c732d34dab0b460d7cd9e0ae97346fa50a67386fc35ca0ac8223fe", - "shared_secret": "92c63dee4666bfb34fe3095f65cd458654df578f6eac0ec75f5235e5da6a926a" + "sha3_256_hash_of_ciphertext": "2d17aaa231a31829d5dfeeca3ab60c761ab95204e63471448deffef21a3140c7", + "shared_secret": "d1e8a626ea8c5fa1b89ae3c05f745517eae6a8710dc1173083209de32cc685b4" }, { "key_generation_seed": "2d5df64d62cb07fe630310bb801c658dbf3d97993e68626745de39d37fbfc2b27b534537addaba4ecf14f02ab317d36cb9f0f50222ced7cf029dff8a0d3d2fd9", - "sha3_256_hash_of_public_key": "0c4dc82d723965476a518ea0915c1554bcc61c814c80ff120c37e7e8ed6d5c40", - "sha3_256_hash_of_secret_key": "d9e7fabffb14d620ccf618a1e25375d4cf58875c38ecc73587cd09b17621ade4", + "sha3_256_hash_of_public_key": "9b3999082be47443720bf6b573a95207d1eee1b3be613a1985b3d6f48dc64878", + "sha3_256_hash_of_secret_key": "28d72f885c3273e7ec5b3da2a7d91192b132785a6255456c1ab72bcb0af52847", "encapsulation_seed": "048ea516d0ebbd9f709b47eaac66f344c571cf50f0d01c9466aa061a50b66a24", - "sha3_256_hash_of_ciphertext": "651834fb53362a4c4af0b141885056f9db913c4be968c1aed3d7d3f5bd1048ec", - "shared_secret": "0e2179fc3d310aca496244699b05da9b7bbb7891ed41b675e5dd48355a586360" + "sha3_256_hash_of_ciphertext": "b1fdeaf6ba53b2ca81b68ff49a4f2e702b8748a517c607c91586a14091cb9e30", + "shared_secret": "a74e04b62bad015f2346f2d44395cf5e7c380cb5228c55e843ba8189ac2fd7be" }, { "key_generation_seed": "25056d1b8113bb362dd979d98643d7a7ac9c4f95994c0ba060609b6d07002ff3f48a9254dd40b117941fa35a66bb50296327b725525deef70e128ca8045ec451", - "sha3_256_hash_of_public_key": "c934c11e2eaa7c3c4e764863e436ff12fc9f517c79df6344ab98611f57fe7296", - "sha3_256_hash_of_secret_key": "4f502a9abdfece85347362ac4c7e2beedb137e29a4b638c9bfd710de432b5e5a", + "sha3_256_hash_of_public_key": "4e145d000a02fc34e2891d2047f787ad49b9adede43fc52fba6803172487e191", + "sha3_256_hash_of_secret_key": "8d78809d1756fa21b22e6db736cb753a61532c70e7bcacf09955295cc8ad5a7c", "encapsulation_seed": "686c921c9db1263e78ae753b1c9c2e7936b8229dca48c0942c56c6bca4f10917", - "sha3_256_hash_of_ciphertext": "06786544f2ea24bcbb677092f4602d59f9cc9d2d8211614dbb5b87edc6edc46f", - "shared_secret": "573a8fd5e5935badcf974c50cc36e191f0ae2c1458fb00d4117e675424d4e37d" + "sha3_256_hash_of_ciphertext": "5d33db9d704951852874c1d3054ff941eb9232fd5ae2b2891294b441c11b783f", + "shared_secret": "8feaaacfb4827cfb8e45729780e72705d15cad0e7754231fc4c47260a740b051" }, { "key_generation_seed": "e4d34e12982aeeb1d62fd488d9b9e28557ed3429292239fb4f76fa9098009acae6c45c7fc62329b13c8d29844405db8ff6860de474bf727ecd19e54e6e1a141b", - "sha3_256_hash_of_public_key": "5b07c8359e6ec4989c34b31293f4df965b5d95802afa5836beabb001d5cd4dae", - "sha3_256_hash_of_secret_key": "73973aaa43538874f8b16d44faefbd26dee5389a05fad2d4f966662ea9eb1df3", + "sha3_256_hash_of_public_key": "706781da8dd5f11267492109ea905a77270a67315eea1f5c223aa9378bfb8116", + "sha3_256_hash_of_secret_key": "02f2395283c2d9937477dadfeaecea41a59efe8cadb002f812fb248a527f25d1", "encapsulation_seed": "2387772e50059cabda53cb93ba24b19ae529496c03b36584169451525c4a0e7e", - "sha3_256_hash_of_ciphertext": "2d6085e31726d74e2ce2a28088ef3247b68b39d0d51c225df2521ba327bb3154", - "shared_secret": "c8d5e0dd64b4f3c6450fd24ed2918887d3ea2806479d3fcd5a19894f4fe401ea" + "sha3_256_hash_of_ciphertext": "d6e2df0b49a1d2fc1c71e6e03a6ad9c8e1fb4b8e4bdeeac89f442e9b4a010b89", + "shared_secret": "7837d532d751ebb2d4e8debc55c324f951e2128559c9f7db17fdea6e39bda6eb" }, { "key_generation_seed": "cd6a99396eb3539ca663a51e42063a3a262cc1c5a5fce1566f0597b52ad9fa325a3407f591791a5db4578b5972093a95bec3b8e70c1d542c9b5c9789729f8922", - "sha3_256_hash_of_public_key": "37f1d7e636b4ab366dd5725957b9e5d2498e4ee1929f2213f9d05c882d96a106", - "sha3_256_hash_of_secret_key": "1b150644ef3edff5c406fc9a85e16fbc87cfcf8a6ac726284483947cc2fffd63", + "sha3_256_hash_of_public_key": "243a93c5dc84bb3afe84c380645fad6886c5614a8735a6f718acc565905e3532", + "sha3_256_hash_of_secret_key": "552d49d03205b7fbbefca77e9e30a6c0f89a51aaac9893789b3d76d1f6830941", "encapsulation_seed": "155c29c5f0378df0cd0e847a80a07143cf7522fcd880c9229eb9feb1ce340cd2", - "sha3_256_hash_of_ciphertext": "37d80e33f5bde211a9a3f634f8505a816e46195616c34a51d62b031822201337", - "shared_secret": "f0691ad2fe875e3f0993f25452c70f0c40891b998deb6a7f7aa3c0bacc59bfce" + "sha3_256_hash_of_ciphertext": "f603f82a97b445df63577e653e487e40df91d9a46d5557e3b837ac509b558670", + "shared_secret": "5354347e316b6122fc62202a775657e779e82f6b292a11ffa2b9bb7dacc4f1f6" }, { "key_generation_seed": "6c8c53ed6f65e6b2e324b84364e10de42d1c26a106d4d1c99eee79c78586fb55b9402bf02481ce4b27a52e87feb92c4399c7f2988d40e942e7496ad15ad2aa88", - "sha3_256_hash_of_public_key": "a5383897314d60ae0ab1a8b50d6f5de454a2eb8b0502d57001e6e19223a82ef2", - "sha3_256_hash_of_secret_key": "38e8404120bbd346e0483ff7eeb758bd655ed94f6c02e427468f0c5fdbd957f5", + "sha3_256_hash_of_public_key": "ec53d050d5a81c049eab8f93e7768c39323dd805f12c6553c204d58cbc47d8e8", + "sha3_256_hash_of_secret_key": "7ee3dc7d16a5f35b1e7b95aa5b366d610f1ec652479b05b32a817cd38e917b6d", "encapsulation_seed": "a9cb9a61a3324b1ea5afe693b32784e2871096b2ca14a11acc9577c52359a241", - "sha3_256_hash_of_ciphertext": "3e819dc1fbc939e49bf5935fc8ac8c36d8c16da057091442df74a76fc3125fa0", - "shared_secret": "bec215c6bb33e83574319c839db1ca6793931d35a7239bf4ad3c4a493fe5c5ea" + "sha3_256_hash_of_ciphertext": "df6e515f367db5d67a94e591da79d2174eb697bb98cce0cf2d3b4730d1432da7", + "shared_secret": "634c1076627a11c878cb3a75e7026f50656e2a90614b6d76985998f51791ec27" }, { "key_generation_seed": "2107204cd995f1df14314d5381f8c5440f09a347502e161cffc0a2ec3dcfbc7324c3da70fe850e80aa818301d60c70f3038153866dcd5d179e22db59b8991bb4", - "sha3_256_hash_of_public_key": "500dd7b94b28b5b650d90962962bb9a3ae96e70d35723217f3f178cbe5659051", - "sha3_256_hash_of_secret_key": "5930b10cb88d66ad1ec117d2b134f921fe4ec980ed9c351951d47d33510585bf", + "sha3_256_hash_of_public_key": "fbeea6f8085943992ed8b051cf758a8b8166c1a1e5f818f0deb30fa1fa061904", + "sha3_256_hash_of_secret_key": "aff138640fd116a363a7872e6b9555546b8292cab1d873d09fe46584f95e1415", "encapsulation_seed": "e99fbae8a024ebbbdcef32ce213f6aa942e3eca925e5da4c09975d773b33a175", - "sha3_256_hash_of_ciphertext": "cb20903e6ba3a41f594cd09056c0a7af4dea86039677761e88dd6818db0d0e88", - "shared_secret": "18a505a0543800a93ab6e2fc1d866e22337fc8387d32541008ff82a73ce7dd31" + "sha3_256_hash_of_ciphertext": "4880cc1686aa2f0c4a867fd6172a668dc2ef70c08be6d7e4686294d43eb8059c", + "shared_secret": "39be6e85e7c17bd9e17a0ecdeb3e60f75cd5fe7913e7556ccf166d24049b6abe" }, { "key_generation_seed": "63a925685a8ac5bbd918faa33ac397d1ffbcf99135d9da7c3d6ff7aa4c50af3d3afdb8a246a56ee71465591831c371f2eb87467b0559dedd776ba063ee6d2f93", - "sha3_256_hash_of_public_key": "3c4467b507971523509bf97d2bdd733ad9eb94f312e4226d036e8fe827a20533", - "sha3_256_hash_of_secret_key": "76e696d5d7ebb4e2035507601f66f38d74db35d3c76b3622678a2c65ec7b0f69", + "sha3_256_hash_of_public_key": "aaa698c34e1b3b6ef69049a883160c66533c8a65249aa35006f003d4eb4350a4", + "sha3_256_hash_of_secret_key": "7b84cccab002a139339dcbc077ef8b1b5c7429fb30be5674953060b2f98ae126", "encapsulation_seed": "67a216f37d67f5e74f782f1badbce1cc8c80a6130aec305b421899a4faa0a6c3", - "sha3_256_hash_of_ciphertext": "df6a835ca5253cb64d669990a60fe03b44a4a2229beade86a2f3f2381d33f09b", - "shared_secret": "f155d993eadba79e6c2376daeb7f935d39286b10615ab42c5803d43f15960a66" + "sha3_256_hash_of_ciphertext": "5c723e6dd1397474a4b1b6c00a20fc06622542abb6b0e2636c33c7a5628fc1a6", + "shared_secret": "468a5377e8dfb3c0f0b79590876887667c470a1855c55d47ada807cee4fbb8d8" }, { "key_generation_seed": "6a1aee5e708c1b47f02bdacce4f56c860f74fc7cfec1ef3b58285b1c8ad7fec2230e05b7114ff0395cc6634db1eae8258072d09c09f291e92d6620b177dc50d7", - "sha3_256_hash_of_public_key": "69ffbf2275f12c29cbb69f90a8c881721ce39b49dbba550ab93a2c4c94bfc669", - "sha3_256_hash_of_secret_key": "76d6db646c55687ff9eeb3f359093a7105a7ef711bd60a4ef7f1a1bbd70ea24a", + "sha3_256_hash_of_public_key": "5499cb370a74dbc96de89daa52e6af0482648e3995fce28f7b7c0daca7b78f1a", + "sha3_256_hash_of_secret_key": "2eae6d707dd0248dfc530fa6a198a45fbf4e5f885eee6d5448f2775acf090f98", "encapsulation_seed": "52b19fea232c9154a3e431e9d69cda40013cf2d485c3cd027ad24e645420420b", - "sha3_256_hash_of_ciphertext": "677fe79386a26743faa6fa1c79576e3f898da432af70e1f45a73b582b4c976b9", - "shared_secret": "4cc8728603d51b14fca46ebaf01e6b6347ee9c71d192591ee857c206d131886d" + "sha3_256_hash_of_ciphertext": "ed38a7b142a04bdbe45124630ff7f1f512873379dabc54a83b401b0240747ef3", + "shared_secret": "fc48d9dd239e6fea212e83f63e1dec4bb5fdad92a33d06ec3b5dd53bddcb1d83" }, { "key_generation_seed": "6396b328b100e4c7f4bcae69875edea1a1982421558c608c13c592bf7b5d0fef1100ced48add211a5c937b8d6079d8e271af3f949edc61f70e60453aef20dea9", - "sha3_256_hash_of_public_key": "41bbd3f5c241a6d65b510dee6662e2a8f35757b0403dcd375e7a15991a7873c2", - "sha3_256_hash_of_secret_key": "256673d5b2a0225515bee64da0105c167d031405098819b6992d01c3cc711bdd", + "sha3_256_hash_of_public_key": "cfb4f6a03bb7707d37c80474f92c12748b37f448186584df115ee97c195d45a8", + "sha3_256_hash_of_secret_key": "5975c8b0cf8a28eee5d81a37b5a215cb500695054dfbf81ed358523ea47f05d5", "encapsulation_seed": "64440adb05db3308b189bf999f9ee16e8ee3a6ccbe11eebf0d3ae4b172da7d2f", - "sha3_256_hash_of_ciphertext": "9306db283ad2a844ad6d266ff6c7bd8e9b4ffddef78d656c9bd06d52cdc52c74", - "shared_secret": "fe5dab115160a7200005216d7e6e7dd8527f9c2eec34f60c6710ee21f7f91730" + "sha3_256_hash_of_ciphertext": "216f208bc652bccc0b12ae438a38797293deb7167d8d1f332e6f10c40cc33133", + "shared_secret": "7f0ffa83f99901f27f121557ca2da03bcdee03d808e0e4421de3a07c86764d88" }, { "key_generation_seed": "a453bcacdd2b0d4646009e5ed451c3c45f08fb827ef733db3c517a9dc1af93e67a3cc8aa3239d4c52ce4c95afdeff6efbfacac10d294edc0e7cf4535059bfdba", - "sha3_256_hash_of_public_key": "290261ff6a1d2fabc75feab002d16cdc44bdbdd0967c728ebef0e9814c60b5e5", - "sha3_256_hash_of_secret_key": "beb5d2dc34b1dba8c87e4ca2659ed8ebec2d93be0e2d78285efeb9fd998f5805", + "sha3_256_hash_of_public_key": "20179b32e6faf885f946898d545245757425d719681b0b2ba24d49340f931cf8", + "sha3_256_hash_of_secret_key": "d687a63fd70c35f193671ff82a50ef837be2b2eda67a0e9b8744c7eabc6de7c7", "encapsulation_seed": "c8bb46b3a7344ad170c2052fb042b5a3b62e0590562ee82577b1081f6f114d16", - "sha3_256_hash_of_ciphertext": "7f94b2d97c0821593745e9b5301a66a81b75e71b15c8c21558c8b8b077d7af5b", - "shared_secret": "ba33ea19873105ed9690d40426b2cd24073c822eb86120a4fe8617b5201f9494" + "sha3_256_hash_of_ciphertext": "3e1e5f9367549479c085b900389919c611a7bebcf979b8c43ee7d7d72d225ff0", + "shared_secret": "6674a584a85e1ef11565916b1779603295226e1eb7ce22a3e06ebf19dd468a51" }, { "key_generation_seed": "47ca2b77c5b717f423222c2730ca5cb9c856bc951d01b2b2c80bd76ccb5539b78f1481d7cab000e33fa07de8dc9627a85e76fabb4428a3376e66300cf12a0787", - "sha3_256_hash_of_public_key": "7ffefda144195d79e581c91cdf0247f4346e811f890f54f25226b4ab835871a4", - "sha3_256_hash_of_secret_key": "7b85555898660cb43a060e367d9a97112b48e3b8f99d437161cf6ba44b5c6922", + "sha3_256_hash_of_public_key": "fd648a3b658ce84640d17ad1564189385fe895b25cd30d122a90decaa0583b90", + "sha3_256_hash_of_secret_key": "c5562a802a836830118382c2898e583468c545dd1274751f5544cd4ce4c94039", "encapsulation_seed": "2e2b70609f3fe029a14d09d5d659871ac776ce2797a0355f16e2eb68f5613fd1", - "sha3_256_hash_of_ciphertext": "310c7f22a80995c6e375122f1395604faf5f72fb9fd6819597aba8f370327647", - "shared_secret": "2baf80269b225c66a8c35c6f835f15bd6949ae2814cd8c405a0aed313a637701" + "sha3_256_hash_of_ciphertext": "89612e82e316ce94bdadac797c4c1a2fcad9b8c3f4944b68d41c06a3572b1f03", + "shared_secret": "6843c8212348defcf5017ec29c620642d127ebc33fb539c4d07cca88e5a3bd9a" }, { "key_generation_seed": "aaf6eb40e596a5e3e8218871e708b089240dcbe7fd3641f0e5e41e071ce49107e2f8d320ac3cb0c52efdc753282f092bc39baf4a18783a48ea031a191865eb78", - "sha3_256_hash_of_public_key": "13dd780ec5347c512cfabf4c2e6a44cb2b17993c7c746f93c1400a5db9f12511", - "sha3_256_hash_of_secret_key": "7732b2a074d1c0aa93106ca84711edcb7b8a369f3873cf89fbcebf0d32176f1c", + "sha3_256_hash_of_public_key": "b08a2ea8e2ff6fa677e3c2ba136c16dffd11094ad7f4ed4c5e7c11e3898a284e", + "sha3_256_hash_of_secret_key": "d5f6f0b2c1f19f49531afce415d0c5f2e72d599a84776637a5da8a5865a0bc26", "encapsulation_seed": "4725dd8fb314bfd8ee23731c2341dbe114606d9abe6434c471b5573e7df193bb", - "sha3_256_hash_of_ciphertext": "b0003e684b9ce6f284d9a746cb806442e5443430bed95f2e8ad7ee824fb3db2e", - "shared_secret": "07318e8edf0ca8f30f49fa906ec814e40ec52922f2c0ace243386ef2bf650000" + "sha3_256_hash_of_ciphertext": "66047d58d1d1df4d6f437392d9dd670f8792f5c153a2ca1abaad3689510ea9c4", + "shared_secret": "f09ab02775dcc52cbdb2a5159181ab535d1ed680df8fe320856b547166c2abf0" }, { "key_generation_seed": "6500f32c93415cfdbc0bd31d78d5be95cb9060c8cfa2013955b56f8b6868b322393308641a9a4647f230201e1389624a296b55192a9819fcb19ab77c25f95445", - "sha3_256_hash_of_public_key": "d5acaf411ccb64500879102d9cdf6d9fcad673d874a4153383806fe174b2fc1e", - "sha3_256_hash_of_secret_key": "e5c3fdb9d8e92c42ad48684f0fe13aece244d116f8a6d09a764aaa090b3375f2", + "sha3_256_hash_of_public_key": "c27bb236759e3a2af7553c03894124a6bdd3e3c87def1f1bf3e01fac4709aa9b", + "sha3_256_hash_of_secret_key": "6aaae5e7b8d392e77bf723fe8fe16b30ce42fbe9d3c806ee3a8ee5f801083f82", "encapsulation_seed": "818d3bb8ebfb32bf464775f7139bac0a5bddce80ec5798595992f9403002cd5d", - "sha3_256_hash_of_ciphertext": "9ada65c57d8292e9a999ac102ef855d5da932a54f80f3d976fe1ca834eee5964", - "shared_secret": "38b5d71f3a64feb2cd41d6b7a4ac5440707770dc4c472c3ed141165fb7e8818f" + "sha3_256_hash_of_ciphertext": "e84eaa23591588e358ed2ca695c3bb3068d33c878456b1d4f6776736fbdfdb37", + "shared_secret": "69c261cbedaf5dd46d3305a59efc0de94b0f31d8f993870b40bf5de2a99abffe" }, { "key_generation_seed": "7643cef2d62cc5aaeecf754653ea62294cd2208e5bf3ddeea209e3dc45373d49eac9d531a532770837a854b4f5531f6e0c8d6c10183b30d3435498c2dd142951", - "sha3_256_hash_of_public_key": "152641a683dd690d4ac3edf0261200cd9244ae7dab962eca2f3d22a554d0802e", - "sha3_256_hash_of_secret_key": "7afdb84b3806783db52ef1f5f0ff89ccdb051704cfd19eec3e2f0830c3b27550", + "sha3_256_hash_of_public_key": "1330f4828e22a13ca5031217a3d8e6f8ed708a7026e1a96d8ebc4fd2f54b5051", + "sha3_256_hash_of_secret_key": "144f2d8c4a87beb0d92facc2b8f799e176a493dd7d1bb93f1a442bb9b51709e9", "encapsulation_seed": "c92aa5fb91c980d9cade9ce99d4c75b2ffa7d6a6ff9bd59def1aa701f2a0992b", - "sha3_256_hash_of_ciphertext": "499ffb9a28fcc692e7d61df4696b538f1bbb205ff82d604512220a9e19d87254", - "shared_secret": "368a5e417f4fc728f5080e8fe206ca7558909f6537f1012a58b2d9d45b7c6a8e" + "sha3_256_hash_of_ciphertext": "765bb37de257e28d5930dfc8383758c8f81ecb71c01876babb15744e15cd93c7", + "shared_secret": "d66f47c870254f7eb7ac771dd6e7bafe94d0dfa62240da301a5cd05f2ad7cd4a" }, { "key_generation_seed": "f8ee95521060c03bb8dacc79f7eb7db640f545f315613a35d447a09e504cb4e13fc3d8392cb53f36ed647364a04e37278a0e0a45b720f4a75c580c9920eba98d", - "sha3_256_hash_of_public_key": "9cc95efe512c84010ccd7118a92522cead44cff28d6e223f76702a47694c8f05", - "sha3_256_hash_of_secret_key": "d9a18ebc4b027c9590d0e4eeed88705aaf5d166cc016cf6e0baa07f678f1f0d1", + "sha3_256_hash_of_public_key": "2a35c723556eb2782c7cf77ee75f8928f8038ee66db41346741fbd6aa1daf2b4", + "sha3_256_hash_of_secret_key": "343704d0299cceebdf5a863d941990ee6d7db9fc55065a78a1e9971ae7460af0", "encapsulation_seed": "7e8086a01dc5b3bb9eda25bcc45d27f99874841b97237968495800e007696ac5", - "sha3_256_hash_of_ciphertext": "d202a577a7acba1801e03c446279da6dce6f262a6b1bf06d3c15283bf69fca47", - "shared_secret": "7d36e561b501a687939aa880285d32cd6d8b66e2e65b2a076d5aa516cb5b2e6c" + "sha3_256_hash_of_ciphertext": "167bca50eeecb1d16f81528b307f617529637eabea5c5ade7d138fab600ad6f0", + "shared_secret": "166b559e963a2f4c7236e90818442e9d9b2ca49f91d96d54f239b9682d00b5ce" }, { "key_generation_seed": "b8bd0493a882e3a49b4e0f6256fb1fea0912562fd9ba26ec3d6c9cc12c8973abd7e4b5d8021c486b9c3114d7cbbeb7cd49eba8a61bc2bcae1f1bef30a1daf76d", - "sha3_256_hash_of_public_key": "8b12f00bf09aec2b492cf53686beb31c558d0493cc7b2b9a9dc7265fa9edb685", - "sha3_256_hash_of_secret_key": "9979de3ecfacdc04e1229773f36d7b4bdfd731ea0f1fc2f9d56ee1d07e9bb075", + "sha3_256_hash_of_public_key": "60d717ee34e223ead8139db400078cb308c3e1bceb046cd9d53f1a2abdf8f924", + "sha3_256_hash_of_secret_key": "ca228957fbf5bed26d0dda9acd13ae1e2f5173fad7bdee88bb35d38071dc2600", "encapsulation_seed": "bb321ef14d44d8698df879fd52450567657f52a2df8d111185dcd7d4f30a72d4", - "sha3_256_hash_of_ciphertext": "53f97fd2a138ceae2b327344c4947cbee6d6563a48d9bc5d8373c4bac5233a5c", - "shared_secret": "6be99cc08c8bf10372f7d5c27bc3ecd17ade8afb967aad41a1b33c0ff848a1be" + "sha3_256_hash_of_ciphertext": "470189554e2511ad9d7811ff10713a30b691bc45993a66e6d1e46239636be5e1", + "shared_secret": "c71845a26ce9635a0a37462bcae6dee1b2f6901e5986bbaef9660cdd5875243f" }, { "key_generation_seed": "c0407e41ddf48d333978b89bcf2db01e4613425b456249e76a6f25b8a2827bf5b2dca81e3f5f748d23c9d356a2209f6b2d60247b2e45c9808de497f64f124643", - "sha3_256_hash_of_public_key": "3c98fa4af17fd014a60d11ca5e929e4fa2524f7db289ce0947ad90657990c153", - "sha3_256_hash_of_secret_key": "2c370afe3301b0481b50ae72e21cbb1be37d2877cd802a1d40e05d9b4e6be502", + "sha3_256_hash_of_public_key": "566debcfc9a4f48f6f60ad57731445a7861bb9c371e4ee4407b35df5a730f36d", + "sha3_256_hash_of_secret_key": "ca7e59912a6c0c8de01fa508a82136e1a347de53ed87db3b277d82945abdf549", "encapsulation_seed": "210a423dadd899b810f011794b79aa7f860823ac1962370e791287d3a1afa384", - "sha3_256_hash_of_ciphertext": "c134910358575ee3e211603b58b3d6085cebcb91f32a355ff437fe87ee812e3e", - "shared_secret": "f6fec6f62257d9a7041f119fff60f734c928e945fe131bf70338f273c0614ae9" + "sha3_256_hash_of_ciphertext": "6874d348fcdfc527bb8d77f876cd5a2497ba205ed2d861ff7f4775286237bc5b", + "shared_secret": "66624ae1204f311caaaa567dedcbf695f48afa8c869b468142d05da1dccb1d66" }, { "key_generation_seed": "334382d39164d1989696a2ff77b25a28af8bead9883b5365eb6fcca7c1781cc9aba5068af837be962f439f233593d193ce5e08f7d66efb3389885927b89d2523", - "sha3_256_hash_of_public_key": "091210fb4f6fac00a24167d9bd2761e601db0a3734e3c835d1e9c5865b1e379c", - "sha3_256_hash_of_secret_key": "fb4bf08e0cd8d2f31969f75b420578f8d6dcd845824e427a6261931f1e1b820f", + "sha3_256_hash_of_public_key": "6ac9cb9123b99fcd75201ada0fd5daf1a51f1d069822d795f8e736abb8d1fcd6", + "sha3_256_hash_of_secret_key": "6d122dbdc5eda08efb5a403acdff8138b27587fa3ae281d07478c809a78f452f", "encapsulation_seed": "bc856afe24213e3d14c3d6f9b89223bbcfb2c890722d770fa3492c1e46d1c302", - "sha3_256_hash_of_ciphertext": "6076283588ebdb4630d85b2dc6dce53492e11dc8c9445597ec57042bf1e59634", - "shared_secret": "9c56f6d91af6741ac13f241f8c960433c0ed4adcc86130877ecc1dbc10573bc5" + "sha3_256_hash_of_ciphertext": "35220b822eb6c71995dd092638acbf4f9e8d21cabe6aa378b09ce3a4bd0c4925", + "shared_secret": "187e5b0a3b6f881c8c16f777d015d1e9e80917e49f39e4a5362539b7870bce77" }, { "key_generation_seed": "6995143e8eb8a6e93840f76eec844f67d2b5f75b1839a5040337e61f9806764a0f4dff8e56f68440836a072412a30d851ace2c7c6f02d60e7a8420001a63e6c6", - "sha3_256_hash_of_public_key": "6c206507b89f46c6e9cd5e78b6cc78fb3677ee609cc090cf3782c876fd5f941b", - "sha3_256_hash_of_secret_key": "c9123a2bac61c5fc4304da90862d8cb544a31da2cc8b8126ca16a71278f461e7", + "sha3_256_hash_of_public_key": "a7ea65e4729daac39a47c305ad3084af028e66f759e0e22469d0386c10bfc23a", + "sha3_256_hash_of_secret_key": "5e9b3520f06377c83ce56c67c0c68ab4a72d01069fb9b2d195224afdff9f1d24", "encapsulation_seed": "5fc00f89563e44b24cd67d0ce684effe5731619fd08e7d72e2406eb016afb66b", - "sha3_256_hash_of_ciphertext": "e57f70dde96de9e66ce28b7d1a3014cb095a8ad00d80ae7735fd499d57e2e6f8", - "shared_secret": "021b7e80dfd1258695b61aac785b0134ed6e9864d3cdf5ebd4b3ffdd9a5bbf06" + "sha3_256_hash_of_ciphertext": "d9cb296231393633b605db63d825a241d534881afb40165902a66b7725937b31", + "shared_secret": "3c4902f19d2eed8fb7470fabe5171d9f4530208c50521e6df3e8c568f8a24f57" }, { "key_generation_seed": "995eff7e0d195c6d0533f3dc194d47e60f9ad14696144cde694d60a95f3e96b4b28f7e7a15a005f92400ce33db073d49b53871594a88fc45e0f94207b5f0f2dc", - "sha3_256_hash_of_public_key": "0560200b8d070d1db2cbeedf3cb322ebbab3edb80cf474b4178633c210b2fc74", - "sha3_256_hash_of_secret_key": "a2424d9992c7e999a5b18e638a22d65e1e5d5029e5fac62a5091095897b3543c", + "sha3_256_hash_of_public_key": "21cee8b1f3fe43508e7bb3b567d02568cc93c39c3cc347e2dae6e0144714d80c", + "sha3_256_hash_of_secret_key": "c521b58e1826b153453b5a74824a9600e038adc0dd16b43e937c6198a7e16c81", "encapsulation_seed": "ea22a76065db4b565ee1807fbd813b43bde72b0e08407fb867c6a18995025e50", - "sha3_256_hash_of_ciphertext": "b5928a28fea0e5b0321439f9df86c6f10fa6203bcdac0cc94da7f7d6764d543d", - "shared_secret": "2c876ef4c2bd6464c5e4274d5360e210ff389325c1da4bda5495294d7cd126be" + "sha3_256_hash_of_ciphertext": "a3edb1125f6515bbe0d062ec4ef058d02475334aabf759ff3ee5cb8ce757b712", + "shared_secret": "2a9393a6e60be8ac438b247fd72c75c1f547dcae83c7ba7e791176523f4e5eb7" }, { "key_generation_seed": "3e809ec8dd0fec0d911a4e3fac20f70fbb128c5de94dc7184ca7310ae9157a98d8128601c28b1def8d393a0db283229f7c7383152a814e7cefe8ef9d9768c473", - "sha3_256_hash_of_public_key": "3a2484828bce833f9262405b562bcade9ff04877838558409d2b60f1b689d137", - "sha3_256_hash_of_secret_key": "610db3251ec079ce8003a49d64ec03dd49d89e82ae9f12d26d50938f4a3992d9", + "sha3_256_hash_of_public_key": "ece8e4c1277c5b64512a4b2bb7cc80044f98e2b654e5bf0f4ea520caaae1f2ef", + "sha3_256_hash_of_secret_key": "30465faed1905ad5be0144da1c46267e425d1dc7a3ed33849cf36f16b1a6f64b", "encapsulation_seed": "e9602b34fe73ad57f4bf6ead99743d645641553a5b9b9bf2e7016629e3e9bd76", - "sha3_256_hash_of_ciphertext": "723bebfc2e4e934fc9e35383c7f150d31d832e1516c66f8bb2effb449fefda23", - "shared_secret": "909b047e7f0fac27df2787ae406fdd66893a98d98e38a9f5b67bb5c8431a77c4" + "sha3_256_hash_of_ciphertext": "675290f48411a936f491022e16c9e0f323008c5fcb58b7e041ec362378f33ba5", + "shared_secret": "2d5b67aa0cf3c22c0cb58a11b2cbaeef150878a908f8d627457966ad96f2361a" }, { "key_generation_seed": "dbf1c465fff3d9f783bd9ee61a573715e45691147b8904439b5ffaa64f94ff7bb6d75eac6c76ced1b0a025b40a55440712ad8424672e761e9bc400d63812006f", - "sha3_256_hash_of_public_key": "bb8615509158b63be5f5e51a0e690f2ad6fd0c56fa886bd85902abd52598bc81", - "sha3_256_hash_of_secret_key": "3a4a1360d366376a56362fee0aa22756122e3c40226c770797c0baa82192bfa5", + "sha3_256_hash_of_public_key": "ef5c4f316e67ab8b72581b6eb228a8f357b716164e0388d504a7f1aafbb06d48", + "sha3_256_hash_of_secret_key": "731dd56855921d95b5dd55cd10c7986c4e2007e5a9911192fc4aca270ee28468", "encapsulation_seed": "f72b9080a6c051bbdb9b0abc1949034be0f89a9f73fe277ec4d4740c78d04a83", - "sha3_256_hash_of_ciphertext": "47cead6dc9f155f4e61afb233c6a8519f016c6f2bf7b1668ed9333daac257507", - "shared_secret": "dff8310ce364ba5686b9d42a17922b8d5e9259a176e38d39687a5269455939f7" + "sha3_256_hash_of_ciphertext": "1c4c64198564ef5a3075daa0f2a3f3ced4c1313293d19fa3b5bd90c23bef6716", + "shared_secret": "2dd5a204c2cc0e2e99265e4243221a99eb3c56c7bc25c442a1cb85ada77d40c6" }, { "key_generation_seed": "1f7cfd2b70863154e8a69d1758532e86c20cfc763d67c758bd10a13b24e759b5273b38bddc18488024ec90e62a4110129a42a16d2a93c45439888e76008604c6", - "sha3_256_hash_of_public_key": "5cf14252096e4988d8ecc4ac6d29ff09c55d666865863d03a68db523728910a8", - "sha3_256_hash_of_secret_key": "404e6febba9802464a188007c2137fc25a4c437611babc8fa8248a0e42e45357", + "sha3_256_hash_of_public_key": "191fc1297d126ae957ec70b3e5cc940f2649f5a8cee53a1feb5e68e08aeadddc", + "sha3_256_hash_of_secret_key": "e15911b9719d3f23a0e48c435610e7c90226aba4abfd19fd408c42a077a5005b", "encapsulation_seed": "f1e5542190db8ecf4b8d617a04fd3783ad0df78bf8dab749afb57db8321d151b", - "sha3_256_hash_of_ciphertext": "84765944d4602d3fca6333b699d98e4c8c9b3bc1570d428398a29cc5a7fb96c7", - "shared_secret": "faa9833781a7a41691f236feefa0c743bc141f458ecbba98eac4a51ee1ca001c" + "sha3_256_hash_of_ciphertext": "09d343c0bffc8ba7efdeea4c39d7cd9917fb68d2831d5fb006b9da54b3bdc81d", + "shared_secret": "f672d4af4d2ac0dc3b671317cacb5334b45c985f53c0d6fb7c3a24e5f88ef643" }, { "key_generation_seed": "3a19577908efd37697b8edc7fdaf47d1bd3ad01a1b77faf794bee5b9c3192a6fa3729672816f3eba84c9638a79676eeac0f22c8a48e0c5d50a26ff0844c66b99", - "sha3_256_hash_of_public_key": "345118a7b9bcc773f0ec10c3e353eb4365d2bbff3b812df4635d5c8265b5d8c5", - "sha3_256_hash_of_secret_key": "2eff0ff04aa2f95d9d2a877d2c3b4a09255fed2413da76e63506d0def33f42ff", + "sha3_256_hash_of_public_key": "5fb124740e9315cedb69ebbc969314e2b7469c2d2e2bdf2698af4bd116f0d12d", + "sha3_256_hash_of_secret_key": "72e032b42c4fc716e8549e83d1ec23495d8cafe3df52428e416b25fadd72bfb4", "encapsulation_seed": "74efa414ae171bf60b6f884cb7e5ce12028f49365daccfa23e845d551711660b", - "sha3_256_hash_of_ciphertext": "602b3893213ac6168e24c7c20d22a9c9126a9f70b918df134860f394795836a6", - "shared_secret": "0f47139a8b007c4ba77c91ee885435dfcd38d38c0aa4f57fc147f08b4751aa44" + "sha3_256_hash_of_ciphertext": "7b31918e3e6e1fcc9902554c431841cdbc3567a4244e83551e2c53fb34c47bba", + "shared_secret": "25c89884be152d8641686c8334cd51a4477be723cc9c0cdd6092531dcdfa76a3" }, { "key_generation_seed": "ae0f65e29f38804a6759f70f4d01e2aaff7fe1c91ebc4f892dd0de3ab2e68ea5e03ff73e02a217659f53d8c47556bf3d8c94040f630d63605e2d0f923579370c", - "sha3_256_hash_of_public_key": "772f50f7047714627bf76bc098e0b919145fcd8df6922ebac383e5c556738390", - "sha3_256_hash_of_secret_key": "c48cd8eced0093133d3d083baae0f69ebc3e239c373a41db9557c1a46a40d480", + "sha3_256_hash_of_public_key": "c5b86efedfe663032fd6ec053e7ae81ee85ae4b3f808156cd357c2b36db2f7fa", + "sha3_256_hash_of_secret_key": "37bdba44305f6131a06f3a0b6f3c28efd3214621918780e29c224226fbb44eb3", "encapsulation_seed": "0b4c3cffb2ba4380ead13dc0d8acad2356b448a810da1df29f264c44aab6d24f", - "sha3_256_hash_of_ciphertext": "84f212f6cac0f0e7a6a27630c0c33f98063bd57243b26fa086d6a37161d75f81", - "shared_secret": "182d34d0e83216d26a9d13301fe75a3aeb15ab145433965996255120cc9a5f86" + "sha3_256_hash_of_ciphertext": "4d24e8af5814687cf4da155fca19594e382d80fa7f3d8ae1c68884aef2f5e74b", + "shared_secret": "bdd73d5ebb59092071fd710a25275c1dc819f549b5cc34b6f8353d13be70189e" }, { "key_generation_seed": "6084a235f79dd093ef6d185b54e69df33dacee73a9bf2f379004421a10e3a79d9f684fb055ece19459eb464e91e126a7a6e3ed11ccee0046da234d964c985110", - "sha3_256_hash_of_public_key": "a9f015f625356a6bacbb5e565c70184940891589309a571b7166c2ee713b8fbb", - "sha3_256_hash_of_secret_key": "924859759e33e4100a02afca0ad0f0e631eeef3b4a70444267e921b0b6eb334d", + "sha3_256_hash_of_public_key": "5109d06641e916a660b3e7f849f08b9dcc32c47e4a7df2d5d4a374d3e5718a45", + "sha3_256_hash_of_secret_key": "4bf7f9ff35fa2e2253bffea929f17005279c0719fa8febc1df255c6f678a84a0", "encapsulation_seed": "1c82471dcdfca3a6942061ab4f3d5bf0d197321437c706d9cccccce449447002", - "sha3_256_hash_of_ciphertext": "935ed1ee90431bb81d67fa4c620c973f7354aa5dab63b51686501882e65a3961", - "shared_secret": "62a14f68d726235fc16e0ac57ad4ae0eb3fc029abb18567a4ee574b44924693b" + "sha3_256_hash_of_ciphertext": "1a1638dced3d08fd9808c56e8d21dee537dc59441f6f338b5365537ae72a723a", + "shared_secret": "cbd7e4a223241e16d0527cb926ff8a4c945f11314f238b121a387f9aae140632" }, { "key_generation_seed": "acd1c0217fad5caa4235544dd9de153ab1880ccf4c76f16f236fae4e4bfda04cf03a8abb0a5010f400ae5722a75bdf5a2f6d5b546b34d73857cb1bfc7e587aa7", - "sha3_256_hash_of_public_key": "655d6f749b0a013bec99e017f5e13bff76680a2f9386f2ac6938d7950d5fa1f9", - "sha3_256_hash_of_secret_key": "0511490e76eaba3b276ebadd300c394490589dec54468855977e96a33025e06f", + "sha3_256_hash_of_public_key": "1c02b230ed109318ca7c1470f5a0ab154b74ee3990ff20ca8ccb835adfda4867", + "sha3_256_hash_of_secret_key": "359e9f6908694d4bd14fb482783e801e14889d6cd7a98a1c2410ee63712f7a6a", "encapsulation_seed": "46fe60a18124125ab93e0c578f1c02f1bd1301595013001c7f3c2fa56cde294e", - "sha3_256_hash_of_ciphertext": "c28eea97d0767b408e58bbadfdff091ba468c26b585f22bde6f3eeb1fc7bb631", - "shared_secret": "4ceda11055991ce1e5d910a240981e39a6a903b20ea6ae6a21d9d56d0935efa8" + "sha3_256_hash_of_ciphertext": "085979adc5572c076d146124efc552305b183abbae0bb2a0ed48e9c61e0d4e94", + "shared_secret": "7849697d9e1c731b82ee49f017fd67d6bcb906408a9b09213b075f6ecb658387" }, { "key_generation_seed": "241191401a63afa750f05662e354dddbc683c776ce3222beb83e3cf913d7ed7ca59b3bd23b49a95bc1fad20070fec930b6060bd827d742b077092e422268e15d", - "sha3_256_hash_of_public_key": "1c3c2aed0ff6944819c93f9a9fe77d14a16a385f644de118099fd4f7f57db9a0", - "sha3_256_hash_of_secret_key": "0fb711641d1830a3eb4ae1a4bc2fc610ea9a811fdc5274488dd31f9cf52ec04e", + "sha3_256_hash_of_public_key": "e5a656d13cdb067db3640acd507a2fdc583369ee08e235663a202af6720934c3", + "sha3_256_hash_of_secret_key": "cc30f4f63ca8c0eb14fd5bdc1d20b52bae4ad17db73e5d377b639a8f38527717", "encapsulation_seed": "52fb7cb6a633fd2e83f2892bd9441b48fe59ecee6d026f5246fa7f2a5e55ee3b", - "sha3_256_hash_of_ciphertext": "9fae0ef351454fb5c87cff7ed880d32dcc2f0654ab8c5a5b66b1e85d8e6feb06", - "shared_secret": "8d8257f05a4e76ad11783f7f6850c4f1c34017bf5ab47f89eae202132ada42ff" + "sha3_256_hash_of_ciphertext": "b291affeebbe32833082ee24af5e832a762d702fcff1cde35551277aa9c175bf", + "shared_secret": "c543e8af9ae37877d6df73cb7c52819c2a252a85bbd12ca9ef1990d73aedf939" }, { "key_generation_seed": "b9a6b0c05677e957d41a34ba03bd06f2a9092e31f63389397d7e70fde6409d18e99c0e7b82be89bc3c1eaee6680aa4efd394e40c2b3f30523c8117f7c26a8969", - "sha3_256_hash_of_public_key": "357d61586f671648188f070899d2eb3408158adf5e8056ef37ab6d8817cd8275", - "sha3_256_hash_of_secret_key": "b22e39d960d7079015d70fba54ae860285f3c182bd5fc8d84c255f5e0f86f800", + "sha3_256_hash_of_public_key": "44df0b816ba22f5d471848886dd490d5c76169a14af42c03b0b56a7e26aa7ac4", + "sha3_256_hash_of_secret_key": "cad7bfdd5e961f2c4a565c1469e81ca06d806ff463888cc49766beee6c5705b0", "encapsulation_seed": "0f81a5f97082121244403da3feeb734f6084b314b8d94beb11627aa6ad1914e9", - "sha3_256_hash_of_ciphertext": "388d730604d16fff83eaa4e21a540b2ed8b3138f81b4c1c4cd7bb863325344eb", - "shared_secret": "08a60196adf66426b4e7b90be90160e196944d012cc34a524e1e73ca125ba407" + "sha3_256_hash_of_ciphertext": "d98b866b2dd00a3b548212490b13549c5abd46d1178009a9289c7a5411afb485", + "shared_secret": "e35bb159c5e2b555d89b163bbb2145638ac948d0b10efa8c4f1f385fed047f87" }, { "key_generation_seed": "28a96c71577ba00c94f99fe965bc595a26db2b3ca6ab5cf8e443cdd8462b17929c35d165453e5fcdc6f9df64526d9de698f2bd3e6bac6c7fdd86601b9ba5f4a5", - "sha3_256_hash_of_public_key": "ef07b1f4886b895a3246241ddc084379eeb0f0ed84bdcd318fe72c9b546413be", - "sha3_256_hash_of_secret_key": "132633e3d33bcbc61ff70504e34bb033c92db5086bd924eab4ecbb8e4be983d5", + "sha3_256_hash_of_public_key": "e360d6a628c3b1b5dc926153f22a88c7b953085255edd2a72799bda15e49dffa", + "sha3_256_hash_of_secret_key": "edbb9da49442811874a46878d74989a664a9e67602c662735fa2358f53e22e2b", "encapsulation_seed": "31af9345365549ea0360169ed57daf98cc5444799d4c75d9f1f5d615e9df8a91", - "sha3_256_hash_of_ciphertext": "ea130b782f8d0167bd57d1cbead18c1a5a65ac27681847b85d8e09030dee8738", - "shared_secret": "13f3b79bb1e5d20ed95c7165a610e122b5de6cb02444cc66e0f1f9ec44c27485" + "sha3_256_hash_of_ciphertext": "0fd2b2a67b6844806405a942f14a5bfad8146389fc51916e84e5f355a4b1d2cc", + "shared_secret": "c10f4e51bff1a6f49da4cf9504d8c0dd1832c0860090fa892d5de6be27102354" }, { "key_generation_seed": "c08ba2ef8c3a0a043afad931652d7a19e6e8cb670f840de5f1fa03309b2ca9ec5fe6141a25f7ab9f875f79e0a82d6ea5cde5a017ab637d5fdb7c42646a1d71df", - "sha3_256_hash_of_public_key": "1a2d9ea0d2280249d9d756975c6979a8770bf4b5f6addbd76d045a816bc1be38", - "sha3_256_hash_of_secret_key": "23678549b4e6e050b57ed1ad078705d33fe76ac976a9f70312b9cb45be554b0c", + "sha3_256_hash_of_public_key": "c4e4ad5295a60c2d41e0b7a7bc92148855ebedb4f2b77da0c706a1bafd6429d5", + "sha3_256_hash_of_secret_key": "4e99e5b1477d9b917dcf71fade7fdd558d80dc27f92ef8d10e0532c4d203d160", "encapsulation_seed": "774ae54093d694ef40b63b62c73e6c98295f606feb8699807eda1d030ffb996d", - "sha3_256_hash_of_ciphertext": "254058fc10c3327f551dfa143d17dcf4dc4319419050cb5e6841a8d5cb6ce9cb", - "shared_secret": "fcf4227a487e719499f86e44ff74a5339870e4238c20731e0c85f00229f2a1b4" + "sha3_256_hash_of_ciphertext": "6b01efd4611c173796d05d54cc9f44112fd9dd30124ab94a0683aac3f1cc9019", + "shared_secret": "b515a69280079b7c57997a183bdc160eaa0ecee319220fa690356aa42d0b59a8" }, { "key_generation_seed": "0e3b30e102d707538c2671060f603bb0b8a014103f132d63b09ece07e4a4c75b11eafeca9e810796c34e8cfce9d59342884456007b01ddd12edce6d10ed87e4c", - "sha3_256_hash_of_public_key": "a57b333a2f41fda2ea72ea11d8bd642d911f6afe90e60492ebeefdc17a932192", - "sha3_256_hash_of_secret_key": "b59171816497ec0c34b963be3ef6366eb051cdebdb145fe445e16b72aa37356f", + "sha3_256_hash_of_public_key": "25a466c0b64a911e75243db16841847a8ac72dd835486e96a168b2f9fec46f30", + "sha3_256_hash_of_secret_key": "b8909877f446ce420ac8d9f4948a91b1e507b6a18dcf26f17a2043da89d5f610", "encapsulation_seed": "9f27a47604ab5146caaf0aafe6d149424f8d66e39ba3baf5e6c73b19221b7e21", - "sha3_256_hash_of_ciphertext": "4bb877beb1b9dbe916e61f9d6d7442deb7483128b6db494a0724e081be74ded6", - "shared_secret": "3f8cf35d0ba76d75dec611e5fb059db5197862b7e5cc6b116a730734932441f3" + "sha3_256_hash_of_ciphertext": "b69f9854abb563142b53f4fbf0c8b02796b1ec9b26d12238d2c153eeb4778ce7", + "shared_secret": "cf55eba9c0e1be66a0023794be974825ce8f00444905499486176dfde1838c05" }, { "key_generation_seed": "2478f7d3de6041e7e5cd11c5e2ef483d1aa6218eb126444091535f6ae532fa7311136e2681df2ef881b51a092a9badbe72c9772c169808521c47149578621e28", - "sha3_256_hash_of_public_key": "d3cd2febe168b1ddf776b954e96085a7d475e3c8cbde68f7c80ffc9fa46b0d43", - "sha3_256_hash_of_secret_key": "b41a159ad0a89e7a771ef11e68efc9d79e6add05b261d0e40620a6b667a6c6bd", + "sha3_256_hash_of_public_key": "53ac28332ea3f161cf5dbc077e44f725b05ff0ac4abf95f60c5713aef1bfef4d", + "sha3_256_hash_of_secret_key": "3d4c14dae9a3cfbd31900b09dfae68161d2c9b0029a9da19716e823ac4ef8ef6", "encapsulation_seed": "90044031b7597b5e60a4f946b713e8996d0426d2cb013243d9b7d8f8ef159a0f", - "sha3_256_hash_of_ciphertext": "62de1efed6f92fc50d8fdef1ff217cb04faf53196e5af3a7507cb6ea5f822e2d", - "shared_secret": "d48544c1ac452c0b821e080e02c9c83e95252fb033617ce270f58e2974679fc6" + "sha3_256_hash_of_ciphertext": "c3644f6375368d391486db04c4a2f10e44a2e9d08155d85ea89285cd9a319285", + "shared_secret": "1d660952391268c94f6c47347627fe3b2a5e1097d6d85dcc14e3dffe3a4a1fd5" }, { "key_generation_seed": "9d405d3ebdaf35fa8722de431b669722acaaea2fd10b814310b17f78b66147d16ceb14f7662be0c42779459f69a145c0e2ce9f0bd9a0cd1bf32ed5694cc9ae32", - "sha3_256_hash_of_public_key": "9499c1b006a0ec2c299c41c3f728c3bb7848957fb2bbbcd05b65233b89a2b1b1", - "sha3_256_hash_of_secret_key": "bdf5c3beb39ae62a6e29e858962c322fe525a307a163d68f765779b7848bec3f", + "sha3_256_hash_of_public_key": "0b6cae64de81b6f1395296905389da76ca7c5435e1c4b2d93cc5c303d31bc053", + "sha3_256_hash_of_secret_key": "048101a333d5fbbe4f6968603eaf24b2fccf650e3cfd2ab677dfb6ed9aded61e", "encapsulation_seed": "a7a31e140891ea37d2b6424b59b1f84f89220f32dcb73e037eb912b389d34a48", - "sha3_256_hash_of_ciphertext": "3a0a1742b1e27f14001e3457a00748f232f550687a232fa409c2098f97e72bb5", - "shared_secret": "6b8f4cbb3c4fda3c067d7ba48bf24e24258ca7e26bfaf918b784d01ae74ec57c" + "sha3_256_hash_of_ciphertext": "23e2a381c39bcce234f8fc722adc9c6a79fbce377f477b851c29077374a34efb", + "shared_secret": "06b3f79ba4b060d1fefdd589c9b87c48cf1acb34e0491e98b28293fb6b801baa" }, { "key_generation_seed": "9a86490f0615f3edf789cb0654066e9ee339cc59f968281f3b89213f83c692edfaeb2ef44d2f608621e831187ce79b2d2f4a20f1568bbe76b0d3d5af36111714", - "sha3_256_hash_of_public_key": "aa14ea531df0a7f93225de1c75ace0d2692bc750b1b538cfd0d860ae9c5a8c13", - "sha3_256_hash_of_secret_key": "155cff081ef58459a00ae63a6ee0ed2698bdbd99c67b4c9dd09f8b0fc3de0120", + "sha3_256_hash_of_public_key": "f33aa451c6ad54d556d60210a23da8fb68662c39a1e08d893e1d1e784fb71702", + "sha3_256_hash_of_secret_key": "c3851de21b3c4b60dd15e4d39ee3d2f6705caaf871d1d947ff6ebf585a4432ea", "encapsulation_seed": "70eb3f791faa91f1f982fa477dbcddeb2c55691c07f93b04cd31b37544c94b42", - "sha3_256_hash_of_ciphertext": "8753aea7979a0d3f7aa35b9fab1b320d1b0965899bd51bfc8c1f6de79ff7d92f", - "shared_secret": "aa9878a81dd8165350b880c4af6a2adb9e50a48b9e0709f069c02184d3785181" + "sha3_256_hash_of_ciphertext": "8d22132ea4ab48c3a7728643664c04cc6cf0b065d70920cb5e714df1a4e5c753", + "shared_secret": "46228506ca245daf1bf40b48167a9bd3603c5d123db157645bc93780509b404a" }, { "key_generation_seed": "6dfd9b575872560c7bdc2732c4a28dac4db04e535eb8e402c3dffd145c09ce47a2985c1c4d203778597947d710dec806e36b0cd949fe460ef141213bfc525e5b", - "sha3_256_hash_of_public_key": "e0013ff7eb7b8266ee94659f3372f5981ce1d87584cb1f0e80da2c0c95c16b4e", - "sha3_256_hash_of_secret_key": "7eece78f3f97759d0cfc8a69481271a425c56e540704b2fdaab8b2d920d19e21", + "sha3_256_hash_of_public_key": "cba1f135207bd2ab61bf7718dc6825848e742ad56f9f8099bd43905ebd9d6ba7", + "sha3_256_hash_of_secret_key": "0b87b78ed42ec5e1f1f56901d4a00e9e3092586a506236c60f68c5d9eec28b8a", "encapsulation_seed": "30f4095015ba88b6d969672ca3f438c395dacf7d476ea7a9e805ce932d270a13", - "sha3_256_hash_of_ciphertext": "777253af58f65c8a85f3feca46f8d32eb5d3d5d0664ea59cfdf47b89be9f005d", - "shared_secret": "5a23296c84df3d660e7c2a973c4e6bddad3fd814e158028ff92b234cffb1afa4" + "sha3_256_hash_of_ciphertext": "142f552d24e1f962aca234897bdcf9bb6be66f51a79eec6d329959a929de888d", + "shared_secret": "d51687f0a54626d49e07e8c8c272283b6b4f6a0c85c5a6875107b53c100264b5" }, { "key_generation_seed": "6fca9f4e384d8418075cc064c70730801bdb8249899d456a77130d5beeb3662cce7683f8a03d3cf04e46970ff7d6a12494ae12558346dfc8fd9370bf944a0102", - "sha3_256_hash_of_public_key": "b503f8ec36d39fc7b4b8ada1cbb933b9db9ee118bf081ed75dd5dba7590f6c8c", - "sha3_256_hash_of_secret_key": "65d28565658fe991b77136b89255ec2d1cf65368e06f2b30bcedab87ffe39550", + "sha3_256_hash_of_public_key": "f118f77224920bf4ff7c69db5ebe12eacdc6012d57e2ccb3d690db251204dce3", + "sha3_256_hash_of_secret_key": "e4055dfa4382f838c5e8982aa12cd243f4225cdd6fc804da0bdefa6e14b072f1", "encapsulation_seed": "cf31220f44de862e1719570e1b26e897790159366a385452334fe24cdcae28ba", - "sha3_256_hash_of_ciphertext": "a7302707d52fc49f3e3637a742826bc8c8267e89c1fdf95b2ab7a0d8f1003c8f", - "shared_secret": "d790ec546719fb05125841bda9dd361e162ca4241e2b489a0f948b612309b649" + "sha3_256_hash_of_ciphertext": "ea54ccd7e1fd453af841240e69df6d615bb4ef24aedfa2a859edcc35346aa1d3", + "shared_secret": "73e86d2bb2813c76a8a901b8c665497e2d16615c5b2d58c9772306a3d6bca39c" }, { "key_generation_seed": "e58f71bf175c0550a67e00e0f7b3b7fc36bc2707bf0c93044a492626de36301a7f7054814869cf7625e45647bc1547aff288dbb90699b2ad84893f3b755d9722", - "sha3_256_hash_of_public_key": "03341657b159925cedc8967872a45a3c1f0122979af87a878a2019b3f17c8ba6", - "sha3_256_hash_of_secret_key": "6bb236b9c7a818f9edec1e5da339755dcb7ca1b663a5a208c38c75e7ad7dc12d", + "sha3_256_hash_of_public_key": "8678b1f242830fb21f34f7beb20a96ebbbd6181890cee3bdcab29697c5aefd70", + "sha3_256_hash_of_secret_key": "085a1f47c259057a083207778e0186e61e840ba4e051117ad1b781917ba2f752", "encapsulation_seed": "bb5e65669a44e5d5c709bafa98c16ccba6ac2c4ae923334f69a11543eda64f5d", - "sha3_256_hash_of_ciphertext": "9a9301ca946909c3ee5d2171bc36322179ab4bfa825ffc0b826517accbc78298", - "shared_secret": "10086d1a59c41f84a089c239fcd8f8eea3b22c7796f9c1f9b1867b709cb77704" + "sha3_256_hash_of_ciphertext": "67bdf5734466e45089d115e7b05350652e3023fd94a6838665250939d06ffce9", + "shared_secret": "17b113a1728b3b0847062a3ad34968ec3192cecdd758fa1c3188d57df9fa0326" }, { "key_generation_seed": "e3fc575ed51513e62aba655d24cd9c8f1c6c848aaffa946c49a53ac3ea59e474d82c2f1bf2e6aebde5660fa73356982e12999d8fdafbb3cb186341d0386dead0", - "sha3_256_hash_of_public_key": "60c001172c4734a620c248654c58f1c10135657083de776116a6acf8a55f3610", - "sha3_256_hash_of_secret_key": "b10663e90392d6387c16dcad565bbe1fbc05f32495cf9878706bd0d61d289147", + "sha3_256_hash_of_public_key": "d604833a540d9922a7dba53d67a38de1634cddee1b169b45bb9eb3646e55fc0d", + "sha3_256_hash_of_secret_key": "8fb99f6500e2639305aa6e30bbaf975271a31a6f3d44abca106dcee248d82b01", "encapsulation_seed": "9ddb3aa9c7905d1a438c93bcf78e3e321813580371ab4e1289e2dbf3701972c2", - "sha3_256_hash_of_ciphertext": "e4b3ce9e19c204a884f8a5adbe41acca97a22f1f5f2a13f1185021a8a36a131f", - "shared_secret": "82ad68065774eabcd6e78c027286ca7c7120987c4984e56f52abeb1ccc7a273b" + "sha3_256_hash_of_ciphertext": "ee1b17157592be46ff41bf81d46e2e1cb117b8444f5f09f15abd388ba68e0480", + "shared_secret": "5ebc9538f357baa7df0165af3e7fec1af8f4c1c051a214135c1fc03d026cee6e" }, { "key_generation_seed": "470b4943f0fe7fd0d8ec5185aba0d1db09d112934e4fb4787e2bbc6b88466e7b8b2809fd40008be70a6b184981101724bc3d5ec5e1956b510b82fd5ad0668a5a", - "sha3_256_hash_of_public_key": "647a136f20b22c63afd2b88d14fe7677cf5c2b78223a587068377021f6edfe9b", - "sha3_256_hash_of_secret_key": "e70be83a7585618e7b91bc9930a581625e2441962c823a27eda9f6dfff8528ee", + "sha3_256_hash_of_public_key": "cac59b140df7d3285c832994e7a4ff5491c786281fdbd6f43a4c3902d4eac0d2", + "sha3_256_hash_of_secret_key": "b3b0b286b300cfa670ae8bd95e5373123125f48221999d3eb1762b246d3ba130", "encapsulation_seed": "26d90b190a6c3d0d9a86cf66005154e7086749e966e7187c249ccb9329fd3b8b", - "sha3_256_hash_of_ciphertext": "6287ca7c4d1eb3afb6ecfc456a4ca9ef5776177dbd5115165424c66e2db061d8", - "shared_secret": "2d56c88020d399532bada6516f9a1acc28a565cf252bafd40043879bcd6de1cd" + "sha3_256_hash_of_ciphertext": "497227c6f2a41bb30d9b35e59ad197ef362ee2e552e9ddffa74916ae5e5007ba", + "shared_secret": "2478974168bef71749a93fc9005dfc0bbfdfb7c5e485878bc04025ac7f97de82" }, { "key_generation_seed": "6df4385db978d27b27d2aa5e452e4152b36f097503d9581ac3390105c5727e7dc95fa08ed106ce84660e8a4c90bd2b22634e40769aa0090a101c5dddad45edc5", - "sha3_256_hash_of_public_key": "1cde599b2dfc69d59036434cc0423337513fb9506452bd8f42bb82661ad0065a", - "sha3_256_hash_of_secret_key": "aa80a266176a7ef8fb22fe21fcf3d3762cfc36734d8b6db3c6e1d4df1eecc1a3", + "sha3_256_hash_of_public_key": "8513eaa3de494e114c2700ed07ffc1c2f8ef741765e8a42579da4946ae0a201c", + "sha3_256_hash_of_secret_key": "a6fffae6e91aa360d25fdbaa8a1a1a92580510e628b6851d18cc054d72910a79", "encapsulation_seed": "7db6d1a129d6123f1f805b79ad3b413012ea86aed42a05e98e7b1f32f9fbbdec", - "sha3_256_hash_of_ciphertext": "31c85544389bc3163e6893d9298d947a6cd189b045eadf8dcc265e4b5c750fcf", - "shared_secret": "44052d0cc62801e0d9717c65ddcb560246cd901f104b4252eeaef903f7c26af2" + "sha3_256_hash_of_ciphertext": "d8484fa4df7c1b4b4a21de27055a3a0d3904a5e481f49a7d8be3a6ab8d9e90c3", + "shared_secret": "a3611e119061c60bb8f76b765b1d00ab8dd98b6036338462619adf32ca39b2f6" }, { "key_generation_seed": "dbacba825728444921b227cdba54446b3f6881b47be9cd02832f78b023b1bee0e15274a8e2bc08fe818b117ba28c5dfae74d54fcdf6f20052f79be333edc8dde", - "sha3_256_hash_of_public_key": "2a50c7a070b3dc7e107eb1e8b96d62305c13327d729bf9d97c69f1fe6eed2b52", - "sha3_256_hash_of_secret_key": "6df052019662b83b16b4da0a85b17f2fe56ad269b294438c8ad298d2e2269d2f", + "sha3_256_hash_of_public_key": "627d8e894a4fd9228571ecb1041a11f23220b1b83a46d7ec32691ec9bdceac14", + "sha3_256_hash_of_secret_key": "bf3c9a678ba1ba22f13b7a66a6b9d78dfe7a6060efc2a0917f50244fef5e83c6", "encapsulation_seed": "1d129b27be7384c359d04311fe5c44917d1fde4bfb57314f483ac617edd5ac49", - "sha3_256_hash_of_ciphertext": "c485c6e392c29c231c9eb04861fefff1fc27544443ebb316c74f9d4d7d9be68c", - "shared_secret": "2e95f47543ff640e6384d65cede004c4fc47e9e2f05649e694c18c7faf975987" + "sha3_256_hash_of_ciphertext": "e70bfe45a0db6b8b8bf859eb00c0c4fb81d9c7247c0358de801f8325fcace6b8", + "shared_secret": "3b6be80a10667e6ad229725c012d7c5197194d5fc26787d53925d19f81b865c7" }, { "key_generation_seed": "690eb71fd7052b906eaec09937a8ed374e0b02afa27c2f14399932be5839fad281c38c2cb5cfafac81b96a810ab749b61806b6d54c9f8cf4bf1be0192423288f", - "sha3_256_hash_of_public_key": "5f166082ad3ab0c739cbf0a6bbe2707741d9b5f53a0e16199280a2376c9e5a17", - "sha3_256_hash_of_secret_key": "391b71e679b9a0a23a1aeba042ec7df439fa0a18c6442dbfe2bbe05d4fdb5fd6", + "sha3_256_hash_of_public_key": "49cec726e5bc6c6280269fb608e754d097ae818b16b386bc895af3bb9f5f2a44", + "sha3_256_hash_of_secret_key": "6efe3e1eddfc0cf66dc6c031142bb821e0ffc9a6ff5132d7484ed74a19b52d56", "encapsulation_seed": "bbc773ebd2df42c36ae05952d6a64c63a5dfb82ceb3ef4f8d4df3a30ec8c0467", - "sha3_256_hash_of_ciphertext": "499c37f74e94c6c724e218f339b8d60ab65190e0a56e39a6b4cf619db98bb57d", - "shared_secret": "42f1442e384b4e747794c944f4df154cde33cdff32bf35c2c5234919762030ca" + "sha3_256_hash_of_ciphertext": "87ab9d95a1ac05535c082e15d557813d55fdc2bc315d39e25c11d585912f7a24", + "shared_secret": "e6a61e88faaa25ff8bed035f8a47afa4f034121457104168a3247e366e781871" }, { "key_generation_seed": "32e0ea9089fa928482c0770da545af1bb871a03ce38604138b0d08ea2a10ca2bc06c5bef7b6508409daf847a64c8d30d0974fd3ba7476dc76c46b458a036d884", - "sha3_256_hash_of_public_key": "40b3a72c164432e6ca838693ef25b30013e5cf56c1e6142828107a10cabdd169", - "sha3_256_hash_of_secret_key": "6f970259ae97422f8698120bfa8e53f4f89589773243db6e7a1859c94181a3f6", + "sha3_256_hash_of_public_key": "94b79d85075e5a897a948edceafc78b87b7fbb43b11f82831299a9ee660b3d40", + "sha3_256_hash_of_secret_key": "e1bb58ece306c42725d8113fda7732450ac3f78140c4a654e568dc219d26d80d", "encapsulation_seed": "5b17a6adad541efcbf5ae4b0c0452cd2ce32e4f0f8701801c5b63e197c1fcbf4", - "sha3_256_hash_of_ciphertext": "55e508c96b8b7c06cc9a88b4c9f974abd3e2cdd96ba6f0cf330ccaa3641fbd29", - "shared_secret": "a50a07f6b01ee4429848806031637c8ef8da23f253874124452e3771ef98b6e0" + "sha3_256_hash_of_ciphertext": "5828c17f7d9543f5ab8275b917a71e5e19748128c72074300c735be711eef8ed", + "shared_secret": "7b5182633888d2708c344b6bcc5bd895e0f1c31719ce78efb0eff0240453fb4b" }, { "key_generation_seed": "6fb2ec719f2a0dea152bf3f64b9d148f8ab8ba88f64e61f5db53e12d59f525574f797c007e4061f95c7d56cfc7ee5c49e849dde3fea8f25e7876df2a18515c34", - "sha3_256_hash_of_public_key": "f475da2ec982c47d91b24bb5ec6c51910530eec26f38541b173b38927d23c568", - "sha3_256_hash_of_secret_key": "f8c836ce8a42d6d07f1ff40e2dbf16d264bb6ecd1cc0227ebf792a6bacd327ec", + "sha3_256_hash_of_public_key": "d68f592a778a0b3bedd71c5d4f75c2e46b6088ca12a0a5e9596d5999259f13ff", + "sha3_256_hash_of_secret_key": "0b13c14b34448c678945e92a0b6019f7c2b1175d2cf3e57b0293d8a12d6d0fd4", "encapsulation_seed": "61ab87659525de9656af41246f20e1dbe85c24e335e7ecf9493f46168bc14e94", - "sha3_256_hash_of_ciphertext": "d63a88547104683878df29e59de826821fa3a95bdd668e5e838e08a671d887ee", - "shared_secret": "c299f650b03170f5cdef5da81e52c2a094b11aaf58426e8c41e06a26c7d5ccc1" + "sha3_256_hash_of_ciphertext": "0548193df244610a4877925d64c93b7acf20ead8799f10f87011a4865d8abf4b", + "shared_secret": "eff76345f442ea27594bfb6e1e9eeffb55dbd15b9936a3aab881c0d21b45c28e" }, { "key_generation_seed": "527fb88c8bd9a4d6031dad15e63878abd2b559e7e08d61f69e8e78fca964ee6ae32d432b4f9f751bde0496c580a181ffed762aa35454a02d3f1f47ee0394c89c", - "sha3_256_hash_of_public_key": "2b22f73a770cbdb80da84f97f27a14c5df5b3372d52503d3a20c3cb2bea8b404", - "sha3_256_hash_of_secret_key": "a111bb1797a3baeecc223e4fc4accf093d2e069cfd40d45346d2aefc09acb358", + "sha3_256_hash_of_public_key": "873d11d816550a4c1b14b584703531dd7cf0d97269125dbef3d73e443d017f57", + "sha3_256_hash_of_secret_key": "ce14607863d46839e3d2cfb87de9c2a719fbcf2cc3e2c80d2980c6494c5a297a", "encapsulation_seed": "eca2adc3da1fb15f34033405ec08ef2f46163df4bfcccf8842c600ce0bc2026c", - "sha3_256_hash_of_ciphertext": "e9c030db90931ef3d2a61077dc33529aad87535e809d1a255fb5b5925f202893", - "shared_secret": "5e1ac468279cfe354c4d0df6ead070071b19c9707338158ff7dc133684afe2ba" + "sha3_256_hash_of_ciphertext": "59055b7b4f9c5d8adbeffdd707699d800ac486d53ae2b6bf9c84678e3731c7a3", + "shared_secret": "d788c3a7c4d8a957b409028cfc62e5266559cbec39534d7f337aad2123bba577" }, { "key_generation_seed": "ac6fcfaeeef795b6ef9e062f02bf42975fa01e7d91ba832f74e05269a72684d05aeda108ea4d6c6bc0fb958286850422bc357ca67b83c986048e0d0087fa11ec", - "sha3_256_hash_of_public_key": "3d8fe8354d81146fd65af657da08926bd3a6ecbc2f81cb58d1aaacfe5b6e686f", - "sha3_256_hash_of_secret_key": "d1c524a715b2d05abc8e8729204b620f4551815cdeb00662b487d58e99c0ac7e", + "sha3_256_hash_of_public_key": "55b703fe0b2aebdd29f6ceb606f15213da5f478ed4605a212f52358e2046d5b0", + "sha3_256_hash_of_secret_key": "f5351babc3c84e0ec08c483a10ae68cd9ec49a5f46d83547b036a3206e739ba3", "encapsulation_seed": "c4f15bec2d7701339d0ade4835193bea3632edcf89e74992620d9eb623a0d0d4", - "sha3_256_hash_of_ciphertext": "c256150127c8119ae42a62b90ac9a7119a3faa5442f058bbe5844d29c99c4eee", - "shared_secret": "7841501410e4158cf04f92b9d65d0cec732984ea66809130aeb594156829dd39" + "sha3_256_hash_of_ciphertext": "860669fe4025419a103b4ef9d6d4f87ad0ed7aa19d14d351809de29acf4ca0ab", + "shared_secret": "f4da03d95d99bdcde651fe09b288b46588b50ebf50ac1e35d86077e04f76944a" }, { "key_generation_seed": "ba2fb9318d4dbe7488057c33e95e6f054583a2800c41bb83083c330a914a12cfe63f8ffda3565c2424c89b20974b748a65a5aba75133fcb3156dfb6626a83bab", - "sha3_256_hash_of_public_key": "36fc15e2340175a2a64ca1cf31a4b38ed5f797aaa8acb0c3d2ed9c19c7099f27", - "sha3_256_hash_of_secret_key": "0741ce5533316ef689bd966721b1ee57a272d5eb557dfa6fab6de770a2e7afa0", + "sha3_256_hash_of_public_key": "c68e808974e356659cf3d88474ae8af1480f2c4bf5f053b0a8c211d43921f735", + "sha3_256_hash_of_secret_key": "0c000ad1fec4db3da84eddf4a6dbd304e1be5e70666ad30085f407545ce7eb7a", "encapsulation_seed": "28878249e2ac2b6263422993923a0c8bd05ce56e385ed13c943b03d226856947", - "sha3_256_hash_of_ciphertext": "0c6a7cce80da6e6a3c17b46959124b8c26a8a74b5068f707f582cb5b811e282e", - "shared_secret": "6b3fe0dd082bf384c3e08497d380516e78ca778de627c112d02dc8c393334d11" + "sha3_256_hash_of_ciphertext": "433341b594e5b41e1836cc1dd48b57b9b0c52a23367a9d5d21d01a0e7ed03279", + "shared_secret": "4aac182a36508198689ad4b0c24abacfa421cddf073e6ccb3f5c22c37f1c9eb1" }, { "key_generation_seed": "aa6dd1e5799cdf7af9c4fc632b3eb9d51d66e85c8e0a21ec98664fc51ab63c7dfda268813efab5204efa60f78bf81d320d01ac09ac06244f7afbd2d80fd356d9", - "sha3_256_hash_of_public_key": "26a1b77ae8a807e9de16a9ede5da5aec3ca5f23f5ea00e455d4a091467e6ac6d", - "sha3_256_hash_of_secret_key": "2bb0f5318208eba32bfba206dfe174f976431dc12421bc7b3705fc7c0b4a06cd", + "sha3_256_hash_of_public_key": "b6481b87d7f462e656db85d6046534ae44d82b1cb737a0194eaac814c7b85493", + "sha3_256_hash_of_secret_key": "75a00885e8664238fe44d9d579e183902ab56d67fbb712d249aa8c24f08bb080", "encapsulation_seed": "17fc65f7fbd7c75ceec421dee84dff5a8cb22764a182db17e0ebe857f54d60eb", - "sha3_256_hash_of_ciphertext": "ba2e94ce526ee4bdcd818855708af8173acac373696df4f910720fb296bc1076", - "shared_secret": "cb15c306ba8d5f4f8b723db93bfbcfd4fa02ef32ed8e39c2aeb706a463d9a40f" + "sha3_256_hash_of_ciphertext": "974b6e5abd51b9622fdda7fd2fd48ec42ff8c54df7524fe4af72521817b27576", + "shared_secret": "a51f089d627c8d7da9740aa9d768778124229c4ea9408941ee04a1940c1762fe" }, { "key_generation_seed": "195d6c86a3df4c21e3007d7f2768b43c74cb3060e0eca77f0a5d3271542b9a84ae77e0f9f21eabd8c0c6eea7767f4e10fde5c2d79b8400bf96b19014b457ec21", - "sha3_256_hash_of_public_key": "2460170e6cf1da1e7b92037f51b4e7674d9abf74f5c225c5c6ce16a971691284", - "sha3_256_hash_of_secret_key": "a364a1f435a2d2a341b59a1886af0d0f3580e56306869bbab819de741ac9f642", + "sha3_256_hash_of_public_key": "42a9b1d5b6521a7a4527116aa7c38f6ddf99acd4a7b9837317d99f83732bb7ca", + "sha3_256_hash_of_secret_key": "2dad85e2ce45f72dfc5f7fc7deb814ec9d193890e68f7b9898d97407080e7002", "encapsulation_seed": "fa0489f3730100609488e951e6aaa15c0f193bc1dbcfcd013bc418d6c507b176", - "sha3_256_hash_of_ciphertext": "ff21fac2cb15307ebb70ec04904f636bfac9ba968e86984b4a55dcac70430c1e", - "shared_secret": "8dc8bc55a907bcbad27aafbba2cbd957c30794e3770d0984a6323b641e5fe53d" + "sha3_256_hash_of_ciphertext": "087bbc08fb8d2b0860269f5fe4b62a2d852adae1a0417f621c8115cecf077f1c", + "shared_secret": "b00f65a7930ffc261046644203b94c89dfa7334bb011a4ba896c2d547d96637c" } ] \ No newline at end of file diff --git a/libcrux-ml-kem/tests/kats/nistkats_mlkem_512.json b/libcrux-ml-kem/tests/kats/nistkats_mlkem_512.json index 6a3125287..605108065 100644 --- a/libcrux-ml-kem/tests/kats/nistkats_mlkem_512.json +++ b/libcrux-ml-kem/tests/kats/nistkats_mlkem_512.json @@ -1,802 +1,802 @@ [ { "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d8626ed79d451140800e03b59b956f8210e556067407d13dc90fa9e8b872bfb8f", - "sha3_256_hash_of_public_key": "7ffad1bc8af73b7e874956b81c2a2ef0bfabe8dc93d77b2fbc9e0c64efa01e84", - "sha3_256_hash_of_secret_key": "26e1b5ea0f48b3c87d7ce87113b6a93a49d9f7ede7c5cb15b41382bd3243715a", + "sha3_256_hash_of_public_key": "50c8dd152a4531aab560d2fc7ca9a40ad8af25ad1dd08c6d79afe4dd4d1eee5a", + "sha3_256_hash_of_secret_key": "2e08d2c82a07f5f67878b54e06848c924ee7a0929cb6440d06fffd9622687b48", "encapsulation_seed": "147c03f7a5bebba406c8fae1874d7f13c80efe79a3a9a874cc09fe76f6997615", - "sha3_256_hash_of_ciphertext": "a3856ee9fb112b154b397c91398576dda45391b89742603436588d81ce6d1b50", - "shared_secret": "c608777086ed9ffdf92cd4f1c999aedd0b42e5e8ef6732f4111246481e260463" + "sha3_256_hash_of_ciphertext": "ed14369380d501d2bb28861a26ad092b1bbd6764c083244551c436ccf98dd9f8", + "shared_secret": "319839e82ab6b222de7b619e80da8391522bbb37677018494a4742c53f9abfdf" }, { "key_generation_seed": "d60b93492a1d8c1c7ba6fc0b733137f3406cee8110a93f170e7a78658af326d9003271531cf27285b8721ed5cb46853043b346a66cba6cf765f1b0eaa40bf672", - "sha3_256_hash_of_public_key": "13f0970c03d32967b06cca4cf58e87559128d14cb3f876a1ed10eadfe03fc1a9", - "sha3_256_hash_of_secret_key": "9c613d0d3313af8169e65295e8c4f21f0b5d3e78de031e78a12ec864d71b6548", + "sha3_256_hash_of_public_key": "d760244a5fbbfdb6ed75a732af8e11edd52e412169c9f523fc8cdb3f8bf21b18", + "sha3_256_hash_of_secret_key": "9e62c214ea3922297185b34d0f31c8ff5a47f1bce251e13f911b03ecfe384f49", "encapsulation_seed": "cde797df8ce67231f6c5d15811843e01eb2ab84c7490931240822adbddd72046", - "sha3_256_hash_of_ciphertext": "557c682bda01552173367f40bd2b2c1ed64aae3f083c80ce2f812d0b60acfacc", - "shared_secret": "9401f92689a452b5e58c35cf06690596faa4ec0937a04493a359b59ab3b0fdee" + "sha3_256_hash_of_ciphertext": "46906ceb5cb0ce4fc544695cf4576cdcc18f90ffbccd772873edc932f0eb0393", + "shared_secret": "3806942c857ab9bf77b1db8d57ec9dca0ffbf6f156f2e250d8b88cc2a74fa1a7" }, { "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345e82fcc97ca60ccb27bf6938c975658aeb8b4d37cffbde25d97e561f36c219ade", - "sha3_256_hash_of_public_key": "083553153f7d65cd5cbe201e681245eda61e1ec2c7ee6b91a9ccdeb6b76943b7", - "sha3_256_hash_of_secret_key": "b4148d4bba0430ddca173618456704ddf440b9b5bdfd61ee46bd79590dd78ff3", + "sha3_256_hash_of_public_key": "6e2a888db11de3ab2c7f1fdf15ed8d4bf31f32f1e7031cf236e6e0e757e0cf62", + "sha3_256_hash_of_secret_key": "e78c1ff494cfc100087e9869cc4d38934398744e9649ea0e6941ee954e189ed4", "encapsulation_seed": "f43f68fbd694f0a6d307297110ecd4739876489fdf07eb9b03364e2ed0ff96e9", - "sha3_256_hash_of_ciphertext": "7b7b882320575a3cfa5f0ca2165ed39383921da042f7bce896896fa90fef2aef", - "shared_secret": "f2c689c7a8180baf27a4573d3e6154d4f2bff7b3f34d44576e777e2ac1249e8c" + "sha3_256_hash_of_ciphertext": "609747225128f59051faf5e4dcaaa00a0e9d46d954cfe8e115172b63b4d12924", + "shared_secret": "a1e73a1ebd907a6f176acf808b0d0412d31cff0e9d800a732e1e96bd9f8d7ebb" }, { "key_generation_seed": "050d58f9f757edc1e8180e3808b806f5bbb3586db3470b069826d1bb9a4efc2cde950541fd53a8a47aaa8cdfe80d928262a5ef7f8129ec3ef92f78d7cc32ef60", - "sha3_256_hash_of_public_key": "9df5746a44b10c1886f62b068d18152a85792781160e1a1a19a25b5ca00555f4", - "sha3_256_hash_of_secret_key": "75a93307372e001d4fb028125dad61c4412ac864bf7eac7a213ad3dca6599981", + "sha3_256_hash_of_public_key": "a30df672528ae0579ce33db704673783b5ee84d5091361dfedb52080c01938bb", + "sha3_256_hash_of_secret_key": "2a0aa950b2107d5e157fb71f554eca7a724b4b6650ad62d554684d0d60f3e2dd", "encapsulation_seed": "ea74fbc3c546500ed684bed6fe3c496d3b86d2d6dfaf223969b942e9a8c95e85", - "sha3_256_hash_of_ciphertext": "72782e8ee6fe4e4442723e727b5d415f66fda7c363fe6dc7be22d9b8741852f2", - "shared_secret": "1dac4f6f8d96ffd931f67b03cee8c4e4bcb42eb8bbda5cb702dadde8340d1524" + "sha3_256_hash_of_ciphertext": "4243c3aa6f182bd090700331099c31e4e8db917cc250e7cc1c7ae832657275c1", + "shared_secret": "255b06c42b0dc4a66e704a50180ef40cecbf7e4ae4b0604fbbfe92ef3472b671" }, { "key_generation_seed": "66b79b844e0c2adad694e0478661ac46fe6b6001f6a71ff8e2f034b1fd8833d3be2d3c64d38269a1ee8660b9a2beaeb9f5ac022e8f0a357feebfd13b06813854", - "sha3_256_hash_of_public_key": "9415ce164fadececacd75fdad3284af20c52fa576699029d6e0ce77bf347d520", - "sha3_256_hash_of_secret_key": "97f1f85233dba2a50848add15f8f0e60f4ccf3542dc6da5f59e06f6b27c59c67", + "sha3_256_hash_of_public_key": "02d985ecfadc5ec08bfb7e2b4c02c4fd9863ed6ea3dc9ffd92b2072db53010d2", + "sha3_256_hash_of_secret_key": "6485e51d58c4997419c7a43050a79f9817a122b4821aa4759300e68e3b32214f", "encapsulation_seed": "64efa87a12cb96f98b9b81a7e5128a959c74e5332aaab0444fca7b4a5e5e0216", - "sha3_256_hash_of_ciphertext": "80f49e8f6f8d442a7678f2c33881a5264b58a5998b7d9a8e10b2febf59ba868d", - "shared_secret": "01adaecc8cd981e7f00187622defc0cbb8934464ca4675d86bc7d9b69148c85f" + "sha3_256_hash_of_ciphertext": "b732d582ef9230ffcd05436bfa05bb47a9171282448fe37577810fda8b765018", + "shared_secret": "2bc3d772ed76d13c7b13c479ebdae8afd841c88199a9d1c6a6635079a9ecff9b" }, { "key_generation_seed": "7ec408f52c9aa723d0c41d9987682a5f4ce6c9da7cd0215af60bbaf5484ab353a08ccf451b049fd51d7a9ad77ae14a81569df8c9bd3a8f1ebea86fdcfb823082", - "sha3_256_hash_of_public_key": "ca2232297ba8b986dacd401896cb6239f557720d91a2cfb7a73274bac7a0f6de", - "sha3_256_hash_of_secret_key": "17446e8436a68423ba4e22a57135d470c7e91fbe0a4da065bdc34897fda89b2f", + "sha3_256_hash_of_public_key": "39f1668e454ae9e5f45436a1eea6c01a444bad4a81f1edbae5280955a4ddac33", + "sha3_256_hash_of_secret_key": "9554f30b9c2d027f4af92c129c8b0a2d27f9e001075d5c5bb597c0921f17d820", "encapsulation_seed": "8a95d71228acaa5f9ae6f9d9ca8ae55fde296463b41083a39e833e37c4c90f88", - "sha3_256_hash_of_ciphertext": "a08cfd7a6374d902e153b862449efdee9f912234f3e7a7d2697ebf1909f59dfc", - "shared_secret": "6f13bdb1452d9e672c8fedaf9450c436e5fa77e8d58ce83300b8e539f20e9dfa" + "sha3_256_hash_of_ciphertext": "22f5aa037e267e4da76371b4dad552d37f4619886269ed8213327afceeac1272", + "shared_secret": "cbeb7f1be09e7a73b83be91deb2377e3cf536a89ca695b270436f0dfe5dc9403" }, { "key_generation_seed": "c121915bfef6abdfc177dae2f5a24218f9abda2559afc6741b08e0e61ab433eb84ef52db5eaa6df8ec3a0bc5ffa730db0dde8c5f38f266d5c680a78d264a7b96", - "sha3_256_hash_of_public_key": "34486689b387ba25dd0e9aedbc53034924ea4ef9497b5772f10ca4d091e9e846", - "sha3_256_hash_of_secret_key": "94419fc5d865a97586b71a3414721f04473d4d30e5a8d6a1c438752f19504209", + "sha3_256_hash_of_public_key": "7b37a5635248c2a937c2f84856973f47c8a965852de3664c6c3fab0e1ee9ee57", + "sha3_256_hash_of_secret_key": "54ffe4435c894861ceddb4a94fc60272d37c04e62a0aba9088cbc409c32a1170", "encapsulation_seed": "90d79d75d0bbb8921cf70d46bab497022a8e750efdc99e5f1bae653275441c7b", - "sha3_256_hash_of_ciphertext": "6b930dced8da8c0353569fe807e383e2d04836680fb78881ffc6974802131eca", - "shared_secret": "c81a637f63a802a5d2b336dd960175176b2b838ffb6de5adc501bef984fed26d" + "sha3_256_hash_of_ciphertext": "f4c7d966cfe188f0e9e890f43178f1e7874a1c590c93363fb1c371a8d502650c", + "shared_secret": "4a88951f0fdea4f6c1b90865118456771ef756724771f79d752f41c94b8dd754" }, { "key_generation_seed": "d86634ecf96cc2603761e284c0e36734cedec64e7ff486469e38539c71141c5a99daf37400cfe59841afc412ec97f2929dc84a6f3c36f378ee84ce3e46cd1209", - "sha3_256_hash_of_public_key": "39d1850f7acb36ed2a35e9af6f94a06c31afadaae3545a069f892ecd8929f766", - "sha3_256_hash_of_secret_key": "98a2ef35596f2fbc7e462d5ee536f30d8bc3a5272d78cb14c0ce816fbb180396", + "sha3_256_hash_of_public_key": "635d7cc758d131a3734e8300b85f16014f607c6cfa02c5864a8b4212aecac182", + "sha3_256_hash_of_secret_key": "11aa4a74cb491582e8476d20276ca34e0c1668eedab78cba3522f7f84b044675", "encapsulation_seed": "be8a32f97b9a8d596382c02fa2a0eeebc15c083e970ddaa4f2622b91d6718663", - "sha3_256_hash_of_ciphertext": "2d277dbc8b03bbec796e778c74b4c3f408f3e47835398039236d7cd861762a9f", - "shared_secret": "3031994f1365446186b4a4d6190ac89f928f6706d08c6316d6f522cd7605adfd" + "sha3_256_hash_of_ciphertext": "bdce62c2131d018e512d3a4c9822910672dc41d682ffe67235c3c1b8d5df0bbb", + "shared_secret": "948e74805c64bf386b623f0b2d105d11d7609d49587372235af7da3d98a5487d" }, { "key_generation_seed": "0610678ff4dc3128e1619f915dc192c220f8fad94da1943b90aaec401683a492da1804ddb5aa9b1c6a47a98f8505a49bae2affde5fe75e69e828e546a6771004", - "sha3_256_hash_of_public_key": "edc8db1ca35744a75ca14516abe07472d0d1b723f70ca8cf0e5c9341fd2e8c26", - "sha3_256_hash_of_secret_key": "fa6de16f50b0c04b8be10d3262005227715f69de5089f0f6bafc1fe26603e525", + "sha3_256_hash_of_public_key": "cbdd31edb64a804a434033c3edf156384b40eac3544fc5f4104f323f37d2b017", + "sha3_256_hash_of_secret_key": "b66e0c82a925cc45fe7ab174c9f4c1f0f312a354ae049f91e453fc6b27221168", "encapsulation_seed": "da2cfaf69e25b2a89ff2557bbb6f69e01d8e2e7bb27a7a1ce7e40fead16f33b2", - "sha3_256_hash_of_ciphertext": "c20e526b8837092f1847b40f9b5fda528dfb72780aceb510635b490acb5f7686", - "shared_secret": "61419eeacf26714b028d2f7e1e3769ae2f181a7e9311f3312911ead00486bcd5" + "sha3_256_hash_of_ciphertext": "251e190f894d11c0542eca0bd6ec612e791191959f0fc509b1d66846e7663bd5", + "shared_secret": "f2c33a2426460d9f4c95ff8983e5e6db6e6f79ef8b7b1dbc6ff863fb0e034349" }, { "key_generation_seed": "d322d56d8ef067ba1f24c92492b9c56df3a6ef54a304adc1b69913766a1ce69756047447b810cc094d400ab204cf9ae71e3afa68b88586ecb6498c68ac0e51b9", - "sha3_256_hash_of_public_key": "b1eef6e8c88ff8da9cc4a9b01d4c08b6b585beb5bb9e084c6c47a717b51feea3", - "sha3_256_hash_of_secret_key": "bce9d6b2e45918ea5798910aa9baf289b04d8a5bcfa7e08235dccfc8b9479f55", + "sha3_256_hash_of_public_key": "8510df5aab4d05b7daaafd2c33aeaba815b1d15bed1b204f72b721b5eacf1e40", + "sha3_256_hash_of_secret_key": "95fa5826a13496a60bcc97431c2fa8c19722a3f71d3a48e145017bee44d66a3c", "encapsulation_seed": "511c2ab40782322c06111e144e505328c4e5bfc890a5980a2bbc44aeda4c738b", - "sha3_256_hash_of_ciphertext": "811bf647ebaad03c81a84c6a82b4cab108267b1e9c1add3dff1803623471f9bc", - "shared_secret": "3871c9637cbea04a2ccd3b62c9399b0a7277a31caba8a8f015d59b0fed845bb1" + "sha3_256_hash_of_ciphertext": "94482dcfae7bb95bc8c5d1d92c044a000195b624b5c45239bbd3e46672adf4f0", + "shared_secret": "72502cc5436ed5d9c07baa2e1eea833eed515a3616936485e74ed7c0a53c734f" }, { "key_generation_seed": "2f1d8a3bebb34540324b9485fdf3d5be3b858f544abc3fc641b5728cafab03ba8d6c42e7270ee2b77b6045385f3d175984a0e260363166c73b0c70c971644363", - "sha3_256_hash_of_public_key": "f581c2fec9055830b38cb68fb506aa927443b1afd1b2b6faa6f92a325985c6ce", - "sha3_256_hash_of_secret_key": "9567f27ef67c3ada92a02cf25d8ee4a6db69744d3f6de5a0026dac023d04f37c", + "sha3_256_hash_of_public_key": "6eba15a38b9c512f892c825db9c850301f99fa3675eacca7097afa57bbf02ae8", + "sha3_256_hash_of_secret_key": "18ca54d254ed5111c1c441ace00836230d769f8c6e55c97137aa45e21e04c04f", "encapsulation_seed": "dca92dbec9b260dd97e8886f876862d6effc3b91fcf3fbc986cf56ab93ae79a2", - "sha3_256_hash_of_ciphertext": "c855f0a4521640b9136035b5d02770dbe864b85a6f54f422ccf2b512e1c07b33", - "shared_secret": "3775b12681d854b7ff2eec05cd4ac2db91bf06f3c14db2eb35287129a960ab03" + "sha3_256_hash_of_ciphertext": "34ba03705cddc88d5cd9d9b57b0fb6b71a1085c8fe0f01ee4aa05e7ad159e526", + "shared_secret": "fb46778f597ebf40dd0125f198c236f064019c6d562ab7d9bf677b4aa2ec9f32" }, { "key_generation_seed": "31beda3462627f601cbc56f3ddf4424e1529c04737ef0ef2af6d7401f653b8a1812083bfa3b670e3eaf9b443702fb6db16ac1197656bbd61a8e25ed523b8d1e5", - "sha3_256_hash_of_public_key": "f12f3ecad62bd327f1c44ae86c0be6e7f15112b7f6f6d5ec7b13f4dfab718965", - "sha3_256_hash_of_secret_key": "32a666c02a41f7b9408c570a3304a80e947a1be650f5f164e376b8b34b72254b", + "sha3_256_hash_of_public_key": "0705c8b9c6252d54d5d6c84db86499533a8249a3777302053f40be8f5edf1b0a", + "sha3_256_hash_of_secret_key": "69d4a869f04c198fcd19124d714784cec7367a2af7ae1abb2d72868856b515a1", "encapsulation_seed": "57c170e691d7a914a901b9a11c62b8b569b3806427557a9dbac9faa720ec3641", - "sha3_256_hash_of_ciphertext": "632b389d951d4a4e570d2fee62dd87c3aa2cf0c036dc63462f3ee7e4543ef8b7", - "shared_secret": "87662dcdee8b176e2dc60d079be188f63501274bde0829f3595c99d1e564c2d0" + "sha3_256_hash_of_ciphertext": "cab086dcbf4c60ebec03282e49cb76aea9a2e9267cf85809b870b4561a11a639", + "shared_secret": "e2cb350a013a86fa003da8ad9a424dad20b3e8f3a652455090707643f5c60c78" }, { "key_generation_seed": "cbdff028766d558af4466ef14043a1a9cf765f7748c63cc09dceb59ab39a4e4d8e9a30597e4b52ffa87a54b83c91d12a5e9c2cd90fcac2c11b3a348240411a4c", - "sha3_256_hash_of_public_key": "4cae8b58e0434fb1475312355a8b40145043bed4b269aaddd654d2e562324bc7", - "sha3_256_hash_of_secret_key": "53793d47a6e9e527f109b7611f33063dbe0b8a1423ac02178934f59c3d47ddb2", + "sha3_256_hash_of_public_key": "4f500c26b0c4ecaa8393c8c669a8bc6b6652a69b4375c34c7f553a1dfc61dc20", + "sha3_256_hash_of_secret_key": "3d9f79a1fb4d58a9848632d580e10829916c1d2e70a8ac04c0aebe5bbe42ead9", "encapsulation_seed": "6b5a14e1473abf5a33d44975ca2088bd8fa6fddcb3f80e8fd5c45b9d90c24a5c", - "sha3_256_hash_of_ciphertext": "6f88eea1ec597548ec3c0d22c60a92ac4b0c3e17e332983d01a0bdda1157ecf6", - "shared_secret": "c5676cf0cc81871d677bd7f5982e6493aa3ea4dffbb30dbaf59e90e4977d2f12" + "sha3_256_hash_of_ciphertext": "807dcaa83e9333be78d92068ef7137aedb892d289dc4d73a940f3967f96288c8", + "shared_secret": "e329efdcdf764506e1b90e25eb2688be4c3785fc61e6f52b22799a4c130f2d23" }, { "key_generation_seed": "4c04310bea66305c6ca8ba6b8f61ca96257a67663afc11761f13fb5c7b324b6b8aec87a9a79204cee2986867a2906eb851b734b8b22b91d6749b1a5f07c44e3b", - "sha3_256_hash_of_public_key": "b899475c1802b1dd76a9783d93b4225dc558eea558ddc598cdc45a898b7bbfb3", - "sha3_256_hash_of_secret_key": "278b448b48a14a9be1ed211228cfab37d07e5f1e502478e3ad059c83a7c83894", + "sha3_256_hash_of_public_key": "c0c5f7d4b5a02c3f5bd2804190e6501b96f9512e4696adc4474fc96c0ec0f93a", + "sha3_256_hash_of_secret_key": "ecf3c7bd0fe76e86370196134b054486fefe1c01fce94a0e1a411310e64ca1a2", "encapsulation_seed": "40e593754e6eddb7f9cf176ba2d5fd1087c90ad377556d0b0f686537b1a3165e", - "sha3_256_hash_of_ciphertext": "36f6daad6b98df3f8e26456d06f112ca69231333e4ebd86e04fe7b8fd8c1bf26", - "shared_secret": "c5b03a417c10715a53f3a1efc044a81e266b40a1b16c87aa1f754146ac39b80e" + "sha3_256_hash_of_ciphertext": "381e68c6b08f3f132190fe79d22b0d43f09f97523c5445065ee6a649529cf595", + "shared_secret": "55ca52096dc335e869b0b4b989020fbdcaba145f9b52ac1dd9453b125dc539a2" }, { "key_generation_seed": "38a0d5f41d7dc1896efd1b45b0485634cef149828751b96087a0a6dd81b4d58aa2acf359556df4a2abaeb9dcee945829beb71185b4d6bd18b76e5668f253383a", - "sha3_256_hash_of_public_key": "1a7e0760c345cb5875303e20e4c72076c794e56ab75231750a190b45f374d979", - "sha3_256_hash_of_secret_key": "eb53a36a9f50baac64b4c7bcb97fecae54d3f66b8311b5a67c5daaefaa63f209", + "sha3_256_hash_of_public_key": "ce80f9c0d66e8ddf2d8a428c25ed9bc4dea70d4d4df5dec8f28bd6ad802d3043", + "sha3_256_hash_of_secret_key": "5efe184b3bec14dab5a9949716aeb9b3bf816b2408ac04fa344761742f27eed5", "encapsulation_seed": "c152523abd8248bed40c3827bcf0f8e8127037a55c780695e2c28ea3e041a44c", - "sha3_256_hash_of_ciphertext": "1b4728ec7c6e90ad99dbee3b83438050df88887de2e6d7a6ec55e7a2f7f1bbc3", - "shared_secret": "38daf9348e4d89149e4968131370ce3d38a4028727fb85d27f87a95b341340fd" + "sha3_256_hash_of_ciphertext": "c5bc628e5caae86332725ad71a762b87c86796721505640abaf3bc1db3faec96", + "shared_secret": "24a5640d7d290b1f60ec2d6df54f2d771882ab1564ec2ae66c0eb50f14762a8e" }, { "key_generation_seed": "97b5665676e59e3538ebadaa8cd50df1f9fda1502d9894c616a946078e56b621df05318b5f655efe36f1b678cf4b875108a18db2fa312261caf839f84bd956c5", - "sha3_256_hash_of_public_key": "0f96fb9e146a1c22cc5d23e9108af0dc5e13b7810b8f5598bbd5f8d4b54c8af7", - "sha3_256_hash_of_secret_key": "d494ee913886be1398be54856ebc83eb8cd7aab4268b976583be2e097edc2d64", + "sha3_256_hash_of_public_key": "680bbbd975db3835d9102bb96c089439d5964fcdafa63cd86bed5ef8d9a4b990", + "sha3_256_hash_of_secret_key": "03a6f481b7ff7b3fc52b1bb7193f11b56c55837255e1bccc235a54b9f32724ff", "encapsulation_seed": "ad6466dd59f26b762fb02b19eedf5f79964da68bce0459b91c3a6ee5a7e01183", - "sha3_256_hash_of_ciphertext": "3934a38f7c11d237b46c9d93a8ab8d3dfc76b3e020b5cfcd0344eae35a333e45", - "shared_secret": "60bc23845c0b116208c0ea02849cea3d8025a7220337c617c4bd304aedcdc1af" + "sha3_256_hash_of_ciphertext": "2f2265b4de51e49a8eba21c996b661655b60ce226d7dd53da817579d9c53f00d", + "shared_secret": "6094a57bdf3b74480b29731fdc5f976e0c23b5759275ae236ecaf9a9cb331dbf" }, { "key_generation_seed": "ef99224a03a85a46ef115474ec5b5d620da6795d6efcca4c9135d19958a9de62df7d92dda83e6b2ef4cce08c9134563063068a196d7b1a1a13623e48ae12528e", - "sha3_256_hash_of_public_key": "0bb63b48b8cdd1c7242bd4f017c519b43502656e23817bfd683150488f8b0b44", - "sha3_256_hash_of_secret_key": "195207c9e44942d5cfbf338fb9f20317d3ae8be85dac5f10dd60abd802a3caa9", + "sha3_256_hash_of_public_key": "dba94ad660ae996986a3321bcccf132d497bb2cb53b6a1817992e5eb25aacce1", + "sha3_256_hash_of_secret_key": "120af281a8c1e9799c5ddcfe0807e628beefddaec1edf14472aa72e5ee00ec94", "encapsulation_seed": "1a4d5dff5847cfb48333e33bb00ca7301b144aa89dcd412ff5a3b1081d775b7f", - "sha3_256_hash_of_ciphertext": "ddcc4d878447ee699abdb85f1463b113784be6d4e42c46379b31c02715243f17", - "shared_secret": "2eb03b010e291fca1bb6ed09d22d50b9c7bec93c556f1f273e57048c9c56bb3c" + "sha3_256_hash_of_ciphertext": "0580a0d4b05dfa377df2473aaf95c276b2ea33721ebac0c568a126f709575b84", + "shared_secret": "c798b2398d8ca4a6fe777a74963266543c7a81f862c845844b0dabceedad6ee6" }, { "key_generation_seed": "b12f6fd965ea9c5b947db80fc60c83d5e232dca82e7263027c19bd62e5a6ff550f6aa3e88f7fa8a96067f8cdaeceeac90c2d0b5e277e56e9c405ec9420c30252", - "sha3_256_hash_of_public_key": "2d19bf7937eeab0d2a7570d43cf965547542a519be85bdd4921f7d710747ec6f", - "sha3_256_hash_of_secret_key": "cd59ca5c7954d87bc8d025683563aab0f9272d6c12cc03914220aa6ee392e6b3", + "sha3_256_hash_of_public_key": "46b03c7f8f64a71e96c2cccd1dd4a9239bcd8b2709b37b7e6b02835f3dc1e24d", + "sha3_256_hash_of_secret_key": "bd2e811ec1c9da5afcbc5560740e7db77de0494e00e964e9f0a5eee6fb1fc963", "encapsulation_seed": "34f44ec2092eeaf686f2ea170591a98527cbb03a4fa9477a7aef6b41a54feeb2", - "sha3_256_hash_of_ciphertext": "86184bc66edef41a25ca3350698277f4e49713b821fd0745d276fe490ac636d9", - "shared_secret": "be892649db60b2ce07ef18c4a709714933542ab94ee3250cea6e7c6f5eee5d5f" + "sha3_256_hash_of_ciphertext": "0aa330b9a2a92d29035d45895392875f8776df8ed67579bc132232d4f25d872e", + "shared_secret": "ac574ff532f1cc76e4e7a58f8ad8e276d60e807fe175b19c871d1b8d30c06fc8" }, { "key_generation_seed": "9f52af92ca165fdc38788f2b59ba02e01c8281ff7c1e60504688043a5fe814b04f3029e1be4e1c0258c3a22ff5b50b2674cc094ba7018da2a61569845c17d26f", - "sha3_256_hash_of_public_key": "6907e1096410ab332e10f37c93d86d9b4657159eac1faffcd1688d182d127844", - "sha3_256_hash_of_secret_key": "250d27ac4dc4447520c4c1193ac57d239857ecbeac2b1009dc08dca2114299ed", + "sha3_256_hash_of_public_key": "abd035f25bcad20e4ee2d794895e77d234a80ff59177ecdede77c1264e4d7918", + "sha3_256_hash_of_secret_key": "f2fadb1ca29bbe8b7065692fd97504b7dca1275a328d3f67958bc55104edd6bb", "encapsulation_seed": "6250c81126572eec2da330271db36ee591f060fc7e53eeefe2e1c476c675fa33", - "sha3_256_hash_of_ciphertext": "51c6ca6d7536a183416b16b1716cecd3d994dba4b5ba019bced87bb51f9cef0a", - "shared_secret": "75556d5854c44805ca5c4bb927c837ff635feaae939220592d89caf74592a0be" + "sha3_256_hash_of_ciphertext": "89b5deb9556783c155da8b95370cc3ef02e1c890c51ec53960614c6de4bb031e", + "shared_secret": "1bdc185a6a1d872036e8a859f13ced91b38115c0c3e642608c1cb6c8e51f4a76" }, { "key_generation_seed": "851ea90fd3854cbf28fe39fb81f68e4b14345cf0d6eee7ec4ce772513df8410d1c0ec046899a777655233e4e1b5ca44e9afbdc67964bfd5d5e3dbb45e60d03cf", - "sha3_256_hash_of_public_key": "379c9176059f3a7ddfe021041301bcebbc91e997a0d5bf2ed1d9d125a7129834", - "sha3_256_hash_of_secret_key": "57df17dd8b9b1411af66d82f61dd61c4f5235f48d503c164ad0da02a598a69b2", + "sha3_256_hash_of_public_key": "5a5e1f55aee1c0a6256ed51c5d0492b2215a71c16b6f0eb9e0a6b346567c6b38", + "sha3_256_hash_of_secret_key": "0a66ba24fc4085eb2d301b2dd6cd0f1285366d4584588208453b38b3dfea8581", "encapsulation_seed": "35d470bcc5880872754810dfb3f2796da2fd7f397537146f6488c27804072b34", - "sha3_256_hash_of_ciphertext": "a5773e0569d9e26225b05bd61591d1722c4c1396789ce3156ef749c115949ace", - "shared_secret": "469d60c303b10f517a932d9fc090e61802003e9cba3630224f2c43a4727230e1" + "sha3_256_hash_of_ciphertext": "9233674d4ee76dd5e223e449ae63a8a01cf4d84046c1c2d9dcf3e91e397ba4b9", + "shared_secret": "f3bc901de0d6680cf84346aba78b5f181e4264db6a0682c04686cc4c1189e50f" }, { "key_generation_seed": "d304c9389cc973477f169788abcb9d511f843219d246a9b587822f422a70c2386590a2e5c7ed86cf2c5c2a898662bc9a81418720bbb632ef9cf0b845ed052d73", - "sha3_256_hash_of_public_key": "f5515b23187af5dac6d1d090bc7bc01df34ec781561e3d3b8b62164f74946802", - "sha3_256_hash_of_secret_key": "2ab40ea093450e534152efb278b45038f1f2cccf13a654f1c5c27b8c389f6129", + "sha3_256_hash_of_public_key": "4206dcef1444b937700ee59389299a5d57d73ffb8d5559e9be2ade61b8b79569", + "sha3_256_hash_of_secret_key": "81a4e4caa46c883574984f71b122ed7efb7c369dcd3b6bcc1b6c61b9a3339612", "encapsulation_seed": "8d667921c5db401a86fe1c35dfcf164a6bb2ab7400fd6a0b67eafd4a0ed11940", - "sha3_256_hash_of_ciphertext": "d1b469613c872181c4428440cec1ccf87b82303e4979de6eddd437decd8afecd", - "shared_secret": "b545dc066355b91cef05e65107fa11070c455209c55573cc549cd053c8e4155a" + "sha3_256_hash_of_ciphertext": "0fb10394527c82b91b0253868a01a330a291e660bcd91a57bf8d922b426894cc", + "shared_secret": "61863ecb6b42bb1af06b83263c5fe95c66032597c924369858b530f11ad1c557" }, { "key_generation_seed": "89a6e3be304a3518fb82b18ca730f0b359cd6ba90664a493fb4f8edaf965b9c3b6591121e25d64010c25a18676033e1d7278ac5f2d0b43a31f3a4156ae710465", - "sha3_256_hash_of_public_key": "9dc0d69094efe63d751e6f9c1e92d2107a7b45fabb820222d30b11595c351643", - "sha3_256_hash_of_secret_key": "00f4a04ab804f2fa3ed80a0fa4530fd45ebff8afadf5f5b7d46a672c690ac3ac", + "sha3_256_hash_of_public_key": "ecf79082f0a70bf91879f04d701b874e718a6f80f251d986f1d448218e2dba05", + "sha3_256_hash_of_secret_key": "636f7b5a71823a450827d0b1d62886abe3195cd149aa94e21971500d5e8cacfb", "encapsulation_seed": "ec750b3939385a3f8df868119dc76f77ca845567ef068de6ada5478a56bc78b6", - "sha3_256_hash_of_ciphertext": "774abc2c6dc9570eb781a39f79f49f2cc6870a43e8812559d89d1c59bb1aa5ef", - "shared_secret": "2c42bc4a172c928bc6ec7480785d63f7281a9e5acfd3f94335d6d7fe5fb9c5d4" + "sha3_256_hash_of_ciphertext": "3409c42317e4ad9e4c7baec74ca8a2a8b4a684e9805967a4364d8c82a7d46350", + "shared_secret": "f7a6bfd175be93e079f6e9dba996f887a981b3e4de71401be391a6b3bb083beb" }, { "key_generation_seed": "d569b935ce015c85f792f8f7fb0d83c4f53b492959361dd4f75fb764d656450176eae84d11c4528382828f7a689a0d5cff87b8ca0bba97feacb39b935a8788cb", - "sha3_256_hash_of_public_key": "16829a8aa9f8c4e949d4e6388448c2c4ec6a977f8c5fb80bd75d93a723bc9bbe", - "sha3_256_hash_of_secret_key": "659cb66f989532fdf5a741fd03862fb142a05a0fb43ae20bffc5116de1a66d57", + "sha3_256_hash_of_public_key": "ccb0b82755814de055067899e6900234a10b223ae2eb0c5fc2cb6dc80c14d476", + "sha3_256_hash_of_secret_key": "0ec84a10c5c8b808c20bee872ddc3644f47aa354a563d1501efd59a2481d011b", "encapsulation_seed": "74f1d52af09b12c36eb062ea7528550cb4c18a3ce8e4f4ea9fac43ae383bc925", - "sha3_256_hash_of_ciphertext": "ff53eb11ffac30f45bc8327d7e7d518f1c2d71bae0052ce8e15903c8d14978e7", - "shared_secret": "230a69c53e2192eed6c9b876d6b228fb666b19448e0a2ef8601910d624bc173f" + "sha3_256_hash_of_ciphertext": "4796666c40df423443bdfcb143dab3135a5dff82fdd29656fa0ec719ca052d40", + "shared_secret": "d9a26637ecaca3315e39d1f2a4f84d2c861fb6383e3f6e6026a7622209ceeabb" }, { "key_generation_seed": "5cbb141c2763425c274f7404fe530d9116e08c33f9f200a20b011cf563a28990fc9ebbe336dc464489861db8253606971bd0a9008a433ed17752d04023781552", - "sha3_256_hash_of_public_key": "90fe22b38a4fafc045cdbe0c9689745fb45760cb2f0f94f7d13cf8c834c4df3c", - "sha3_256_hash_of_secret_key": "10a89c990c7676890a65e1c776cf892ef1431d56fc115ef3115c0b8f91db0690", + "sha3_256_hash_of_public_key": "934a0337d7b76ba83dd05a4ed818174aec5065993db278552f32af640097ce97", + "sha3_256_hash_of_secret_key": "bfb5736d9164a92877578cf0287d57e8117ebf27ea440995273fe24ecac8fce8", "encapsulation_seed": "4b3a70d85f640d1a2a852fb6fe96704af56a7415a8ee4282e9207bc3a2dc116a", - "sha3_256_hash_of_ciphertext": "3d1fa5720670ea284567d32beaca2e56853f7b6268e32af381034f13e4cd4853", - "shared_secret": "327c548d7df90d813f3b3c92e908c4c55fe4c7277f91b6fa2271c0f149dfb273" + "sha3_256_hash_of_ciphertext": "c6ca3b3b5ea095d671aee3c4d3b5f6ad439582ee3f71f128143fe01308511b03", + "shared_secret": "287a28afc86b4294ed65766aa77af1c06de1811b859fc0edf5d32b2e8d5d178f" }, { "key_generation_seed": "293abb6d1c207927945417cf84883ef010823e11b487ed55239e466e83696d0cff8563038aad865a817cab9ce98846ba75be9363718ecf5fea538aea90b2a558", - "sha3_256_hash_of_public_key": "c277a9588d9a781ddff6aa9ea8d259e5599d0adaba2f459598ebd5bc72786023", - "sha3_256_hash_of_secret_key": "40609cf26d205ce694ca8baa097bc1342d2462a26678eab90893da147e389d3e", + "sha3_256_hash_of_public_key": "d8594fdab618acf08669dfa36e80546853fad47833f24e32ca38b8010c1f78a7", + "sha3_256_hash_of_secret_key": "dd03373f5f7333db193db88fc76dd506745e22f5c966054b1082b1e35499cef1", "encapsulation_seed": "26e38ac804fb5b4d59ddf747715e7e6041d875f99c7b638024b4af82d622da60", - "sha3_256_hash_of_ciphertext": "bd274d905deacefc3d90a9ed76d59af4e814cfc06c118ec17662afa4f6b4fdd6", - "shared_secret": "0d95796efa11ef2b4f05d0cd9e1d8db26f3e5839fbba7cd84e00d468decc088c" + "sha3_256_hash_of_ciphertext": "52584430c3c95fcf3ff154e68681aad08ce815e2b8fb2ea29af5c9b9b9dbfa4a", + "shared_secret": "9bfdfc3572dcfbd3a7daa91cabd1458b9548ad62dc0f1cb27406ff2421046282" }, { "key_generation_seed": "74d87c7556f2671f2d666854a4d6e073e69f35421e6e1a428cccea49c37f972ce1fb7456ac0aa1b97068f452cba64ebdc138bcf5d36b0a0fada2a3b374141eb9", - "sha3_256_hash_of_public_key": "d3c8cc315c4054d09deac08c6d5d364fd5d47a3c09041bee42c561f978e2d98f", - "sha3_256_hash_of_secret_key": "3e1b23ca9dc111c4a3cb0a585c7f4e5d1f27a71533eaa5347e285c7c35e81990", + "sha3_256_hash_of_public_key": "d5aa695ed35bb69221a107c73d8fcbd77b3380c10ef11a9464cdb1d7922b33da", + "sha3_256_hash_of_secret_key": "bc7a92d35223648c83e8c0432e0a5cfaeecd5781511f5647cb06a59ebfd82c38", "encapsulation_seed": "a319d2b8f114f1acd866478bcdeba6fd164dc4e37b0adfa8d8034afb3e197376", - "sha3_256_hash_of_ciphertext": "c866f33265de001b3308ec41682803d46dc61d423d61565aa5ab2f1367c93e3d", - "shared_secret": "cc047c6cad36dd056b84e6b9a4fb6b1b349d593e104ba94a67b107b291ca4633" + "sha3_256_hash_of_ciphertext": "71c7567b921a906a57c570ee63422ab803d692da8b9be3ce184d194c6802e844", + "shared_secret": "7a9bf279089ce02f4da09a3055c7d8323a9f5880d6b6c0a07cca7d8d7f938e0f" }, { "key_generation_seed": "013bab0212d04ecd54b478daf72748003a25e2cb060ba6cc50bf95c292b8206b9da0c5da5f195b80fbb99c2e8b06926074f3f604b3f6195b5a5b9737876bba72", - "sha3_256_hash_of_public_key": "dd1a07043fa0c6452500249601f25de742ab44213e2718cf0ddc5ff6a2a9aa6a", - "sha3_256_hash_of_secret_key": "2cfeaf5c1b4195f0374256027d3a888e9a093de8ff9181296d5b1b94048de38a", + "sha3_256_hash_of_public_key": "b0a3984fc13ffc6860669994565b9344de9c6eb081e6e4e904bc22b9af2b9891", + "sha3_256_hash_of_secret_key": "957e9bebad0ad2aa007e1e04dc78b5990c68bd2e863cbc14880058d4950d635c", "encapsulation_seed": "ff646071b2509e6b75790917e08e4f0b0d9f0116ec6291c0b59eaa4b583ad830", - "sha3_256_hash_of_ciphertext": "6dad2899c49ef32329180b6b8749c28a24e070fe989027061dea25f0b05490b3", - "shared_secret": "2faf2dd50be618b025cd2b53365221f5258e175e4a445cf053c66b3d3a998c8a" + "sha3_256_hash_of_ciphertext": "eb38d742fee33458b092a04bf37668a9878a6ca76ddf96b19ae99fdf84fc0516", + "shared_secret": "ca5b135e2011c61ec9c4914324b6064393544743885baae2f49c47c02597ebfe" }, { "key_generation_seed": "ccb073c4b90be0ad746e26fb093b60c70110bd1dcbcddb566a8cffb7b3caf80e71600a8982c350df524cde514431ded7aec23576530894bcbf0ec0bfef0bb64f", - "sha3_256_hash_of_public_key": "f2a8cad42c743eb61aa338049ce917616899c803358541de1e58cbbdcf3c6328", - "sha3_256_hash_of_secret_key": "7a9ebb792c7193ffefe6e4760ebd0dec6f67c3f3b0fddb5abb4b7e931ee827e6", + "sha3_256_hash_of_public_key": "a89eaf6058fec4baf40c66232a3bfb19625ca6c502007d281f1fccded5fe4d90", + "sha3_256_hash_of_secret_key": "b788bcce1ba061bc44e2d0923dbb51a93c9da65f34c24c15b4f5e978342f17a7", "encapsulation_seed": "0584270ec26f3b9818e4af074d17b2d51037cc8dfdcbe3b140fa4fed5deebc54", - "sha3_256_hash_of_ciphertext": "125f7da90bdf4bbeecc54e47e065b221a6ce42d0569530c136ce2c9415b17e79", - "shared_secret": "cd890d2eee7f747441ca9448c7192bcc274e8b0c3c80005cb6fdb4691186d85d" + "sha3_256_hash_of_ciphertext": "5357f60afbb1d8bd9499daedd0806d5d777b155c099b0a1bd12bd22a9a158c48", + "shared_secret": "9baaa93879d2499d70fda552ce3c6cb030495c99da8934a700327c25a6a2cf8e" }, { "key_generation_seed": "2e889f44e28901e9ac7ca6b2fffcb124c8979401b17064d7e1d51a7e3c3adbfa0e145e44aae52cfc609e6f47fd7a6f6af877190ff52256d0ac5b05b89c3f449f", - "sha3_256_hash_of_public_key": "3394e8401245fd6348bfa697f6990b6671577ec7b35a45b0101730a801942643", - "sha3_256_hash_of_secret_key": "3ecbb219e90e2250ad5ba87f53975439cacc030c3e1641b87ba8c5b3d89a4aba", + "sha3_256_hash_of_public_key": "80b93464a435b551b5b59daf155bf824f178335d0d2429544fb0ad8f2f0cb8e2", + "sha3_256_hash_of_secret_key": "35d9b38396e525ce4d23bf95670794512922fc90df8b774e2fc3c2019e6a39a5", "encapsulation_seed": "51e05c7b4ca3079781e8293f4eccebeeb2f8c8b4c59468eddb62a21bcb4ab8a3", - "sha3_256_hash_of_ciphertext": "6cd30cb202554c18809da0819ced4cfe83021874fa9c48c3374b7544e3256f5b", - "shared_secret": "e7942359dfb015d5022b790b5e777a93a5963260ae352567d3fb7e27b2ef0bab" + "sha3_256_hash_of_ciphertext": "a6fafb106b9c313484f2f855a36fc50a533a7808b54779243e12ad0ea25afb9a", + "shared_secret": "58af802548d173804a1d405b79fb292af5b5e18d582eac78221a1cea893757d3" }, { "key_generation_seed": "174aaa36410566dc15a5e62874218d7abdde0b2c0f30d877bb80b1abd5f5a0a450a7a2354f7e5cefa6f4a4e9a1c411eb9364506e9e1204a8acb3cb77fbd2c4ed", - "sha3_256_hash_of_public_key": "ec9c0d68c84cf3804f14e8daffdd1e28c28d3d55ee782c98c498b0d9bd4ebb23", - "sha3_256_hash_of_secret_key": "24a2b3c3efd979a1406e92d5c504d5004079965b5fd0492469f1b4250f7023ff", + "sha3_256_hash_of_public_key": "77fb974ccaeed64d486756e7a0ebed1b0253b4e8ae0d6caa6e4dc28daf8613c4", + "sha3_256_hash_of_secret_key": "2f0cbd4a26a128100f5216e0c484c21a493cee0649e44fb1a352ba28ddb567cb", "encapsulation_seed": "9eca0fe36c80fc5eba171c3ae66a5b1c923faa50b4521bb055e7bf51005c93df", - "sha3_256_hash_of_ciphertext": "a2c6cfb957639661086b02d9a312e7483150fae87d84f21f56e48850af7e3b62", - "shared_secret": "5d7b6ecaadbae69fbaa9e004634ea609df6ec80801bbe73671f4e52169cc9683" + "sha3_256_hash_of_ciphertext": "5ec29e7d6f484ca9c6d2cf1d4266df4d72e9bfcf0ffd968be46519be733aa2b8", + "shared_secret": "4e917ad1cd0754e5af0e862e4ca55f6002c919a034f5258624697aa8fcadf76c" }, { "key_generation_seed": "351fe4313e2da7fac83d509f3103caf7b4c64a4d458fefdf636785ac361a1390f072d9b5a99f9c7a0a011e4dc10f6b600d611f40bba75071e7bee61d23fd5eda", - "sha3_256_hash_of_public_key": "a9d7d5a52aa2dc226832f6e4603322f60b1dc21207e3360712f9c6445d37e64d", - "sha3_256_hash_of_secret_key": "2e5342a1c2f58a48e044a26673799c63f88656f6d350a0d7e57bbf8811b2a5e9", + "sha3_256_hash_of_public_key": "980defe8c6578a5d9f0c7916576e760f8b37df394e517e60efe2844540fa5281", + "sha3_256_hash_of_secret_key": "ffd25b298e4fc5df0cfa979e2e4c1deec257612543c60b7f64542387fb254e97", "encapsulation_seed": "0c5719261caab51ae66b8c32e21c34e6d86ee4aa127d1b0195663c066497b2e9", - "sha3_256_hash_of_ciphertext": "b79a2fbd2e63aa66a526fbb42440224fad7ce91206df3684d1deb4a3e57bfafa", - "shared_secret": "547666f6c72c97a8f06fbd7cda4279165dc82489aba2119416e0dc46795bc464" + "sha3_256_hash_of_ciphertext": "b30c4c6ef874b746d2bdc4073a12d5ccb48ce604b3978687df16505897cabe82", + "shared_secret": "12ff2c4d37b7cfcd87dad305c59bf2e53451b0d7340ec7ca504e0a6bdb629532" }, { "key_generation_seed": "9bc5315580207c6c16dcf3a30c48daf278de12e8c27df6733e62f799068ad23d5a4d0a8a41c4f666854e9b13673071ceb2fd61def9a850c211e7c50071b1ddad", - "sha3_256_hash_of_public_key": "fa7ba132b5dfa2e3ce67b64bc72d551f3290d428cfbd45ec026f44c8dc28334d", - "sha3_256_hash_of_secret_key": "34306d06720216257691fc65054ed32decd609312f5c5f061e7763ae73fe0aba", + "sha3_256_hash_of_public_key": "d61e3bc88050ad387e31f232b0a43b3bea53627750f6af50b92bd72d67225ec5", + "sha3_256_hash_of_secret_key": "4ac574a1526dbe11823c392e405d59f6e28b377d68a3c70bee4c0393e724a322", "encapsulation_seed": "0e59f6f9047c784c1f00b24454aa4f1bd32c92ae7e626549972f86fab90e7e89", - "sha3_256_hash_of_ciphertext": "acd7944297fc3b0d2daa3b0cbc999a43de7e9f948d39b9c6a4746873e285f8a8", - "shared_secret": "88c80381cde3db2c1d40aedf8cf923b79b18cf76efe0e46edc3e25e17c7cd8c6" + "sha3_256_hash_of_ciphertext": "acf44abb41216fa8aef76fe78c416d2423b2ab54d09107fc10cf96bf5aa23af4", + "shared_secret": "63e76a1f1f3b775218902e2411e60a634ba51a51e6d16affc9978857f9242a56" }, { "key_generation_seed": "d8b907b34d152ff8603b73051f772daa71eb902c47b7e2f070508269d757e02e36b817736cbc5f7b1dd6eef5fe6332fb1a598f3871e5470d440fd2ea631da28a", - "sha3_256_hash_of_public_key": "29f8a01ba71d04d6831c03d1ff294fb58ef6f4041772cc071074829c32a3ac9d", - "sha3_256_hash_of_secret_key": "95f9b4063bf05f89ca9f99e393b11c0f2105eafe40abb313f345b58e10519955", + "sha3_256_hash_of_public_key": "e1f04e79eead71b8a5a1f1df186fc6c49c981fb42907d705362c69fa907831ce", + "sha3_256_hash_of_secret_key": "3de13af567f679b0db868f14500c88264838c11de18560bffbaf76c39a0ae8ed", "encapsulation_seed": "a3963ade17d69debbc358dda82c7bebe2c39d25b36813058e7a161542e3f8c2b", - "sha3_256_hash_of_ciphertext": "096f7946c01dc61a13dac8b85d9c377f9c86aaf8ddc02163a74169854046a1b0", - "shared_secret": "ccda9f28bb09dc0017a1df8e1796a3489c66afd2c3898a39027c843cf022b790" + "sha3_256_hash_of_ciphertext": "6fe9a067c7ab99d00f049993f1bcc1dc31cb5f49c40292e4ea495b6929578966", + "shared_secret": "c8190ec44fd30bc0a87e53c01423b2d7e34421708dad96ff36108f7e4f6c946f" }, { "key_generation_seed": "684a29e4e5480a5f2533e1526b5fac8cdf5927f3d85087c71f928c59690eb56575d12195ec32a8686d0600e45d4a7f54219b0d7a3826d193a51b9156ecf2edd6", - "sha3_256_hash_of_public_key": "357376de9843d74252466888727f9dc1ef48d028c0f52c902aa0dfc3de374c83", - "sha3_256_hash_of_secret_key": "b8d675ce213c73f9792f328448850047f4410fc500212939ab2e234b619c9104", + "sha3_256_hash_of_public_key": "d74e311ba5d734ae2c606d96748cc442aa4bd69460dc2fdf6f6fa8e7afa6af8f", + "sha3_256_hash_of_secret_key": "a0873e0ea7707829726b78601828ae101377426881ff4799a6364e9d9c42e491", "encapsulation_seed": "97beafabf2c8575586487c7a80e8af5fc50f94b6051c1bc66a5ae9f66be3cea7", - "sha3_256_hash_of_ciphertext": "a0810d28d2dec44499bc47d48ae22984c17728547c3ff0cc859702d2a6962f88", - "shared_secret": "caea7e78e6f80e126a9f41ddc0ae5946a80cdf617635934b22c9097c5090ce59" + "sha3_256_hash_of_ciphertext": "e3daccd3cfe9e491e3b3392e02e99eaf6b4127cd2634aed63fc9ddccef980042", + "shared_secret": "ad277878eee2d9a256573ead742baf0cf7daaf2c9296d2d3a005e99a0862cd05" }, { "key_generation_seed": "d76b3573f596eb286ab5231feec7499686b13021be36cb126c7ebeb9d7030daf248c0a21ea0bb6d6f56f12300e8584d8e9a34e0e6f52227281151ae4c305fb8f", - "sha3_256_hash_of_public_key": "30382cb59feee1b6b0fc129fecb8c74034da92987249bc20cc8ad4a2cfc1bfe0", - "sha3_256_hash_of_secret_key": "2600203271549828d0979adea52e2e976b7d9f85bfa6931d6c79e14137fad51c", + "sha3_256_hash_of_public_key": "8e1f82b5bb2be84802904df92cc59847bac515c23b50daee429eb8c94daae147", + "sha3_256_hash_of_secret_key": "1832add5939d7ae08e4694f416d3f26be1132644f456c1e571f478fc7d263755", "encapsulation_seed": "75461decd34c50d6a094b4a64fb75e5e9479f8f9250d82bb7d729dedeb2d4b65", - "sha3_256_hash_of_ciphertext": "4d20b7665cdea726a3240782143beb60585d4ae39bf18f4ab5343d4f44c7acd6", - "shared_secret": "431bba421ea89647d815a16f440d47f1604b67d9a2d33f2dcd21dae7e65bd5ce" + "sha3_256_hash_of_ciphertext": "73ecca3ae4ba76d11bedc7fa427b4174622b4617809397345bf52c73d948ccb0", + "shared_secret": "c4be00089dae8cc78187a857fc05261b08cdb75b113ec2e9b295818e00a5b0f8" }, { "key_generation_seed": "b87439fde81c9e39eebe7cf741c685785532c1dd23e8ef868b9ce7a541010f3d1646460817a0fce5836bdfe124a7448e7adf7b8ecc2652ac6d280e986682df71", - "sha3_256_hash_of_public_key": "f4e474fd64a6d945e85eb4ee7509cc99fd4054de99f819fdbbb05c54ca6e36da", - "sha3_256_hash_of_secret_key": "d8a3a0edc73fee057281add9e7cb328566fb22c5082978c69088d76e98ffff90", + "sha3_256_hash_of_public_key": "4a578f7a30dad7dc700ddaaa4a07ae3661cd2f542663e9dea36441a18982cb1e", + "sha3_256_hash_of_secret_key": "d4ee51b717953716b5c962ce3794d405f97e8b2684d04c2a4bf129a8cec23087", "encapsulation_seed": "2607dcf4fd6ca1c614c21b5e37c24981c32b91c8c3e6955777da8a3f5d9c9335", - "sha3_256_hash_of_ciphertext": "0f18bede2f42d6fdf32dcd2cf8937ee8d2909eef0aaca8586c3892d608712a98", - "shared_secret": "cc0a7809cf6787a4587e090249709f694b709ec8475a42b4705bd1ba312c098e" + "sha3_256_hash_of_ciphertext": "1951a0693a870105b90ef2a2a465ce9f75a3e01204026e05235d44a53190f363", + "shared_secret": "f4413efa8dba4bf3b8da9cfa4f3ff3d7bae540c7f242a377a1f9a783f7b69542" }, { "key_generation_seed": "056661b38038da4fdd7426f32a81576c73ed84843b305168a374f934e27a4e1b79238a80dcfd7c992d84b2dffa67493e669243d4fa38c46b090bdf86bc548411", - "sha3_256_hash_of_public_key": "50688de263a82386f39a7b82592247bf5499f1836a3a941413c75f6331ce4031", - "sha3_256_hash_of_secret_key": "ff207007724ca5d696ba44cb106f525858111d55323c9fc0fb98d64d4f8de8d8", + "sha3_256_hash_of_public_key": "bd7c4b5dcdb1e5e85f26c47050d5a34ad902eaa7a291acd826be0b2131156796", + "sha3_256_hash_of_secret_key": "208967e997b80f07f57464dc236175b5b1d9d39105f0d6393f3bbf3b244436be", "encapsulation_seed": "38c89bbe7145c29e9a831c11431eb9929cb24fb4992db20737e4687d397fd732", - "sha3_256_hash_of_ciphertext": "9dcc43fabf94918ed4f7936960d8c732deb2209090d1303d62d5ba591b51a142", - "shared_secret": "cf21da86b3e09c38ce5799637b1492a1a268dbf0ac716499c68bac11a774f41c" + "sha3_256_hash_of_ciphertext": "fb05d51f1fb25937ab5377be13522f3e7daf6c4cbeea16ba59e4864fff72883c", + "shared_secret": "1ee5706ff92d964b406807e97547072b0108466d36d2ccd7107121ff5e8e5d56" }, { "key_generation_seed": "a1b52d871612a1c611ae0944f9e71858f35d3bd14f20e96a931720668bdf0a6b1f135cf64b6403e103afae34da038613e2853bbfc36baafa3c6a95347193f37c", - "sha3_256_hash_of_public_key": "1a29c0f2dc4089a85db6865ec90faf2f4ddd25f210eb56e49741866bbca8cf81", - "sha3_256_hash_of_secret_key": "477dbc28e4f21587f274e7a3b673f743840da1501c35f0e9ceb8972970de6f86", + "sha3_256_hash_of_public_key": "c3ecb18be331d910bb3800749fc94108e75153523c20ff6e89d53f802b23c634", + "sha3_256_hash_of_secret_key": "96dda5fc88ca618a47b2dd57fd57e14e717dfbfe59165ea6dc65c71a76ffce2b", "encapsulation_seed": "b2c35e33c72d90182791f0e12a0324f5b216efcab2c8da1bee025dfbe13f4152", - "sha3_256_hash_of_ciphertext": "877f477beda55ed2a7c34408c04b4a90596b4d94ac1830bc04a0ac9b73761ffe", - "shared_secret": "b56f557eb758ae10d22b5d65847cd811475b96f5a46b0ed3bc2f1b9b371fef0f" + "sha3_256_hash_of_ciphertext": "7afeba66a6b9933fc6c468781ef721c530afd47c2e061e307a927cb401c7dd5d", + "shared_secret": "7544bba4833759c97bcccda3a5018f3efe76878b89a7e3b622c7ecb84bbc76f7" }, { "key_generation_seed": "952b49c803d6d6fba69f4375adce8594847a00bcae2179da49af2aed0423250262d7033947ae42ca53522a65fbafe18d3bc3e0cb66164e9a094fe4b44d8977ed", - "sha3_256_hash_of_public_key": "3fffc419d3d8a887ff789eb661b2af1ee5b32a302ca267b33eac2ea7e3340b97", - "sha3_256_hash_of_secret_key": "0f42068d2885e1a44b2ce4042675118f4fa35f58c1206b965b57ccb52c4f25f8", + "sha3_256_hash_of_public_key": "7fea0580712265383dbdf8c3d33e0718a34646e0ad56f9d2b504dabde37714c8", + "sha3_256_hash_of_secret_key": "ac73423f1f023605c31289e52dd6b93738ceb80f4cff6f5078148287011cc971", "encapsulation_seed": "afb7d6dc2b7eb6d84acc080c1be63c98afe7b07786b5801f716444a3e8e64800", - "sha3_256_hash_of_ciphertext": "d8f7b4a0047c18a84ed13e3057e240cb578cdd2ac1e57dbbd6253eca9208d6df", - "shared_secret": "aec1264f12ddd2ee8e51b71d703ca5c2718dbd79858240635f9b076c749a5ffb" + "sha3_256_hash_of_ciphertext": "ced964577aa26c43e32be71e5d28e712930942a7bba6cf6b8e895a3627300c9e", + "shared_secret": "0ba3e280117390015d3872dfdd37a4688dcd8b188ebd4a3d4dde1ddf0216aefe" }, { "key_generation_seed": "3c815e57e9233e975fa1630208aab206b71ae0db37a7a8789ac683d9f9b2d29801c8e376fdb140ee343106c093af7cb149b316ba79446ceb4e5e0cedb9b164f9", - "sha3_256_hash_of_public_key": "f1de70b1072881eb659a5e890a92c9313c7378d2e960a060b9c918260d4c2458", - "sha3_256_hash_of_secret_key": "ecd9d757d80352b4fb51c71976d7b2ddeb927052f9f7a7cc61fa67662d4dc86f", + "sha3_256_hash_of_public_key": "bd80f5c5452d1336cfc1cca76d1770b5524b68540b8722795f17d639791a85fb", + "sha3_256_hash_of_secret_key": "7b58737b40a0f1e576b5f66de4838cd15ad754884d91eb16a3f571cdb079818a", "encapsulation_seed": "28f5e9dbda122b2cf8f3754fe9e0c73a84ad4b0c093522e0b62cf815d60bbc3c", - "sha3_256_hash_of_ciphertext": "10b2b1dfe168aace0dce3776456c2e2605f99fdeaadfa3ff5e7a81f6bafcb76d", - "shared_secret": "6514a3b97760070116c64014c5695df60d0345b29ada92fe24b672586f5bf06e" + "sha3_256_hash_of_ciphertext": "ef240b91b08e0d7bf6727869b881d7d22530b1f643d1f6e38ecb7fa8acb0c819", + "shared_secret": "f02b50d251193fedd23743b33c4a2610adee54b61de0a780ea5247801c86fed4" }, { "key_generation_seed": "588760826dcfbd36d9abe6ae44a669bb3ebba6a218eab69e30f18a3bd536576e0e860576285483bb5fd36e2f944d32c4317bebc1e441470c1372046a790d79d4", - "sha3_256_hash_of_public_key": "b0c77b5407577a9a9cd8864efb80974aae107fa2801b6ccaf341d5456a86621f", - "sha3_256_hash_of_secret_key": "0feade68babcf09673bf843c59379520c19081f2bc33940a8dfcee07832ec66d", + "sha3_256_hash_of_public_key": "de22432e87b3e1627bf1ce346187554469241c565a5c14cadfbff29e6bdd8d01", + "sha3_256_hash_of_secret_key": "ca3fd2d8485917d199c03c92e01ac70fad179957e8d4cb83925c2820a0217cb6", "encapsulation_seed": "b0d713cbef0bb1df70cbb425d1e9373e9f7790fdc7980cc96a240dfc53f1e8e2", - "sha3_256_hash_of_ciphertext": "b204aa70efa18e31a11b6b92e6c7dab4b2f4766ec5d302a0e93e4feb05fe4843", - "shared_secret": "52344e5e173fc6088c9dc555cc90d8e5de19bdfa0d657ad8de1a3c24ea679bb3" + "sha3_256_hash_of_ciphertext": "2999800b672abb8ae74c0e7c3a275c7557834e72d7cfccc2ee787cb363fb7171", + "shared_secret": "b8651dbc22b4c050fd45f4d0c035c01fa7f12c7b8670f2f2c204eb7b2081d47e" }, { "key_generation_seed": "47550e9edacb6ddce3d9ab81f6b61080dd4f2693854acb05e0ccc7a4fb6390fbf89d7d99d5c3e0d10d6ef9af054d842375f695abb28e3b8eb495100f04306e92", - "sha3_256_hash_of_public_key": "255d2e2fe01c87cf70bc30703644fc255f83fb47cc5cc5ae2c0e49d6198cae03", - "sha3_256_hash_of_secret_key": "1b1050f38bdb785ed43daa264b60c7946d93f135c65e93c95c39fd1f2d7b5311", + "sha3_256_hash_of_public_key": "1ab5d1bff67b0e5d82b9e9e2690083ceb0529c937a3dab8c62c17c5678ff82fa", + "sha3_256_hash_of_secret_key": "c85f17a54f7ebd908d12286bb5c3ddc8bbadd33c4e9c8220f145f6f96eeb8c97", "encapsulation_seed": "32bdcdb7059fe27f6409901980c080308951ffd90deffa8317b4d213a5f04495", - "sha3_256_hash_of_ciphertext": "55165f35498250256c30d0f0fba6ec57db352a6ebc05ac42eaa8982b2d48af5c", - "shared_secret": "ce80f65731c8fac072f7153bbdc425f76189d01bacee8462060c62dfeddfaf64" + "sha3_256_hash_of_ciphertext": "acb8d1127066a716067178df7b5cb5e341ce8266ac52265d2471063c999e6162", + "shared_secret": "ad703d0bd4448d8ccd0f1816e024e7bbae4c26017c5b93db0d2a0ee090f8ee7e" }, { "key_generation_seed": "610afb64be8cc1df288cfb016ee2f44c6c07113de7f6fee071fe0c3fe31c6215cd292e4c5f9e1a55e0489bceffb204d672a6215f4f3980a646d9f880817c52dd", - "sha3_256_hash_of_public_key": "63b304a19162abdc4234e6046109f99f955695580a8b782017e107e45575bd78", - "sha3_256_hash_of_secret_key": "19aba21e57d4b3aca7209fd5cbd15f9e7cb9f6777960d9452fed866e9e9234f0", + "sha3_256_hash_of_public_key": "daecbaf99973c4a2f7733e70193e1bd7ce2cef900bb0ccdb344a8ab92fece749", + "sha3_256_hash_of_secret_key": "82f4f2b59ff099e72adc8ae3a2cd3e22d794591d860ef56b8012c34bfe4d16ac", "encapsulation_seed": "4ed7c92d83bd03b2a25b567f17ae55542e2f6a4308ec0f3fe69f8ba5ae24331b", - "sha3_256_hash_of_ciphertext": "5eddd27af25f9553e3a5b20e4de86280c65eb689ffa7773dbb5d24640bf51248", - "shared_secret": "3b23a3cfe57897fa9cb691ee9805739f40d2bf22930ca9ee48ebb7163cd66bb0" + "sha3_256_hash_of_ciphertext": "0c31ab156cf75c5a05d91181b9674eb15cead52aeb4f5686158177152da196d5", + "shared_secret": "be5ef071211ee9026f0a2ca4d34a71b516ddadeca881f32705cd85e19d80b233" }, { "key_generation_seed": "e1953800acaa85ac02a906c72cb8e8d704e8d27820345f88f71e89c1f549afcc8c64c049c6dfc0f1476cffd520b055756162f7ec94243de6b14ac0b9e5fb366c", - "sha3_256_hash_of_public_key": "3c598a48b06d7474da19ca85aff6b2b3303b5d25b96088c52a08cc7f1e87c5fd", - "sha3_256_hash_of_secret_key": "03c563426eb21d277421a30ca8980d4de86f7aedead9ab9aefb3d7362104ec50", + "sha3_256_hash_of_public_key": "e26f015ade2c914dcd068c7899dbf3aca3d9cf5d6d02b2541da3866666355d16", + "sha3_256_hash_of_secret_key": "dbabe1a48f2dacaf6ec42ff2f11662b7f5ccc414dcfe56bba5e6dbd58c95e747", "encapsulation_seed": "060ea5d2ed1dd88144a9885e79278590821c22917b55a48920f96b53ebe0e689", - "sha3_256_hash_of_ciphertext": "244dfd0105b643caafe35fdc184b8e23c7538370d545e6f08357e83f413de258", - "shared_secret": "272ecae17c3d107a8b008f60c8844ac01e09b8bee17eb4972f5f71774af2d54c" + "sha3_256_hash_of_ciphertext": "af4e98c6306d11f798678a562eebeddb54d90ccffd16f682e78cd4a031a8d809", + "shared_secret": "69cfa5c666c6cbdc6eec7ef004a6b4464ea6b11126aa209142ca28a97cd5505a" }, { "key_generation_seed": "c719f9b2d16399b7326ce4eca30dabefe8fdaab18e9f6df888b0a134ef355570e40771856eb77e4633504899fcb86c6a3d433d0b8d60e26f07bd61f1d4ed69bd", - "sha3_256_hash_of_public_key": "9911b6283fc6dee66e16d411fe39bbc9f53c30bb54f05044b96c740ca051c61c", - "sha3_256_hash_of_secret_key": "06751acd0a50beca92428cf8c803af429068d4e5c4f74cc59e6d3275ea6da737", + "sha3_256_hash_of_public_key": "c6ca25b76c4f29e0da8a73939ce8e06a0f6afaf932b5b3ba52d77c8019234be5", + "sha3_256_hash_of_secret_key": "e9736ded5ba5681ea4a8ddbfb133493e9187292b91b2eb0bf8a9e437d4fc9a0b", "encapsulation_seed": "10ef9426f8c4a13b52325c5bb4ead4596ecf2c6b5bd2d37d8350e90d4164fdd9", - "sha3_256_hash_of_ciphertext": "dc8797dfa40479e4edee48d320320ca4a84c55789c94c34ce4f0a4be83ae0568", - "shared_secret": "eb456d8919c7e96c4e18d7a0ae27d47996e4f94c46c60b4649b327903acdc0c0" + "sha3_256_hash_of_ciphertext": "743a12fc58089484a0e6ecda03b5d87b1a8bcaaa5f312182180c6cc874e25643", + "shared_secret": "50660c9d4acfca69b77b3d43fbce809ffef94de6b046b4c9eb0e09b7ee0fb924" }, { "key_generation_seed": "e9acbb774be970206c3a738e243b420805a509fa59fa902044be2f0d013650d2ded5edaec5de3bf5b4d7c2f2e18e87f499c1968993eff196753db8045e2c8ba8", - "sha3_256_hash_of_public_key": "e78d350d2836d1d17e6ec375a0cbe0d6b2afe1ac036272dd41f8aa769c9d0668", - "sha3_256_hash_of_secret_key": "f74b8f9343146c1551a3cf9fb3d4e88febba4e98db745f36678d854230a8d7f2", + "sha3_256_hash_of_public_key": "7083b34f12f916a56b46549126b7c115c4f5eff17b81ad53eee6f80fce9a1480", + "sha3_256_hash_of_secret_key": "7c31bd14311afdafcc5c0ac3837620ded8276256d11700cfa87ac7273fbf2acc", "encapsulation_seed": "a4bd30a64cbf29a4e290fa1cc1dfb99e68348713041e4409a1af23c5d80c15c4", - "sha3_256_hash_of_ciphertext": "400cda4e51c1eb539625bbe6679fc13b009e72cd442a1385759e7090e54d31bc", - "shared_secret": "3f92ab2eb867d4e2e658917fe95b19042cd768dbbcd895e83b7bfda621fc428b" + "sha3_256_hash_of_ciphertext": "44ac8315e3bd161fd5046b270fef9ec89d0f10ab581ae35b58ac1a8e6787be2f", + "shared_secret": "61ad103cd549561fbea8e9a7527e3913484d17587bd8cb3c8fa1c9015e0f426b" }, { "key_generation_seed": "c1b3cbffad4b306f9af0cdd3028876486dbe858875c9b6497fe20172a986c82b1c96249919cedc2369d8d739ab125e0d2ccb82dfebcd90240a545cdfe07511f2", - "sha3_256_hash_of_public_key": "5820c7564d087683c0a4864844335bcbd62afa1ee542c3c1dcd8b72c80824b50", - "sha3_256_hash_of_secret_key": "11212a895ad32958d25d2ad32e917bd5bfda9dfcf08e316f733b74479469f9b2", + "sha3_256_hash_of_public_key": "d5a0216ca6cb4b8e9443d8405b218e8e434996910f0dd3a18bb5e6069b78e41d", + "sha3_256_hash_of_secret_key": "ed9dfd58fd8cb335050353c06aa20fdee83b0b829e52f0e88ee36c5d24193e97", "encapsulation_seed": "f4b66a7d3b65b896dfe100b2cad24b175a1168cfd2ae11fd704b835f6bcd311a", - "sha3_256_hash_of_ciphertext": "fad3a5efa62eabac076fd38f84e91f3c20f7b263408366c476695a9665972ddc", - "shared_secret": "5890e86b38f7fb11708a63f5e98ad65d10db5916e6669e1b0161142e6d30d017" + "sha3_256_hash_of_ciphertext": "874eee72727114838ba479867850910242e928cf55c4ef5df087dd4a45ca9d6b", + "shared_secret": "6faa40af120f702ce6ab77b8d673984b99928f6835bba2643f4a656ee09ee6df" }, { "key_generation_seed": "ff7495b8575b5a98e4fd21fb4c3e58cbb60f14bef21aa74cf8802e3153f14807bdc370460375a778d1a31d01c42b66367ed8d9e8f84551002f552f0e52102b5d", - "sha3_256_hash_of_public_key": "c56eb5880e9d9d0fe7901747f75eca1996c722ac47b76f34a4dbaaee0ef8a611", - "sha3_256_hash_of_secret_key": "8a90ed45b5910904e2e9f6a6e410d4caf024ef6436fbb75fdd179eaf09f6f362", + "sha3_256_hash_of_public_key": "f38eb0f75495417ad36d1269d0daaf16ef6773b1d6ec9088ccdaede77f606525", + "sha3_256_hash_of_secret_key": "a9343da6b118687345dfaca02ed6ea3f02a30810f7a0cf4e87e011120108a46d", "encapsulation_seed": "1d7b03d3c5eefb8ae5799dc569aa668f1bcb8c86607b089d3530cf61d6380147", - "sha3_256_hash_of_ciphertext": "16f18c8dfcb9aa496f8c6f8a76af4cf2405407e0f0467deb4adb7049595b0df6", - "shared_secret": "3b09c4579ad60b17eba6029141a6d9765e1abae72ec32f1b329a5e2af761a087" + "sha3_256_hash_of_ciphertext": "5420b3316f06f5c7a41ffc5f2c2cf51bede6a2d76dea98caabeeedbab199bdf0", + "shared_secret": "60fd3bb8de18c84fef4b07ac082470ea94707724bdb3a3744a8294372d07f936" }, { "key_generation_seed": "bdc3fba1c32751139fc45bacffb3ea97f26573d804a5f27a459293d95190ed8efd5a08f656a6eb8cd20679930a31caa6a6331c4b133a6838c223ef9f769f6246", - "sha3_256_hash_of_public_key": "717823f0b58cdfacafc795aea529561d11374f02964cf635c27848671043766c", - "sha3_256_hash_of_secret_key": "f3c47ab6b2f2a0962faf49bbc31f3101d6f4b867952aa3bbee32408c1b88ee82", + "sha3_256_hash_of_public_key": "10f39c60e99a2c3a9968c48ad9a4d66bdc13d2b6bd6cc06c19872dfb955dfd66", + "sha3_256_hash_of_secret_key": "eeea88ed273caeb546917fd42f8d4cc3d5ee8b12e7defc95348142cab0b5d738", "encapsulation_seed": "554f3385b382f4a46314de37ee3885addfc5332bd4038785094e0a832e9e8c2c", - "sha3_256_hash_of_ciphertext": "fd6a149b033707358fc07243d95b0256153c30e65cbc9479ce05ad2f96204a37", - "shared_secret": "f15864351fe8e878ad66b402f012668e8bdf21525f09d5bcf4a4dad656d2e480" + "sha3_256_hash_of_ciphertext": "a54ee10f5743596fc74e1db113df2ca74ff23321a04a26091f29d8f1028b3cf0", + "shared_secret": "ea52046e13966f869631a25174239058b5cf832d3ea8f990729336d308070a2b" }, { "key_generation_seed": "447f6076a627bbc5ad7773fbfeb14b4ba9ac43a0f8b99fb6dcd5e452aa3c47ec20a7237801f470fcc2bd9fd7bea8322859b850f7882d362947432913dd068c01", - "sha3_256_hash_of_public_key": "7a13afefbba39ad59c088825380398f43f1251b83b0ca9debba0102f902d7190", - "sha3_256_hash_of_secret_key": "da94e15b824e73150a408df01cf1c5e4128739524831a4c2f45d0724144010fa", + "sha3_256_hash_of_public_key": "07960413271583353ecae73e4b01073ea5a0596a7252a58fb9ee0c3e21a68536", + "sha3_256_hash_of_secret_key": "c3bb8d47a1e44670c3f58a6f9ebf64e74f4611f0e9e6d6fc72cce098559bae30", "encapsulation_seed": "38bf0033b779edf5367d9ebc01c988af90904c560970815837380650e4749eea", - "sha3_256_hash_of_ciphertext": "9193450ad037d38d8e85a46a522d4f6562ef7c7aa1372a2ebbc7ecefd1286bfc", - "shared_secret": "1f1a7f0d0d86a52a6679c431c322263b185b0c90ce40db054928be438f38d47f" + "sha3_256_hash_of_ciphertext": "0122ed21e9ba6ae489439e6777c898ed1cff1b8826d1555d5080eca6fe0bb0fd", + "shared_secret": "65911246b31f72b69db5af1099502977bf056200c713d28fc41ffb81cf591f0d" }, { "key_generation_seed": "2d5df64d62cb07fe630310bb801c658dbf3d97993e68626745de39d37fbfc2b27b534537addaba4ecf14f02ab317d36cb9f0f50222ced7cf029dff8a0d3d2fd9", - "sha3_256_hash_of_public_key": "dd4cfbc29de3568663a3a044c3f897714363b0fdd3b6ee55f796292d34c7c79b", - "sha3_256_hash_of_secret_key": "6142d02fd4501c7bffac124bb8f26813009d2bfb91023a3fadea9506a40e1467", + "sha3_256_hash_of_public_key": "c0216723f9659d2981e083cbd94a6b8d67b645565ff3952bd486ab2422c3a11f", + "sha3_256_hash_of_secret_key": "c97dfe86bcada59aa78453ad7415bc0a9abd4e19fd169d9bbc6e767f183c29ae", "encapsulation_seed": "048ea516d0ebbd9f709b47eaac66f344c571cf50f0d01c9466aa061a50b66a24", - "sha3_256_hash_of_ciphertext": "bb6e0249218f8bb4712d60e59f51cde2dfecfc1f828eff42f2707aa59f12164c", - "shared_secret": "aae9ca8c35deddcfd7dbaa7780fe31c102aa90cc594eb56edc782fdc4eb53b41" + "sha3_256_hash_of_ciphertext": "80309320e0915f70f0c4d524128001b0b47b4a2b918a81e90d350b41229479bf", + "shared_secret": "519e938e10ba46ce96614a4721987cf49a26978ff66fe776d86df11b4405820e" }, { "key_generation_seed": "25056d1b8113bb362dd979d98643d7a7ac9c4f95994c0ba060609b6d07002ff3f48a9254dd40b117941fa35a66bb50296327b725525deef70e128ca8045ec451", - "sha3_256_hash_of_public_key": "9ca90d64e28a5bbc54c36053ed333c530f72549c2afd77b10c2944fc833408fa", - "sha3_256_hash_of_secret_key": "510f84cae4d4307d7848f4c9665061657ae81526139a8b6a4076ad3df919abfb", + "sha3_256_hash_of_public_key": "7217747a04f04be3895e711a81080ad9334e567579107a2ef675e670e64dcea0", + "sha3_256_hash_of_secret_key": "e1678c29ecfdf30919c011d7c74ef12ec8c5bfc5fd25b7ba0743dc5c6dcb7759", "encapsulation_seed": "686c921c9db1263e78ae753b1c9c2e7936b8229dca48c0942c56c6bca4f10917", - "sha3_256_hash_of_ciphertext": "36b3567939ee624d5088c4daa597c73349270a754d3c272ec3ca5e08bf896fec", - "shared_secret": "970fe36e57a253e88cc80c9da6867dd66fd8da1dc15c85a480a1a45eed708ff5" + "sha3_256_hash_of_ciphertext": "7b26d9eb595123551e62d619871d7461a3fc9c1f06e9ff5e9f60f13c7112ea28", + "shared_secret": "516e695dc4f237c1a4b451a67426baae02df1acd1f7f57adb00735bc7ed295bf" }, { "key_generation_seed": "e4d34e12982aeeb1d62fd488d9b9e28557ed3429292239fb4f76fa9098009acae6c45c7fc62329b13c8d29844405db8ff6860de474bf727ecd19e54e6e1a141b", - "sha3_256_hash_of_public_key": "da073c98794493ec169c78eb75a39c1594ccfa635b8707325e0ab6cb8576e30c", - "sha3_256_hash_of_secret_key": "7829ef884941abc63f66889c3d44381f5450de1b95c6b6f79f909d74b27125a3", + "sha3_256_hash_of_public_key": "fe467c500bc35d123dcf8ea7bac85cbe312d3a500b7077f3f2cab56b5b12992b", + "sha3_256_hash_of_secret_key": "6ac91a04136545c6446482785f98d74caf50df6450bd7c90981cd67f1f927c49", "encapsulation_seed": "2387772e50059cabda53cb93ba24b19ae529496c03b36584169451525c4a0e7e", - "sha3_256_hash_of_ciphertext": "43f8a2c466c09c915fdbf0d0dc5069ae5333790e7efce86c163d360dd0fdc0cd", - "shared_secret": "8eb310431276a31c1913cfa2e2d6b0dedc8a208c7470251daebc5b1bb6ee78ec" + "sha3_256_hash_of_ciphertext": "e5ed6db322f02e30a512d80c9e3e69c996250538b35cadea0f5356edc88dab8c", + "shared_secret": "f72c09754b77936ceae9858894db84cf773066ea0b594a297eaa1c2e8429c456" }, { "key_generation_seed": "cd6a99396eb3539ca663a51e42063a3a262cc1c5a5fce1566f0597b52ad9fa325a3407f591791a5db4578b5972093a95bec3b8e70c1d542c9b5c9789729f8922", - "sha3_256_hash_of_public_key": "c2aa254714dac09b9e712572b24154be391063afd3cd8cf4cc4ed8ef21f0cfe5", - "sha3_256_hash_of_secret_key": "2e552fd01c00cf43110aacac37d01c02e5f59c87133e3769d3b2bf0fd2e4431d", + "sha3_256_hash_of_public_key": "bae34a322cf2b60ef01bbc17bea1e9e16a23f36c4c3d7ed1c0502d976e19e336", + "sha3_256_hash_of_secret_key": "8677740355f861f064989b5ad16dcff58122cb4c2e2d53467fab1c9898a0c369", "encapsulation_seed": "155c29c5f0378df0cd0e847a80a07143cf7522fcd880c9229eb9feb1ce340cd2", - "sha3_256_hash_of_ciphertext": "854806aa3266473aa5fa6097095d5f21707ab4df857d927e8848146bc4cc2bb2", - "shared_secret": "425a88aa4cbb6b6de122f1730aee536f1cdb8fc84751fc6eb2b42bcde5febcb1" + "sha3_256_hash_of_ciphertext": "37bc68f32cc83fd680c034488594fe78a442241b1e26bd30019a48f65dc51a50", + "shared_secret": "5cf212769657fbffc33af54b153bee9dcf7a073bd5c8764c04d508448f0128e4" }, { "key_generation_seed": "6c8c53ed6f65e6b2e324b84364e10de42d1c26a106d4d1c99eee79c78586fb55b9402bf02481ce4b27a52e87feb92c4399c7f2988d40e942e7496ad15ad2aa88", - "sha3_256_hash_of_public_key": "8aaca951e0573f28d50831960a28dd11126f0eb080afc55f394e8eaf6379f6eb", - "sha3_256_hash_of_secret_key": "45592f0d94666d8201247fad4d0acdfdb4635a5e4fa85b7e25b2391639451bdf", + "sha3_256_hash_of_public_key": "429837b53bc044a7c2ce503b7946e69f1284a5be8b097f6e22c58091e2308d5d", + "sha3_256_hash_of_secret_key": "41e6f06eeb205a80be7ce4c2f7b9aa56cd43d0d46a57c5383cb5efbb08e1ad6a", "encapsulation_seed": "a9cb9a61a3324b1ea5afe693b32784e2871096b2ca14a11acc9577c52359a241", - "sha3_256_hash_of_ciphertext": "035223323ac02f2a52f9c19da46b31a7e189073fd5ef5ceee6ab8dd1b062b6d7", - "shared_secret": "457efc40f2e99aa599ac1ef92f9efbfc93d17fcd793837857f6a5c91a8dd7da2" + "sha3_256_hash_of_ciphertext": "4742a70abf84eee1f33224e8970985a3a19b75372d18a845b8dd2ae504127fd4", + "shared_secret": "3a89607d3fabf4d3165f3688b0ae0b6eb6f1b4a21c53c6b75425cfeef90e9905" }, { "key_generation_seed": "2107204cd995f1df14314d5381f8c5440f09a347502e161cffc0a2ec3dcfbc7324c3da70fe850e80aa818301d60c70f3038153866dcd5d179e22db59b8991bb4", - "sha3_256_hash_of_public_key": "f15a8fc937b12ff78c54fc273fcd7dd5611e5835472ed377652ae64495f9cf52", - "sha3_256_hash_of_secret_key": "dcdb853d17884fb04396dc10d34bc84d594343ceadda564fcdfa9b4d47dd4e3b", + "sha3_256_hash_of_public_key": "9ce5a577cafb7d5ef62f8d4e4095db51fa5eb7dcfdcbc572875024e761563c0a", + "sha3_256_hash_of_secret_key": "2bc70c0108949e4e8a78b26297ffb975921f9561b25615682a138aa13fc7f4a0", "encapsulation_seed": "e99fbae8a024ebbbdcef32ce213f6aa942e3eca925e5da4c09975d773b33a175", - "sha3_256_hash_of_ciphertext": "a94ff1a0c62792c0e1dbe578210ba5a7f3cf8a9f9763a16362d66a3082e4753e", - "shared_secret": "99b58031465868d0617fa795e6be1c33a870a1e154a85a2bf61346f7c55f3b76" + "sha3_256_hash_of_ciphertext": "903b833443ad71f4ba81952774d1d3ace19f4f419cd36ec226a9602a6211a66c", + "shared_secret": "b9a77422a72a785193d07040c3e562d36406c5125301ba5ff6f703a44cb89764" }, { "key_generation_seed": "63a925685a8ac5bbd918faa33ac397d1ffbcf99135d9da7c3d6ff7aa4c50af3d3afdb8a246a56ee71465591831c371f2eb87467b0559dedd776ba063ee6d2f93", - "sha3_256_hash_of_public_key": "ef7ef8d7d81aa907fece4c1920c7ca9dda3bb9d57f09193487bb89d6422f10cb", - "sha3_256_hash_of_secret_key": "2bef3558b547044290d1232a580a6a473cfcd8d87ced6305f996d4db4f46e6af", + "sha3_256_hash_of_public_key": "0783d9d571c555c109af25029cf5faa10bf8be57626148ee76966388f7a1957b", + "sha3_256_hash_of_secret_key": "d101adf751b9e2cd8fbb1a92204687cd1204b7e8826802bc7be31a4ff31972e4", "encapsulation_seed": "67a216f37d67f5e74f782f1badbce1cc8c80a6130aec305b421899a4faa0a6c3", - "sha3_256_hash_of_ciphertext": "0b60d83d562b66153e07bffb5bb05b7d268351377381b04f1e59201f961f1907", - "shared_secret": "387705c2ed600492a0b06f5587ae3c40be55e6d5592597e57cb8015de9e9271b" + "sha3_256_hash_of_ciphertext": "b088bd59842ace2d0193312ec95547fa1a2f11c4ddf9f2a271bc7692ac18b49e", + "shared_secret": "b86770d1e8242475986327e5c070dd5926baaf2ec90d017cc1e2c8d1af83d9e0" }, { "key_generation_seed": "6a1aee5e708c1b47f02bdacce4f56c860f74fc7cfec1ef3b58285b1c8ad7fec2230e05b7114ff0395cc6634db1eae8258072d09c09f291e92d6620b177dc50d7", - "sha3_256_hash_of_public_key": "99b151aa6b4654589afc36b8343fcbdc09a3e5255b378d6ee5629cd8b3cfd555", - "sha3_256_hash_of_secret_key": "b7a7d95034017d523ae23e29fc400e9a0b320f9778ba1587b69dd012f2aa47bd", + "sha3_256_hash_of_public_key": "c9f63c66089182c0137f996d4dda23bba1dd9360ddb61f816c3f5ac0d4c49242", + "sha3_256_hash_of_secret_key": "9050ae3b945fa900606a71d1da24d0aa4895a1980b6ed9a445bc2c902d739079", "encapsulation_seed": "52b19fea232c9154a3e431e9d69cda40013cf2d485c3cd027ad24e645420420b", - "sha3_256_hash_of_ciphertext": "3a4ba04bec2aee99c5e4e2459f1aec52fc950ab67b61570d57a17c4f3d9031d5", - "shared_secret": "2a426534e3c23e28a237047aec83d24abcef8c7f77d85d8b27aedd7c50263010" + "sha3_256_hash_of_ciphertext": "87088357969288bc4eb6595197e9e8564dad0d631ef0d2d02570783664fe0878", + "shared_secret": "99d2bf8ba621976b78aa1380fdb9a76e5e51a3cab0d6cc209b59e38e1b85fec9" }, { "key_generation_seed": "6396b328b100e4c7f4bcae69875edea1a1982421558c608c13c592bf7b5d0fef1100ced48add211a5c937b8d6079d8e271af3f949edc61f70e60453aef20dea9", - "sha3_256_hash_of_public_key": "339ba63f705606d8c7fbbd6e66dadbf23f532d5423802c836f2105a636e9e6da", - "sha3_256_hash_of_secret_key": "60aa684e7cbf79e9c70504608a4c0f2cf8dc207f71b1d0ef5e3a99013ee866cc", + "sha3_256_hash_of_public_key": "68d276d24d6a0b668f74a9eee1094f7100980cd5ab191264dc86ca4989e269e6", + "sha3_256_hash_of_secret_key": "ce7914dc21e76abfd11a2309404604fac94ce85d6324594d337321495c26b4e0", "encapsulation_seed": "64440adb05db3308b189bf999f9ee16e8ee3a6ccbe11eebf0d3ae4b172da7d2f", - "sha3_256_hash_of_ciphertext": "f5d1973f7c10d3ff7cdb66195ce52e182f40ce5b9f16ef67e31ce8632cf617e8", - "shared_secret": "ffaf18d4fdb39a4aedc80c7985843f6b87a02e36c69dcb00f3cb01a619a77779" + "sha3_256_hash_of_ciphertext": "5b2f1785250f72e772f96ca3d2d99820965187f94cbad9bf1f29f4dbb24527c3", + "shared_secret": "48d6e820ff23d18a3626489b28221139d7f05877f9cca10c70fe501b6e02f7b3" }, { "key_generation_seed": "a453bcacdd2b0d4646009e5ed451c3c45f08fb827ef733db3c517a9dc1af93e67a3cc8aa3239d4c52ce4c95afdeff6efbfacac10d294edc0e7cf4535059bfdba", - "sha3_256_hash_of_public_key": "1f9e26333b637ef9beb8881c63f9412b07c47a276af0e242062a54026bcee2bd", - "sha3_256_hash_of_secret_key": "f7f38ae2caba6d7e87b7bee8b127a9aecbc0b795345952d65bb4435e3720f89d", + "sha3_256_hash_of_public_key": "7dd4a31d305a83e5697fabb60e6455ac74836f27e314af344eb24f49deb9961b", + "sha3_256_hash_of_secret_key": "154088c783a65fc828cad9c8cbfba8314878b2f08ff380868ab611eadad2a649", "encapsulation_seed": "c8bb46b3a7344ad170c2052fb042b5a3b62e0590562ee82577b1081f6f114d16", - "sha3_256_hash_of_ciphertext": "c42f9beac87086ca603d95377c5e539735752eee043653fbacef0d2824b91d86", - "shared_secret": "1b37c256820ae408a0005a1fe7461d54e53813e6e7ad58ca3dde46a53a44590c" + "sha3_256_hash_of_ciphertext": "fbe04b3fbef5e37be07541982a5e430ada37c016a933733c016443d9c1d628d4", + "shared_secret": "8452c98810f3a608492f944192785c59dffbb137f6ee1e8835d1cf5a1b63a185" }, { "key_generation_seed": "47ca2b77c5b717f423222c2730ca5cb9c856bc951d01b2b2c80bd76ccb5539b78f1481d7cab000e33fa07de8dc9627a85e76fabb4428a3376e66300cf12a0787", - "sha3_256_hash_of_public_key": "64b9f8198bab9b3b2f2a1704cd4ddf6b3cbc216ddc0f062a72ef40115917fd21", - "sha3_256_hash_of_secret_key": "a3cf5841bedd9be95061b910333190834063e5cbcf0fd32673f8cf3f6b548d17", + "sha3_256_hash_of_public_key": "012135370b86ad6bfcc4eb9894044dca11d5eaab6caf8798e4496d798f7d4fae", + "sha3_256_hash_of_secret_key": "2d7247baaef746204bb9594f475451b47f9f53b8bf53350bb53ae21ef5d7d65f", "encapsulation_seed": "2e2b70609f3fe029a14d09d5d659871ac776ce2797a0355f16e2eb68f5613fd1", - "sha3_256_hash_of_ciphertext": "056998cb46e48667cb4bda6dfcff9321219b13fb1a682e90bfba6ca025bbe6df", - "shared_secret": "12871c83c35db351c2c0b4afe0f0ce9fe1f21fdfbe8c18a485d5c1292faa531c" + "sha3_256_hash_of_ciphertext": "3064b16e1be747e026d5665bb33cb093ce1155a15ea66c15600c6e48ab763343", + "shared_secret": "8502f3f616159a2072339f7858c74288420ee98612d43a7c8eaffdf595774258" }, { "key_generation_seed": "aaf6eb40e596a5e3e8218871e708b089240dcbe7fd3641f0e5e41e071ce49107e2f8d320ac3cb0c52efdc753282f092bc39baf4a18783a48ea031a191865eb78", - "sha3_256_hash_of_public_key": "de4ce515b882c849717a1ab34f2ac0238c868f415630c1155bcfb302d346dc91", - "sha3_256_hash_of_secret_key": "4b917d9daddcdc932fe0448063a24a592edbb0e6e40b5b53812f20a4cff7a0a3", + "sha3_256_hash_of_public_key": "6ed803f13344c56b643da0660d085145295dc167f9e5129f975b8451c0baa9db", + "sha3_256_hash_of_secret_key": "503da421e54047be5d11aff48955bb3546c009142fe4d7696325e00e9fc2ac2f", "encapsulation_seed": "4725dd8fb314bfd8ee23731c2341dbe114606d9abe6434c471b5573e7df193bb", - "sha3_256_hash_of_ciphertext": "e4eec4f31749692984bee94c59e2947afc769197fc18b20d2e34ec92e7d15ae1", - "shared_secret": "adf49431dcdeb29f729459cbf3c2b94151005c7b841eac921a71262d65dcff99" + "sha3_256_hash_of_ciphertext": "5507ab835727e16403196f1d6d89678f60998115bfefa2d55f2956db8ab54b06", + "shared_secret": "9df5a20bab82e9e81fa4273f9fa61f9b3119fc49603c57d0309875fe2d87bb20" }, { "key_generation_seed": "6500f32c93415cfdbc0bd31d78d5be95cb9060c8cfa2013955b56f8b6868b322393308641a9a4647f230201e1389624a296b55192a9819fcb19ab77c25f95445", - "sha3_256_hash_of_public_key": "93b60f0d00c09af885b5a0cbe942fde6afc4841428104710823bdcc12319eb35", - "sha3_256_hash_of_secret_key": "953ab28bf8cf18e86b8c80efae0bb47582d720e787fd2af27d9789c1ffb7ea1c", + "sha3_256_hash_of_public_key": "f2de14fc5d972013cac0050250dacabf48a7e75aa6b104b3fdaf69eeeafb6312", + "sha3_256_hash_of_secret_key": "e89d33d19d1437b6ddd2c36f1e7312de9c7544b0970d0a03fc7bb65b307b3d1c", "encapsulation_seed": "818d3bb8ebfb32bf464775f7139bac0a5bddce80ec5798595992f9403002cd5d", - "sha3_256_hash_of_ciphertext": "ed5b2ff1ee4222029e7c0d858da6ff1a1417a74a501b80d1b5b6a4941329e892", - "shared_secret": "35e1521271e7ab9931b2c25d75f0f09a89b3f83a6bb62ceb99e8e00c5cf78afb" + "sha3_256_hash_of_ciphertext": "54f148b1433b2fe11052c25a2499a47fe77860f320afae6c291ccd9c3cfe2bd6", + "shared_secret": "44b9a28392480fcbabd5365202ca4131327b953bcae892fa70e7aaebd19789a3" }, { "key_generation_seed": "7643cef2d62cc5aaeecf754653ea62294cd2208e5bf3ddeea209e3dc45373d49eac9d531a532770837a854b4f5531f6e0c8d6c10183b30d3435498c2dd142951", - "sha3_256_hash_of_public_key": "167a2fec4d72cac2ffd844246eebabdac0c074e4f984433744e31d299faa389c", - "sha3_256_hash_of_secret_key": "9afc4ddea68ca10e36d9b12d3c34595912eaafed49d8ffce01cbed09501f7527", + "sha3_256_hash_of_public_key": "ceb07ab4ac0d98f0c46e717b33ba80963b3cbb7c1ca92af96561ebc93a1d7d25", + "sha3_256_hash_of_secret_key": "3b05f4e5131ee068e97b05399c2c8de24ccd9ab9f296113e5656a5f5319a9857", "encapsulation_seed": "c92aa5fb91c980d9cade9ce99d4c75b2ffa7d6a6ff9bd59def1aa701f2a0992b", - "sha3_256_hash_of_ciphertext": "a076b58fa98a7282c2cedc1e93c1473dd15b15c1ecef192955d8a813180b3217", - "shared_secret": "715519f07b29bbecfc0776e35417558e3bc50c76b8da6fd4c99391b7bc7873cf" + "sha3_256_hash_of_ciphertext": "e9ea9f340c3af4ebf224666002ba0b9ce78b30da220a7bc9a85c244a748e99a4", + "shared_secret": "1d66e17254ad9293b69b3a27daf763c95daf081ac0d3301fda9e4c80c2538c3a" }, { "key_generation_seed": "f8ee95521060c03bb8dacc79f7eb7db640f545f315613a35d447a09e504cb4e13fc3d8392cb53f36ed647364a04e37278a0e0a45b720f4a75c580c9920eba98d", - "sha3_256_hash_of_public_key": "955468734662471c953fa516b35b3a53053ff396b7e2798fe07a2ecd549d6c06", - "sha3_256_hash_of_secret_key": "8bbc886fcb7516e7888880921abfaa72823ace9d50cf0afc2f68c4a7c3dd2e53", + "sha3_256_hash_of_public_key": "0c59cd46ea3f85a41faa2e7e6f882197b1e6d9c4608f6da53ae32e69b65bfdbf", + "sha3_256_hash_of_secret_key": "c2f434d6791b33ba27d9182fe9866bdc45363fc3eecd5c326cfb0f54b802e73e", "encapsulation_seed": "7e8086a01dc5b3bb9eda25bcc45d27f99874841b97237968495800e007696ac5", - "sha3_256_hash_of_ciphertext": "87914dbce6a365f7335188d83f2394b0fdafc9b0676c022608401cd93d294f36", - "shared_secret": "5a4ba3737140bf227c0e618f74191b3de1c1b8e24b032036942de66a13ef5a91" + "sha3_256_hash_of_ciphertext": "3446fad5d4343bed981336397ef68076d6e5f407811a5f90cfca8e1dd1a10504", + "shared_secret": "63fb0d287b6bd4ac3eb9f5484195e5dc014dcb96227ed53a90b0825458343b05" }, { "key_generation_seed": "b8bd0493a882e3a49b4e0f6256fb1fea0912562fd9ba26ec3d6c9cc12c8973abd7e4b5d8021c486b9c3114d7cbbeb7cd49eba8a61bc2bcae1f1bef30a1daf76d", - "sha3_256_hash_of_public_key": "f7310c0531060051469ffcd2f88e3200bec6c721bca1fa4c9e7bf1773d7ccb19", - "sha3_256_hash_of_secret_key": "16c976495bbd05ee6715f30a9323aa41ecc320e2e63479148ab3a51132afd7b5", + "sha3_256_hash_of_public_key": "9a27aeacf3b2c7d67d982798b8db46d38a070ea9791d1629565c996ee4608f84", + "sha3_256_hash_of_secret_key": "05b7b98e7719b93336b1458d50915fcb34df77f6c9bfd071c4335ba30fb53d19", "encapsulation_seed": "bb321ef14d44d8698df879fd52450567657f52a2df8d111185dcd7d4f30a72d4", - "sha3_256_hash_of_ciphertext": "37ff2acef57d0665358cc5ec7f489160d602d41c21cbb3332670f3cf0044fc39", - "shared_secret": "87528a4a961de06d5856004eba20a44590a1bd88318fcd1ae1dbfbfd41f152b0" + "sha3_256_hash_of_ciphertext": "b24364532395130a27b30bbf75233f8f5e21f487625a13ead9655fa97511c370", + "shared_secret": "638a89c9132f4bb5c91f20327b6a6892da980dd71210b85e8361ee4579397ccb" }, { "key_generation_seed": "c0407e41ddf48d333978b89bcf2db01e4613425b456249e76a6f25b8a2827bf5b2dca81e3f5f748d23c9d356a2209f6b2d60247b2e45c9808de497f64f124643", - "sha3_256_hash_of_public_key": "152c13a9a4dfbade0f98e8a5136358f69c93f0722addc008952cf72e1bf350b1", - "sha3_256_hash_of_secret_key": "b93c3fb9dbddaa560dd52c6a1c37f6aeb2111e46b7b746419e3c27fa43a27211", + "sha3_256_hash_of_public_key": "6551690ce0c13150e3fe4bf4488a12716ae41ba97a5a19c5f79aef958fdc5e2b", + "sha3_256_hash_of_secret_key": "9b22c44dbc5697593b45dec0a1bd71e39f161ac5d6bc3c6a42bb284198c37bfd", "encapsulation_seed": "210a423dadd899b810f011794b79aa7f860823ac1962370e791287d3a1afa384", - "sha3_256_hash_of_ciphertext": "b62ee0b20daf3a87406f7f8428d6dac79ad5f95c225956a564f896658ed51eee", - "shared_secret": "3652a13e36459a324958a2c45328fe4ca6163ba833400e643b0a6e51bbc594fe" + "sha3_256_hash_of_ciphertext": "1a062c18048287620c01569eed7861d0f777b012d6a367de356da11b4ffad218", + "shared_secret": "6dbdb6721e684477737c6d93a46f236df54ef388042e64137ceb20b65092b25a" }, { "key_generation_seed": "334382d39164d1989696a2ff77b25a28af8bead9883b5365eb6fcca7c1781cc9aba5068af837be962f439f233593d193ce5e08f7d66efb3389885927b89d2523", - "sha3_256_hash_of_public_key": "97e5b18cff525ef46fd8a6aa6e5e4b8d953fe1e67b5771d1b99ff18e754553be", - "sha3_256_hash_of_secret_key": "55102f3a620209b46e41531919a1b6f091c86bbcc5bdcb52b18f9a070680bd66", + "sha3_256_hash_of_public_key": "7b4290aac9f45f161c01c9937d8c80d0c046af66529ef85784291b00ed72c553", + "sha3_256_hash_of_secret_key": "db2d354428b28f64b6fb539f22572b5fdd64d5c998a72439c464094c6e9d46e6", "encapsulation_seed": "bc856afe24213e3d14c3d6f9b89223bbcfb2c890722d770fa3492c1e46d1c302", - "sha3_256_hash_of_ciphertext": "6d20fbb0cf418e91e295f391160df696348b3fa99542d12584c0da554b96153d", - "shared_secret": "c07d965e4a87e89e9fd5db44cdf225b20157a6842e2862ecb4f72d8aac933c2b" + "sha3_256_hash_of_ciphertext": "878b93664e070bf3b9865e39a0a141e8dbc7175a4235e7a3569633c3fac500ad", + "shared_secret": "f450baabaafdf4f09360b861251116f9a202b9cbc578105e0c2235689a593362" }, { "key_generation_seed": "6995143e8eb8a6e93840f76eec844f67d2b5f75b1839a5040337e61f9806764a0f4dff8e56f68440836a072412a30d851ace2c7c6f02d60e7a8420001a63e6c6", - "sha3_256_hash_of_public_key": "7b5c67fa6e0ff374f691540fff0b4d14d4ed8a8a8c48b14b2a35facb413a5ee6", - "sha3_256_hash_of_secret_key": "449e7b1644520512fa25ea48f468ce9f866ea08178e814f11561efd4e4aad792", + "sha3_256_hash_of_public_key": "9f746fa2db59882bf5fce5068668fd76eb4104a839e0476fb6e74147c990dbe0", + "sha3_256_hash_of_secret_key": "1e51985313159004ae5270ab60c007c21bf91ff6b89ecc347262e7618f019a85", "encapsulation_seed": "5fc00f89563e44b24cd67d0ce684effe5731619fd08e7d72e2406eb016afb66b", - "sha3_256_hash_of_ciphertext": "e4f728484e23e99dcd35c5d3ca6d62e3a829e60a784faec5dd9fbb2d0cfa8bd7", - "shared_secret": "a502041eee317af1e9e6f9a9c12cc98415b358ff179d4d64ba5b7463a1f33b0d" + "sha3_256_hash_of_ciphertext": "76a74608aeadcad7718770ffe0ce605e4c2db408e7ab05e148d14302764f2fd4", + "shared_secret": "6847f9fd5f6d4d466e74e5de9e820d151d265111ceecb4c3e25cb6630549688c" }, { "key_generation_seed": "995eff7e0d195c6d0533f3dc194d47e60f9ad14696144cde694d60a95f3e96b4b28f7e7a15a005f92400ce33db073d49b53871594a88fc45e0f94207b5f0f2dc", - "sha3_256_hash_of_public_key": "8e49b73bae3b0285bbe1676eb6fad2641e7354e4c0a4feb0b74bb16708b01351", - "sha3_256_hash_of_secret_key": "23a598fad0141bdf07257c662d22549343a01d75eea9c1ebcdeb4a138c6e215c", + "sha3_256_hash_of_public_key": "ca424f4dff49b1fdd2daed31b550335e1b51ad805aacbd08110e982cfa39cfbe", + "sha3_256_hash_of_secret_key": "b809de4eaaf33b2634c8cbb9dea51de07fdc89017bb09e7e5e2f459c725dc31b", "encapsulation_seed": "ea22a76065db4b565ee1807fbd813b43bde72b0e08407fb867c6a18995025e50", - "sha3_256_hash_of_ciphertext": "cb2c217f6ad9c504c9fec4750db44d2c339017542da415ad81094290006e9273", - "shared_secret": "a354e870cd600e5a5951aad3491c31a80b0545c1662f830d7f0b6d144ed3733b" + "sha3_256_hash_of_ciphertext": "bd455a7bc9d4cfbe4f1f013ff9ecaea8ef734015c88e8fd3b74d82aced0f820c", + "shared_secret": "6d9d9cf40be1ce9b6d16cbc4bf80391e6dd0fff94a8f3df6ccd3d9f11c7247c8" }, { "key_generation_seed": "3e809ec8dd0fec0d911a4e3fac20f70fbb128c5de94dc7184ca7310ae9157a98d8128601c28b1def8d393a0db283229f7c7383152a814e7cefe8ef9d9768c473", - "sha3_256_hash_of_public_key": "f5de62d662f480d4ed8ba235b4aaa4bfff19edebbbfbd96e5a9b7c4e89365c3e", - "sha3_256_hash_of_secret_key": "583ad55aa14bd6a4310d3ab7aa619cf59c93906251f5721a0bf880a866517f70", + "sha3_256_hash_of_public_key": "3bef1bb7af08e62ae7b2022542b1d6e61555c6d4fc7129c36fed2a31634b229c", + "sha3_256_hash_of_secret_key": "928ae410a509eecaec894aeccf742af6d19c570d749d409121f55f184d0f0fda", "encapsulation_seed": "e9602b34fe73ad57f4bf6ead99743d645641553a5b9b9bf2e7016629e3e9bd76", - "sha3_256_hash_of_ciphertext": "a9f97b3e253dcb15c8ef4c5576786d967e504e8f76c0bf46e051b8f123fce22d", - "shared_secret": "cd98ddb938549cc7c4fe56cda7f3ef213f1aea49fed4fb81b940c7e894be1e54" + "sha3_256_hash_of_ciphertext": "39f4143e1f1f4175f292c05c6f9ff720576c1066994619debe0a9b271f715827", + "shared_secret": "41bde508779ffc73ac9445cae93178a76c94cc1731864787b61fb05d6e62092e" }, { "key_generation_seed": "dbf1c465fff3d9f783bd9ee61a573715e45691147b8904439b5ffaa64f94ff7bb6d75eac6c76ced1b0a025b40a55440712ad8424672e761e9bc400d63812006f", - "sha3_256_hash_of_public_key": "ec2fc5834e128c5e1460d8cb0c35ab340d706a6c8b52070a7e41a6405fada53f", - "sha3_256_hash_of_secret_key": "954a43f78ef0b5a279c0d020c08d930cc5e83a385c09afed508f9ef6f1a27920", + "sha3_256_hash_of_public_key": "11e7ed6e44be95d574fc61b193a8c6f257063e1cc581535df4a91249f985bbd0", + "sha3_256_hash_of_secret_key": "07492772a3d609e4bb4d1637ca18574840327c819163479e2b48d2222f367f86", "encapsulation_seed": "f72b9080a6c051bbdb9b0abc1949034be0f89a9f73fe277ec4d4740c78d04a83", - "sha3_256_hash_of_ciphertext": "f137abde6208e2c014a5a7eb1aac7b910a21df3a7dff68dcc40cba4f34b839d1", - "shared_secret": "e0d0d574b1287716bd7e0a44feea36ec28469bd36713fa8a53b0a104f322016f" + "sha3_256_hash_of_ciphertext": "7830aa71d1dd4bd1dbe16d3421fede1ad06b610a4b6c1dc3a1da2e14c2f137d4", + "shared_secret": "e73793295bfe814639ff70d76b5d1c8a397d6821019edf8b8485e92823d71198" }, { "key_generation_seed": "1f7cfd2b70863154e8a69d1758532e86c20cfc763d67c758bd10a13b24e759b5273b38bddc18488024ec90e62a4110129a42a16d2a93c45439888e76008604c6", - "sha3_256_hash_of_public_key": "5e7f49b87bb2319dba8d3485fe814aedb0b43173bc48f3a793554c3e8bf90c17", - "sha3_256_hash_of_secret_key": "74eb7c05fedc78406453b8f021f8a71cce4b3ad0c4d38bc8d581000a38908574", + "sha3_256_hash_of_public_key": "37161ec72128762f73e547d28165a02a931ac7319244888d46f10f15a1d9759d", + "sha3_256_hash_of_secret_key": "7b2ed324aeacc4fc954ba4424dc19fc04e818de483c5965b5205c9c0e27884e3", "encapsulation_seed": "f1e5542190db8ecf4b8d617a04fd3783ad0df78bf8dab749afb57db8321d151b", - "sha3_256_hash_of_ciphertext": "2018b7eddcf255f6a171af914ef44153fd60976c5c7368998a218b1d81e34e33", - "shared_secret": "bd97eac1e35a06536e713a2ca5e71e35277b948172cafef0c35e1558efb61676" + "sha3_256_hash_of_ciphertext": "56eac010976c39eacc2fb050acb18669401c19aed1113f57f90fc54897eb7e18", + "shared_secret": "24895cc54471c7762209dd3f950cf98adb99fbf32acfd52519f89d35a7cdeb4e" }, { "key_generation_seed": "3a19577908efd37697b8edc7fdaf47d1bd3ad01a1b77faf794bee5b9c3192a6fa3729672816f3eba84c9638a79676eeac0f22c8a48e0c5d50a26ff0844c66b99", - "sha3_256_hash_of_public_key": "e3f73c56254fac37209f5a59818fbaabf5abff3320b0b3ee00e20679b5728c12", - "sha3_256_hash_of_secret_key": "1e1cff1c4e09318bdc174bff8ef0817d6e7414355adf930bb35e71a7a0b95abf", + "sha3_256_hash_of_public_key": "07db8e2dd15a3155e48110bd70f8530b01b3c9b100265e679f200c5ce861e1bb", + "sha3_256_hash_of_secret_key": "ec0c72a37a1246be24d8375af854d250886ba7dc5853222ddd6411516afeaee5", "encapsulation_seed": "74efa414ae171bf60b6f884cb7e5ce12028f49365daccfa23e845d551711660b", - "sha3_256_hash_of_ciphertext": "d641fde487a3659350dc41f329e0d41741bd4389346da9270eda4f5829ce9ee3", - "shared_secret": "2ed540764a77b17c6b9608bf86d8d8703f80718044d52dc79cbc1838f91fdd7a" + "sha3_256_hash_of_ciphertext": "2db2eaec38b9af9a8f60de3f85edb147a81314256e2ac9a3703d0cbfe5df0399", + "shared_secret": "32cb949b65d265d2672406bc2d984d35884ef8b7c4fbc7b698e0045c2b40231c" }, { "key_generation_seed": "ae0f65e29f38804a6759f70f4d01e2aaff7fe1c91ebc4f892dd0de3ab2e68ea5e03ff73e02a217659f53d8c47556bf3d8c94040f630d63605e2d0f923579370c", - "sha3_256_hash_of_public_key": "bc0a40ba03d27bbbfb91654fdcfab2dfb3e94d9607b99c1d7da1f2663bfa2598", - "sha3_256_hash_of_secret_key": "dd55c195b92ff410b9ea37577ddba0385bbf067b3053b0a678e8106c07b98c9e", + "sha3_256_hash_of_public_key": "b5b47d79ddaf113c079ffd5f7e3f6625fa5bc21c6b935c0a1f8c51e885d0ff5a", + "sha3_256_hash_of_secret_key": "a6acd69325eefd0767e776d90cfb4a14045b1886df0e42af7d090d0bb5f8fe88", "encapsulation_seed": "0b4c3cffb2ba4380ead13dc0d8acad2356b448a810da1df29f264c44aab6d24f", - "sha3_256_hash_of_ciphertext": "7387b045cefcf3d2c659171ee41acf3857b9f63f1ba20c3f0832cfe41a26ef75", - "shared_secret": "1e5ba1b64fa8ad0494c96ba27e288ee2b479c24634285f8919e58e9b9c8be78b" + "sha3_256_hash_of_ciphertext": "b275d4c4a8953ff39e862f3efa28e0b09ae8df904466f8ae138ee4fc80c97e20", + "shared_secret": "8665fc425446f176436ce8b168862f5357df35b10bdc40009156ef5c1c29eb3a" }, { "key_generation_seed": "6084a235f79dd093ef6d185b54e69df33dacee73a9bf2f379004421a10e3a79d9f684fb055ece19459eb464e91e126a7a6e3ed11ccee0046da234d964c985110", - "sha3_256_hash_of_public_key": "e16da7f99bb7bceb75a6468a921ab9fe53aab2972ca616ee10697c204df1e350", - "sha3_256_hash_of_secret_key": "2db70f5bb4e8927fd7696a4d802817fa58c43f9b2618ed27c7584cce8acf3506", + "sha3_256_hash_of_public_key": "2ac8b64e47ace9bcd950e9927b11007b6de8cfa665def178c2802ccabad0015f", + "sha3_256_hash_of_secret_key": "bed9f996e491adc613f2b3d95bd3a6192d86c6d9e92b8119fd6a239650f4f844", "encapsulation_seed": "1c82471dcdfca3a6942061ab4f3d5bf0d197321437c706d9cccccce449447002", - "sha3_256_hash_of_ciphertext": "0159f5e60336eec1fda83aeffbee92eddfcac6f92b0fef7a4a38fb20d1a771ca", - "shared_secret": "96ba12c7f8a0d864ce1434b789c09753c2d1f7ade6a5a0e679ce2ea0b6d66c83" + "sha3_256_hash_of_ciphertext": "a1778ba772b1e1d6d437153ea0ce9b862e0e5f145dbf3eb78ef5b9178b238762", + "shared_secret": "3aff110a6728373d6dbb5fa2ab0a67c1030adefc1b78c7fbbc3e72d5c58a6c17" }, { "key_generation_seed": "acd1c0217fad5caa4235544dd9de153ab1880ccf4c76f16f236fae4e4bfda04cf03a8abb0a5010f400ae5722a75bdf5a2f6d5b546b34d73857cb1bfc7e587aa7", - "sha3_256_hash_of_public_key": "fb80edf4f67823ff4e53a8963a9c9937fa9f8e014b750e11b4c4bb1a361d6484", - "sha3_256_hash_of_secret_key": "fe67beff69ea75d4953d71c038559591b2a0349ddcdfeaf7596dcd02f57db2b9", + "sha3_256_hash_of_public_key": "1065414e7a040c3dc4163626f3d589ce9934d1687dad9363fc7fe0f29df31cef", + "sha3_256_hash_of_secret_key": "50fe0449eadf5e098ab8a1aa24880248c23116468c0618bdbc18812c53bfbf5f", "encapsulation_seed": "46fe60a18124125ab93e0c578f1c02f1bd1301595013001c7f3c2fa56cde294e", - "sha3_256_hash_of_ciphertext": "6e68fe27fe416c12819fa8a48eb29351d1d74a9200c408b55294ea374046c3d3", - "shared_secret": "07dfc04ebbb7ae537b594210a9180f647d3d385d1c1bb56abb8174111eb246df" + "sha3_256_hash_of_ciphertext": "3f4c82eb2d1f0e8979166e648d53e827952689def870dea7ba7880c8908d4322", + "shared_secret": "da50f540be5c16fae6f864fa5ce3118d327efc33609a9af8a10f8c48928aebdb" }, { "key_generation_seed": "241191401a63afa750f05662e354dddbc683c776ce3222beb83e3cf913d7ed7ca59b3bd23b49a95bc1fad20070fec930b6060bd827d742b077092e422268e15d", - "sha3_256_hash_of_public_key": "d9f630c3838eb161374710d9f01bc70d4ef928fcb1c38bed93e30f3633a05e01", - "sha3_256_hash_of_secret_key": "ca4a4ab954c3a4c8b960fdfb7dd7cf5e8d103f7936f31e720e5043010926829f", + "sha3_256_hash_of_public_key": "133970ebf50f015c58571928cca31d603f0a84b2698e6beb36b378867824d88c", + "sha3_256_hash_of_secret_key": "8a28f2fdd26f28f64b8c4f61c344ecf9729a807e56307eafd82ac5621163328a", "encapsulation_seed": "52fb7cb6a633fd2e83f2892bd9441b48fe59ecee6d026f5246fa7f2a5e55ee3b", - "sha3_256_hash_of_ciphertext": "3b6a1f5d06cd55c98ce6f4dc5b17fce8cb05b33b1d89b618a027e4478d8b5e69", - "shared_secret": "81fdb9267988ad39ab57e2fc8d4c280e0000dac3471b0936083aec68b49fd92b" + "sha3_256_hash_of_ciphertext": "38eb23460d49cb37a41c9c50d6ef7512eff1f503a56c632d326827fb88a938c0", + "shared_secret": "f295340ea250a6a1baeb199ea745ebe5585578d07cd8f579dfe5cbb75f852d9f" }, { "key_generation_seed": "b9a6b0c05677e957d41a34ba03bd06f2a9092e31f63389397d7e70fde6409d18e99c0e7b82be89bc3c1eaee6680aa4efd394e40c2b3f30523c8117f7c26a8969", - "sha3_256_hash_of_public_key": "5c27fa929adc826f98fbf0a7fdce33c8f215b34e70450da0767240741894ffa4", - "sha3_256_hash_of_secret_key": "0116eb35f3138aa7371a058661a92a4bde258f823747b70ad40767c27d7bc7f4", + "sha3_256_hash_of_public_key": "51d50a091fdc9e324eacb8c5582044e0e16efb18341492977e616c7f1f952c21", + "sha3_256_hash_of_secret_key": "fb9b532c1a823ac87406089f5928708f4f5745fa50131440ca41a239ea381695", "encapsulation_seed": "0f81a5f97082121244403da3feeb734f6084b314b8d94beb11627aa6ad1914e9", - "sha3_256_hash_of_ciphertext": "83f17a1e23402e14a58a32343e1083434eb10b90a8080d01ba112b83ba15f7f4", - "shared_secret": "703958ce09d7d6a5bb09e88de8df95c8ee2598544d50193be50534947530fa37" + "sha3_256_hash_of_ciphertext": "33407637b6c52ca8713cbcd5309b7e5d63d7b1c8887b0ab5506843f4aeaa1267", + "shared_secret": "2de1d0b40d434d5266402b7b59baa358ef79a03d4c8156bde44b404a7f686e75" }, { "key_generation_seed": "28a96c71577ba00c94f99fe965bc595a26db2b3ca6ab5cf8e443cdd8462b17929c35d165453e5fcdc6f9df64526d9de698f2bd3e6bac6c7fdd86601b9ba5f4a5", - "sha3_256_hash_of_public_key": "dd8aa653122eb5e3a4c3c877e95e8ecfcfef1ac9e0e6af92cce8ee89d09188fa", - "sha3_256_hash_of_secret_key": "8a5fbb715cf44c86b736227e56b53d91ebbea432fb1f1d6d7cafe42da8457b2c", + "sha3_256_hash_of_public_key": "6e7c2180244cb10082ffbbb0a494d5a9979595e55054ba2c9b3cd4d2710e90db", + "sha3_256_hash_of_secret_key": "16bb4f8f7500929af2822705c7728f86696c3911e37fa861c7cddfc7dc154c03", "encapsulation_seed": "31af9345365549ea0360169ed57daf98cc5444799d4c75d9f1f5d615e9df8a91", - "sha3_256_hash_of_ciphertext": "862f660f11fb4252070e948ea2c141202246d5117ec151e6d5fcd0783bd76bb9", - "shared_secret": "c86d221cbc5ff6a994d9111acbfff23f7dc0cd934412b17d89f0f27e3cbd1a15" + "sha3_256_hash_of_ciphertext": "df3222d35857e0504dd490fe5a9cbf0912df0cebcb0c2d23b4516a2524223747", + "shared_secret": "ffc02cfa2a2fca2b11bfcfe1d4e273eca98ae7ada761ab1860bfff0993590dc3" }, { "key_generation_seed": "c08ba2ef8c3a0a043afad931652d7a19e6e8cb670f840de5f1fa03309b2ca9ec5fe6141a25f7ab9f875f79e0a82d6ea5cde5a017ab637d5fdb7c42646a1d71df", - "sha3_256_hash_of_public_key": "b7c80e434104e9838cb08529592a5f81b0e8ead186663db8facc569b09e75c9a", - "sha3_256_hash_of_secret_key": "c5f84c36f3b8af4b4d90a040d929b116b402840f487d437f9b330f6ff3ec36fc", + "sha3_256_hash_of_public_key": "f4a6a5b6ad7ee1a9c00b029b4e13f35eaa5e0d8e29e1630e4ec8358c7ffa69d8", + "sha3_256_hash_of_secret_key": "b8744fd9cc9b311fcbd44b38bc6cce171fdc51648bd8ecdb788806e411b2d26a", "encapsulation_seed": "774ae54093d694ef40b63b62c73e6c98295f606feb8699807eda1d030ffb996d", - "sha3_256_hash_of_ciphertext": "a372aefe804077da915a423dad55b76ff08a58d222aa66305599ff301128ae13", - "shared_secret": "c0146ba47b3d4178919879721f69ac896d6911d6e86de1e8f05797d467053222" + "sha3_256_hash_of_ciphertext": "8165e43445e3768723ebdb5b30a889fab93d968bb8b7f29593d1270ae8f2fa31", + "shared_secret": "fb1fd6845fa3d004d1bc20286746142ab695769cc1162b637af8dedb799b92b9" }, { "key_generation_seed": "0e3b30e102d707538c2671060f603bb0b8a014103f132d63b09ece07e4a4c75b11eafeca9e810796c34e8cfce9d59342884456007b01ddd12edce6d10ed87e4c", - "sha3_256_hash_of_public_key": "e619285c692532735f1582d227b9a9e77b1eae4aab9eaa79f6ce7ac2fcac8318", - "sha3_256_hash_of_secret_key": "2d4ae4f98c61bd104fbc1ef512b946202f95ecaa0ad7353a686141be5fe18116", + "sha3_256_hash_of_public_key": "feda6a06105c411971aadf2bdb1dca5508a2ed6efc6b47fa1157e3defe424d21", + "sha3_256_hash_of_secret_key": "fe461230d70c176e7f1ab48aa846a814546bbecc739b69f7f0bc35d78898bf47", "encapsulation_seed": "9f27a47604ab5146caaf0aafe6d149424f8d66e39ba3baf5e6c73b19221b7e21", - "sha3_256_hash_of_ciphertext": "462b78ef50b2c1ce761fa7750ab5ed2a7315e474a92ddae74bd23013b0d9ad0a", - "shared_secret": "a33f72941e0947735925e5be668b3481e0cece75ef48ae6db0d66f0fb2ec428e" + "sha3_256_hash_of_ciphertext": "5955cf996fdcce7ede746dfefd98410fe457cc2caa99d8edcd1fe25087e786eb", + "shared_secret": "3afd47ab403f63e4b15081cf8e369d2aad856efcd26e0c5e21c90bac2e7e7ec5" }, { "key_generation_seed": "2478f7d3de6041e7e5cd11c5e2ef483d1aa6218eb126444091535f6ae532fa7311136e2681df2ef881b51a092a9badbe72c9772c169808521c47149578621e28", - "sha3_256_hash_of_public_key": "dd3761c0e96678a959f30997e96d6a59858528c5e10234398e2da2e50ffcc517", - "sha3_256_hash_of_secret_key": "c6f5f9285f93d2ee6d180353799df5fea713870ca06de901e9c12e8a01ead6b6", + "sha3_256_hash_of_public_key": "2ec40df65eb82037e9c78a2c56e27df1b457c5a07320f073e50af9eff265a12c", + "sha3_256_hash_of_secret_key": "d910cbe9fe922779b56cbc8f414b1ed77df2e1ac9a7e2216b4c978bf621d5bad", "encapsulation_seed": "90044031b7597b5e60a4f946b713e8996d0426d2cb013243d9b7d8f8ef159a0f", - "sha3_256_hash_of_ciphertext": "2e552ce25fe0771bfa135939d85bd68ed07959709da470df50be36aa8ab2890d", - "shared_secret": "3d77b9b4ade74443fc573c393b82c0cfd2bc2769327f273c14e66eab9f8d9ebc" + "sha3_256_hash_of_ciphertext": "29de5f93b185432882f638e262772e1155ac7b753aaee72c927025c16e3a6c2d", + "shared_secret": "f2284ed700026dbbd105e4060f057fba783cec693cb8f3b2dbd43ac1210e8472" }, { "key_generation_seed": "9d405d3ebdaf35fa8722de431b669722acaaea2fd10b814310b17f78b66147d16ceb14f7662be0c42779459f69a145c0e2ce9f0bd9a0cd1bf32ed5694cc9ae32", - "sha3_256_hash_of_public_key": "6d9e513a7cd137583507ad7256844bcb9775ca82ef5f411331a7c37ce451181f", - "sha3_256_hash_of_secret_key": "1dd2623a7413ff14549690b642fe90ce16ebe7acea38be795a4936b8d86b93aa", + "sha3_256_hash_of_public_key": "d2a838249b7caf28e67f222ed57f2447f3aef51c0994fbf4b3932ae95d66cdac", + "sha3_256_hash_of_secret_key": "cbbde6da7c1ded26b1db4cb807c5d99a1399f80b3060e689428d06de92921268", "encapsulation_seed": "a7a31e140891ea37d2b6424b59b1f84f89220f32dcb73e037eb912b389d34a48", - "sha3_256_hash_of_ciphertext": "b4c64b73ba056f9ee7c3587ba0825bcc7172a6da749cdd86c1ef60cf84515883", - "shared_secret": "812d6c4becfdd4a95f234e8fcae1d9b316266d1c519545bbb7fab8a19f3519e0" + "sha3_256_hash_of_ciphertext": "70e6ac1c7668285a8384a163cdf4563d6dac4429db21832977ebb3322f4385f8", + "shared_secret": "3dc10519f227454873ebde9b608ad5203fbaed1a29d44b4c556e75218a47ad07" }, { "key_generation_seed": "9a86490f0615f3edf789cb0654066e9ee339cc59f968281f3b89213f83c692edfaeb2ef44d2f608621e831187ce79b2d2f4a20f1568bbe76b0d3d5af36111714", - "sha3_256_hash_of_public_key": "b252e5abf757e116a92518eb72df9f9ce66b07edf4d31be225585a6a827a35b8", - "sha3_256_hash_of_secret_key": "45ac74f2a699f1e3559e2d1442638290029688cec3da96c58ea697e1ed1d4178", + "sha3_256_hash_of_public_key": "ac670f00545ac0e074de0422a500a813dbbd25b9e0f64719af4363ea4314fb93", + "sha3_256_hash_of_secret_key": "edc3684f5a4cb567ff0fa966db8310ebb4beb1cd181c34195d7730a98479f529", "encapsulation_seed": "70eb3f791faa91f1f982fa477dbcddeb2c55691c07f93b04cd31b37544c94b42", - "sha3_256_hash_of_ciphertext": "4dae8b2d08afb311ef727118966c6c17652f1464e6cdd26ac23551d31b013415", - "shared_secret": "c8757f45a1e334ad99a0d2adf12e79ef2bcb96ea1876bc29a4ec5cd660923d82" + "sha3_256_hash_of_ciphertext": "5da75488b130901d419a7e7ed1932f5c2b71acdc56ebb7854de51bd6078c6067", + "shared_secret": "f04ce13f4c9debf1eab149f684f39bc9aa5223cb5db8345b63369312f1dea129" }, { "key_generation_seed": "6dfd9b575872560c7bdc2732c4a28dac4db04e535eb8e402c3dffd145c09ce47a2985c1c4d203778597947d710dec806e36b0cd949fe460ef141213bfc525e5b", - "sha3_256_hash_of_public_key": "18c081231277f424c5f3f1f6b4db91958611fa28bcf09ccb2573da64547e1958", - "sha3_256_hash_of_secret_key": "f32167b39e19dbc0db58a5eb79e735337ffe154c75b0f2c091e009d0cec366d2", + "sha3_256_hash_of_public_key": "1631cb83581d2d33b3c66f9e7e06ed518552c70eccf267add0f31d8b855c211c", + "sha3_256_hash_of_secret_key": "2db46b56e168b69771389f76bf9720a14a3b9cad37a2926726acf21f3f9a5dfc", "encapsulation_seed": "30f4095015ba88b6d969672ca3f438c395dacf7d476ea7a9e805ce932d270a13", - "sha3_256_hash_of_ciphertext": "3a246e10c7c20d77a9e4bd6d3a90d73ae456501dc989210c798293d0b449852c", - "shared_secret": "be765dc236062da9d3fef68c645b9a8a5494c351d37790c1e7cd1089d97971b3" + "sha3_256_hash_of_ciphertext": "652bd99cae2b04f5f3f6f87a94ba5e48501fd7a833e38bccbe49e3af7f7a7911", + "shared_secret": "ba09aa954a79c48b972904b3d3a7dabfee1128cdee6e407b6767fb1660699d88" }, { "key_generation_seed": "6fca9f4e384d8418075cc064c70730801bdb8249899d456a77130d5beeb3662cce7683f8a03d3cf04e46970ff7d6a12494ae12558346dfc8fd9370bf944a0102", - "sha3_256_hash_of_public_key": "0ac7db13184d6ae6e21a14a63a2ab3d6d5d1ee7f4a6011413a0295b752fd2c28", - "sha3_256_hash_of_secret_key": "f69bacdf5992e64369aa4325b70af9f0e8a399cadafe48d854c288cc4eec627e", + "sha3_256_hash_of_public_key": "afae13836d8e9f730bf1ae7dfb2223fd6a0b9c6f0d05060b8e70df3026f43d6a", + "sha3_256_hash_of_secret_key": "4f595b13c6da7adda204b214fbe724d25d5238311d23f1f5650bc00c6956fff5", "encapsulation_seed": "cf31220f44de862e1719570e1b26e897790159366a385452334fe24cdcae28ba", - "sha3_256_hash_of_ciphertext": "d4200c5ed5cb4e30e8e74a5c8c30eacd48014d326ae72f73618c5680f04999d8", - "shared_secret": "e72888e8dc5fe30f0a9c01e2e4599a7046147a81da280c393a48bee1b43bbb5b" + "sha3_256_hash_of_ciphertext": "92a88651ca5037af5decc779fac443cfb81ad01587b9ef18d859125de0991918", + "shared_secret": "4af69fdf303ab72a07b75ea0bca8bd49d27846679ac934f1b47d84ea679aedbb" }, { "key_generation_seed": "e58f71bf175c0550a67e00e0f7b3b7fc36bc2707bf0c93044a492626de36301a7f7054814869cf7625e45647bc1547aff288dbb90699b2ad84893f3b755d9722", - "sha3_256_hash_of_public_key": "27ea5a76294070ab10a6edc502d82be3d240672e5fa61377e73e5e19d11f64a3", - "sha3_256_hash_of_secret_key": "33161a2b269ff022ff4699b05ac7fac1374d733e46800447164d3e528ff89dc4", + "sha3_256_hash_of_public_key": "028cc8b25a75078c9dfe80202673ad40d43982fb7c16ba843828cf2d3355c3b9", + "sha3_256_hash_of_secret_key": "35b530c4aa49062fa74619f8db44634025c8734627fb7617921d5a9d13b6cab2", "encapsulation_seed": "bb5e65669a44e5d5c709bafa98c16ccba6ac2c4ae923334f69a11543eda64f5d", - "sha3_256_hash_of_ciphertext": "8995a8a9b59bd5adbe1fa10cc20da5348737cce9088be7eb0ba1f6215d68b9a9", - "shared_secret": "e3f13c77fa9eb329c218e1bd5823d6e07249fa1b455770ae57b2a00aa8c69c5d" + "sha3_256_hash_of_ciphertext": "93a566a42b8975994e2bac3278707c11162b88f1b4ab8d74c1de7049025fa3ac", + "shared_secret": "ffc3fe6705226234506ded36ab2249dfea6b9d430c6a36e7ea2b53a7677c6fcb" }, { "key_generation_seed": "e3fc575ed51513e62aba655d24cd9c8f1c6c848aaffa946c49a53ac3ea59e474d82c2f1bf2e6aebde5660fa73356982e12999d8fdafbb3cb186341d0386dead0", - "sha3_256_hash_of_public_key": "9898462f05bea461adb40faacdfdde363c06f58bc756f0a8417df63a66d3a544", - "sha3_256_hash_of_secret_key": "e10192b72796b2da465303c0bbe16f1e23e08f9680ba92fc22d568ac84352113", + "sha3_256_hash_of_public_key": "7f98f9d79387c9fc714d8b6967d9a4d3fc42b70e9bf3a92c91d141064bc0b96c", + "sha3_256_hash_of_secret_key": "29394668f440482d6574652b57ed9c2ed7462c9692eb58adf6ae9ce05173b0fa", "encapsulation_seed": "9ddb3aa9c7905d1a438c93bcf78e3e321813580371ab4e1289e2dbf3701972c2", - "sha3_256_hash_of_ciphertext": "573aa757ef6fa5110ba7b948c325718f87c6bc9ccd596debff4e6c7dac1fa8f5", - "shared_secret": "a8498502e012b5cd006e77fcbb9fab801dc3748a0da37587dcd41310fa945e09" + "sha3_256_hash_of_ciphertext": "d5bcd1979e7ffb8a4a4e5f0463bc23cc0bab3342930a3f264818974996874794", + "shared_secret": "c0ffc74903a9caaa660206f54ff6cc5c2e928fc12d07d079f8543e1df5a7d8fa" }, { "key_generation_seed": "470b4943f0fe7fd0d8ec5185aba0d1db09d112934e4fb4787e2bbc6b88466e7b8b2809fd40008be70a6b184981101724bc3d5ec5e1956b510b82fd5ad0668a5a", - "sha3_256_hash_of_public_key": "a24e6203d9b1aa5cd06c44f048da7225e33952617f12b4289494b3969857c2ff", - "sha3_256_hash_of_secret_key": "61f1e3b3a9ce59d25480d88dac106cebc81272c0c9449c9b22048f67419d940a", + "sha3_256_hash_of_public_key": "f4a3d6f2e2c32b72d9919dde7e967db8a0244c9a5bebdc5fa3943b16e14c8f0d", + "sha3_256_hash_of_secret_key": "9a00d5cd9ac58ac41ba4c02626d3e90ee57de66b0fff235ed3a31162ded60fa5", "encapsulation_seed": "26d90b190a6c3d0d9a86cf66005154e7086749e966e7187c249ccb9329fd3b8b", - "sha3_256_hash_of_ciphertext": "7f92312ab16635c5e90a6d41ac65e594e37754359331b0814e09da9c7eb945e7", - "shared_secret": "780b2d0ea585a6ea41dcf43197b9ca4648454e30a3057f0d47f6e79a2bbc365e" + "sha3_256_hash_of_ciphertext": "c455347d8a46af3ca2cc5835896c0712216265b1497ba5bbf0e413828181ec4c", + "shared_secret": "e4c5b2f26118f93f7aaa899350850a7580845540522b94681fe1236f0b70f6bb" }, { "key_generation_seed": "6df4385db978d27b27d2aa5e452e4152b36f097503d9581ac3390105c5727e7dc95fa08ed106ce84660e8a4c90bd2b22634e40769aa0090a101c5dddad45edc5", - "sha3_256_hash_of_public_key": "cb2e9159ab5225a75d02268af2dac89a0afb33fe83a45f552e2bf542868c0683", - "sha3_256_hash_of_secret_key": "d2ce7cdfbe3ac715b2c87b1231fe46d5385a77caab367570a955bb562d23183c", + "sha3_256_hash_of_public_key": "bece5ca55652de7b7f5917be686f171b7ae79cc71abcdfe2e1b687f72ba8804e", + "sha3_256_hash_of_secret_key": "afb4bada4508b4d742dca22986b0a49bd993059439634aa2626bbf4d7a62a604", "encapsulation_seed": "7db6d1a129d6123f1f805b79ad3b413012ea86aed42a05e98e7b1f32f9fbbdec", - "sha3_256_hash_of_ciphertext": "1113b9a38ec4629ad20ecb594b64ba242a5a4db7bdf32914f9eb34ecc76c4a1c", - "shared_secret": "7832b351d71984cb60e6e548e5b4edeedf9749f8b3bc96fd208b6bb557251de8" + "sha3_256_hash_of_ciphertext": "2ddab8f63d385090a48a0fcaed299cc939c216e19918eb8ce3dc387a5d8e4bd2", + "shared_secret": "2f2c8b7bc2d69d8aa65a27ab9a6f120ed179e358e5a7edc9a6f0a6c852cf31fa" }, { "key_generation_seed": "dbacba825728444921b227cdba54446b3f6881b47be9cd02832f78b023b1bee0e15274a8e2bc08fe818b117ba28c5dfae74d54fcdf6f20052f79be333edc8dde", - "sha3_256_hash_of_public_key": "7f8d36076b3a8aa13b633650726f7e907806a0573402ef3af129f611def1a813", - "sha3_256_hash_of_secret_key": "0b38e04daf35259696487ffaad947f481756bc3e94dd1a73b81bf8a6da4a43c3", + "sha3_256_hash_of_public_key": "141216a25195bd89a10315ce19a15765a65eaa8e2a9b73273bcc6c5366c9923f", + "sha3_256_hash_of_secret_key": "975863aa11c03739bc450264ef3e2a695e58594e1a2d59e3c3e21b4b63a156f7", "encapsulation_seed": "1d129b27be7384c359d04311fe5c44917d1fde4bfb57314f483ac617edd5ac49", - "sha3_256_hash_of_ciphertext": "eefa4d255cbd39fb5686d14a6a574d4c75c6b138a45a09cec12287c281cc00e8", - "shared_secret": "468ee020867cb766cd0a9ce1bfe9e7dbb56ae66c131a4540f211837c1779e11f" + "sha3_256_hash_of_ciphertext": "8177914d5ecc8588925343c7b2f4d4e4649cac040a7f629bb151aa3dc3437cbf", + "shared_secret": "921a38055c96bed7e7180d4ebc7eca6aa75192ce81a6a1f46ad73ad668b33879" }, { "key_generation_seed": "690eb71fd7052b906eaec09937a8ed374e0b02afa27c2f14399932be5839fad281c38c2cb5cfafac81b96a810ab749b61806b6d54c9f8cf4bf1be0192423288f", - "sha3_256_hash_of_public_key": "ff2044ee6a3bfd4f7033dc4bbd6283b534cd3fbbf1c4af072fea1ba37d3262d5", - "sha3_256_hash_of_secret_key": "ed62dbd78c007d385c786f2607715a69a44804c4e88111861d175875bc0b09ee", + "sha3_256_hash_of_public_key": "473638d5ab7765f1748d03eaac231bbec8c33f5717af7f95be3666edf99ab017", + "sha3_256_hash_of_secret_key": "4f80d7afd1ba46100276377b3aae1c1d117f18c1a07e2fc05f3bf1d06577fa9a", "encapsulation_seed": "bbc773ebd2df42c36ae05952d6a64c63a5dfb82ceb3ef4f8d4df3a30ec8c0467", - "sha3_256_hash_of_ciphertext": "d16b23897beae9fb1a6ca746d3c15ef52c8ac454cd518d5a90a561cb588a0260", - "shared_secret": "f04a17a3737285f2257a6374a0057776ea24bd731724851d12ac2e06e959fa26" + "sha3_256_hash_of_ciphertext": "9d49af9ab6c3a2b98021b5ac47677e4ca6c0e01225f9e8b8fc266a2a47affbda", + "shared_secret": "218bd3bb5a1fc53ee08c4294c62eec9c99e3bd05ba0c102f8172005f1f2e5cd2" }, { "key_generation_seed": "32e0ea9089fa928482c0770da545af1bb871a03ce38604138b0d08ea2a10ca2bc06c5bef7b6508409daf847a64c8d30d0974fd3ba7476dc76c46b458a036d884", - "sha3_256_hash_of_public_key": "c7ca6ebbe17f30f8ce49e15c40c1ea5456f43624148eaecc9f3018f7beb96bdf", - "sha3_256_hash_of_secret_key": "7886dadfd208ab926afd2376dc11a004d8b793d7a30623df27109f9a4d4b0916", + "sha3_256_hash_of_public_key": "88c5687884496ccbd4372a334045192a50e1c410459f95cc29fb4c5f68401c8a", + "sha3_256_hash_of_secret_key": "e4969f01fb75bdcc6303dd42eae66c1eb61243df224a40d15866276ed78262c1", "encapsulation_seed": "5b17a6adad541efcbf5ae4b0c0452cd2ce32e4f0f8701801c5b63e197c1fcbf4", - "sha3_256_hash_of_ciphertext": "4fdbbb522c23abd8a69c583c2c68ddc28fa4da85a6bf208a22d19e7ef40d98b3", - "shared_secret": "fcfab6cb3daf0c64b4ce007499f097f6421e00905fd4daca7da7a29b9c8f6325" + "sha3_256_hash_of_ciphertext": "4a21b63af1aa34591dbc9a73e8bd73de08db38e6f89c68b8ec8d8e148d13e7e2", + "shared_secret": "c274199ac90600ee9d5bd055de33e12194f275c283dda609dddfcdf251066233" }, { "key_generation_seed": "6fb2ec719f2a0dea152bf3f64b9d148f8ab8ba88f64e61f5db53e12d59f525574f797c007e4061f95c7d56cfc7ee5c49e849dde3fea8f25e7876df2a18515c34", - "sha3_256_hash_of_public_key": "61fb6cfc0f388e34fb28ed783c2733453005eea03d3fee4b01bb6364abc01c30", - "sha3_256_hash_of_secret_key": "b724f25cf64bdaab1cd29c9cd1f8ee6cf4104c26fa3caf53b77d61cb5c35222e", + "sha3_256_hash_of_public_key": "2918142a2fe3109d07b30d97f61948f778aeee6c1f4bca93fc3e85c8f7a1a0bd", + "sha3_256_hash_of_secret_key": "7fac41c1b4302142bf14516ff9e04fc45d080694a2ccb1308b2e0a622fc02195", "encapsulation_seed": "61ab87659525de9656af41246f20e1dbe85c24e335e7ecf9493f46168bc14e94", - "sha3_256_hash_of_ciphertext": "5ce7558ab39d932fd35fc346aaea5aff4bc90e65c17b5760996e84687dcb5402", - "shared_secret": "dbf4cd1f5cddf15322449ddfe147ae0605d0315ff9da6421069b47c3a67a65c4" + "sha3_256_hash_of_ciphertext": "4e821fe341ecc68fb82536d1c04a608bda2ead87fa3943913f1c3e615c2b4295", + "shared_secret": "74d6a6fc4f573043e3085c379d4c809e2a247fa896f1ff1d323c9f3cdd6ab4de" }, { "key_generation_seed": "527fb88c8bd9a4d6031dad15e63878abd2b559e7e08d61f69e8e78fca964ee6ae32d432b4f9f751bde0496c580a181ffed762aa35454a02d3f1f47ee0394c89c", - "sha3_256_hash_of_public_key": "9333445958cf50f9cfba453f058f562158bc253e535e4e2f07715531a1c6289e", - "sha3_256_hash_of_secret_key": "9bb80f6928e0d09847b4c7e77ba6bf2cd0f75bdd147e884b92d3c3f2e9d839d6", + "sha3_256_hash_of_public_key": "46ba08cce40a82de21b6823914ba4a5adbb44127199b72bad20ab9bd5e39e3f4", + "sha3_256_hash_of_secret_key": "d7e4f12363fd2f668b1a217cbf1c4febcd396f8adb044fec29f8b8ec1c56edc7", "encapsulation_seed": "eca2adc3da1fb15f34033405ec08ef2f46163df4bfcccf8842c600ce0bc2026c", - "sha3_256_hash_of_ciphertext": "57651b24ece777c321c6e59ba774951e2a3c4720d370e3af928238ff60c9565d", - "shared_secret": "3f4848a2de1cdd8a0403da22f609809a20c2cfc0ae619be0cac350897fead710" + "sha3_256_hash_of_ciphertext": "b6d6f3fb92c3b89977bf645bd1fa40cd79278c1b62c34d2ae81cc8d490bf5d4f", + "shared_secret": "1adda35e06f93bdd9df93ba0630ab5ff850f0affea21a4a4f4416499691f00d7" }, { "key_generation_seed": "ac6fcfaeeef795b6ef9e062f02bf42975fa01e7d91ba832f74e05269a72684d05aeda108ea4d6c6bc0fb958286850422bc357ca67b83c986048e0d0087fa11ec", - "sha3_256_hash_of_public_key": "ee6cb12a54341aeedc99f1040b01603c35f07c5487ffac7b4fc1925f49026916", - "sha3_256_hash_of_secret_key": "4e498a0606b1f9cd72b9d2493428730712bdaa4a7fed8099b15d9e2873bbdf7e", + "sha3_256_hash_of_public_key": "9fa4388332705d549be44d4c446d8af0c9a58903dd51c55e2d70a91e4b54407e", + "sha3_256_hash_of_secret_key": "5bb1cfedbd23f4b62e3fa8666d03a3fe57999f303106d10156ed940df6789e43", "encapsulation_seed": "c4f15bec2d7701339d0ade4835193bea3632edcf89e74992620d9eb623a0d0d4", - "sha3_256_hash_of_ciphertext": "1fb55bc4e6d95931087b23945ce9448207fbbc14bd284f6bcda65fcf31d68fdc", - "shared_secret": "eed5b71764da1763a01184a1eb51dedb4eaa9dae7890b1c7dbc7e7132c30e737" + "sha3_256_hash_of_ciphertext": "74c4917793f1a4bfba6edb825fd8385ec49ef98ba4d0fb2763a3c062b789c6bb", + "shared_secret": "90f3088cf55b35ea835c7b556c5fff3eb4983cd4b85f3576b2ba5106be28b365" }, { "key_generation_seed": "ba2fb9318d4dbe7488057c33e95e6f054583a2800c41bb83083c330a914a12cfe63f8ffda3565c2424c89b20974b748a65a5aba75133fcb3156dfb6626a83bab", - "sha3_256_hash_of_public_key": "42ad42d6d3b13c72b16287909bc4c0da04900536a1e48a1a28db4f5ee2d2e771", - "sha3_256_hash_of_secret_key": "d6f909b6679487a8718c843c4b894785ee046c4d86ad2794c22ee912113dad1f", + "sha3_256_hash_of_public_key": "8a975b476c316b0c6602a00f3038c1cef0b5d1eed8a554893ee392c1964c8260", + "sha3_256_hash_of_secret_key": "3f7ac95d96cbbe85821f3259785a53eddb526c275cc1801a5d3638f25c766df3", "encapsulation_seed": "28878249e2ac2b6263422993923a0c8bd05ce56e385ed13c943b03d226856947", - "sha3_256_hash_of_ciphertext": "54043d4b2be7ecb264847dd0bcde9076523e798aeee942be82d61d51ef0253c1", - "shared_secret": "4218fc9abb402e67ac946c7a7c6f9029108f67de469e1a9987d570f011b685c3" + "sha3_256_hash_of_ciphertext": "19c26012faf4102167b1a79ed9f780c3bb895032ccc1901a744ad5d8ade102c1", + "shared_secret": "7e84740186a9dea9c979b6933b68d0b9af8ee1d916e3f87df4b1917b7a0c4dae" }, { "key_generation_seed": "aa6dd1e5799cdf7af9c4fc632b3eb9d51d66e85c8e0a21ec98664fc51ab63c7dfda268813efab5204efa60f78bf81d320d01ac09ac06244f7afbd2d80fd356d9", - "sha3_256_hash_of_public_key": "5b70c5bb1b7af3b643588aa7c20567d4259dbe6abd7617a61b48185de8f21e1c", - "sha3_256_hash_of_secret_key": "f03297b8577b131e39946a288f7ca9070e70c1e00e6ff126543556f60dbafead", + "sha3_256_hash_of_public_key": "404c611e22377f1c66fda96a3839f300960315b3292e81af8a7a68cb66742b6e", + "sha3_256_hash_of_secret_key": "12360a2f88f03824f90b447cb276a6866812cc2fc9e86c6157bb6b55d43478cf", "encapsulation_seed": "17fc65f7fbd7c75ceec421dee84dff5a8cb22764a182db17e0ebe857f54d60eb", - "sha3_256_hash_of_ciphertext": "c3d51c14b28feb48ee67945a2f9e2ababb8682a839ca1148ddc99f909e8c0bc1", - "shared_secret": "95a33968866dadc1fd8748768a99f6bb444e3d76a65ec5fee0c8a833978d4585" + "sha3_256_hash_of_ciphertext": "bfb68fa61c915e0d72f52b6f965e76431af7dbda5966204724554d6003d9ee3b", + "shared_secret": "d5d75f5873c5ddfd993ab8b92c6403d97872d0b49454833449a50d35c62d7546" }, { "key_generation_seed": "195d6c86a3df4c21e3007d7f2768b43c74cb3060e0eca77f0a5d3271542b9a84ae77e0f9f21eabd8c0c6eea7767f4e10fde5c2d79b8400bf96b19014b457ec21", - "sha3_256_hash_of_public_key": "01782fce09e644e310c9286f1e381be9ea8c54a1804e61f2958c1f975aec185a", - "sha3_256_hash_of_secret_key": "3d1b220e747de4ca99a9882a00860ed00abcf2e6eea60cba5194977f97c87770", + "sha3_256_hash_of_public_key": "b8f0c8b00c73e9932c2fbc4c725df70077b41c0650a135b669e21b23d9bc971b", + "sha3_256_hash_of_secret_key": "409121ba5acb834e89f26a98528692f9e9db0611e4f86006f4c50149d76780c8", "encapsulation_seed": "fa0489f3730100609488e951e6aaa15c0f193bc1dbcfcd013bc418d6c507b176", - "sha3_256_hash_of_ciphertext": "8dbc778809c9cb1de5301be5bce766f1acd7d8f74ecf30619c398250def57d74", - "shared_secret": "c9423277519ab439fca3f5fab4c29c8123a55eaf37d94d70e27afffeec1b3b9b" + "sha3_256_hash_of_ciphertext": "c034222dceb5bf171125a1e5a007f6cd53565f669a1aa8398236ce42831e854c", + "shared_secret": "14edc3d14c4d60abf7dffcb8419df6b4fb5d45961f2acb3ffa0870e98e33682f" } ] \ No newline at end of file diff --git a/libcrux-ml-kem/tests/kats/nistkats_mlkem_768.json b/libcrux-ml-kem/tests/kats/nistkats_mlkem_768.json index 7b668915c..7292c63df 100644 --- a/libcrux-ml-kem/tests/kats/nistkats_mlkem_768.json +++ b/libcrux-ml-kem/tests/kats/nistkats_mlkem_768.json @@ -1,802 +1,802 @@ [ { "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d8626ed79d451140800e03b59b956f8210e556067407d13dc90fa9e8b872bfb8f", - "sha3_256_hash_of_public_key": "d4ec143b50f01423b177895edee22bb739f647ecf85f50bc25ef7b5a725dee86", - "sha3_256_hash_of_secret_key": "245bc1d8cdd4893e4c471e8fccfa7019df0fd10f2d5375f36b4af5f4222aca6a", + "sha3_256_hash_of_public_key": "f57262661358cde8d3ebf990e5fd1d5b896c992ccfaadb5256b68bbf5943b132", + "sha3_256_hash_of_secret_key": "7deef44965b03d76de543ad6ef9e74a2772fa5a9fa0e761120dac767cf0152ef", "encapsulation_seed": "147c03f7a5bebba406c8fae1874d7f13c80efe79a3a9a874cc09fe76f6997615", - "sha3_256_hash_of_ciphertext": "bb62281b4aacc5a90a5ccdc5cd3dbe3867c502e8e6ec963ab329a9da0a20a75a", - "shared_secret": "729fa06ac93c5efdfbf1272a96cef167a393947ab7dc2d11ed7de8ac3c947fa8" + "sha3_256_hash_of_ciphertext": "6e777e2cf8054659136a971d9e70252f301226930c19c470ee0688163a63c15b", + "shared_secret": "e7184a0975ee3470878d2d159ec83129c8aec253d4ee17b4810311d198cd0368" }, { "key_generation_seed": "d60b93492a1d8c1c7ba6fc0b733137f3406cee8110a93f170e7a78658af326d9003271531cf27285b8721ed5cb46853043b346a66cba6cf765f1b0eaa40bf672", - "sha3_256_hash_of_public_key": "2cedad700b675e98641bea57b936bd8befce2d5161e0ef4ef8406e70f1e2c27c", - "sha3_256_hash_of_secret_key": "0a84cc895da138b944accbef3ff1a0004b8a0d8af5d426d2b82ea4c0e585cc6a", + "sha3_256_hash_of_public_key": "7b00751eb9b1253231213f8a14f06f0fe1b7a4fdb7d1cfe44c161e577e5e8f0a", + "sha3_256_hash_of_secret_key": "3a8c009e8e648ac572d5592e4a92907fae0c1767be41c544b59dc3ffe61f7ded", "encapsulation_seed": "cde797df8ce67231f6c5d15811843e01eb2ab84c7490931240822adbddd72046", - "sha3_256_hash_of_ciphertext": "c15158a536d89bf3bafaea44cd442827a82f6eb772849015f3fec68a29d589dc", - "shared_secret": "c00e4ede0a4fa212980e6736686bf73585a0adf8d38fec212c860a0d3d055d1c" + "sha3_256_hash_of_ciphertext": "bce1bf3450f574130b9561ee11565fa41d599d05d2136f10ad2c013eb5d13ca9", + "shared_secret": "5f0c5d9f39d3e724b5a2bd54e69e360f72ffab5d4d6cc5e572fecba80acd4796" }, { "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345e82fcc97ca60ccb27bf6938c975658aeb8b4d37cffbde25d97e561f36c219ade", - "sha3_256_hash_of_public_key": "3dbc65b722a8982d058e27d409f04f744551ecde9015b62607cf67bb8ececbb8", - "sha3_256_hash_of_secret_key": "0ffced333b5d13fff22b81e66d57b6e2a6dba0285fe2a82d5537df51a8d3eac3", + "sha3_256_hash_of_public_key": "9bda55b63cffa9bf953993918b18cd6595ea6433b479e89b5cd3c9339e4468cb", + "sha3_256_hash_of_secret_key": "d5fc96564df6e53622b2db8295a80a44e3bad7147696e2ad1f728639c98791b1", "encapsulation_seed": "f43f68fbd694f0a6d307297110ecd4739876489fdf07eb9b03364e2ed0ff96e9", - "sha3_256_hash_of_ciphertext": "aec80e6fe21e2616352b4c148f9fa0e30986541fb0969df7873b1336b23a8de0", - "shared_secret": "8f50401bc9b1f857fd870902d4065f6cec8cb825db3eb22573c6167442b6e19b" + "sha3_256_hash_of_ciphertext": "2a8b5d9bdcac1b7ffb6d655368e15148308eee98ae34f4105eaae87f24a008a2", + "shared_secret": "7f3bcc03a35a0030255264914e5d88a0c93611c7ca21f0609678a88ca42ce1c9" }, { "key_generation_seed": "050d58f9f757edc1e8180e3808b806f5bbb3586db3470b069826d1bb9a4efc2cde950541fd53a8a47aaa8cdfe80d928262a5ef7f8129ec3ef92f78d7cc32ef60", - "sha3_256_hash_of_public_key": "94391b7a41175a41c15cd995ebc69c83b29e4bcea6c186611dc4a79578e37f4c", - "sha3_256_hash_of_secret_key": "e3904266e186b34a397014c95f6d314cd6e1c813348b02e977d0fd21d9bb681b", + "sha3_256_hash_of_public_key": "647a81f0f1b3e3dacb6e73e900f7c078cdfaa7119a5ede48c7685fdb7e0fe2f5", + "sha3_256_hash_of_secret_key": "1cf686cb8732c73a38b35d73b0b28fb120bc89cda1554d9f12adedc057862081", "encapsulation_seed": "ea74fbc3c546500ed684bed6fe3c496d3b86d2d6dfaf223969b942e9a8c95e85", - "sha3_256_hash_of_ciphertext": "39fa8e1d0a5e4bb987618734ee4903771886030b2d8bea4b5a9b0cb672ebb279", - "shared_secret": "3221d7b046caccbded38e369625f69bac60c2d7efacad8f24170b10c5d222830" + "sha3_256_hash_of_ciphertext": "1c51c85ce66d80c1f9bb138e5bce84dd75cee4260c8817e06c6f2bd920601530", + "shared_secret": "c630736985fdb7830d7446e18b6b81fa4a707a6058964b99190120de85e7559c" }, { "key_generation_seed": "66b79b844e0c2adad694e0478661ac46fe6b6001f6a71ff8e2f034b1fd8833d3be2d3c64d38269a1ee8660b9a2beaeb9f5ac022e8f0a357feebfd13b06813854", - "sha3_256_hash_of_public_key": "c5dbd68b3a8c148b2e7ac049bb986e14dd1cebfa1cbf3edd6bae85a4d2dda082", - "sha3_256_hash_of_secret_key": "b3fa7958f4b7ccb68712ae948c3f08740c8b89a69e53ad4e9959234e6869d8fe", + "sha3_256_hash_of_public_key": "811aea11a24a4b09e428415f82ee836e930c3b77867aafc5e6728149e3f2bd1b", + "sha3_256_hash_of_secret_key": "6a1ff1351c538a5661fc3576c29408c19f42da3688fa16f9ec5ead6a84420db5", "encapsulation_seed": "64efa87a12cb96f98b9b81a7e5128a959c74e5332aaab0444fca7b4a5e5e0216", - "sha3_256_hash_of_ciphertext": "ca9f95c38dc95f51b6b62ec709539f0d1e9fa64e49ce4ad10bbe62868f35cfc5", - "shared_secret": "1d746afc4160c75aaa6c6967f4eee941e09546a039027f05f0f8a483710ac334" + "sha3_256_hash_of_ciphertext": "db4dedc1e4d383acaf974fb50ffbf881bd3938ad196fb9aebeeb1bf1ddc94e10", + "shared_secret": "41e078d0d0c4fe5df5c6683171d5c1c3f1ef152c4945f9cb299f74278ce4cc4f" }, { "key_generation_seed": "7ec408f52c9aa723d0c41d9987682a5f4ce6c9da7cd0215af60bbaf5484ab353a08ccf451b049fd51d7a9ad77ae14a81569df8c9bd3a8f1ebea86fdcfb823082", - "sha3_256_hash_of_public_key": "62e0447f7b5ae8a806b741ca5c302230b555c3786c11f3eb43894a8f45e3f7b1", - "sha3_256_hash_of_secret_key": "1a3249c268754c86d2e02ba9d87c2b60b220bf2406b71037cfaf6b089477ffb4", + "sha3_256_hash_of_public_key": "76c64235d8bd63438f13dcd038f286b9f4242070a5bec4d8990075008667aad3", + "sha3_256_hash_of_secret_key": "fb19a847c01b5bb4bc607ce0c65e50ca6869946a97625baea129c2ba07e00c01", "encapsulation_seed": "8a95d71228acaa5f9ae6f9d9ca8ae55fde296463b41083a39e833e37c4c90f88", - "sha3_256_hash_of_ciphertext": "ec7bb1327a69aeaf626a76d344be1156eac160262128a64477a194805b926233", - "shared_secret": "722fccef7142c46f74eb57a10b13e420d6554e9d18507f660bd1be96d3cebbcc" + "sha3_256_hash_of_ciphertext": "c8c63c879a7a803db4e5779ca5acb1f16f5c86c38258f583a9f1e43303ff36d0", + "shared_secret": "7da491b5623a43ae17160a54e45e8328453cfe1acc692a1e300906ebd2a1d9b2" }, { "key_generation_seed": "c121915bfef6abdfc177dae2f5a24218f9abda2559afc6741b08e0e61ab433eb84ef52db5eaa6df8ec3a0bc5ffa730db0dde8c5f38f266d5c680a78d264a7b96", - "sha3_256_hash_of_public_key": "0c1d832af7b7282d8bd81a2237107ee60d81e28eb64d6a153ae0eaa1a25797c2", - "sha3_256_hash_of_secret_key": "fd6b5d3f120ca009871ca24552a6118917ea882f12f30dc8097f6614d9d36080", + "sha3_256_hash_of_public_key": "ae654e4412fd220548280b7a6ace9f2f0bc7b059fc103060346e53bc3c3161d8", + "sha3_256_hash_of_secret_key": "9088118150f9137e8ed76eb5e3a706f66f31c570fa7f0dfe75c0e81c4540878e", "encapsulation_seed": "90d79d75d0bbb8921cf70d46bab497022a8e750efdc99e5f1bae653275441c7b", - "sha3_256_hash_of_ciphertext": "da36cb6137a777acb4afbc0932811f75ef1d6732031309ae7e2de1543aaf5c2c", - "shared_secret": "ee7c5fb6a63ace944e1eae1bd4b182263d918754c33753b904853551b2b46cb8" + "sha3_256_hash_of_ciphertext": "2ce235a49669184efdbff64176f93017127735170c2e1c1b159fc746ef30d18e", + "shared_secret": "eeba3c0571fa453fcd9f7f0d6baeb75d59ec9854c12846089d65bd8dadf9f6b0" }, { "key_generation_seed": "d86634ecf96cc2603761e284c0e36734cedec64e7ff486469e38539c71141c5a99daf37400cfe59841afc412ec97f2929dc84a6f3c36f378ee84ce3e46cd1209", - "sha3_256_hash_of_public_key": "2b757ac0425152bef72ed852ab1eb44f4359499407bb6a020ff843a31657c5fe", - "sha3_256_hash_of_secret_key": "27dbbc7918c31e9ab57808f439c4f4189cc318a62422457f4fed733be959c816", + "sha3_256_hash_of_public_key": "6ecea55c3d5c042d2dca3a3925faaa9112561827dceb0754580814a84be19b87", + "sha3_256_hash_of_secret_key": "33448769334ee9aa43d7ac22a003d9ae89a1ef5a9765deef2946c91fea0a1a5e", "encapsulation_seed": "be8a32f97b9a8d596382c02fa2a0eeebc15c083e970ddaa4f2622b91d6718663", - "sha3_256_hash_of_ciphertext": "85efbfd0b096fa921711ea66b17bcf7c9a6240711b38a88830dbd9d716f07195", - "shared_secret": "77cfbdae47854e9e10765cf397eca9ab2bf2b7522817152b22e18b6e09795016" + "sha3_256_hash_of_ciphertext": "14540bfc038f3eb76f418a8851513054a998e16a06f97c117417ae0a35f90e4f", + "shared_secret": "8bf57e5d1ce24e9942b1b3f456d184d4c0937b9b699e69c6524e93e140f39c90" }, { "key_generation_seed": "0610678ff4dc3128e1619f915dc192c220f8fad94da1943b90aaec401683a492da1804ddb5aa9b1c6a47a98f8505a49bae2affde5fe75e69e828e546a6771004", - "sha3_256_hash_of_public_key": "53b9d62e64f9069d9fb94ea2c0806459b201531f4fddd708d162981cc1fb3757", - "sha3_256_hash_of_secret_key": "f4b964b7ab3e09fdf3d91527da06a4d29ef28344709a41739ef56f18bd5b984b", + "sha3_256_hash_of_public_key": "576cb9d31e5146967756cf7356926f2e20fc7c1fde9954cb2f593d96a80ab860", + "sha3_256_hash_of_secret_key": "2031c133d7d85e616d932c6204d7ec0f3bd0303ec609e3c7c08092e1ea443972", "encapsulation_seed": "da2cfaf69e25b2a89ff2557bbb6f69e01d8e2e7bb27a7a1ce7e40fead16f33b2", - "sha3_256_hash_of_ciphertext": "379a57a8f19110d5e0d747a2c184877d71f00fea95cd815b4c0e8782b12bec6f", - "shared_secret": "8be7a417efbdd3587c6f82ddd1d29956789d28c2413b8383590c5b80cc53e04a" + "sha3_256_hash_of_ciphertext": "20e06ce25d864f8e7a80a19e23cee6830575a072476504fd10e37b296ef8de73", + "shared_secret": "2f714d31bbc778518e2b67d264065d9731c12149cf931211e649addd6daf0b92" }, { "key_generation_seed": "d322d56d8ef067ba1f24c92492b9c56df3a6ef54a304adc1b69913766a1ce69756047447b810cc094d400ab204cf9ae71e3afa68b88586ecb6498c68ac0e51b9", - "sha3_256_hash_of_public_key": "9cfeca12dfe978bf0b7ad7271487cf61b2b8f7c60f389f33fc18439a95bcbb63", - "sha3_256_hash_of_secret_key": "a2e37a55c9b80fb423f40585180b011f32402d0320259285b6e278df6c20ba60", + "sha3_256_hash_of_public_key": "3e9976d61a687df88a8abcc6651446b81b7d136df42bfa03473c84dfd64fdb3b", + "sha3_256_hash_of_secret_key": "5da40cacace6fa3712e49ef6700cd819aeea88264e6dc996681fff43d98c9830", "encapsulation_seed": "511c2ab40782322c06111e144e505328c4e5bfc890a5980a2bbc44aeda4c738b", - "sha3_256_hash_of_ciphertext": "44053f01ecb88811b9ee7a9ddd4234f94507c7cf64b6803b28c54bc605ec4e31", - "shared_secret": "79fcd201101e7e277c1b6cdc4475d63ea1dbc42ab94cf873bf0163c2aab0b5ff" + "sha3_256_hash_of_ciphertext": "48ddf3c7cf3f02af111c71607e93922176d0173ec63e890235fe981412824edd", + "shared_secret": "f2c29a0a4782d83f2073c7c37d90556b1a005f072f94063d2db8114430f36c8d" }, { "key_generation_seed": "2f1d8a3bebb34540324b9485fdf3d5be3b858f544abc3fc641b5728cafab03ba8d6c42e7270ee2b77b6045385f3d175984a0e260363166c73b0c70c971644363", - "sha3_256_hash_of_public_key": "9aa64a30bed5aa8300772066ef577f79bf4813e3315a15f2c28b2665e4dc7e2f", - "sha3_256_hash_of_secret_key": "837eb6ce037f235273d7686fd9d01bea14026e0a0f5f943884f18409cc4bc70a", + "sha3_256_hash_of_public_key": "c0cfd4113c5edd408adcd03d38b12f0b6ac17525c618d6d151a761a9eebc2635", + "sha3_256_hash_of_secret_key": "2c6ec490ffd55e0a744f3c506a497cf4af575cce6368bdc3b3bdbbae733fe7b4", "encapsulation_seed": "dca92dbec9b260dd97e8886f876862d6effc3b91fcf3fbc986cf56ab93ae79a2", - "sha3_256_hash_of_ciphertext": "02798b5af1a76a2b478ee05c630e62618e5e2d7ee0c411a82ed2bf888706fe28", - "shared_secret": "6c4484b6d7b0a376f52abb1811c712368a9f34bd108ffe7ca31c36a6ec8140f3" + "sha3_256_hash_of_ciphertext": "b6ba4dfdae02842f96b915ea0ebd1c97972c170cae975c89c5fbf26cbe9a52d0", + "shared_secret": "13c99ded4db3e6618f5927d58c89afbe83c86a86ac2073421b2560b3f8be5aa3" }, { "key_generation_seed": "31beda3462627f601cbc56f3ddf4424e1529c04737ef0ef2af6d7401f653b8a1812083bfa3b670e3eaf9b443702fb6db16ac1197656bbd61a8e25ed523b8d1e5", - "sha3_256_hash_of_public_key": "241e5c7b836862d7482d507973ae3fd8dae96eec4ecebcedb68fbda75e04b401", - "sha3_256_hash_of_secret_key": "95c79c2a867b3e8a4e4e545ff626cd49893b8e87eb188ed1516b159a24736c97", + "sha3_256_hash_of_public_key": "71c5534bb819e61a9d8a257ff2eb29598ae92eccfad38abbfc9bccde5ff95a1c", + "sha3_256_hash_of_secret_key": "107c5ef0842d1dfda257138d681ad7e1390e12c697111a2c804d8f014361cb4f", "encapsulation_seed": "57c170e691d7a914a901b9a11c62b8b569b3806427557a9dbac9faa720ec3641", - "sha3_256_hash_of_ciphertext": "cf3b2e2dc822949eb13638299fc2d5102c7132aa6cd54dd7834b13f05a4dece2", - "shared_secret": "8554d6af350f13471cfd45c23882e43dc81d8a094f6299e2ad33ef4c01a32058" + "sha3_256_hash_of_ciphertext": "671e3c316d4d8411237db4383fca82f76692867e9f6d15a2b82b17d934392341", + "shared_secret": "83302cab48eb0832bd8df0db3fce81595754772e4c951c444a1b2ee9f58c48c1" }, { "key_generation_seed": "cbdff028766d558af4466ef14043a1a9cf765f7748c63cc09dceb59ab39a4e4d8e9a30597e4b52ffa87a54b83c91d12a5e9c2cd90fcac2c11b3a348240411a4c", - "sha3_256_hash_of_public_key": "6ad1d739f1598a16c608a240cd13dfaf8263d74866315e2898a3431cf19e4685", - "sha3_256_hash_of_secret_key": "1ef733faa4f2cb53cb5d8975aa6797b5f37fd918aeda02178a40584475cdf667", + "sha3_256_hash_of_public_key": "4b53b4aec0d9f86a6377c63ff80150e40fc5347714c07591dc71c6beb8daaafc", + "sha3_256_hash_of_secret_key": "ed13d2a9ae5541b3fbfa19891b8c8a9f4f0957d940eb5d08ee0cd18cfb28e7a4", "encapsulation_seed": "6b5a14e1473abf5a33d44975ca2088bd8fa6fddcb3f80e8fd5c45b9d90c24a5c", - "sha3_256_hash_of_ciphertext": "1706e6983032950b47cb6c8586178b42d515ce929c1434c1a8c9e36d8b4db7a3", - "shared_secret": "f9646f73de3d93d8e5dc5beeaa65a30d8f3a1f8d6392190ee66ff28693fbadfa" + "sha3_256_hash_of_ciphertext": "b83f6022179a08cdadda2660f8cd7cb70df4be0be3ad85bebb090d086079b1d1", + "shared_secret": "93ce6d06568d795c2a28d1196f53cbaa2cb05df1427ac76f44df09d479e14241" }, { "key_generation_seed": "4c04310bea66305c6ca8ba6b8f61ca96257a67663afc11761f13fb5c7b324b6b8aec87a9a79204cee2986867a2906eb851b734b8b22b91d6749b1a5f07c44e3b", - "sha3_256_hash_of_public_key": "9510a2a0b4fcbd414fc61aff04a8df579660d14b13c40ec0470c45f639b65a58", - "sha3_256_hash_of_secret_key": "0bcfa8078582f60e218047d0016437601da8431f34ae6da12921f53958f32819", + "sha3_256_hash_of_public_key": "c2d52d0c837eb40dac0653a5e862d9fb8b832629cece9eaeb6d5feb48b6ef5da", + "sha3_256_hash_of_secret_key": "73ee0632229d740dd746e3ef7f0f1c29944dbc2d8f39b7860807c41c18bbb3af", "encapsulation_seed": "40e593754e6eddb7f9cf176ba2d5fd1087c90ad377556d0b0f686537b1a3165e", - "sha3_256_hash_of_ciphertext": "f9341d26e39b38a88ddef1708c96ee2068f569a59a4010745730d8290d637718", - "shared_secret": "1ee252e97b69445f7f109187645cd2879f55e10eb8361ab43b3492ff51f01815" + "sha3_256_hash_of_ciphertext": "3685126e86797a881f3bbee0eb85b76d755ff03858735c326731b8d802f023b5", + "shared_secret": "071db527a2ee8ce982527cb19355793859bb8557e7cc99dec58a53153eceddf4" }, { "key_generation_seed": "38a0d5f41d7dc1896efd1b45b0485634cef149828751b96087a0a6dd81b4d58aa2acf359556df4a2abaeb9dcee945829beb71185b4d6bd18b76e5668f253383a", - "sha3_256_hash_of_public_key": "cfbe9649d9d1c384baad67b91b2f3e21f2fadd6bb582a0b9cb016051dd82c75a", - "sha3_256_hash_of_secret_key": "09b118f7c4d059baf27284d127d4e85d55b84e4c92bf3127eeb318d2f5765401", + "sha3_256_hash_of_public_key": "4ff02338c9bb711d263140c471409f3c42813f38424698563d9550f85a168f2d", + "sha3_256_hash_of_secret_key": "3c89443dab5ce46f82f6b8260af0293ea52a680f1c4fe5e042f0aefb707526f3", "encapsulation_seed": "c152523abd8248bed40c3827bcf0f8e8127037a55c780695e2c28ea3e041a44c", - "sha3_256_hash_of_ciphertext": "94a8c287238191a107e74e31ec099086d83f198e6b0f3321da4d8f46ce01a0b2", - "shared_secret": "1e1ea5d6a18873c5c7fc8da79093f6d3db5b28fdd0aaa42726ad130c78e9bb88" + "sha3_256_hash_of_ciphertext": "b20e28f42ee5cf5569f1833af90334952074dd0ea0c2520f03fdf0fb24c17a64", + "shared_secret": "598bd66a4a063652b2a6b25b8d1c3bab0251682ce6c362a8c680295f47f3d6d9" }, { "key_generation_seed": "97b5665676e59e3538ebadaa8cd50df1f9fda1502d9894c616a946078e56b621df05318b5f655efe36f1b678cf4b875108a18db2fa312261caf839f84bd956c5", - "sha3_256_hash_of_public_key": "a19c2c9c907b129d01cc44a95949121c39534cc98b6d105e60fe519a000cc2ae", - "sha3_256_hash_of_secret_key": "f1c00070780a7a2ac5b57ff3ff765ca75278bb661d1635cac92792f9454fe8ba", + "sha3_256_hash_of_public_key": "bbccdbce67cf49fea044df5c767996681dd2714937d31c822f3c58cc34785aa7", + "sha3_256_hash_of_secret_key": "64fde53d297945ef2a0af6ddd044520cff8ec1388aa471e47ba4299c2cd46da4", "encapsulation_seed": "ad6466dd59f26b762fb02b19eedf5f79964da68bce0459b91c3a6ee5a7e01183", - "sha3_256_hash_of_ciphertext": "56e0b8ab3b302fae682938a45d9931e092d78877d1f8834bb43cd5c85582a205", - "shared_secret": "24619bb17c912fc992bd8272969cd5b6fd6b030122ee5af9365cac8b38e569fc" + "sha3_256_hash_of_ciphertext": "6f4cde00d3775858761742957833fe632e3d3082a9a6180477291bc23b682674", + "shared_secret": "92bd980f79cbb34c67594c6922549b99962e54d388034ea61f892fe250581c4e" }, { "key_generation_seed": "ef99224a03a85a46ef115474ec5b5d620da6795d6efcca4c9135d19958a9de62df7d92dda83e6b2ef4cce08c9134563063068a196d7b1a1a13623e48ae12528e", - "sha3_256_hash_of_public_key": "e4174b6e7542fbe80ab2bc06dfb802f691aff147ff90332d5ea739216c18d872", - "sha3_256_hash_of_secret_key": "f3f3a292f5cf01d6f7266461c9e8cd44bfc8f17e16035ab8d10af8177f389b86", + "sha3_256_hash_of_public_key": "3ef3581d438af7dec621304e0091f797346ca18a41f39401e9d03200ef48beb6", + "sha3_256_hash_of_secret_key": "299a76e97511d90f7925100db418472a9c3c12d6d48acf03618a6960998ee733", "encapsulation_seed": "1a4d5dff5847cfb48333e33bb00ca7301b144aa89dcd412ff5a3b1081d775b7f", - "sha3_256_hash_of_ciphertext": "5f878ca21c8c27ae9c41c43aaf1f3a2af62c73296e165c08b88c5b22592867be", - "shared_secret": "a990af801ddcf2009c82fe657fe3f068bae7e6bfc661e3e588354ba7d1b176e6" + "sha3_256_hash_of_ciphertext": "4ede793372276800e22c1893ae554ce0b53e413fbbc3595e69feadb2e1f6d57a", + "shared_secret": "b7325a08fa617e19260264bb02ed6b8ab2081589fd5dcc1e92b9d0d4ebfdb6b6" }, { "key_generation_seed": "b12f6fd965ea9c5b947db80fc60c83d5e232dca82e7263027c19bd62e5a6ff550f6aa3e88f7fa8a96067f8cdaeceeac90c2d0b5e277e56e9c405ec9420c30252", - "sha3_256_hash_of_public_key": "2006a70fa33ff4a65b00553734c5bd8cca0a65eb3a115d96b8aa90f8fdc5f8f4", - "sha3_256_hash_of_secret_key": "7334d4a1755e1e639b3e9eadb5996cd910b55d1de5790469f229231d3bfb1528", + "sha3_256_hash_of_public_key": "fa06bb0ff42f4d610a7b3df7544d66b97a486967cd9b62ba0142ebb10b8ee4ee", + "sha3_256_hash_of_secret_key": "4dcfc0ce12c4e87f02c616a8fb18c359cae017a2f8d339623a174dfaebfad98f", "encapsulation_seed": "34f44ec2092eeaf686f2ea170591a98527cbb03a4fa9477a7aef6b41a54feeb2", - "sha3_256_hash_of_ciphertext": "c2079637916c089b2afb9d6e9c6fa51308ab7720d5c2fca484c34ce614a14fc0", - "shared_secret": "11a2ceaa0c77f0602c4b2be3499e6df6b0339d9de90d04b2b12829f4758afaa5" + "sha3_256_hash_of_ciphertext": "591bf77f74463c50a4ffbe97c892e11f3cf7601813b7ad83b17038a173e21442", + "shared_secret": "b400082a764291666c080ae9ea9f22c383f3c1e87b4cc56775a19c8ec29a4157" }, { "key_generation_seed": "9f52af92ca165fdc38788f2b59ba02e01c8281ff7c1e60504688043a5fe814b04f3029e1be4e1c0258c3a22ff5b50b2674cc094ba7018da2a61569845c17d26f", - "sha3_256_hash_of_public_key": "631e1de2556ae65d57e600c21e8e355a4ed586d667177ca0b7545cb5a23d669f", - "sha3_256_hash_of_secret_key": "3d4d2c680a1e6aa83861ad95043ded260e720ae80060320feffa309b4281ba3d", + "sha3_256_hash_of_public_key": "86538ecdf65b7a485b73a34a72193af1ea3f884d820463601c7f843672bbec7d", + "sha3_256_hash_of_secret_key": "70e91b44585ed93e802868e0bfe88f68995f3c85d25c2a36b0b7d8de7c5e2f8d", "encapsulation_seed": "6250c81126572eec2da330271db36ee591f060fc7e53eeefe2e1c476c675fa33", - "sha3_256_hash_of_ciphertext": "2e9d6551050e32e204d7c062a4c18b8abdb91346e9f2c2708776827e0be4c514", - "shared_secret": "7571990ef1ef7e15cc920318fb75fd38c4ceb9abf7a4b1adc2175f99d1a0a275" + "sha3_256_hash_of_ciphertext": "83754e315ef22788354c1ec632429566929f9bd53e77d1d2cb52005274f64e1e", + "shared_secret": "03c7470224ba22fde280005d9a8f8354c49459e9a168cc282f9d41f4f0d2da2b" }, { "key_generation_seed": "851ea90fd3854cbf28fe39fb81f68e4b14345cf0d6eee7ec4ce772513df8410d1c0ec046899a777655233e4e1b5ca44e9afbdc67964bfd5d5e3dbb45e60d03cf", - "sha3_256_hash_of_public_key": "87f3829eff562789b3e19fafec92e4b5f95b45f3786f12d9c24915ca484a49ce", - "sha3_256_hash_of_secret_key": "9aa6c0546cf02085e2b3af65a7d7fd32d0f6d8080e1e7fbff6c39bcf3086ece4", + "sha3_256_hash_of_public_key": "27757389a4a68c898dab92d0f63c3340dfba51e00312a05e721932b95b11f6da", + "sha3_256_hash_of_secret_key": "b43f88e419ae589b85bb0ec6c9712d4870dbaf35d4c96d06ef0f8b9753b60034", "encapsulation_seed": "35d470bcc5880872754810dfb3f2796da2fd7f397537146f6488c27804072b34", - "sha3_256_hash_of_ciphertext": "14da42e207477f4383faf4004e58675f0380e7d621421b3c36b877acf3a45d5a", - "shared_secret": "27ba4cb50ae44cd938585e0a4905d76053dd851e5b6af4fd787446079aa5a4ab" + "sha3_256_hash_of_ciphertext": "0eb3d2bc103f7801dd8e002c6cc81bbcf11e070f465aba9b0b725fa9454acda7", + "shared_secret": "c31f7372e8c194a9589042477f34da3a60d591ea65e13bcccc07ba59402ede6d" }, { "key_generation_seed": "d304c9389cc973477f169788abcb9d511f843219d246a9b587822f422a70c2386590a2e5c7ed86cf2c5c2a898662bc9a81418720bbb632ef9cf0b845ed052d73", - "sha3_256_hash_of_public_key": "699fb2f061a75f111f4a7a60195d9045dc01716b6502cc107cbcedf122e8f619", - "sha3_256_hash_of_secret_key": "421f16805b1ceffcd64128b1296521ef812d3a8f4c5e3875a049f8de456b021a", + "sha3_256_hash_of_public_key": "efe6e93d8e755292fa875609f2f63bd194c87e6f04db7c83d8bb1b9d868bb779", + "sha3_256_hash_of_secret_key": "f54233dfd4679cbd6eb6f18c0615745d5b4fc2fefade52d966bffab6f0cc259f", "encapsulation_seed": "8d667921c5db401a86fe1c35dfcf164a6bb2ab7400fd6a0b67eafd4a0ed11940", - "sha3_256_hash_of_ciphertext": "b2485ef56c39d468193e387e72794e0ddc9b5404c1a6d90c3b94a5f3e13ba7b4", - "shared_secret": "d17b2738213a98f29ee46747c93308ee7000fa404b9a0c1acf3f89654ca2446e" + "sha3_256_hash_of_ciphertext": "942f3cd64ed1b2675f9f9823c068d59b2e007e66d38e06a2e4558dcba7f11efd", + "shared_secret": "9dfd08dbf59350ae2308096f935c6767daeddeb2c6997992d4a02c14b0e58c60" }, { "key_generation_seed": "89a6e3be304a3518fb82b18ca730f0b359cd6ba90664a493fb4f8edaf965b9c3b6591121e25d64010c25a18676033e1d7278ac5f2d0b43a31f3a4156ae710465", - "sha3_256_hash_of_public_key": "d3413880d082f26986fcf452a84a8da934ed06198b290ada1789e74d9081a9e7", - "sha3_256_hash_of_secret_key": "7b546a42ffe6b65cd9c5b8857c2518f4f8e0bf835c894a68d1743691fc9aad9d", + "sha3_256_hash_of_public_key": "87ada29bf78a689417b645fe127d124339422be80a993e623d13bc59f3406a6f", + "sha3_256_hash_of_secret_key": "6b8d44a2a71f2901b7ea97bd24df8d46041cd9ad4f0bc5d42ca27ee44981f740", "encapsulation_seed": "ec750b3939385a3f8df868119dc76f77ca845567ef068de6ada5478a56bc78b6", - "sha3_256_hash_of_ciphertext": "8290f3c4bec7c3b93f3d26e0be3b3fbfdd9c3f5806188fcf0fa1339133f29c7d", - "shared_secret": "954af53b4add522514b34cd2ab96669a76ca13f82aa2fd70826bc8ee790ccefb" + "sha3_256_hash_of_ciphertext": "aa86248e7e906ff3072a00647cbd3f6e5d0f3a4ec40efa6deb94b2df901d0097", + "shared_secret": "03952e1a4915d112b87569d1f79a39f5d69a8dc11c96d70c529d2162a6024dd7" }, { "key_generation_seed": "d569b935ce015c85f792f8f7fb0d83c4f53b492959361dd4f75fb764d656450176eae84d11c4528382828f7a689a0d5cff87b8ca0bba97feacb39b935a8788cb", - "sha3_256_hash_of_public_key": "e6eec2929feac2a86c9dacfa6214e2e353fda2d547c3829f5678025ff8418a1a", - "sha3_256_hash_of_secret_key": "5fac243c82807d7357a61023226a7c270525d96932162ca5c09fc8f7b9ec6cb3", + "sha3_256_hash_of_public_key": "0c87bedd5c16c32cc3867910f734bdcf09869c7604a59ce36660074f561e12da", + "sha3_256_hash_of_secret_key": "a72b7d93adcbfc6d89485fa923a4b1095e3d593916496e521187224efa42ffa5", "encapsulation_seed": "74f1d52af09b12c36eb062ea7528550cb4c18a3ce8e4f4ea9fac43ae383bc925", - "sha3_256_hash_of_ciphertext": "f1b10c800a42ae606c72eaad76accf059cccc02299fbd78a5d091f183f6c3f0e", - "shared_secret": "d0bbc576fb1aa43b6e76db0e87bc4ee3fa057c31642b37f3339217a1b041b521" + "sha3_256_hash_of_ciphertext": "7a75e486cc2dd3ffab4b1072b4056de9a56b55cf324e58d3f6cfd031a0dda594", + "shared_secret": "6d2e1f456c87d5a3c79456a6d35fda52f3e9cb858f85a5f7931f532fffe26dee" }, { "key_generation_seed": "5cbb141c2763425c274f7404fe530d9116e08c33f9f200a20b011cf563a28990fc9ebbe336dc464489861db8253606971bd0a9008a433ed17752d04023781552", - "sha3_256_hash_of_public_key": "c74f3b7fa6e2ef8ce99508c89cf3c71d666ab065a262581a5fb01b2c9b9444fa", - "sha3_256_hash_of_secret_key": "5c6998a20960109a4c9808f8f8575697b2b8d18c44c7e9dff97585ae43e6004c", + "sha3_256_hash_of_public_key": "9a9a59f83fc58d7194ccc92bd78a45f97f721a1eb554499d0e4d5b37aefc23a8", + "sha3_256_hash_of_secret_key": "ea5ce3a271f5e46f925259832d187a3c893e8088b76c19c93e0e798e4320d2fd", "encapsulation_seed": "4b3a70d85f640d1a2a852fb6fe96704af56a7415a8ee4282e9207bc3a2dc116a", - "sha3_256_hash_of_ciphertext": "e9ef0852ee47744b8c3e12cd728d9017465014eef51edf83a4502cb5218cee20", - "shared_secret": "91fbc37d4749ec6175c12f0d8eb6b6a8621e693c79f85f5cd2f557cafec5e7e9" + "sha3_256_hash_of_ciphertext": "d71fc29140e8725a4c4e8779d0ad3007990e08b1eb38856cc56f522e3079f601", + "shared_secret": "5c7c5cafe1fd7f3d12431ae93815c03419ff95b132caf568671ec23bdc74381c" }, { "key_generation_seed": "293abb6d1c207927945417cf84883ef010823e11b487ed55239e466e83696d0cff8563038aad865a817cab9ce98846ba75be9363718ecf5fea538aea90b2a558", - "sha3_256_hash_of_public_key": "7378ef967195c977d43a50d03205044006715a6a8a8263d717f40170b49e6bd0", - "sha3_256_hash_of_secret_key": "30bd5f16c3f242248a4c4cddc43508bf54535958657bda4dcf105216ddf47eb0", + "sha3_256_hash_of_public_key": "bda0815dd53b263afcc1f71d2501128c41fb3606af71c5e68f0752c6d3a479c5", + "sha3_256_hash_of_secret_key": "d502e7e6df2d84e46cef88a84c53f1fddd5488accd5e1e43aed5f4f08e16a8a7", "encapsulation_seed": "26e38ac804fb5b4d59ddf747715e7e6041d875f99c7b638024b4af82d622da60", - "sha3_256_hash_of_ciphertext": "37843616c8a4f7ea9480740b6624f41650da2bb1664cf228d85d6d71a0624528", - "shared_secret": "d586b441b8eaf7d053cc96b6835f093426677a7c3acc51aaa3ddbb66dd14a623" + "sha3_256_hash_of_ciphertext": "8d4b1f3ee23ceecf073d6576609767401286da5189a1b267bff30a710a69e67a", + "shared_secret": "1427c322f72898a0fffd13f674719c9288d524bdd19e6a362533c1108e3a6d2c" }, { "key_generation_seed": "74d87c7556f2671f2d666854a4d6e073e69f35421e6e1a428cccea49c37f972ce1fb7456ac0aa1b97068f452cba64ebdc138bcf5d36b0a0fada2a3b374141eb9", - "sha3_256_hash_of_public_key": "16fe956be4601573d72306a251f69bc2181253e2417e178341fd6553303ac189", - "sha3_256_hash_of_secret_key": "873c94f8bee9fe37265d5dc0c5d3bc1c706057c7efb3cd2cd5ca9ba45498d0d1", + "sha3_256_hash_of_public_key": "e3e96e658787ba3f6ffb47de56322541a2c81f68e2825c74cb75ab01d4b719d6", + "sha3_256_hash_of_secret_key": "17f821aae147fa517cf35169f9d0b59a30ffdd0ff8f46c1c9bfffe6791392f18", "encapsulation_seed": "a319d2b8f114f1acd866478bcdeba6fd164dc4e37b0adfa8d8034afb3e197376", - "sha3_256_hash_of_ciphertext": "cc677a81c73ea5139eed8d85782978d06192715933bc5aef560e737f6d57d0a7", - "shared_secret": "409bfd9102bd4632c6b5d3610eb349fe3e3bc51e73acc78a8e994a070e20e10c" + "sha3_256_hash_of_ciphertext": "7638e455aa855489cedd385a58cad62c49ee25f60be02bbcca6d7c3c383d27af", + "shared_secret": "d399b5ff0756707f8d1a1c2a683465c9ad4899788420643d59edf78f79b28dc1" }, { "key_generation_seed": "013bab0212d04ecd54b478daf72748003a25e2cb060ba6cc50bf95c292b8206b9da0c5da5f195b80fbb99c2e8b06926074f3f604b3f6195b5a5b9737876bba72", - "sha3_256_hash_of_public_key": "633bee89571e8fc16151491ea71234ab83289426559f90c67903a36e4afaa6f4", - "sha3_256_hash_of_secret_key": "3c3cff5f49a802cec693efbfc264f6a385210b1eed20f7bc5b07b51839961d14", + "sha3_256_hash_of_public_key": "eb3fdfcc0b171aa975028f96cd47fdba421ac08e29a0044cedc29fce35eb8510", + "sha3_256_hash_of_secret_key": "d1266b01cdbc6774ff0edbe64a593a110c462d07071077faa86faa9a0aa2365d", "encapsulation_seed": "ff646071b2509e6b75790917e08e4f0b0d9f0116ec6291c0b59eaa4b583ad830", - "sha3_256_hash_of_ciphertext": "6d94a31cff4761e3993308cb3e812a4a7f04f64d02ed3b46b418c2fc16189dfa", - "shared_secret": "5dd151a8015c0b16d79822832ff4cc0da7fd38eb73b7da59bc519d4d2374b808" + "sha3_256_hash_of_ciphertext": "0ed3b8be821742190f88bce0d86f834dec2a829496c5eb5bf51bab1a8419064c", + "shared_secret": "1a0ad65924728c415ee9c92d0dcd91396665a24c59cba878050390acf2eb44dd" }, { "key_generation_seed": "ccb073c4b90be0ad746e26fb093b60c70110bd1dcbcddb566a8cffb7b3caf80e71600a8982c350df524cde514431ded7aec23576530894bcbf0ec0bfef0bb64f", - "sha3_256_hash_of_public_key": "3217d034b472a846cd317681c0f36feea187bd40e546dc4ad69c2e67fd9d8303", - "sha3_256_hash_of_secret_key": "1503bc141825d523c9505d34f50dc0a01d7bc91cdaee6b99f4a85a24ce800496", + "sha3_256_hash_of_public_key": "d046d93317dc6d0ff28990721c3f94a93024ce01b01c0ca55d634c191c4280fa", + "sha3_256_hash_of_secret_key": "bdf5539c63b463c3dfefb7978bc44a46803117ccf066475bd17d5c82fcb49c0b", "encapsulation_seed": "0584270ec26f3b9818e4af074d17b2d51037cc8dfdcbe3b140fa4fed5deebc54", - "sha3_256_hash_of_ciphertext": "a63613ccfd2ecf8aa3adf0103ddd9eeedbde3282443bcf02513b4ab87360cabb", - "shared_secret": "1c729b8e580e124e715f19ea6f2409fc6de741afa3d9919b2b8bf3e54c053b51" + "sha3_256_hash_of_ciphertext": "b0cd3d31583e15ee8a55d85cd770cc6d64ab83429aebefdb55674f382b605c80", + "shared_secret": "9104061d3dbfac187f3a9eed801545a52f1fb0c3979ca8315aa31f67775d1036" }, { "key_generation_seed": "2e889f44e28901e9ac7ca6b2fffcb124c8979401b17064d7e1d51a7e3c3adbfa0e145e44aae52cfc609e6f47fd7a6f6af877190ff52256d0ac5b05b89c3f449f", - "sha3_256_hash_of_public_key": "d1756ecfaeb695001ac490f36c4638151bee98d367fb7adf0e06a470844068af", - "sha3_256_hash_of_secret_key": "a21acea0fd4354eb0c78d47caaf93c9f2434f1cf2d6b2194871ccd98f9522ced", + "sha3_256_hash_of_public_key": "21b12640bf755e94ba06204982458a9be11e1da542ece4f3d284886800fc8e8e", + "sha3_256_hash_of_secret_key": "4e3947282ebe9f8cd652343c30dfec9a5123c237af2fbb25aca522b6bb6bc4a9", "encapsulation_seed": "51e05c7b4ca3079781e8293f4eccebeeb2f8c8b4c59468eddb62a21bcb4ab8a3", - "sha3_256_hash_of_ciphertext": "3b322134b37fe8f5d7268fb74d1634ab8b35d456a973f7b0b427fb40a93b6db2", - "shared_secret": "b95ac8b73c703ab1154152b3ac73f054596ed23d3be328fbe20f936ea95fa926" + "sha3_256_hash_of_ciphertext": "43c21d2fc350a9682e8105ed680b36a04d02579ebab292d0a05db185021dcb44", + "shared_secret": "ca249f10d39267ec3725f56b90eb2e22cf8b577116af350f3d3c1e2cf090ff73" }, { "key_generation_seed": "174aaa36410566dc15a5e62874218d7abdde0b2c0f30d877bb80b1abd5f5a0a450a7a2354f7e5cefa6f4a4e9a1c411eb9364506e9e1204a8acb3cb77fbd2c4ed", - "sha3_256_hash_of_public_key": "1b1b0a8682caf72df2e0a48513a7358edbc77a615d6be6fe2a7145be66b7c509", - "sha3_256_hash_of_secret_key": "3e214f25fbf4d1bb670a87367399e1b2a9da3491cac5a22a2c18dcc44f3f1bae", + "sha3_256_hash_of_public_key": "95d9e5b9151d87fed52e287992acb897a07b10ada1dd83409a5ccddabf9d7cfa", + "sha3_256_hash_of_secret_key": "79e973da94d9166321c476a28a98a8d03ce079c9a99d6e4f55d2e2b4de936123", "encapsulation_seed": "9eca0fe36c80fc5eba171c3ae66a5b1c923faa50b4521bb055e7bf51005c93df", - "sha3_256_hash_of_ciphertext": "a2cd589c24c4c75bc0a3864dc84a85a7f0f3ac11c8578757f8e94054a7c186aa", - "shared_secret": "8c3851393e5c5997cc95f06da96300f6dd85c041343c98db2e742aaa5f78b298" + "sha3_256_hash_of_ciphertext": "18ccc37804b42db21ae4d7e238fedf4594f3d55303dc80c0e51c748ff4906ac0", + "shared_secret": "82a3856ca48c5dc582ac25605ab0c675ad646ee19acbaaab4ccb5350a3881b49" }, { "key_generation_seed": "351fe4313e2da7fac83d509f3103caf7b4c64a4d458fefdf636785ac361a1390f072d9b5a99f9c7a0a011e4dc10f6b600d611f40bba75071e7bee61d23fd5eda", - "sha3_256_hash_of_public_key": "2c54df6e9020e1e44b11b471dea97a382a2fe8d1042565bcd51ef21cc0884d68", - "sha3_256_hash_of_secret_key": "c6bc9c9e797a02684d3ad8de47919b8d8fdbee09258d084c7a9dc963c80401ac", + "sha3_256_hash_of_public_key": "3a7acfc3d283541d985e0abd85eba5315a17d6c4a7e4f248673da60c341c29fe", + "sha3_256_hash_of_secret_key": "2fda122953c3d9db88caa36cb8d5621663fec1dd0e19a274a5d85bea7a126076", "encapsulation_seed": "0c5719261caab51ae66b8c32e21c34e6d86ee4aa127d1b0195663c066497b2e9", - "sha3_256_hash_of_ciphertext": "0cd687f1c3e0d67c46cebf93c1217ddc972ad8662dd05830db350e1292542c1c", - "shared_secret": "4b681fff6a755e1dda908d070f0d9ac610d85c73079c1022fc67d255e36f1f71" + "sha3_256_hash_of_ciphertext": "024ade86d89c33d9d38face3b92986e72c699467402fe9c5aaca0904c5f5737a", + "shared_secret": "f1e13731a14d39f474806b8c177e23e4e2301a3b839539fef9591a71e4f67d29" }, { "key_generation_seed": "9bc5315580207c6c16dcf3a30c48daf278de12e8c27df6733e62f799068ad23d5a4d0a8a41c4f666854e9b13673071ceb2fd61def9a850c211e7c50071b1ddad", - "sha3_256_hash_of_public_key": "bdcaf7b417da8b8933279b33068f6fda313826c2eec500b224cbe046abeb37a7", - "sha3_256_hash_of_secret_key": "c96e176b19f4135add434d0dd219024587d49fdb649bf470e84d9518bbfa2879", + "sha3_256_hash_of_public_key": "21916dfe025b78fc6d4dd1d1541b51cd3eecca90ae52177431b33c708faf17b5", + "sha3_256_hash_of_secret_key": "c98bada554f301506c532ec774ee112106358d0b320407fb34051a604777f030", "encapsulation_seed": "0e59f6f9047c784c1f00b24454aa4f1bd32c92ae7e626549972f86fab90e7e89", - "sha3_256_hash_of_ciphertext": "b38711e358893a864b475f35328b2450fffd5087d631844f7ab0995de2b8310d", - "shared_secret": "bbaa67f1dad879f2fb33bd4ead45aec354bc8f05c7cbea1e433509faac022edf" + "sha3_256_hash_of_ciphertext": "b2737a0bd104c46a5f861914855f498287a33076c32a4241a46cf9690181ee98", + "shared_secret": "79c5817a4ba25295cfdc817cd303f3465852b93c0c908fc4a79e88c45f3b81f6" }, { "key_generation_seed": "d8b907b34d152ff8603b73051f772daa71eb902c47b7e2f070508269d757e02e36b817736cbc5f7b1dd6eef5fe6332fb1a598f3871e5470d440fd2ea631da28a", - "sha3_256_hash_of_public_key": "61e27e954728e2e2e230c94ff009417d7372938e2c29c38af22184eed530fa1f", - "sha3_256_hash_of_secret_key": "8baa58b1d3fab8ec5cee8841c9012506cad40bf58a677adac88f1a6400506d40", + "sha3_256_hash_of_public_key": "8f62011fbd5a1c10713d42a00a79ae7672e5e321872971f24ff71ed754178d63", + "sha3_256_hash_of_secret_key": "57d13f22524022911276023bff4af90abdf04885e2a598b04fa789123295835a", "encapsulation_seed": "a3963ade17d69debbc358dda82c7bebe2c39d25b36813058e7a161542e3f8c2b", - "sha3_256_hash_of_ciphertext": "7d47a21d95483a5845a4fddbb07b3435c29a56b5cf26f5d0abfa21bc39a2f2e6", - "shared_secret": "2c7b983d66978be80250c12bf723eb0300a744e80ad075c903fce95fae9e41a2" + "sha3_256_hash_of_ciphertext": "70dfcd3fb0d525cde1e38e158f6a4234006821031941efe3f9b4fa1e70c8bb36", + "shared_secret": "d92f866a744d0af51c8c2ba7b1fdf816e0334bff45182cabdfc722d75f8140c4" }, { "key_generation_seed": "684a29e4e5480a5f2533e1526b5fac8cdf5927f3d85087c71f928c59690eb56575d12195ec32a8686d0600e45d4a7f54219b0d7a3826d193a51b9156ecf2edd6", - "sha3_256_hash_of_public_key": "672e53b28d579974d268132187e7bd72238639c6f2ca154d50d98c74096ec330", - "sha3_256_hash_of_secret_key": "4c72f0a7ef5c3274c49365cca5e6770bc709ef12bdbd4fd7c2eb5faa296cdfe8", + "sha3_256_hash_of_public_key": "ed3d1dd05854a6542b24090a680b9aa9d6c65ef31cf1f4f5708affafeb2e3989", + "sha3_256_hash_of_secret_key": "d5bbcdd1c2fd57524e7926d071f71114a62b95f0579b62ac0f92ccaaac4e9dad", "encapsulation_seed": "97beafabf2c8575586487c7a80e8af5fc50f94b6051c1bc66a5ae9f66be3cea7", - "sha3_256_hash_of_ciphertext": "167b4e8b7517cad82ae0f49795918c4d33c79137a9c3e16000c4c55b30b1d382", - "shared_secret": "bbc58d06cc14f9e96a10acb1789d93b93933f1429cc53a1735b3cd995f086ce7" + "sha3_256_hash_of_ciphertext": "c54e484b3b05c6bb40bef10662de29ecda288b9374dcef8f89220d1bff2d09cd", + "shared_secret": "53b3b4ce1e75cfe52d22450bfa763d07985dbc585166b4781a7e6542f9bc03e3" }, { "key_generation_seed": "d76b3573f596eb286ab5231feec7499686b13021be36cb126c7ebeb9d7030daf248c0a21ea0bb6d6f56f12300e8584d8e9a34e0e6f52227281151ae4c305fb8f", - "sha3_256_hash_of_public_key": "b86d5b13bb8b72a9fb81245ab712f0d10f0e2e09b222143c420e3f2c3acea27b", - "sha3_256_hash_of_secret_key": "c25f2e16a0e6fbf0729e5ee89fbbdd71f00ff9a1abbb00cb47f26e9989eaf678", + "sha3_256_hash_of_public_key": "6fe12a1e2d742dcaf56c585651ed6edce4f410aca0fc83275b5acb19daeb149d", + "sha3_256_hash_of_secret_key": "b9e5eb23d136e49d2b5b7964430a1f98c78cd3526f97b1fa0ffb8fb0ea9ffd79", "encapsulation_seed": "75461decd34c50d6a094b4a64fb75e5e9479f8f9250d82bb7d729dedeb2d4b65", - "sha3_256_hash_of_ciphertext": "8919940aeb732930c496fa9832b0c09382663accda45be1ee22930c545eb3a37", - "shared_secret": "e045e0391e15a66d6208467078f2ba5e429cc586c410ca6c5f3c032c21761955" + "sha3_256_hash_of_ciphertext": "763f4d04f8eb62a3599d9d095c77861f122e90a0113fa290b17d500766fe333e", + "shared_secret": "e7165b66834d919f8c8737c7b4df17a0668c57a87b821af78fe68cbea325aab6" }, { "key_generation_seed": "b87439fde81c9e39eebe7cf741c685785532c1dd23e8ef868b9ce7a541010f3d1646460817a0fce5836bdfe124a7448e7adf7b8ecc2652ac6d280e986682df71", - "sha3_256_hash_of_public_key": "85441cbd71c18717e9de7359b920a9a3bb7f32e619806f4e4718c585085be624", - "sha3_256_hash_of_secret_key": "93b65d2df33d3e3ab0d53c1d0a21f3752e2c5962f7d960b888b2a8c495b1b133", + "sha3_256_hash_of_public_key": "30c784bb2ca3538979b24246c2644907484719c531ea39f13c5a34046f8e5cc3", + "sha3_256_hash_of_secret_key": "ff96c20a150142ec36186277a6f7b15e4fb93e9648385ef23186fbef674f1600", "encapsulation_seed": "2607dcf4fd6ca1c614c21b5e37c24981c32b91c8c3e6955777da8a3f5d9c9335", - "sha3_256_hash_of_ciphertext": "422509b01b8fff9468e867a2b5ebe5d3e27314de5c058b2c79a61ccf464f4df7", - "shared_secret": "0b8584b75838e084839d58c89cb1749e82ec06a0e85464c7546dd96870547d29" + "sha3_256_hash_of_ciphertext": "edee28e97f72a1798809668a1b9b9b3dc05d794d69af6cb476f524e6acad3d8d", + "shared_secret": "19599e218264837d06839b6cb9a09af3bc4cdc78f7d9c00fe030ee92ba3bd54c" }, { "key_generation_seed": "056661b38038da4fdd7426f32a81576c73ed84843b305168a374f934e27a4e1b79238a80dcfd7c992d84b2dffa67493e669243d4fa38c46b090bdf86bc548411", - "sha3_256_hash_of_public_key": "065fb6156acaac591f1bf3ce71c4a046be8c6c55eb9a84d29569bd2b144c73e2", - "sha3_256_hash_of_secret_key": "0121afcc6aeb8be9f1c5b06d5b65cc1c03e9366ed7b85fc511d853c5eee230cc", + "sha3_256_hash_of_public_key": "b30fe432c2e9744430805aef6b75cf3011ff387e323558212b9d71ed71f044f7", + "sha3_256_hash_of_secret_key": "2c4c6d6ed6fd6cf8b53a352a038b9fea6648a9521604140f54268381dfaa1144", "encapsulation_seed": "38c89bbe7145c29e9a831c11431eb9929cb24fb4992db20737e4687d397fd732", - "sha3_256_hash_of_ciphertext": "f1d3b745d86f860e508ad8b6d5c8a72ef833c280ec11e99516f4ead3c42509be", - "shared_secret": "3547a15b5748990a5436bdc4db283738eb7d64bdb6ff566c96f7edec607ccc9b" + "sha3_256_hash_of_ciphertext": "b536c56ac5b187bf7372e726bef28c7a46b51e2bb3bbbcb3cab014c6f5999061", + "shared_secret": "dc5f3931026bcedd2f57b65601f683895c365862d28a65356e94049773de2ae0" }, { "key_generation_seed": "a1b52d871612a1c611ae0944f9e71858f35d3bd14f20e96a931720668bdf0a6b1f135cf64b6403e103afae34da038613e2853bbfc36baafa3c6a95347193f37c", - "sha3_256_hash_of_public_key": "ced77d358342759291c2bd225b0bd82d659d28a24bbc5eda8f47975b780cd129", - "sha3_256_hash_of_secret_key": "16e06287bd8d71c78f1657bbd6d5d12c22f6bad7658e68dd849d7751da950860", + "sha3_256_hash_of_public_key": "ab02b962b6350a9e1314baaa272b6b13db3d1edc9f09d3addf07f6826a3556bf", + "sha3_256_hash_of_secret_key": "abf4653476aae658e4603990ddddad56c09da5fab6b9a3e328b9fcd670547652", "encapsulation_seed": "b2c35e33c72d90182791f0e12a0324f5b216efcab2c8da1bee025dfbe13f4152", - "sha3_256_hash_of_ciphertext": "fdfd351fbb15c92843b44489fee162d40ce2eea4856059731490afda1268b985", - "shared_secret": "852ba9be42763c5a74a75778eb839a3738a8ceed1520b0588f9dccdd91907228" + "sha3_256_hash_of_ciphertext": "fc2394d4ed9b1e2b073d73d02eb4ef8ab3633932e58641a58507d7c977b62c04", + "shared_secret": "7dbfce1fc7d937884e7b3fa7c8eaadb37e1663f77d7c8659b8f43abadf16cba8" }, { "key_generation_seed": "952b49c803d6d6fba69f4375adce8594847a00bcae2179da49af2aed0423250262d7033947ae42ca53522a65fbafe18d3bc3e0cb66164e9a094fe4b44d8977ed", - "sha3_256_hash_of_public_key": "2fdb7c7e39ce1625c20a13a1c91aa5909d8b03b064d00877dce2415020370c72", - "sha3_256_hash_of_secret_key": "ffdb52b23a9ca4b71ec882031ebcb33a0ecc6731c13c817b24f3a06e48273778", + "sha3_256_hash_of_public_key": "c153354b0187e658306a0c860b1fe6ed14686ca77d37b7c82d66ff62149406b7", + "sha3_256_hash_of_secret_key": "bc48868d03fb12ad5a98d35a739388b66e17b589aeb6ad4335d2d2e0c933910f", "encapsulation_seed": "afb7d6dc2b7eb6d84acc080c1be63c98afe7b07786b5801f716444a3e8e64800", - "sha3_256_hash_of_ciphertext": "215d83f872221c5fd4ee4da557e17299dc102c52dba1fc4bc3f8c16805da7f1e", - "shared_secret": "618a8496b8850609c09dd1d18798ee2bfff3ed7ef6f8b8034fffcec98f291d69" + "sha3_256_hash_of_ciphertext": "0fdc0a9a35e5cdcdea8d39e95086e35db8f4ec92f13a7d9afad49adb5faf1e70", + "shared_secret": "09f64cee1af4d8738ab149d34a106ea7b19ac43e5a2536defe689824409050ba" }, { "key_generation_seed": "3c815e57e9233e975fa1630208aab206b71ae0db37a7a8789ac683d9f9b2d29801c8e376fdb140ee343106c093af7cb149b316ba79446ceb4e5e0cedb9b164f9", - "sha3_256_hash_of_public_key": "86bb11e7d9c1368fbba34ce3a2f169c2464ef5fbc11f73843c456467b6cdbd4e", - "sha3_256_hash_of_secret_key": "5d46659798d268f1314ad1e7c1735c480301f5877773403966e928bc3fd33d1b", + "sha3_256_hash_of_public_key": "2ab47ca9355ece6cc643c3274c46efbd6e927b8b4d11ae8f80b5345b487a5c71", + "sha3_256_hash_of_secret_key": "9f65505a34f12eee3e5f6ba1cc622dc0024c4be87dc0648ff9e1edf9ffca943a", "encapsulation_seed": "28f5e9dbda122b2cf8f3754fe9e0c73a84ad4b0c093522e0b62cf815d60bbc3c", - "sha3_256_hash_of_ciphertext": "5ff5d6bdb110bac57e58a4e288d056a1384f9823606a42daef2ae82e0b7574b2", - "shared_secret": "cbb8b7a05f48b47d163cf8c2fad32bc586f47f2c2e0911da349f29b1e3286c22" + "sha3_256_hash_of_ciphertext": "5c7bfaf193010937498fafd5f4eb4665996c6a963ba25368439dbe05c56bd99c", + "shared_secret": "7104fe381d6d7995b4d550278a66a719b9e79d9bdc38fb0bb60212c4355cc520" }, { "key_generation_seed": "588760826dcfbd36d9abe6ae44a669bb3ebba6a218eab69e30f18a3bd536576e0e860576285483bb5fd36e2f944d32c4317bebc1e441470c1372046a790d79d4", - "sha3_256_hash_of_public_key": "29253478090cb4d580bc2a912645bc685061e5d4437b3811eda69c865ea9923c", - "sha3_256_hash_of_secret_key": "aadce411f3708e9727e4a7e4e198781e1ef5e8f4c4c14add1e25f5758649e265", + "sha3_256_hash_of_public_key": "3ab27768ce397a94bb7d29f5dad97d54054915eb66be41023e5d7052a10ed1e6", + "sha3_256_hash_of_secret_key": "2b091ca0237c155627226a58c1ea9a049127e7e30e397307ae20343e21408dbe", "encapsulation_seed": "b0d713cbef0bb1df70cbb425d1e9373e9f7790fdc7980cc96a240dfc53f1e8e2", - "sha3_256_hash_of_ciphertext": "675039d66fcb631a050a8b24415b50f331350bd6697f9c977eef15c15d4cacca", - "shared_secret": "1eef87404f318351413d52ba8a07cfa5e72f235d6f91afd7fb8ad3e683ce0a55" + "sha3_256_hash_of_ciphertext": "1987dbb44cd3fcd1b3fded283f54d82a2dd146508124282d59a8f862be82a2a0", + "shared_secret": "79b1ce19715dd0a74ada36d31f63f3242716890a66d6348232c914c8e5c4c499" }, { "key_generation_seed": "47550e9edacb6ddce3d9ab81f6b61080dd4f2693854acb05e0ccc7a4fb6390fbf89d7d99d5c3e0d10d6ef9af054d842375f695abb28e3b8eb495100f04306e92", - "sha3_256_hash_of_public_key": "286de7dc142efe935e84b0aeebbd32d050fd9d8b008a94e59454b19ea401611d", - "sha3_256_hash_of_secret_key": "a6b53edf9efd7fa67a478456a5b6a379876c248f623ea45f4b541a8db00c524e", + "sha3_256_hash_of_public_key": "4c20aa5a85b2e43c56e051698c75bfc27bb9b1722501a6502d1c0dac0aa7f1b0", + "sha3_256_hash_of_secret_key": "684968be82e153d8eafea3ad507544b512bc1b0768775fa5732a12ec2b3b22c6", "encapsulation_seed": "32bdcdb7059fe27f6409901980c080308951ffd90deffa8317b4d213a5f04495", - "sha3_256_hash_of_ciphertext": "f03d44bd9bdf3bfd486919fec2177b8b685a9981de4cbc2a9e98b7e9b0a528fd", - "shared_secret": "ca2c0bba56645e4fce4b7e38a7bb4b839e754bf2834a302a2614377eddd6ae60" + "sha3_256_hash_of_ciphertext": "5a1273ac88362d6933e9f8e203af5df0ce809b23e125abfbea3f72bc386f17b6", + "shared_secret": "66e872a4b3baa42bc3e8e4ee787ebe070a094f05d2a0792ae2ae60f8bd0ee0e7" }, { "key_generation_seed": "610afb64be8cc1df288cfb016ee2f44c6c07113de7f6fee071fe0c3fe31c6215cd292e4c5f9e1a55e0489bceffb204d672a6215f4f3980a646d9f880817c52dd", - "sha3_256_hash_of_public_key": "029a2e12c3e6aa668afb5be8a82576813fac7b8e61c5a88aff94ecc2770c585e", - "sha3_256_hash_of_secret_key": "413ae41ee83e17b74ac654c2aca57abe8f8ed0409acf7cc8b301e3d6bb049cfe", + "sha3_256_hash_of_public_key": "72c30933b8e50425fefbf58d711f58cbf9fd8ebd2835a1b55469a2a1b993eace", + "sha3_256_hash_of_secret_key": "f156a8742efc92c7a7c5e07116d139872ec520aad1fdb146cbcff70c350a45a6", "encapsulation_seed": "4ed7c92d83bd03b2a25b567f17ae55542e2f6a4308ec0f3fe69f8ba5ae24331b", - "sha3_256_hash_of_ciphertext": "e8992f7b7b619c03cb9f0c991e3a9c20f91beb707c177ad4e02a5808d10d8769", - "shared_secret": "9155619e28de6cc0670ce70e0ad270f0e885e5f5f8d6d38426938ae1036d6ffa" + "sha3_256_hash_of_ciphertext": "c3c80130ce1ccb69036c753567b55e2e93df33496228735300b7640f2993c09b", + "shared_secret": "56551e57abc7b80a842db9ee65aaf6e65b7c4ca10fc297e9bb0a6364e6255bdb" }, { "key_generation_seed": "e1953800acaa85ac02a906c72cb8e8d704e8d27820345f88f71e89c1f549afcc8c64c049c6dfc0f1476cffd520b055756162f7ec94243de6b14ac0b9e5fb366c", - "sha3_256_hash_of_public_key": "e3ec3671cc7675a321af8584a0961101c04a432772431e77f5740ba3b2ef488d", - "sha3_256_hash_of_secret_key": "93bf696bf0671c3845c4b246f29701a0978eec5b49de81589009e235903061e0", + "sha3_256_hash_of_public_key": "bce58a5d05a4840f835b8ce39703f77bb31f20b9ee4fd3795c2e326244208b28", + "sha3_256_hash_of_secret_key": "abc33aecf69474343f3848633db85e595a465bcbd408472257e00be338664ecc", "encapsulation_seed": "060ea5d2ed1dd88144a9885e79278590821c22917b55a48920f96b53ebe0e689", - "sha3_256_hash_of_ciphertext": "6634bd840d2dbb01463cfe5b4e3e54d1eabc081cfbdc14d0bc118911ed8d3cce", - "shared_secret": "d1f24383d5b8d0c3c0a6a5f8f7d38ccce13ec179a84b0b09bcda4c9988f3eb4e" + "sha3_256_hash_of_ciphertext": "a500aa79a567933c2cb80ea580fff3298a345398243052f2ac292591810328b4", + "shared_secret": "30abe054c82a82299e7edd52870f461ff6048daab627b6c848a9d4f1c4641a0f" }, { "key_generation_seed": "c719f9b2d16399b7326ce4eca30dabefe8fdaab18e9f6df888b0a134ef355570e40771856eb77e4633504899fcb86c6a3d433d0b8d60e26f07bd61f1d4ed69bd", - "sha3_256_hash_of_public_key": "79836213a513bd4cfd42ed281304e3ee4560e4e0c60fa53781f83d5bd2bbea52", - "sha3_256_hash_of_secret_key": "65deb55fea451375ef335e7faac73917d32220fc70c95f371fdb16e712beeb26", + "sha3_256_hash_of_public_key": "0293675aaefa1219f8794d114bbb004463f9c631729734cb430f26f38886537e", + "sha3_256_hash_of_secret_key": "b25401df9f852f7383fc87fa7cbd267b9de2e80bb37946e9fa8d040134a9e31d", "encapsulation_seed": "10ef9426f8c4a13b52325c5bb4ead4596ecf2c6b5bd2d37d8350e90d4164fdd9", - "sha3_256_hash_of_ciphertext": "ba79883ad64a6f2b256004233d87809a8c390327a23c739334f773507e003aa7", - "shared_secret": "d2dab0b39b7f62de3ca9826f9dd15a4201191a0e0c690d3e52b305a9d3af2d0f" + "sha3_256_hash_of_ciphertext": "3e0e87ded530c595b63064109c6d64c78253f3bbac5f3bcba552539fa7daa004", + "shared_secret": "4b525f467ee0d96c1f4b899a114936343ec21c74738b05555b2bab9a5d0b5513" }, { "key_generation_seed": "e9acbb774be970206c3a738e243b420805a509fa59fa902044be2f0d013650d2ded5edaec5de3bf5b4d7c2f2e18e87f499c1968993eff196753db8045e2c8ba8", - "sha3_256_hash_of_public_key": "0c2e803c2872400c49e1bb10232946ab939319e84ff32cd354dc15d082cde5a3", - "sha3_256_hash_of_secret_key": "d37f172803739d074d71a2be32125eb1ba4250128342e34b882fcba38b259248", + "sha3_256_hash_of_public_key": "cadbc64e263f1afdcddf2ad63f2fcd19799a0a8f43ec867477e249ed5fe716f8", + "sha3_256_hash_of_secret_key": "ae483cd66ace708eb15d06b55b1414e1ca1cd440d8867932261fe16a41eab8dd", "encapsulation_seed": "a4bd30a64cbf29a4e290fa1cc1dfb99e68348713041e4409a1af23c5d80c15c4", - "sha3_256_hash_of_ciphertext": "13d437b2fd9d67ca0699a3dacd977fba5d072fa6b482043d63e8a9548ba6a3fb", - "shared_secret": "6869ca370a496af2dbaa866265d91ba6be54b9686b1b8dd5714f6ba861b0d1e8" + "sha3_256_hash_of_ciphertext": "b4c90f9d9595c242112c963a6f24b6023083a0751e341522eb4460a0eed65f25", + "shared_secret": "6cba1b31809b333ea40f2f67bad438226d91bd61b08860357a840cbcc8fabfc5" }, { "key_generation_seed": "c1b3cbffad4b306f9af0cdd3028876486dbe858875c9b6497fe20172a986c82b1c96249919cedc2369d8d739ab125e0d2ccb82dfebcd90240a545cdfe07511f2", - "sha3_256_hash_of_public_key": "5818ac8d7a38c781e3a0bc43d088e6d391d1d67d9639b260bb6f58a19a57150d", - "sha3_256_hash_of_secret_key": "280e4774d1b2401580216fa70fb24c2c214ac5dc7f3841710a42e14d6aa09663", + "sha3_256_hash_of_public_key": "5ca1708c7c6e354b69720b4b4a0c358fe9a6ad3febe78bb2a71691658acae21a", + "sha3_256_hash_of_secret_key": "eb002a4709c8b95bf166e0942d47453c32b93e32e4273aef846c296d1590d58a", "encapsulation_seed": "f4b66a7d3b65b896dfe100b2cad24b175a1168cfd2ae11fd704b835f6bcd311a", - "sha3_256_hash_of_ciphertext": "51eb70249a1abebd5159f1069b1acda2304f25fc9cbd9f4a625b58df448b47dc", - "shared_secret": "502d92b2a7e1804892ffb8ff009987a58f35baa30c0392c83859fde82105a9aa" + "sha3_256_hash_of_ciphertext": "3d21fa1e7c4b9e5b3f68f956afe6fac216d42fd9a3707b7a61932c8ebb5103b3", + "shared_secret": "8087b456d37e6aff785a0ca104cb03ef71fa2d6652c52dcd86220cacf878afeb" }, { "key_generation_seed": "ff7495b8575b5a98e4fd21fb4c3e58cbb60f14bef21aa74cf8802e3153f14807bdc370460375a778d1a31d01c42b66367ed8d9e8f84551002f552f0e52102b5d", - "sha3_256_hash_of_public_key": "172cf4f8dace8a96b8f70da966080a5e3f132873ca7544343377a99b65e8147f", - "sha3_256_hash_of_secret_key": "31136804b6c14f3a0a00a3295a5fed8d606369e64d272d432c59d7fe0ccc3e47", + "sha3_256_hash_of_public_key": "04f0066489947b572f76e1dfc2e24297b210ed0aaf228788a0b349d11689e064", + "sha3_256_hash_of_secret_key": "656696013b36db5535aa376104d5e2beb2c9a708282aa6a5f0ed42cbeefcf98c", "encapsulation_seed": "1d7b03d3c5eefb8ae5799dc569aa668f1bcb8c86607b089d3530cf61d6380147", - "sha3_256_hash_of_ciphertext": "9b38b66fdfe80acab82bf9577676f6566b4429f78a14f7486b07c96ae7be921b", - "shared_secret": "48eb4b840c0d957f28808e434786c02a8f99d3464ccb3caf91cef4a0f8e70c4f" + "sha3_256_hash_of_ciphertext": "a29dc0e0107aed03c698c2448cba21940bf9923c2098225ea3421bdb474a8ecd", + "shared_secret": "6799d393f4000857868049c19a102e5c04c55a6bfe3a41abeb4fb6d5228cda97" }, { "key_generation_seed": "bdc3fba1c32751139fc45bacffb3ea97f26573d804a5f27a459293d95190ed8efd5a08f656a6eb8cd20679930a31caa6a6331c4b133a6838c223ef9f769f6246", - "sha3_256_hash_of_public_key": "268b6356f92c57da6dd34494b927e8764adf0ad519612ef0d1b8951e50966c2f", - "sha3_256_hash_of_secret_key": "3bf02cee24670ca40b7280d8047fa147b24c5e286dcae9c24bace9465bb19f61", + "sha3_256_hash_of_public_key": "67ce6c8abcf3ec4d93505d3be02c039e5a12538e5e59adb5a5d709b9b342938d", + "sha3_256_hash_of_secret_key": "b68d06399932cb2d32b2a2aaf12e68568f160092efac36ade3536cfe6fc88d45", "encapsulation_seed": "554f3385b382f4a46314de37ee3885addfc5332bd4038785094e0a832e9e8c2c", - "sha3_256_hash_of_ciphertext": "fe8c3fcee4be152aff29e55f42f2fb1354ae55ccbe38400bc901ca032ede1ef6", - "shared_secret": "f9507f70421be90f21138a1e135329ee8228682cc948a6914ea58624d396df0b" + "sha3_256_hash_of_ciphertext": "93a08f27c7cd6ba3d5e6c8b6c833d8c65f05edb2cfd7eaf5bd392cd1563552ca", + "shared_secret": "dbbe6f3b6f5a35789697792e209428ba1f53d1b98ac2c0d1893cfee641e40375" }, { "key_generation_seed": "447f6076a627bbc5ad7773fbfeb14b4ba9ac43a0f8b99fb6dcd5e452aa3c47ec20a7237801f470fcc2bd9fd7bea8322859b850f7882d362947432913dd068c01", - "sha3_256_hash_of_public_key": "4c6d304e0494d88d83b5e3aa5761df3b299551a24f28994d2747b2b08945bead", - "sha3_256_hash_of_secret_key": "5de91ca73756eee74da3cac78a1fb329a02f8587f212bb9bc0b29e0e654a5795", + "sha3_256_hash_of_public_key": "7fe853da745a27a1462668bb66c4348b7f4bf25c70527b360b2fd104cda48fe5", + "sha3_256_hash_of_secret_key": "85a7c0a52f7898df5e3ba9ee378057b9e354dc2108c5f8c60a10fc20c9eda749", "encapsulation_seed": "38bf0033b779edf5367d9ebc01c988af90904c560970815837380650e4749eea", - "sha3_256_hash_of_ciphertext": "805ce0ab06c568b614cacbfa4cce5e65929e2846932a90e9418513dd48cf3358", - "shared_secret": "24caabaafe2063f812eaf57c58b6c0376ed8ff778cec1980ee9c3228801a75a5" + "sha3_256_hash_of_ciphertext": "23e8b844258ff739aceecb17073a7f2be2f89030ba7ca699470e4add6f55321b", + "shared_secret": "494550faf270431de90c96d2ddcb7c19249d5e85305b3b43626386c30b7aba5f" }, { "key_generation_seed": "2d5df64d62cb07fe630310bb801c658dbf3d97993e68626745de39d37fbfc2b27b534537addaba4ecf14f02ab317d36cb9f0f50222ced7cf029dff8a0d3d2fd9", - "sha3_256_hash_of_public_key": "72be2f5cd569e6229f00014854633f7b278e90af4ea593411909467a03e29cfb", - "sha3_256_hash_of_secret_key": "a68ca31b91491a129af9f280cb4c60c046e7a7ccddf41c9bd98663f8512ca34b", + "sha3_256_hash_of_public_key": "65297f711f12a5ff123e6de59d1f16878e93a31612015fb961bc572f3e999cea", + "sha3_256_hash_of_secret_key": "f80261900b053c4d1c5e3b445588f1aca6a9959b969b6a60df08f1a12da1b661", "encapsulation_seed": "048ea516d0ebbd9f709b47eaac66f344c571cf50f0d01c9466aa061a50b66a24", - "sha3_256_hash_of_ciphertext": "d27a36808f09d6165aefc5d253090027eeff0653268c55a0b3de2a751ec765be", - "shared_secret": "9f734b15fc7dd99bc10d6cc7de5d2c93ac789a5665e508a95d075dffbad25abb" + "sha3_256_hash_of_ciphertext": "7c4f753d71b67d7a6691db0e7d9bf2c2a13f9f48a0d9602be60e080262bf50f1", + "shared_secret": "eec9e658edcad5a8a705644ccd35aa3d785cc258666ff749bdbbafae6700f1b9" }, { "key_generation_seed": "25056d1b8113bb362dd979d98643d7a7ac9c4f95994c0ba060609b6d07002ff3f48a9254dd40b117941fa35a66bb50296327b725525deef70e128ca8045ec451", - "sha3_256_hash_of_public_key": "0831c75b153fa17d336a79ff6e88ddf485daf7b1b0bcf39d8df15319d52ac67e", - "sha3_256_hash_of_secret_key": "2b983d7cb50880cff761441b6a2c66b7a41642cfd2a8cc297a5df53f0ed1947f", + "sha3_256_hash_of_public_key": "51634cb33a2bc3fc22ff47b58d7879d703bdd661ad3c290a6d812485ef0ce8ff", + "sha3_256_hash_of_secret_key": "e9d2895dabc85514f2f1a543440ac0de41d49cf21686327bcc6066d21a2b93a0", "encapsulation_seed": "686c921c9db1263e78ae753b1c9c2e7936b8229dca48c0942c56c6bca4f10917", - "sha3_256_hash_of_ciphertext": "0892527da24957468b1b8fab49ad2d7dd6d238eca54624fce6a3c2dbbbe8d194", - "shared_secret": "d27e55f2a1f9ef336c8537f11da9875e03cc7dde8951d81b0740457609654107" + "sha3_256_hash_of_ciphertext": "8d971865b1ec760640db6e480ed27fcac239bb1c36e72054afc530d957672c27", + "shared_secret": "d5c5e6657d310b0ccef250c9664a02c846ecb241f2404ca851d8219f93cb0d27" }, { "key_generation_seed": "e4d34e12982aeeb1d62fd488d9b9e28557ed3429292239fb4f76fa9098009acae6c45c7fc62329b13c8d29844405db8ff6860de474bf727ecd19e54e6e1a141b", - "sha3_256_hash_of_public_key": "b30cedc4316b63d75b641fbad2f33241a3fc47ab8b3ee1a3ed597e5b04f77c68", - "sha3_256_hash_of_secret_key": "a49a7533c671e533deec55af218ee511c57014070e138c7059853e08c34b0a78", + "sha3_256_hash_of_public_key": "45cccc2997b502ed631257065214ab9afed11f00ca5c18c92c4d6b917165fd1c", + "sha3_256_hash_of_secret_key": "3a0f0c13760dfc8bf1bf79bdb1b4f94aa33989529be306bb826b07e089105b47", "encapsulation_seed": "2387772e50059cabda53cb93ba24b19ae529496c03b36584169451525c4a0e7e", - "sha3_256_hash_of_ciphertext": "390b3b6f9a0f9d97ccd452c83bf47416b22fd06b4d8968c44ee6effa7980e68c", - "shared_secret": "ed5903d1cf02861444cad7fc3793b4e1b9b6d0324bf6babfb768bb2f84300086" + "sha3_256_hash_of_ciphertext": "c60ba523dc75a1c9f8dd617f1cc775f6d1cee0fd7614da1a5366eee5950b6f10", + "shared_secret": "f62460025ebbb273f00207758a1215c3a8053d2ac66cee11c6760aeef7e35d24" }, { "key_generation_seed": "cd6a99396eb3539ca663a51e42063a3a262cc1c5a5fce1566f0597b52ad9fa325a3407f591791a5db4578b5972093a95bec3b8e70c1d542c9b5c9789729f8922", - "sha3_256_hash_of_public_key": "ee044dbdf6787ff038dbf9c133557169c62fc1ce2580739369aa87df00b49648", - "sha3_256_hash_of_secret_key": "9e865967f0d1e7d3f6a49f2bb623ced2a7b1408a945e02adbdca35846b70e7b9", + "sha3_256_hash_of_public_key": "89560d4e598328f6302a9762bda2b0f29fa8ee34fe48dc4847810fc6f44cc198", + "sha3_256_hash_of_secret_key": "30f40a1a6f4adda2a9e73f3a881f3d10414031a0f5fc0f70ffa4966b29bb1a7f", "encapsulation_seed": "155c29c5f0378df0cd0e847a80a07143cf7522fcd880c9229eb9feb1ce340cd2", - "sha3_256_hash_of_ciphertext": "6858db6eafd97259e6d775d881f7a877010179d4f827680426946b9ac4571261", - "shared_secret": "0d301028c1cb31dedc8a702a9e95b7d3589f68a6a1f600af84ae0f543e625361" + "sha3_256_hash_of_ciphertext": "932a09da1c6de03fddf0b45ca31f2446c5c2a3d47af171cde29149167e735cd6", + "shared_secret": "74efee46e7b26f5022416ae9bf4a52a3940966b37fab0c3ee2e8fbb24ded6bf8" }, { "key_generation_seed": "6c8c53ed6f65e6b2e324b84364e10de42d1c26a106d4d1c99eee79c78586fb55b9402bf02481ce4b27a52e87feb92c4399c7f2988d40e942e7496ad15ad2aa88", - "sha3_256_hash_of_public_key": "e965ac6995d525e324e8252d8e2c2da909a29b24baca8b68daa5122cb539a474", - "sha3_256_hash_of_secret_key": "91051a381626e9465fc7ab20a1944eca64be461330bda53e7d1838a74597392d", + "sha3_256_hash_of_public_key": "878025deeed7dab8e62d43c3d2096e4682692537c70ebab9e1561cba88b05ec0", + "sha3_256_hash_of_secret_key": "5469881eca81b37faa66f4d9f63c20ecf61fa8337a095410fc19eeacd774b863", "encapsulation_seed": "a9cb9a61a3324b1ea5afe693b32784e2871096b2ca14a11acc9577c52359a241", - "sha3_256_hash_of_ciphertext": "42bfb5584610497fbc8080a664139afa534b39a417cb69ab0d2a16c8737eb1cb", - "shared_secret": "354d86b389021a3196b75c6582927b3a005fbfee0951f34d9cd5c8f415fa50f9" + "sha3_256_hash_of_ciphertext": "0407bedaefe91d921a6442f34fe88c04e62389fc63dafe78a1a2b93723786a10", + "shared_secret": "92fd1bb6ea9f1a0a195b3ca29e457f4b3f401fb4521842196d9471f50f5c7249" }, { "key_generation_seed": "2107204cd995f1df14314d5381f8c5440f09a347502e161cffc0a2ec3dcfbc7324c3da70fe850e80aa818301d60c70f3038153866dcd5d179e22db59b8991bb4", - "sha3_256_hash_of_public_key": "a3d8a85f38cfda38c66ae39b2f9186ef7bc1e0c98e8976a6cbc6c4875d73d7fb", - "sha3_256_hash_of_secret_key": "cf7e797f8f7229a08206034737e54fe46645ab2fabdbfc8662b45a2604876b65", + "sha3_256_hash_of_public_key": "7d30385f988dc748b843b7b7f569e58ccc9215503e1bc2f28f5019fc72fe6d33", + "sha3_256_hash_of_secret_key": "5b425d514afec91db185ec5e84bfd545453da4f3acfef398e7b3548c63f713f9", "encapsulation_seed": "e99fbae8a024ebbbdcef32ce213f6aa942e3eca925e5da4c09975d773b33a175", - "sha3_256_hash_of_ciphertext": "ce7b65856502b280e02a36d906e018c6a23cae99f27ef6d65762c87ddfedff56", - "shared_secret": "3afcfdc446f93a8169024a24fc0383692843cfd6b4854a8e490892fc35aad4cb" + "sha3_256_hash_of_ciphertext": "886a86759ae6a21a6dabe37a4b4443bdd358502f0719b5b9178dbb6b9f7e27e6", + "shared_secret": "e1a195eb1093af69edf107980f94adb3058378cb79dc807684c26c4ee1308533" }, { "key_generation_seed": "63a925685a8ac5bbd918faa33ac397d1ffbcf99135d9da7c3d6ff7aa4c50af3d3afdb8a246a56ee71465591831c371f2eb87467b0559dedd776ba063ee6d2f93", - "sha3_256_hash_of_public_key": "aa73b40dedd61e6fdaac86971965c03ab14ae69e8130426fdf830bd57d0974ce", - "sha3_256_hash_of_secret_key": "1e7f3f1e5632d1df538b564304f56689742d1f652d8d32f019b45183af68a20e", + "sha3_256_hash_of_public_key": "0697d2f9e047e603b8845c9ecb168576f9d8bc7f3c831b6ec15c5fa4f744315d", + "sha3_256_hash_of_secret_key": "8b634d3c1e118577cc095a8bc53d05bc8c869f2001f3ef591dffd8cffffea969", "encapsulation_seed": "67a216f37d67f5e74f782f1badbce1cc8c80a6130aec305b421899a4faa0a6c3", - "sha3_256_hash_of_ciphertext": "b6c40fd53bcd9ee1e70bc6783b402ae34c24dec724e63262d8583c90cd10256b", - "shared_secret": "ebba9a8bae936c829c1445c68595da96919041ee3d9b0fe27ca93db691146874" + "sha3_256_hash_of_ciphertext": "a9c68747a9697af9d9442e3d5341161afcd1977777bb40dfd8642807d96f3ccb", + "shared_secret": "fa8721164f599caeb949141b24a124f2d576b3b58c1914af2b05da26b09bee30" }, { "key_generation_seed": "6a1aee5e708c1b47f02bdacce4f56c860f74fc7cfec1ef3b58285b1c8ad7fec2230e05b7114ff0395cc6634db1eae8258072d09c09f291e92d6620b177dc50d7", - "sha3_256_hash_of_public_key": "cf754f2ee43694865a09ca7beb0deda9b1328fd0abdf30ca5c338e27e8be04b5", - "sha3_256_hash_of_secret_key": "928592604aa44df8f2072f26e9511129f61da0b7f57acb3f6896635a9764ea87", + "sha3_256_hash_of_public_key": "d49e426ae85eaa6c911c4dca80caba6e28e5f645a54d8c016de51a2b98241a29", + "sha3_256_hash_of_secret_key": "cb272fd45a2a27a517bbe1d77d99c027b8664d596bd77d18c4e861ab9900b0fe", "encapsulation_seed": "52b19fea232c9154a3e431e9d69cda40013cf2d485c3cd027ad24e645420420b", - "sha3_256_hash_of_ciphertext": "a4b50ad169b436877652a6c64dbbffdd63f53274ddcf58f3c96c3929215aa956", - "shared_secret": "f063c0908deb2e61faa0c4c0f5051b2c8af7265060681df14bacb30f0228b3b3" + "sha3_256_hash_of_ciphertext": "a569fc93ed9b0342e4090782e82b576632dfef108ece59234c783f80e1862de8", + "shared_secret": "d479c2f5e622cf848d921a7155cbbade062d0fb3ce7535d1859eb03e18ac64f1" }, { "key_generation_seed": "6396b328b100e4c7f4bcae69875edea1a1982421558c608c13c592bf7b5d0fef1100ced48add211a5c937b8d6079d8e271af3f949edc61f70e60453aef20dea9", - "sha3_256_hash_of_public_key": "3a842153dee9e035299d7e268c9492d71188f9fb24bdc2dd20c1ddca647a1523", - "sha3_256_hash_of_secret_key": "28ee987bc4ae5a321d2669950dbf87596fc4b35c29f192836005064aa3dadee1", + "sha3_256_hash_of_public_key": "903d69da169d8f3f65eec290acf30078fe51bcbd1aeaf412dfe2d31c7b10157c", + "sha3_256_hash_of_secret_key": "87b236ca8da0c7a9d38d7714e7ac16e6dad2fb5282a04b846afedbbc0449b395", "encapsulation_seed": "64440adb05db3308b189bf999f9ee16e8ee3a6ccbe11eebf0d3ae4b172da7d2f", - "sha3_256_hash_of_ciphertext": "126b64a28d82d06ca81f7e86d33f4949634924e04528d1142061320eaadcb841", - "shared_secret": "02d2e466e170bf45d3e9d357e2f04c34cda408cf147e9ff7a6e8c715f2c88ace" + "sha3_256_hash_of_ciphertext": "d74122c64015ba74b20c9a675bf688952d42ea421aa5c7b6c82eb6dcf0cdc092", + "shared_secret": "0dc813eb106eb0d4864ffc38432937a1db0d27745788775a8299e93d1c808f18" }, { "key_generation_seed": "a453bcacdd2b0d4646009e5ed451c3c45f08fb827ef733db3c517a9dc1af93e67a3cc8aa3239d4c52ce4c95afdeff6efbfacac10d294edc0e7cf4535059bfdba", - "sha3_256_hash_of_public_key": "da43cae3c4da51d69a57eb87094a03cd3a9c3e6b4ed864cc691a60f0509cc646", - "sha3_256_hash_of_secret_key": "b204cd1c3122b29a3d99cb77e11427fc102375699928c5a6fe816f96bb212627", + "sha3_256_hash_of_public_key": "08cff1967030a528e748b708b0fb783577f249c04ea5536d2da034fd0d15fbac", + "sha3_256_hash_of_secret_key": "de3ea809c8eaa873e0aaef44d481d8ae72799a0b746c5847f3d412865871bf63", "encapsulation_seed": "c8bb46b3a7344ad170c2052fb042b5a3b62e0590562ee82577b1081f6f114d16", - "sha3_256_hash_of_ciphertext": "228dfe300e3fabe4d4e550754ebcbbf72a796209c1d24e7ae93abb79e1cf17dd", - "shared_secret": "6a5b0842c122ab6ee251399492b061d2ab3e40843f4dc01c12fbd5bd545c600c" + "sha3_256_hash_of_ciphertext": "f0cbdd82f5731bf4177a14a3abfdaaef5fbe94a71ff3f1b7852a010b1d4d7eff", + "shared_secret": "c71d65ecbae83e06c622e28a4eff43c10041539d851149dbdf295eb121550d5e" }, { "key_generation_seed": "47ca2b77c5b717f423222c2730ca5cb9c856bc951d01b2b2c80bd76ccb5539b78f1481d7cab000e33fa07de8dc9627a85e76fabb4428a3376e66300cf12a0787", - "sha3_256_hash_of_public_key": "6533c524a32345eefdadc74a3c6ad7e981832797faf1068955b79f118dff9358", - "sha3_256_hash_of_secret_key": "b9dee52055b1f9a2b25a0c1be4d9f30d2ecd7c5a09f0f5294de2d49a55ac9fe0", + "sha3_256_hash_of_public_key": "b5ed4c3fb678a44d92486cf091333c7f035541614729496d5dd45ce580f0d263", + "sha3_256_hash_of_secret_key": "c313fdffb08de4e928bf32e08a8d0310ea94f9713381f81cdd494a3d4af09553", "encapsulation_seed": "2e2b70609f3fe029a14d09d5d659871ac776ce2797a0355f16e2eb68f5613fd1", - "sha3_256_hash_of_ciphertext": "2d7e8fbd6f2257b05eaaa2ca1643c452b4e0b623c9ad72027cca8dd8b7b5b91d", - "shared_secret": "2486c0a6cf17d9635dbca1f8395784cde54dccb7df10fced92183f983478fac1" + "sha3_256_hash_of_ciphertext": "5c266d232b038abc42ac484a721f63094ce50740008e0be68571018d8355099f", + "shared_secret": "82360ffb5455f6dfdfc6bfc1a3999eb7453365ca311a0077c9d74968ed27b7a1" }, { "key_generation_seed": "aaf6eb40e596a5e3e8218871e708b089240dcbe7fd3641f0e5e41e071ce49107e2f8d320ac3cb0c52efdc753282f092bc39baf4a18783a48ea031a191865eb78", - "sha3_256_hash_of_public_key": "e2f60f27da7f318eb94a74b437f8e0bc9513e9bcc38dad99c174c1d75e0145f1", - "sha3_256_hash_of_secret_key": "68eaa8143a71bd5f6df29b128781e3f2a5fbc5d20534afb223ddcc64bc767f5a", + "sha3_256_hash_of_public_key": "e9037042553968ff3007cdb135e368ecf440e4187e554af9d0ff272911ced339", + "sha3_256_hash_of_secret_key": "21dc6c39559081b2ca594cee9e9825ff973158cce0d11b38a51b503952daa372", "encapsulation_seed": "4725dd8fb314bfd8ee23731c2341dbe114606d9abe6434c471b5573e7df193bb", - "sha3_256_hash_of_ciphertext": "b5b2de55cfaea8fe543f67c4f45a69780c3e2d932e56e0b574d9b40b56ddc1f1", - "shared_secret": "85690ee044e4d8e0540ff984775b59bb5134383c4e229e79e37d7d77632fadaa" + "sha3_256_hash_of_ciphertext": "525a66ef29f0c8a0f989dae8592e9e00cb7f347915217d53f08a7699c2b912ed", + "shared_secret": "77ef6dc5a6c8ff657070e418fdb3eb272c8784a9c38bbef950c8ac1de5ec5578" }, { "key_generation_seed": "6500f32c93415cfdbc0bd31d78d5be95cb9060c8cfa2013955b56f8b6868b322393308641a9a4647f230201e1389624a296b55192a9819fcb19ab77c25f95445", - "sha3_256_hash_of_public_key": "d4bf608793939ecba27dff5889d4d921c583999a57e20a48085ac549573e6abf", - "sha3_256_hash_of_secret_key": "5f9a14a9c41fc228306d79417015408f31bc9c3d97579616bd68a3d3444f9bd2", + "sha3_256_hash_of_public_key": "806aea6700e293f433a97e4b2c8485e6b4ac19ad493c4c16a10a2a884d58f5ee", + "sha3_256_hash_of_secret_key": "f446ecefbf4c63e8897a89123ff38bee2aece076fc7b268b6379c996999085ac", "encapsulation_seed": "818d3bb8ebfb32bf464775f7139bac0a5bddce80ec5798595992f9403002cd5d", - "sha3_256_hash_of_ciphertext": "99fb7b7767fa94e74936a6678acfd5a2306b156f90f4608d507768a25403a16f", - "shared_secret": "d179d901a0570bd23aa52570c5c233a2240d4724e81d98c9ceedb74187eb75a6" + "sha3_256_hash_of_ciphertext": "c7c82e2b3d0d3bcb73c5d9203ca3acc94ae8818794afc7610cf48a21e830c450", + "shared_secret": "b0978add3085e1c972bfaf86655a287946f3853cfb372f6fa5813a11b6c4e103" }, { "key_generation_seed": "7643cef2d62cc5aaeecf754653ea62294cd2208e5bf3ddeea209e3dc45373d49eac9d531a532770837a854b4f5531f6e0c8d6c10183b30d3435498c2dd142951", - "sha3_256_hash_of_public_key": "65f03add3941d22c80d50659f501f8cca1b448d84462ccb93d5f065889484bc0", - "sha3_256_hash_of_secret_key": "e4513cfd1dd2153d30d15b023421cb8e8456e6a40e612847e1713e915a29a87c", + "sha3_256_hash_of_public_key": "33df23b37987c6b557e4c0f8fa9e466312f19e7e90cd0a67abe6a145cbca9d44", + "sha3_256_hash_of_secret_key": "039031ac6171ad5fa8734fa3d60cc5b6590574c09ae0c02564c1907ebc772d3c", "encapsulation_seed": "c92aa5fb91c980d9cade9ce99d4c75b2ffa7d6a6ff9bd59def1aa701f2a0992b", - "sha3_256_hash_of_ciphertext": "4cd7f0af86623b34c0b137a0516b876daa73ffd65d75871ddc828f86a7e9b224", - "shared_secret": "6d574af7fcb241fed8763b2d0a352870baf85ef686e90eea31f8500c35945ef7" + "sha3_256_hash_of_ciphertext": "6fc3012eab242c5a3dcf99b82c5e5230fb8a4d45902afc7bb82648298d8a00b3", + "shared_secret": "b888ef3a969e162edab17c3d3de9ca682de60a0fd6ac97e1b5a54171dba12a3f" }, { "key_generation_seed": "f8ee95521060c03bb8dacc79f7eb7db640f545f315613a35d447a09e504cb4e13fc3d8392cb53f36ed647364a04e37278a0e0a45b720f4a75c580c9920eba98d", - "sha3_256_hash_of_public_key": "b8a3b8cf4709204a2fdb19889b0022ea655dfd58ff27e17d530510e1eef45793", - "sha3_256_hash_of_secret_key": "1f7cdadf3d4707efe1b7a6173d8f7b8a9f864ab388c3271d79ec424d9da3e896", + "sha3_256_hash_of_public_key": "30a5771b76066feb7f606a82cce122964da1be0b6872ee319832214ec677738c", + "sha3_256_hash_of_secret_key": "644983542c87680786b41fb07f959451f1507165353080a3789810fdf557f961", "encapsulation_seed": "7e8086a01dc5b3bb9eda25bcc45d27f99874841b97237968495800e007696ac5", - "sha3_256_hash_of_ciphertext": "1ca889a71a087ccee4ee1a178c3c55ce3649583f3db924e5c1003ccabc44091d", - "shared_secret": "b1090cf26276a81c22ef0e4479a4c705fe294d3b892051ddce7eab16495e0783" + "sha3_256_hash_of_ciphertext": "6d468584c0336dad723a1c3ea970d53837373372287371eeed8e08ca06e010cc", + "shared_secret": "2fc09a1852f458bc7afb58baea4d6e318bf6801e7804b98cfc250b0a1470c598" }, { "key_generation_seed": "b8bd0493a882e3a49b4e0f6256fb1fea0912562fd9ba26ec3d6c9cc12c8973abd7e4b5d8021c486b9c3114d7cbbeb7cd49eba8a61bc2bcae1f1bef30a1daf76d", - "sha3_256_hash_of_public_key": "46fe6c37136273736ccb11df5b6d55debbc087de802404b72a003c5e8c809719", - "sha3_256_hash_of_secret_key": "3177ed170e84ff15fa1e744adc9ce806e431a68f15a7a026c6092bf593dec6a1", + "sha3_256_hash_of_public_key": "31fcd120f19fe976236711e58b4ad172d25ce01eb88bc9d6d051c56564a0db11", + "sha3_256_hash_of_secret_key": "1502619da09b1bb5e418004fb0263c8f067cb9317053ed502c501c5b5ba4d331", "encapsulation_seed": "bb321ef14d44d8698df879fd52450567657f52a2df8d111185dcd7d4f30a72d4", - "sha3_256_hash_of_ciphertext": "aa9a0ea1823a84bc84649d26e249899437844827fe7c63d4828a5144929fa00a", - "shared_secret": "2fda9fa72321be3a0946d6d914c7ae714b9cc175619ab8abfd1f1fd499e0dc27" + "sha3_256_hash_of_ciphertext": "369203e0da6ebef7ae651a3111e67303f89f568b9897ae4c24497b3180e0bcf2", + "shared_secret": "930131d3145d5485f06c16a9420a612330843e6524dd74654a85c383e28f2cc1" }, { "key_generation_seed": "c0407e41ddf48d333978b89bcf2db01e4613425b456249e76a6f25b8a2827bf5b2dca81e3f5f748d23c9d356a2209f6b2d60247b2e45c9808de497f64f124643", - "sha3_256_hash_of_public_key": "a074ed1f76e97d68434ba4af2af0e549204222679e9e643580c35af3cdd247ce", - "sha3_256_hash_of_secret_key": "8f9b3f631d0fb04477846ae09aea725f1cc65b2cdefe2108cdb399c36db9b487", + "sha3_256_hash_of_public_key": "42f75d6e3755c28f3081ecc9db44f6cc7cec9891756d74093716697781fc8cb5", + "sha3_256_hash_of_secret_key": "21b9bc0035097cb2b892a3f4ad5660b160b18973b735181beec815eaf5ba5286", "encapsulation_seed": "210a423dadd899b810f011794b79aa7f860823ac1962370e791287d3a1afa384", - "sha3_256_hash_of_ciphertext": "a4fb01f55eb2986c1f90cece43330bee1b16d7bda48d617fc94aa14fc540ec4e", - "shared_secret": "23798e8b9eaa0b369842cad83a2bc32206f791229c830d7593b9150161168011" + "sha3_256_hash_of_ciphertext": "c6d1d905150eb6586eea72b13f7210d9830e8e689f9da7d9c04fa7705f21cf01", + "shared_secret": "b276a4fb4cf77eab502dfdf56eae9f8a8ff5e7f5df3f6cfc80614b193c87f08d" }, { "key_generation_seed": "334382d39164d1989696a2ff77b25a28af8bead9883b5365eb6fcca7c1781cc9aba5068af837be962f439f233593d193ce5e08f7d66efb3389885927b89d2523", - "sha3_256_hash_of_public_key": "26659f74fc9ec372fe18be4ed6aa28b7cd84ad1c0f0115dad011a11d20fda9ed", - "sha3_256_hash_of_secret_key": "5e3f83cb08ff80183879af9ade3631bed2a468e429ad027a5afeafd9a6f66362", + "sha3_256_hash_of_public_key": "43d6c8562cdec0e87d00c8ca8060da3f031ab663ddb43148eebd67969b7fd490", + "sha3_256_hash_of_secret_key": "d3c172cde1f249c0a7fdb003ecc0a189776b616378b188744e407ccc601fea7f", "encapsulation_seed": "bc856afe24213e3d14c3d6f9b89223bbcfb2c890722d770fa3492c1e46d1c302", - "sha3_256_hash_of_ciphertext": "6a4204db4803d26d7b8a769033e047f3b4cb616bf5451b88a1fb3ff219bba9cd", - "shared_secret": "d5c63d2bd297e2d8beb6755d6aefe7234dea8ecfba9acda48e643d89a4b95869" + "sha3_256_hash_of_ciphertext": "353cdb064a37df87524874d3f60afdf4077be0ad96e1ab61a9ff1745d1e6e5a3", + "shared_secret": "f4924920e64013fae72cfdd1e94b217eebd55a011f6b7542958abb297e4fd180" }, { "key_generation_seed": "6995143e8eb8a6e93840f76eec844f67d2b5f75b1839a5040337e61f9806764a0f4dff8e56f68440836a072412a30d851ace2c7c6f02d60e7a8420001a63e6c6", - "sha3_256_hash_of_public_key": "2ca3d8ad2dab1dd8a2f4320658fe6eacabf70d907920593919119cf374516336", - "sha3_256_hash_of_secret_key": "2798448395f6ae3223550e7d5255e6a605b430229f5809b6efd0683a6b9ca402", + "sha3_256_hash_of_public_key": "3cabf1c47e7aaada59ded4fa8ce378ce1d9eba621ebfe8cc96a111aaedc4b6cf", + "sha3_256_hash_of_secret_key": "225563503590841152fcf47d4665b7cfc76e2b9de23c0e24b527395549f9f7ff", "encapsulation_seed": "5fc00f89563e44b24cd67d0ce684effe5731619fd08e7d72e2406eb016afb66b", - "sha3_256_hash_of_ciphertext": "dbd5fc0e1df33ff8af9efd5e281a2b98160f98653803cbd54e3a07292b37fcc7", - "shared_secret": "29d6a229adf49a1139794209307b0ca24be5825b2771809232fb718660162475" + "sha3_256_hash_of_ciphertext": "f11aa37ffca654d11cb5f9aa294ab734302851b434b57e0f5bb811bb5bafc177", + "shared_secret": "412bafc716efe4ff928d9a86ea4665dd841e2f102a8363b994a0faad63251eda" }, { "key_generation_seed": "995eff7e0d195c6d0533f3dc194d47e60f9ad14696144cde694d60a95f3e96b4b28f7e7a15a005f92400ce33db073d49b53871594a88fc45e0f94207b5f0f2dc", - "sha3_256_hash_of_public_key": "de62eff56f6b49a156d065d85eaf0aa21ca229a20fa4e1372a410ab1c4ab6e7e", - "sha3_256_hash_of_secret_key": "6766cef3fe644a233caddf208074b58e6e83f8a78aecd00911c29a08f6f0b0f3", + "sha3_256_hash_of_public_key": "2853cbbda86e7039b635d4cc850f494d42b240acb54ab2316791e9ef5b45f1d2", + "sha3_256_hash_of_secret_key": "87ffcfe7a504e0dca284d8cf509a92a24f82ed7c46a8c1604d9a2d6d14b1cd11", "encapsulation_seed": "ea22a76065db4b565ee1807fbd813b43bde72b0e08407fb867c6a18995025e50", - "sha3_256_hash_of_ciphertext": "4c669e33b0227c9c2040cdacdbcb7d22b9984372587985ed8f860ffc8d037e79", - "shared_secret": "2a56a7a6d5b4c0500ec00a92e322e69be9e93006240889552072482966c54f56" + "sha3_256_hash_of_ciphertext": "ae8fb4bcfc08f8daa486b185540b501680e511f46fe8a628b8fe449d5a51590a", + "shared_secret": "c514d4086428200e118c1c297ce5ed865d7452cd7770363961bbb834f56c564a" }, { "key_generation_seed": "3e809ec8dd0fec0d911a4e3fac20f70fbb128c5de94dc7184ca7310ae9157a98d8128601c28b1def8d393a0db283229f7c7383152a814e7cefe8ef9d9768c473", - "sha3_256_hash_of_public_key": "66f161d27dc34e1a2f4b98b14a2b221d7eae26a593bfe432487d9994cb480656", - "sha3_256_hash_of_secret_key": "2237f6cbb452d375878b82c474a7c948ff587a5f3ed02bbba1459fa7ff8ef802", + "sha3_256_hash_of_public_key": "2d5680b483287bbd3e61a91839cca9e761429186176b7bc64034ad43f16f65e9", + "sha3_256_hash_of_secret_key": "bed74aff196e7ec7bbb4dcaac39ee1a79cfb35140cf4c400b6ef2fdfc53afc6f", "encapsulation_seed": "e9602b34fe73ad57f4bf6ead99743d645641553a5b9b9bf2e7016629e3e9bd76", - "sha3_256_hash_of_ciphertext": "8a2453a21a031cb8966924607a28882426fab2018826192e9bf833bdd38e0631", - "shared_secret": "ecb62b03f640ae4a9d89685fa0070efa93c24dfcff0d555142f9de25b62f861c" + "sha3_256_hash_of_ciphertext": "d46f403ce5a0dd92937acc508501305da6bcd32b56ff5d986fd6a07e713ab92c", + "shared_secret": "a175feba4c1bab576085bb12683d2bc44e98c75f543cee714c75391c559450ce" }, { "key_generation_seed": "dbf1c465fff3d9f783bd9ee61a573715e45691147b8904439b5ffaa64f94ff7bb6d75eac6c76ced1b0a025b40a55440712ad8424672e761e9bc400d63812006f", - "sha3_256_hash_of_public_key": "7537e68ccf14e8b7e57090d8f648529dc461ca3950288879e88116acaf57b4a2", - "sha3_256_hash_of_secret_key": "bd8e44337eef01251217c4702c99232c001b33870953473d83a7486fd25484cf", + "sha3_256_hash_of_public_key": "38635cec71b814aaac223f748d13158dbe8eb902d9125fdc22202c4d59251cbc", + "sha3_256_hash_of_secret_key": "f3b87926951408dbb27fc2a4a6c14c40fedc8a1cf5c34ab398d91d554eae344f", "encapsulation_seed": "f72b9080a6c051bbdb9b0abc1949034be0f89a9f73fe277ec4d4740c78d04a83", - "sha3_256_hash_of_ciphertext": "6077c60641c03aa8b36213dddf938311ce6b7b8801f967d42713e73249fe7c55", - "shared_secret": "6cc30699701927e07b559d708f93126ed70af254cf37e9056ec9a8d72bfbfc79" + "sha3_256_hash_of_ciphertext": "50350977c400c1318bac5e32925d0f575dd3559587f42d025f4e71648e697218", + "shared_secret": "9781578191ebf49b162aa768d093a332b9c849c11e240187cec2ee969d4b3860" }, { "key_generation_seed": "1f7cfd2b70863154e8a69d1758532e86c20cfc763d67c758bd10a13b24e759b5273b38bddc18488024ec90e62a4110129a42a16d2a93c45439888e76008604c6", - "sha3_256_hash_of_public_key": "82f68b15681cca5c2852c18d6e88bcb102a059c1d21936582adb71790cc0a335", - "sha3_256_hash_of_secret_key": "fd483ddc211c5c27f453bca56158e1f8084f075a7b06f5098cc3204427bf8197", + "sha3_256_hash_of_public_key": "af97825a77f2f4b6a45ec1a579f9f83e89c025d8d6876db26874f38348604293", + "sha3_256_hash_of_secret_key": "b2f08250a2681bbbd3c355e2dc61bda33cfe39f3dbbd2a3f3c41ee2266084cc8", "encapsulation_seed": "f1e5542190db8ecf4b8d617a04fd3783ad0df78bf8dab749afb57db8321d151b", - "sha3_256_hash_of_ciphertext": "5c6cfa16f63b1aa93a2b5edc2f4b14c9782f286f53deedf3153f329a2ae2d57a", - "shared_secret": "250e7f67bb34dd5477471e3a701fb71a8138a1920eb807824380f88a944a6fa3" + "sha3_256_hash_of_ciphertext": "33acafd1de1d8d8c7a9ff9a6cd69fd013b46b79e74a9180e99d5fa87805dc0de", + "shared_secret": "515dc87c21e6b134a577e4eeccf43a982ba7eac1224d701cf099ad07fee77cb7" }, { "key_generation_seed": "3a19577908efd37697b8edc7fdaf47d1bd3ad01a1b77faf794bee5b9c3192a6fa3729672816f3eba84c9638a79676eeac0f22c8a48e0c5d50a26ff0844c66b99", - "sha3_256_hash_of_public_key": "104fbf09445794c0ea0654f5caf70ee09d51c8386d4e1f467b10633c710ac2a4", - "sha3_256_hash_of_secret_key": "73fb93953ae666a9df1bf933ba56b8655ea9e319c0110c78d49f8480ae1aa3fd", + "sha3_256_hash_of_public_key": "8517ab7585926764ec7acff3c747479e837831429b97b7cf49ac3763bd9ebbe0", + "sha3_256_hash_of_secret_key": "7e5684a04d59f9166f6b408dbc8ae5daf3ec6678cf5eec1e5a9016392cd6c8db", "encapsulation_seed": "74efa414ae171bf60b6f884cb7e5ce12028f49365daccfa23e845d551711660b", - "sha3_256_hash_of_ciphertext": "e51772e769f778067916e81a561ba6f64fae6096a2b4d4b945d9117e7c36e2b1", - "shared_secret": "0210935a18f1add5ebc2e1107bf40a628ef9cf8f6e7cdac81dc0291bb50a5a3f" + "sha3_256_hash_of_ciphertext": "0515c19fb395ed94194a60a6f7883d6351fa61ff18060be4cfe2eb9f81ec0024", + "shared_secret": "edc2c0314c7c5b2b071b85e373c06b31fa54dc499168d4b43b15f1d05b8b7ea9" }, { "key_generation_seed": "ae0f65e29f38804a6759f70f4d01e2aaff7fe1c91ebc4f892dd0de3ab2e68ea5e03ff73e02a217659f53d8c47556bf3d8c94040f630d63605e2d0f923579370c", - "sha3_256_hash_of_public_key": "0f353d6a29813d354471eb8b4c38df93939eb3b1db80ddd1cdd6558a9f2687a3", - "sha3_256_hash_of_secret_key": "8a9edd6278707108652f3a5bc244592cb7a82c24634583ed2d3eb6a176b216b8", + "sha3_256_hash_of_public_key": "1bb014bb0d6489c14f5411051f9667aabce54da7a8deb73b627e3873d9390a35", + "sha3_256_hash_of_secret_key": "b890e330079934f2aac63e5f8d236054fabc8d6a6e057672a7a20150ae08a9a0", "encapsulation_seed": "0b4c3cffb2ba4380ead13dc0d8acad2356b448a810da1df29f264c44aab6d24f", - "sha3_256_hash_of_ciphertext": "a00c37bd326205575fcbbc100ed54630aa0f2d6dd9e69807d49151ac9a81c429", - "shared_secret": "34169fc520e944f94ff1fa3799db802a4c1b26cb2971bf196259a937ab8362ca" + "sha3_256_hash_of_ciphertext": "79018c9e998deaec058d73d702b669e10c89dd8285f431aa6e422a948a39cce2", + "shared_secret": "b3363e6e6dba3e41ac2c63895c461765bc8a0250880d3dd6e8a4479a7fd3921c" }, { "key_generation_seed": "6084a235f79dd093ef6d185b54e69df33dacee73a9bf2f379004421a10e3a79d9f684fb055ece19459eb464e91e126a7a6e3ed11ccee0046da234d964c985110", - "sha3_256_hash_of_public_key": "12e89c47142418c26396ef0174c02f69dc00022d56494d31af935490edee6385", - "sha3_256_hash_of_secret_key": "bc13b19f01d4cab36dac2154e0fd8fb7d2fa012596363942847f1b0bb3715f90", + "sha3_256_hash_of_public_key": "c9a546b5c0a567855039f6c1bca60414684e7bd1f8eeb7913f3a1795ba4bad4c", + "sha3_256_hash_of_secret_key": "be5fc57b3efd80d7e82b23f62123814ce04e83ce5c998ba42e7bb978dc70469a", "encapsulation_seed": "1c82471dcdfca3a6942061ab4f3d5bf0d197321437c706d9cccccce449447002", - "sha3_256_hash_of_ciphertext": "aed1a4ee810b81cb8ee49ee00e94ff4553f0ad2176fe4d27a09f4e68157fcc3b", - "shared_secret": "b5901e97eb656a09d2dd132528148ad07a0a89f638717eb53516a9ad19aa36bf" + "sha3_256_hash_of_ciphertext": "6c1b69d56c493f6f313d3c996336b8f84b76fac2d5ab5a3d795613b27eb10912", + "shared_secret": "8e648593c8f6f6f7a97ce7a2d151ada30fbbc7f3c4fc517d8cbadd71e6a17476" }, { "key_generation_seed": "acd1c0217fad5caa4235544dd9de153ab1880ccf4c76f16f236fae4e4bfda04cf03a8abb0a5010f400ae5722a75bdf5a2f6d5b546b34d73857cb1bfc7e587aa7", - "sha3_256_hash_of_public_key": "2fac52ca60594e514333ead02cb1bfa5cd1d9ecda4a0b25ccdfc47ad3f632a85", - "sha3_256_hash_of_secret_key": "2743b7a9dd83a6b9bb5c2685f28b5629b2e31132ac64788a0929557d3449dfc0", + "sha3_256_hash_of_public_key": "8f7bfdde2a7116ff4010cf829cbb18512f7cf44237c02241a1f75fe3ba8d22bf", + "sha3_256_hash_of_secret_key": "3f53a0acb384db89ca83d031bf210b072860adcaceecd79c36b4669407c1c227", "encapsulation_seed": "46fe60a18124125ab93e0c578f1c02f1bd1301595013001c7f3c2fa56cde294e", - "sha3_256_hash_of_ciphertext": "7a039d19c45cc557036189cbbc63445b3504a689db56845ece99d593f165c6af", - "shared_secret": "df5117706beedfb521f0f021069fe9650d0844194339033de6997dced05268c8" + "sha3_256_hash_of_ciphertext": "cc25f35631396f01cc366e019a7f15034cb2341d6c00924b538d25a227ed181b", + "shared_secret": "bcdd6f0d744d2a35147323a4a0451fbfb7d60d73c161c1f8c6a2b5e9f4239c65" }, { "key_generation_seed": "241191401a63afa750f05662e354dddbc683c776ce3222beb83e3cf913d7ed7ca59b3bd23b49a95bc1fad20070fec930b6060bd827d742b077092e422268e15d", - "sha3_256_hash_of_public_key": "3eb856043b822df9d60b55fccb537afa3cacca9ef50433bde1dd9831e534d192", - "sha3_256_hash_of_secret_key": "398ae3423ba5c6bb05920e83e8939a104c3e4ad91647edc7db1667efe438cbfa", + "sha3_256_hash_of_public_key": "27b1b921723cedf55fe756ff5fb67d555296c6185d171ed8ba01393d1a735018", + "sha3_256_hash_of_secret_key": "40db89fcd941566546d554db0342237611e5ef6fdf8c790f03357091af0648ee", "encapsulation_seed": "52fb7cb6a633fd2e83f2892bd9441b48fe59ecee6d026f5246fa7f2a5e55ee3b", - "sha3_256_hash_of_ciphertext": "05c9617befed785811fcc44d0fce5ae3a1ec66c4d1217ab42e4b754d0ef6207e", - "shared_secret": "eed6ecb831c881508f99ea115745448a7b312a4fa97f65044ebcede172dee2fa" + "sha3_256_hash_of_ciphertext": "c5b4844dd10ecf508ea6ed2d96d2328d3f14df6a2a16093bf88ca1283e30f41f", + "shared_secret": "072551e254959ce9f2c67657b41122d8a98cde044bb2f60955bdc6e5dbe55277" }, { "key_generation_seed": "b9a6b0c05677e957d41a34ba03bd06f2a9092e31f63389397d7e70fde6409d18e99c0e7b82be89bc3c1eaee6680aa4efd394e40c2b3f30523c8117f7c26a8969", - "sha3_256_hash_of_public_key": "306aed2a804a1c9bad4ab9e59f6126ad7c8633cdd0c2dd9d4c6f639d312ed47b", - "sha3_256_hash_of_secret_key": "88b28cf6fe19424ff82fc2bb096423b71f0cb8cf985af31bc15ceb4ed18a5e62", + "sha3_256_hash_of_public_key": "32a2a1197d78798bbeb13ce2e92cd7ed94b410adc37b1b31dc060af11fec8a8b", + "sha3_256_hash_of_secret_key": "602bedde695713681a96c94a9a6d35308102ae18d3f3beb92a981e4a3b7704f3", "encapsulation_seed": "0f81a5f97082121244403da3feeb734f6084b314b8d94beb11627aa6ad1914e9", - "sha3_256_hash_of_ciphertext": "315ef84926802ecbbb437f8f50927d3a391b55ee6e47dbd19aa9adeebb808008", - "shared_secret": "d6cb77dc96f9ae4bf8b2fc0e277935b3b7b7a59f749ff2c08ad42659dbce386b" + "sha3_256_hash_of_ciphertext": "e4631748f7cba566889ca2c5d90c47bba17000a0d934c4242a9a3d6dfac039e8", + "shared_secret": "88c0c1e22b68cd65e1eedd6d6208c36492fb674e26ba4e0d4e55f831a1affc96" }, { "key_generation_seed": "28a96c71577ba00c94f99fe965bc595a26db2b3ca6ab5cf8e443cdd8462b17929c35d165453e5fcdc6f9df64526d9de698f2bd3e6bac6c7fdd86601b9ba5f4a5", - "sha3_256_hash_of_public_key": "9bb3963cc1c5cf2b2d1c6ca76226328ab765a79999ccc71fe98d5bf3b34f51b1", - "sha3_256_hash_of_secret_key": "d8c2492023fb1175a84c19b3ce20f03dd12b1c26b65176d5582c319124bc0e24", + "sha3_256_hash_of_public_key": "7cc3f47f319f88da508f841e536a056625f206fe499387d27307257682237f96", + "sha3_256_hash_of_secret_key": "064bf50ddc823a97adfc93d52ecbff03a0fd5d94ab38874a5abaedbdaba67309", "encapsulation_seed": "31af9345365549ea0360169ed57daf98cc5444799d4c75d9f1f5d615e9df8a91", - "sha3_256_hash_of_ciphertext": "ae36e333ece7ca60c9bc2c4ddd01ca88443fd73bab08502656873b703af8925d", - "shared_secret": "1592f1413331f1871b41ff298bfa669bca667241790370d81163c9050b8ac365" + "sha3_256_hash_of_ciphertext": "b34a0a91afbc9599ae00e67ba4ebf0d8308b3e06efcfa148aed519b0f073ddc8", + "shared_secret": "56f717e4baddc2250873d667f73a442b05ca2f8714d4dc4d295f899217c92c9e" }, { "key_generation_seed": "c08ba2ef8c3a0a043afad931652d7a19e6e8cb670f840de5f1fa03309b2ca9ec5fe6141a25f7ab9f875f79e0a82d6ea5cde5a017ab637d5fdb7c42646a1d71df", - "sha3_256_hash_of_public_key": "6d029bb2121c788b5b6ead7226df664490dae362c4befb615717d81c656b3273", - "sha3_256_hash_of_secret_key": "0f2c7bd16d9289c3c27136df0cb6ebc624e80144cb92e6f0c897f58a53617ac3", + "sha3_256_hash_of_public_key": "beaeb6ff178f3228defdd117e6ba75a34abb70e86f31fdb16d74d91e6c1b47a7", + "sha3_256_hash_of_secret_key": "9cf056be85f240e1ae5b73656c07bfe83ba8ec7212973bac19cffbb80dae7249", "encapsulation_seed": "774ae54093d694ef40b63b62c73e6c98295f606feb8699807eda1d030ffb996d", - "sha3_256_hash_of_ciphertext": "f8a85f106c6144edf1c7906ec26e292f0390aa9d45a22e67ba2ea018ff565c4d", - "shared_secret": "966f35c6bc47b4525d9af1ba350e8f44ea448cd1d90cf4e9c55ae5878920b7cd" + "sha3_256_hash_of_ciphertext": "89243e04aa17615c309cae73fbfe985e0716c7fe3b8283b5e84c3caa67b5ad3f", + "shared_secret": "35f5517999e15ed842904d53d5b4747639d1165014ab77474c0dbc310e586186" }, { "key_generation_seed": "0e3b30e102d707538c2671060f603bb0b8a014103f132d63b09ece07e4a4c75b11eafeca9e810796c34e8cfce9d59342884456007b01ddd12edce6d10ed87e4c", - "sha3_256_hash_of_public_key": "64c819d9bf66855f6ae70627f04da8378547e5867e2eb9759fe0971efd601c4a", - "sha3_256_hash_of_secret_key": "e85b62236d5c6c691a9076dc58bd5da80999eccc8df973c7d0e7e65d8465ea7d", + "sha3_256_hash_of_public_key": "b2b71b8aaccf14842a6d4ecb713612f801a5044147fb9e6987ad3863759de31e", + "sha3_256_hash_of_secret_key": "01158ea58361ef89d935c9f845711c7f581322afddaf14e255f71c1dcc9c0024", "encapsulation_seed": "9f27a47604ab5146caaf0aafe6d149424f8d66e39ba3baf5e6c73b19221b7e21", - "sha3_256_hash_of_ciphertext": "e9149359cc37143b0b565bd413a04f41a7833c5b76012a9263a086ac34071684", - "shared_secret": "aa333af0226492126c6985130ac7df2226a64d6d5c5314ce3f7a99add6696d49" + "sha3_256_hash_of_ciphertext": "ddf853fbd339780b3f571de2aefb30f760454f2cc1f0fca009bc829afb1f3f7d", + "shared_secret": "a7159981a68244549b96b27991e1323013c353bdd9c8d6f583897c35923e87a8" }, { "key_generation_seed": "2478f7d3de6041e7e5cd11c5e2ef483d1aa6218eb126444091535f6ae532fa7311136e2681df2ef881b51a092a9badbe72c9772c169808521c47149578621e28", - "sha3_256_hash_of_public_key": "db315cafbaec2f8a0142f45affff65289e826c9244ab1cb03f9f65df3e3cbcf7", - "sha3_256_hash_of_secret_key": "be98d62e4724c0d960ad4839298d4571f9871033b63bdf10d3b0e589db376ffa", + "sha3_256_hash_of_public_key": "a13cb3f23ccbd9ca6a75823d1ba14ef03664560f397133935103ded2d7480b99", + "sha3_256_hash_of_secret_key": "710b3a8c8d49ee38390cd2776c42ad74a520c8d6ebd39b514f6fbf28c6c74b45", "encapsulation_seed": "90044031b7597b5e60a4f946b713e8996d0426d2cb013243d9b7d8f8ef159a0f", - "sha3_256_hash_of_ciphertext": "9f9368ba712cfee95f28a808cb2c23116a0c8da3910c0def2ef4e55947d7101b", - "shared_secret": "9535303e6035e30c6605c9e0f10c553dcd73828d8525cb190fea79937e093331" + "sha3_256_hash_of_ciphertext": "f5c4738d0ac3b25048186a2049668247c04033cb363e9d23b5d1518f8fa7e70f", + "shared_secret": "c4041a29c5b744e9039bf5155cb3ac0b799356829557a7aa3feb4b3585e6cf62" }, { "key_generation_seed": "9d405d3ebdaf35fa8722de431b669722acaaea2fd10b814310b17f78b66147d16ceb14f7662be0c42779459f69a145c0e2ce9f0bd9a0cd1bf32ed5694cc9ae32", - "sha3_256_hash_of_public_key": "c8d853e65b5b118e28b7cb6f0d5d6f282e0ea20fd72f3690a6b232b20a8a55ec", - "sha3_256_hash_of_secret_key": "7a5e854bad628be7b99f524f52a97b0959c0ee67a7a10ad24b970e6e3aeeeb80", + "sha3_256_hash_of_public_key": "68302cc5af214ceda67ff8161b29bc300c4be8e1a4139437aead8a9ede3cd4ca", + "sha3_256_hash_of_secret_key": "5d6904a6478f0632ec56477321a6d6ec5ccdf299bed0b6ee9f4b32c6b5effec3", "encapsulation_seed": "a7a31e140891ea37d2b6424b59b1f84f89220f32dcb73e037eb912b389d34a48", - "sha3_256_hash_of_ciphertext": "31b04a4127558df57844413928b29b11547de5afc088d568a962fe080c97f190", - "shared_secret": "0caa79e0054182c15e54159fbe36d9fb09481331a560ccd9714fff81db5615c4" + "sha3_256_hash_of_ciphertext": "b4ddaeac7b4080e5e9bccdd2cbec4395a1393e61e038bedae9542db78769b923", + "shared_secret": "b8441852349193321f466ccbd3afa48bafe903288108312de26e9bf0de9f680c" }, { "key_generation_seed": "9a86490f0615f3edf789cb0654066e9ee339cc59f968281f3b89213f83c692edfaeb2ef44d2f608621e831187ce79b2d2f4a20f1568bbe76b0d3d5af36111714", - "sha3_256_hash_of_public_key": "f69bd52cb1d071f1cc7720f949d44f66f40c917eb30f3a4b0eb519ecad2d03dc", - "sha3_256_hash_of_secret_key": "b6ef04e6acbcd1bb072d1cd28412cdb00ee40d04ce5b39442a2efd6756292167", + "sha3_256_hash_of_public_key": "149ca4d94813f81c792060502e09a88ea694c5de863ce6a50516cacb1c3f44bc", + "sha3_256_hash_of_secret_key": "8e69c68f8a7a0ad82b033a0bdc94d253d3e7e8516d67e86bb95d219a1090529c", "encapsulation_seed": "70eb3f791faa91f1f982fa477dbcddeb2c55691c07f93b04cd31b37544c94b42", - "sha3_256_hash_of_ciphertext": "d8fac8ffc3d8dfebe66c219f4189b780d5ba8fe28d5ab79264345639740913b0", - "shared_secret": "744ce1aa5a9c515c6571ad6e2f5985df8434e35e9f714cf3659f184b5db4086f" + "sha3_256_hash_of_ciphertext": "5fbbb17b2c8ecbb8c74f2cf6259404cb9e0cadd393174e49e88298c6b7a34a22", + "shared_secret": "9d0d9ba501da1b46775258f5c0904721906b237c3461da6c31d70da8575fac37" }, { "key_generation_seed": "6dfd9b575872560c7bdc2732c4a28dac4db04e535eb8e402c3dffd145c09ce47a2985c1c4d203778597947d710dec806e36b0cd949fe460ef141213bfc525e5b", - "sha3_256_hash_of_public_key": "10e01965f9c196d2f5f90ce3ce8f552f8a0d76ba8f5345365392febc50560012", - "sha3_256_hash_of_secret_key": "2b5c6d5fe9b09ab5a027522e699401223ae9d304ac912f1b15f0f647dd9a0a7f", + "sha3_256_hash_of_public_key": "e5c52e639e5acd0fb97c7eb44df56df5250c6de7d171c467ce6887eaa4ee3d61", + "sha3_256_hash_of_secret_key": "6b452ca57379b09ea36746b5b55be3b73df4faf809d7899c5368a51eb4b18cab", "encapsulation_seed": "30f4095015ba88b6d969672ca3f438c395dacf7d476ea7a9e805ce932d270a13", - "sha3_256_hash_of_ciphertext": "e8b01628c7d63f16c59e67352399a760581f341ed41535013490502e884733be", - "shared_secret": "726f7d790df4c860a0b2c40de9d62c85d0ff70c704ce5a1b3f6bf1b3e3f66cd8" + "sha3_256_hash_of_ciphertext": "9ec7acd421fd05aeb4440720890cb1ebfba0f0ba3d9b57268b583ea10720a32d", + "shared_secret": "188aa07faa2b7a19b6b7bfbd4cbb1ad829a7415d601fdc3b635528db136cac52" }, { "key_generation_seed": "6fca9f4e384d8418075cc064c70730801bdb8249899d456a77130d5beeb3662cce7683f8a03d3cf04e46970ff7d6a12494ae12558346dfc8fd9370bf944a0102", - "sha3_256_hash_of_public_key": "7c3991fa7983d0dd6e7157cfb152538466e9d5c3998a2b8ed862162b91ca851c", - "sha3_256_hash_of_secret_key": "72e786018ae9ab8293fa51cb7ca3ff0435e7cccbd5ae02b4680b92c148590265", + "sha3_256_hash_of_public_key": "9a350302631bd506be010a3f42112ae4ea731d515d80c3a21fcce60cc4d945ab", + "sha3_256_hash_of_secret_key": "985f528fdd675f3efdbe95a03e071f28e2dd16b425c51651a1e645f6b87eb25e", "encapsulation_seed": "cf31220f44de862e1719570e1b26e897790159366a385452334fe24cdcae28ba", - "sha3_256_hash_of_ciphertext": "5b2e8a3e38c13b53393c8654e92eeb6251ddbe50de4b3c5203a06977491f2fbc", - "shared_secret": "68f3e22d1b2d8c57bff32160e550becfce535fdcb327394aabeb60eede263213" + "sha3_256_hash_of_ciphertext": "df8cc2e78b5df8a43e7ae87566452a5df656f13f93a22566116a84c30b786f8c", + "shared_secret": "70df7eeecb6ad19b54498071e0840f4957e935a62feba82fe29531f79c2c1651" }, { "key_generation_seed": "e58f71bf175c0550a67e00e0f7b3b7fc36bc2707bf0c93044a492626de36301a7f7054814869cf7625e45647bc1547aff288dbb90699b2ad84893f3b755d9722", - "sha3_256_hash_of_public_key": "8aacd8940ff6fc27f175342be74d48075f8ae9320cae20a41c879c27c1bf815d", - "sha3_256_hash_of_secret_key": "f7399dbf35fcc57a9bff87b0087755faa75267788cd0921b9ebc5cde8b656271", + "sha3_256_hash_of_public_key": "866573e536b4017c02e31c8ed7455c841a5ccdb795fc200acaf1da2fb936bb59", + "sha3_256_hash_of_secret_key": "e8a4ede82799c3a425b82912df460d5d1e78757b4a917177489839abb92029f2", "encapsulation_seed": "bb5e65669a44e5d5c709bafa98c16ccba6ac2c4ae923334f69a11543eda64f5d", - "sha3_256_hash_of_ciphertext": "aac868f2299bcd272afacf50f1ab0db3d092d33565cffb5645d8b92271e7e893", - "shared_secret": "7f6085840a30c6b1fb9dca782e0c78a2264d54726c04c3127956f131165426c8" + "sha3_256_hash_of_ciphertext": "99d967e7c92a7d7e2ed54b1339472d8780e0a7671aa9afb8fa2f19cf96353821", + "shared_secret": "8baaf439867c9761e78a64652a383e21682969d18f84dbae0d3a63095948863d" }, { "key_generation_seed": "e3fc575ed51513e62aba655d24cd9c8f1c6c848aaffa946c49a53ac3ea59e474d82c2f1bf2e6aebde5660fa73356982e12999d8fdafbb3cb186341d0386dead0", - "sha3_256_hash_of_public_key": "149e0b6b49fe8adba1217c2c57c83f2b8c5f1d92f319e502b184a65869214f75", - "sha3_256_hash_of_secret_key": "6dfa4d29af6a0e8413d5591339c15d2e2cfac3f502f49acca3efb53b53624666", + "sha3_256_hash_of_public_key": "b33387825115cba8b0ae7da0d1aada1ce4ab05bc2479b360b6c56dfa870ca825", + "sha3_256_hash_of_secret_key": "7c35640775e31eaba8a119a8e89e1e2180177a55e54391c3fa6675829d721b01", "encapsulation_seed": "9ddb3aa9c7905d1a438c93bcf78e3e321813580371ab4e1289e2dbf3701972c2", - "sha3_256_hash_of_ciphertext": "ced7a64ce643faebac8ffd39c6a4594732b35f1d6899978ba192b87003d3ad27", - "shared_secret": "96e30641ea4280168da37291a3063342ced8e77b33b5415819938c0bd7264ffc" + "sha3_256_hash_of_ciphertext": "d42759ad66725175d4d8d3cb6519e9074d6c13d4d183863f1695f0e3b831a10a", + "shared_secret": "60b466221ec831f91a91b76ec6bbc29726f65ebcacc96f9e191f57a1399be186" }, { "key_generation_seed": "470b4943f0fe7fd0d8ec5185aba0d1db09d112934e4fb4787e2bbc6b88466e7b8b2809fd40008be70a6b184981101724bc3d5ec5e1956b510b82fd5ad0668a5a", - "sha3_256_hash_of_public_key": "29b1bff7f12eda28dfedfbf0ac16e27008c9fdc62c35e53b28a312bdc91c40bf", - "sha3_256_hash_of_secret_key": "762a61eb847c017ece920f51d5da7a9036ed8b835bfd7793527321ec635e2fd0", + "sha3_256_hash_of_public_key": "720fd4f96ab2cac1be382907e8cba0702018ca27b28ea8f93cc19c4809885a3b", + "sha3_256_hash_of_secret_key": "c1ec32b739485e2437a6b4dbed289f0cb7dea0ed3b2add99d4c49a3eeda1b0fe", "encapsulation_seed": "26d90b190a6c3d0d9a86cf66005154e7086749e966e7187c249ccb9329fd3b8b", - "sha3_256_hash_of_ciphertext": "bf49310a35f9ba7994645f12949e658b0dd43d3de76386dc20d08c650522f86c", - "shared_secret": "47e54c85cc0e2503629a8bfdcfe038c3cf692d723d462bab733c7c8e0aa37b02" + "sha3_256_hash_of_ciphertext": "5fae7a10471d5303e5f6ee5d1e34013528af4945de811ffa1828648986607299", + "shared_secret": "6a302778f406082fa285c5ee299d78b048e837c5012f42f9a80e8659b10defda" }, { "key_generation_seed": "6df4385db978d27b27d2aa5e452e4152b36f097503d9581ac3390105c5727e7dc95fa08ed106ce84660e8a4c90bd2b22634e40769aa0090a101c5dddad45edc5", - "sha3_256_hash_of_public_key": "b990059e901097d00e0ebaf40c5d5dab009c66798489d357e760478ce884cce5", - "sha3_256_hash_of_secret_key": "37a044795bd330e4dc60a6d84bc6e99664d1be418b0239661d2ff16d1501573f", + "sha3_256_hash_of_public_key": "bfa4b55c7baf2651415d3f28d221b291b175340a07843b299a46e02e22657634", + "sha3_256_hash_of_secret_key": "605c4a98f3775c9678804fd5795946c1657311d123b5c7d1544192a205c043d3", "encapsulation_seed": "7db6d1a129d6123f1f805b79ad3b413012ea86aed42a05e98e7b1f32f9fbbdec", - "sha3_256_hash_of_ciphertext": "329115908d0763110a387c99778e4746861e80367ee90fd821cda9acdb93fd64", - "shared_secret": "8569bd042465a2c4af628425cb102b15ed4f5feee16090e2234f3a884a0fa938" + "sha3_256_hash_of_ciphertext": "39e07846b4ca91147a0b680f5411c75db937a6855f08939f746ea3d5f9a11d51", + "shared_secret": "88a46d35cf07e48c6528b95016aa0c414344e090ee897fd80f26b67bc0451c7f" }, { "key_generation_seed": "dbacba825728444921b227cdba54446b3f6881b47be9cd02832f78b023b1bee0e15274a8e2bc08fe818b117ba28c5dfae74d54fcdf6f20052f79be333edc8dde", - "sha3_256_hash_of_public_key": "175eb63c3144108548720ce7ee0f43a9ff3f52a9924efe9f2f59318bb93c86b5", - "sha3_256_hash_of_secret_key": "1993d7639b79f5e4871a7c58a69fec50f96c1424c2c0ee030ac054ae1b88a56f", + "sha3_256_hash_of_public_key": "9675fc6d1e3cc4e0eb62d31b6b4f10022d373d2718f3d20ee1cc00ef6892d9a0", + "sha3_256_hash_of_secret_key": "c463b8ab9069814e5308cf9742c6ab6e08c355fa34c0d2e65df1962589eba56e", "encapsulation_seed": "1d129b27be7384c359d04311fe5c44917d1fde4bfb57314f483ac617edd5ac49", - "sha3_256_hash_of_ciphertext": "8f4225838f2964a986336bacddc40836a98c32cca68c6afcbcf9ef68d9a3760b", - "shared_secret": "c184e0b019c2db772e2c1ca6f97f47478d99cf0c4c5ae1406f51d15815022123" + "sha3_256_hash_of_ciphertext": "5c7ef87c49f71d3098fe3d33b22bc8191f440bcdf1d04a46f293c5e6b16af12f", + "shared_secret": "f3c5586476f4814a2d3728a6f0ceed7d19d076b790d3675e48611c4b8df9702e" }, { "key_generation_seed": "690eb71fd7052b906eaec09937a8ed374e0b02afa27c2f14399932be5839fad281c38c2cb5cfafac81b96a810ab749b61806b6d54c9f8cf4bf1be0192423288f", - "sha3_256_hash_of_public_key": "9bc32a138a2fb5b6072464172abe0fd97e9eabf357c3fa5391d94a415b53abd3", - "sha3_256_hash_of_secret_key": "3db4ab1393cfc8b1c708cf8efdb1c443c975878898b60182c22af66375cba13a", + "sha3_256_hash_of_public_key": "9d162fce2f019205a2106acc8e3e3465b6fa3912a06c764e625cbe3b95dea6c8", + "sha3_256_hash_of_secret_key": "eeb3bd9d8636b55722f42b3342e415b23df96d1c9b2c5b9c1c2a3e619348ba6f", "encapsulation_seed": "bbc773ebd2df42c36ae05952d6a64c63a5dfb82ceb3ef4f8d4df3a30ec8c0467", - "sha3_256_hash_of_ciphertext": "f1c85f9530d4471eb1401fcf422a29533738c485a6be25f0b554ebf40b49d49d", - "shared_secret": "6d72e23c8a4cc60b2f14adc788a5c480033bbf6eb111070912bc83ad7b89280b" + "sha3_256_hash_of_ciphertext": "d482f25e93fd142aa009f2f2569427ebcf04b87aca2bef5e022bcbc1e5972ed1", + "shared_secret": "a828fc1446ff04a950e4f551e442aeba279f44de0ec5296fd981bcbe6ee90d8e" }, { "key_generation_seed": "32e0ea9089fa928482c0770da545af1bb871a03ce38604138b0d08ea2a10ca2bc06c5bef7b6508409daf847a64c8d30d0974fd3ba7476dc76c46b458a036d884", - "sha3_256_hash_of_public_key": "7ef43a72ef04766f1e899d25c9a005009c788b5faf985123cfb3fb97975de26d", - "sha3_256_hash_of_secret_key": "77431cb18010a604d56fe5a623bed2ffd028a741f176fa09546e9a45a48caa5e", + "sha3_256_hash_of_public_key": "3e834e34f198ab5a3504cfa0c6af6ab78de3a3ef5667e6065e084cf5d2a5bb32", + "sha3_256_hash_of_secret_key": "d74767e217cfaaf75adc92927107c76d7267b1d7b3b76f2f8ae5a9044aa290f2", "encapsulation_seed": "5b17a6adad541efcbf5ae4b0c0452cd2ce32e4f0f8701801c5b63e197c1fcbf4", - "sha3_256_hash_of_ciphertext": "83ddab2e25614544649a1e497b5b21c40a3e154e8a22c270f63cb0c40aa868fd", - "shared_secret": "29e6b1edac0a9aa33066c113167e42c64d70215ed04963d8be2d4c2dcd0f6589" + "sha3_256_hash_of_ciphertext": "3a41b6054d918e9613e8d4eab83628f7c82b6ef447ecdacd0a74cc21be6b47aa", + "shared_secret": "d98b18f7b6717b8f6b3e331d6d8f9d3633eb70f54133a78e2345138420edf89d" }, { "key_generation_seed": "6fb2ec719f2a0dea152bf3f64b9d148f8ab8ba88f64e61f5db53e12d59f525574f797c007e4061f95c7d56cfc7ee5c49e849dde3fea8f25e7876df2a18515c34", - "sha3_256_hash_of_public_key": "2c0db43f39b672b2cd912f907cf76a0f6fda925eb2d205546431be0b37b20411", - "sha3_256_hash_of_secret_key": "09844e203f4d8fa30728ab388b9d654847febbf5c9cd939cdc11c9c9be24ce9c", + "sha3_256_hash_of_public_key": "c5e157ff4357d3c26b7c4b45315f0689f135c85d952a64648b0a8cec03741fe0", + "sha3_256_hash_of_secret_key": "edc6b8e2036f9ce7ef87dc58d4866ad9f320ffab1aa22371b7b56ec727f77531", "encapsulation_seed": "61ab87659525de9656af41246f20e1dbe85c24e335e7ecf9493f46168bc14e94", - "sha3_256_hash_of_ciphertext": "a2108ea2c446b566a50c228928893e2e4bde5fafb2184af92eb1314113bde0d6", - "shared_secret": "cfd1b82181543656807880f6e2576f0b095bf84629b3367e9bdede24662ee42e" + "sha3_256_hash_of_ciphertext": "7324a073d06af373494ecfc7960cfb81484e9ae64bc16e13651b015cdfb73668", + "shared_secret": "b7d5919f0bab0e2715a97cab993656831bc8a3dc86c3bd32e64ccb4762f70499" }, { "key_generation_seed": "527fb88c8bd9a4d6031dad15e63878abd2b559e7e08d61f69e8e78fca964ee6ae32d432b4f9f751bde0496c580a181ffed762aa35454a02d3f1f47ee0394c89c", - "sha3_256_hash_of_public_key": "aae8e61b905723fa092fb95b839f6de3670c39ce0498c27b87d20c24e7f64e22", - "sha3_256_hash_of_secret_key": "3880f7ca8fc33575a7a6d8bb46fec86a3f12e0068630507ed245d8bc278fbe5d", + "sha3_256_hash_of_public_key": "f5cedd022077b1a6a052f5287219393cd2e0366d0f5531b2f7ea8704d2900ce5", + "sha3_256_hash_of_secret_key": "882916ad7b7707feae2885f13bdf19d36931886c4bfd188fd46b6b6adeeb8d78", "encapsulation_seed": "eca2adc3da1fb15f34033405ec08ef2f46163df4bfcccf8842c600ce0bc2026c", - "sha3_256_hash_of_ciphertext": "ec48b3ec403609a0ce2d1268cadda8184ab9629cc5913135ffdecd420eed1aa9", - "shared_secret": "f7331b0a4674969838482b7184fa92e5246f11f5b5e284c3e179effff7eb6329" + "sha3_256_hash_of_ciphertext": "84e4fab74ef96f7b3ec50d7afdf69445b4326fe3ad695efcbf56426c0a6df6c8", + "shared_secret": "149e4e38a07d18c0b08edf9c47e425b56f7da87b2b9c855bedd29f6f0a8fe5fa" }, { "key_generation_seed": "ac6fcfaeeef795b6ef9e062f02bf42975fa01e7d91ba832f74e05269a72684d05aeda108ea4d6c6bc0fb958286850422bc357ca67b83c986048e0d0087fa11ec", - "sha3_256_hash_of_public_key": "64e085f67e48f00a7a7f82963e8c67176bff839a54fa1008328c0612f98d83d3", - "sha3_256_hash_of_secret_key": "0bfbc25d9df751f4c30907095eb6d9a75ed07fa23218ad0fffc469f0e55553c2", + "sha3_256_hash_of_public_key": "a53a20ea03e400a843c8cf4d04bfe0c0a3ce63dde01045e2669f7ae5da790577", + "sha3_256_hash_of_secret_key": "9d1e4432908352535074efbfa7cde3e6738e073fd512e04e9601380fb40b7614", "encapsulation_seed": "c4f15bec2d7701339d0ade4835193bea3632edcf89e74992620d9eb623a0d0d4", - "sha3_256_hash_of_ciphertext": "fb74b727ad120c18915dca475f3082cd34ded7ae20a308106384ffb5caa029d3", - "shared_secret": "c89d62938a5caabfd5b30d82ea88aced52ef5f8ec0528e59a654e1f6aff1cc2f" + "sha3_256_hash_of_ciphertext": "071204e26ed00e7a1f226d4e971cfb2d9502e17da99f5479235763cb7723ac5d", + "shared_secret": "38a1fcaf302905e18940605e49e5f44c747b06e789acc9c395211823598ef516" }, { "key_generation_seed": "ba2fb9318d4dbe7488057c33e95e6f054583a2800c41bb83083c330a914a12cfe63f8ffda3565c2424c89b20974b748a65a5aba75133fcb3156dfb6626a83bab", - "sha3_256_hash_of_public_key": "8dab879de09b58d0fc7ade140393ffb5343abbddabdc118fad519b14436a964c", - "sha3_256_hash_of_secret_key": "7c53072fd98ea7bd8c5e873688b1a5650fe7e11c791407ac8c118b7958cf414b", + "sha3_256_hash_of_public_key": "cacca228846450ebb8f04a2a5ef2d919dfa47c4aa265f4cedd10cf74eef3ecc1", + "sha3_256_hash_of_secret_key": "a01db77c5983b2472e616dfc04666a2112924dda5ffbf00a989cf1a48578898b", "encapsulation_seed": "28878249e2ac2b6263422993923a0c8bd05ce56e385ed13c943b03d226856947", - "sha3_256_hash_of_ciphertext": "a1f1579c4ce8eb725e697623321b3d9f55f4b1d0def10b898535ef6614e9923e", - "shared_secret": "204d9272682710b52fb39b1176af3ff737848978770310df0c67996f6cb596c3" + "sha3_256_hash_of_ciphertext": "dd0b438cb7dcda28762d06e61f1765baef8003d0d86ff48cd4f9788cae8e8618", + "shared_secret": "403543b0f8e519ba4ab878c40ab5aed412ea06bfeb2b864baa5ef4b81a42c454" }, { "key_generation_seed": "aa6dd1e5799cdf7af9c4fc632b3eb9d51d66e85c8e0a21ec98664fc51ab63c7dfda268813efab5204efa60f78bf81d320d01ac09ac06244f7afbd2d80fd356d9", - "sha3_256_hash_of_public_key": "919a696301240cd6129f66be58e19d99b0d827d9932785cd9ea3d92f7ba54463", - "sha3_256_hash_of_secret_key": "cb1d7301f15951883cc3f287d4dd8fdf5c9b7022f558dff551c2ade5f5065755", + "sha3_256_hash_of_public_key": "4126f5151d1b086e26a88bd9f20710ef06aa0f834722b801f6b79c031f1f9213", + "sha3_256_hash_of_secret_key": "9a6c24b5ae556241f3e6b07a7576971173ecfe474be9c6b09fd12ddef8b5f75e", "encapsulation_seed": "17fc65f7fbd7c75ceec421dee84dff5a8cb22764a182db17e0ebe857f54d60eb", - "sha3_256_hash_of_ciphertext": "f02654803493821dd9c2ed23f9e46a36addd5fca0da706bbeeda87a2df9fec4f", - "shared_secret": "76e5f7623e3e867fd12f28dfda4311f7cd90a405b73e994e857f693573fd2b8a" + "sha3_256_hash_of_ciphertext": "7c2b9cd82c349fdc534ac30eaa18bf83afd0736b17a4320963571c109451a5b6", + "shared_secret": "f7a280462f93b619888b5a72da3749556e53ef4f4440df728c8db1edcc86cea4" }, { "key_generation_seed": "195d6c86a3df4c21e3007d7f2768b43c74cb3060e0eca77f0a5d3271542b9a84ae77e0f9f21eabd8c0c6eea7767f4e10fde5c2d79b8400bf96b19014b457ec21", - "sha3_256_hash_of_public_key": "cb6d7232426bdbdfdacd373c9190722e7bf342825f7d829185dcc9120588fc76", - "sha3_256_hash_of_secret_key": "a85e24cc2eafdfe40d82f46471112e1359628b9955f3feae9955b48d563ac952", + "sha3_256_hash_of_public_key": "b6f12914ed31f14f79c652eed4db478de7ebd263fe27052509fee10b50f2d053", + "sha3_256_hash_of_secret_key": "1a4de442c4c6db97bfa12227c4423237a869c93154e2c5ca49cacbd0ef730485", "encapsulation_seed": "fa0489f3730100609488e951e6aaa15c0f193bc1dbcfcd013bc418d6c507b176", - "sha3_256_hash_of_ciphertext": "17336b9ede3a1c26abe725828a5afbe746035a73dfd4a8fbde5040fbabeb2b8d", - "shared_secret": "874ac966970f29935db73c231e71a3559b2504e5446151b99c199276617b3824" + "sha3_256_hash_of_ciphertext": "41d75dd4690637576652071cb46987cc26321a07bb47a1cfb07f30d2153920c5", + "shared_secret": "fef3730b905431d14aa7aa7bb1d253cd912335c590b8d7de1e7aa4e0ff76be04" } ] \ No newline at end of file From 6eaba8cf499832bb3a7cfdf86e52d36366327e8e Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 19 Aug 2024 13:38:17 +0200 Subject: [PATCH 068/172] WIP domain separation for keygen seed --- libcrux-ml-kem/src/ind_cca.rs | 71 ++-------------- libcrux-ml-kem/src/ind_cca/instantiations.rs | 35 +++++++- libcrux-ml-kem/src/ind_cca/multiplexing.rs | 50 +++++++++++ libcrux-ml-kem/src/ind_cpa.rs | 10 ++- libcrux-ml-kem/src/lib.rs | 7 +- libcrux-ml-kem/src/mlkem1024.rs | 36 ++++++++ libcrux-ml-kem/src/mlkem512.rs | 35 +++++++- libcrux-ml-kem/src/mlkem768.rs | 34 ++++++++ libcrux-ml-kem/src/variant.rs | 88 ++++++++++++++++++++ 9 files changed, 288 insertions(+), 78 deletions(-) create mode 100644 libcrux-ml-kem/src/variant.rs diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 7127c1704..993d2ad24 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -1,7 +1,8 @@ use crate::{ constant_time_ops::{ - compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, + compare_ciphertexts_in_constant_time, compare_ciphertexts_select_shared_secret_in_constant_time, + select_shared_secret_in_constant_time, }, constants::{CPA_PKE_KEY_GENERATION_SEED_SIZE, H_DIGEST_SIZE, SHARED_SECRET_SIZE}, hash_functions::Hash, @@ -10,6 +11,7 @@ use crate::{ serialize::deserialize_ring_elements_reduced, types::*, utils::into_padded_array, + variant::*, vector::Operations, }; @@ -117,6 +119,7 @@ fn generate_keypair< const ETA1_RANDOMNESS_SIZE: usize, Vector: Operations, Hasher: Hash, + Scheme: Variant, >( randomness: [u8; KEY_GENERATION_SEED_SIZE], ) -> MlKemKeyPair { @@ -132,6 +135,7 @@ fn generate_keypair< ETA1_RANDOMNESS_SIZE, Vector, Hasher, + Scheme, >(ind_cpa_keypair_randomness); let secret_key_serialized = serialize_kem_secret_key::( @@ -454,68 +458,3 @@ pub(crate) fn decapsulate_unpacked< selector, ) } - -/// This trait collects differences in specification between ML-KEM -/// (Draft FIPS 203) and the Round 3 CRYSTALS-Kyber submission in the -/// NIST PQ competition. -/// -/// cf. FIPS 203 (Draft), section 1.3 -pub(crate) trait Variant { - fn kdf>( - shared_secret: &[u8], - ciphertext: &MlKemCiphertext, - ) -> [u8; 32]; - fn entropy_preprocess>(randomness: &[u8]) -> [u8; 32]; -} - -/// Implements [`Variant`], to perform the Kyber-specific actions -/// during encapsulation and decapsulation. -/// Specifically, -/// * during encapsulation, the initial randomness is hashed before being used, -/// * the derivation of the shared secret includes a hash of the Kyber ciphertext. -#[cfg(feature = "kyber")] -pub(crate) struct Kyber {} - -#[cfg(feature = "kyber")] -impl Variant for Kyber { - #[inline(always)] - fn kdf>( - shared_secret: &[u8], - ciphertext: &MlKemCiphertext, - ) -> [u8; 32] { - let mut kdf_input: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&shared_secret); - kdf_input[H_DIGEST_SIZE..].copy_from_slice(&Hasher::H(ciphertext.as_slice())); - Hasher::PRF::<32>(&kdf_input) - } - - #[inline(always)] - fn entropy_preprocess>(randomness: &[u8]) -> [u8; 32] { - Hasher::H(&randomness) - } -} - -/// Implements [`Variant`], to perform the ML-KEM-specific actions -/// during encapsulation and decapsulation. -/// Specifically, -/// * during encapsulation, the initial randomness is used without prior hashing, -/// * the derivation of the shared secret does not include a hash of the ML-KEM ciphertext. -pub(crate) struct MlKem {} - -impl Variant for MlKem { - #[inline(always)] - fn kdf>( - shared_secret: &[u8], - _: &MlKemCiphertext, - ) -> [u8; 32] { - let mut out = [0u8; 32]; - out.copy_from_slice(shared_secret); - out - } - - #[inline(always)] - fn entropy_preprocess>(randomness: &[u8]) -> [u8; 32] { - let mut out = [0u8; 32]; - out.copy_from_slice(randomness); - out - } -} diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index 1316d3564..f68a24dfb 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -33,6 +33,33 @@ macro_rules! instantiate { ETA1_RANDOMNESS_SIZE, $vector, $hash, + crate::variant::MlKem, + >(randomness) + } + + #[cfg(feature = "kyber")] + pub(crate) fn kyber_generate_keypair< + const K: usize, + const CPA_PRIVATE_KEY_SIZE: usize, + const PRIVATE_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const BYTES_PER_RING_ELEMENT: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + >( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + ) -> MlKemKeyPair { + crate::ind_cca::generate_keypair::< + K, + CPA_PRIVATE_KEY_SIZE, + PRIVATE_KEY_SIZE, + PUBLIC_KEY_SIZE, + BYTES_PER_RING_ELEMENT, + ETA1, + ETA1_RANDOMNESS_SIZE, + $vector, + $hash, + crate::variant::Kyber, >(randomness) } @@ -88,7 +115,7 @@ macro_rules! instantiate { ETA2_RANDOMNESS_SIZE, $vector, $hash, - crate::ind_cca::Kyber, + crate::variant::Kyber, >(public_key, randomness) } @@ -126,7 +153,7 @@ macro_rules! instantiate { ETA2_RANDOMNESS_SIZE, $vector, $hash, - crate::ind_cca::MlKem, + crate::variant::MlKem, >(public_key, randomness) } @@ -172,7 +199,7 @@ macro_rules! instantiate { IMPLICIT_REJECTION_HASH_INPUT_SIZE, $vector, $hash, - crate::ind_cca::Kyber, + crate::variant::Kyber, >(private_key, ciphertext) } @@ -217,7 +244,7 @@ macro_rules! instantiate { IMPLICIT_REJECTION_HASH_INPUT_SIZE, $vector, $hash, - crate::ind_cca::MlKem, + crate::variant::MlKem, >(private_key, ciphertext) } diff --git a/libcrux-ml-kem/src/ind_cca/multiplexing.rs b/libcrux-ml-kem/src/ind_cca/multiplexing.rs index 8257a573a..77f673a9d 100644 --- a/libcrux-ml-kem/src/ind_cca/multiplexing.rs +++ b/libcrux-ml-kem/src/ind_cca/multiplexing.rs @@ -31,21 +31,25 @@ use instantiations::portable::{ #[cfg(all(feature = "simd256", feature = "kyber"))] use instantiations::avx2::{ kyber_decapsulate as kyber_decapsulate_avx2, kyber_encapsulate as kyber_encapsulate_avx2, + kyber_generate_keypair as kyber_generate_keypair_avx2, }; #[cfg(all(feature = "simd128", feature = "kyber"))] use instantiations::neon::{ kyber_decapsulate as kyber_decapsulate_neon, kyber_encapsulate as kyber_encapsulate_neon, + kyber_generate_keypair as kyber_generate_keypair_neon, }; #[cfg(all(not(feature = "simd256"), feature = "kyber"))] use instantiations::portable::{ kyber_decapsulate as kyber_decapsulate_avx2, kyber_encapsulate as kyber_encapsulate_avx2, + kyber_generate_keypair as kyber_generate_keypair_avx2, }; #[cfg(all(not(feature = "simd128"), feature = "kyber"))] use instantiations::portable::{ kyber_decapsulate as kyber_decapsulate_neon, kyber_encapsulate as kyber_encapsulate_neon, + kyber_generate_keypair as kyber_generate_keypair_neon, }; pub(crate) fn validate_public_key< @@ -68,6 +72,52 @@ pub(crate) fn validate_public_key< } } +#[cfg(feature = "kyber")] +pub(crate) fn kyber_generate_keypair< + const K: usize, + const CPA_PRIVATE_KEY_SIZE: usize, + const PRIVATE_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const BYTES_PER_RING_ELEMENT: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, +>( + randomness: [u8; KEY_GENERATION_SEED_SIZE], +) -> MlKemKeyPair { + // Runtime feature detection. + if libcrux_platform::simd256_support() { + kyber_generate_keypair_avx2::< + K, + CPA_PRIVATE_KEY_SIZE, + PRIVATE_KEY_SIZE, + PUBLIC_KEY_SIZE, + BYTES_PER_RING_ELEMENT, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness) + } else if libcrux_platform::simd128_support() { + kyber_generate_keypair_neon::< + K, + CPA_PRIVATE_KEY_SIZE, + PRIVATE_KEY_SIZE, + PUBLIC_KEY_SIZE, + BYTES_PER_RING_ELEMENT, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness) + } else { + instantiations::portable::kyber_generate_keypair::< + K, + CPA_PRIVATE_KEY_SIZE, + PRIVATE_KEY_SIZE, + PUBLIC_KEY_SIZE, + BYTES_PER_RING_ELEMENT, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness) + } +} + pub(crate) fn generate_keypair< const K: usize, const CPA_PRIVATE_KEY_SIZE: usize, diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 7219c8891..5af3ff65c 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -14,6 +14,7 @@ use crate::{ serialize_uncompressed_ring_element, }, utils::into_padded_array, + variant::{MlKem, Variant}, vector::Operations, }; @@ -176,8 +177,8 @@ pub(crate) fn generate_keypair_unpacked< IndCpaPrivateKeyUnpacked, IndCpaPublicKeyUnpacked, ) { - // (ρ,σ) := G(d) - let hashed = Hasher::G(key_generation_seed); + // (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for ML-KEM + let hashed = MlKem::cpa_keygen_seed::(key_generation_seed); let (seed_for_A, seed_for_secret_and_error) = hashed.split_at(32); let A_transpose = sample_matrix_A::(into_padded_array(seed_for_A), true); @@ -218,13 +219,14 @@ pub(crate) fn generate_keypair< const ETA1_RANDOMNESS_SIZE: usize, Vector: Operations, Hasher: Hash, + Scheme: Variant, >( key_generation_seed: &[u8], ) -> ([u8; PRIVATE_KEY_SIZE], [u8; PUBLIC_KEY_SIZE]) { // We don't use the unpacked function here in order to reduce stack size. - // (ρ,σ) := G(d) - let hashed = Hasher::G(key_generation_seed); + // (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for ML-KEM + let hashed = Scheme::cpa_keygen_seed::(key_generation_seed); let (seed_for_A, seed_for_secret_and_error) = hashed.split_at(32); let A_transpose = sample_matrix_A::(into_padded_array(seed_for_A), true); diff --git a/libcrux-ml-kem/src/lib.rs b/libcrux-ml-kem/src/lib.rs index 9a1bfd14a..61036042b 100644 --- a/libcrux-ml-kem/src/lib.rs +++ b/libcrux-ml-kem/src/lib.rs @@ -107,6 +107,7 @@ cfg_pre_verification! { mod hash_functions; mod ind_cca; mod ind_cpa; + mod variant; mod invert_ntt; mod matrix; mod ntt; @@ -141,7 +142,7 @@ cfg_pre_verification! { pub mod kyber512 { //! Kyber 512 (NIST PQC Round 3) cfg_no_eurydice! { - pub use crate::mlkem512::generate_key_pair; + pub use crate::mlkem512::kyber::generate_key_pair; pub use crate::mlkem512::kyber::decapsulate; pub use crate::mlkem512::kyber::encapsulate; pub use crate::mlkem512::validate_public_key; @@ -153,7 +154,7 @@ cfg_pre_verification! { pub mod kyber768 { //! Kyber 768 (NIST PQC Round 3) cfg_no_eurydice! { - pub use crate::mlkem768::generate_key_pair; + pub use crate::mlkem768::kyber::generate_key_pair; pub use crate::mlkem768::kyber::decapsulate; pub use crate::mlkem768::kyber::encapsulate; pub use crate::mlkem768::validate_public_key; @@ -165,7 +166,7 @@ cfg_pre_verification! { pub mod kyber1024 { //! Kyber 1024 (NIST PQC Round 3) cfg_no_eurydice! { - pub use crate::mlkem1024::generate_key_pair; + pub use crate::mlkem1024::kyber::generate_key_pair; pub use crate::mlkem1024::kyber::decapsulate; pub use crate::mlkem1024::kyber::encapsulate; pub use crate::mlkem1024::validate_public_key; diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 567c142ac..83cce9ad9 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -84,6 +84,22 @@ macro_rules! instantiate { } } + /// Generate Kyber 1024 Key Pair + #[cfg(feature = "kyber")] + pub fn kyber_generate_key_pair( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + ) -> MlKem1024KeyPair { + p::kyber_generate_keypair::< + RANK_1024, + CPA_PKE_SECRET_KEY_SIZE_1024, + SECRET_KEY_SIZE_1024, + CPA_PKE_PUBLIC_KEY_SIZE_1024, + RANKED_BYTES_PER_RING_ELEMENT_1024, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness) + } + /// Generate ML-KEM 1024 Key Pair pub fn generate_key_pair( randomness: [u8; KEY_GENERATION_SEED_SIZE], @@ -403,6 +419,26 @@ pub fn decapsulate( pub(crate) mod kyber { use super::*; + /// Generate Kyber 1024 Key Pair + /// + /// Generate an ML-KEM key pair. The input is a byte array of size + /// [`KEY_GENERATION_SEED_SIZE`]. + /// + /// This function returns an [`MlKem1024KeyPair`]. + pub fn generate_key_pair( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + ) -> MlKemKeyPair { + multiplexing::kyber_generate_keypair::< + RANK_1024, + CPA_PKE_SECRET_KEY_SIZE_1024, + SECRET_KEY_SIZE_1024, + CPA_PKE_PUBLIC_KEY_SIZE_1024, + RANKED_BYTES_PER_RING_ELEMENT_1024, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness) + } + /// Encapsulate Kyber 1024 /// /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index adb0ce646..7a4d5f30f 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -94,6 +94,21 @@ macro_rules! instantiate { >(randomness) } + /// Generate Kyber 512 Key Pair + #[cfg(feature = "kyber")] + pub fn kyber_generate_key_pair( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + ) -> MlKem512KeyPair { + p::kyber_generate_keypair::< + RANK_512, + CPA_PKE_SECRET_KEY_SIZE_512, + SECRET_KEY_SIZE_512, + CPA_PKE_PUBLIC_KEY_SIZE_512, + RANKED_BYTES_PER_RING_ELEMENT_512, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness) + } /// Encapsulate ML-KEM 512 /// /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. @@ -393,12 +408,30 @@ pub fn decapsulate( #[cfg(all(not(eurydice), feature = "kyber"))] pub(crate) mod kyber { use super::*; + + /// Generate Kyber 512 Key Pair + /// + /// The input is a byte array of size + /// [`KEY_GENERATION_SEED_SIZE`]. + /// + /// This function returns an [`MlKem512KeyPair`]. + pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem512KeyPair { + multiplexing::kyber_generate_keypair::< + RANK_512, + CPA_PKE_SECRET_KEY_SIZE_512, + SECRET_KEY_SIZE_512, + CPA_PKE_PUBLIC_KEY_SIZE_512, + RANKED_BYTES_PER_RING_ELEMENT_512, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness) + } + /// Encapsulate Kyber 512 /// /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. - pub fn encapsulate( public_key: &MlKem512PublicKey, randomness: [u8; SHARED_SECRET_SIZE], diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 979524a14..b5b8ee0c6 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -97,6 +97,22 @@ macro_rules! instantiate { >(randomness) } + /// Generate Kyber 768 Key Pair + #[cfg(feature = "kyber")] + pub fn kyber_generate_key_pair( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + ) -> MlKem768KeyPair { + p::kyber_generate_keypair::< + RANK_768, + CPA_PKE_SECRET_KEY_SIZE_768, + SECRET_KEY_SIZE_768, + CPA_PKE_PUBLIC_KEY_SIZE_768, + RANKED_BYTES_PER_RING_ELEMENT_768, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness) + } + /// Encapsulate ML-KEM 768 /// /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. @@ -397,6 +413,24 @@ pub fn decapsulate( pub(crate) mod kyber { use super::*; + /// Generate Kyber 768 Key Pair + /// + /// Generate a Kyber key pair. The input is a byte array of size + /// [`KEY_GENERATION_SEED_SIZE`]. + /// + /// This function returns an [`MlKem768KeyPair`]. + pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem768KeyPair { + multiplexing::kyber_generate_keypair::< + RANK_768, + CPA_PKE_SECRET_KEY_SIZE_768, + SECRET_KEY_SIZE_768, + CPA_PKE_PUBLIC_KEY_SIZE_768, + RANKED_BYTES_PER_RING_ELEMENT_768, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness) + } + /// Encapsulate Kyber 768 /// /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. diff --git a/libcrux-ml-kem/src/variant.rs b/libcrux-ml-kem/src/variant.rs new file mode 100644 index 000000000..b9869d092 --- /dev/null +++ b/libcrux-ml-kem/src/variant.rs @@ -0,0 +1,88 @@ +//! This module defines the `Variant` trait, which captures +//! differences between the NIST standard FIPS 203 (ML-KEM) and the +//! Round 3 CRYSTALS-Kyber submissions in the NIST PQ competition. + +use crate::{ + constants::{CPA_PKE_KEY_GENERATION_SEED_SIZE, H_DIGEST_SIZE}, hash_functions::Hash, utils::into_padded_array, MlKemCiphertext, +}; + +/// This trait collects differences in specification between ML-KEM +/// (FIPS 203) and the Round 3 CRYSTALS-Kyber submission in the +/// NIST PQ competition. +/// +/// cf. FIPS 203, Appendix C +pub(crate) trait Variant { + fn kdf>( + shared_secret: &[u8], + ciphertext: &MlKemCiphertext, + ) -> [u8; 32]; + fn entropy_preprocess>(randomness: &[u8]) -> [u8; 32]; + fn cpa_keygen_seed>(seed: &[u8]) -> [u8; 64]; +} + +/// Implements [`Variant`], to perform the Kyber-specific actions +/// during encapsulation and decapsulation. +/// Specifically, +/// * during key generation, the seed hash is not domain separated +/// * during encapsulation, the initial randomness is hashed before being used, +/// * the derivation of the shared secret includes a hash of the Kyber ciphertext. +#[cfg(feature = "kyber")] +pub(crate) struct Kyber {} + +#[cfg(feature = "kyber")] +impl Variant for Kyber { + #[inline(always)] + fn kdf>( + shared_secret: &[u8], + ciphertext: &MlKemCiphertext, + ) -> [u8; 32] { + let mut kdf_input: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&shared_secret); + kdf_input[H_DIGEST_SIZE..].copy_from_slice(&Hasher::H(ciphertext.as_slice())); + Hasher::PRF::<32>(&kdf_input) + } + + #[inline(always)] + fn entropy_preprocess>(randomness: &[u8]) -> [u8; 32] { + Hasher::H(&randomness) + } + + #[inline(always)] + fn cpa_keygen_seed>(key_generation_seed: &[u8]) -> [u8; 64] { + Hasher::G(key_generation_seed) + } +} + +/// Implements [`Variant`], to perform the ML-KEM-specific actions +/// during encapsulation and decapsulation. +/// Specifically, +/// * during key generation, the seed hash is domain separated (this is a difference from the FIPS 203 IPD and Kyber) +/// * during encapsulation, the initial randomness is used without prior hashing, +/// * the derivation of the shared secret does not include a hash of the ML-KEM ciphertext. +pub(crate) struct MlKem {} + +impl Variant for MlKem { + #[inline(always)] + fn kdf>( + shared_secret: &[u8], + _: &MlKemCiphertext, + ) -> [u8; 32] { + let mut out = [0u8; 32]; + out.copy_from_slice(shared_secret); + out + } + + #[inline(always)] + fn entropy_preprocess>(randomness: &[u8]) -> [u8; 32] { + let mut out = [0u8; 32]; + out.copy_from_slice(randomness); + out + } + + #[inline(always)] + fn cpa_keygen_seed>(key_generation_seed: &[u8]) -> [u8; 64] { + let mut seed = [0u8; CPA_PKE_KEY_GENERATION_SEED_SIZE + 1]; + seed[0..CPA_PKE_KEY_GENERATION_SEED_SIZE].copy_from_slice(key_generation_seed); + seed[CPA_PKE_KEY_GENERATION_SEED_SIZE] = K as u8; + Hasher::G(&seed) + } +} From f84429165a2ebba7cae18469fdf6bbdc25a2f093 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 19 Aug 2024 14:22:44 +0200 Subject: [PATCH 069/172] Test actual Kyber on CI --- .github/workflows/mlkem.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/mlkem.yml b/.github/workflows/mlkem.yml index 67376a6c2..55a65b2b9 100644 --- a/.github/workflows/mlkem.yml +++ b/.github/workflows/mlkem.yml @@ -156,7 +156,7 @@ jobs: - name: 🏃🏻‍♀️ Test Kyber run: | cargo clean - cargo test --features kyber --verbose $RUST_TARGET_FLAG + cargo test --features pre-verification,kyber --verbose $RUST_TARGET_FLAG - name: 🏃🏻‍♀️ Cargo Check Features if: ${{ matrix.bits == 64 }} From 6b71b5fae48b400c6dac49234638dd52385d111d Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 19 Aug 2024 15:27:38 +0200 Subject: [PATCH 070/172] Test verified version of ML-KEM IPD using the right vectors --- .../tests/kats/generate_mlkem_kats.py | 47 + libcrux-ml-kem/tests/kats/mlkem.py | 11 +- .../tests/kats/nistkats_mlkem_ipd_1024.json | 802 ++++++++++++++++++ .../tests/kats/nistkats_mlkem_ipd_512.json | 802 ++++++++++++++++++ .../tests/kats/nistkats_mlkem_ipd_768.json | 802 ++++++++++++++++++ libcrux-ml-kem/tests/nistkats.rs | 6 +- 6 files changed, 2463 insertions(+), 7 deletions(-) create mode 100644 libcrux-ml-kem/tests/kats/nistkats_mlkem_ipd_1024.json create mode 100644 libcrux-ml-kem/tests/kats/nistkats_mlkem_ipd_512.json create mode 100644 libcrux-ml-kem/tests/kats/nistkats_mlkem_ipd_768.json diff --git a/libcrux-ml-kem/tests/kats/generate_mlkem_kats.py b/libcrux-ml-kem/tests/kats/generate_mlkem_kats.py index ac2f7bbff..27ec65d94 100755 --- a/libcrux-ml-kem/tests/kats/generate_mlkem_kats.py +++ b/libcrux-ml-kem/tests/kats/generate_mlkem_kats.py @@ -90,3 +90,50 @@ def read(self, length): with open("nistkats_mlkem_{}.json".format(output_suffix), "w") as f: json.dump(kats_formatted, f, ensure_ascii=False, indent=4) + + +for params in [params512, params768, params1024]: + kats_formatted = [] + seed = bytes(range(48)) + g = NistDRBG(seed) + + print("Generating IPD KATs for {} parameter set.".format(params)) + + for i in range(100): + seed = g.read(48) + g2 = NistDRBG(seed) + + kseed = g2.read(32) + g2.read(32) + eseed = g2.read(32) + + pk, sk = KeyGen(kseed, params, ipd = True) + ct, ss = Enc(pk, eseed, params) + + Dec(sk, ct, params) + + kats_formatted.append( + { + "key_generation_seed": bytes(kseed).hex(), + "sha3_256_hash_of_public_key": bytes( + hashlib.sha3_256(pk).digest() + ).hex(), + "sha3_256_hash_of_secret_key": bytes( + hashlib.sha3_256(sk).digest() + ).hex(), + "encapsulation_seed": bytes(eseed).hex(), + "sha3_256_hash_of_ciphertext": bytes( + hashlib.sha3_256(ct).digest() + ).hex(), + "shared_secret": bytes(ss).hex(), + } + ) + + if params == params512: + output_suffix = "512" + elif params == params768: + output_suffix = "768" + else: + output_suffix = "1024" + + with open("nistkats_mlkem_ipd_{}.json".format(output_suffix), "w") as f: + json.dump(kats_formatted, f, ensure_ascii=False, indent=4) diff --git a/libcrux-ml-kem/tests/kats/mlkem.py b/libcrux-ml-kem/tests/kats/mlkem.py index 33aabfedf..5e4189993 100644 --- a/libcrux-ml-kem/tests/kats/mlkem.py +++ b/libcrux-ml-kem/tests/kats/mlkem.py @@ -290,9 +290,12 @@ def constantTimeSelectOnEquality(a, b, ifEq, ifNeq): return ifEq if a == b else ifNeq -def InnerKeyGen(seed, params): +def InnerKeyGen(seed, params, ipd): assert len(seed) == 32 - rho, sigma = G(seed + bytes([params.k])) + if ipd: + rho, sigma = G(seed) + else: + rho, sigma = G(seed + bytes([params.k])) A = sampleMatrix(rho, params.k) s = sampleNoise(sigma, params.eta1, 0, params.k) e = sampleNoise(sigma, params.eta1, params.k, params.k) @@ -330,10 +333,10 @@ def InnerDec(sk, ct, params): return (v - sHat.DotNTT(u.NTT()).InvNTT()).Compress(1).Encode(1) -def KeyGen(seed, params): +def KeyGen(seed, params, ipd = False): assert len(seed) == 64 z = seed[32:] - pk, sk2 = InnerKeyGen(seed[:32], params) + pk, sk2 = InnerKeyGen(seed[:32], params, ipd) h = H(pk) return (pk, sk2 + pk + h + z) diff --git a/libcrux-ml-kem/tests/kats/nistkats_mlkem_ipd_1024.json b/libcrux-ml-kem/tests/kats/nistkats_mlkem_ipd_1024.json new file mode 100644 index 000000000..3d5739981 --- /dev/null +++ b/libcrux-ml-kem/tests/kats/nistkats_mlkem_ipd_1024.json @@ -0,0 +1,802 @@ +[ + { + "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d8626ed79d451140800e03b59b956f8210e556067407d13dc90fa9e8b872bfb8f", + "sha3_256_hash_of_public_key": "8a39e87d531f3527c207edcc1db7faddcf9628391879b335c707839a0db051a8", + "sha3_256_hash_of_secret_key": "ed1f6cb687c37931ea2aa80d9c956f277a9df532649661035c6e2f9872132638", + "encapsulation_seed": "147c03f7a5bebba406c8fae1874d7f13c80efe79a3a9a874cc09fe76f6997615", + "sha3_256_hash_of_ciphertext": "5ef5d180bf8d4493ef8e8ddc23c22e428840c362a05a25fd306c6c528bd90f8c", + "shared_secret": "63a1039074f01f2651213ad9350d6561cb03a60400e74118bb4464d87b9db205" + }, + { + "key_generation_seed": "d60b93492a1d8c1c7ba6fc0b733137f3406cee8110a93f170e7a78658af326d9003271531cf27285b8721ed5cb46853043b346a66cba6cf765f1b0eaa40bf672", + "sha3_256_hash_of_public_key": "c9ede13be3dbb0edc3ab08226cae11771ff4c0b04a564b64a0d9ff10e373e986", + "sha3_256_hash_of_secret_key": "9b5876610793ae42f683d94f736d8d7e0e033bee588bab07a31c9cdb4ab99a5d", + "encapsulation_seed": "cde797df8ce67231f6c5d15811843e01eb2ab84c7490931240822adbddd72046", + "sha3_256_hash_of_ciphertext": "bef440cb5a14bfa652ff69fc431b59980147a2408df8a893f0fafded11d6cfa3", + "shared_secret": "856d56ee09279a13f9abdca14ecbe8ca9968495f09a0758b6d1c8376099365eb" + }, + { + "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345e82fcc97ca60ccb27bf6938c975658aeb8b4d37cffbde25d97e561f36c219ade", + "sha3_256_hash_of_public_key": "ff2546623aee72025fb6746fba736bae0e80e257e66edbf09d8d4dc11049cda4", + "sha3_256_hash_of_secret_key": "57155298b53d3af5d6db214dfa91a9e16f8d5de570bbff5dba5f4cd84098f255", + "encapsulation_seed": "f43f68fbd694f0a6d307297110ecd4739876489fdf07eb9b03364e2ed0ff96e9", + "sha3_256_hash_of_ciphertext": "28e308a6f91068b01a7065b8579fcb6234ecd9bb8d3172b6dfc5a3a470050ea7", + "shared_secret": "c33a4432cc441b7683605c29afdecc81922cf234e02be8c2fbc4e2a7a3b4b078" + }, + { + "key_generation_seed": "050d58f9f757edc1e8180e3808b806f5bbb3586db3470b069826d1bb9a4efc2cde950541fd53a8a47aaa8cdfe80d928262a5ef7f8129ec3ef92f78d7cc32ef60", + "sha3_256_hash_of_public_key": "25b786a67de17d61b2fc0e85a13924398aab931896b6174089569f08b7260687", + "sha3_256_hash_of_secret_key": "d188a2637dfe80dbd0fc25165eb4898923888a82c10f6ff0b8ddb5bf251c0650", + "encapsulation_seed": "ea74fbc3c546500ed684bed6fe3c496d3b86d2d6dfaf223969b942e9a8c95e85", + "sha3_256_hash_of_ciphertext": "8427a1684769e63ec43e97ecbe7b7e654b6e63433bccd23340849904e02767dd", + "shared_secret": "7c14fb353ba421705de44f2a12ddc5ad9b11e30e7b0e163cebebe2da79a7293f" + }, + { + "key_generation_seed": "66b79b844e0c2adad694e0478661ac46fe6b6001f6a71ff8e2f034b1fd8833d3be2d3c64d38269a1ee8660b9a2beaeb9f5ac022e8f0a357feebfd13b06813854", + "sha3_256_hash_of_public_key": "d35e259a200d16048302df38d8e7f9e1c3352502c43f086fe166325048fdce9c", + "sha3_256_hash_of_secret_key": "020ba30e5832867a6db83cdb1e60ddf0b0a88fb33919edb84b246a345d11da6c", + "encapsulation_seed": "64efa87a12cb96f98b9b81a7e5128a959c74e5332aaab0444fca7b4a5e5e0216", + "sha3_256_hash_of_ciphertext": "b52dc0a41015132b3e7a1ae6f544f12601869bf0673625964e5c4e05cbe656e0", + "shared_secret": "35d2a2ab0e91d365a3e2e99bbe3f5121f2eeb528305cc7730f679e10ec1c9b8a" + }, + { + "key_generation_seed": "7ec408f52c9aa723d0c41d9987682a5f4ce6c9da7cd0215af60bbaf5484ab353a08ccf451b049fd51d7a9ad77ae14a81569df8c9bd3a8f1ebea86fdcfb823082", + "sha3_256_hash_of_public_key": "5a5db7d619be642bd87294527b3f859372b279a1e6074824d9632b5d7f616e42", + "sha3_256_hash_of_secret_key": "630f093cb1ff96bff76ede70e970a009a9e5d28fed660e68127d31c3b6dbdb2a", + "encapsulation_seed": "8a95d71228acaa5f9ae6f9d9ca8ae55fde296463b41083a39e833e37c4c90f88", + "sha3_256_hash_of_ciphertext": "4714a5497351399718258f490da0ce28ce8211aad6975546cb4351c8ebe61917", + "shared_secret": "8084cfff3d54b7680e737ed71c37e449f1f9d74bf6735696c46910b13d42d1f1" + }, + { + "key_generation_seed": "c121915bfef6abdfc177dae2f5a24218f9abda2559afc6741b08e0e61ab433eb84ef52db5eaa6df8ec3a0bc5ffa730db0dde8c5f38f266d5c680a78d264a7b96", + "sha3_256_hash_of_public_key": "f0d1acd4fe1bd3bad938c23ec5a7f320766e01005e32769724abb4ebac578def", + "sha3_256_hash_of_secret_key": "664f3632f56ebc5c509931ff3b7e1845265e42a76e20550b683527d7d24e8df8", + "encapsulation_seed": "90d79d75d0bbb8921cf70d46bab497022a8e750efdc99e5f1bae653275441c7b", + "sha3_256_hash_of_ciphertext": "4ebd3e44b82b03c01ec2aa9e8805e53b8c8022e987fc9eca59c9a5cfcb1c4a84", + "shared_secret": "3e94b68a80291e957f9dd0a15b112ad75bfa07951ccb36c2de610e6755a4a0d6" + }, + { + "key_generation_seed": "d86634ecf96cc2603761e284c0e36734cedec64e7ff486469e38539c71141c5a99daf37400cfe59841afc412ec97f2929dc84a6f3c36f378ee84ce3e46cd1209", + "sha3_256_hash_of_public_key": "7008db565f7ab9c362dc38dcd3e30e5da873c559e9a9222710e8d2e7f6417ce6", + "sha3_256_hash_of_secret_key": "9e774cb57c18575de3ec6a9677e40626c2026e47c389c7a3dc5422d8a83b747b", + "encapsulation_seed": "be8a32f97b9a8d596382c02fa2a0eeebc15c083e970ddaa4f2622b91d6718663", + "sha3_256_hash_of_ciphertext": "1cb3879c49c65c184d605bc6daa22f63affd2a005e145103e6c1ac1ad683d976", + "shared_secret": "900649130f9c28082eab5ce3d128593eeaae89667d7fa4da23fcdfc1573995fa" + }, + { + "key_generation_seed": "0610678ff4dc3128e1619f915dc192c220f8fad94da1943b90aaec401683a492da1804ddb5aa9b1c6a47a98f8505a49bae2affde5fe75e69e828e546a6771004", + "sha3_256_hash_of_public_key": "143b9c53320cdb1b7e8d71efd1f0a1ad5ad1e1ce84dd9fe7c92f19c926388e3c", + "sha3_256_hash_of_secret_key": "63707e33c30114732374ac21fd5be61e6dfa7dd85a36eef2e2bae6b3d0599a71", + "encapsulation_seed": "da2cfaf69e25b2a89ff2557bbb6f69e01d8e2e7bb27a7a1ce7e40fead16f33b2", + "sha3_256_hash_of_ciphertext": "780162548f2d85c00f0276f1db2d6566421cf718679147740d279660fb742544", + "shared_secret": "084aafffcc38ac80dfc02548df07f6e7809eb0644385abce0fc569821a907011" + }, + { + "key_generation_seed": "d322d56d8ef067ba1f24c92492b9c56df3a6ef54a304adc1b69913766a1ce69756047447b810cc094d400ab204cf9ae71e3afa68b88586ecb6498c68ac0e51b9", + "sha3_256_hash_of_public_key": "f2d009cde4abd55a2c7417c9341792e60eaa8e26b53a3aae805746401c4c446f", + "sha3_256_hash_of_secret_key": "2a53faa8053fa21b7b07a96ea259c052ef78746c5d53e2857e9f30bd20d3f2b6", + "encapsulation_seed": "511c2ab40782322c06111e144e505328c4e5bfc890a5980a2bbc44aeda4c738b", + "sha3_256_hash_of_ciphertext": "9b7ead45e0e00c615fce96105720d82ba431692f92e1a73e14b490219c8dda2b", + "shared_secret": "a7fd777a337219e1d0ad2cdb47fa18f4685ac343bc537dba6c97326340ab3ebb" + }, + { + "key_generation_seed": "2f1d8a3bebb34540324b9485fdf3d5be3b858f544abc3fc641b5728cafab03ba8d6c42e7270ee2b77b6045385f3d175984a0e260363166c73b0c70c971644363", + "sha3_256_hash_of_public_key": "1f06190bdfd692cf499be99bacc4beccf048c89926769f1b254cca9a9a44089a", + "sha3_256_hash_of_secret_key": "faa641eaff01077bd2fc261ccb91d5c3b468a940e25e8d5d794d564b663315c3", + "encapsulation_seed": "dca92dbec9b260dd97e8886f876862d6effc3b91fcf3fbc986cf56ab93ae79a2", + "sha3_256_hash_of_ciphertext": "3a22350624e9ffcfeaf0a68c265dc03036e7d5bdbb102474fd2aed257fce04ed", + "shared_secret": "17672805d3953f1f374dc8671137dabb0136de43700fea82a2ca23292bd0d562" + }, + { + "key_generation_seed": "31beda3462627f601cbc56f3ddf4424e1529c04737ef0ef2af6d7401f653b8a1812083bfa3b670e3eaf9b443702fb6db16ac1197656bbd61a8e25ed523b8d1e5", + "sha3_256_hash_of_public_key": "cc20155074cd7cbd43ec2380dc6a71b3a88c9a4bf168ab2bf426a899706fa597", + "sha3_256_hash_of_secret_key": "6084f1eb2fe4b9055d6004bfccadad7bd64f623595dd0b5e0c0100d647313279", + "encapsulation_seed": "57c170e691d7a914a901b9a11c62b8b569b3806427557a9dbac9faa720ec3641", + "sha3_256_hash_of_ciphertext": "43291afa9c1a8098770d5ed9dd4cd71688c52d616e9e68798f8718e4555e0caa", + "shared_secret": "8813fdb7bcec5369e6238322be653d920ba26e0aa63a3c3b4e4218c48c1d6dfb" + }, + { + "key_generation_seed": "cbdff028766d558af4466ef14043a1a9cf765f7748c63cc09dceb59ab39a4e4d8e9a30597e4b52ffa87a54b83c91d12a5e9c2cd90fcac2c11b3a348240411a4c", + "sha3_256_hash_of_public_key": "77fbe004761fc37fe7597638e5dae8b44bd44c8d6efa2893a0a84b104ace6ac4", + "sha3_256_hash_of_secret_key": "608099f3fa437094212b3aa2696d592a9ba45f697b9c1020b69ec1d6e178b76c", + "encapsulation_seed": "6b5a14e1473abf5a33d44975ca2088bd8fa6fddcb3f80e8fd5c45b9d90c24a5c", + "sha3_256_hash_of_ciphertext": "368fcbdfa009642b3ca8fe0261d10d18db5566bc43938e193d9dae45adf2d41e", + "shared_secret": "b00167b499d5130ef82a91f83d1f1563185de735e74f89afea0b45ae1b90cea8" + }, + { + "key_generation_seed": "4c04310bea66305c6ca8ba6b8f61ca96257a67663afc11761f13fb5c7b324b6b8aec87a9a79204cee2986867a2906eb851b734b8b22b91d6749b1a5f07c44e3b", + "sha3_256_hash_of_public_key": "49cbe8daa7dac02d7795e907b037e2ae56624fdc8d7c6320f9e1e69dd0f6286f", + "sha3_256_hash_of_secret_key": "de7838a99458b56d0f1de343315d1a7d460269ded85551f70335b1e002742b5f", + "encapsulation_seed": "40e593754e6eddb7f9cf176ba2d5fd1087c90ad377556d0b0f686537b1a3165e", + "sha3_256_hash_of_ciphertext": "04c5a66da97cec8a22bca38de71927b176310004175b3496c5a2737e91b18e00", + "shared_secret": "c55179382eb5d4bbd91e45f4b3dcc5d1022110aa209c002600fe0d55a5b3333d" + }, + { + "key_generation_seed": "38a0d5f41d7dc1896efd1b45b0485634cef149828751b96087a0a6dd81b4d58aa2acf359556df4a2abaeb9dcee945829beb71185b4d6bd18b76e5668f253383a", + "sha3_256_hash_of_public_key": "a333d474be9bacbea4c301148be2ddf13c3c25d7e4f52447a549a27b6d12710d", + "sha3_256_hash_of_secret_key": "731e7c1597fcea477249114301154b9fda1050e71617827da0c9cc149c1cb99b", + "encapsulation_seed": "c152523abd8248bed40c3827bcf0f8e8127037a55c780695e2c28ea3e041a44c", + "sha3_256_hash_of_ciphertext": "841415e768ab08549533578cdb506a9f72e8d01b472b64746322328c0c035080", + "shared_secret": "91c0a23c78351e8f8de8e38c5a10e41e5290ef96266f93839169c05842820e41" + }, + { + "key_generation_seed": "97b5665676e59e3538ebadaa8cd50df1f9fda1502d9894c616a946078e56b621df05318b5f655efe36f1b678cf4b875108a18db2fa312261caf839f84bd956c5", + "sha3_256_hash_of_public_key": "35d109f57ea2764642ea3473a4f192cedfbe153a37f131cdf447b60e92310eea", + "sha3_256_hash_of_secret_key": "0420ee0853629da644872d3e2a9b0a89c9dece1a6748247d2f8f39721af21e12", + "encapsulation_seed": "ad6466dd59f26b762fb02b19eedf5f79964da68bce0459b91c3a6ee5a7e01183", + "sha3_256_hash_of_ciphertext": "82c120326a2ab109d5c3910a95ec69dc3b1c1c05570728164791870d9c9c1a3f", + "shared_secret": "ffd93f9141d4b2abf600c1c258ee78e0f752513bb002677221060cca3ff1e5a6" + }, + { + "key_generation_seed": "ef99224a03a85a46ef115474ec5b5d620da6795d6efcca4c9135d19958a9de62df7d92dda83e6b2ef4cce08c9134563063068a196d7b1a1a13623e48ae12528e", + "sha3_256_hash_of_public_key": "cd65fd07a78e48c1a02e235ec76fdb509cf9903a4f5a850c51d9d3fda383cc67", + "sha3_256_hash_of_secret_key": "951cf21e37dcba710b581e49a6df1c75c65186e9672d647e9cd7239eb4bb975d", + "encapsulation_seed": "1a4d5dff5847cfb48333e33bb00ca7301b144aa89dcd412ff5a3b1081d775b7f", + "sha3_256_hash_of_ciphertext": "0217f113b6d5786c3995b366adff6984d0c8d91a388f798a9556d7d3a8252b9c", + "shared_secret": "550b4e8c00bb5ece74059879fd14f5a0a89073d8a54f8bf1597f1ebf198a61fc" + }, + { + "key_generation_seed": "b12f6fd965ea9c5b947db80fc60c83d5e232dca82e7263027c19bd62e5a6ff550f6aa3e88f7fa8a96067f8cdaeceeac90c2d0b5e277e56e9c405ec9420c30252", + "sha3_256_hash_of_public_key": "376f022313718aba325ef4c3b720e2c3ab314ace74e983948ba2e43ee3a6ebde", + "sha3_256_hash_of_secret_key": "e697899409d15ce13113a2ad86448157a248ff0701b40eec11fb4afac7b9f2fe", + "encapsulation_seed": "34f44ec2092eeaf686f2ea170591a98527cbb03a4fa9477a7aef6b41a54feeb2", + "sha3_256_hash_of_ciphertext": "26c5a91a627899cf23122c5881bd00b0a4f76e0aaf5de60d1d273e8e635b574e", + "shared_secret": "e5b98a3c32a5563c49df725e661a9f44a20390cf83a9779ecf5e7d9f5aff0143" + }, + { + "key_generation_seed": "9f52af92ca165fdc38788f2b59ba02e01c8281ff7c1e60504688043a5fe814b04f3029e1be4e1c0258c3a22ff5b50b2674cc094ba7018da2a61569845c17d26f", + "sha3_256_hash_of_public_key": "7944e5d79dabf7b7259df5ced02669c81b7dc4590e0b10764729d812f6bd85d7", + "sha3_256_hash_of_secret_key": "301fb18a9ec0d975414abc4d41ed0c553e2b9aa2b03bf2765476e3288f760ee7", + "encapsulation_seed": "6250c81126572eec2da330271db36ee591f060fc7e53eeefe2e1c476c675fa33", + "sha3_256_hash_of_ciphertext": "c7474d6b8d9b3677b39b69030f40415e2234e637e200c689f90d6b37da3c4a8d", + "shared_secret": "169929e655f214d7ddca31eae7ecd2e01d9ee0601fd4a2c3a59eb701ed9522ab" + }, + { + "key_generation_seed": "851ea90fd3854cbf28fe39fb81f68e4b14345cf0d6eee7ec4ce772513df8410d1c0ec046899a777655233e4e1b5ca44e9afbdc67964bfd5d5e3dbb45e60d03cf", + "sha3_256_hash_of_public_key": "692176b38737a053dce0551b63e3eca81884bbf95e1d8975671a2f7f1dfae251", + "sha3_256_hash_of_secret_key": "1ae55a55d87ea8d58b51f842c7d6990a1ae6932eccf5c39e97f56bb481a16b7d", + "encapsulation_seed": "35d470bcc5880872754810dfb3f2796da2fd7f397537146f6488c27804072b34", + "sha3_256_hash_of_ciphertext": "7509dec8c1dd6f29855e08d61a56ade71c6bd9a47102a12b3d4c9784010bc5d0", + "shared_secret": "be36ca6f5e0d3da0b5c144ebccd725900a06782fae7b2707ce7c5cb6818c8991" + }, + { + "key_generation_seed": "d304c9389cc973477f169788abcb9d511f843219d246a9b587822f422a70c2386590a2e5c7ed86cf2c5c2a898662bc9a81418720bbb632ef9cf0b845ed052d73", + "sha3_256_hash_of_public_key": "2f54bedb19919171eca777186dd743b11ec9489aea09534c157faa75adf1c77c", + "sha3_256_hash_of_secret_key": "4bea180ffc80875ac731f18365224bd3eefc8d11fad63c7376adc1a37adc67bc", + "encapsulation_seed": "8d667921c5db401a86fe1c35dfcf164a6bb2ab7400fd6a0b67eafd4a0ed11940", + "sha3_256_hash_of_ciphertext": "def0451ac37ac39a0ef5b94406de4e313b3d12d899d6a4e92f3ee37c84869efe", + "shared_secret": "9769b7f3571089f1a086606f3545dcd094097befd492e3c9889f9a97c7b181a4" + }, + { + "key_generation_seed": "89a6e3be304a3518fb82b18ca730f0b359cd6ba90664a493fb4f8edaf965b9c3b6591121e25d64010c25a18676033e1d7278ac5f2d0b43a31f3a4156ae710465", + "sha3_256_hash_of_public_key": "7a9232085a0222b9c863931ec3bdbdd51be3f16d6cab3009c138e0c8cb692563", + "sha3_256_hash_of_secret_key": "a01d03ab913ef4672c49664d2c95fecdd98fcfc19e8d8b839e79a8f6fb9bdf42", + "encapsulation_seed": "ec750b3939385a3f8df868119dc76f77ca845567ef068de6ada5478a56bc78b6", + "sha3_256_hash_of_ciphertext": "45c35e22eaa9d63a6b57f60ad2e6a35290b290c01761030dea1c9aa7947c965f", + "shared_secret": "7a190640b245b6b4de7ac38fa6d4c50e935c0062c2089c926e4e8c31f233fbba" + }, + { + "key_generation_seed": "d569b935ce015c85f792f8f7fb0d83c4f53b492959361dd4f75fb764d656450176eae84d11c4528382828f7a689a0d5cff87b8ca0bba97feacb39b935a8788cb", + "sha3_256_hash_of_public_key": "1642d52117145ea2956bd5e446b895609be84a9344ff0f5cd1ec62af9ea9e3c0", + "sha3_256_hash_of_secret_key": "e2d190c6c423252af301186a3e49892da8c22e4c0fb61586d119119fb7b07447", + "encapsulation_seed": "74f1d52af09b12c36eb062ea7528550cb4c18a3ce8e4f4ea9fac43ae383bc925", + "sha3_256_hash_of_ciphertext": "0e67bf478bf93c925eee2cdfc285161c1b6dd2ba3a479dfb5fd9203ffdcd3c85", + "shared_secret": "5de71ca6710d2d588f53059a15e3a266eab4ed2230502b597f088014fbe9b659" + }, + { + "key_generation_seed": "5cbb141c2763425c274f7404fe530d9116e08c33f9f200a20b011cf563a28990fc9ebbe336dc464489861db8253606971bd0a9008a433ed17752d04023781552", + "sha3_256_hash_of_public_key": "0163017a26dba83777c4c0f46f31375ba02680ffaba588a9fe91f97ccb99c445", + "sha3_256_hash_of_secret_key": "5d101bd4f51fad047a1161e7a95197f6307e7cb88e57fcf9fb28a2be43e9f4a0", + "encapsulation_seed": "4b3a70d85f640d1a2a852fb6fe96704af56a7415a8ee4282e9207bc3a2dc116a", + "sha3_256_hash_of_ciphertext": "7e38f78738ad21d1015a2e79860e8108e807a3e7070515185ae581345e08f6e4", + "shared_secret": "42ffbb3ae86b744b00f36a01f9cb34e8a08916f455c9ea0e5e6ce81bb5042cae" + }, + { + "key_generation_seed": "293abb6d1c207927945417cf84883ef010823e11b487ed55239e466e83696d0cff8563038aad865a817cab9ce98846ba75be9363718ecf5fea538aea90b2a558", + "sha3_256_hash_of_public_key": "fb21cf5cc9a8a47a07cb2a154f73676d39a98a7d12a4abbd37378595c6332f46", + "sha3_256_hash_of_secret_key": "3c5041ff25ab5e854e792eccf12721be4f820020ed7895d5ccb7b1ba4bb7b193", + "encapsulation_seed": "26e38ac804fb5b4d59ddf747715e7e6041d875f99c7b638024b4af82d622da60", + "sha3_256_hash_of_ciphertext": "e2b8a6842755e5a408a47a32c2093dcf3aa0d32448ddb1f1a154315634f1b701", + "shared_secret": "90ca5a797490eb35c3cc24af19fca6dc71d41aa58d68e0061c1bdb8481e691d7" + }, + { + "key_generation_seed": "74d87c7556f2671f2d666854a4d6e073e69f35421e6e1a428cccea49c37f972ce1fb7456ac0aa1b97068f452cba64ebdc138bcf5d36b0a0fada2a3b374141eb9", + "sha3_256_hash_of_public_key": "591aa9c81277503a34441fbd6cb59c6d1ecd5e00298fa56be9df562576250c52", + "sha3_256_hash_of_secret_key": "2e9c26235e0db1383671ad4ef147c1cbe3724bf800be90e356a5a381e3d9aa12", + "encapsulation_seed": "a319d2b8f114f1acd866478bcdeba6fd164dc4e37b0adfa8d8034afb3e197376", + "sha3_256_hash_of_ciphertext": "02f85b52a3684cab8bc416b74de36ac686cf3a3a495440cd444c1fe7d84b2e07", + "shared_secret": "bd58345e9e19483cde256be650975b954e167bd8b0a9036a95c98ebf037e87ec" + }, + { + "key_generation_seed": "013bab0212d04ecd54b478daf72748003a25e2cb060ba6cc50bf95c292b8206b9da0c5da5f195b80fbb99c2e8b06926074f3f604b3f6195b5a5b9737876bba72", + "sha3_256_hash_of_public_key": "1c6c4009e28f6a20aad0c0b14b7cc0a01aeca507c366913ba5cadefe6656881b", + "sha3_256_hash_of_secret_key": "a9d3487d20af12309fb8d12b71a3fc3ad9109a9cc2720a0fa409ec5a491943b4", + "encapsulation_seed": "ff646071b2509e6b75790917e08e4f0b0d9f0116ec6291c0b59eaa4b583ad830", + "sha3_256_hash_of_ciphertext": "7a5d4cb38e9fb2beefd925d54155ae91d60bd95696db2de45e2307658341f2e7", + "shared_secret": "53d22dbfb623f5282ac68ff607b69b9ce559ec3b70aae668c684d90dcbbca13d" + }, + { + "key_generation_seed": "ccb073c4b90be0ad746e26fb093b60c70110bd1dcbcddb566a8cffb7b3caf80e71600a8982c350df524cde514431ded7aec23576530894bcbf0ec0bfef0bb64f", + "sha3_256_hash_of_public_key": "4576536d1bace29aa7c31f7681222ddd15a3cf6ea6bbd3528d2ec8610d68d134", + "sha3_256_hash_of_secret_key": "0f1d74d5cd2fd6a9aa7022a0f06bdb6272a0bc23f115796d6e04692aa44de4ab", + "encapsulation_seed": "0584270ec26f3b9818e4af074d17b2d51037cc8dfdcbe3b140fa4fed5deebc54", + "sha3_256_hash_of_ciphertext": "8448f623dc438ea4a849544c4fbcf3dc493b18dbacb911b83ed651155a145c53", + "shared_secret": "cdca5387453ba0f0fe9f126702ada05c3612388b70185b6c2e69dbf98c2803ec" + }, + { + "key_generation_seed": "2e889f44e28901e9ac7ca6b2fffcb124c8979401b17064d7e1d51a7e3c3adbfa0e145e44aae52cfc609e6f47fd7a6f6af877190ff52256d0ac5b05b89c3f449f", + "sha3_256_hash_of_public_key": "eea5db7a82254d19c0a0c552ccc92db9c3eef74cd73a9937b7b7298171313f12", + "sha3_256_hash_of_secret_key": "d4d3196a516686b8da051e915241f141b04af55e83effb968c52f23a19ccf79d", + "encapsulation_seed": "51e05c7b4ca3079781e8293f4eccebeeb2f8c8b4c59468eddb62a21bcb4ab8a3", + "sha3_256_hash_of_ciphertext": "84e87b27235041a1815c98ca4cf9ce031d7700a48f602bc9dcc98f876ae50c62", + "shared_secret": "b15db77dc79f2d64e13445c4dfa997afb191e0bb2bbf6a210a5d64263b2408f5" + }, + { + "key_generation_seed": "174aaa36410566dc15a5e62874218d7abdde0b2c0f30d877bb80b1abd5f5a0a450a7a2354f7e5cefa6f4a4e9a1c411eb9364506e9e1204a8acb3cb77fbd2c4ed", + "sha3_256_hash_of_public_key": "72998cc3abc79487ca0a4db5b17514e9961916d30ab9b500430ba748c5c79226", + "sha3_256_hash_of_secret_key": "362b40ba4e015b703f639f4c784fa9f114f2cf65de5f6645e8f9d37fb33fd044", + "encapsulation_seed": "9eca0fe36c80fc5eba171c3ae66a5b1c923faa50b4521bb055e7bf51005c93df", + "sha3_256_hash_of_ciphertext": "44b60f83deff617231e92c5ece08a24243841d3df34de2517c29bdc89ff51400", + "shared_secret": "8ca9424860c35214636855849bb039cdcb4c722c5b81ce18ac1a1090034dafc1" + }, + { + "key_generation_seed": "351fe4313e2da7fac83d509f3103caf7b4c64a4d458fefdf636785ac361a1390f072d9b5a99f9c7a0a011e4dc10f6b600d611f40bba75071e7bee61d23fd5eda", + "sha3_256_hash_of_public_key": "e9631b6d4237dd6884ae3647dd8622fc13d1cc689f3c8ed94ec6bcd4bbdb6980", + "sha3_256_hash_of_secret_key": "96736bf10a73d079e56f5812f65e3465957b8228423fdae4059feaf918fba361", + "encapsulation_seed": "0c5719261caab51ae66b8c32e21c34e6d86ee4aa127d1b0195663c066497b2e9", + "sha3_256_hash_of_ciphertext": "eda93794649d2ba24fb277e8cb0e5788102a4796cb21388caa25eb10bafefc5f", + "shared_secret": "b056e2904d66c51dc817acf961f141c2de7d201ca8e52d19564d0fb4e1310aa9" + }, + { + "key_generation_seed": "9bc5315580207c6c16dcf3a30c48daf278de12e8c27df6733e62f799068ad23d5a4d0a8a41c4f666854e9b13673071ceb2fd61def9a850c211e7c50071b1ddad", + "sha3_256_hash_of_public_key": "847db13de94d97a88d5a3deae31c246f5f04d0c7d7f337859e024764337a08f2", + "sha3_256_hash_of_secret_key": "7fc950abb115ea2236036c300c95c76015606539ddd2409ff1b39a99b86a179f", + "encapsulation_seed": "0e59f6f9047c784c1f00b24454aa4f1bd32c92ae7e626549972f86fab90e7e89", + "sha3_256_hash_of_ciphertext": "af6d97857d131ebccf9d356e78a4fbbb66c7d5ad68fd42d356c3ef14aa756d47", + "shared_secret": "663bcd21601942f0ce47640325c9efcfc3eb3b022f0cfaed168893b1b6e5dcfc" + }, + { + "key_generation_seed": "d8b907b34d152ff8603b73051f772daa71eb902c47b7e2f070508269d757e02e36b817736cbc5f7b1dd6eef5fe6332fb1a598f3871e5470d440fd2ea631da28a", + "sha3_256_hash_of_public_key": "f122b76b83c343de27054985634387fb7138f6f6f105cd4cd3f5b02698a964b0", + "sha3_256_hash_of_secret_key": "620b4d0dc53a26e175c69ae7a8f2d749d4adf1d0429852b84839d334e024ab06", + "encapsulation_seed": "a3963ade17d69debbc358dda82c7bebe2c39d25b36813058e7a161542e3f8c2b", + "sha3_256_hash_of_ciphertext": "51f8a50f2dbcb1255619a7a9868eece507b55d2138707a0550a4113a7e162d5c", + "shared_secret": "cad5816f1b2057a410cf917f52040aad9cdef2122ce59211ccef77c4a7c23a6b" + }, + { + "key_generation_seed": "684a29e4e5480a5f2533e1526b5fac8cdf5927f3d85087c71f928c59690eb56575d12195ec32a8686d0600e45d4a7f54219b0d7a3826d193a51b9156ecf2edd6", + "sha3_256_hash_of_public_key": "4c3182ca7a48afe60eb85790dcb50b8005b568921dbc724130b0ce83f1278454", + "sha3_256_hash_of_secret_key": "44b1c2b3487cdda8a8e9205d95dca710093e981e7bf2ea30d1d2502b164375fd", + "encapsulation_seed": "97beafabf2c8575586487c7a80e8af5fc50f94b6051c1bc66a5ae9f66be3cea7", + "sha3_256_hash_of_ciphertext": "f231d9b8e3cb86e9daddae8d4555779a9125a16a6d2984ef55914a27d7912fbb", + "shared_secret": "e8f4dd3d2bb2c2f110bd410b2c37beee6d3bc7c7c4dc477c358234c54bbbd4ca" + }, + { + "key_generation_seed": "d76b3573f596eb286ab5231feec7499686b13021be36cb126c7ebeb9d7030daf248c0a21ea0bb6d6f56f12300e8584d8e9a34e0e6f52227281151ae4c305fb8f", + "sha3_256_hash_of_public_key": "4359601c371b50b50b5306de33cfd476d3b5f811700dc4918beb345840244e3a", + "sha3_256_hash_of_secret_key": "6f2d2c913b4a19bb07b531d74edb549659a35d1330b1ddd62c74dac4bc5f061c", + "encapsulation_seed": "75461decd34c50d6a094b4a64fb75e5e9479f8f9250d82bb7d729dedeb2d4b65", + "sha3_256_hash_of_ciphertext": "a6130d387a04846c8b920f94f59d6c65b4954b6ced0f0d6a8566a0110c198a08", + "shared_secret": "249855eb724db68f7367385c45a3206fa19c521644f8841b7a73f536ca47c26c" + }, + { + "key_generation_seed": "b87439fde81c9e39eebe7cf741c685785532c1dd23e8ef868b9ce7a541010f3d1646460817a0fce5836bdfe124a7448e7adf7b8ecc2652ac6d280e986682df71", + "sha3_256_hash_of_public_key": "e1f6c5a99a49d6b1b4aa18089439bb4c56ca465785bb36594ef2ebd3af20d564", + "sha3_256_hash_of_secret_key": "fcc14cdacdcebc6d1933f1ec9d430c643ff5fdbd78d2fe053a8880e6ee8ef129", + "encapsulation_seed": "2607dcf4fd6ca1c614c21b5e37c24981c32b91c8c3e6955777da8a3f5d9c9335", + "sha3_256_hash_of_ciphertext": "73a09eadd34a8be74772db44187ab49a2bc086b91848c6ff09f1306c264f6fe4", + "shared_secret": "f1be516b31ed89cb70bcf428a2ba2c22b3919f8a9824a59b875ff1e697095ae2" + }, + { + "key_generation_seed": "056661b38038da4fdd7426f32a81576c73ed84843b305168a374f934e27a4e1b79238a80dcfd7c992d84b2dffa67493e669243d4fa38c46b090bdf86bc548411", + "sha3_256_hash_of_public_key": "b8aa8568431ffc4681caacecd4475c838cf7348402a06413e7a9590ba405ea5e", + "sha3_256_hash_of_secret_key": "f1e4bb0178d949637c06e252493235480d3ed16687e9a1c36df0721b29a7573c", + "encapsulation_seed": "38c89bbe7145c29e9a831c11431eb9929cb24fb4992db20737e4687d397fd732", + "sha3_256_hash_of_ciphertext": "24392701d3f5204f5cad5662bd6526a178567186cc070d951e03593e5722eb46", + "shared_secret": "6ec4f71386c0f0c16294e4d76966c69c512d4e5e00a6e05c5aa544e542454225" + }, + { + "key_generation_seed": "a1b52d871612a1c611ae0944f9e71858f35d3bd14f20e96a931720668bdf0a6b1f135cf64b6403e103afae34da038613e2853bbfc36baafa3c6a95347193f37c", + "sha3_256_hash_of_public_key": "984f4c4ef2371654067ce0f22bbe4648dc9d87eee23842f31affcdc36328e8db", + "sha3_256_hash_of_secret_key": "240fe3ab98047b1985b22240622da9669f7ecec81801861ea0859704f3263f6c", + "encapsulation_seed": "b2c35e33c72d90182791f0e12a0324f5b216efcab2c8da1bee025dfbe13f4152", + "sha3_256_hash_of_ciphertext": "f190fb70fe762db7125e3ba3b459e32bf99775c3c1efb84ae1776b50206db7df", + "shared_secret": "464274dd39f2862a97833631ac446642b3c3dd6467c7d2404aaa46a8f5f65b3f" + }, + { + "key_generation_seed": "952b49c803d6d6fba69f4375adce8594847a00bcae2179da49af2aed0423250262d7033947ae42ca53522a65fbafe18d3bc3e0cb66164e9a094fe4b44d8977ed", + "sha3_256_hash_of_public_key": "74841a59db1202eb2e3744bb36b9c5a229a33cf9eeafca4b3d02d155d870b6bf", + "sha3_256_hash_of_secret_key": "e808e7b999c5bedc14a1763428a3f2b3eb9c3f90743f8a1922c87b5874acd79a", + "encapsulation_seed": "afb7d6dc2b7eb6d84acc080c1be63c98afe7b07786b5801f716444a3e8e64800", + "sha3_256_hash_of_ciphertext": "675ff34f87383d52203c979d1502e2fd35d9da09cc095b44caa073cf58562ba1", + "shared_secret": "99dd968e1f5c94c6c4d92e7eee393c802d8ea4a34d39de2048eebfb21a0a4b9c" + }, + { + "key_generation_seed": "3c815e57e9233e975fa1630208aab206b71ae0db37a7a8789ac683d9f9b2d29801c8e376fdb140ee343106c093af7cb149b316ba79446ceb4e5e0cedb9b164f9", + "sha3_256_hash_of_public_key": "f7243d71bcbb46b9a423431b3b30947eda5fd81b526cce79a36730d8ee1be42c", + "sha3_256_hash_of_secret_key": "b1e6993caef04e00ffcf42c81ae97c6d89c5c19bc3b3e1235c48829151f8b4cd", + "encapsulation_seed": "28f5e9dbda122b2cf8f3754fe9e0c73a84ad4b0c093522e0b62cf815d60bbc3c", + "sha3_256_hash_of_ciphertext": "319744b03f01b7676b3975b70d20698972d5492a2b0c8e0833837de36945c699", + "shared_secret": "0642533fe87a2913a37847843f7336a0e4c47f778afe5cc95433948a76ee7ecb" + }, + { + "key_generation_seed": "588760826dcfbd36d9abe6ae44a669bb3ebba6a218eab69e30f18a3bd536576e0e860576285483bb5fd36e2f944d32c4317bebc1e441470c1372046a790d79d4", + "sha3_256_hash_of_public_key": "4092d5afa2f038f879184f7344800ea49a63543be9600bdc2b18420744588290", + "sha3_256_hash_of_secret_key": "18b8bfec268d6e1d6edd376689f2bc5ffbcdc859cee0a26ccf550fb42863d57d", + "encapsulation_seed": "b0d713cbef0bb1df70cbb425d1e9373e9f7790fdc7980cc96a240dfc53f1e8e2", + "sha3_256_hash_of_ciphertext": "4fb1c5f9a918a9077f822c79ec0697dd6dd7b23ff3cfffafaa272dfb1233bf8a", + "shared_secret": "a226b83601ae0e6f76f9f08b0a2f6eb30a3afaa39ecf5c5671e988a354fde9a7" + }, + { + "key_generation_seed": "47550e9edacb6ddce3d9ab81f6b61080dd4f2693854acb05e0ccc7a4fb6390fbf89d7d99d5c3e0d10d6ef9af054d842375f695abb28e3b8eb495100f04306e92", + "sha3_256_hash_of_public_key": "ad7166f31b2650d125c8ef23b5825fe11afe25d0cda306fa6c7a824b4c2d31d4", + "sha3_256_hash_of_secret_key": "0124d8202fcb0c40d7a6cbc1570df65602f376854abd55ea664f66e3923b3d56", + "encapsulation_seed": "32bdcdb7059fe27f6409901980c080308951ffd90deffa8317b4d213a5f04495", + "sha3_256_hash_of_ciphertext": "74501710705cbe8837e88dc8986d78310ea57196185e3ee3ecc8d17d8cafa7ac", + "shared_secret": "3040e7e4eeb844c1385a78dc3c8a6375880ce8fab92827460de1825a4915c3b6" + }, + { + "key_generation_seed": "610afb64be8cc1df288cfb016ee2f44c6c07113de7f6fee071fe0c3fe31c6215cd292e4c5f9e1a55e0489bceffb204d672a6215f4f3980a646d9f880817c52dd", + "sha3_256_hash_of_public_key": "37933cfd8c0e61085f2ae264d85c4ae05f8bd40bf29976c6d52e4f1c7ff709cc", + "sha3_256_hash_of_secret_key": "e9a6c0af326ca00c7f8ee0b6ef5661be3a84c39165ff60fea5510cb219b8f788", + "encapsulation_seed": "4ed7c92d83bd03b2a25b567f17ae55542e2f6a4308ec0f3fe69f8ba5ae24331b", + "sha3_256_hash_of_ciphertext": "3fc676cfc433cccd2d248824c4f51406491cfd99bd05f863cb4200155ac471c0", + "shared_secret": "d990008c5eceab7097524d6755c663ba04599eda80560d59088b21cd73243462" + }, + { + "key_generation_seed": "e1953800acaa85ac02a906c72cb8e8d704e8d27820345f88f71e89c1f549afcc8c64c049c6dfc0f1476cffd520b055756162f7ec94243de6b14ac0b9e5fb366c", + "sha3_256_hash_of_public_key": "ae96ec4edc7ee08108fe6c0411a96f48731066ae4be12edeb7fc667039c9c1de", + "sha3_256_hash_of_secret_key": "7110c8c6d14a3cf5dba3e5f2ecda1ed1490e62b032f798139b779054da20985b", + "encapsulation_seed": "060ea5d2ed1dd88144a9885e79278590821c22917b55a48920f96b53ebe0e689", + "sha3_256_hash_of_ciphertext": "9b33f0f26252a0e1b92f55f4c0f979efd5ef68ef1ed6f23bf23e5eab1c732ba2", + "shared_secret": "bd50423b4ef27559d67532abbfad2a3a388e3dbf4d7b6488c2b48f19cee07ad4" + }, + { + "key_generation_seed": "c719f9b2d16399b7326ce4eca30dabefe8fdaab18e9f6df888b0a134ef355570e40771856eb77e4633504899fcb86c6a3d433d0b8d60e26f07bd61f1d4ed69bd", + "sha3_256_hash_of_public_key": "4e23909b028699d6677eabe6bac4bc4e8437acbc52b0b17f1df5760c0455c2b5", + "sha3_256_hash_of_secret_key": "63ace19297953d106cbc1df1a25143a15772197c05aefb070825ef568eafcf23", + "encapsulation_seed": "10ef9426f8c4a13b52325c5bb4ead4596ecf2c6b5bd2d37d8350e90d4164fdd9", + "sha3_256_hash_of_ciphertext": "7747110bc34f1a35fea13d10fffb950a85bd6d9247c89b2071afce7544b312bf", + "shared_secret": "38e3d97b0547e648b2b722c4844f59ed43dcc4b40fa7dcfe6184c2fe62ab3530" + }, + { + "key_generation_seed": "e9acbb774be970206c3a738e243b420805a509fa59fa902044be2f0d013650d2ded5edaec5de3bf5b4d7c2f2e18e87f499c1968993eff196753db8045e2c8ba8", + "sha3_256_hash_of_public_key": "513906f5bef81445bd210d63fc4c9b9ef0b61c17b0cd5b229a45908fcbaddcec", + "sha3_256_hash_of_secret_key": "11added546dd697edc51e8ed16ca3ccc9da9629c4ce0c8404d04de1aa8b8114c", + "encapsulation_seed": "a4bd30a64cbf29a4e290fa1cc1dfb99e68348713041e4409a1af23c5d80c15c4", + "sha3_256_hash_of_ciphertext": "569f8e9da2051bde67bd3ff8e81e3b4e749b198586e2ec8d0544e6a8793aa782", + "shared_secret": "cca4f1d172212f8c23eb5da77144640d821d2671f66f0b3015d0b46e274e193c" + }, + { + "key_generation_seed": "c1b3cbffad4b306f9af0cdd3028876486dbe858875c9b6497fe20172a986c82b1c96249919cedc2369d8d739ab125e0d2ccb82dfebcd90240a545cdfe07511f2", + "sha3_256_hash_of_public_key": "4f8b3e9ae47d3b5b95c080d4f18440c24b0691c19f06f5547554697bdfe97b01", + "sha3_256_hash_of_secret_key": "cf4be19205cf0c2bd0eb0c1e7aabd40e265792bfc302bb0f28716c406585ca37", + "encapsulation_seed": "f4b66a7d3b65b896dfe100b2cad24b175a1168cfd2ae11fd704b835f6bcd311a", + "sha3_256_hash_of_ciphertext": "ce6e0b8523fc48a54f1b10be23b1e990a390e4e823d4483681ffbd2ad09f4977", + "shared_secret": "dd7816a8a015b2001258e665dc0e576ae19b10dba9704be9c484e4c8ba645522" + }, + { + "key_generation_seed": "ff7495b8575b5a98e4fd21fb4c3e58cbb60f14bef21aa74cf8802e3153f14807bdc370460375a778d1a31d01c42b66367ed8d9e8f84551002f552f0e52102b5d", + "sha3_256_hash_of_public_key": "c1b4fdc4929c2c7e4501ba7a9feb0be571e27c43fa96f9a7f934636ed9a86110", + "sha3_256_hash_of_secret_key": "5b475ff0aeb273c017d1e7d7cd380e41d50e634840e443a762608c09282f3007", + "encapsulation_seed": "1d7b03d3c5eefb8ae5799dc569aa668f1bcb8c86607b089d3530cf61d6380147", + "sha3_256_hash_of_ciphertext": "556aebca384b3876ec2c00d446239855602625800bd1ecf1b7eb3411d101d442", + "shared_secret": "e911f73a4c23637a2708739bd5ef842ccc57d32993f30d6ee1f88acf5093ebcc" + }, + { + "key_generation_seed": "bdc3fba1c32751139fc45bacffb3ea97f26573d804a5f27a459293d95190ed8efd5a08f656a6eb8cd20679930a31caa6a6331c4b133a6838c223ef9f769f6246", + "sha3_256_hash_of_public_key": "df4f164c11041dbe981d8ff2008757b7e694f564a298b92cd182129ade5e72bc", + "sha3_256_hash_of_secret_key": "1f836ed803ea8abe63224c016dc15468719599e06564c11e9f641eeb3634350c", + "encapsulation_seed": "554f3385b382f4a46314de37ee3885addfc5332bd4038785094e0a832e9e8c2c", + "sha3_256_hash_of_ciphertext": "5dec68120c8c2182ac2b2995eac56b91df2ee9c9bce8e801853e2cee14c0d8a2", + "shared_secret": "572994fb967815fe8bf36cf41560dc69aeba8e32b13e1d25128585dbb0e71068" + }, + { + "key_generation_seed": "447f6076a627bbc5ad7773fbfeb14b4ba9ac43a0f8b99fb6dcd5e452aa3c47ec20a7237801f470fcc2bd9fd7bea8322859b850f7882d362947432913dd068c01", + "sha3_256_hash_of_public_key": "ed722667caf175df48a3a346ec7cb1bcc37d67d3137ff7b7c70a07f202893a33", + "sha3_256_hash_of_secret_key": "272df80631771996565e673a4dd92318e87e625097f74fae14c688a24b558216", + "encapsulation_seed": "38bf0033b779edf5367d9ebc01c988af90904c560970815837380650e4749eea", + "sha3_256_hash_of_ciphertext": "4214ca50c6c732d34dab0b460d7cd9e0ae97346fa50a67386fc35ca0ac8223fe", + "shared_secret": "92c63dee4666bfb34fe3095f65cd458654df578f6eac0ec75f5235e5da6a926a" + }, + { + "key_generation_seed": "2d5df64d62cb07fe630310bb801c658dbf3d97993e68626745de39d37fbfc2b27b534537addaba4ecf14f02ab317d36cb9f0f50222ced7cf029dff8a0d3d2fd9", + "sha3_256_hash_of_public_key": "0c4dc82d723965476a518ea0915c1554bcc61c814c80ff120c37e7e8ed6d5c40", + "sha3_256_hash_of_secret_key": "d9e7fabffb14d620ccf618a1e25375d4cf58875c38ecc73587cd09b17621ade4", + "encapsulation_seed": "048ea516d0ebbd9f709b47eaac66f344c571cf50f0d01c9466aa061a50b66a24", + "sha3_256_hash_of_ciphertext": "651834fb53362a4c4af0b141885056f9db913c4be968c1aed3d7d3f5bd1048ec", + "shared_secret": "0e2179fc3d310aca496244699b05da9b7bbb7891ed41b675e5dd48355a586360" + }, + { + "key_generation_seed": "25056d1b8113bb362dd979d98643d7a7ac9c4f95994c0ba060609b6d07002ff3f48a9254dd40b117941fa35a66bb50296327b725525deef70e128ca8045ec451", + "sha3_256_hash_of_public_key": "c934c11e2eaa7c3c4e764863e436ff12fc9f517c79df6344ab98611f57fe7296", + "sha3_256_hash_of_secret_key": "4f502a9abdfece85347362ac4c7e2beedb137e29a4b638c9bfd710de432b5e5a", + "encapsulation_seed": "686c921c9db1263e78ae753b1c9c2e7936b8229dca48c0942c56c6bca4f10917", + "sha3_256_hash_of_ciphertext": "06786544f2ea24bcbb677092f4602d59f9cc9d2d8211614dbb5b87edc6edc46f", + "shared_secret": "573a8fd5e5935badcf974c50cc36e191f0ae2c1458fb00d4117e675424d4e37d" + }, + { + "key_generation_seed": "e4d34e12982aeeb1d62fd488d9b9e28557ed3429292239fb4f76fa9098009acae6c45c7fc62329b13c8d29844405db8ff6860de474bf727ecd19e54e6e1a141b", + "sha3_256_hash_of_public_key": "5b07c8359e6ec4989c34b31293f4df965b5d95802afa5836beabb001d5cd4dae", + "sha3_256_hash_of_secret_key": "73973aaa43538874f8b16d44faefbd26dee5389a05fad2d4f966662ea9eb1df3", + "encapsulation_seed": "2387772e50059cabda53cb93ba24b19ae529496c03b36584169451525c4a0e7e", + "sha3_256_hash_of_ciphertext": "2d6085e31726d74e2ce2a28088ef3247b68b39d0d51c225df2521ba327bb3154", + "shared_secret": "c8d5e0dd64b4f3c6450fd24ed2918887d3ea2806479d3fcd5a19894f4fe401ea" + }, + { + "key_generation_seed": "cd6a99396eb3539ca663a51e42063a3a262cc1c5a5fce1566f0597b52ad9fa325a3407f591791a5db4578b5972093a95bec3b8e70c1d542c9b5c9789729f8922", + "sha3_256_hash_of_public_key": "37f1d7e636b4ab366dd5725957b9e5d2498e4ee1929f2213f9d05c882d96a106", + "sha3_256_hash_of_secret_key": "1b150644ef3edff5c406fc9a85e16fbc87cfcf8a6ac726284483947cc2fffd63", + "encapsulation_seed": "155c29c5f0378df0cd0e847a80a07143cf7522fcd880c9229eb9feb1ce340cd2", + "sha3_256_hash_of_ciphertext": "37d80e33f5bde211a9a3f634f8505a816e46195616c34a51d62b031822201337", + "shared_secret": "f0691ad2fe875e3f0993f25452c70f0c40891b998deb6a7f7aa3c0bacc59bfce" + }, + { + "key_generation_seed": "6c8c53ed6f65e6b2e324b84364e10de42d1c26a106d4d1c99eee79c78586fb55b9402bf02481ce4b27a52e87feb92c4399c7f2988d40e942e7496ad15ad2aa88", + "sha3_256_hash_of_public_key": "a5383897314d60ae0ab1a8b50d6f5de454a2eb8b0502d57001e6e19223a82ef2", + "sha3_256_hash_of_secret_key": "38e8404120bbd346e0483ff7eeb758bd655ed94f6c02e427468f0c5fdbd957f5", + "encapsulation_seed": "a9cb9a61a3324b1ea5afe693b32784e2871096b2ca14a11acc9577c52359a241", + "sha3_256_hash_of_ciphertext": "3e819dc1fbc939e49bf5935fc8ac8c36d8c16da057091442df74a76fc3125fa0", + "shared_secret": "bec215c6bb33e83574319c839db1ca6793931d35a7239bf4ad3c4a493fe5c5ea" + }, + { + "key_generation_seed": "2107204cd995f1df14314d5381f8c5440f09a347502e161cffc0a2ec3dcfbc7324c3da70fe850e80aa818301d60c70f3038153866dcd5d179e22db59b8991bb4", + "sha3_256_hash_of_public_key": "500dd7b94b28b5b650d90962962bb9a3ae96e70d35723217f3f178cbe5659051", + "sha3_256_hash_of_secret_key": "5930b10cb88d66ad1ec117d2b134f921fe4ec980ed9c351951d47d33510585bf", + "encapsulation_seed": "e99fbae8a024ebbbdcef32ce213f6aa942e3eca925e5da4c09975d773b33a175", + "sha3_256_hash_of_ciphertext": "cb20903e6ba3a41f594cd09056c0a7af4dea86039677761e88dd6818db0d0e88", + "shared_secret": "18a505a0543800a93ab6e2fc1d866e22337fc8387d32541008ff82a73ce7dd31" + }, + { + "key_generation_seed": "63a925685a8ac5bbd918faa33ac397d1ffbcf99135d9da7c3d6ff7aa4c50af3d3afdb8a246a56ee71465591831c371f2eb87467b0559dedd776ba063ee6d2f93", + "sha3_256_hash_of_public_key": "3c4467b507971523509bf97d2bdd733ad9eb94f312e4226d036e8fe827a20533", + "sha3_256_hash_of_secret_key": "76e696d5d7ebb4e2035507601f66f38d74db35d3c76b3622678a2c65ec7b0f69", + "encapsulation_seed": "67a216f37d67f5e74f782f1badbce1cc8c80a6130aec305b421899a4faa0a6c3", + "sha3_256_hash_of_ciphertext": "df6a835ca5253cb64d669990a60fe03b44a4a2229beade86a2f3f2381d33f09b", + "shared_secret": "f155d993eadba79e6c2376daeb7f935d39286b10615ab42c5803d43f15960a66" + }, + { + "key_generation_seed": "6a1aee5e708c1b47f02bdacce4f56c860f74fc7cfec1ef3b58285b1c8ad7fec2230e05b7114ff0395cc6634db1eae8258072d09c09f291e92d6620b177dc50d7", + "sha3_256_hash_of_public_key": "69ffbf2275f12c29cbb69f90a8c881721ce39b49dbba550ab93a2c4c94bfc669", + "sha3_256_hash_of_secret_key": "76d6db646c55687ff9eeb3f359093a7105a7ef711bd60a4ef7f1a1bbd70ea24a", + "encapsulation_seed": "52b19fea232c9154a3e431e9d69cda40013cf2d485c3cd027ad24e645420420b", + "sha3_256_hash_of_ciphertext": "677fe79386a26743faa6fa1c79576e3f898da432af70e1f45a73b582b4c976b9", + "shared_secret": "4cc8728603d51b14fca46ebaf01e6b6347ee9c71d192591ee857c206d131886d" + }, + { + "key_generation_seed": "6396b328b100e4c7f4bcae69875edea1a1982421558c608c13c592bf7b5d0fef1100ced48add211a5c937b8d6079d8e271af3f949edc61f70e60453aef20dea9", + "sha3_256_hash_of_public_key": "41bbd3f5c241a6d65b510dee6662e2a8f35757b0403dcd375e7a15991a7873c2", + "sha3_256_hash_of_secret_key": "256673d5b2a0225515bee64da0105c167d031405098819b6992d01c3cc711bdd", + "encapsulation_seed": "64440adb05db3308b189bf999f9ee16e8ee3a6ccbe11eebf0d3ae4b172da7d2f", + "sha3_256_hash_of_ciphertext": "9306db283ad2a844ad6d266ff6c7bd8e9b4ffddef78d656c9bd06d52cdc52c74", + "shared_secret": "fe5dab115160a7200005216d7e6e7dd8527f9c2eec34f60c6710ee21f7f91730" + }, + { + "key_generation_seed": "a453bcacdd2b0d4646009e5ed451c3c45f08fb827ef733db3c517a9dc1af93e67a3cc8aa3239d4c52ce4c95afdeff6efbfacac10d294edc0e7cf4535059bfdba", + "sha3_256_hash_of_public_key": "290261ff6a1d2fabc75feab002d16cdc44bdbdd0967c728ebef0e9814c60b5e5", + "sha3_256_hash_of_secret_key": "beb5d2dc34b1dba8c87e4ca2659ed8ebec2d93be0e2d78285efeb9fd998f5805", + "encapsulation_seed": "c8bb46b3a7344ad170c2052fb042b5a3b62e0590562ee82577b1081f6f114d16", + "sha3_256_hash_of_ciphertext": "7f94b2d97c0821593745e9b5301a66a81b75e71b15c8c21558c8b8b077d7af5b", + "shared_secret": "ba33ea19873105ed9690d40426b2cd24073c822eb86120a4fe8617b5201f9494" + }, + { + "key_generation_seed": "47ca2b77c5b717f423222c2730ca5cb9c856bc951d01b2b2c80bd76ccb5539b78f1481d7cab000e33fa07de8dc9627a85e76fabb4428a3376e66300cf12a0787", + "sha3_256_hash_of_public_key": "7ffefda144195d79e581c91cdf0247f4346e811f890f54f25226b4ab835871a4", + "sha3_256_hash_of_secret_key": "7b85555898660cb43a060e367d9a97112b48e3b8f99d437161cf6ba44b5c6922", + "encapsulation_seed": "2e2b70609f3fe029a14d09d5d659871ac776ce2797a0355f16e2eb68f5613fd1", + "sha3_256_hash_of_ciphertext": "310c7f22a80995c6e375122f1395604faf5f72fb9fd6819597aba8f370327647", + "shared_secret": "2baf80269b225c66a8c35c6f835f15bd6949ae2814cd8c405a0aed313a637701" + }, + { + "key_generation_seed": "aaf6eb40e596a5e3e8218871e708b089240dcbe7fd3641f0e5e41e071ce49107e2f8d320ac3cb0c52efdc753282f092bc39baf4a18783a48ea031a191865eb78", + "sha3_256_hash_of_public_key": "13dd780ec5347c512cfabf4c2e6a44cb2b17993c7c746f93c1400a5db9f12511", + "sha3_256_hash_of_secret_key": "7732b2a074d1c0aa93106ca84711edcb7b8a369f3873cf89fbcebf0d32176f1c", + "encapsulation_seed": "4725dd8fb314bfd8ee23731c2341dbe114606d9abe6434c471b5573e7df193bb", + "sha3_256_hash_of_ciphertext": "b0003e684b9ce6f284d9a746cb806442e5443430bed95f2e8ad7ee824fb3db2e", + "shared_secret": "07318e8edf0ca8f30f49fa906ec814e40ec52922f2c0ace243386ef2bf650000" + }, + { + "key_generation_seed": "6500f32c93415cfdbc0bd31d78d5be95cb9060c8cfa2013955b56f8b6868b322393308641a9a4647f230201e1389624a296b55192a9819fcb19ab77c25f95445", + "sha3_256_hash_of_public_key": "d5acaf411ccb64500879102d9cdf6d9fcad673d874a4153383806fe174b2fc1e", + "sha3_256_hash_of_secret_key": "e5c3fdb9d8e92c42ad48684f0fe13aece244d116f8a6d09a764aaa090b3375f2", + "encapsulation_seed": "818d3bb8ebfb32bf464775f7139bac0a5bddce80ec5798595992f9403002cd5d", + "sha3_256_hash_of_ciphertext": "9ada65c57d8292e9a999ac102ef855d5da932a54f80f3d976fe1ca834eee5964", + "shared_secret": "38b5d71f3a64feb2cd41d6b7a4ac5440707770dc4c472c3ed141165fb7e8818f" + }, + { + "key_generation_seed": "7643cef2d62cc5aaeecf754653ea62294cd2208e5bf3ddeea209e3dc45373d49eac9d531a532770837a854b4f5531f6e0c8d6c10183b30d3435498c2dd142951", + "sha3_256_hash_of_public_key": "152641a683dd690d4ac3edf0261200cd9244ae7dab962eca2f3d22a554d0802e", + "sha3_256_hash_of_secret_key": "7afdb84b3806783db52ef1f5f0ff89ccdb051704cfd19eec3e2f0830c3b27550", + "encapsulation_seed": "c92aa5fb91c980d9cade9ce99d4c75b2ffa7d6a6ff9bd59def1aa701f2a0992b", + "sha3_256_hash_of_ciphertext": "499ffb9a28fcc692e7d61df4696b538f1bbb205ff82d604512220a9e19d87254", + "shared_secret": "368a5e417f4fc728f5080e8fe206ca7558909f6537f1012a58b2d9d45b7c6a8e" + }, + { + "key_generation_seed": "f8ee95521060c03bb8dacc79f7eb7db640f545f315613a35d447a09e504cb4e13fc3d8392cb53f36ed647364a04e37278a0e0a45b720f4a75c580c9920eba98d", + "sha3_256_hash_of_public_key": "9cc95efe512c84010ccd7118a92522cead44cff28d6e223f76702a47694c8f05", + "sha3_256_hash_of_secret_key": "d9a18ebc4b027c9590d0e4eeed88705aaf5d166cc016cf6e0baa07f678f1f0d1", + "encapsulation_seed": "7e8086a01dc5b3bb9eda25bcc45d27f99874841b97237968495800e007696ac5", + "sha3_256_hash_of_ciphertext": "d202a577a7acba1801e03c446279da6dce6f262a6b1bf06d3c15283bf69fca47", + "shared_secret": "7d36e561b501a687939aa880285d32cd6d8b66e2e65b2a076d5aa516cb5b2e6c" + }, + { + "key_generation_seed": "b8bd0493a882e3a49b4e0f6256fb1fea0912562fd9ba26ec3d6c9cc12c8973abd7e4b5d8021c486b9c3114d7cbbeb7cd49eba8a61bc2bcae1f1bef30a1daf76d", + "sha3_256_hash_of_public_key": "8b12f00bf09aec2b492cf53686beb31c558d0493cc7b2b9a9dc7265fa9edb685", + "sha3_256_hash_of_secret_key": "9979de3ecfacdc04e1229773f36d7b4bdfd731ea0f1fc2f9d56ee1d07e9bb075", + "encapsulation_seed": "bb321ef14d44d8698df879fd52450567657f52a2df8d111185dcd7d4f30a72d4", + "sha3_256_hash_of_ciphertext": "53f97fd2a138ceae2b327344c4947cbee6d6563a48d9bc5d8373c4bac5233a5c", + "shared_secret": "6be99cc08c8bf10372f7d5c27bc3ecd17ade8afb967aad41a1b33c0ff848a1be" + }, + { + "key_generation_seed": "c0407e41ddf48d333978b89bcf2db01e4613425b456249e76a6f25b8a2827bf5b2dca81e3f5f748d23c9d356a2209f6b2d60247b2e45c9808de497f64f124643", + "sha3_256_hash_of_public_key": "3c98fa4af17fd014a60d11ca5e929e4fa2524f7db289ce0947ad90657990c153", + "sha3_256_hash_of_secret_key": "2c370afe3301b0481b50ae72e21cbb1be37d2877cd802a1d40e05d9b4e6be502", + "encapsulation_seed": "210a423dadd899b810f011794b79aa7f860823ac1962370e791287d3a1afa384", + "sha3_256_hash_of_ciphertext": "c134910358575ee3e211603b58b3d6085cebcb91f32a355ff437fe87ee812e3e", + "shared_secret": "f6fec6f62257d9a7041f119fff60f734c928e945fe131bf70338f273c0614ae9" + }, + { + "key_generation_seed": "334382d39164d1989696a2ff77b25a28af8bead9883b5365eb6fcca7c1781cc9aba5068af837be962f439f233593d193ce5e08f7d66efb3389885927b89d2523", + "sha3_256_hash_of_public_key": "091210fb4f6fac00a24167d9bd2761e601db0a3734e3c835d1e9c5865b1e379c", + "sha3_256_hash_of_secret_key": "fb4bf08e0cd8d2f31969f75b420578f8d6dcd845824e427a6261931f1e1b820f", + "encapsulation_seed": "bc856afe24213e3d14c3d6f9b89223bbcfb2c890722d770fa3492c1e46d1c302", + "sha3_256_hash_of_ciphertext": "6076283588ebdb4630d85b2dc6dce53492e11dc8c9445597ec57042bf1e59634", + "shared_secret": "9c56f6d91af6741ac13f241f8c960433c0ed4adcc86130877ecc1dbc10573bc5" + }, + { + "key_generation_seed": "6995143e8eb8a6e93840f76eec844f67d2b5f75b1839a5040337e61f9806764a0f4dff8e56f68440836a072412a30d851ace2c7c6f02d60e7a8420001a63e6c6", + "sha3_256_hash_of_public_key": "6c206507b89f46c6e9cd5e78b6cc78fb3677ee609cc090cf3782c876fd5f941b", + "sha3_256_hash_of_secret_key": "c9123a2bac61c5fc4304da90862d8cb544a31da2cc8b8126ca16a71278f461e7", + "encapsulation_seed": "5fc00f89563e44b24cd67d0ce684effe5731619fd08e7d72e2406eb016afb66b", + "sha3_256_hash_of_ciphertext": "e57f70dde96de9e66ce28b7d1a3014cb095a8ad00d80ae7735fd499d57e2e6f8", + "shared_secret": "021b7e80dfd1258695b61aac785b0134ed6e9864d3cdf5ebd4b3ffdd9a5bbf06" + }, + { + "key_generation_seed": "995eff7e0d195c6d0533f3dc194d47e60f9ad14696144cde694d60a95f3e96b4b28f7e7a15a005f92400ce33db073d49b53871594a88fc45e0f94207b5f0f2dc", + "sha3_256_hash_of_public_key": "0560200b8d070d1db2cbeedf3cb322ebbab3edb80cf474b4178633c210b2fc74", + "sha3_256_hash_of_secret_key": "a2424d9992c7e999a5b18e638a22d65e1e5d5029e5fac62a5091095897b3543c", + "encapsulation_seed": "ea22a76065db4b565ee1807fbd813b43bde72b0e08407fb867c6a18995025e50", + "sha3_256_hash_of_ciphertext": "b5928a28fea0e5b0321439f9df86c6f10fa6203bcdac0cc94da7f7d6764d543d", + "shared_secret": "2c876ef4c2bd6464c5e4274d5360e210ff389325c1da4bda5495294d7cd126be" + }, + { + "key_generation_seed": "3e809ec8dd0fec0d911a4e3fac20f70fbb128c5de94dc7184ca7310ae9157a98d8128601c28b1def8d393a0db283229f7c7383152a814e7cefe8ef9d9768c473", + "sha3_256_hash_of_public_key": "3a2484828bce833f9262405b562bcade9ff04877838558409d2b60f1b689d137", + "sha3_256_hash_of_secret_key": "610db3251ec079ce8003a49d64ec03dd49d89e82ae9f12d26d50938f4a3992d9", + "encapsulation_seed": "e9602b34fe73ad57f4bf6ead99743d645641553a5b9b9bf2e7016629e3e9bd76", + "sha3_256_hash_of_ciphertext": "723bebfc2e4e934fc9e35383c7f150d31d832e1516c66f8bb2effb449fefda23", + "shared_secret": "909b047e7f0fac27df2787ae406fdd66893a98d98e38a9f5b67bb5c8431a77c4" + }, + { + "key_generation_seed": "dbf1c465fff3d9f783bd9ee61a573715e45691147b8904439b5ffaa64f94ff7bb6d75eac6c76ced1b0a025b40a55440712ad8424672e761e9bc400d63812006f", + "sha3_256_hash_of_public_key": "bb8615509158b63be5f5e51a0e690f2ad6fd0c56fa886bd85902abd52598bc81", + "sha3_256_hash_of_secret_key": "3a4a1360d366376a56362fee0aa22756122e3c40226c770797c0baa82192bfa5", + "encapsulation_seed": "f72b9080a6c051bbdb9b0abc1949034be0f89a9f73fe277ec4d4740c78d04a83", + "sha3_256_hash_of_ciphertext": "47cead6dc9f155f4e61afb233c6a8519f016c6f2bf7b1668ed9333daac257507", + "shared_secret": "dff8310ce364ba5686b9d42a17922b8d5e9259a176e38d39687a5269455939f7" + }, + { + "key_generation_seed": "1f7cfd2b70863154e8a69d1758532e86c20cfc763d67c758bd10a13b24e759b5273b38bddc18488024ec90e62a4110129a42a16d2a93c45439888e76008604c6", + "sha3_256_hash_of_public_key": "5cf14252096e4988d8ecc4ac6d29ff09c55d666865863d03a68db523728910a8", + "sha3_256_hash_of_secret_key": "404e6febba9802464a188007c2137fc25a4c437611babc8fa8248a0e42e45357", + "encapsulation_seed": "f1e5542190db8ecf4b8d617a04fd3783ad0df78bf8dab749afb57db8321d151b", + "sha3_256_hash_of_ciphertext": "84765944d4602d3fca6333b699d98e4c8c9b3bc1570d428398a29cc5a7fb96c7", + "shared_secret": "faa9833781a7a41691f236feefa0c743bc141f458ecbba98eac4a51ee1ca001c" + }, + { + "key_generation_seed": "3a19577908efd37697b8edc7fdaf47d1bd3ad01a1b77faf794bee5b9c3192a6fa3729672816f3eba84c9638a79676eeac0f22c8a48e0c5d50a26ff0844c66b99", + "sha3_256_hash_of_public_key": "345118a7b9bcc773f0ec10c3e353eb4365d2bbff3b812df4635d5c8265b5d8c5", + "sha3_256_hash_of_secret_key": "2eff0ff04aa2f95d9d2a877d2c3b4a09255fed2413da76e63506d0def33f42ff", + "encapsulation_seed": "74efa414ae171bf60b6f884cb7e5ce12028f49365daccfa23e845d551711660b", + "sha3_256_hash_of_ciphertext": "602b3893213ac6168e24c7c20d22a9c9126a9f70b918df134860f394795836a6", + "shared_secret": "0f47139a8b007c4ba77c91ee885435dfcd38d38c0aa4f57fc147f08b4751aa44" + }, + { + "key_generation_seed": "ae0f65e29f38804a6759f70f4d01e2aaff7fe1c91ebc4f892dd0de3ab2e68ea5e03ff73e02a217659f53d8c47556bf3d8c94040f630d63605e2d0f923579370c", + "sha3_256_hash_of_public_key": "772f50f7047714627bf76bc098e0b919145fcd8df6922ebac383e5c556738390", + "sha3_256_hash_of_secret_key": "c48cd8eced0093133d3d083baae0f69ebc3e239c373a41db9557c1a46a40d480", + "encapsulation_seed": "0b4c3cffb2ba4380ead13dc0d8acad2356b448a810da1df29f264c44aab6d24f", + "sha3_256_hash_of_ciphertext": "84f212f6cac0f0e7a6a27630c0c33f98063bd57243b26fa086d6a37161d75f81", + "shared_secret": "182d34d0e83216d26a9d13301fe75a3aeb15ab145433965996255120cc9a5f86" + }, + { + "key_generation_seed": "6084a235f79dd093ef6d185b54e69df33dacee73a9bf2f379004421a10e3a79d9f684fb055ece19459eb464e91e126a7a6e3ed11ccee0046da234d964c985110", + "sha3_256_hash_of_public_key": "a9f015f625356a6bacbb5e565c70184940891589309a571b7166c2ee713b8fbb", + "sha3_256_hash_of_secret_key": "924859759e33e4100a02afca0ad0f0e631eeef3b4a70444267e921b0b6eb334d", + "encapsulation_seed": "1c82471dcdfca3a6942061ab4f3d5bf0d197321437c706d9cccccce449447002", + "sha3_256_hash_of_ciphertext": "935ed1ee90431bb81d67fa4c620c973f7354aa5dab63b51686501882e65a3961", + "shared_secret": "62a14f68d726235fc16e0ac57ad4ae0eb3fc029abb18567a4ee574b44924693b" + }, + { + "key_generation_seed": "acd1c0217fad5caa4235544dd9de153ab1880ccf4c76f16f236fae4e4bfda04cf03a8abb0a5010f400ae5722a75bdf5a2f6d5b546b34d73857cb1bfc7e587aa7", + "sha3_256_hash_of_public_key": "655d6f749b0a013bec99e017f5e13bff76680a2f9386f2ac6938d7950d5fa1f9", + "sha3_256_hash_of_secret_key": "0511490e76eaba3b276ebadd300c394490589dec54468855977e96a33025e06f", + "encapsulation_seed": "46fe60a18124125ab93e0c578f1c02f1bd1301595013001c7f3c2fa56cde294e", + "sha3_256_hash_of_ciphertext": "c28eea97d0767b408e58bbadfdff091ba468c26b585f22bde6f3eeb1fc7bb631", + "shared_secret": "4ceda11055991ce1e5d910a240981e39a6a903b20ea6ae6a21d9d56d0935efa8" + }, + { + "key_generation_seed": "241191401a63afa750f05662e354dddbc683c776ce3222beb83e3cf913d7ed7ca59b3bd23b49a95bc1fad20070fec930b6060bd827d742b077092e422268e15d", + "sha3_256_hash_of_public_key": "1c3c2aed0ff6944819c93f9a9fe77d14a16a385f644de118099fd4f7f57db9a0", + "sha3_256_hash_of_secret_key": "0fb711641d1830a3eb4ae1a4bc2fc610ea9a811fdc5274488dd31f9cf52ec04e", + "encapsulation_seed": "52fb7cb6a633fd2e83f2892bd9441b48fe59ecee6d026f5246fa7f2a5e55ee3b", + "sha3_256_hash_of_ciphertext": "9fae0ef351454fb5c87cff7ed880d32dcc2f0654ab8c5a5b66b1e85d8e6feb06", + "shared_secret": "8d8257f05a4e76ad11783f7f6850c4f1c34017bf5ab47f89eae202132ada42ff" + }, + { + "key_generation_seed": "b9a6b0c05677e957d41a34ba03bd06f2a9092e31f63389397d7e70fde6409d18e99c0e7b82be89bc3c1eaee6680aa4efd394e40c2b3f30523c8117f7c26a8969", + "sha3_256_hash_of_public_key": "357d61586f671648188f070899d2eb3408158adf5e8056ef37ab6d8817cd8275", + "sha3_256_hash_of_secret_key": "b22e39d960d7079015d70fba54ae860285f3c182bd5fc8d84c255f5e0f86f800", + "encapsulation_seed": "0f81a5f97082121244403da3feeb734f6084b314b8d94beb11627aa6ad1914e9", + "sha3_256_hash_of_ciphertext": "388d730604d16fff83eaa4e21a540b2ed8b3138f81b4c1c4cd7bb863325344eb", + "shared_secret": "08a60196adf66426b4e7b90be90160e196944d012cc34a524e1e73ca125ba407" + }, + { + "key_generation_seed": "28a96c71577ba00c94f99fe965bc595a26db2b3ca6ab5cf8e443cdd8462b17929c35d165453e5fcdc6f9df64526d9de698f2bd3e6bac6c7fdd86601b9ba5f4a5", + "sha3_256_hash_of_public_key": "ef07b1f4886b895a3246241ddc084379eeb0f0ed84bdcd318fe72c9b546413be", + "sha3_256_hash_of_secret_key": "132633e3d33bcbc61ff70504e34bb033c92db5086bd924eab4ecbb8e4be983d5", + "encapsulation_seed": "31af9345365549ea0360169ed57daf98cc5444799d4c75d9f1f5d615e9df8a91", + "sha3_256_hash_of_ciphertext": "ea130b782f8d0167bd57d1cbead18c1a5a65ac27681847b85d8e09030dee8738", + "shared_secret": "13f3b79bb1e5d20ed95c7165a610e122b5de6cb02444cc66e0f1f9ec44c27485" + }, + { + "key_generation_seed": "c08ba2ef8c3a0a043afad931652d7a19e6e8cb670f840de5f1fa03309b2ca9ec5fe6141a25f7ab9f875f79e0a82d6ea5cde5a017ab637d5fdb7c42646a1d71df", + "sha3_256_hash_of_public_key": "1a2d9ea0d2280249d9d756975c6979a8770bf4b5f6addbd76d045a816bc1be38", + "sha3_256_hash_of_secret_key": "23678549b4e6e050b57ed1ad078705d33fe76ac976a9f70312b9cb45be554b0c", + "encapsulation_seed": "774ae54093d694ef40b63b62c73e6c98295f606feb8699807eda1d030ffb996d", + "sha3_256_hash_of_ciphertext": "254058fc10c3327f551dfa143d17dcf4dc4319419050cb5e6841a8d5cb6ce9cb", + "shared_secret": "fcf4227a487e719499f86e44ff74a5339870e4238c20731e0c85f00229f2a1b4" + }, + { + "key_generation_seed": "0e3b30e102d707538c2671060f603bb0b8a014103f132d63b09ece07e4a4c75b11eafeca9e810796c34e8cfce9d59342884456007b01ddd12edce6d10ed87e4c", + "sha3_256_hash_of_public_key": "a57b333a2f41fda2ea72ea11d8bd642d911f6afe90e60492ebeefdc17a932192", + "sha3_256_hash_of_secret_key": "b59171816497ec0c34b963be3ef6366eb051cdebdb145fe445e16b72aa37356f", + "encapsulation_seed": "9f27a47604ab5146caaf0aafe6d149424f8d66e39ba3baf5e6c73b19221b7e21", + "sha3_256_hash_of_ciphertext": "4bb877beb1b9dbe916e61f9d6d7442deb7483128b6db494a0724e081be74ded6", + "shared_secret": "3f8cf35d0ba76d75dec611e5fb059db5197862b7e5cc6b116a730734932441f3" + }, + { + "key_generation_seed": "2478f7d3de6041e7e5cd11c5e2ef483d1aa6218eb126444091535f6ae532fa7311136e2681df2ef881b51a092a9badbe72c9772c169808521c47149578621e28", + "sha3_256_hash_of_public_key": "d3cd2febe168b1ddf776b954e96085a7d475e3c8cbde68f7c80ffc9fa46b0d43", + "sha3_256_hash_of_secret_key": "b41a159ad0a89e7a771ef11e68efc9d79e6add05b261d0e40620a6b667a6c6bd", + "encapsulation_seed": "90044031b7597b5e60a4f946b713e8996d0426d2cb013243d9b7d8f8ef159a0f", + "sha3_256_hash_of_ciphertext": "62de1efed6f92fc50d8fdef1ff217cb04faf53196e5af3a7507cb6ea5f822e2d", + "shared_secret": "d48544c1ac452c0b821e080e02c9c83e95252fb033617ce270f58e2974679fc6" + }, + { + "key_generation_seed": "9d405d3ebdaf35fa8722de431b669722acaaea2fd10b814310b17f78b66147d16ceb14f7662be0c42779459f69a145c0e2ce9f0bd9a0cd1bf32ed5694cc9ae32", + "sha3_256_hash_of_public_key": "9499c1b006a0ec2c299c41c3f728c3bb7848957fb2bbbcd05b65233b89a2b1b1", + "sha3_256_hash_of_secret_key": "bdf5c3beb39ae62a6e29e858962c322fe525a307a163d68f765779b7848bec3f", + "encapsulation_seed": "a7a31e140891ea37d2b6424b59b1f84f89220f32dcb73e037eb912b389d34a48", + "sha3_256_hash_of_ciphertext": "3a0a1742b1e27f14001e3457a00748f232f550687a232fa409c2098f97e72bb5", + "shared_secret": "6b8f4cbb3c4fda3c067d7ba48bf24e24258ca7e26bfaf918b784d01ae74ec57c" + }, + { + "key_generation_seed": "9a86490f0615f3edf789cb0654066e9ee339cc59f968281f3b89213f83c692edfaeb2ef44d2f608621e831187ce79b2d2f4a20f1568bbe76b0d3d5af36111714", + "sha3_256_hash_of_public_key": "aa14ea531df0a7f93225de1c75ace0d2692bc750b1b538cfd0d860ae9c5a8c13", + "sha3_256_hash_of_secret_key": "155cff081ef58459a00ae63a6ee0ed2698bdbd99c67b4c9dd09f8b0fc3de0120", + "encapsulation_seed": "70eb3f791faa91f1f982fa477dbcddeb2c55691c07f93b04cd31b37544c94b42", + "sha3_256_hash_of_ciphertext": "8753aea7979a0d3f7aa35b9fab1b320d1b0965899bd51bfc8c1f6de79ff7d92f", + "shared_secret": "aa9878a81dd8165350b880c4af6a2adb9e50a48b9e0709f069c02184d3785181" + }, + { + "key_generation_seed": "6dfd9b575872560c7bdc2732c4a28dac4db04e535eb8e402c3dffd145c09ce47a2985c1c4d203778597947d710dec806e36b0cd949fe460ef141213bfc525e5b", + "sha3_256_hash_of_public_key": "e0013ff7eb7b8266ee94659f3372f5981ce1d87584cb1f0e80da2c0c95c16b4e", + "sha3_256_hash_of_secret_key": "7eece78f3f97759d0cfc8a69481271a425c56e540704b2fdaab8b2d920d19e21", + "encapsulation_seed": "30f4095015ba88b6d969672ca3f438c395dacf7d476ea7a9e805ce932d270a13", + "sha3_256_hash_of_ciphertext": "777253af58f65c8a85f3feca46f8d32eb5d3d5d0664ea59cfdf47b89be9f005d", + "shared_secret": "5a23296c84df3d660e7c2a973c4e6bddad3fd814e158028ff92b234cffb1afa4" + }, + { + "key_generation_seed": "6fca9f4e384d8418075cc064c70730801bdb8249899d456a77130d5beeb3662cce7683f8a03d3cf04e46970ff7d6a12494ae12558346dfc8fd9370bf944a0102", + "sha3_256_hash_of_public_key": "b503f8ec36d39fc7b4b8ada1cbb933b9db9ee118bf081ed75dd5dba7590f6c8c", + "sha3_256_hash_of_secret_key": "65d28565658fe991b77136b89255ec2d1cf65368e06f2b30bcedab87ffe39550", + "encapsulation_seed": "cf31220f44de862e1719570e1b26e897790159366a385452334fe24cdcae28ba", + "sha3_256_hash_of_ciphertext": "a7302707d52fc49f3e3637a742826bc8c8267e89c1fdf95b2ab7a0d8f1003c8f", + "shared_secret": "d790ec546719fb05125841bda9dd361e162ca4241e2b489a0f948b612309b649" + }, + { + "key_generation_seed": "e58f71bf175c0550a67e00e0f7b3b7fc36bc2707bf0c93044a492626de36301a7f7054814869cf7625e45647bc1547aff288dbb90699b2ad84893f3b755d9722", + "sha3_256_hash_of_public_key": "03341657b159925cedc8967872a45a3c1f0122979af87a878a2019b3f17c8ba6", + "sha3_256_hash_of_secret_key": "6bb236b9c7a818f9edec1e5da339755dcb7ca1b663a5a208c38c75e7ad7dc12d", + "encapsulation_seed": "bb5e65669a44e5d5c709bafa98c16ccba6ac2c4ae923334f69a11543eda64f5d", + "sha3_256_hash_of_ciphertext": "9a9301ca946909c3ee5d2171bc36322179ab4bfa825ffc0b826517accbc78298", + "shared_secret": "10086d1a59c41f84a089c239fcd8f8eea3b22c7796f9c1f9b1867b709cb77704" + }, + { + "key_generation_seed": "e3fc575ed51513e62aba655d24cd9c8f1c6c848aaffa946c49a53ac3ea59e474d82c2f1bf2e6aebde5660fa73356982e12999d8fdafbb3cb186341d0386dead0", + "sha3_256_hash_of_public_key": "60c001172c4734a620c248654c58f1c10135657083de776116a6acf8a55f3610", + "sha3_256_hash_of_secret_key": "b10663e90392d6387c16dcad565bbe1fbc05f32495cf9878706bd0d61d289147", + "encapsulation_seed": "9ddb3aa9c7905d1a438c93bcf78e3e321813580371ab4e1289e2dbf3701972c2", + "sha3_256_hash_of_ciphertext": "e4b3ce9e19c204a884f8a5adbe41acca97a22f1f5f2a13f1185021a8a36a131f", + "shared_secret": "82ad68065774eabcd6e78c027286ca7c7120987c4984e56f52abeb1ccc7a273b" + }, + { + "key_generation_seed": "470b4943f0fe7fd0d8ec5185aba0d1db09d112934e4fb4787e2bbc6b88466e7b8b2809fd40008be70a6b184981101724bc3d5ec5e1956b510b82fd5ad0668a5a", + "sha3_256_hash_of_public_key": "647a136f20b22c63afd2b88d14fe7677cf5c2b78223a587068377021f6edfe9b", + "sha3_256_hash_of_secret_key": "e70be83a7585618e7b91bc9930a581625e2441962c823a27eda9f6dfff8528ee", + "encapsulation_seed": "26d90b190a6c3d0d9a86cf66005154e7086749e966e7187c249ccb9329fd3b8b", + "sha3_256_hash_of_ciphertext": "6287ca7c4d1eb3afb6ecfc456a4ca9ef5776177dbd5115165424c66e2db061d8", + "shared_secret": "2d56c88020d399532bada6516f9a1acc28a565cf252bafd40043879bcd6de1cd" + }, + { + "key_generation_seed": "6df4385db978d27b27d2aa5e452e4152b36f097503d9581ac3390105c5727e7dc95fa08ed106ce84660e8a4c90bd2b22634e40769aa0090a101c5dddad45edc5", + "sha3_256_hash_of_public_key": "1cde599b2dfc69d59036434cc0423337513fb9506452bd8f42bb82661ad0065a", + "sha3_256_hash_of_secret_key": "aa80a266176a7ef8fb22fe21fcf3d3762cfc36734d8b6db3c6e1d4df1eecc1a3", + "encapsulation_seed": "7db6d1a129d6123f1f805b79ad3b413012ea86aed42a05e98e7b1f32f9fbbdec", + "sha3_256_hash_of_ciphertext": "31c85544389bc3163e6893d9298d947a6cd189b045eadf8dcc265e4b5c750fcf", + "shared_secret": "44052d0cc62801e0d9717c65ddcb560246cd901f104b4252eeaef903f7c26af2" + }, + { + "key_generation_seed": "dbacba825728444921b227cdba54446b3f6881b47be9cd02832f78b023b1bee0e15274a8e2bc08fe818b117ba28c5dfae74d54fcdf6f20052f79be333edc8dde", + "sha3_256_hash_of_public_key": "2a50c7a070b3dc7e107eb1e8b96d62305c13327d729bf9d97c69f1fe6eed2b52", + "sha3_256_hash_of_secret_key": "6df052019662b83b16b4da0a85b17f2fe56ad269b294438c8ad298d2e2269d2f", + "encapsulation_seed": "1d129b27be7384c359d04311fe5c44917d1fde4bfb57314f483ac617edd5ac49", + "sha3_256_hash_of_ciphertext": "c485c6e392c29c231c9eb04861fefff1fc27544443ebb316c74f9d4d7d9be68c", + "shared_secret": "2e95f47543ff640e6384d65cede004c4fc47e9e2f05649e694c18c7faf975987" + }, + { + "key_generation_seed": "690eb71fd7052b906eaec09937a8ed374e0b02afa27c2f14399932be5839fad281c38c2cb5cfafac81b96a810ab749b61806b6d54c9f8cf4bf1be0192423288f", + "sha3_256_hash_of_public_key": "5f166082ad3ab0c739cbf0a6bbe2707741d9b5f53a0e16199280a2376c9e5a17", + "sha3_256_hash_of_secret_key": "391b71e679b9a0a23a1aeba042ec7df439fa0a18c6442dbfe2bbe05d4fdb5fd6", + "encapsulation_seed": "bbc773ebd2df42c36ae05952d6a64c63a5dfb82ceb3ef4f8d4df3a30ec8c0467", + "sha3_256_hash_of_ciphertext": "499c37f74e94c6c724e218f339b8d60ab65190e0a56e39a6b4cf619db98bb57d", + "shared_secret": "42f1442e384b4e747794c944f4df154cde33cdff32bf35c2c5234919762030ca" + }, + { + "key_generation_seed": "32e0ea9089fa928482c0770da545af1bb871a03ce38604138b0d08ea2a10ca2bc06c5bef7b6508409daf847a64c8d30d0974fd3ba7476dc76c46b458a036d884", + "sha3_256_hash_of_public_key": "40b3a72c164432e6ca838693ef25b30013e5cf56c1e6142828107a10cabdd169", + "sha3_256_hash_of_secret_key": "6f970259ae97422f8698120bfa8e53f4f89589773243db6e7a1859c94181a3f6", + "encapsulation_seed": "5b17a6adad541efcbf5ae4b0c0452cd2ce32e4f0f8701801c5b63e197c1fcbf4", + "sha3_256_hash_of_ciphertext": "55e508c96b8b7c06cc9a88b4c9f974abd3e2cdd96ba6f0cf330ccaa3641fbd29", + "shared_secret": "a50a07f6b01ee4429848806031637c8ef8da23f253874124452e3771ef98b6e0" + }, + { + "key_generation_seed": "6fb2ec719f2a0dea152bf3f64b9d148f8ab8ba88f64e61f5db53e12d59f525574f797c007e4061f95c7d56cfc7ee5c49e849dde3fea8f25e7876df2a18515c34", + "sha3_256_hash_of_public_key": "f475da2ec982c47d91b24bb5ec6c51910530eec26f38541b173b38927d23c568", + "sha3_256_hash_of_secret_key": "f8c836ce8a42d6d07f1ff40e2dbf16d264bb6ecd1cc0227ebf792a6bacd327ec", + "encapsulation_seed": "61ab87659525de9656af41246f20e1dbe85c24e335e7ecf9493f46168bc14e94", + "sha3_256_hash_of_ciphertext": "d63a88547104683878df29e59de826821fa3a95bdd668e5e838e08a671d887ee", + "shared_secret": "c299f650b03170f5cdef5da81e52c2a094b11aaf58426e8c41e06a26c7d5ccc1" + }, + { + "key_generation_seed": "527fb88c8bd9a4d6031dad15e63878abd2b559e7e08d61f69e8e78fca964ee6ae32d432b4f9f751bde0496c580a181ffed762aa35454a02d3f1f47ee0394c89c", + "sha3_256_hash_of_public_key": "2b22f73a770cbdb80da84f97f27a14c5df5b3372d52503d3a20c3cb2bea8b404", + "sha3_256_hash_of_secret_key": "a111bb1797a3baeecc223e4fc4accf093d2e069cfd40d45346d2aefc09acb358", + "encapsulation_seed": "eca2adc3da1fb15f34033405ec08ef2f46163df4bfcccf8842c600ce0bc2026c", + "sha3_256_hash_of_ciphertext": "e9c030db90931ef3d2a61077dc33529aad87535e809d1a255fb5b5925f202893", + "shared_secret": "5e1ac468279cfe354c4d0df6ead070071b19c9707338158ff7dc133684afe2ba" + }, + { + "key_generation_seed": "ac6fcfaeeef795b6ef9e062f02bf42975fa01e7d91ba832f74e05269a72684d05aeda108ea4d6c6bc0fb958286850422bc357ca67b83c986048e0d0087fa11ec", + "sha3_256_hash_of_public_key": "3d8fe8354d81146fd65af657da08926bd3a6ecbc2f81cb58d1aaacfe5b6e686f", + "sha3_256_hash_of_secret_key": "d1c524a715b2d05abc8e8729204b620f4551815cdeb00662b487d58e99c0ac7e", + "encapsulation_seed": "c4f15bec2d7701339d0ade4835193bea3632edcf89e74992620d9eb623a0d0d4", + "sha3_256_hash_of_ciphertext": "c256150127c8119ae42a62b90ac9a7119a3faa5442f058bbe5844d29c99c4eee", + "shared_secret": "7841501410e4158cf04f92b9d65d0cec732984ea66809130aeb594156829dd39" + }, + { + "key_generation_seed": "ba2fb9318d4dbe7488057c33e95e6f054583a2800c41bb83083c330a914a12cfe63f8ffda3565c2424c89b20974b748a65a5aba75133fcb3156dfb6626a83bab", + "sha3_256_hash_of_public_key": "36fc15e2340175a2a64ca1cf31a4b38ed5f797aaa8acb0c3d2ed9c19c7099f27", + "sha3_256_hash_of_secret_key": "0741ce5533316ef689bd966721b1ee57a272d5eb557dfa6fab6de770a2e7afa0", + "encapsulation_seed": "28878249e2ac2b6263422993923a0c8bd05ce56e385ed13c943b03d226856947", + "sha3_256_hash_of_ciphertext": "0c6a7cce80da6e6a3c17b46959124b8c26a8a74b5068f707f582cb5b811e282e", + "shared_secret": "6b3fe0dd082bf384c3e08497d380516e78ca778de627c112d02dc8c393334d11" + }, + { + "key_generation_seed": "aa6dd1e5799cdf7af9c4fc632b3eb9d51d66e85c8e0a21ec98664fc51ab63c7dfda268813efab5204efa60f78bf81d320d01ac09ac06244f7afbd2d80fd356d9", + "sha3_256_hash_of_public_key": "26a1b77ae8a807e9de16a9ede5da5aec3ca5f23f5ea00e455d4a091467e6ac6d", + "sha3_256_hash_of_secret_key": "2bb0f5318208eba32bfba206dfe174f976431dc12421bc7b3705fc7c0b4a06cd", + "encapsulation_seed": "17fc65f7fbd7c75ceec421dee84dff5a8cb22764a182db17e0ebe857f54d60eb", + "sha3_256_hash_of_ciphertext": "ba2e94ce526ee4bdcd818855708af8173acac373696df4f910720fb296bc1076", + "shared_secret": "cb15c306ba8d5f4f8b723db93bfbcfd4fa02ef32ed8e39c2aeb706a463d9a40f" + }, + { + "key_generation_seed": "195d6c86a3df4c21e3007d7f2768b43c74cb3060e0eca77f0a5d3271542b9a84ae77e0f9f21eabd8c0c6eea7767f4e10fde5c2d79b8400bf96b19014b457ec21", + "sha3_256_hash_of_public_key": "2460170e6cf1da1e7b92037f51b4e7674d9abf74f5c225c5c6ce16a971691284", + "sha3_256_hash_of_secret_key": "a364a1f435a2d2a341b59a1886af0d0f3580e56306869bbab819de741ac9f642", + "encapsulation_seed": "fa0489f3730100609488e951e6aaa15c0f193bc1dbcfcd013bc418d6c507b176", + "sha3_256_hash_of_ciphertext": "ff21fac2cb15307ebb70ec04904f636bfac9ba968e86984b4a55dcac70430c1e", + "shared_secret": "8dc8bc55a907bcbad27aafbba2cbd957c30794e3770d0984a6323b641e5fe53d" + } +] \ No newline at end of file diff --git a/libcrux-ml-kem/tests/kats/nistkats_mlkem_ipd_512.json b/libcrux-ml-kem/tests/kats/nistkats_mlkem_ipd_512.json new file mode 100644 index 000000000..6a3125287 --- /dev/null +++ b/libcrux-ml-kem/tests/kats/nistkats_mlkem_ipd_512.json @@ -0,0 +1,802 @@ +[ + { + "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d8626ed79d451140800e03b59b956f8210e556067407d13dc90fa9e8b872bfb8f", + "sha3_256_hash_of_public_key": "7ffad1bc8af73b7e874956b81c2a2ef0bfabe8dc93d77b2fbc9e0c64efa01e84", + "sha3_256_hash_of_secret_key": "26e1b5ea0f48b3c87d7ce87113b6a93a49d9f7ede7c5cb15b41382bd3243715a", + "encapsulation_seed": "147c03f7a5bebba406c8fae1874d7f13c80efe79a3a9a874cc09fe76f6997615", + "sha3_256_hash_of_ciphertext": "a3856ee9fb112b154b397c91398576dda45391b89742603436588d81ce6d1b50", + "shared_secret": "c608777086ed9ffdf92cd4f1c999aedd0b42e5e8ef6732f4111246481e260463" + }, + { + "key_generation_seed": "d60b93492a1d8c1c7ba6fc0b733137f3406cee8110a93f170e7a78658af326d9003271531cf27285b8721ed5cb46853043b346a66cba6cf765f1b0eaa40bf672", + "sha3_256_hash_of_public_key": "13f0970c03d32967b06cca4cf58e87559128d14cb3f876a1ed10eadfe03fc1a9", + "sha3_256_hash_of_secret_key": "9c613d0d3313af8169e65295e8c4f21f0b5d3e78de031e78a12ec864d71b6548", + "encapsulation_seed": "cde797df8ce67231f6c5d15811843e01eb2ab84c7490931240822adbddd72046", + "sha3_256_hash_of_ciphertext": "557c682bda01552173367f40bd2b2c1ed64aae3f083c80ce2f812d0b60acfacc", + "shared_secret": "9401f92689a452b5e58c35cf06690596faa4ec0937a04493a359b59ab3b0fdee" + }, + { + "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345e82fcc97ca60ccb27bf6938c975658aeb8b4d37cffbde25d97e561f36c219ade", + "sha3_256_hash_of_public_key": "083553153f7d65cd5cbe201e681245eda61e1ec2c7ee6b91a9ccdeb6b76943b7", + "sha3_256_hash_of_secret_key": "b4148d4bba0430ddca173618456704ddf440b9b5bdfd61ee46bd79590dd78ff3", + "encapsulation_seed": "f43f68fbd694f0a6d307297110ecd4739876489fdf07eb9b03364e2ed0ff96e9", + "sha3_256_hash_of_ciphertext": "7b7b882320575a3cfa5f0ca2165ed39383921da042f7bce896896fa90fef2aef", + "shared_secret": "f2c689c7a8180baf27a4573d3e6154d4f2bff7b3f34d44576e777e2ac1249e8c" + }, + { + "key_generation_seed": "050d58f9f757edc1e8180e3808b806f5bbb3586db3470b069826d1bb9a4efc2cde950541fd53a8a47aaa8cdfe80d928262a5ef7f8129ec3ef92f78d7cc32ef60", + "sha3_256_hash_of_public_key": "9df5746a44b10c1886f62b068d18152a85792781160e1a1a19a25b5ca00555f4", + "sha3_256_hash_of_secret_key": "75a93307372e001d4fb028125dad61c4412ac864bf7eac7a213ad3dca6599981", + "encapsulation_seed": "ea74fbc3c546500ed684bed6fe3c496d3b86d2d6dfaf223969b942e9a8c95e85", + "sha3_256_hash_of_ciphertext": "72782e8ee6fe4e4442723e727b5d415f66fda7c363fe6dc7be22d9b8741852f2", + "shared_secret": "1dac4f6f8d96ffd931f67b03cee8c4e4bcb42eb8bbda5cb702dadde8340d1524" + }, + { + "key_generation_seed": "66b79b844e0c2adad694e0478661ac46fe6b6001f6a71ff8e2f034b1fd8833d3be2d3c64d38269a1ee8660b9a2beaeb9f5ac022e8f0a357feebfd13b06813854", + "sha3_256_hash_of_public_key": "9415ce164fadececacd75fdad3284af20c52fa576699029d6e0ce77bf347d520", + "sha3_256_hash_of_secret_key": "97f1f85233dba2a50848add15f8f0e60f4ccf3542dc6da5f59e06f6b27c59c67", + "encapsulation_seed": "64efa87a12cb96f98b9b81a7e5128a959c74e5332aaab0444fca7b4a5e5e0216", + "sha3_256_hash_of_ciphertext": "80f49e8f6f8d442a7678f2c33881a5264b58a5998b7d9a8e10b2febf59ba868d", + "shared_secret": "01adaecc8cd981e7f00187622defc0cbb8934464ca4675d86bc7d9b69148c85f" + }, + { + "key_generation_seed": "7ec408f52c9aa723d0c41d9987682a5f4ce6c9da7cd0215af60bbaf5484ab353a08ccf451b049fd51d7a9ad77ae14a81569df8c9bd3a8f1ebea86fdcfb823082", + "sha3_256_hash_of_public_key": "ca2232297ba8b986dacd401896cb6239f557720d91a2cfb7a73274bac7a0f6de", + "sha3_256_hash_of_secret_key": "17446e8436a68423ba4e22a57135d470c7e91fbe0a4da065bdc34897fda89b2f", + "encapsulation_seed": "8a95d71228acaa5f9ae6f9d9ca8ae55fde296463b41083a39e833e37c4c90f88", + "sha3_256_hash_of_ciphertext": "a08cfd7a6374d902e153b862449efdee9f912234f3e7a7d2697ebf1909f59dfc", + "shared_secret": "6f13bdb1452d9e672c8fedaf9450c436e5fa77e8d58ce83300b8e539f20e9dfa" + }, + { + "key_generation_seed": "c121915bfef6abdfc177dae2f5a24218f9abda2559afc6741b08e0e61ab433eb84ef52db5eaa6df8ec3a0bc5ffa730db0dde8c5f38f266d5c680a78d264a7b96", + "sha3_256_hash_of_public_key": "34486689b387ba25dd0e9aedbc53034924ea4ef9497b5772f10ca4d091e9e846", + "sha3_256_hash_of_secret_key": "94419fc5d865a97586b71a3414721f04473d4d30e5a8d6a1c438752f19504209", + "encapsulation_seed": "90d79d75d0bbb8921cf70d46bab497022a8e750efdc99e5f1bae653275441c7b", + "sha3_256_hash_of_ciphertext": "6b930dced8da8c0353569fe807e383e2d04836680fb78881ffc6974802131eca", + "shared_secret": "c81a637f63a802a5d2b336dd960175176b2b838ffb6de5adc501bef984fed26d" + }, + { + "key_generation_seed": "d86634ecf96cc2603761e284c0e36734cedec64e7ff486469e38539c71141c5a99daf37400cfe59841afc412ec97f2929dc84a6f3c36f378ee84ce3e46cd1209", + "sha3_256_hash_of_public_key": "39d1850f7acb36ed2a35e9af6f94a06c31afadaae3545a069f892ecd8929f766", + "sha3_256_hash_of_secret_key": "98a2ef35596f2fbc7e462d5ee536f30d8bc3a5272d78cb14c0ce816fbb180396", + "encapsulation_seed": "be8a32f97b9a8d596382c02fa2a0eeebc15c083e970ddaa4f2622b91d6718663", + "sha3_256_hash_of_ciphertext": "2d277dbc8b03bbec796e778c74b4c3f408f3e47835398039236d7cd861762a9f", + "shared_secret": "3031994f1365446186b4a4d6190ac89f928f6706d08c6316d6f522cd7605adfd" + }, + { + "key_generation_seed": "0610678ff4dc3128e1619f915dc192c220f8fad94da1943b90aaec401683a492da1804ddb5aa9b1c6a47a98f8505a49bae2affde5fe75e69e828e546a6771004", + "sha3_256_hash_of_public_key": "edc8db1ca35744a75ca14516abe07472d0d1b723f70ca8cf0e5c9341fd2e8c26", + "sha3_256_hash_of_secret_key": "fa6de16f50b0c04b8be10d3262005227715f69de5089f0f6bafc1fe26603e525", + "encapsulation_seed": "da2cfaf69e25b2a89ff2557bbb6f69e01d8e2e7bb27a7a1ce7e40fead16f33b2", + "sha3_256_hash_of_ciphertext": "c20e526b8837092f1847b40f9b5fda528dfb72780aceb510635b490acb5f7686", + "shared_secret": "61419eeacf26714b028d2f7e1e3769ae2f181a7e9311f3312911ead00486bcd5" + }, + { + "key_generation_seed": "d322d56d8ef067ba1f24c92492b9c56df3a6ef54a304adc1b69913766a1ce69756047447b810cc094d400ab204cf9ae71e3afa68b88586ecb6498c68ac0e51b9", + "sha3_256_hash_of_public_key": "b1eef6e8c88ff8da9cc4a9b01d4c08b6b585beb5bb9e084c6c47a717b51feea3", + "sha3_256_hash_of_secret_key": "bce9d6b2e45918ea5798910aa9baf289b04d8a5bcfa7e08235dccfc8b9479f55", + "encapsulation_seed": "511c2ab40782322c06111e144e505328c4e5bfc890a5980a2bbc44aeda4c738b", + "sha3_256_hash_of_ciphertext": "811bf647ebaad03c81a84c6a82b4cab108267b1e9c1add3dff1803623471f9bc", + "shared_secret": "3871c9637cbea04a2ccd3b62c9399b0a7277a31caba8a8f015d59b0fed845bb1" + }, + { + "key_generation_seed": "2f1d8a3bebb34540324b9485fdf3d5be3b858f544abc3fc641b5728cafab03ba8d6c42e7270ee2b77b6045385f3d175984a0e260363166c73b0c70c971644363", + "sha3_256_hash_of_public_key": "f581c2fec9055830b38cb68fb506aa927443b1afd1b2b6faa6f92a325985c6ce", + "sha3_256_hash_of_secret_key": "9567f27ef67c3ada92a02cf25d8ee4a6db69744d3f6de5a0026dac023d04f37c", + "encapsulation_seed": "dca92dbec9b260dd97e8886f876862d6effc3b91fcf3fbc986cf56ab93ae79a2", + "sha3_256_hash_of_ciphertext": "c855f0a4521640b9136035b5d02770dbe864b85a6f54f422ccf2b512e1c07b33", + "shared_secret": "3775b12681d854b7ff2eec05cd4ac2db91bf06f3c14db2eb35287129a960ab03" + }, + { + "key_generation_seed": "31beda3462627f601cbc56f3ddf4424e1529c04737ef0ef2af6d7401f653b8a1812083bfa3b670e3eaf9b443702fb6db16ac1197656bbd61a8e25ed523b8d1e5", + "sha3_256_hash_of_public_key": "f12f3ecad62bd327f1c44ae86c0be6e7f15112b7f6f6d5ec7b13f4dfab718965", + "sha3_256_hash_of_secret_key": "32a666c02a41f7b9408c570a3304a80e947a1be650f5f164e376b8b34b72254b", + "encapsulation_seed": "57c170e691d7a914a901b9a11c62b8b569b3806427557a9dbac9faa720ec3641", + "sha3_256_hash_of_ciphertext": "632b389d951d4a4e570d2fee62dd87c3aa2cf0c036dc63462f3ee7e4543ef8b7", + "shared_secret": "87662dcdee8b176e2dc60d079be188f63501274bde0829f3595c99d1e564c2d0" + }, + { + "key_generation_seed": "cbdff028766d558af4466ef14043a1a9cf765f7748c63cc09dceb59ab39a4e4d8e9a30597e4b52ffa87a54b83c91d12a5e9c2cd90fcac2c11b3a348240411a4c", + "sha3_256_hash_of_public_key": "4cae8b58e0434fb1475312355a8b40145043bed4b269aaddd654d2e562324bc7", + "sha3_256_hash_of_secret_key": "53793d47a6e9e527f109b7611f33063dbe0b8a1423ac02178934f59c3d47ddb2", + "encapsulation_seed": "6b5a14e1473abf5a33d44975ca2088bd8fa6fddcb3f80e8fd5c45b9d90c24a5c", + "sha3_256_hash_of_ciphertext": "6f88eea1ec597548ec3c0d22c60a92ac4b0c3e17e332983d01a0bdda1157ecf6", + "shared_secret": "c5676cf0cc81871d677bd7f5982e6493aa3ea4dffbb30dbaf59e90e4977d2f12" + }, + { + "key_generation_seed": "4c04310bea66305c6ca8ba6b8f61ca96257a67663afc11761f13fb5c7b324b6b8aec87a9a79204cee2986867a2906eb851b734b8b22b91d6749b1a5f07c44e3b", + "sha3_256_hash_of_public_key": "b899475c1802b1dd76a9783d93b4225dc558eea558ddc598cdc45a898b7bbfb3", + "sha3_256_hash_of_secret_key": "278b448b48a14a9be1ed211228cfab37d07e5f1e502478e3ad059c83a7c83894", + "encapsulation_seed": "40e593754e6eddb7f9cf176ba2d5fd1087c90ad377556d0b0f686537b1a3165e", + "sha3_256_hash_of_ciphertext": "36f6daad6b98df3f8e26456d06f112ca69231333e4ebd86e04fe7b8fd8c1bf26", + "shared_secret": "c5b03a417c10715a53f3a1efc044a81e266b40a1b16c87aa1f754146ac39b80e" + }, + { + "key_generation_seed": "38a0d5f41d7dc1896efd1b45b0485634cef149828751b96087a0a6dd81b4d58aa2acf359556df4a2abaeb9dcee945829beb71185b4d6bd18b76e5668f253383a", + "sha3_256_hash_of_public_key": "1a7e0760c345cb5875303e20e4c72076c794e56ab75231750a190b45f374d979", + "sha3_256_hash_of_secret_key": "eb53a36a9f50baac64b4c7bcb97fecae54d3f66b8311b5a67c5daaefaa63f209", + "encapsulation_seed": "c152523abd8248bed40c3827bcf0f8e8127037a55c780695e2c28ea3e041a44c", + "sha3_256_hash_of_ciphertext": "1b4728ec7c6e90ad99dbee3b83438050df88887de2e6d7a6ec55e7a2f7f1bbc3", + "shared_secret": "38daf9348e4d89149e4968131370ce3d38a4028727fb85d27f87a95b341340fd" + }, + { + "key_generation_seed": "97b5665676e59e3538ebadaa8cd50df1f9fda1502d9894c616a946078e56b621df05318b5f655efe36f1b678cf4b875108a18db2fa312261caf839f84bd956c5", + "sha3_256_hash_of_public_key": "0f96fb9e146a1c22cc5d23e9108af0dc5e13b7810b8f5598bbd5f8d4b54c8af7", + "sha3_256_hash_of_secret_key": "d494ee913886be1398be54856ebc83eb8cd7aab4268b976583be2e097edc2d64", + "encapsulation_seed": "ad6466dd59f26b762fb02b19eedf5f79964da68bce0459b91c3a6ee5a7e01183", + "sha3_256_hash_of_ciphertext": "3934a38f7c11d237b46c9d93a8ab8d3dfc76b3e020b5cfcd0344eae35a333e45", + "shared_secret": "60bc23845c0b116208c0ea02849cea3d8025a7220337c617c4bd304aedcdc1af" + }, + { + "key_generation_seed": "ef99224a03a85a46ef115474ec5b5d620da6795d6efcca4c9135d19958a9de62df7d92dda83e6b2ef4cce08c9134563063068a196d7b1a1a13623e48ae12528e", + "sha3_256_hash_of_public_key": "0bb63b48b8cdd1c7242bd4f017c519b43502656e23817bfd683150488f8b0b44", + "sha3_256_hash_of_secret_key": "195207c9e44942d5cfbf338fb9f20317d3ae8be85dac5f10dd60abd802a3caa9", + "encapsulation_seed": "1a4d5dff5847cfb48333e33bb00ca7301b144aa89dcd412ff5a3b1081d775b7f", + "sha3_256_hash_of_ciphertext": "ddcc4d878447ee699abdb85f1463b113784be6d4e42c46379b31c02715243f17", + "shared_secret": "2eb03b010e291fca1bb6ed09d22d50b9c7bec93c556f1f273e57048c9c56bb3c" + }, + { + "key_generation_seed": "b12f6fd965ea9c5b947db80fc60c83d5e232dca82e7263027c19bd62e5a6ff550f6aa3e88f7fa8a96067f8cdaeceeac90c2d0b5e277e56e9c405ec9420c30252", + "sha3_256_hash_of_public_key": "2d19bf7937eeab0d2a7570d43cf965547542a519be85bdd4921f7d710747ec6f", + "sha3_256_hash_of_secret_key": "cd59ca5c7954d87bc8d025683563aab0f9272d6c12cc03914220aa6ee392e6b3", + "encapsulation_seed": "34f44ec2092eeaf686f2ea170591a98527cbb03a4fa9477a7aef6b41a54feeb2", + "sha3_256_hash_of_ciphertext": "86184bc66edef41a25ca3350698277f4e49713b821fd0745d276fe490ac636d9", + "shared_secret": "be892649db60b2ce07ef18c4a709714933542ab94ee3250cea6e7c6f5eee5d5f" + }, + { + "key_generation_seed": "9f52af92ca165fdc38788f2b59ba02e01c8281ff7c1e60504688043a5fe814b04f3029e1be4e1c0258c3a22ff5b50b2674cc094ba7018da2a61569845c17d26f", + "sha3_256_hash_of_public_key": "6907e1096410ab332e10f37c93d86d9b4657159eac1faffcd1688d182d127844", + "sha3_256_hash_of_secret_key": "250d27ac4dc4447520c4c1193ac57d239857ecbeac2b1009dc08dca2114299ed", + "encapsulation_seed": "6250c81126572eec2da330271db36ee591f060fc7e53eeefe2e1c476c675fa33", + "sha3_256_hash_of_ciphertext": "51c6ca6d7536a183416b16b1716cecd3d994dba4b5ba019bced87bb51f9cef0a", + "shared_secret": "75556d5854c44805ca5c4bb927c837ff635feaae939220592d89caf74592a0be" + }, + { + "key_generation_seed": "851ea90fd3854cbf28fe39fb81f68e4b14345cf0d6eee7ec4ce772513df8410d1c0ec046899a777655233e4e1b5ca44e9afbdc67964bfd5d5e3dbb45e60d03cf", + "sha3_256_hash_of_public_key": "379c9176059f3a7ddfe021041301bcebbc91e997a0d5bf2ed1d9d125a7129834", + "sha3_256_hash_of_secret_key": "57df17dd8b9b1411af66d82f61dd61c4f5235f48d503c164ad0da02a598a69b2", + "encapsulation_seed": "35d470bcc5880872754810dfb3f2796da2fd7f397537146f6488c27804072b34", + "sha3_256_hash_of_ciphertext": "a5773e0569d9e26225b05bd61591d1722c4c1396789ce3156ef749c115949ace", + "shared_secret": "469d60c303b10f517a932d9fc090e61802003e9cba3630224f2c43a4727230e1" + }, + { + "key_generation_seed": "d304c9389cc973477f169788abcb9d511f843219d246a9b587822f422a70c2386590a2e5c7ed86cf2c5c2a898662bc9a81418720bbb632ef9cf0b845ed052d73", + "sha3_256_hash_of_public_key": "f5515b23187af5dac6d1d090bc7bc01df34ec781561e3d3b8b62164f74946802", + "sha3_256_hash_of_secret_key": "2ab40ea093450e534152efb278b45038f1f2cccf13a654f1c5c27b8c389f6129", + "encapsulation_seed": "8d667921c5db401a86fe1c35dfcf164a6bb2ab7400fd6a0b67eafd4a0ed11940", + "sha3_256_hash_of_ciphertext": "d1b469613c872181c4428440cec1ccf87b82303e4979de6eddd437decd8afecd", + "shared_secret": "b545dc066355b91cef05e65107fa11070c455209c55573cc549cd053c8e4155a" + }, + { + "key_generation_seed": "89a6e3be304a3518fb82b18ca730f0b359cd6ba90664a493fb4f8edaf965b9c3b6591121e25d64010c25a18676033e1d7278ac5f2d0b43a31f3a4156ae710465", + "sha3_256_hash_of_public_key": "9dc0d69094efe63d751e6f9c1e92d2107a7b45fabb820222d30b11595c351643", + "sha3_256_hash_of_secret_key": "00f4a04ab804f2fa3ed80a0fa4530fd45ebff8afadf5f5b7d46a672c690ac3ac", + "encapsulation_seed": "ec750b3939385a3f8df868119dc76f77ca845567ef068de6ada5478a56bc78b6", + "sha3_256_hash_of_ciphertext": "774abc2c6dc9570eb781a39f79f49f2cc6870a43e8812559d89d1c59bb1aa5ef", + "shared_secret": "2c42bc4a172c928bc6ec7480785d63f7281a9e5acfd3f94335d6d7fe5fb9c5d4" + }, + { + "key_generation_seed": "d569b935ce015c85f792f8f7fb0d83c4f53b492959361dd4f75fb764d656450176eae84d11c4528382828f7a689a0d5cff87b8ca0bba97feacb39b935a8788cb", + "sha3_256_hash_of_public_key": "16829a8aa9f8c4e949d4e6388448c2c4ec6a977f8c5fb80bd75d93a723bc9bbe", + "sha3_256_hash_of_secret_key": "659cb66f989532fdf5a741fd03862fb142a05a0fb43ae20bffc5116de1a66d57", + "encapsulation_seed": "74f1d52af09b12c36eb062ea7528550cb4c18a3ce8e4f4ea9fac43ae383bc925", + "sha3_256_hash_of_ciphertext": "ff53eb11ffac30f45bc8327d7e7d518f1c2d71bae0052ce8e15903c8d14978e7", + "shared_secret": "230a69c53e2192eed6c9b876d6b228fb666b19448e0a2ef8601910d624bc173f" + }, + { + "key_generation_seed": "5cbb141c2763425c274f7404fe530d9116e08c33f9f200a20b011cf563a28990fc9ebbe336dc464489861db8253606971bd0a9008a433ed17752d04023781552", + "sha3_256_hash_of_public_key": "90fe22b38a4fafc045cdbe0c9689745fb45760cb2f0f94f7d13cf8c834c4df3c", + "sha3_256_hash_of_secret_key": "10a89c990c7676890a65e1c776cf892ef1431d56fc115ef3115c0b8f91db0690", + "encapsulation_seed": "4b3a70d85f640d1a2a852fb6fe96704af56a7415a8ee4282e9207bc3a2dc116a", + "sha3_256_hash_of_ciphertext": "3d1fa5720670ea284567d32beaca2e56853f7b6268e32af381034f13e4cd4853", + "shared_secret": "327c548d7df90d813f3b3c92e908c4c55fe4c7277f91b6fa2271c0f149dfb273" + }, + { + "key_generation_seed": "293abb6d1c207927945417cf84883ef010823e11b487ed55239e466e83696d0cff8563038aad865a817cab9ce98846ba75be9363718ecf5fea538aea90b2a558", + "sha3_256_hash_of_public_key": "c277a9588d9a781ddff6aa9ea8d259e5599d0adaba2f459598ebd5bc72786023", + "sha3_256_hash_of_secret_key": "40609cf26d205ce694ca8baa097bc1342d2462a26678eab90893da147e389d3e", + "encapsulation_seed": "26e38ac804fb5b4d59ddf747715e7e6041d875f99c7b638024b4af82d622da60", + "sha3_256_hash_of_ciphertext": "bd274d905deacefc3d90a9ed76d59af4e814cfc06c118ec17662afa4f6b4fdd6", + "shared_secret": "0d95796efa11ef2b4f05d0cd9e1d8db26f3e5839fbba7cd84e00d468decc088c" + }, + { + "key_generation_seed": "74d87c7556f2671f2d666854a4d6e073e69f35421e6e1a428cccea49c37f972ce1fb7456ac0aa1b97068f452cba64ebdc138bcf5d36b0a0fada2a3b374141eb9", + "sha3_256_hash_of_public_key": "d3c8cc315c4054d09deac08c6d5d364fd5d47a3c09041bee42c561f978e2d98f", + "sha3_256_hash_of_secret_key": "3e1b23ca9dc111c4a3cb0a585c7f4e5d1f27a71533eaa5347e285c7c35e81990", + "encapsulation_seed": "a319d2b8f114f1acd866478bcdeba6fd164dc4e37b0adfa8d8034afb3e197376", + "sha3_256_hash_of_ciphertext": "c866f33265de001b3308ec41682803d46dc61d423d61565aa5ab2f1367c93e3d", + "shared_secret": "cc047c6cad36dd056b84e6b9a4fb6b1b349d593e104ba94a67b107b291ca4633" + }, + { + "key_generation_seed": "013bab0212d04ecd54b478daf72748003a25e2cb060ba6cc50bf95c292b8206b9da0c5da5f195b80fbb99c2e8b06926074f3f604b3f6195b5a5b9737876bba72", + "sha3_256_hash_of_public_key": "dd1a07043fa0c6452500249601f25de742ab44213e2718cf0ddc5ff6a2a9aa6a", + "sha3_256_hash_of_secret_key": "2cfeaf5c1b4195f0374256027d3a888e9a093de8ff9181296d5b1b94048de38a", + "encapsulation_seed": "ff646071b2509e6b75790917e08e4f0b0d9f0116ec6291c0b59eaa4b583ad830", + "sha3_256_hash_of_ciphertext": "6dad2899c49ef32329180b6b8749c28a24e070fe989027061dea25f0b05490b3", + "shared_secret": "2faf2dd50be618b025cd2b53365221f5258e175e4a445cf053c66b3d3a998c8a" + }, + { + "key_generation_seed": "ccb073c4b90be0ad746e26fb093b60c70110bd1dcbcddb566a8cffb7b3caf80e71600a8982c350df524cde514431ded7aec23576530894bcbf0ec0bfef0bb64f", + "sha3_256_hash_of_public_key": "f2a8cad42c743eb61aa338049ce917616899c803358541de1e58cbbdcf3c6328", + "sha3_256_hash_of_secret_key": "7a9ebb792c7193ffefe6e4760ebd0dec6f67c3f3b0fddb5abb4b7e931ee827e6", + "encapsulation_seed": "0584270ec26f3b9818e4af074d17b2d51037cc8dfdcbe3b140fa4fed5deebc54", + "sha3_256_hash_of_ciphertext": "125f7da90bdf4bbeecc54e47e065b221a6ce42d0569530c136ce2c9415b17e79", + "shared_secret": "cd890d2eee7f747441ca9448c7192bcc274e8b0c3c80005cb6fdb4691186d85d" + }, + { + "key_generation_seed": "2e889f44e28901e9ac7ca6b2fffcb124c8979401b17064d7e1d51a7e3c3adbfa0e145e44aae52cfc609e6f47fd7a6f6af877190ff52256d0ac5b05b89c3f449f", + "sha3_256_hash_of_public_key": "3394e8401245fd6348bfa697f6990b6671577ec7b35a45b0101730a801942643", + "sha3_256_hash_of_secret_key": "3ecbb219e90e2250ad5ba87f53975439cacc030c3e1641b87ba8c5b3d89a4aba", + "encapsulation_seed": "51e05c7b4ca3079781e8293f4eccebeeb2f8c8b4c59468eddb62a21bcb4ab8a3", + "sha3_256_hash_of_ciphertext": "6cd30cb202554c18809da0819ced4cfe83021874fa9c48c3374b7544e3256f5b", + "shared_secret": "e7942359dfb015d5022b790b5e777a93a5963260ae352567d3fb7e27b2ef0bab" + }, + { + "key_generation_seed": "174aaa36410566dc15a5e62874218d7abdde0b2c0f30d877bb80b1abd5f5a0a450a7a2354f7e5cefa6f4a4e9a1c411eb9364506e9e1204a8acb3cb77fbd2c4ed", + "sha3_256_hash_of_public_key": "ec9c0d68c84cf3804f14e8daffdd1e28c28d3d55ee782c98c498b0d9bd4ebb23", + "sha3_256_hash_of_secret_key": "24a2b3c3efd979a1406e92d5c504d5004079965b5fd0492469f1b4250f7023ff", + "encapsulation_seed": "9eca0fe36c80fc5eba171c3ae66a5b1c923faa50b4521bb055e7bf51005c93df", + "sha3_256_hash_of_ciphertext": "a2c6cfb957639661086b02d9a312e7483150fae87d84f21f56e48850af7e3b62", + "shared_secret": "5d7b6ecaadbae69fbaa9e004634ea609df6ec80801bbe73671f4e52169cc9683" + }, + { + "key_generation_seed": "351fe4313e2da7fac83d509f3103caf7b4c64a4d458fefdf636785ac361a1390f072d9b5a99f9c7a0a011e4dc10f6b600d611f40bba75071e7bee61d23fd5eda", + "sha3_256_hash_of_public_key": "a9d7d5a52aa2dc226832f6e4603322f60b1dc21207e3360712f9c6445d37e64d", + "sha3_256_hash_of_secret_key": "2e5342a1c2f58a48e044a26673799c63f88656f6d350a0d7e57bbf8811b2a5e9", + "encapsulation_seed": "0c5719261caab51ae66b8c32e21c34e6d86ee4aa127d1b0195663c066497b2e9", + "sha3_256_hash_of_ciphertext": "b79a2fbd2e63aa66a526fbb42440224fad7ce91206df3684d1deb4a3e57bfafa", + "shared_secret": "547666f6c72c97a8f06fbd7cda4279165dc82489aba2119416e0dc46795bc464" + }, + { + "key_generation_seed": "9bc5315580207c6c16dcf3a30c48daf278de12e8c27df6733e62f799068ad23d5a4d0a8a41c4f666854e9b13673071ceb2fd61def9a850c211e7c50071b1ddad", + "sha3_256_hash_of_public_key": "fa7ba132b5dfa2e3ce67b64bc72d551f3290d428cfbd45ec026f44c8dc28334d", + "sha3_256_hash_of_secret_key": "34306d06720216257691fc65054ed32decd609312f5c5f061e7763ae73fe0aba", + "encapsulation_seed": "0e59f6f9047c784c1f00b24454aa4f1bd32c92ae7e626549972f86fab90e7e89", + "sha3_256_hash_of_ciphertext": "acd7944297fc3b0d2daa3b0cbc999a43de7e9f948d39b9c6a4746873e285f8a8", + "shared_secret": "88c80381cde3db2c1d40aedf8cf923b79b18cf76efe0e46edc3e25e17c7cd8c6" + }, + { + "key_generation_seed": "d8b907b34d152ff8603b73051f772daa71eb902c47b7e2f070508269d757e02e36b817736cbc5f7b1dd6eef5fe6332fb1a598f3871e5470d440fd2ea631da28a", + "sha3_256_hash_of_public_key": "29f8a01ba71d04d6831c03d1ff294fb58ef6f4041772cc071074829c32a3ac9d", + "sha3_256_hash_of_secret_key": "95f9b4063bf05f89ca9f99e393b11c0f2105eafe40abb313f345b58e10519955", + "encapsulation_seed": "a3963ade17d69debbc358dda82c7bebe2c39d25b36813058e7a161542e3f8c2b", + "sha3_256_hash_of_ciphertext": "096f7946c01dc61a13dac8b85d9c377f9c86aaf8ddc02163a74169854046a1b0", + "shared_secret": "ccda9f28bb09dc0017a1df8e1796a3489c66afd2c3898a39027c843cf022b790" + }, + { + "key_generation_seed": "684a29e4e5480a5f2533e1526b5fac8cdf5927f3d85087c71f928c59690eb56575d12195ec32a8686d0600e45d4a7f54219b0d7a3826d193a51b9156ecf2edd6", + "sha3_256_hash_of_public_key": "357376de9843d74252466888727f9dc1ef48d028c0f52c902aa0dfc3de374c83", + "sha3_256_hash_of_secret_key": "b8d675ce213c73f9792f328448850047f4410fc500212939ab2e234b619c9104", + "encapsulation_seed": "97beafabf2c8575586487c7a80e8af5fc50f94b6051c1bc66a5ae9f66be3cea7", + "sha3_256_hash_of_ciphertext": "a0810d28d2dec44499bc47d48ae22984c17728547c3ff0cc859702d2a6962f88", + "shared_secret": "caea7e78e6f80e126a9f41ddc0ae5946a80cdf617635934b22c9097c5090ce59" + }, + { + "key_generation_seed": "d76b3573f596eb286ab5231feec7499686b13021be36cb126c7ebeb9d7030daf248c0a21ea0bb6d6f56f12300e8584d8e9a34e0e6f52227281151ae4c305fb8f", + "sha3_256_hash_of_public_key": "30382cb59feee1b6b0fc129fecb8c74034da92987249bc20cc8ad4a2cfc1bfe0", + "sha3_256_hash_of_secret_key": "2600203271549828d0979adea52e2e976b7d9f85bfa6931d6c79e14137fad51c", + "encapsulation_seed": "75461decd34c50d6a094b4a64fb75e5e9479f8f9250d82bb7d729dedeb2d4b65", + "sha3_256_hash_of_ciphertext": "4d20b7665cdea726a3240782143beb60585d4ae39bf18f4ab5343d4f44c7acd6", + "shared_secret": "431bba421ea89647d815a16f440d47f1604b67d9a2d33f2dcd21dae7e65bd5ce" + }, + { + "key_generation_seed": "b87439fde81c9e39eebe7cf741c685785532c1dd23e8ef868b9ce7a541010f3d1646460817a0fce5836bdfe124a7448e7adf7b8ecc2652ac6d280e986682df71", + "sha3_256_hash_of_public_key": "f4e474fd64a6d945e85eb4ee7509cc99fd4054de99f819fdbbb05c54ca6e36da", + "sha3_256_hash_of_secret_key": "d8a3a0edc73fee057281add9e7cb328566fb22c5082978c69088d76e98ffff90", + "encapsulation_seed": "2607dcf4fd6ca1c614c21b5e37c24981c32b91c8c3e6955777da8a3f5d9c9335", + "sha3_256_hash_of_ciphertext": "0f18bede2f42d6fdf32dcd2cf8937ee8d2909eef0aaca8586c3892d608712a98", + "shared_secret": "cc0a7809cf6787a4587e090249709f694b709ec8475a42b4705bd1ba312c098e" + }, + { + "key_generation_seed": "056661b38038da4fdd7426f32a81576c73ed84843b305168a374f934e27a4e1b79238a80dcfd7c992d84b2dffa67493e669243d4fa38c46b090bdf86bc548411", + "sha3_256_hash_of_public_key": "50688de263a82386f39a7b82592247bf5499f1836a3a941413c75f6331ce4031", + "sha3_256_hash_of_secret_key": "ff207007724ca5d696ba44cb106f525858111d55323c9fc0fb98d64d4f8de8d8", + "encapsulation_seed": "38c89bbe7145c29e9a831c11431eb9929cb24fb4992db20737e4687d397fd732", + "sha3_256_hash_of_ciphertext": "9dcc43fabf94918ed4f7936960d8c732deb2209090d1303d62d5ba591b51a142", + "shared_secret": "cf21da86b3e09c38ce5799637b1492a1a268dbf0ac716499c68bac11a774f41c" + }, + { + "key_generation_seed": "a1b52d871612a1c611ae0944f9e71858f35d3bd14f20e96a931720668bdf0a6b1f135cf64b6403e103afae34da038613e2853bbfc36baafa3c6a95347193f37c", + "sha3_256_hash_of_public_key": "1a29c0f2dc4089a85db6865ec90faf2f4ddd25f210eb56e49741866bbca8cf81", + "sha3_256_hash_of_secret_key": "477dbc28e4f21587f274e7a3b673f743840da1501c35f0e9ceb8972970de6f86", + "encapsulation_seed": "b2c35e33c72d90182791f0e12a0324f5b216efcab2c8da1bee025dfbe13f4152", + "sha3_256_hash_of_ciphertext": "877f477beda55ed2a7c34408c04b4a90596b4d94ac1830bc04a0ac9b73761ffe", + "shared_secret": "b56f557eb758ae10d22b5d65847cd811475b96f5a46b0ed3bc2f1b9b371fef0f" + }, + { + "key_generation_seed": "952b49c803d6d6fba69f4375adce8594847a00bcae2179da49af2aed0423250262d7033947ae42ca53522a65fbafe18d3bc3e0cb66164e9a094fe4b44d8977ed", + "sha3_256_hash_of_public_key": "3fffc419d3d8a887ff789eb661b2af1ee5b32a302ca267b33eac2ea7e3340b97", + "sha3_256_hash_of_secret_key": "0f42068d2885e1a44b2ce4042675118f4fa35f58c1206b965b57ccb52c4f25f8", + "encapsulation_seed": "afb7d6dc2b7eb6d84acc080c1be63c98afe7b07786b5801f716444a3e8e64800", + "sha3_256_hash_of_ciphertext": "d8f7b4a0047c18a84ed13e3057e240cb578cdd2ac1e57dbbd6253eca9208d6df", + "shared_secret": "aec1264f12ddd2ee8e51b71d703ca5c2718dbd79858240635f9b076c749a5ffb" + }, + { + "key_generation_seed": "3c815e57e9233e975fa1630208aab206b71ae0db37a7a8789ac683d9f9b2d29801c8e376fdb140ee343106c093af7cb149b316ba79446ceb4e5e0cedb9b164f9", + "sha3_256_hash_of_public_key": "f1de70b1072881eb659a5e890a92c9313c7378d2e960a060b9c918260d4c2458", + "sha3_256_hash_of_secret_key": "ecd9d757d80352b4fb51c71976d7b2ddeb927052f9f7a7cc61fa67662d4dc86f", + "encapsulation_seed": "28f5e9dbda122b2cf8f3754fe9e0c73a84ad4b0c093522e0b62cf815d60bbc3c", + "sha3_256_hash_of_ciphertext": "10b2b1dfe168aace0dce3776456c2e2605f99fdeaadfa3ff5e7a81f6bafcb76d", + "shared_secret": "6514a3b97760070116c64014c5695df60d0345b29ada92fe24b672586f5bf06e" + }, + { + "key_generation_seed": "588760826dcfbd36d9abe6ae44a669bb3ebba6a218eab69e30f18a3bd536576e0e860576285483bb5fd36e2f944d32c4317bebc1e441470c1372046a790d79d4", + "sha3_256_hash_of_public_key": "b0c77b5407577a9a9cd8864efb80974aae107fa2801b6ccaf341d5456a86621f", + "sha3_256_hash_of_secret_key": "0feade68babcf09673bf843c59379520c19081f2bc33940a8dfcee07832ec66d", + "encapsulation_seed": "b0d713cbef0bb1df70cbb425d1e9373e9f7790fdc7980cc96a240dfc53f1e8e2", + "sha3_256_hash_of_ciphertext": "b204aa70efa18e31a11b6b92e6c7dab4b2f4766ec5d302a0e93e4feb05fe4843", + "shared_secret": "52344e5e173fc6088c9dc555cc90d8e5de19bdfa0d657ad8de1a3c24ea679bb3" + }, + { + "key_generation_seed": "47550e9edacb6ddce3d9ab81f6b61080dd4f2693854acb05e0ccc7a4fb6390fbf89d7d99d5c3e0d10d6ef9af054d842375f695abb28e3b8eb495100f04306e92", + "sha3_256_hash_of_public_key": "255d2e2fe01c87cf70bc30703644fc255f83fb47cc5cc5ae2c0e49d6198cae03", + "sha3_256_hash_of_secret_key": "1b1050f38bdb785ed43daa264b60c7946d93f135c65e93c95c39fd1f2d7b5311", + "encapsulation_seed": "32bdcdb7059fe27f6409901980c080308951ffd90deffa8317b4d213a5f04495", + "sha3_256_hash_of_ciphertext": "55165f35498250256c30d0f0fba6ec57db352a6ebc05ac42eaa8982b2d48af5c", + "shared_secret": "ce80f65731c8fac072f7153bbdc425f76189d01bacee8462060c62dfeddfaf64" + }, + { + "key_generation_seed": "610afb64be8cc1df288cfb016ee2f44c6c07113de7f6fee071fe0c3fe31c6215cd292e4c5f9e1a55e0489bceffb204d672a6215f4f3980a646d9f880817c52dd", + "sha3_256_hash_of_public_key": "63b304a19162abdc4234e6046109f99f955695580a8b782017e107e45575bd78", + "sha3_256_hash_of_secret_key": "19aba21e57d4b3aca7209fd5cbd15f9e7cb9f6777960d9452fed866e9e9234f0", + "encapsulation_seed": "4ed7c92d83bd03b2a25b567f17ae55542e2f6a4308ec0f3fe69f8ba5ae24331b", + "sha3_256_hash_of_ciphertext": "5eddd27af25f9553e3a5b20e4de86280c65eb689ffa7773dbb5d24640bf51248", + "shared_secret": "3b23a3cfe57897fa9cb691ee9805739f40d2bf22930ca9ee48ebb7163cd66bb0" + }, + { + "key_generation_seed": "e1953800acaa85ac02a906c72cb8e8d704e8d27820345f88f71e89c1f549afcc8c64c049c6dfc0f1476cffd520b055756162f7ec94243de6b14ac0b9e5fb366c", + "sha3_256_hash_of_public_key": "3c598a48b06d7474da19ca85aff6b2b3303b5d25b96088c52a08cc7f1e87c5fd", + "sha3_256_hash_of_secret_key": "03c563426eb21d277421a30ca8980d4de86f7aedead9ab9aefb3d7362104ec50", + "encapsulation_seed": "060ea5d2ed1dd88144a9885e79278590821c22917b55a48920f96b53ebe0e689", + "sha3_256_hash_of_ciphertext": "244dfd0105b643caafe35fdc184b8e23c7538370d545e6f08357e83f413de258", + "shared_secret": "272ecae17c3d107a8b008f60c8844ac01e09b8bee17eb4972f5f71774af2d54c" + }, + { + "key_generation_seed": "c719f9b2d16399b7326ce4eca30dabefe8fdaab18e9f6df888b0a134ef355570e40771856eb77e4633504899fcb86c6a3d433d0b8d60e26f07bd61f1d4ed69bd", + "sha3_256_hash_of_public_key": "9911b6283fc6dee66e16d411fe39bbc9f53c30bb54f05044b96c740ca051c61c", + "sha3_256_hash_of_secret_key": "06751acd0a50beca92428cf8c803af429068d4e5c4f74cc59e6d3275ea6da737", + "encapsulation_seed": "10ef9426f8c4a13b52325c5bb4ead4596ecf2c6b5bd2d37d8350e90d4164fdd9", + "sha3_256_hash_of_ciphertext": "dc8797dfa40479e4edee48d320320ca4a84c55789c94c34ce4f0a4be83ae0568", + "shared_secret": "eb456d8919c7e96c4e18d7a0ae27d47996e4f94c46c60b4649b327903acdc0c0" + }, + { + "key_generation_seed": "e9acbb774be970206c3a738e243b420805a509fa59fa902044be2f0d013650d2ded5edaec5de3bf5b4d7c2f2e18e87f499c1968993eff196753db8045e2c8ba8", + "sha3_256_hash_of_public_key": "e78d350d2836d1d17e6ec375a0cbe0d6b2afe1ac036272dd41f8aa769c9d0668", + "sha3_256_hash_of_secret_key": "f74b8f9343146c1551a3cf9fb3d4e88febba4e98db745f36678d854230a8d7f2", + "encapsulation_seed": "a4bd30a64cbf29a4e290fa1cc1dfb99e68348713041e4409a1af23c5d80c15c4", + "sha3_256_hash_of_ciphertext": "400cda4e51c1eb539625bbe6679fc13b009e72cd442a1385759e7090e54d31bc", + "shared_secret": "3f92ab2eb867d4e2e658917fe95b19042cd768dbbcd895e83b7bfda621fc428b" + }, + { + "key_generation_seed": "c1b3cbffad4b306f9af0cdd3028876486dbe858875c9b6497fe20172a986c82b1c96249919cedc2369d8d739ab125e0d2ccb82dfebcd90240a545cdfe07511f2", + "sha3_256_hash_of_public_key": "5820c7564d087683c0a4864844335bcbd62afa1ee542c3c1dcd8b72c80824b50", + "sha3_256_hash_of_secret_key": "11212a895ad32958d25d2ad32e917bd5bfda9dfcf08e316f733b74479469f9b2", + "encapsulation_seed": "f4b66a7d3b65b896dfe100b2cad24b175a1168cfd2ae11fd704b835f6bcd311a", + "sha3_256_hash_of_ciphertext": "fad3a5efa62eabac076fd38f84e91f3c20f7b263408366c476695a9665972ddc", + "shared_secret": "5890e86b38f7fb11708a63f5e98ad65d10db5916e6669e1b0161142e6d30d017" + }, + { + "key_generation_seed": "ff7495b8575b5a98e4fd21fb4c3e58cbb60f14bef21aa74cf8802e3153f14807bdc370460375a778d1a31d01c42b66367ed8d9e8f84551002f552f0e52102b5d", + "sha3_256_hash_of_public_key": "c56eb5880e9d9d0fe7901747f75eca1996c722ac47b76f34a4dbaaee0ef8a611", + "sha3_256_hash_of_secret_key": "8a90ed45b5910904e2e9f6a6e410d4caf024ef6436fbb75fdd179eaf09f6f362", + "encapsulation_seed": "1d7b03d3c5eefb8ae5799dc569aa668f1bcb8c86607b089d3530cf61d6380147", + "sha3_256_hash_of_ciphertext": "16f18c8dfcb9aa496f8c6f8a76af4cf2405407e0f0467deb4adb7049595b0df6", + "shared_secret": "3b09c4579ad60b17eba6029141a6d9765e1abae72ec32f1b329a5e2af761a087" + }, + { + "key_generation_seed": "bdc3fba1c32751139fc45bacffb3ea97f26573d804a5f27a459293d95190ed8efd5a08f656a6eb8cd20679930a31caa6a6331c4b133a6838c223ef9f769f6246", + "sha3_256_hash_of_public_key": "717823f0b58cdfacafc795aea529561d11374f02964cf635c27848671043766c", + "sha3_256_hash_of_secret_key": "f3c47ab6b2f2a0962faf49bbc31f3101d6f4b867952aa3bbee32408c1b88ee82", + "encapsulation_seed": "554f3385b382f4a46314de37ee3885addfc5332bd4038785094e0a832e9e8c2c", + "sha3_256_hash_of_ciphertext": "fd6a149b033707358fc07243d95b0256153c30e65cbc9479ce05ad2f96204a37", + "shared_secret": "f15864351fe8e878ad66b402f012668e8bdf21525f09d5bcf4a4dad656d2e480" + }, + { + "key_generation_seed": "447f6076a627bbc5ad7773fbfeb14b4ba9ac43a0f8b99fb6dcd5e452aa3c47ec20a7237801f470fcc2bd9fd7bea8322859b850f7882d362947432913dd068c01", + "sha3_256_hash_of_public_key": "7a13afefbba39ad59c088825380398f43f1251b83b0ca9debba0102f902d7190", + "sha3_256_hash_of_secret_key": "da94e15b824e73150a408df01cf1c5e4128739524831a4c2f45d0724144010fa", + "encapsulation_seed": "38bf0033b779edf5367d9ebc01c988af90904c560970815837380650e4749eea", + "sha3_256_hash_of_ciphertext": "9193450ad037d38d8e85a46a522d4f6562ef7c7aa1372a2ebbc7ecefd1286bfc", + "shared_secret": "1f1a7f0d0d86a52a6679c431c322263b185b0c90ce40db054928be438f38d47f" + }, + { + "key_generation_seed": "2d5df64d62cb07fe630310bb801c658dbf3d97993e68626745de39d37fbfc2b27b534537addaba4ecf14f02ab317d36cb9f0f50222ced7cf029dff8a0d3d2fd9", + "sha3_256_hash_of_public_key": "dd4cfbc29de3568663a3a044c3f897714363b0fdd3b6ee55f796292d34c7c79b", + "sha3_256_hash_of_secret_key": "6142d02fd4501c7bffac124bb8f26813009d2bfb91023a3fadea9506a40e1467", + "encapsulation_seed": "048ea516d0ebbd9f709b47eaac66f344c571cf50f0d01c9466aa061a50b66a24", + "sha3_256_hash_of_ciphertext": "bb6e0249218f8bb4712d60e59f51cde2dfecfc1f828eff42f2707aa59f12164c", + "shared_secret": "aae9ca8c35deddcfd7dbaa7780fe31c102aa90cc594eb56edc782fdc4eb53b41" + }, + { + "key_generation_seed": "25056d1b8113bb362dd979d98643d7a7ac9c4f95994c0ba060609b6d07002ff3f48a9254dd40b117941fa35a66bb50296327b725525deef70e128ca8045ec451", + "sha3_256_hash_of_public_key": "9ca90d64e28a5bbc54c36053ed333c530f72549c2afd77b10c2944fc833408fa", + "sha3_256_hash_of_secret_key": "510f84cae4d4307d7848f4c9665061657ae81526139a8b6a4076ad3df919abfb", + "encapsulation_seed": "686c921c9db1263e78ae753b1c9c2e7936b8229dca48c0942c56c6bca4f10917", + "sha3_256_hash_of_ciphertext": "36b3567939ee624d5088c4daa597c73349270a754d3c272ec3ca5e08bf896fec", + "shared_secret": "970fe36e57a253e88cc80c9da6867dd66fd8da1dc15c85a480a1a45eed708ff5" + }, + { + "key_generation_seed": "e4d34e12982aeeb1d62fd488d9b9e28557ed3429292239fb4f76fa9098009acae6c45c7fc62329b13c8d29844405db8ff6860de474bf727ecd19e54e6e1a141b", + "sha3_256_hash_of_public_key": "da073c98794493ec169c78eb75a39c1594ccfa635b8707325e0ab6cb8576e30c", + "sha3_256_hash_of_secret_key": "7829ef884941abc63f66889c3d44381f5450de1b95c6b6f79f909d74b27125a3", + "encapsulation_seed": "2387772e50059cabda53cb93ba24b19ae529496c03b36584169451525c4a0e7e", + "sha3_256_hash_of_ciphertext": "43f8a2c466c09c915fdbf0d0dc5069ae5333790e7efce86c163d360dd0fdc0cd", + "shared_secret": "8eb310431276a31c1913cfa2e2d6b0dedc8a208c7470251daebc5b1bb6ee78ec" + }, + { + "key_generation_seed": "cd6a99396eb3539ca663a51e42063a3a262cc1c5a5fce1566f0597b52ad9fa325a3407f591791a5db4578b5972093a95bec3b8e70c1d542c9b5c9789729f8922", + "sha3_256_hash_of_public_key": "c2aa254714dac09b9e712572b24154be391063afd3cd8cf4cc4ed8ef21f0cfe5", + "sha3_256_hash_of_secret_key": "2e552fd01c00cf43110aacac37d01c02e5f59c87133e3769d3b2bf0fd2e4431d", + "encapsulation_seed": "155c29c5f0378df0cd0e847a80a07143cf7522fcd880c9229eb9feb1ce340cd2", + "sha3_256_hash_of_ciphertext": "854806aa3266473aa5fa6097095d5f21707ab4df857d927e8848146bc4cc2bb2", + "shared_secret": "425a88aa4cbb6b6de122f1730aee536f1cdb8fc84751fc6eb2b42bcde5febcb1" + }, + { + "key_generation_seed": "6c8c53ed6f65e6b2e324b84364e10de42d1c26a106d4d1c99eee79c78586fb55b9402bf02481ce4b27a52e87feb92c4399c7f2988d40e942e7496ad15ad2aa88", + "sha3_256_hash_of_public_key": "8aaca951e0573f28d50831960a28dd11126f0eb080afc55f394e8eaf6379f6eb", + "sha3_256_hash_of_secret_key": "45592f0d94666d8201247fad4d0acdfdb4635a5e4fa85b7e25b2391639451bdf", + "encapsulation_seed": "a9cb9a61a3324b1ea5afe693b32784e2871096b2ca14a11acc9577c52359a241", + "sha3_256_hash_of_ciphertext": "035223323ac02f2a52f9c19da46b31a7e189073fd5ef5ceee6ab8dd1b062b6d7", + "shared_secret": "457efc40f2e99aa599ac1ef92f9efbfc93d17fcd793837857f6a5c91a8dd7da2" + }, + { + "key_generation_seed": "2107204cd995f1df14314d5381f8c5440f09a347502e161cffc0a2ec3dcfbc7324c3da70fe850e80aa818301d60c70f3038153866dcd5d179e22db59b8991bb4", + "sha3_256_hash_of_public_key": "f15a8fc937b12ff78c54fc273fcd7dd5611e5835472ed377652ae64495f9cf52", + "sha3_256_hash_of_secret_key": "dcdb853d17884fb04396dc10d34bc84d594343ceadda564fcdfa9b4d47dd4e3b", + "encapsulation_seed": "e99fbae8a024ebbbdcef32ce213f6aa942e3eca925e5da4c09975d773b33a175", + "sha3_256_hash_of_ciphertext": "a94ff1a0c62792c0e1dbe578210ba5a7f3cf8a9f9763a16362d66a3082e4753e", + "shared_secret": "99b58031465868d0617fa795e6be1c33a870a1e154a85a2bf61346f7c55f3b76" + }, + { + "key_generation_seed": "63a925685a8ac5bbd918faa33ac397d1ffbcf99135d9da7c3d6ff7aa4c50af3d3afdb8a246a56ee71465591831c371f2eb87467b0559dedd776ba063ee6d2f93", + "sha3_256_hash_of_public_key": "ef7ef8d7d81aa907fece4c1920c7ca9dda3bb9d57f09193487bb89d6422f10cb", + "sha3_256_hash_of_secret_key": "2bef3558b547044290d1232a580a6a473cfcd8d87ced6305f996d4db4f46e6af", + "encapsulation_seed": "67a216f37d67f5e74f782f1badbce1cc8c80a6130aec305b421899a4faa0a6c3", + "sha3_256_hash_of_ciphertext": "0b60d83d562b66153e07bffb5bb05b7d268351377381b04f1e59201f961f1907", + "shared_secret": "387705c2ed600492a0b06f5587ae3c40be55e6d5592597e57cb8015de9e9271b" + }, + { + "key_generation_seed": "6a1aee5e708c1b47f02bdacce4f56c860f74fc7cfec1ef3b58285b1c8ad7fec2230e05b7114ff0395cc6634db1eae8258072d09c09f291e92d6620b177dc50d7", + "sha3_256_hash_of_public_key": "99b151aa6b4654589afc36b8343fcbdc09a3e5255b378d6ee5629cd8b3cfd555", + "sha3_256_hash_of_secret_key": "b7a7d95034017d523ae23e29fc400e9a0b320f9778ba1587b69dd012f2aa47bd", + "encapsulation_seed": "52b19fea232c9154a3e431e9d69cda40013cf2d485c3cd027ad24e645420420b", + "sha3_256_hash_of_ciphertext": "3a4ba04bec2aee99c5e4e2459f1aec52fc950ab67b61570d57a17c4f3d9031d5", + "shared_secret": "2a426534e3c23e28a237047aec83d24abcef8c7f77d85d8b27aedd7c50263010" + }, + { + "key_generation_seed": "6396b328b100e4c7f4bcae69875edea1a1982421558c608c13c592bf7b5d0fef1100ced48add211a5c937b8d6079d8e271af3f949edc61f70e60453aef20dea9", + "sha3_256_hash_of_public_key": "339ba63f705606d8c7fbbd6e66dadbf23f532d5423802c836f2105a636e9e6da", + "sha3_256_hash_of_secret_key": "60aa684e7cbf79e9c70504608a4c0f2cf8dc207f71b1d0ef5e3a99013ee866cc", + "encapsulation_seed": "64440adb05db3308b189bf999f9ee16e8ee3a6ccbe11eebf0d3ae4b172da7d2f", + "sha3_256_hash_of_ciphertext": "f5d1973f7c10d3ff7cdb66195ce52e182f40ce5b9f16ef67e31ce8632cf617e8", + "shared_secret": "ffaf18d4fdb39a4aedc80c7985843f6b87a02e36c69dcb00f3cb01a619a77779" + }, + { + "key_generation_seed": "a453bcacdd2b0d4646009e5ed451c3c45f08fb827ef733db3c517a9dc1af93e67a3cc8aa3239d4c52ce4c95afdeff6efbfacac10d294edc0e7cf4535059bfdba", + "sha3_256_hash_of_public_key": "1f9e26333b637ef9beb8881c63f9412b07c47a276af0e242062a54026bcee2bd", + "sha3_256_hash_of_secret_key": "f7f38ae2caba6d7e87b7bee8b127a9aecbc0b795345952d65bb4435e3720f89d", + "encapsulation_seed": "c8bb46b3a7344ad170c2052fb042b5a3b62e0590562ee82577b1081f6f114d16", + "sha3_256_hash_of_ciphertext": "c42f9beac87086ca603d95377c5e539735752eee043653fbacef0d2824b91d86", + "shared_secret": "1b37c256820ae408a0005a1fe7461d54e53813e6e7ad58ca3dde46a53a44590c" + }, + { + "key_generation_seed": "47ca2b77c5b717f423222c2730ca5cb9c856bc951d01b2b2c80bd76ccb5539b78f1481d7cab000e33fa07de8dc9627a85e76fabb4428a3376e66300cf12a0787", + "sha3_256_hash_of_public_key": "64b9f8198bab9b3b2f2a1704cd4ddf6b3cbc216ddc0f062a72ef40115917fd21", + "sha3_256_hash_of_secret_key": "a3cf5841bedd9be95061b910333190834063e5cbcf0fd32673f8cf3f6b548d17", + "encapsulation_seed": "2e2b70609f3fe029a14d09d5d659871ac776ce2797a0355f16e2eb68f5613fd1", + "sha3_256_hash_of_ciphertext": "056998cb46e48667cb4bda6dfcff9321219b13fb1a682e90bfba6ca025bbe6df", + "shared_secret": "12871c83c35db351c2c0b4afe0f0ce9fe1f21fdfbe8c18a485d5c1292faa531c" + }, + { + "key_generation_seed": "aaf6eb40e596a5e3e8218871e708b089240dcbe7fd3641f0e5e41e071ce49107e2f8d320ac3cb0c52efdc753282f092bc39baf4a18783a48ea031a191865eb78", + "sha3_256_hash_of_public_key": "de4ce515b882c849717a1ab34f2ac0238c868f415630c1155bcfb302d346dc91", + "sha3_256_hash_of_secret_key": "4b917d9daddcdc932fe0448063a24a592edbb0e6e40b5b53812f20a4cff7a0a3", + "encapsulation_seed": "4725dd8fb314bfd8ee23731c2341dbe114606d9abe6434c471b5573e7df193bb", + "sha3_256_hash_of_ciphertext": "e4eec4f31749692984bee94c59e2947afc769197fc18b20d2e34ec92e7d15ae1", + "shared_secret": "adf49431dcdeb29f729459cbf3c2b94151005c7b841eac921a71262d65dcff99" + }, + { + "key_generation_seed": "6500f32c93415cfdbc0bd31d78d5be95cb9060c8cfa2013955b56f8b6868b322393308641a9a4647f230201e1389624a296b55192a9819fcb19ab77c25f95445", + "sha3_256_hash_of_public_key": "93b60f0d00c09af885b5a0cbe942fde6afc4841428104710823bdcc12319eb35", + "sha3_256_hash_of_secret_key": "953ab28bf8cf18e86b8c80efae0bb47582d720e787fd2af27d9789c1ffb7ea1c", + "encapsulation_seed": "818d3bb8ebfb32bf464775f7139bac0a5bddce80ec5798595992f9403002cd5d", + "sha3_256_hash_of_ciphertext": "ed5b2ff1ee4222029e7c0d858da6ff1a1417a74a501b80d1b5b6a4941329e892", + "shared_secret": "35e1521271e7ab9931b2c25d75f0f09a89b3f83a6bb62ceb99e8e00c5cf78afb" + }, + { + "key_generation_seed": "7643cef2d62cc5aaeecf754653ea62294cd2208e5bf3ddeea209e3dc45373d49eac9d531a532770837a854b4f5531f6e0c8d6c10183b30d3435498c2dd142951", + "sha3_256_hash_of_public_key": "167a2fec4d72cac2ffd844246eebabdac0c074e4f984433744e31d299faa389c", + "sha3_256_hash_of_secret_key": "9afc4ddea68ca10e36d9b12d3c34595912eaafed49d8ffce01cbed09501f7527", + "encapsulation_seed": "c92aa5fb91c980d9cade9ce99d4c75b2ffa7d6a6ff9bd59def1aa701f2a0992b", + "sha3_256_hash_of_ciphertext": "a076b58fa98a7282c2cedc1e93c1473dd15b15c1ecef192955d8a813180b3217", + "shared_secret": "715519f07b29bbecfc0776e35417558e3bc50c76b8da6fd4c99391b7bc7873cf" + }, + { + "key_generation_seed": "f8ee95521060c03bb8dacc79f7eb7db640f545f315613a35d447a09e504cb4e13fc3d8392cb53f36ed647364a04e37278a0e0a45b720f4a75c580c9920eba98d", + "sha3_256_hash_of_public_key": "955468734662471c953fa516b35b3a53053ff396b7e2798fe07a2ecd549d6c06", + "sha3_256_hash_of_secret_key": "8bbc886fcb7516e7888880921abfaa72823ace9d50cf0afc2f68c4a7c3dd2e53", + "encapsulation_seed": "7e8086a01dc5b3bb9eda25bcc45d27f99874841b97237968495800e007696ac5", + "sha3_256_hash_of_ciphertext": "87914dbce6a365f7335188d83f2394b0fdafc9b0676c022608401cd93d294f36", + "shared_secret": "5a4ba3737140bf227c0e618f74191b3de1c1b8e24b032036942de66a13ef5a91" + }, + { + "key_generation_seed": "b8bd0493a882e3a49b4e0f6256fb1fea0912562fd9ba26ec3d6c9cc12c8973abd7e4b5d8021c486b9c3114d7cbbeb7cd49eba8a61bc2bcae1f1bef30a1daf76d", + "sha3_256_hash_of_public_key": "f7310c0531060051469ffcd2f88e3200bec6c721bca1fa4c9e7bf1773d7ccb19", + "sha3_256_hash_of_secret_key": "16c976495bbd05ee6715f30a9323aa41ecc320e2e63479148ab3a51132afd7b5", + "encapsulation_seed": "bb321ef14d44d8698df879fd52450567657f52a2df8d111185dcd7d4f30a72d4", + "sha3_256_hash_of_ciphertext": "37ff2acef57d0665358cc5ec7f489160d602d41c21cbb3332670f3cf0044fc39", + "shared_secret": "87528a4a961de06d5856004eba20a44590a1bd88318fcd1ae1dbfbfd41f152b0" + }, + { + "key_generation_seed": "c0407e41ddf48d333978b89bcf2db01e4613425b456249e76a6f25b8a2827bf5b2dca81e3f5f748d23c9d356a2209f6b2d60247b2e45c9808de497f64f124643", + "sha3_256_hash_of_public_key": "152c13a9a4dfbade0f98e8a5136358f69c93f0722addc008952cf72e1bf350b1", + "sha3_256_hash_of_secret_key": "b93c3fb9dbddaa560dd52c6a1c37f6aeb2111e46b7b746419e3c27fa43a27211", + "encapsulation_seed": "210a423dadd899b810f011794b79aa7f860823ac1962370e791287d3a1afa384", + "sha3_256_hash_of_ciphertext": "b62ee0b20daf3a87406f7f8428d6dac79ad5f95c225956a564f896658ed51eee", + "shared_secret": "3652a13e36459a324958a2c45328fe4ca6163ba833400e643b0a6e51bbc594fe" + }, + { + "key_generation_seed": "334382d39164d1989696a2ff77b25a28af8bead9883b5365eb6fcca7c1781cc9aba5068af837be962f439f233593d193ce5e08f7d66efb3389885927b89d2523", + "sha3_256_hash_of_public_key": "97e5b18cff525ef46fd8a6aa6e5e4b8d953fe1e67b5771d1b99ff18e754553be", + "sha3_256_hash_of_secret_key": "55102f3a620209b46e41531919a1b6f091c86bbcc5bdcb52b18f9a070680bd66", + "encapsulation_seed": "bc856afe24213e3d14c3d6f9b89223bbcfb2c890722d770fa3492c1e46d1c302", + "sha3_256_hash_of_ciphertext": "6d20fbb0cf418e91e295f391160df696348b3fa99542d12584c0da554b96153d", + "shared_secret": "c07d965e4a87e89e9fd5db44cdf225b20157a6842e2862ecb4f72d8aac933c2b" + }, + { + "key_generation_seed": "6995143e8eb8a6e93840f76eec844f67d2b5f75b1839a5040337e61f9806764a0f4dff8e56f68440836a072412a30d851ace2c7c6f02d60e7a8420001a63e6c6", + "sha3_256_hash_of_public_key": "7b5c67fa6e0ff374f691540fff0b4d14d4ed8a8a8c48b14b2a35facb413a5ee6", + "sha3_256_hash_of_secret_key": "449e7b1644520512fa25ea48f468ce9f866ea08178e814f11561efd4e4aad792", + "encapsulation_seed": "5fc00f89563e44b24cd67d0ce684effe5731619fd08e7d72e2406eb016afb66b", + "sha3_256_hash_of_ciphertext": "e4f728484e23e99dcd35c5d3ca6d62e3a829e60a784faec5dd9fbb2d0cfa8bd7", + "shared_secret": "a502041eee317af1e9e6f9a9c12cc98415b358ff179d4d64ba5b7463a1f33b0d" + }, + { + "key_generation_seed": "995eff7e0d195c6d0533f3dc194d47e60f9ad14696144cde694d60a95f3e96b4b28f7e7a15a005f92400ce33db073d49b53871594a88fc45e0f94207b5f0f2dc", + "sha3_256_hash_of_public_key": "8e49b73bae3b0285bbe1676eb6fad2641e7354e4c0a4feb0b74bb16708b01351", + "sha3_256_hash_of_secret_key": "23a598fad0141bdf07257c662d22549343a01d75eea9c1ebcdeb4a138c6e215c", + "encapsulation_seed": "ea22a76065db4b565ee1807fbd813b43bde72b0e08407fb867c6a18995025e50", + "sha3_256_hash_of_ciphertext": "cb2c217f6ad9c504c9fec4750db44d2c339017542da415ad81094290006e9273", + "shared_secret": "a354e870cd600e5a5951aad3491c31a80b0545c1662f830d7f0b6d144ed3733b" + }, + { + "key_generation_seed": "3e809ec8dd0fec0d911a4e3fac20f70fbb128c5de94dc7184ca7310ae9157a98d8128601c28b1def8d393a0db283229f7c7383152a814e7cefe8ef9d9768c473", + "sha3_256_hash_of_public_key": "f5de62d662f480d4ed8ba235b4aaa4bfff19edebbbfbd96e5a9b7c4e89365c3e", + "sha3_256_hash_of_secret_key": "583ad55aa14bd6a4310d3ab7aa619cf59c93906251f5721a0bf880a866517f70", + "encapsulation_seed": "e9602b34fe73ad57f4bf6ead99743d645641553a5b9b9bf2e7016629e3e9bd76", + "sha3_256_hash_of_ciphertext": "a9f97b3e253dcb15c8ef4c5576786d967e504e8f76c0bf46e051b8f123fce22d", + "shared_secret": "cd98ddb938549cc7c4fe56cda7f3ef213f1aea49fed4fb81b940c7e894be1e54" + }, + { + "key_generation_seed": "dbf1c465fff3d9f783bd9ee61a573715e45691147b8904439b5ffaa64f94ff7bb6d75eac6c76ced1b0a025b40a55440712ad8424672e761e9bc400d63812006f", + "sha3_256_hash_of_public_key": "ec2fc5834e128c5e1460d8cb0c35ab340d706a6c8b52070a7e41a6405fada53f", + "sha3_256_hash_of_secret_key": "954a43f78ef0b5a279c0d020c08d930cc5e83a385c09afed508f9ef6f1a27920", + "encapsulation_seed": "f72b9080a6c051bbdb9b0abc1949034be0f89a9f73fe277ec4d4740c78d04a83", + "sha3_256_hash_of_ciphertext": "f137abde6208e2c014a5a7eb1aac7b910a21df3a7dff68dcc40cba4f34b839d1", + "shared_secret": "e0d0d574b1287716bd7e0a44feea36ec28469bd36713fa8a53b0a104f322016f" + }, + { + "key_generation_seed": "1f7cfd2b70863154e8a69d1758532e86c20cfc763d67c758bd10a13b24e759b5273b38bddc18488024ec90e62a4110129a42a16d2a93c45439888e76008604c6", + "sha3_256_hash_of_public_key": "5e7f49b87bb2319dba8d3485fe814aedb0b43173bc48f3a793554c3e8bf90c17", + "sha3_256_hash_of_secret_key": "74eb7c05fedc78406453b8f021f8a71cce4b3ad0c4d38bc8d581000a38908574", + "encapsulation_seed": "f1e5542190db8ecf4b8d617a04fd3783ad0df78bf8dab749afb57db8321d151b", + "sha3_256_hash_of_ciphertext": "2018b7eddcf255f6a171af914ef44153fd60976c5c7368998a218b1d81e34e33", + "shared_secret": "bd97eac1e35a06536e713a2ca5e71e35277b948172cafef0c35e1558efb61676" + }, + { + "key_generation_seed": "3a19577908efd37697b8edc7fdaf47d1bd3ad01a1b77faf794bee5b9c3192a6fa3729672816f3eba84c9638a79676eeac0f22c8a48e0c5d50a26ff0844c66b99", + "sha3_256_hash_of_public_key": "e3f73c56254fac37209f5a59818fbaabf5abff3320b0b3ee00e20679b5728c12", + "sha3_256_hash_of_secret_key": "1e1cff1c4e09318bdc174bff8ef0817d6e7414355adf930bb35e71a7a0b95abf", + "encapsulation_seed": "74efa414ae171bf60b6f884cb7e5ce12028f49365daccfa23e845d551711660b", + "sha3_256_hash_of_ciphertext": "d641fde487a3659350dc41f329e0d41741bd4389346da9270eda4f5829ce9ee3", + "shared_secret": "2ed540764a77b17c6b9608bf86d8d8703f80718044d52dc79cbc1838f91fdd7a" + }, + { + "key_generation_seed": "ae0f65e29f38804a6759f70f4d01e2aaff7fe1c91ebc4f892dd0de3ab2e68ea5e03ff73e02a217659f53d8c47556bf3d8c94040f630d63605e2d0f923579370c", + "sha3_256_hash_of_public_key": "bc0a40ba03d27bbbfb91654fdcfab2dfb3e94d9607b99c1d7da1f2663bfa2598", + "sha3_256_hash_of_secret_key": "dd55c195b92ff410b9ea37577ddba0385bbf067b3053b0a678e8106c07b98c9e", + "encapsulation_seed": "0b4c3cffb2ba4380ead13dc0d8acad2356b448a810da1df29f264c44aab6d24f", + "sha3_256_hash_of_ciphertext": "7387b045cefcf3d2c659171ee41acf3857b9f63f1ba20c3f0832cfe41a26ef75", + "shared_secret": "1e5ba1b64fa8ad0494c96ba27e288ee2b479c24634285f8919e58e9b9c8be78b" + }, + { + "key_generation_seed": "6084a235f79dd093ef6d185b54e69df33dacee73a9bf2f379004421a10e3a79d9f684fb055ece19459eb464e91e126a7a6e3ed11ccee0046da234d964c985110", + "sha3_256_hash_of_public_key": "e16da7f99bb7bceb75a6468a921ab9fe53aab2972ca616ee10697c204df1e350", + "sha3_256_hash_of_secret_key": "2db70f5bb4e8927fd7696a4d802817fa58c43f9b2618ed27c7584cce8acf3506", + "encapsulation_seed": "1c82471dcdfca3a6942061ab4f3d5bf0d197321437c706d9cccccce449447002", + "sha3_256_hash_of_ciphertext": "0159f5e60336eec1fda83aeffbee92eddfcac6f92b0fef7a4a38fb20d1a771ca", + "shared_secret": "96ba12c7f8a0d864ce1434b789c09753c2d1f7ade6a5a0e679ce2ea0b6d66c83" + }, + { + "key_generation_seed": "acd1c0217fad5caa4235544dd9de153ab1880ccf4c76f16f236fae4e4bfda04cf03a8abb0a5010f400ae5722a75bdf5a2f6d5b546b34d73857cb1bfc7e587aa7", + "sha3_256_hash_of_public_key": "fb80edf4f67823ff4e53a8963a9c9937fa9f8e014b750e11b4c4bb1a361d6484", + "sha3_256_hash_of_secret_key": "fe67beff69ea75d4953d71c038559591b2a0349ddcdfeaf7596dcd02f57db2b9", + "encapsulation_seed": "46fe60a18124125ab93e0c578f1c02f1bd1301595013001c7f3c2fa56cde294e", + "sha3_256_hash_of_ciphertext": "6e68fe27fe416c12819fa8a48eb29351d1d74a9200c408b55294ea374046c3d3", + "shared_secret": "07dfc04ebbb7ae537b594210a9180f647d3d385d1c1bb56abb8174111eb246df" + }, + { + "key_generation_seed": "241191401a63afa750f05662e354dddbc683c776ce3222beb83e3cf913d7ed7ca59b3bd23b49a95bc1fad20070fec930b6060bd827d742b077092e422268e15d", + "sha3_256_hash_of_public_key": "d9f630c3838eb161374710d9f01bc70d4ef928fcb1c38bed93e30f3633a05e01", + "sha3_256_hash_of_secret_key": "ca4a4ab954c3a4c8b960fdfb7dd7cf5e8d103f7936f31e720e5043010926829f", + "encapsulation_seed": "52fb7cb6a633fd2e83f2892bd9441b48fe59ecee6d026f5246fa7f2a5e55ee3b", + "sha3_256_hash_of_ciphertext": "3b6a1f5d06cd55c98ce6f4dc5b17fce8cb05b33b1d89b618a027e4478d8b5e69", + "shared_secret": "81fdb9267988ad39ab57e2fc8d4c280e0000dac3471b0936083aec68b49fd92b" + }, + { + "key_generation_seed": "b9a6b0c05677e957d41a34ba03bd06f2a9092e31f63389397d7e70fde6409d18e99c0e7b82be89bc3c1eaee6680aa4efd394e40c2b3f30523c8117f7c26a8969", + "sha3_256_hash_of_public_key": "5c27fa929adc826f98fbf0a7fdce33c8f215b34e70450da0767240741894ffa4", + "sha3_256_hash_of_secret_key": "0116eb35f3138aa7371a058661a92a4bde258f823747b70ad40767c27d7bc7f4", + "encapsulation_seed": "0f81a5f97082121244403da3feeb734f6084b314b8d94beb11627aa6ad1914e9", + "sha3_256_hash_of_ciphertext": "83f17a1e23402e14a58a32343e1083434eb10b90a8080d01ba112b83ba15f7f4", + "shared_secret": "703958ce09d7d6a5bb09e88de8df95c8ee2598544d50193be50534947530fa37" + }, + { + "key_generation_seed": "28a96c71577ba00c94f99fe965bc595a26db2b3ca6ab5cf8e443cdd8462b17929c35d165453e5fcdc6f9df64526d9de698f2bd3e6bac6c7fdd86601b9ba5f4a5", + "sha3_256_hash_of_public_key": "dd8aa653122eb5e3a4c3c877e95e8ecfcfef1ac9e0e6af92cce8ee89d09188fa", + "sha3_256_hash_of_secret_key": "8a5fbb715cf44c86b736227e56b53d91ebbea432fb1f1d6d7cafe42da8457b2c", + "encapsulation_seed": "31af9345365549ea0360169ed57daf98cc5444799d4c75d9f1f5d615e9df8a91", + "sha3_256_hash_of_ciphertext": "862f660f11fb4252070e948ea2c141202246d5117ec151e6d5fcd0783bd76bb9", + "shared_secret": "c86d221cbc5ff6a994d9111acbfff23f7dc0cd934412b17d89f0f27e3cbd1a15" + }, + { + "key_generation_seed": "c08ba2ef8c3a0a043afad931652d7a19e6e8cb670f840de5f1fa03309b2ca9ec5fe6141a25f7ab9f875f79e0a82d6ea5cde5a017ab637d5fdb7c42646a1d71df", + "sha3_256_hash_of_public_key": "b7c80e434104e9838cb08529592a5f81b0e8ead186663db8facc569b09e75c9a", + "sha3_256_hash_of_secret_key": "c5f84c36f3b8af4b4d90a040d929b116b402840f487d437f9b330f6ff3ec36fc", + "encapsulation_seed": "774ae54093d694ef40b63b62c73e6c98295f606feb8699807eda1d030ffb996d", + "sha3_256_hash_of_ciphertext": "a372aefe804077da915a423dad55b76ff08a58d222aa66305599ff301128ae13", + "shared_secret": "c0146ba47b3d4178919879721f69ac896d6911d6e86de1e8f05797d467053222" + }, + { + "key_generation_seed": "0e3b30e102d707538c2671060f603bb0b8a014103f132d63b09ece07e4a4c75b11eafeca9e810796c34e8cfce9d59342884456007b01ddd12edce6d10ed87e4c", + "sha3_256_hash_of_public_key": "e619285c692532735f1582d227b9a9e77b1eae4aab9eaa79f6ce7ac2fcac8318", + "sha3_256_hash_of_secret_key": "2d4ae4f98c61bd104fbc1ef512b946202f95ecaa0ad7353a686141be5fe18116", + "encapsulation_seed": "9f27a47604ab5146caaf0aafe6d149424f8d66e39ba3baf5e6c73b19221b7e21", + "sha3_256_hash_of_ciphertext": "462b78ef50b2c1ce761fa7750ab5ed2a7315e474a92ddae74bd23013b0d9ad0a", + "shared_secret": "a33f72941e0947735925e5be668b3481e0cece75ef48ae6db0d66f0fb2ec428e" + }, + { + "key_generation_seed": "2478f7d3de6041e7e5cd11c5e2ef483d1aa6218eb126444091535f6ae532fa7311136e2681df2ef881b51a092a9badbe72c9772c169808521c47149578621e28", + "sha3_256_hash_of_public_key": "dd3761c0e96678a959f30997e96d6a59858528c5e10234398e2da2e50ffcc517", + "sha3_256_hash_of_secret_key": "c6f5f9285f93d2ee6d180353799df5fea713870ca06de901e9c12e8a01ead6b6", + "encapsulation_seed": "90044031b7597b5e60a4f946b713e8996d0426d2cb013243d9b7d8f8ef159a0f", + "sha3_256_hash_of_ciphertext": "2e552ce25fe0771bfa135939d85bd68ed07959709da470df50be36aa8ab2890d", + "shared_secret": "3d77b9b4ade74443fc573c393b82c0cfd2bc2769327f273c14e66eab9f8d9ebc" + }, + { + "key_generation_seed": "9d405d3ebdaf35fa8722de431b669722acaaea2fd10b814310b17f78b66147d16ceb14f7662be0c42779459f69a145c0e2ce9f0bd9a0cd1bf32ed5694cc9ae32", + "sha3_256_hash_of_public_key": "6d9e513a7cd137583507ad7256844bcb9775ca82ef5f411331a7c37ce451181f", + "sha3_256_hash_of_secret_key": "1dd2623a7413ff14549690b642fe90ce16ebe7acea38be795a4936b8d86b93aa", + "encapsulation_seed": "a7a31e140891ea37d2b6424b59b1f84f89220f32dcb73e037eb912b389d34a48", + "sha3_256_hash_of_ciphertext": "b4c64b73ba056f9ee7c3587ba0825bcc7172a6da749cdd86c1ef60cf84515883", + "shared_secret": "812d6c4becfdd4a95f234e8fcae1d9b316266d1c519545bbb7fab8a19f3519e0" + }, + { + "key_generation_seed": "9a86490f0615f3edf789cb0654066e9ee339cc59f968281f3b89213f83c692edfaeb2ef44d2f608621e831187ce79b2d2f4a20f1568bbe76b0d3d5af36111714", + "sha3_256_hash_of_public_key": "b252e5abf757e116a92518eb72df9f9ce66b07edf4d31be225585a6a827a35b8", + "sha3_256_hash_of_secret_key": "45ac74f2a699f1e3559e2d1442638290029688cec3da96c58ea697e1ed1d4178", + "encapsulation_seed": "70eb3f791faa91f1f982fa477dbcddeb2c55691c07f93b04cd31b37544c94b42", + "sha3_256_hash_of_ciphertext": "4dae8b2d08afb311ef727118966c6c17652f1464e6cdd26ac23551d31b013415", + "shared_secret": "c8757f45a1e334ad99a0d2adf12e79ef2bcb96ea1876bc29a4ec5cd660923d82" + }, + { + "key_generation_seed": "6dfd9b575872560c7bdc2732c4a28dac4db04e535eb8e402c3dffd145c09ce47a2985c1c4d203778597947d710dec806e36b0cd949fe460ef141213bfc525e5b", + "sha3_256_hash_of_public_key": "18c081231277f424c5f3f1f6b4db91958611fa28bcf09ccb2573da64547e1958", + "sha3_256_hash_of_secret_key": "f32167b39e19dbc0db58a5eb79e735337ffe154c75b0f2c091e009d0cec366d2", + "encapsulation_seed": "30f4095015ba88b6d969672ca3f438c395dacf7d476ea7a9e805ce932d270a13", + "sha3_256_hash_of_ciphertext": "3a246e10c7c20d77a9e4bd6d3a90d73ae456501dc989210c798293d0b449852c", + "shared_secret": "be765dc236062da9d3fef68c645b9a8a5494c351d37790c1e7cd1089d97971b3" + }, + { + "key_generation_seed": "6fca9f4e384d8418075cc064c70730801bdb8249899d456a77130d5beeb3662cce7683f8a03d3cf04e46970ff7d6a12494ae12558346dfc8fd9370bf944a0102", + "sha3_256_hash_of_public_key": "0ac7db13184d6ae6e21a14a63a2ab3d6d5d1ee7f4a6011413a0295b752fd2c28", + "sha3_256_hash_of_secret_key": "f69bacdf5992e64369aa4325b70af9f0e8a399cadafe48d854c288cc4eec627e", + "encapsulation_seed": "cf31220f44de862e1719570e1b26e897790159366a385452334fe24cdcae28ba", + "sha3_256_hash_of_ciphertext": "d4200c5ed5cb4e30e8e74a5c8c30eacd48014d326ae72f73618c5680f04999d8", + "shared_secret": "e72888e8dc5fe30f0a9c01e2e4599a7046147a81da280c393a48bee1b43bbb5b" + }, + { + "key_generation_seed": "e58f71bf175c0550a67e00e0f7b3b7fc36bc2707bf0c93044a492626de36301a7f7054814869cf7625e45647bc1547aff288dbb90699b2ad84893f3b755d9722", + "sha3_256_hash_of_public_key": "27ea5a76294070ab10a6edc502d82be3d240672e5fa61377e73e5e19d11f64a3", + "sha3_256_hash_of_secret_key": "33161a2b269ff022ff4699b05ac7fac1374d733e46800447164d3e528ff89dc4", + "encapsulation_seed": "bb5e65669a44e5d5c709bafa98c16ccba6ac2c4ae923334f69a11543eda64f5d", + "sha3_256_hash_of_ciphertext": "8995a8a9b59bd5adbe1fa10cc20da5348737cce9088be7eb0ba1f6215d68b9a9", + "shared_secret": "e3f13c77fa9eb329c218e1bd5823d6e07249fa1b455770ae57b2a00aa8c69c5d" + }, + { + "key_generation_seed": "e3fc575ed51513e62aba655d24cd9c8f1c6c848aaffa946c49a53ac3ea59e474d82c2f1bf2e6aebde5660fa73356982e12999d8fdafbb3cb186341d0386dead0", + "sha3_256_hash_of_public_key": "9898462f05bea461adb40faacdfdde363c06f58bc756f0a8417df63a66d3a544", + "sha3_256_hash_of_secret_key": "e10192b72796b2da465303c0bbe16f1e23e08f9680ba92fc22d568ac84352113", + "encapsulation_seed": "9ddb3aa9c7905d1a438c93bcf78e3e321813580371ab4e1289e2dbf3701972c2", + "sha3_256_hash_of_ciphertext": "573aa757ef6fa5110ba7b948c325718f87c6bc9ccd596debff4e6c7dac1fa8f5", + "shared_secret": "a8498502e012b5cd006e77fcbb9fab801dc3748a0da37587dcd41310fa945e09" + }, + { + "key_generation_seed": "470b4943f0fe7fd0d8ec5185aba0d1db09d112934e4fb4787e2bbc6b88466e7b8b2809fd40008be70a6b184981101724bc3d5ec5e1956b510b82fd5ad0668a5a", + "sha3_256_hash_of_public_key": "a24e6203d9b1aa5cd06c44f048da7225e33952617f12b4289494b3969857c2ff", + "sha3_256_hash_of_secret_key": "61f1e3b3a9ce59d25480d88dac106cebc81272c0c9449c9b22048f67419d940a", + "encapsulation_seed": "26d90b190a6c3d0d9a86cf66005154e7086749e966e7187c249ccb9329fd3b8b", + "sha3_256_hash_of_ciphertext": "7f92312ab16635c5e90a6d41ac65e594e37754359331b0814e09da9c7eb945e7", + "shared_secret": "780b2d0ea585a6ea41dcf43197b9ca4648454e30a3057f0d47f6e79a2bbc365e" + }, + { + "key_generation_seed": "6df4385db978d27b27d2aa5e452e4152b36f097503d9581ac3390105c5727e7dc95fa08ed106ce84660e8a4c90bd2b22634e40769aa0090a101c5dddad45edc5", + "sha3_256_hash_of_public_key": "cb2e9159ab5225a75d02268af2dac89a0afb33fe83a45f552e2bf542868c0683", + "sha3_256_hash_of_secret_key": "d2ce7cdfbe3ac715b2c87b1231fe46d5385a77caab367570a955bb562d23183c", + "encapsulation_seed": "7db6d1a129d6123f1f805b79ad3b413012ea86aed42a05e98e7b1f32f9fbbdec", + "sha3_256_hash_of_ciphertext": "1113b9a38ec4629ad20ecb594b64ba242a5a4db7bdf32914f9eb34ecc76c4a1c", + "shared_secret": "7832b351d71984cb60e6e548e5b4edeedf9749f8b3bc96fd208b6bb557251de8" + }, + { + "key_generation_seed": "dbacba825728444921b227cdba54446b3f6881b47be9cd02832f78b023b1bee0e15274a8e2bc08fe818b117ba28c5dfae74d54fcdf6f20052f79be333edc8dde", + "sha3_256_hash_of_public_key": "7f8d36076b3a8aa13b633650726f7e907806a0573402ef3af129f611def1a813", + "sha3_256_hash_of_secret_key": "0b38e04daf35259696487ffaad947f481756bc3e94dd1a73b81bf8a6da4a43c3", + "encapsulation_seed": "1d129b27be7384c359d04311fe5c44917d1fde4bfb57314f483ac617edd5ac49", + "sha3_256_hash_of_ciphertext": "eefa4d255cbd39fb5686d14a6a574d4c75c6b138a45a09cec12287c281cc00e8", + "shared_secret": "468ee020867cb766cd0a9ce1bfe9e7dbb56ae66c131a4540f211837c1779e11f" + }, + { + "key_generation_seed": "690eb71fd7052b906eaec09937a8ed374e0b02afa27c2f14399932be5839fad281c38c2cb5cfafac81b96a810ab749b61806b6d54c9f8cf4bf1be0192423288f", + "sha3_256_hash_of_public_key": "ff2044ee6a3bfd4f7033dc4bbd6283b534cd3fbbf1c4af072fea1ba37d3262d5", + "sha3_256_hash_of_secret_key": "ed62dbd78c007d385c786f2607715a69a44804c4e88111861d175875bc0b09ee", + "encapsulation_seed": "bbc773ebd2df42c36ae05952d6a64c63a5dfb82ceb3ef4f8d4df3a30ec8c0467", + "sha3_256_hash_of_ciphertext": "d16b23897beae9fb1a6ca746d3c15ef52c8ac454cd518d5a90a561cb588a0260", + "shared_secret": "f04a17a3737285f2257a6374a0057776ea24bd731724851d12ac2e06e959fa26" + }, + { + "key_generation_seed": "32e0ea9089fa928482c0770da545af1bb871a03ce38604138b0d08ea2a10ca2bc06c5bef7b6508409daf847a64c8d30d0974fd3ba7476dc76c46b458a036d884", + "sha3_256_hash_of_public_key": "c7ca6ebbe17f30f8ce49e15c40c1ea5456f43624148eaecc9f3018f7beb96bdf", + "sha3_256_hash_of_secret_key": "7886dadfd208ab926afd2376dc11a004d8b793d7a30623df27109f9a4d4b0916", + "encapsulation_seed": "5b17a6adad541efcbf5ae4b0c0452cd2ce32e4f0f8701801c5b63e197c1fcbf4", + "sha3_256_hash_of_ciphertext": "4fdbbb522c23abd8a69c583c2c68ddc28fa4da85a6bf208a22d19e7ef40d98b3", + "shared_secret": "fcfab6cb3daf0c64b4ce007499f097f6421e00905fd4daca7da7a29b9c8f6325" + }, + { + "key_generation_seed": "6fb2ec719f2a0dea152bf3f64b9d148f8ab8ba88f64e61f5db53e12d59f525574f797c007e4061f95c7d56cfc7ee5c49e849dde3fea8f25e7876df2a18515c34", + "sha3_256_hash_of_public_key": "61fb6cfc0f388e34fb28ed783c2733453005eea03d3fee4b01bb6364abc01c30", + "sha3_256_hash_of_secret_key": "b724f25cf64bdaab1cd29c9cd1f8ee6cf4104c26fa3caf53b77d61cb5c35222e", + "encapsulation_seed": "61ab87659525de9656af41246f20e1dbe85c24e335e7ecf9493f46168bc14e94", + "sha3_256_hash_of_ciphertext": "5ce7558ab39d932fd35fc346aaea5aff4bc90e65c17b5760996e84687dcb5402", + "shared_secret": "dbf4cd1f5cddf15322449ddfe147ae0605d0315ff9da6421069b47c3a67a65c4" + }, + { + "key_generation_seed": "527fb88c8bd9a4d6031dad15e63878abd2b559e7e08d61f69e8e78fca964ee6ae32d432b4f9f751bde0496c580a181ffed762aa35454a02d3f1f47ee0394c89c", + "sha3_256_hash_of_public_key": "9333445958cf50f9cfba453f058f562158bc253e535e4e2f07715531a1c6289e", + "sha3_256_hash_of_secret_key": "9bb80f6928e0d09847b4c7e77ba6bf2cd0f75bdd147e884b92d3c3f2e9d839d6", + "encapsulation_seed": "eca2adc3da1fb15f34033405ec08ef2f46163df4bfcccf8842c600ce0bc2026c", + "sha3_256_hash_of_ciphertext": "57651b24ece777c321c6e59ba774951e2a3c4720d370e3af928238ff60c9565d", + "shared_secret": "3f4848a2de1cdd8a0403da22f609809a20c2cfc0ae619be0cac350897fead710" + }, + { + "key_generation_seed": "ac6fcfaeeef795b6ef9e062f02bf42975fa01e7d91ba832f74e05269a72684d05aeda108ea4d6c6bc0fb958286850422bc357ca67b83c986048e0d0087fa11ec", + "sha3_256_hash_of_public_key": "ee6cb12a54341aeedc99f1040b01603c35f07c5487ffac7b4fc1925f49026916", + "sha3_256_hash_of_secret_key": "4e498a0606b1f9cd72b9d2493428730712bdaa4a7fed8099b15d9e2873bbdf7e", + "encapsulation_seed": "c4f15bec2d7701339d0ade4835193bea3632edcf89e74992620d9eb623a0d0d4", + "sha3_256_hash_of_ciphertext": "1fb55bc4e6d95931087b23945ce9448207fbbc14bd284f6bcda65fcf31d68fdc", + "shared_secret": "eed5b71764da1763a01184a1eb51dedb4eaa9dae7890b1c7dbc7e7132c30e737" + }, + { + "key_generation_seed": "ba2fb9318d4dbe7488057c33e95e6f054583a2800c41bb83083c330a914a12cfe63f8ffda3565c2424c89b20974b748a65a5aba75133fcb3156dfb6626a83bab", + "sha3_256_hash_of_public_key": "42ad42d6d3b13c72b16287909bc4c0da04900536a1e48a1a28db4f5ee2d2e771", + "sha3_256_hash_of_secret_key": "d6f909b6679487a8718c843c4b894785ee046c4d86ad2794c22ee912113dad1f", + "encapsulation_seed": "28878249e2ac2b6263422993923a0c8bd05ce56e385ed13c943b03d226856947", + "sha3_256_hash_of_ciphertext": "54043d4b2be7ecb264847dd0bcde9076523e798aeee942be82d61d51ef0253c1", + "shared_secret": "4218fc9abb402e67ac946c7a7c6f9029108f67de469e1a9987d570f011b685c3" + }, + { + "key_generation_seed": "aa6dd1e5799cdf7af9c4fc632b3eb9d51d66e85c8e0a21ec98664fc51ab63c7dfda268813efab5204efa60f78bf81d320d01ac09ac06244f7afbd2d80fd356d9", + "sha3_256_hash_of_public_key": "5b70c5bb1b7af3b643588aa7c20567d4259dbe6abd7617a61b48185de8f21e1c", + "sha3_256_hash_of_secret_key": "f03297b8577b131e39946a288f7ca9070e70c1e00e6ff126543556f60dbafead", + "encapsulation_seed": "17fc65f7fbd7c75ceec421dee84dff5a8cb22764a182db17e0ebe857f54d60eb", + "sha3_256_hash_of_ciphertext": "c3d51c14b28feb48ee67945a2f9e2ababb8682a839ca1148ddc99f909e8c0bc1", + "shared_secret": "95a33968866dadc1fd8748768a99f6bb444e3d76a65ec5fee0c8a833978d4585" + }, + { + "key_generation_seed": "195d6c86a3df4c21e3007d7f2768b43c74cb3060e0eca77f0a5d3271542b9a84ae77e0f9f21eabd8c0c6eea7767f4e10fde5c2d79b8400bf96b19014b457ec21", + "sha3_256_hash_of_public_key": "01782fce09e644e310c9286f1e381be9ea8c54a1804e61f2958c1f975aec185a", + "sha3_256_hash_of_secret_key": "3d1b220e747de4ca99a9882a00860ed00abcf2e6eea60cba5194977f97c87770", + "encapsulation_seed": "fa0489f3730100609488e951e6aaa15c0f193bc1dbcfcd013bc418d6c507b176", + "sha3_256_hash_of_ciphertext": "8dbc778809c9cb1de5301be5bce766f1acd7d8f74ecf30619c398250def57d74", + "shared_secret": "c9423277519ab439fca3f5fab4c29c8123a55eaf37d94d70e27afffeec1b3b9b" + } +] \ No newline at end of file diff --git a/libcrux-ml-kem/tests/kats/nistkats_mlkem_ipd_768.json b/libcrux-ml-kem/tests/kats/nistkats_mlkem_ipd_768.json new file mode 100644 index 000000000..7b668915c --- /dev/null +++ b/libcrux-ml-kem/tests/kats/nistkats_mlkem_ipd_768.json @@ -0,0 +1,802 @@ +[ + { + "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d8626ed79d451140800e03b59b956f8210e556067407d13dc90fa9e8b872bfb8f", + "sha3_256_hash_of_public_key": "d4ec143b50f01423b177895edee22bb739f647ecf85f50bc25ef7b5a725dee86", + "sha3_256_hash_of_secret_key": "245bc1d8cdd4893e4c471e8fccfa7019df0fd10f2d5375f36b4af5f4222aca6a", + "encapsulation_seed": "147c03f7a5bebba406c8fae1874d7f13c80efe79a3a9a874cc09fe76f6997615", + "sha3_256_hash_of_ciphertext": "bb62281b4aacc5a90a5ccdc5cd3dbe3867c502e8e6ec963ab329a9da0a20a75a", + "shared_secret": "729fa06ac93c5efdfbf1272a96cef167a393947ab7dc2d11ed7de8ac3c947fa8" + }, + { + "key_generation_seed": "d60b93492a1d8c1c7ba6fc0b733137f3406cee8110a93f170e7a78658af326d9003271531cf27285b8721ed5cb46853043b346a66cba6cf765f1b0eaa40bf672", + "sha3_256_hash_of_public_key": "2cedad700b675e98641bea57b936bd8befce2d5161e0ef4ef8406e70f1e2c27c", + "sha3_256_hash_of_secret_key": "0a84cc895da138b944accbef3ff1a0004b8a0d8af5d426d2b82ea4c0e585cc6a", + "encapsulation_seed": "cde797df8ce67231f6c5d15811843e01eb2ab84c7490931240822adbddd72046", + "sha3_256_hash_of_ciphertext": "c15158a536d89bf3bafaea44cd442827a82f6eb772849015f3fec68a29d589dc", + "shared_secret": "c00e4ede0a4fa212980e6736686bf73585a0adf8d38fec212c860a0d3d055d1c" + }, + { + "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345e82fcc97ca60ccb27bf6938c975658aeb8b4d37cffbde25d97e561f36c219ade", + "sha3_256_hash_of_public_key": "3dbc65b722a8982d058e27d409f04f744551ecde9015b62607cf67bb8ececbb8", + "sha3_256_hash_of_secret_key": "0ffced333b5d13fff22b81e66d57b6e2a6dba0285fe2a82d5537df51a8d3eac3", + "encapsulation_seed": "f43f68fbd694f0a6d307297110ecd4739876489fdf07eb9b03364e2ed0ff96e9", + "sha3_256_hash_of_ciphertext": "aec80e6fe21e2616352b4c148f9fa0e30986541fb0969df7873b1336b23a8de0", + "shared_secret": "8f50401bc9b1f857fd870902d4065f6cec8cb825db3eb22573c6167442b6e19b" + }, + { + "key_generation_seed": "050d58f9f757edc1e8180e3808b806f5bbb3586db3470b069826d1bb9a4efc2cde950541fd53a8a47aaa8cdfe80d928262a5ef7f8129ec3ef92f78d7cc32ef60", + "sha3_256_hash_of_public_key": "94391b7a41175a41c15cd995ebc69c83b29e4bcea6c186611dc4a79578e37f4c", + "sha3_256_hash_of_secret_key": "e3904266e186b34a397014c95f6d314cd6e1c813348b02e977d0fd21d9bb681b", + "encapsulation_seed": "ea74fbc3c546500ed684bed6fe3c496d3b86d2d6dfaf223969b942e9a8c95e85", + "sha3_256_hash_of_ciphertext": "39fa8e1d0a5e4bb987618734ee4903771886030b2d8bea4b5a9b0cb672ebb279", + "shared_secret": "3221d7b046caccbded38e369625f69bac60c2d7efacad8f24170b10c5d222830" + }, + { + "key_generation_seed": "66b79b844e0c2adad694e0478661ac46fe6b6001f6a71ff8e2f034b1fd8833d3be2d3c64d38269a1ee8660b9a2beaeb9f5ac022e8f0a357feebfd13b06813854", + "sha3_256_hash_of_public_key": "c5dbd68b3a8c148b2e7ac049bb986e14dd1cebfa1cbf3edd6bae85a4d2dda082", + "sha3_256_hash_of_secret_key": "b3fa7958f4b7ccb68712ae948c3f08740c8b89a69e53ad4e9959234e6869d8fe", + "encapsulation_seed": "64efa87a12cb96f98b9b81a7e5128a959c74e5332aaab0444fca7b4a5e5e0216", + "sha3_256_hash_of_ciphertext": "ca9f95c38dc95f51b6b62ec709539f0d1e9fa64e49ce4ad10bbe62868f35cfc5", + "shared_secret": "1d746afc4160c75aaa6c6967f4eee941e09546a039027f05f0f8a483710ac334" + }, + { + "key_generation_seed": "7ec408f52c9aa723d0c41d9987682a5f4ce6c9da7cd0215af60bbaf5484ab353a08ccf451b049fd51d7a9ad77ae14a81569df8c9bd3a8f1ebea86fdcfb823082", + "sha3_256_hash_of_public_key": "62e0447f7b5ae8a806b741ca5c302230b555c3786c11f3eb43894a8f45e3f7b1", + "sha3_256_hash_of_secret_key": "1a3249c268754c86d2e02ba9d87c2b60b220bf2406b71037cfaf6b089477ffb4", + "encapsulation_seed": "8a95d71228acaa5f9ae6f9d9ca8ae55fde296463b41083a39e833e37c4c90f88", + "sha3_256_hash_of_ciphertext": "ec7bb1327a69aeaf626a76d344be1156eac160262128a64477a194805b926233", + "shared_secret": "722fccef7142c46f74eb57a10b13e420d6554e9d18507f660bd1be96d3cebbcc" + }, + { + "key_generation_seed": "c121915bfef6abdfc177dae2f5a24218f9abda2559afc6741b08e0e61ab433eb84ef52db5eaa6df8ec3a0bc5ffa730db0dde8c5f38f266d5c680a78d264a7b96", + "sha3_256_hash_of_public_key": "0c1d832af7b7282d8bd81a2237107ee60d81e28eb64d6a153ae0eaa1a25797c2", + "sha3_256_hash_of_secret_key": "fd6b5d3f120ca009871ca24552a6118917ea882f12f30dc8097f6614d9d36080", + "encapsulation_seed": "90d79d75d0bbb8921cf70d46bab497022a8e750efdc99e5f1bae653275441c7b", + "sha3_256_hash_of_ciphertext": "da36cb6137a777acb4afbc0932811f75ef1d6732031309ae7e2de1543aaf5c2c", + "shared_secret": "ee7c5fb6a63ace944e1eae1bd4b182263d918754c33753b904853551b2b46cb8" + }, + { + "key_generation_seed": "d86634ecf96cc2603761e284c0e36734cedec64e7ff486469e38539c71141c5a99daf37400cfe59841afc412ec97f2929dc84a6f3c36f378ee84ce3e46cd1209", + "sha3_256_hash_of_public_key": "2b757ac0425152bef72ed852ab1eb44f4359499407bb6a020ff843a31657c5fe", + "sha3_256_hash_of_secret_key": "27dbbc7918c31e9ab57808f439c4f4189cc318a62422457f4fed733be959c816", + "encapsulation_seed": "be8a32f97b9a8d596382c02fa2a0eeebc15c083e970ddaa4f2622b91d6718663", + "sha3_256_hash_of_ciphertext": "85efbfd0b096fa921711ea66b17bcf7c9a6240711b38a88830dbd9d716f07195", + "shared_secret": "77cfbdae47854e9e10765cf397eca9ab2bf2b7522817152b22e18b6e09795016" + }, + { + "key_generation_seed": "0610678ff4dc3128e1619f915dc192c220f8fad94da1943b90aaec401683a492da1804ddb5aa9b1c6a47a98f8505a49bae2affde5fe75e69e828e546a6771004", + "sha3_256_hash_of_public_key": "53b9d62e64f9069d9fb94ea2c0806459b201531f4fddd708d162981cc1fb3757", + "sha3_256_hash_of_secret_key": "f4b964b7ab3e09fdf3d91527da06a4d29ef28344709a41739ef56f18bd5b984b", + "encapsulation_seed": "da2cfaf69e25b2a89ff2557bbb6f69e01d8e2e7bb27a7a1ce7e40fead16f33b2", + "sha3_256_hash_of_ciphertext": "379a57a8f19110d5e0d747a2c184877d71f00fea95cd815b4c0e8782b12bec6f", + "shared_secret": "8be7a417efbdd3587c6f82ddd1d29956789d28c2413b8383590c5b80cc53e04a" + }, + { + "key_generation_seed": "d322d56d8ef067ba1f24c92492b9c56df3a6ef54a304adc1b69913766a1ce69756047447b810cc094d400ab204cf9ae71e3afa68b88586ecb6498c68ac0e51b9", + "sha3_256_hash_of_public_key": "9cfeca12dfe978bf0b7ad7271487cf61b2b8f7c60f389f33fc18439a95bcbb63", + "sha3_256_hash_of_secret_key": "a2e37a55c9b80fb423f40585180b011f32402d0320259285b6e278df6c20ba60", + "encapsulation_seed": "511c2ab40782322c06111e144e505328c4e5bfc890a5980a2bbc44aeda4c738b", + "sha3_256_hash_of_ciphertext": "44053f01ecb88811b9ee7a9ddd4234f94507c7cf64b6803b28c54bc605ec4e31", + "shared_secret": "79fcd201101e7e277c1b6cdc4475d63ea1dbc42ab94cf873bf0163c2aab0b5ff" + }, + { + "key_generation_seed": "2f1d8a3bebb34540324b9485fdf3d5be3b858f544abc3fc641b5728cafab03ba8d6c42e7270ee2b77b6045385f3d175984a0e260363166c73b0c70c971644363", + "sha3_256_hash_of_public_key": "9aa64a30bed5aa8300772066ef577f79bf4813e3315a15f2c28b2665e4dc7e2f", + "sha3_256_hash_of_secret_key": "837eb6ce037f235273d7686fd9d01bea14026e0a0f5f943884f18409cc4bc70a", + "encapsulation_seed": "dca92dbec9b260dd97e8886f876862d6effc3b91fcf3fbc986cf56ab93ae79a2", + "sha3_256_hash_of_ciphertext": "02798b5af1a76a2b478ee05c630e62618e5e2d7ee0c411a82ed2bf888706fe28", + "shared_secret": "6c4484b6d7b0a376f52abb1811c712368a9f34bd108ffe7ca31c36a6ec8140f3" + }, + { + "key_generation_seed": "31beda3462627f601cbc56f3ddf4424e1529c04737ef0ef2af6d7401f653b8a1812083bfa3b670e3eaf9b443702fb6db16ac1197656bbd61a8e25ed523b8d1e5", + "sha3_256_hash_of_public_key": "241e5c7b836862d7482d507973ae3fd8dae96eec4ecebcedb68fbda75e04b401", + "sha3_256_hash_of_secret_key": "95c79c2a867b3e8a4e4e545ff626cd49893b8e87eb188ed1516b159a24736c97", + "encapsulation_seed": "57c170e691d7a914a901b9a11c62b8b569b3806427557a9dbac9faa720ec3641", + "sha3_256_hash_of_ciphertext": "cf3b2e2dc822949eb13638299fc2d5102c7132aa6cd54dd7834b13f05a4dece2", + "shared_secret": "8554d6af350f13471cfd45c23882e43dc81d8a094f6299e2ad33ef4c01a32058" + }, + { + "key_generation_seed": "cbdff028766d558af4466ef14043a1a9cf765f7748c63cc09dceb59ab39a4e4d8e9a30597e4b52ffa87a54b83c91d12a5e9c2cd90fcac2c11b3a348240411a4c", + "sha3_256_hash_of_public_key": "6ad1d739f1598a16c608a240cd13dfaf8263d74866315e2898a3431cf19e4685", + "sha3_256_hash_of_secret_key": "1ef733faa4f2cb53cb5d8975aa6797b5f37fd918aeda02178a40584475cdf667", + "encapsulation_seed": "6b5a14e1473abf5a33d44975ca2088bd8fa6fddcb3f80e8fd5c45b9d90c24a5c", + "sha3_256_hash_of_ciphertext": "1706e6983032950b47cb6c8586178b42d515ce929c1434c1a8c9e36d8b4db7a3", + "shared_secret": "f9646f73de3d93d8e5dc5beeaa65a30d8f3a1f8d6392190ee66ff28693fbadfa" + }, + { + "key_generation_seed": "4c04310bea66305c6ca8ba6b8f61ca96257a67663afc11761f13fb5c7b324b6b8aec87a9a79204cee2986867a2906eb851b734b8b22b91d6749b1a5f07c44e3b", + "sha3_256_hash_of_public_key": "9510a2a0b4fcbd414fc61aff04a8df579660d14b13c40ec0470c45f639b65a58", + "sha3_256_hash_of_secret_key": "0bcfa8078582f60e218047d0016437601da8431f34ae6da12921f53958f32819", + "encapsulation_seed": "40e593754e6eddb7f9cf176ba2d5fd1087c90ad377556d0b0f686537b1a3165e", + "sha3_256_hash_of_ciphertext": "f9341d26e39b38a88ddef1708c96ee2068f569a59a4010745730d8290d637718", + "shared_secret": "1ee252e97b69445f7f109187645cd2879f55e10eb8361ab43b3492ff51f01815" + }, + { + "key_generation_seed": "38a0d5f41d7dc1896efd1b45b0485634cef149828751b96087a0a6dd81b4d58aa2acf359556df4a2abaeb9dcee945829beb71185b4d6bd18b76e5668f253383a", + "sha3_256_hash_of_public_key": "cfbe9649d9d1c384baad67b91b2f3e21f2fadd6bb582a0b9cb016051dd82c75a", + "sha3_256_hash_of_secret_key": "09b118f7c4d059baf27284d127d4e85d55b84e4c92bf3127eeb318d2f5765401", + "encapsulation_seed": "c152523abd8248bed40c3827bcf0f8e8127037a55c780695e2c28ea3e041a44c", + "sha3_256_hash_of_ciphertext": "94a8c287238191a107e74e31ec099086d83f198e6b0f3321da4d8f46ce01a0b2", + "shared_secret": "1e1ea5d6a18873c5c7fc8da79093f6d3db5b28fdd0aaa42726ad130c78e9bb88" + }, + { + "key_generation_seed": "97b5665676e59e3538ebadaa8cd50df1f9fda1502d9894c616a946078e56b621df05318b5f655efe36f1b678cf4b875108a18db2fa312261caf839f84bd956c5", + "sha3_256_hash_of_public_key": "a19c2c9c907b129d01cc44a95949121c39534cc98b6d105e60fe519a000cc2ae", + "sha3_256_hash_of_secret_key": "f1c00070780a7a2ac5b57ff3ff765ca75278bb661d1635cac92792f9454fe8ba", + "encapsulation_seed": "ad6466dd59f26b762fb02b19eedf5f79964da68bce0459b91c3a6ee5a7e01183", + "sha3_256_hash_of_ciphertext": "56e0b8ab3b302fae682938a45d9931e092d78877d1f8834bb43cd5c85582a205", + "shared_secret": "24619bb17c912fc992bd8272969cd5b6fd6b030122ee5af9365cac8b38e569fc" + }, + { + "key_generation_seed": "ef99224a03a85a46ef115474ec5b5d620da6795d6efcca4c9135d19958a9de62df7d92dda83e6b2ef4cce08c9134563063068a196d7b1a1a13623e48ae12528e", + "sha3_256_hash_of_public_key": "e4174b6e7542fbe80ab2bc06dfb802f691aff147ff90332d5ea739216c18d872", + "sha3_256_hash_of_secret_key": "f3f3a292f5cf01d6f7266461c9e8cd44bfc8f17e16035ab8d10af8177f389b86", + "encapsulation_seed": "1a4d5dff5847cfb48333e33bb00ca7301b144aa89dcd412ff5a3b1081d775b7f", + "sha3_256_hash_of_ciphertext": "5f878ca21c8c27ae9c41c43aaf1f3a2af62c73296e165c08b88c5b22592867be", + "shared_secret": "a990af801ddcf2009c82fe657fe3f068bae7e6bfc661e3e588354ba7d1b176e6" + }, + { + "key_generation_seed": "b12f6fd965ea9c5b947db80fc60c83d5e232dca82e7263027c19bd62e5a6ff550f6aa3e88f7fa8a96067f8cdaeceeac90c2d0b5e277e56e9c405ec9420c30252", + "sha3_256_hash_of_public_key": "2006a70fa33ff4a65b00553734c5bd8cca0a65eb3a115d96b8aa90f8fdc5f8f4", + "sha3_256_hash_of_secret_key": "7334d4a1755e1e639b3e9eadb5996cd910b55d1de5790469f229231d3bfb1528", + "encapsulation_seed": "34f44ec2092eeaf686f2ea170591a98527cbb03a4fa9477a7aef6b41a54feeb2", + "sha3_256_hash_of_ciphertext": "c2079637916c089b2afb9d6e9c6fa51308ab7720d5c2fca484c34ce614a14fc0", + "shared_secret": "11a2ceaa0c77f0602c4b2be3499e6df6b0339d9de90d04b2b12829f4758afaa5" + }, + { + "key_generation_seed": "9f52af92ca165fdc38788f2b59ba02e01c8281ff7c1e60504688043a5fe814b04f3029e1be4e1c0258c3a22ff5b50b2674cc094ba7018da2a61569845c17d26f", + "sha3_256_hash_of_public_key": "631e1de2556ae65d57e600c21e8e355a4ed586d667177ca0b7545cb5a23d669f", + "sha3_256_hash_of_secret_key": "3d4d2c680a1e6aa83861ad95043ded260e720ae80060320feffa309b4281ba3d", + "encapsulation_seed": "6250c81126572eec2da330271db36ee591f060fc7e53eeefe2e1c476c675fa33", + "sha3_256_hash_of_ciphertext": "2e9d6551050e32e204d7c062a4c18b8abdb91346e9f2c2708776827e0be4c514", + "shared_secret": "7571990ef1ef7e15cc920318fb75fd38c4ceb9abf7a4b1adc2175f99d1a0a275" + }, + { + "key_generation_seed": "851ea90fd3854cbf28fe39fb81f68e4b14345cf0d6eee7ec4ce772513df8410d1c0ec046899a777655233e4e1b5ca44e9afbdc67964bfd5d5e3dbb45e60d03cf", + "sha3_256_hash_of_public_key": "87f3829eff562789b3e19fafec92e4b5f95b45f3786f12d9c24915ca484a49ce", + "sha3_256_hash_of_secret_key": "9aa6c0546cf02085e2b3af65a7d7fd32d0f6d8080e1e7fbff6c39bcf3086ece4", + "encapsulation_seed": "35d470bcc5880872754810dfb3f2796da2fd7f397537146f6488c27804072b34", + "sha3_256_hash_of_ciphertext": "14da42e207477f4383faf4004e58675f0380e7d621421b3c36b877acf3a45d5a", + "shared_secret": "27ba4cb50ae44cd938585e0a4905d76053dd851e5b6af4fd787446079aa5a4ab" + }, + { + "key_generation_seed": "d304c9389cc973477f169788abcb9d511f843219d246a9b587822f422a70c2386590a2e5c7ed86cf2c5c2a898662bc9a81418720bbb632ef9cf0b845ed052d73", + "sha3_256_hash_of_public_key": "699fb2f061a75f111f4a7a60195d9045dc01716b6502cc107cbcedf122e8f619", + "sha3_256_hash_of_secret_key": "421f16805b1ceffcd64128b1296521ef812d3a8f4c5e3875a049f8de456b021a", + "encapsulation_seed": "8d667921c5db401a86fe1c35dfcf164a6bb2ab7400fd6a0b67eafd4a0ed11940", + "sha3_256_hash_of_ciphertext": "b2485ef56c39d468193e387e72794e0ddc9b5404c1a6d90c3b94a5f3e13ba7b4", + "shared_secret": "d17b2738213a98f29ee46747c93308ee7000fa404b9a0c1acf3f89654ca2446e" + }, + { + "key_generation_seed": "89a6e3be304a3518fb82b18ca730f0b359cd6ba90664a493fb4f8edaf965b9c3b6591121e25d64010c25a18676033e1d7278ac5f2d0b43a31f3a4156ae710465", + "sha3_256_hash_of_public_key": "d3413880d082f26986fcf452a84a8da934ed06198b290ada1789e74d9081a9e7", + "sha3_256_hash_of_secret_key": "7b546a42ffe6b65cd9c5b8857c2518f4f8e0bf835c894a68d1743691fc9aad9d", + "encapsulation_seed": "ec750b3939385a3f8df868119dc76f77ca845567ef068de6ada5478a56bc78b6", + "sha3_256_hash_of_ciphertext": "8290f3c4bec7c3b93f3d26e0be3b3fbfdd9c3f5806188fcf0fa1339133f29c7d", + "shared_secret": "954af53b4add522514b34cd2ab96669a76ca13f82aa2fd70826bc8ee790ccefb" + }, + { + "key_generation_seed": "d569b935ce015c85f792f8f7fb0d83c4f53b492959361dd4f75fb764d656450176eae84d11c4528382828f7a689a0d5cff87b8ca0bba97feacb39b935a8788cb", + "sha3_256_hash_of_public_key": "e6eec2929feac2a86c9dacfa6214e2e353fda2d547c3829f5678025ff8418a1a", + "sha3_256_hash_of_secret_key": "5fac243c82807d7357a61023226a7c270525d96932162ca5c09fc8f7b9ec6cb3", + "encapsulation_seed": "74f1d52af09b12c36eb062ea7528550cb4c18a3ce8e4f4ea9fac43ae383bc925", + "sha3_256_hash_of_ciphertext": "f1b10c800a42ae606c72eaad76accf059cccc02299fbd78a5d091f183f6c3f0e", + "shared_secret": "d0bbc576fb1aa43b6e76db0e87bc4ee3fa057c31642b37f3339217a1b041b521" + }, + { + "key_generation_seed": "5cbb141c2763425c274f7404fe530d9116e08c33f9f200a20b011cf563a28990fc9ebbe336dc464489861db8253606971bd0a9008a433ed17752d04023781552", + "sha3_256_hash_of_public_key": "c74f3b7fa6e2ef8ce99508c89cf3c71d666ab065a262581a5fb01b2c9b9444fa", + "sha3_256_hash_of_secret_key": "5c6998a20960109a4c9808f8f8575697b2b8d18c44c7e9dff97585ae43e6004c", + "encapsulation_seed": "4b3a70d85f640d1a2a852fb6fe96704af56a7415a8ee4282e9207bc3a2dc116a", + "sha3_256_hash_of_ciphertext": "e9ef0852ee47744b8c3e12cd728d9017465014eef51edf83a4502cb5218cee20", + "shared_secret": "91fbc37d4749ec6175c12f0d8eb6b6a8621e693c79f85f5cd2f557cafec5e7e9" + }, + { + "key_generation_seed": "293abb6d1c207927945417cf84883ef010823e11b487ed55239e466e83696d0cff8563038aad865a817cab9ce98846ba75be9363718ecf5fea538aea90b2a558", + "sha3_256_hash_of_public_key": "7378ef967195c977d43a50d03205044006715a6a8a8263d717f40170b49e6bd0", + "sha3_256_hash_of_secret_key": "30bd5f16c3f242248a4c4cddc43508bf54535958657bda4dcf105216ddf47eb0", + "encapsulation_seed": "26e38ac804fb5b4d59ddf747715e7e6041d875f99c7b638024b4af82d622da60", + "sha3_256_hash_of_ciphertext": "37843616c8a4f7ea9480740b6624f41650da2bb1664cf228d85d6d71a0624528", + "shared_secret": "d586b441b8eaf7d053cc96b6835f093426677a7c3acc51aaa3ddbb66dd14a623" + }, + { + "key_generation_seed": "74d87c7556f2671f2d666854a4d6e073e69f35421e6e1a428cccea49c37f972ce1fb7456ac0aa1b97068f452cba64ebdc138bcf5d36b0a0fada2a3b374141eb9", + "sha3_256_hash_of_public_key": "16fe956be4601573d72306a251f69bc2181253e2417e178341fd6553303ac189", + "sha3_256_hash_of_secret_key": "873c94f8bee9fe37265d5dc0c5d3bc1c706057c7efb3cd2cd5ca9ba45498d0d1", + "encapsulation_seed": "a319d2b8f114f1acd866478bcdeba6fd164dc4e37b0adfa8d8034afb3e197376", + "sha3_256_hash_of_ciphertext": "cc677a81c73ea5139eed8d85782978d06192715933bc5aef560e737f6d57d0a7", + "shared_secret": "409bfd9102bd4632c6b5d3610eb349fe3e3bc51e73acc78a8e994a070e20e10c" + }, + { + "key_generation_seed": "013bab0212d04ecd54b478daf72748003a25e2cb060ba6cc50bf95c292b8206b9da0c5da5f195b80fbb99c2e8b06926074f3f604b3f6195b5a5b9737876bba72", + "sha3_256_hash_of_public_key": "633bee89571e8fc16151491ea71234ab83289426559f90c67903a36e4afaa6f4", + "sha3_256_hash_of_secret_key": "3c3cff5f49a802cec693efbfc264f6a385210b1eed20f7bc5b07b51839961d14", + "encapsulation_seed": "ff646071b2509e6b75790917e08e4f0b0d9f0116ec6291c0b59eaa4b583ad830", + "sha3_256_hash_of_ciphertext": "6d94a31cff4761e3993308cb3e812a4a7f04f64d02ed3b46b418c2fc16189dfa", + "shared_secret": "5dd151a8015c0b16d79822832ff4cc0da7fd38eb73b7da59bc519d4d2374b808" + }, + { + "key_generation_seed": "ccb073c4b90be0ad746e26fb093b60c70110bd1dcbcddb566a8cffb7b3caf80e71600a8982c350df524cde514431ded7aec23576530894bcbf0ec0bfef0bb64f", + "sha3_256_hash_of_public_key": "3217d034b472a846cd317681c0f36feea187bd40e546dc4ad69c2e67fd9d8303", + "sha3_256_hash_of_secret_key": "1503bc141825d523c9505d34f50dc0a01d7bc91cdaee6b99f4a85a24ce800496", + "encapsulation_seed": "0584270ec26f3b9818e4af074d17b2d51037cc8dfdcbe3b140fa4fed5deebc54", + "sha3_256_hash_of_ciphertext": "a63613ccfd2ecf8aa3adf0103ddd9eeedbde3282443bcf02513b4ab87360cabb", + "shared_secret": "1c729b8e580e124e715f19ea6f2409fc6de741afa3d9919b2b8bf3e54c053b51" + }, + { + "key_generation_seed": "2e889f44e28901e9ac7ca6b2fffcb124c8979401b17064d7e1d51a7e3c3adbfa0e145e44aae52cfc609e6f47fd7a6f6af877190ff52256d0ac5b05b89c3f449f", + "sha3_256_hash_of_public_key": "d1756ecfaeb695001ac490f36c4638151bee98d367fb7adf0e06a470844068af", + "sha3_256_hash_of_secret_key": "a21acea0fd4354eb0c78d47caaf93c9f2434f1cf2d6b2194871ccd98f9522ced", + "encapsulation_seed": "51e05c7b4ca3079781e8293f4eccebeeb2f8c8b4c59468eddb62a21bcb4ab8a3", + "sha3_256_hash_of_ciphertext": "3b322134b37fe8f5d7268fb74d1634ab8b35d456a973f7b0b427fb40a93b6db2", + "shared_secret": "b95ac8b73c703ab1154152b3ac73f054596ed23d3be328fbe20f936ea95fa926" + }, + { + "key_generation_seed": "174aaa36410566dc15a5e62874218d7abdde0b2c0f30d877bb80b1abd5f5a0a450a7a2354f7e5cefa6f4a4e9a1c411eb9364506e9e1204a8acb3cb77fbd2c4ed", + "sha3_256_hash_of_public_key": "1b1b0a8682caf72df2e0a48513a7358edbc77a615d6be6fe2a7145be66b7c509", + "sha3_256_hash_of_secret_key": "3e214f25fbf4d1bb670a87367399e1b2a9da3491cac5a22a2c18dcc44f3f1bae", + "encapsulation_seed": "9eca0fe36c80fc5eba171c3ae66a5b1c923faa50b4521bb055e7bf51005c93df", + "sha3_256_hash_of_ciphertext": "a2cd589c24c4c75bc0a3864dc84a85a7f0f3ac11c8578757f8e94054a7c186aa", + "shared_secret": "8c3851393e5c5997cc95f06da96300f6dd85c041343c98db2e742aaa5f78b298" + }, + { + "key_generation_seed": "351fe4313e2da7fac83d509f3103caf7b4c64a4d458fefdf636785ac361a1390f072d9b5a99f9c7a0a011e4dc10f6b600d611f40bba75071e7bee61d23fd5eda", + "sha3_256_hash_of_public_key": "2c54df6e9020e1e44b11b471dea97a382a2fe8d1042565bcd51ef21cc0884d68", + "sha3_256_hash_of_secret_key": "c6bc9c9e797a02684d3ad8de47919b8d8fdbee09258d084c7a9dc963c80401ac", + "encapsulation_seed": "0c5719261caab51ae66b8c32e21c34e6d86ee4aa127d1b0195663c066497b2e9", + "sha3_256_hash_of_ciphertext": "0cd687f1c3e0d67c46cebf93c1217ddc972ad8662dd05830db350e1292542c1c", + "shared_secret": "4b681fff6a755e1dda908d070f0d9ac610d85c73079c1022fc67d255e36f1f71" + }, + { + "key_generation_seed": "9bc5315580207c6c16dcf3a30c48daf278de12e8c27df6733e62f799068ad23d5a4d0a8a41c4f666854e9b13673071ceb2fd61def9a850c211e7c50071b1ddad", + "sha3_256_hash_of_public_key": "bdcaf7b417da8b8933279b33068f6fda313826c2eec500b224cbe046abeb37a7", + "sha3_256_hash_of_secret_key": "c96e176b19f4135add434d0dd219024587d49fdb649bf470e84d9518bbfa2879", + "encapsulation_seed": "0e59f6f9047c784c1f00b24454aa4f1bd32c92ae7e626549972f86fab90e7e89", + "sha3_256_hash_of_ciphertext": "b38711e358893a864b475f35328b2450fffd5087d631844f7ab0995de2b8310d", + "shared_secret": "bbaa67f1dad879f2fb33bd4ead45aec354bc8f05c7cbea1e433509faac022edf" + }, + { + "key_generation_seed": "d8b907b34d152ff8603b73051f772daa71eb902c47b7e2f070508269d757e02e36b817736cbc5f7b1dd6eef5fe6332fb1a598f3871e5470d440fd2ea631da28a", + "sha3_256_hash_of_public_key": "61e27e954728e2e2e230c94ff009417d7372938e2c29c38af22184eed530fa1f", + "sha3_256_hash_of_secret_key": "8baa58b1d3fab8ec5cee8841c9012506cad40bf58a677adac88f1a6400506d40", + "encapsulation_seed": "a3963ade17d69debbc358dda82c7bebe2c39d25b36813058e7a161542e3f8c2b", + "sha3_256_hash_of_ciphertext": "7d47a21d95483a5845a4fddbb07b3435c29a56b5cf26f5d0abfa21bc39a2f2e6", + "shared_secret": "2c7b983d66978be80250c12bf723eb0300a744e80ad075c903fce95fae9e41a2" + }, + { + "key_generation_seed": "684a29e4e5480a5f2533e1526b5fac8cdf5927f3d85087c71f928c59690eb56575d12195ec32a8686d0600e45d4a7f54219b0d7a3826d193a51b9156ecf2edd6", + "sha3_256_hash_of_public_key": "672e53b28d579974d268132187e7bd72238639c6f2ca154d50d98c74096ec330", + "sha3_256_hash_of_secret_key": "4c72f0a7ef5c3274c49365cca5e6770bc709ef12bdbd4fd7c2eb5faa296cdfe8", + "encapsulation_seed": "97beafabf2c8575586487c7a80e8af5fc50f94b6051c1bc66a5ae9f66be3cea7", + "sha3_256_hash_of_ciphertext": "167b4e8b7517cad82ae0f49795918c4d33c79137a9c3e16000c4c55b30b1d382", + "shared_secret": "bbc58d06cc14f9e96a10acb1789d93b93933f1429cc53a1735b3cd995f086ce7" + }, + { + "key_generation_seed": "d76b3573f596eb286ab5231feec7499686b13021be36cb126c7ebeb9d7030daf248c0a21ea0bb6d6f56f12300e8584d8e9a34e0e6f52227281151ae4c305fb8f", + "sha3_256_hash_of_public_key": "b86d5b13bb8b72a9fb81245ab712f0d10f0e2e09b222143c420e3f2c3acea27b", + "sha3_256_hash_of_secret_key": "c25f2e16a0e6fbf0729e5ee89fbbdd71f00ff9a1abbb00cb47f26e9989eaf678", + "encapsulation_seed": "75461decd34c50d6a094b4a64fb75e5e9479f8f9250d82bb7d729dedeb2d4b65", + "sha3_256_hash_of_ciphertext": "8919940aeb732930c496fa9832b0c09382663accda45be1ee22930c545eb3a37", + "shared_secret": "e045e0391e15a66d6208467078f2ba5e429cc586c410ca6c5f3c032c21761955" + }, + { + "key_generation_seed": "b87439fde81c9e39eebe7cf741c685785532c1dd23e8ef868b9ce7a541010f3d1646460817a0fce5836bdfe124a7448e7adf7b8ecc2652ac6d280e986682df71", + "sha3_256_hash_of_public_key": "85441cbd71c18717e9de7359b920a9a3bb7f32e619806f4e4718c585085be624", + "sha3_256_hash_of_secret_key": "93b65d2df33d3e3ab0d53c1d0a21f3752e2c5962f7d960b888b2a8c495b1b133", + "encapsulation_seed": "2607dcf4fd6ca1c614c21b5e37c24981c32b91c8c3e6955777da8a3f5d9c9335", + "sha3_256_hash_of_ciphertext": "422509b01b8fff9468e867a2b5ebe5d3e27314de5c058b2c79a61ccf464f4df7", + "shared_secret": "0b8584b75838e084839d58c89cb1749e82ec06a0e85464c7546dd96870547d29" + }, + { + "key_generation_seed": "056661b38038da4fdd7426f32a81576c73ed84843b305168a374f934e27a4e1b79238a80dcfd7c992d84b2dffa67493e669243d4fa38c46b090bdf86bc548411", + "sha3_256_hash_of_public_key": "065fb6156acaac591f1bf3ce71c4a046be8c6c55eb9a84d29569bd2b144c73e2", + "sha3_256_hash_of_secret_key": "0121afcc6aeb8be9f1c5b06d5b65cc1c03e9366ed7b85fc511d853c5eee230cc", + "encapsulation_seed": "38c89bbe7145c29e9a831c11431eb9929cb24fb4992db20737e4687d397fd732", + "sha3_256_hash_of_ciphertext": "f1d3b745d86f860e508ad8b6d5c8a72ef833c280ec11e99516f4ead3c42509be", + "shared_secret": "3547a15b5748990a5436bdc4db283738eb7d64bdb6ff566c96f7edec607ccc9b" + }, + { + "key_generation_seed": "a1b52d871612a1c611ae0944f9e71858f35d3bd14f20e96a931720668bdf0a6b1f135cf64b6403e103afae34da038613e2853bbfc36baafa3c6a95347193f37c", + "sha3_256_hash_of_public_key": "ced77d358342759291c2bd225b0bd82d659d28a24bbc5eda8f47975b780cd129", + "sha3_256_hash_of_secret_key": "16e06287bd8d71c78f1657bbd6d5d12c22f6bad7658e68dd849d7751da950860", + "encapsulation_seed": "b2c35e33c72d90182791f0e12a0324f5b216efcab2c8da1bee025dfbe13f4152", + "sha3_256_hash_of_ciphertext": "fdfd351fbb15c92843b44489fee162d40ce2eea4856059731490afda1268b985", + "shared_secret": "852ba9be42763c5a74a75778eb839a3738a8ceed1520b0588f9dccdd91907228" + }, + { + "key_generation_seed": "952b49c803d6d6fba69f4375adce8594847a00bcae2179da49af2aed0423250262d7033947ae42ca53522a65fbafe18d3bc3e0cb66164e9a094fe4b44d8977ed", + "sha3_256_hash_of_public_key": "2fdb7c7e39ce1625c20a13a1c91aa5909d8b03b064d00877dce2415020370c72", + "sha3_256_hash_of_secret_key": "ffdb52b23a9ca4b71ec882031ebcb33a0ecc6731c13c817b24f3a06e48273778", + "encapsulation_seed": "afb7d6dc2b7eb6d84acc080c1be63c98afe7b07786b5801f716444a3e8e64800", + "sha3_256_hash_of_ciphertext": "215d83f872221c5fd4ee4da557e17299dc102c52dba1fc4bc3f8c16805da7f1e", + "shared_secret": "618a8496b8850609c09dd1d18798ee2bfff3ed7ef6f8b8034fffcec98f291d69" + }, + { + "key_generation_seed": "3c815e57e9233e975fa1630208aab206b71ae0db37a7a8789ac683d9f9b2d29801c8e376fdb140ee343106c093af7cb149b316ba79446ceb4e5e0cedb9b164f9", + "sha3_256_hash_of_public_key": "86bb11e7d9c1368fbba34ce3a2f169c2464ef5fbc11f73843c456467b6cdbd4e", + "sha3_256_hash_of_secret_key": "5d46659798d268f1314ad1e7c1735c480301f5877773403966e928bc3fd33d1b", + "encapsulation_seed": "28f5e9dbda122b2cf8f3754fe9e0c73a84ad4b0c093522e0b62cf815d60bbc3c", + "sha3_256_hash_of_ciphertext": "5ff5d6bdb110bac57e58a4e288d056a1384f9823606a42daef2ae82e0b7574b2", + "shared_secret": "cbb8b7a05f48b47d163cf8c2fad32bc586f47f2c2e0911da349f29b1e3286c22" + }, + { + "key_generation_seed": "588760826dcfbd36d9abe6ae44a669bb3ebba6a218eab69e30f18a3bd536576e0e860576285483bb5fd36e2f944d32c4317bebc1e441470c1372046a790d79d4", + "sha3_256_hash_of_public_key": "29253478090cb4d580bc2a912645bc685061e5d4437b3811eda69c865ea9923c", + "sha3_256_hash_of_secret_key": "aadce411f3708e9727e4a7e4e198781e1ef5e8f4c4c14add1e25f5758649e265", + "encapsulation_seed": "b0d713cbef0bb1df70cbb425d1e9373e9f7790fdc7980cc96a240dfc53f1e8e2", + "sha3_256_hash_of_ciphertext": "675039d66fcb631a050a8b24415b50f331350bd6697f9c977eef15c15d4cacca", + "shared_secret": "1eef87404f318351413d52ba8a07cfa5e72f235d6f91afd7fb8ad3e683ce0a55" + }, + { + "key_generation_seed": "47550e9edacb6ddce3d9ab81f6b61080dd4f2693854acb05e0ccc7a4fb6390fbf89d7d99d5c3e0d10d6ef9af054d842375f695abb28e3b8eb495100f04306e92", + "sha3_256_hash_of_public_key": "286de7dc142efe935e84b0aeebbd32d050fd9d8b008a94e59454b19ea401611d", + "sha3_256_hash_of_secret_key": "a6b53edf9efd7fa67a478456a5b6a379876c248f623ea45f4b541a8db00c524e", + "encapsulation_seed": "32bdcdb7059fe27f6409901980c080308951ffd90deffa8317b4d213a5f04495", + "sha3_256_hash_of_ciphertext": "f03d44bd9bdf3bfd486919fec2177b8b685a9981de4cbc2a9e98b7e9b0a528fd", + "shared_secret": "ca2c0bba56645e4fce4b7e38a7bb4b839e754bf2834a302a2614377eddd6ae60" + }, + { + "key_generation_seed": "610afb64be8cc1df288cfb016ee2f44c6c07113de7f6fee071fe0c3fe31c6215cd292e4c5f9e1a55e0489bceffb204d672a6215f4f3980a646d9f880817c52dd", + "sha3_256_hash_of_public_key": "029a2e12c3e6aa668afb5be8a82576813fac7b8e61c5a88aff94ecc2770c585e", + "sha3_256_hash_of_secret_key": "413ae41ee83e17b74ac654c2aca57abe8f8ed0409acf7cc8b301e3d6bb049cfe", + "encapsulation_seed": "4ed7c92d83bd03b2a25b567f17ae55542e2f6a4308ec0f3fe69f8ba5ae24331b", + "sha3_256_hash_of_ciphertext": "e8992f7b7b619c03cb9f0c991e3a9c20f91beb707c177ad4e02a5808d10d8769", + "shared_secret": "9155619e28de6cc0670ce70e0ad270f0e885e5f5f8d6d38426938ae1036d6ffa" + }, + { + "key_generation_seed": "e1953800acaa85ac02a906c72cb8e8d704e8d27820345f88f71e89c1f549afcc8c64c049c6dfc0f1476cffd520b055756162f7ec94243de6b14ac0b9e5fb366c", + "sha3_256_hash_of_public_key": "e3ec3671cc7675a321af8584a0961101c04a432772431e77f5740ba3b2ef488d", + "sha3_256_hash_of_secret_key": "93bf696bf0671c3845c4b246f29701a0978eec5b49de81589009e235903061e0", + "encapsulation_seed": "060ea5d2ed1dd88144a9885e79278590821c22917b55a48920f96b53ebe0e689", + "sha3_256_hash_of_ciphertext": "6634bd840d2dbb01463cfe5b4e3e54d1eabc081cfbdc14d0bc118911ed8d3cce", + "shared_secret": "d1f24383d5b8d0c3c0a6a5f8f7d38ccce13ec179a84b0b09bcda4c9988f3eb4e" + }, + { + "key_generation_seed": "c719f9b2d16399b7326ce4eca30dabefe8fdaab18e9f6df888b0a134ef355570e40771856eb77e4633504899fcb86c6a3d433d0b8d60e26f07bd61f1d4ed69bd", + "sha3_256_hash_of_public_key": "79836213a513bd4cfd42ed281304e3ee4560e4e0c60fa53781f83d5bd2bbea52", + "sha3_256_hash_of_secret_key": "65deb55fea451375ef335e7faac73917d32220fc70c95f371fdb16e712beeb26", + "encapsulation_seed": "10ef9426f8c4a13b52325c5bb4ead4596ecf2c6b5bd2d37d8350e90d4164fdd9", + "sha3_256_hash_of_ciphertext": "ba79883ad64a6f2b256004233d87809a8c390327a23c739334f773507e003aa7", + "shared_secret": "d2dab0b39b7f62de3ca9826f9dd15a4201191a0e0c690d3e52b305a9d3af2d0f" + }, + { + "key_generation_seed": "e9acbb774be970206c3a738e243b420805a509fa59fa902044be2f0d013650d2ded5edaec5de3bf5b4d7c2f2e18e87f499c1968993eff196753db8045e2c8ba8", + "sha3_256_hash_of_public_key": "0c2e803c2872400c49e1bb10232946ab939319e84ff32cd354dc15d082cde5a3", + "sha3_256_hash_of_secret_key": "d37f172803739d074d71a2be32125eb1ba4250128342e34b882fcba38b259248", + "encapsulation_seed": "a4bd30a64cbf29a4e290fa1cc1dfb99e68348713041e4409a1af23c5d80c15c4", + "sha3_256_hash_of_ciphertext": "13d437b2fd9d67ca0699a3dacd977fba5d072fa6b482043d63e8a9548ba6a3fb", + "shared_secret": "6869ca370a496af2dbaa866265d91ba6be54b9686b1b8dd5714f6ba861b0d1e8" + }, + { + "key_generation_seed": "c1b3cbffad4b306f9af0cdd3028876486dbe858875c9b6497fe20172a986c82b1c96249919cedc2369d8d739ab125e0d2ccb82dfebcd90240a545cdfe07511f2", + "sha3_256_hash_of_public_key": "5818ac8d7a38c781e3a0bc43d088e6d391d1d67d9639b260bb6f58a19a57150d", + "sha3_256_hash_of_secret_key": "280e4774d1b2401580216fa70fb24c2c214ac5dc7f3841710a42e14d6aa09663", + "encapsulation_seed": "f4b66a7d3b65b896dfe100b2cad24b175a1168cfd2ae11fd704b835f6bcd311a", + "sha3_256_hash_of_ciphertext": "51eb70249a1abebd5159f1069b1acda2304f25fc9cbd9f4a625b58df448b47dc", + "shared_secret": "502d92b2a7e1804892ffb8ff009987a58f35baa30c0392c83859fde82105a9aa" + }, + { + "key_generation_seed": "ff7495b8575b5a98e4fd21fb4c3e58cbb60f14bef21aa74cf8802e3153f14807bdc370460375a778d1a31d01c42b66367ed8d9e8f84551002f552f0e52102b5d", + "sha3_256_hash_of_public_key": "172cf4f8dace8a96b8f70da966080a5e3f132873ca7544343377a99b65e8147f", + "sha3_256_hash_of_secret_key": "31136804b6c14f3a0a00a3295a5fed8d606369e64d272d432c59d7fe0ccc3e47", + "encapsulation_seed": "1d7b03d3c5eefb8ae5799dc569aa668f1bcb8c86607b089d3530cf61d6380147", + "sha3_256_hash_of_ciphertext": "9b38b66fdfe80acab82bf9577676f6566b4429f78a14f7486b07c96ae7be921b", + "shared_secret": "48eb4b840c0d957f28808e434786c02a8f99d3464ccb3caf91cef4a0f8e70c4f" + }, + { + "key_generation_seed": "bdc3fba1c32751139fc45bacffb3ea97f26573d804a5f27a459293d95190ed8efd5a08f656a6eb8cd20679930a31caa6a6331c4b133a6838c223ef9f769f6246", + "sha3_256_hash_of_public_key": "268b6356f92c57da6dd34494b927e8764adf0ad519612ef0d1b8951e50966c2f", + "sha3_256_hash_of_secret_key": "3bf02cee24670ca40b7280d8047fa147b24c5e286dcae9c24bace9465bb19f61", + "encapsulation_seed": "554f3385b382f4a46314de37ee3885addfc5332bd4038785094e0a832e9e8c2c", + "sha3_256_hash_of_ciphertext": "fe8c3fcee4be152aff29e55f42f2fb1354ae55ccbe38400bc901ca032ede1ef6", + "shared_secret": "f9507f70421be90f21138a1e135329ee8228682cc948a6914ea58624d396df0b" + }, + { + "key_generation_seed": "447f6076a627bbc5ad7773fbfeb14b4ba9ac43a0f8b99fb6dcd5e452aa3c47ec20a7237801f470fcc2bd9fd7bea8322859b850f7882d362947432913dd068c01", + "sha3_256_hash_of_public_key": "4c6d304e0494d88d83b5e3aa5761df3b299551a24f28994d2747b2b08945bead", + "sha3_256_hash_of_secret_key": "5de91ca73756eee74da3cac78a1fb329a02f8587f212bb9bc0b29e0e654a5795", + "encapsulation_seed": "38bf0033b779edf5367d9ebc01c988af90904c560970815837380650e4749eea", + "sha3_256_hash_of_ciphertext": "805ce0ab06c568b614cacbfa4cce5e65929e2846932a90e9418513dd48cf3358", + "shared_secret": "24caabaafe2063f812eaf57c58b6c0376ed8ff778cec1980ee9c3228801a75a5" + }, + { + "key_generation_seed": "2d5df64d62cb07fe630310bb801c658dbf3d97993e68626745de39d37fbfc2b27b534537addaba4ecf14f02ab317d36cb9f0f50222ced7cf029dff8a0d3d2fd9", + "sha3_256_hash_of_public_key": "72be2f5cd569e6229f00014854633f7b278e90af4ea593411909467a03e29cfb", + "sha3_256_hash_of_secret_key": "a68ca31b91491a129af9f280cb4c60c046e7a7ccddf41c9bd98663f8512ca34b", + "encapsulation_seed": "048ea516d0ebbd9f709b47eaac66f344c571cf50f0d01c9466aa061a50b66a24", + "sha3_256_hash_of_ciphertext": "d27a36808f09d6165aefc5d253090027eeff0653268c55a0b3de2a751ec765be", + "shared_secret": "9f734b15fc7dd99bc10d6cc7de5d2c93ac789a5665e508a95d075dffbad25abb" + }, + { + "key_generation_seed": "25056d1b8113bb362dd979d98643d7a7ac9c4f95994c0ba060609b6d07002ff3f48a9254dd40b117941fa35a66bb50296327b725525deef70e128ca8045ec451", + "sha3_256_hash_of_public_key": "0831c75b153fa17d336a79ff6e88ddf485daf7b1b0bcf39d8df15319d52ac67e", + "sha3_256_hash_of_secret_key": "2b983d7cb50880cff761441b6a2c66b7a41642cfd2a8cc297a5df53f0ed1947f", + "encapsulation_seed": "686c921c9db1263e78ae753b1c9c2e7936b8229dca48c0942c56c6bca4f10917", + "sha3_256_hash_of_ciphertext": "0892527da24957468b1b8fab49ad2d7dd6d238eca54624fce6a3c2dbbbe8d194", + "shared_secret": "d27e55f2a1f9ef336c8537f11da9875e03cc7dde8951d81b0740457609654107" + }, + { + "key_generation_seed": "e4d34e12982aeeb1d62fd488d9b9e28557ed3429292239fb4f76fa9098009acae6c45c7fc62329b13c8d29844405db8ff6860de474bf727ecd19e54e6e1a141b", + "sha3_256_hash_of_public_key": "b30cedc4316b63d75b641fbad2f33241a3fc47ab8b3ee1a3ed597e5b04f77c68", + "sha3_256_hash_of_secret_key": "a49a7533c671e533deec55af218ee511c57014070e138c7059853e08c34b0a78", + "encapsulation_seed": "2387772e50059cabda53cb93ba24b19ae529496c03b36584169451525c4a0e7e", + "sha3_256_hash_of_ciphertext": "390b3b6f9a0f9d97ccd452c83bf47416b22fd06b4d8968c44ee6effa7980e68c", + "shared_secret": "ed5903d1cf02861444cad7fc3793b4e1b9b6d0324bf6babfb768bb2f84300086" + }, + { + "key_generation_seed": "cd6a99396eb3539ca663a51e42063a3a262cc1c5a5fce1566f0597b52ad9fa325a3407f591791a5db4578b5972093a95bec3b8e70c1d542c9b5c9789729f8922", + "sha3_256_hash_of_public_key": "ee044dbdf6787ff038dbf9c133557169c62fc1ce2580739369aa87df00b49648", + "sha3_256_hash_of_secret_key": "9e865967f0d1e7d3f6a49f2bb623ced2a7b1408a945e02adbdca35846b70e7b9", + "encapsulation_seed": "155c29c5f0378df0cd0e847a80a07143cf7522fcd880c9229eb9feb1ce340cd2", + "sha3_256_hash_of_ciphertext": "6858db6eafd97259e6d775d881f7a877010179d4f827680426946b9ac4571261", + "shared_secret": "0d301028c1cb31dedc8a702a9e95b7d3589f68a6a1f600af84ae0f543e625361" + }, + { + "key_generation_seed": "6c8c53ed6f65e6b2e324b84364e10de42d1c26a106d4d1c99eee79c78586fb55b9402bf02481ce4b27a52e87feb92c4399c7f2988d40e942e7496ad15ad2aa88", + "sha3_256_hash_of_public_key": "e965ac6995d525e324e8252d8e2c2da909a29b24baca8b68daa5122cb539a474", + "sha3_256_hash_of_secret_key": "91051a381626e9465fc7ab20a1944eca64be461330bda53e7d1838a74597392d", + "encapsulation_seed": "a9cb9a61a3324b1ea5afe693b32784e2871096b2ca14a11acc9577c52359a241", + "sha3_256_hash_of_ciphertext": "42bfb5584610497fbc8080a664139afa534b39a417cb69ab0d2a16c8737eb1cb", + "shared_secret": "354d86b389021a3196b75c6582927b3a005fbfee0951f34d9cd5c8f415fa50f9" + }, + { + "key_generation_seed": "2107204cd995f1df14314d5381f8c5440f09a347502e161cffc0a2ec3dcfbc7324c3da70fe850e80aa818301d60c70f3038153866dcd5d179e22db59b8991bb4", + "sha3_256_hash_of_public_key": "a3d8a85f38cfda38c66ae39b2f9186ef7bc1e0c98e8976a6cbc6c4875d73d7fb", + "sha3_256_hash_of_secret_key": "cf7e797f8f7229a08206034737e54fe46645ab2fabdbfc8662b45a2604876b65", + "encapsulation_seed": "e99fbae8a024ebbbdcef32ce213f6aa942e3eca925e5da4c09975d773b33a175", + "sha3_256_hash_of_ciphertext": "ce7b65856502b280e02a36d906e018c6a23cae99f27ef6d65762c87ddfedff56", + "shared_secret": "3afcfdc446f93a8169024a24fc0383692843cfd6b4854a8e490892fc35aad4cb" + }, + { + "key_generation_seed": "63a925685a8ac5bbd918faa33ac397d1ffbcf99135d9da7c3d6ff7aa4c50af3d3afdb8a246a56ee71465591831c371f2eb87467b0559dedd776ba063ee6d2f93", + "sha3_256_hash_of_public_key": "aa73b40dedd61e6fdaac86971965c03ab14ae69e8130426fdf830bd57d0974ce", + "sha3_256_hash_of_secret_key": "1e7f3f1e5632d1df538b564304f56689742d1f652d8d32f019b45183af68a20e", + "encapsulation_seed": "67a216f37d67f5e74f782f1badbce1cc8c80a6130aec305b421899a4faa0a6c3", + "sha3_256_hash_of_ciphertext": "b6c40fd53bcd9ee1e70bc6783b402ae34c24dec724e63262d8583c90cd10256b", + "shared_secret": "ebba9a8bae936c829c1445c68595da96919041ee3d9b0fe27ca93db691146874" + }, + { + "key_generation_seed": "6a1aee5e708c1b47f02bdacce4f56c860f74fc7cfec1ef3b58285b1c8ad7fec2230e05b7114ff0395cc6634db1eae8258072d09c09f291e92d6620b177dc50d7", + "sha3_256_hash_of_public_key": "cf754f2ee43694865a09ca7beb0deda9b1328fd0abdf30ca5c338e27e8be04b5", + "sha3_256_hash_of_secret_key": "928592604aa44df8f2072f26e9511129f61da0b7f57acb3f6896635a9764ea87", + "encapsulation_seed": "52b19fea232c9154a3e431e9d69cda40013cf2d485c3cd027ad24e645420420b", + "sha3_256_hash_of_ciphertext": "a4b50ad169b436877652a6c64dbbffdd63f53274ddcf58f3c96c3929215aa956", + "shared_secret": "f063c0908deb2e61faa0c4c0f5051b2c8af7265060681df14bacb30f0228b3b3" + }, + { + "key_generation_seed": "6396b328b100e4c7f4bcae69875edea1a1982421558c608c13c592bf7b5d0fef1100ced48add211a5c937b8d6079d8e271af3f949edc61f70e60453aef20dea9", + "sha3_256_hash_of_public_key": "3a842153dee9e035299d7e268c9492d71188f9fb24bdc2dd20c1ddca647a1523", + "sha3_256_hash_of_secret_key": "28ee987bc4ae5a321d2669950dbf87596fc4b35c29f192836005064aa3dadee1", + "encapsulation_seed": "64440adb05db3308b189bf999f9ee16e8ee3a6ccbe11eebf0d3ae4b172da7d2f", + "sha3_256_hash_of_ciphertext": "126b64a28d82d06ca81f7e86d33f4949634924e04528d1142061320eaadcb841", + "shared_secret": "02d2e466e170bf45d3e9d357e2f04c34cda408cf147e9ff7a6e8c715f2c88ace" + }, + { + "key_generation_seed": "a453bcacdd2b0d4646009e5ed451c3c45f08fb827ef733db3c517a9dc1af93e67a3cc8aa3239d4c52ce4c95afdeff6efbfacac10d294edc0e7cf4535059bfdba", + "sha3_256_hash_of_public_key": "da43cae3c4da51d69a57eb87094a03cd3a9c3e6b4ed864cc691a60f0509cc646", + "sha3_256_hash_of_secret_key": "b204cd1c3122b29a3d99cb77e11427fc102375699928c5a6fe816f96bb212627", + "encapsulation_seed": "c8bb46b3a7344ad170c2052fb042b5a3b62e0590562ee82577b1081f6f114d16", + "sha3_256_hash_of_ciphertext": "228dfe300e3fabe4d4e550754ebcbbf72a796209c1d24e7ae93abb79e1cf17dd", + "shared_secret": "6a5b0842c122ab6ee251399492b061d2ab3e40843f4dc01c12fbd5bd545c600c" + }, + { + "key_generation_seed": "47ca2b77c5b717f423222c2730ca5cb9c856bc951d01b2b2c80bd76ccb5539b78f1481d7cab000e33fa07de8dc9627a85e76fabb4428a3376e66300cf12a0787", + "sha3_256_hash_of_public_key": "6533c524a32345eefdadc74a3c6ad7e981832797faf1068955b79f118dff9358", + "sha3_256_hash_of_secret_key": "b9dee52055b1f9a2b25a0c1be4d9f30d2ecd7c5a09f0f5294de2d49a55ac9fe0", + "encapsulation_seed": "2e2b70609f3fe029a14d09d5d659871ac776ce2797a0355f16e2eb68f5613fd1", + "sha3_256_hash_of_ciphertext": "2d7e8fbd6f2257b05eaaa2ca1643c452b4e0b623c9ad72027cca8dd8b7b5b91d", + "shared_secret": "2486c0a6cf17d9635dbca1f8395784cde54dccb7df10fced92183f983478fac1" + }, + { + "key_generation_seed": "aaf6eb40e596a5e3e8218871e708b089240dcbe7fd3641f0e5e41e071ce49107e2f8d320ac3cb0c52efdc753282f092bc39baf4a18783a48ea031a191865eb78", + "sha3_256_hash_of_public_key": "e2f60f27da7f318eb94a74b437f8e0bc9513e9bcc38dad99c174c1d75e0145f1", + "sha3_256_hash_of_secret_key": "68eaa8143a71bd5f6df29b128781e3f2a5fbc5d20534afb223ddcc64bc767f5a", + "encapsulation_seed": "4725dd8fb314bfd8ee23731c2341dbe114606d9abe6434c471b5573e7df193bb", + "sha3_256_hash_of_ciphertext": "b5b2de55cfaea8fe543f67c4f45a69780c3e2d932e56e0b574d9b40b56ddc1f1", + "shared_secret": "85690ee044e4d8e0540ff984775b59bb5134383c4e229e79e37d7d77632fadaa" + }, + { + "key_generation_seed": "6500f32c93415cfdbc0bd31d78d5be95cb9060c8cfa2013955b56f8b6868b322393308641a9a4647f230201e1389624a296b55192a9819fcb19ab77c25f95445", + "sha3_256_hash_of_public_key": "d4bf608793939ecba27dff5889d4d921c583999a57e20a48085ac549573e6abf", + "sha3_256_hash_of_secret_key": "5f9a14a9c41fc228306d79417015408f31bc9c3d97579616bd68a3d3444f9bd2", + "encapsulation_seed": "818d3bb8ebfb32bf464775f7139bac0a5bddce80ec5798595992f9403002cd5d", + "sha3_256_hash_of_ciphertext": "99fb7b7767fa94e74936a6678acfd5a2306b156f90f4608d507768a25403a16f", + "shared_secret": "d179d901a0570bd23aa52570c5c233a2240d4724e81d98c9ceedb74187eb75a6" + }, + { + "key_generation_seed": "7643cef2d62cc5aaeecf754653ea62294cd2208e5bf3ddeea209e3dc45373d49eac9d531a532770837a854b4f5531f6e0c8d6c10183b30d3435498c2dd142951", + "sha3_256_hash_of_public_key": "65f03add3941d22c80d50659f501f8cca1b448d84462ccb93d5f065889484bc0", + "sha3_256_hash_of_secret_key": "e4513cfd1dd2153d30d15b023421cb8e8456e6a40e612847e1713e915a29a87c", + "encapsulation_seed": "c92aa5fb91c980d9cade9ce99d4c75b2ffa7d6a6ff9bd59def1aa701f2a0992b", + "sha3_256_hash_of_ciphertext": "4cd7f0af86623b34c0b137a0516b876daa73ffd65d75871ddc828f86a7e9b224", + "shared_secret": "6d574af7fcb241fed8763b2d0a352870baf85ef686e90eea31f8500c35945ef7" + }, + { + "key_generation_seed": "f8ee95521060c03bb8dacc79f7eb7db640f545f315613a35d447a09e504cb4e13fc3d8392cb53f36ed647364a04e37278a0e0a45b720f4a75c580c9920eba98d", + "sha3_256_hash_of_public_key": "b8a3b8cf4709204a2fdb19889b0022ea655dfd58ff27e17d530510e1eef45793", + "sha3_256_hash_of_secret_key": "1f7cdadf3d4707efe1b7a6173d8f7b8a9f864ab388c3271d79ec424d9da3e896", + "encapsulation_seed": "7e8086a01dc5b3bb9eda25bcc45d27f99874841b97237968495800e007696ac5", + "sha3_256_hash_of_ciphertext": "1ca889a71a087ccee4ee1a178c3c55ce3649583f3db924e5c1003ccabc44091d", + "shared_secret": "b1090cf26276a81c22ef0e4479a4c705fe294d3b892051ddce7eab16495e0783" + }, + { + "key_generation_seed": "b8bd0493a882e3a49b4e0f6256fb1fea0912562fd9ba26ec3d6c9cc12c8973abd7e4b5d8021c486b9c3114d7cbbeb7cd49eba8a61bc2bcae1f1bef30a1daf76d", + "sha3_256_hash_of_public_key": "46fe6c37136273736ccb11df5b6d55debbc087de802404b72a003c5e8c809719", + "sha3_256_hash_of_secret_key": "3177ed170e84ff15fa1e744adc9ce806e431a68f15a7a026c6092bf593dec6a1", + "encapsulation_seed": "bb321ef14d44d8698df879fd52450567657f52a2df8d111185dcd7d4f30a72d4", + "sha3_256_hash_of_ciphertext": "aa9a0ea1823a84bc84649d26e249899437844827fe7c63d4828a5144929fa00a", + "shared_secret": "2fda9fa72321be3a0946d6d914c7ae714b9cc175619ab8abfd1f1fd499e0dc27" + }, + { + "key_generation_seed": "c0407e41ddf48d333978b89bcf2db01e4613425b456249e76a6f25b8a2827bf5b2dca81e3f5f748d23c9d356a2209f6b2d60247b2e45c9808de497f64f124643", + "sha3_256_hash_of_public_key": "a074ed1f76e97d68434ba4af2af0e549204222679e9e643580c35af3cdd247ce", + "sha3_256_hash_of_secret_key": "8f9b3f631d0fb04477846ae09aea725f1cc65b2cdefe2108cdb399c36db9b487", + "encapsulation_seed": "210a423dadd899b810f011794b79aa7f860823ac1962370e791287d3a1afa384", + "sha3_256_hash_of_ciphertext": "a4fb01f55eb2986c1f90cece43330bee1b16d7bda48d617fc94aa14fc540ec4e", + "shared_secret": "23798e8b9eaa0b369842cad83a2bc32206f791229c830d7593b9150161168011" + }, + { + "key_generation_seed": "334382d39164d1989696a2ff77b25a28af8bead9883b5365eb6fcca7c1781cc9aba5068af837be962f439f233593d193ce5e08f7d66efb3389885927b89d2523", + "sha3_256_hash_of_public_key": "26659f74fc9ec372fe18be4ed6aa28b7cd84ad1c0f0115dad011a11d20fda9ed", + "sha3_256_hash_of_secret_key": "5e3f83cb08ff80183879af9ade3631bed2a468e429ad027a5afeafd9a6f66362", + "encapsulation_seed": "bc856afe24213e3d14c3d6f9b89223bbcfb2c890722d770fa3492c1e46d1c302", + "sha3_256_hash_of_ciphertext": "6a4204db4803d26d7b8a769033e047f3b4cb616bf5451b88a1fb3ff219bba9cd", + "shared_secret": "d5c63d2bd297e2d8beb6755d6aefe7234dea8ecfba9acda48e643d89a4b95869" + }, + { + "key_generation_seed": "6995143e8eb8a6e93840f76eec844f67d2b5f75b1839a5040337e61f9806764a0f4dff8e56f68440836a072412a30d851ace2c7c6f02d60e7a8420001a63e6c6", + "sha3_256_hash_of_public_key": "2ca3d8ad2dab1dd8a2f4320658fe6eacabf70d907920593919119cf374516336", + "sha3_256_hash_of_secret_key": "2798448395f6ae3223550e7d5255e6a605b430229f5809b6efd0683a6b9ca402", + "encapsulation_seed": "5fc00f89563e44b24cd67d0ce684effe5731619fd08e7d72e2406eb016afb66b", + "sha3_256_hash_of_ciphertext": "dbd5fc0e1df33ff8af9efd5e281a2b98160f98653803cbd54e3a07292b37fcc7", + "shared_secret": "29d6a229adf49a1139794209307b0ca24be5825b2771809232fb718660162475" + }, + { + "key_generation_seed": "995eff7e0d195c6d0533f3dc194d47e60f9ad14696144cde694d60a95f3e96b4b28f7e7a15a005f92400ce33db073d49b53871594a88fc45e0f94207b5f0f2dc", + "sha3_256_hash_of_public_key": "de62eff56f6b49a156d065d85eaf0aa21ca229a20fa4e1372a410ab1c4ab6e7e", + "sha3_256_hash_of_secret_key": "6766cef3fe644a233caddf208074b58e6e83f8a78aecd00911c29a08f6f0b0f3", + "encapsulation_seed": "ea22a76065db4b565ee1807fbd813b43bde72b0e08407fb867c6a18995025e50", + "sha3_256_hash_of_ciphertext": "4c669e33b0227c9c2040cdacdbcb7d22b9984372587985ed8f860ffc8d037e79", + "shared_secret": "2a56a7a6d5b4c0500ec00a92e322e69be9e93006240889552072482966c54f56" + }, + { + "key_generation_seed": "3e809ec8dd0fec0d911a4e3fac20f70fbb128c5de94dc7184ca7310ae9157a98d8128601c28b1def8d393a0db283229f7c7383152a814e7cefe8ef9d9768c473", + "sha3_256_hash_of_public_key": "66f161d27dc34e1a2f4b98b14a2b221d7eae26a593bfe432487d9994cb480656", + "sha3_256_hash_of_secret_key": "2237f6cbb452d375878b82c474a7c948ff587a5f3ed02bbba1459fa7ff8ef802", + "encapsulation_seed": "e9602b34fe73ad57f4bf6ead99743d645641553a5b9b9bf2e7016629e3e9bd76", + "sha3_256_hash_of_ciphertext": "8a2453a21a031cb8966924607a28882426fab2018826192e9bf833bdd38e0631", + "shared_secret": "ecb62b03f640ae4a9d89685fa0070efa93c24dfcff0d555142f9de25b62f861c" + }, + { + "key_generation_seed": "dbf1c465fff3d9f783bd9ee61a573715e45691147b8904439b5ffaa64f94ff7bb6d75eac6c76ced1b0a025b40a55440712ad8424672e761e9bc400d63812006f", + "sha3_256_hash_of_public_key": "7537e68ccf14e8b7e57090d8f648529dc461ca3950288879e88116acaf57b4a2", + "sha3_256_hash_of_secret_key": "bd8e44337eef01251217c4702c99232c001b33870953473d83a7486fd25484cf", + "encapsulation_seed": "f72b9080a6c051bbdb9b0abc1949034be0f89a9f73fe277ec4d4740c78d04a83", + "sha3_256_hash_of_ciphertext": "6077c60641c03aa8b36213dddf938311ce6b7b8801f967d42713e73249fe7c55", + "shared_secret": "6cc30699701927e07b559d708f93126ed70af254cf37e9056ec9a8d72bfbfc79" + }, + { + "key_generation_seed": "1f7cfd2b70863154e8a69d1758532e86c20cfc763d67c758bd10a13b24e759b5273b38bddc18488024ec90e62a4110129a42a16d2a93c45439888e76008604c6", + "sha3_256_hash_of_public_key": "82f68b15681cca5c2852c18d6e88bcb102a059c1d21936582adb71790cc0a335", + "sha3_256_hash_of_secret_key": "fd483ddc211c5c27f453bca56158e1f8084f075a7b06f5098cc3204427bf8197", + "encapsulation_seed": "f1e5542190db8ecf4b8d617a04fd3783ad0df78bf8dab749afb57db8321d151b", + "sha3_256_hash_of_ciphertext": "5c6cfa16f63b1aa93a2b5edc2f4b14c9782f286f53deedf3153f329a2ae2d57a", + "shared_secret": "250e7f67bb34dd5477471e3a701fb71a8138a1920eb807824380f88a944a6fa3" + }, + { + "key_generation_seed": "3a19577908efd37697b8edc7fdaf47d1bd3ad01a1b77faf794bee5b9c3192a6fa3729672816f3eba84c9638a79676eeac0f22c8a48e0c5d50a26ff0844c66b99", + "sha3_256_hash_of_public_key": "104fbf09445794c0ea0654f5caf70ee09d51c8386d4e1f467b10633c710ac2a4", + "sha3_256_hash_of_secret_key": "73fb93953ae666a9df1bf933ba56b8655ea9e319c0110c78d49f8480ae1aa3fd", + "encapsulation_seed": "74efa414ae171bf60b6f884cb7e5ce12028f49365daccfa23e845d551711660b", + "sha3_256_hash_of_ciphertext": "e51772e769f778067916e81a561ba6f64fae6096a2b4d4b945d9117e7c36e2b1", + "shared_secret": "0210935a18f1add5ebc2e1107bf40a628ef9cf8f6e7cdac81dc0291bb50a5a3f" + }, + { + "key_generation_seed": "ae0f65e29f38804a6759f70f4d01e2aaff7fe1c91ebc4f892dd0de3ab2e68ea5e03ff73e02a217659f53d8c47556bf3d8c94040f630d63605e2d0f923579370c", + "sha3_256_hash_of_public_key": "0f353d6a29813d354471eb8b4c38df93939eb3b1db80ddd1cdd6558a9f2687a3", + "sha3_256_hash_of_secret_key": "8a9edd6278707108652f3a5bc244592cb7a82c24634583ed2d3eb6a176b216b8", + "encapsulation_seed": "0b4c3cffb2ba4380ead13dc0d8acad2356b448a810da1df29f264c44aab6d24f", + "sha3_256_hash_of_ciphertext": "a00c37bd326205575fcbbc100ed54630aa0f2d6dd9e69807d49151ac9a81c429", + "shared_secret": "34169fc520e944f94ff1fa3799db802a4c1b26cb2971bf196259a937ab8362ca" + }, + { + "key_generation_seed": "6084a235f79dd093ef6d185b54e69df33dacee73a9bf2f379004421a10e3a79d9f684fb055ece19459eb464e91e126a7a6e3ed11ccee0046da234d964c985110", + "sha3_256_hash_of_public_key": "12e89c47142418c26396ef0174c02f69dc00022d56494d31af935490edee6385", + "sha3_256_hash_of_secret_key": "bc13b19f01d4cab36dac2154e0fd8fb7d2fa012596363942847f1b0bb3715f90", + "encapsulation_seed": "1c82471dcdfca3a6942061ab4f3d5bf0d197321437c706d9cccccce449447002", + "sha3_256_hash_of_ciphertext": "aed1a4ee810b81cb8ee49ee00e94ff4553f0ad2176fe4d27a09f4e68157fcc3b", + "shared_secret": "b5901e97eb656a09d2dd132528148ad07a0a89f638717eb53516a9ad19aa36bf" + }, + { + "key_generation_seed": "acd1c0217fad5caa4235544dd9de153ab1880ccf4c76f16f236fae4e4bfda04cf03a8abb0a5010f400ae5722a75bdf5a2f6d5b546b34d73857cb1bfc7e587aa7", + "sha3_256_hash_of_public_key": "2fac52ca60594e514333ead02cb1bfa5cd1d9ecda4a0b25ccdfc47ad3f632a85", + "sha3_256_hash_of_secret_key": "2743b7a9dd83a6b9bb5c2685f28b5629b2e31132ac64788a0929557d3449dfc0", + "encapsulation_seed": "46fe60a18124125ab93e0c578f1c02f1bd1301595013001c7f3c2fa56cde294e", + "sha3_256_hash_of_ciphertext": "7a039d19c45cc557036189cbbc63445b3504a689db56845ece99d593f165c6af", + "shared_secret": "df5117706beedfb521f0f021069fe9650d0844194339033de6997dced05268c8" + }, + { + "key_generation_seed": "241191401a63afa750f05662e354dddbc683c776ce3222beb83e3cf913d7ed7ca59b3bd23b49a95bc1fad20070fec930b6060bd827d742b077092e422268e15d", + "sha3_256_hash_of_public_key": "3eb856043b822df9d60b55fccb537afa3cacca9ef50433bde1dd9831e534d192", + "sha3_256_hash_of_secret_key": "398ae3423ba5c6bb05920e83e8939a104c3e4ad91647edc7db1667efe438cbfa", + "encapsulation_seed": "52fb7cb6a633fd2e83f2892bd9441b48fe59ecee6d026f5246fa7f2a5e55ee3b", + "sha3_256_hash_of_ciphertext": "05c9617befed785811fcc44d0fce5ae3a1ec66c4d1217ab42e4b754d0ef6207e", + "shared_secret": "eed6ecb831c881508f99ea115745448a7b312a4fa97f65044ebcede172dee2fa" + }, + { + "key_generation_seed": "b9a6b0c05677e957d41a34ba03bd06f2a9092e31f63389397d7e70fde6409d18e99c0e7b82be89bc3c1eaee6680aa4efd394e40c2b3f30523c8117f7c26a8969", + "sha3_256_hash_of_public_key": "306aed2a804a1c9bad4ab9e59f6126ad7c8633cdd0c2dd9d4c6f639d312ed47b", + "sha3_256_hash_of_secret_key": "88b28cf6fe19424ff82fc2bb096423b71f0cb8cf985af31bc15ceb4ed18a5e62", + "encapsulation_seed": "0f81a5f97082121244403da3feeb734f6084b314b8d94beb11627aa6ad1914e9", + "sha3_256_hash_of_ciphertext": "315ef84926802ecbbb437f8f50927d3a391b55ee6e47dbd19aa9adeebb808008", + "shared_secret": "d6cb77dc96f9ae4bf8b2fc0e277935b3b7b7a59f749ff2c08ad42659dbce386b" + }, + { + "key_generation_seed": "28a96c71577ba00c94f99fe965bc595a26db2b3ca6ab5cf8e443cdd8462b17929c35d165453e5fcdc6f9df64526d9de698f2bd3e6bac6c7fdd86601b9ba5f4a5", + "sha3_256_hash_of_public_key": "9bb3963cc1c5cf2b2d1c6ca76226328ab765a79999ccc71fe98d5bf3b34f51b1", + "sha3_256_hash_of_secret_key": "d8c2492023fb1175a84c19b3ce20f03dd12b1c26b65176d5582c319124bc0e24", + "encapsulation_seed": "31af9345365549ea0360169ed57daf98cc5444799d4c75d9f1f5d615e9df8a91", + "sha3_256_hash_of_ciphertext": "ae36e333ece7ca60c9bc2c4ddd01ca88443fd73bab08502656873b703af8925d", + "shared_secret": "1592f1413331f1871b41ff298bfa669bca667241790370d81163c9050b8ac365" + }, + { + "key_generation_seed": "c08ba2ef8c3a0a043afad931652d7a19e6e8cb670f840de5f1fa03309b2ca9ec5fe6141a25f7ab9f875f79e0a82d6ea5cde5a017ab637d5fdb7c42646a1d71df", + "sha3_256_hash_of_public_key": "6d029bb2121c788b5b6ead7226df664490dae362c4befb615717d81c656b3273", + "sha3_256_hash_of_secret_key": "0f2c7bd16d9289c3c27136df0cb6ebc624e80144cb92e6f0c897f58a53617ac3", + "encapsulation_seed": "774ae54093d694ef40b63b62c73e6c98295f606feb8699807eda1d030ffb996d", + "sha3_256_hash_of_ciphertext": "f8a85f106c6144edf1c7906ec26e292f0390aa9d45a22e67ba2ea018ff565c4d", + "shared_secret": "966f35c6bc47b4525d9af1ba350e8f44ea448cd1d90cf4e9c55ae5878920b7cd" + }, + { + "key_generation_seed": "0e3b30e102d707538c2671060f603bb0b8a014103f132d63b09ece07e4a4c75b11eafeca9e810796c34e8cfce9d59342884456007b01ddd12edce6d10ed87e4c", + "sha3_256_hash_of_public_key": "64c819d9bf66855f6ae70627f04da8378547e5867e2eb9759fe0971efd601c4a", + "sha3_256_hash_of_secret_key": "e85b62236d5c6c691a9076dc58bd5da80999eccc8df973c7d0e7e65d8465ea7d", + "encapsulation_seed": "9f27a47604ab5146caaf0aafe6d149424f8d66e39ba3baf5e6c73b19221b7e21", + "sha3_256_hash_of_ciphertext": "e9149359cc37143b0b565bd413a04f41a7833c5b76012a9263a086ac34071684", + "shared_secret": "aa333af0226492126c6985130ac7df2226a64d6d5c5314ce3f7a99add6696d49" + }, + { + "key_generation_seed": "2478f7d3de6041e7e5cd11c5e2ef483d1aa6218eb126444091535f6ae532fa7311136e2681df2ef881b51a092a9badbe72c9772c169808521c47149578621e28", + "sha3_256_hash_of_public_key": "db315cafbaec2f8a0142f45affff65289e826c9244ab1cb03f9f65df3e3cbcf7", + "sha3_256_hash_of_secret_key": "be98d62e4724c0d960ad4839298d4571f9871033b63bdf10d3b0e589db376ffa", + "encapsulation_seed": "90044031b7597b5e60a4f946b713e8996d0426d2cb013243d9b7d8f8ef159a0f", + "sha3_256_hash_of_ciphertext": "9f9368ba712cfee95f28a808cb2c23116a0c8da3910c0def2ef4e55947d7101b", + "shared_secret": "9535303e6035e30c6605c9e0f10c553dcd73828d8525cb190fea79937e093331" + }, + { + "key_generation_seed": "9d405d3ebdaf35fa8722de431b669722acaaea2fd10b814310b17f78b66147d16ceb14f7662be0c42779459f69a145c0e2ce9f0bd9a0cd1bf32ed5694cc9ae32", + "sha3_256_hash_of_public_key": "c8d853e65b5b118e28b7cb6f0d5d6f282e0ea20fd72f3690a6b232b20a8a55ec", + "sha3_256_hash_of_secret_key": "7a5e854bad628be7b99f524f52a97b0959c0ee67a7a10ad24b970e6e3aeeeb80", + "encapsulation_seed": "a7a31e140891ea37d2b6424b59b1f84f89220f32dcb73e037eb912b389d34a48", + "sha3_256_hash_of_ciphertext": "31b04a4127558df57844413928b29b11547de5afc088d568a962fe080c97f190", + "shared_secret": "0caa79e0054182c15e54159fbe36d9fb09481331a560ccd9714fff81db5615c4" + }, + { + "key_generation_seed": "9a86490f0615f3edf789cb0654066e9ee339cc59f968281f3b89213f83c692edfaeb2ef44d2f608621e831187ce79b2d2f4a20f1568bbe76b0d3d5af36111714", + "sha3_256_hash_of_public_key": "f69bd52cb1d071f1cc7720f949d44f66f40c917eb30f3a4b0eb519ecad2d03dc", + "sha3_256_hash_of_secret_key": "b6ef04e6acbcd1bb072d1cd28412cdb00ee40d04ce5b39442a2efd6756292167", + "encapsulation_seed": "70eb3f791faa91f1f982fa477dbcddeb2c55691c07f93b04cd31b37544c94b42", + "sha3_256_hash_of_ciphertext": "d8fac8ffc3d8dfebe66c219f4189b780d5ba8fe28d5ab79264345639740913b0", + "shared_secret": "744ce1aa5a9c515c6571ad6e2f5985df8434e35e9f714cf3659f184b5db4086f" + }, + { + "key_generation_seed": "6dfd9b575872560c7bdc2732c4a28dac4db04e535eb8e402c3dffd145c09ce47a2985c1c4d203778597947d710dec806e36b0cd949fe460ef141213bfc525e5b", + "sha3_256_hash_of_public_key": "10e01965f9c196d2f5f90ce3ce8f552f8a0d76ba8f5345365392febc50560012", + "sha3_256_hash_of_secret_key": "2b5c6d5fe9b09ab5a027522e699401223ae9d304ac912f1b15f0f647dd9a0a7f", + "encapsulation_seed": "30f4095015ba88b6d969672ca3f438c395dacf7d476ea7a9e805ce932d270a13", + "sha3_256_hash_of_ciphertext": "e8b01628c7d63f16c59e67352399a760581f341ed41535013490502e884733be", + "shared_secret": "726f7d790df4c860a0b2c40de9d62c85d0ff70c704ce5a1b3f6bf1b3e3f66cd8" + }, + { + "key_generation_seed": "6fca9f4e384d8418075cc064c70730801bdb8249899d456a77130d5beeb3662cce7683f8a03d3cf04e46970ff7d6a12494ae12558346dfc8fd9370bf944a0102", + "sha3_256_hash_of_public_key": "7c3991fa7983d0dd6e7157cfb152538466e9d5c3998a2b8ed862162b91ca851c", + "sha3_256_hash_of_secret_key": "72e786018ae9ab8293fa51cb7ca3ff0435e7cccbd5ae02b4680b92c148590265", + "encapsulation_seed": "cf31220f44de862e1719570e1b26e897790159366a385452334fe24cdcae28ba", + "sha3_256_hash_of_ciphertext": "5b2e8a3e38c13b53393c8654e92eeb6251ddbe50de4b3c5203a06977491f2fbc", + "shared_secret": "68f3e22d1b2d8c57bff32160e550becfce535fdcb327394aabeb60eede263213" + }, + { + "key_generation_seed": "e58f71bf175c0550a67e00e0f7b3b7fc36bc2707bf0c93044a492626de36301a7f7054814869cf7625e45647bc1547aff288dbb90699b2ad84893f3b755d9722", + "sha3_256_hash_of_public_key": "8aacd8940ff6fc27f175342be74d48075f8ae9320cae20a41c879c27c1bf815d", + "sha3_256_hash_of_secret_key": "f7399dbf35fcc57a9bff87b0087755faa75267788cd0921b9ebc5cde8b656271", + "encapsulation_seed": "bb5e65669a44e5d5c709bafa98c16ccba6ac2c4ae923334f69a11543eda64f5d", + "sha3_256_hash_of_ciphertext": "aac868f2299bcd272afacf50f1ab0db3d092d33565cffb5645d8b92271e7e893", + "shared_secret": "7f6085840a30c6b1fb9dca782e0c78a2264d54726c04c3127956f131165426c8" + }, + { + "key_generation_seed": "e3fc575ed51513e62aba655d24cd9c8f1c6c848aaffa946c49a53ac3ea59e474d82c2f1bf2e6aebde5660fa73356982e12999d8fdafbb3cb186341d0386dead0", + "sha3_256_hash_of_public_key": "149e0b6b49fe8adba1217c2c57c83f2b8c5f1d92f319e502b184a65869214f75", + "sha3_256_hash_of_secret_key": "6dfa4d29af6a0e8413d5591339c15d2e2cfac3f502f49acca3efb53b53624666", + "encapsulation_seed": "9ddb3aa9c7905d1a438c93bcf78e3e321813580371ab4e1289e2dbf3701972c2", + "sha3_256_hash_of_ciphertext": "ced7a64ce643faebac8ffd39c6a4594732b35f1d6899978ba192b87003d3ad27", + "shared_secret": "96e30641ea4280168da37291a3063342ced8e77b33b5415819938c0bd7264ffc" + }, + { + "key_generation_seed": "470b4943f0fe7fd0d8ec5185aba0d1db09d112934e4fb4787e2bbc6b88466e7b8b2809fd40008be70a6b184981101724bc3d5ec5e1956b510b82fd5ad0668a5a", + "sha3_256_hash_of_public_key": "29b1bff7f12eda28dfedfbf0ac16e27008c9fdc62c35e53b28a312bdc91c40bf", + "sha3_256_hash_of_secret_key": "762a61eb847c017ece920f51d5da7a9036ed8b835bfd7793527321ec635e2fd0", + "encapsulation_seed": "26d90b190a6c3d0d9a86cf66005154e7086749e966e7187c249ccb9329fd3b8b", + "sha3_256_hash_of_ciphertext": "bf49310a35f9ba7994645f12949e658b0dd43d3de76386dc20d08c650522f86c", + "shared_secret": "47e54c85cc0e2503629a8bfdcfe038c3cf692d723d462bab733c7c8e0aa37b02" + }, + { + "key_generation_seed": "6df4385db978d27b27d2aa5e452e4152b36f097503d9581ac3390105c5727e7dc95fa08ed106ce84660e8a4c90bd2b22634e40769aa0090a101c5dddad45edc5", + "sha3_256_hash_of_public_key": "b990059e901097d00e0ebaf40c5d5dab009c66798489d357e760478ce884cce5", + "sha3_256_hash_of_secret_key": "37a044795bd330e4dc60a6d84bc6e99664d1be418b0239661d2ff16d1501573f", + "encapsulation_seed": "7db6d1a129d6123f1f805b79ad3b413012ea86aed42a05e98e7b1f32f9fbbdec", + "sha3_256_hash_of_ciphertext": "329115908d0763110a387c99778e4746861e80367ee90fd821cda9acdb93fd64", + "shared_secret": "8569bd042465a2c4af628425cb102b15ed4f5feee16090e2234f3a884a0fa938" + }, + { + "key_generation_seed": "dbacba825728444921b227cdba54446b3f6881b47be9cd02832f78b023b1bee0e15274a8e2bc08fe818b117ba28c5dfae74d54fcdf6f20052f79be333edc8dde", + "sha3_256_hash_of_public_key": "175eb63c3144108548720ce7ee0f43a9ff3f52a9924efe9f2f59318bb93c86b5", + "sha3_256_hash_of_secret_key": "1993d7639b79f5e4871a7c58a69fec50f96c1424c2c0ee030ac054ae1b88a56f", + "encapsulation_seed": "1d129b27be7384c359d04311fe5c44917d1fde4bfb57314f483ac617edd5ac49", + "sha3_256_hash_of_ciphertext": "8f4225838f2964a986336bacddc40836a98c32cca68c6afcbcf9ef68d9a3760b", + "shared_secret": "c184e0b019c2db772e2c1ca6f97f47478d99cf0c4c5ae1406f51d15815022123" + }, + { + "key_generation_seed": "690eb71fd7052b906eaec09937a8ed374e0b02afa27c2f14399932be5839fad281c38c2cb5cfafac81b96a810ab749b61806b6d54c9f8cf4bf1be0192423288f", + "sha3_256_hash_of_public_key": "9bc32a138a2fb5b6072464172abe0fd97e9eabf357c3fa5391d94a415b53abd3", + "sha3_256_hash_of_secret_key": "3db4ab1393cfc8b1c708cf8efdb1c443c975878898b60182c22af66375cba13a", + "encapsulation_seed": "bbc773ebd2df42c36ae05952d6a64c63a5dfb82ceb3ef4f8d4df3a30ec8c0467", + "sha3_256_hash_of_ciphertext": "f1c85f9530d4471eb1401fcf422a29533738c485a6be25f0b554ebf40b49d49d", + "shared_secret": "6d72e23c8a4cc60b2f14adc788a5c480033bbf6eb111070912bc83ad7b89280b" + }, + { + "key_generation_seed": "32e0ea9089fa928482c0770da545af1bb871a03ce38604138b0d08ea2a10ca2bc06c5bef7b6508409daf847a64c8d30d0974fd3ba7476dc76c46b458a036d884", + "sha3_256_hash_of_public_key": "7ef43a72ef04766f1e899d25c9a005009c788b5faf985123cfb3fb97975de26d", + "sha3_256_hash_of_secret_key": "77431cb18010a604d56fe5a623bed2ffd028a741f176fa09546e9a45a48caa5e", + "encapsulation_seed": "5b17a6adad541efcbf5ae4b0c0452cd2ce32e4f0f8701801c5b63e197c1fcbf4", + "sha3_256_hash_of_ciphertext": "83ddab2e25614544649a1e497b5b21c40a3e154e8a22c270f63cb0c40aa868fd", + "shared_secret": "29e6b1edac0a9aa33066c113167e42c64d70215ed04963d8be2d4c2dcd0f6589" + }, + { + "key_generation_seed": "6fb2ec719f2a0dea152bf3f64b9d148f8ab8ba88f64e61f5db53e12d59f525574f797c007e4061f95c7d56cfc7ee5c49e849dde3fea8f25e7876df2a18515c34", + "sha3_256_hash_of_public_key": "2c0db43f39b672b2cd912f907cf76a0f6fda925eb2d205546431be0b37b20411", + "sha3_256_hash_of_secret_key": "09844e203f4d8fa30728ab388b9d654847febbf5c9cd939cdc11c9c9be24ce9c", + "encapsulation_seed": "61ab87659525de9656af41246f20e1dbe85c24e335e7ecf9493f46168bc14e94", + "sha3_256_hash_of_ciphertext": "a2108ea2c446b566a50c228928893e2e4bde5fafb2184af92eb1314113bde0d6", + "shared_secret": "cfd1b82181543656807880f6e2576f0b095bf84629b3367e9bdede24662ee42e" + }, + { + "key_generation_seed": "527fb88c8bd9a4d6031dad15e63878abd2b559e7e08d61f69e8e78fca964ee6ae32d432b4f9f751bde0496c580a181ffed762aa35454a02d3f1f47ee0394c89c", + "sha3_256_hash_of_public_key": "aae8e61b905723fa092fb95b839f6de3670c39ce0498c27b87d20c24e7f64e22", + "sha3_256_hash_of_secret_key": "3880f7ca8fc33575a7a6d8bb46fec86a3f12e0068630507ed245d8bc278fbe5d", + "encapsulation_seed": "eca2adc3da1fb15f34033405ec08ef2f46163df4bfcccf8842c600ce0bc2026c", + "sha3_256_hash_of_ciphertext": "ec48b3ec403609a0ce2d1268cadda8184ab9629cc5913135ffdecd420eed1aa9", + "shared_secret": "f7331b0a4674969838482b7184fa92e5246f11f5b5e284c3e179effff7eb6329" + }, + { + "key_generation_seed": "ac6fcfaeeef795b6ef9e062f02bf42975fa01e7d91ba832f74e05269a72684d05aeda108ea4d6c6bc0fb958286850422bc357ca67b83c986048e0d0087fa11ec", + "sha3_256_hash_of_public_key": "64e085f67e48f00a7a7f82963e8c67176bff839a54fa1008328c0612f98d83d3", + "sha3_256_hash_of_secret_key": "0bfbc25d9df751f4c30907095eb6d9a75ed07fa23218ad0fffc469f0e55553c2", + "encapsulation_seed": "c4f15bec2d7701339d0ade4835193bea3632edcf89e74992620d9eb623a0d0d4", + "sha3_256_hash_of_ciphertext": "fb74b727ad120c18915dca475f3082cd34ded7ae20a308106384ffb5caa029d3", + "shared_secret": "c89d62938a5caabfd5b30d82ea88aced52ef5f8ec0528e59a654e1f6aff1cc2f" + }, + { + "key_generation_seed": "ba2fb9318d4dbe7488057c33e95e6f054583a2800c41bb83083c330a914a12cfe63f8ffda3565c2424c89b20974b748a65a5aba75133fcb3156dfb6626a83bab", + "sha3_256_hash_of_public_key": "8dab879de09b58d0fc7ade140393ffb5343abbddabdc118fad519b14436a964c", + "sha3_256_hash_of_secret_key": "7c53072fd98ea7bd8c5e873688b1a5650fe7e11c791407ac8c118b7958cf414b", + "encapsulation_seed": "28878249e2ac2b6263422993923a0c8bd05ce56e385ed13c943b03d226856947", + "sha3_256_hash_of_ciphertext": "a1f1579c4ce8eb725e697623321b3d9f55f4b1d0def10b898535ef6614e9923e", + "shared_secret": "204d9272682710b52fb39b1176af3ff737848978770310df0c67996f6cb596c3" + }, + { + "key_generation_seed": "aa6dd1e5799cdf7af9c4fc632b3eb9d51d66e85c8e0a21ec98664fc51ab63c7dfda268813efab5204efa60f78bf81d320d01ac09ac06244f7afbd2d80fd356d9", + "sha3_256_hash_of_public_key": "919a696301240cd6129f66be58e19d99b0d827d9932785cd9ea3d92f7ba54463", + "sha3_256_hash_of_secret_key": "cb1d7301f15951883cc3f287d4dd8fdf5c9b7022f558dff551c2ade5f5065755", + "encapsulation_seed": "17fc65f7fbd7c75ceec421dee84dff5a8cb22764a182db17e0ebe857f54d60eb", + "sha3_256_hash_of_ciphertext": "f02654803493821dd9c2ed23f9e46a36addd5fca0da706bbeeda87a2df9fec4f", + "shared_secret": "76e5f7623e3e867fd12f28dfda4311f7cd90a405b73e994e857f693573fd2b8a" + }, + { + "key_generation_seed": "195d6c86a3df4c21e3007d7f2768b43c74cb3060e0eca77f0a5d3271542b9a84ae77e0f9f21eabd8c0c6eea7767f4e10fde5c2d79b8400bf96b19014b457ec21", + "sha3_256_hash_of_public_key": "cb6d7232426bdbdfdacd373c9190722e7bf342825f7d829185dcc9120588fc76", + "sha3_256_hash_of_secret_key": "a85e24cc2eafdfe40d82f46471112e1359628b9955f3feae9955b48d563ac952", + "encapsulation_seed": "fa0489f3730100609488e951e6aaa15c0f193bc1dbcfcd013bc418d6c507b176", + "sha3_256_hash_of_ciphertext": "17336b9ede3a1c26abe725828a5afbe746035a73dfd4a8fbde5040fbabeb2b8d", + "shared_secret": "874ac966970f29935db73c231e71a3559b2504e5446151b99c199276617b3824" + } +] \ No newline at end of file diff --git a/libcrux-ml-kem/tests/nistkats.rs b/libcrux-ml-kem/tests/nistkats.rs index 0089fd7f6..eb6ff2754 100644 --- a/libcrux-ml-kem/tests/nistkats.rs +++ b/libcrux-ml-kem/tests/nistkats.rs @@ -64,7 +64,7 @@ macro_rules! impl_nist_known_answer_tests { #[cfg(feature = "mlkem512")] impl_nist_known_answer_tests!( mlkem512_nist_known_answer_tests, - "mlkem", + "mlkem_ipd", 512, libcrux_ml_kem::mlkem512::generate_key_pair, libcrux_ml_kem::mlkem512::encapsulate, @@ -73,7 +73,7 @@ impl_nist_known_answer_tests!( #[cfg(feature = "mlkem768")] impl_nist_known_answer_tests!( mlkem768_nist_known_answer_tests, - "mlkem", + "mlkem_ipd", 768, libcrux_ml_kem::mlkem768::generate_key_pair, libcrux_ml_kem::mlkem768::encapsulate, @@ -83,7 +83,7 @@ impl_nist_known_answer_tests!( #[cfg(feature = "mlkem1024")] impl_nist_known_answer_tests!( mlkem1024_nist_known_answer_tests, - "mlkem", + "mlkem_ipd", 1024, libcrux_ml_kem::mlkem1024::generate_key_pair, libcrux_ml_kem::mlkem1024::encapsulate, From 5c476f4937be3fc53e2f852cbbef64f4626ae706 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 19 Aug 2024 16:50:04 +0200 Subject: [PATCH 071/172] IPD test vectors only for the old IPD implementation --- libcrux-ml-kem/tests/nistkats.rs | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libcrux-ml-kem/tests/nistkats.rs b/libcrux-ml-kem/tests/nistkats.rs index eb6ff2754..744a0ce14 100644 --- a/libcrux-ml-kem/tests/nistkats.rs +++ b/libcrux-ml-kem/tests/nistkats.rs @@ -61,7 +61,7 @@ macro_rules! impl_nist_known_answer_tests { } }; } -#[cfg(feature = "mlkem512")] +#[cfg(all(not(feature = "pre-verification"), feature = "mlkem512"))] impl_nist_known_answer_tests!( mlkem512_nist_known_answer_tests, "mlkem_ipd", @@ -70,7 +70,8 @@ impl_nist_known_answer_tests!( libcrux_ml_kem::mlkem512::encapsulate, libcrux_ml_kem::mlkem512::decapsulate ); -#[cfg(feature = "mlkem768")] + +#[cfg(all(not(feature = "pre-verification"), feature = "mlkem768"))] impl_nist_known_answer_tests!( mlkem768_nist_known_answer_tests, "mlkem_ipd", @@ -80,7 +81,7 @@ impl_nist_known_answer_tests!( libcrux_ml_kem::mlkem768::decapsulate ); -#[cfg(feature = "mlkem1024")] +#[cfg(all(not(feature = "pre-verification"), feature = "mlkem1024"))] impl_nist_known_answer_tests!( mlkem1024_nist_known_answer_tests, "mlkem_ipd", From fd117a0f1a3c6521589bfd6b56a011855cc4eeb3 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 19 Aug 2024 16:50:52 +0200 Subject: [PATCH 072/172] Update C test vectors --- libcrux-ml-kem/c/tests/mlkem768_nistkats.json | 802 +++++++++--------- .../cg/tests/mlkem768_nistkats.json | 802 +++++++++--------- 2 files changed, 802 insertions(+), 802 deletions(-) diff --git a/libcrux-ml-kem/c/tests/mlkem768_nistkats.json b/libcrux-ml-kem/c/tests/mlkem768_nistkats.json index 6a819f80d..7292c63df 100644 --- a/libcrux-ml-kem/c/tests/mlkem768_nistkats.json +++ b/libcrux-ml-kem/c/tests/mlkem768_nistkats.json @@ -1,802 +1,802 @@ [ { "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d8626ed79d451140800e03b59b956f8210e556067407d13dc90fa9e8b872bfb8f", - "sha3_256_hash_of_public_key": "d4ec143b50f01423b177895edee22bb739f647ecf85f50bc25ef7b5a725dee86", - "sha3_256_hash_of_secret_key": "245bc1d8cdd4893e4c471e8fccfa7019df0fd10f2d5375f36b4af5f4222aca6a", + "sha3_256_hash_of_public_key": "f57262661358cde8d3ebf990e5fd1d5b896c992ccfaadb5256b68bbf5943b132", + "sha3_256_hash_of_secret_key": "7deef44965b03d76de543ad6ef9e74a2772fa5a9fa0e761120dac767cf0152ef", "encapsulation_seed": "147c03f7a5bebba406c8fae1874d7f13c80efe79a3a9a874cc09fe76f6997615", - "sha3_256_hash_of_ciphertext": "bb62281b4aacc5a90a5ccdc5cd3dbe3867c502e8e6ec963ab329a9da0a20a75a", - "shared_secret": "729fa06ac93c5efdfbf1272a96cef167a393947ab7dc2d11ed7de8ac3c947fa8" + "sha3_256_hash_of_ciphertext": "6e777e2cf8054659136a971d9e70252f301226930c19c470ee0688163a63c15b", + "shared_secret": "e7184a0975ee3470878d2d159ec83129c8aec253d4ee17b4810311d198cd0368" }, { "key_generation_seed": "d60b93492a1d8c1c7ba6fc0b733137f3406cee8110a93f170e7a78658af326d9003271531cf27285b8721ed5cb46853043b346a66cba6cf765f1b0eaa40bf672", - "sha3_256_hash_of_public_key": "2cedad700b675e98641bea57b936bd8befce2d5161e0ef4ef8406e70f1e2c27c", - "sha3_256_hash_of_secret_key": "0a84cc895da138b944accbef3ff1a0004b8a0d8af5d426d2b82ea4c0e585cc6a", + "sha3_256_hash_of_public_key": "7b00751eb9b1253231213f8a14f06f0fe1b7a4fdb7d1cfe44c161e577e5e8f0a", + "sha3_256_hash_of_secret_key": "3a8c009e8e648ac572d5592e4a92907fae0c1767be41c544b59dc3ffe61f7ded", "encapsulation_seed": "cde797df8ce67231f6c5d15811843e01eb2ab84c7490931240822adbddd72046", - "sha3_256_hash_of_ciphertext": "c15158a536d89bf3bafaea44cd442827a82f6eb772849015f3fec68a29d589dc", - "shared_secret": "c00e4ede0a4fa212980e6736686bf73585a0adf8d38fec212c860a0d3d055d1c" + "sha3_256_hash_of_ciphertext": "bce1bf3450f574130b9561ee11565fa41d599d05d2136f10ad2c013eb5d13ca9", + "shared_secret": "5f0c5d9f39d3e724b5a2bd54e69e360f72ffab5d4d6cc5e572fecba80acd4796" }, { "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345e82fcc97ca60ccb27bf6938c975658aeb8b4d37cffbde25d97e561f36c219ade", - "sha3_256_hash_of_public_key": "3dbc65b722a8982d058e27d409f04f744551ecde9015b62607cf67bb8ececbb8", - "sha3_256_hash_of_secret_key": "0ffced333b5d13fff22b81e66d57b6e2a6dba0285fe2a82d5537df51a8d3eac3", + "sha3_256_hash_of_public_key": "9bda55b63cffa9bf953993918b18cd6595ea6433b479e89b5cd3c9339e4468cb", + "sha3_256_hash_of_secret_key": "d5fc96564df6e53622b2db8295a80a44e3bad7147696e2ad1f728639c98791b1", "encapsulation_seed": "f43f68fbd694f0a6d307297110ecd4739876489fdf07eb9b03364e2ed0ff96e9", - "sha3_256_hash_of_ciphertext": "aec80e6fe21e2616352b4c148f9fa0e30986541fb0969df7873b1336b23a8de0", - "shared_secret": "8f50401bc9b1f857fd870902d4065f6cec8cb825db3eb22573c6167442b6e19b" + "sha3_256_hash_of_ciphertext": "2a8b5d9bdcac1b7ffb6d655368e15148308eee98ae34f4105eaae87f24a008a2", + "shared_secret": "7f3bcc03a35a0030255264914e5d88a0c93611c7ca21f0609678a88ca42ce1c9" }, { "key_generation_seed": "050d58f9f757edc1e8180e3808b806f5bbb3586db3470b069826d1bb9a4efc2cde950541fd53a8a47aaa8cdfe80d928262a5ef7f8129ec3ef92f78d7cc32ef60", - "sha3_256_hash_of_public_key": "94391b7a41175a41c15cd995ebc69c83b29e4bcea6c186611dc4a79578e37f4c", - "sha3_256_hash_of_secret_key": "e3904266e186b34a397014c95f6d314cd6e1c813348b02e977d0fd21d9bb681b", + "sha3_256_hash_of_public_key": "647a81f0f1b3e3dacb6e73e900f7c078cdfaa7119a5ede48c7685fdb7e0fe2f5", + "sha3_256_hash_of_secret_key": "1cf686cb8732c73a38b35d73b0b28fb120bc89cda1554d9f12adedc057862081", "encapsulation_seed": "ea74fbc3c546500ed684bed6fe3c496d3b86d2d6dfaf223969b942e9a8c95e85", - "sha3_256_hash_of_ciphertext": "39fa8e1d0a5e4bb987618734ee4903771886030b2d8bea4b5a9b0cb672ebb279", - "shared_secret": "3221d7b046caccbded38e369625f69bac60c2d7efacad8f24170b10c5d222830" + "sha3_256_hash_of_ciphertext": "1c51c85ce66d80c1f9bb138e5bce84dd75cee4260c8817e06c6f2bd920601530", + "shared_secret": "c630736985fdb7830d7446e18b6b81fa4a707a6058964b99190120de85e7559c" }, { "key_generation_seed": "66b79b844e0c2adad694e0478661ac46fe6b6001f6a71ff8e2f034b1fd8833d3be2d3c64d38269a1ee8660b9a2beaeb9f5ac022e8f0a357feebfd13b06813854", - "sha3_256_hash_of_public_key": "c5dbd68b3a8c148b2e7ac049bb986e14dd1cebfa1cbf3edd6bae85a4d2dda082", - "sha3_256_hash_of_secret_key": "b3fa7958f4b7ccb68712ae948c3f08740c8b89a69e53ad4e9959234e6869d8fe", + "sha3_256_hash_of_public_key": "811aea11a24a4b09e428415f82ee836e930c3b77867aafc5e6728149e3f2bd1b", + "sha3_256_hash_of_secret_key": "6a1ff1351c538a5661fc3576c29408c19f42da3688fa16f9ec5ead6a84420db5", "encapsulation_seed": "64efa87a12cb96f98b9b81a7e5128a959c74e5332aaab0444fca7b4a5e5e0216", - "sha3_256_hash_of_ciphertext": "ca9f95c38dc95f51b6b62ec709539f0d1e9fa64e49ce4ad10bbe62868f35cfc5", - "shared_secret": "1d746afc4160c75aaa6c6967f4eee941e09546a039027f05f0f8a483710ac334" + "sha3_256_hash_of_ciphertext": "db4dedc1e4d383acaf974fb50ffbf881bd3938ad196fb9aebeeb1bf1ddc94e10", + "shared_secret": "41e078d0d0c4fe5df5c6683171d5c1c3f1ef152c4945f9cb299f74278ce4cc4f" }, { "key_generation_seed": "7ec408f52c9aa723d0c41d9987682a5f4ce6c9da7cd0215af60bbaf5484ab353a08ccf451b049fd51d7a9ad77ae14a81569df8c9bd3a8f1ebea86fdcfb823082", - "sha3_256_hash_of_public_key": "62e0447f7b5ae8a806b741ca5c302230b555c3786c11f3eb43894a8f45e3f7b1", - "sha3_256_hash_of_secret_key": "1a3249c268754c86d2e02ba9d87c2b60b220bf2406b71037cfaf6b089477ffb4", + "sha3_256_hash_of_public_key": "76c64235d8bd63438f13dcd038f286b9f4242070a5bec4d8990075008667aad3", + "sha3_256_hash_of_secret_key": "fb19a847c01b5bb4bc607ce0c65e50ca6869946a97625baea129c2ba07e00c01", "encapsulation_seed": "8a95d71228acaa5f9ae6f9d9ca8ae55fde296463b41083a39e833e37c4c90f88", - "sha3_256_hash_of_ciphertext": "ec7bb1327a69aeaf626a76d344be1156eac160262128a64477a194805b926233", - "shared_secret": "722fccef7142c46f74eb57a10b13e420d6554e9d18507f660bd1be96d3cebbcc" + "sha3_256_hash_of_ciphertext": "c8c63c879a7a803db4e5779ca5acb1f16f5c86c38258f583a9f1e43303ff36d0", + "shared_secret": "7da491b5623a43ae17160a54e45e8328453cfe1acc692a1e300906ebd2a1d9b2" }, { "key_generation_seed": "c121915bfef6abdfc177dae2f5a24218f9abda2559afc6741b08e0e61ab433eb84ef52db5eaa6df8ec3a0bc5ffa730db0dde8c5f38f266d5c680a78d264a7b96", - "sha3_256_hash_of_public_key": "0c1d832af7b7282d8bd81a2237107ee60d81e28eb64d6a153ae0eaa1a25797c2", - "sha3_256_hash_of_secret_key": "fd6b5d3f120ca009871ca24552a6118917ea882f12f30dc8097f6614d9d36080", + "sha3_256_hash_of_public_key": "ae654e4412fd220548280b7a6ace9f2f0bc7b059fc103060346e53bc3c3161d8", + "sha3_256_hash_of_secret_key": "9088118150f9137e8ed76eb5e3a706f66f31c570fa7f0dfe75c0e81c4540878e", "encapsulation_seed": "90d79d75d0bbb8921cf70d46bab497022a8e750efdc99e5f1bae653275441c7b", - "sha3_256_hash_of_ciphertext": "da36cb6137a777acb4afbc0932811f75ef1d6732031309ae7e2de1543aaf5c2c", - "shared_secret": "ee7c5fb6a63ace944e1eae1bd4b182263d918754c33753b904853551b2b46cb8" + "sha3_256_hash_of_ciphertext": "2ce235a49669184efdbff64176f93017127735170c2e1c1b159fc746ef30d18e", + "shared_secret": "eeba3c0571fa453fcd9f7f0d6baeb75d59ec9854c12846089d65bd8dadf9f6b0" }, { "key_generation_seed": "d86634ecf96cc2603761e284c0e36734cedec64e7ff486469e38539c71141c5a99daf37400cfe59841afc412ec97f2929dc84a6f3c36f378ee84ce3e46cd1209", - "sha3_256_hash_of_public_key": "2b757ac0425152bef72ed852ab1eb44f4359499407bb6a020ff843a31657c5fe", - "sha3_256_hash_of_secret_key": "27dbbc7918c31e9ab57808f439c4f4189cc318a62422457f4fed733be959c816", + "sha3_256_hash_of_public_key": "6ecea55c3d5c042d2dca3a3925faaa9112561827dceb0754580814a84be19b87", + "sha3_256_hash_of_secret_key": "33448769334ee9aa43d7ac22a003d9ae89a1ef5a9765deef2946c91fea0a1a5e", "encapsulation_seed": "be8a32f97b9a8d596382c02fa2a0eeebc15c083e970ddaa4f2622b91d6718663", - "sha3_256_hash_of_ciphertext": "85efbfd0b096fa921711ea66b17bcf7c9a6240711b38a88830dbd9d716f07195", - "shared_secret": "77cfbdae47854e9e10765cf397eca9ab2bf2b7522817152b22e18b6e09795016" + "sha3_256_hash_of_ciphertext": "14540bfc038f3eb76f418a8851513054a998e16a06f97c117417ae0a35f90e4f", + "shared_secret": "8bf57e5d1ce24e9942b1b3f456d184d4c0937b9b699e69c6524e93e140f39c90" }, { "key_generation_seed": "0610678ff4dc3128e1619f915dc192c220f8fad94da1943b90aaec401683a492da1804ddb5aa9b1c6a47a98f8505a49bae2affde5fe75e69e828e546a6771004", - "sha3_256_hash_of_public_key": "53b9d62e64f9069d9fb94ea2c0806459b201531f4fddd708d162981cc1fb3757", - "sha3_256_hash_of_secret_key": "f4b964b7ab3e09fdf3d91527da06a4d29ef28344709a41739ef56f18bd5b984b", + "sha3_256_hash_of_public_key": "576cb9d31e5146967756cf7356926f2e20fc7c1fde9954cb2f593d96a80ab860", + "sha3_256_hash_of_secret_key": "2031c133d7d85e616d932c6204d7ec0f3bd0303ec609e3c7c08092e1ea443972", "encapsulation_seed": "da2cfaf69e25b2a89ff2557bbb6f69e01d8e2e7bb27a7a1ce7e40fead16f33b2", - "sha3_256_hash_of_ciphertext": "379a57a8f19110d5e0d747a2c184877d71f00fea95cd815b4c0e8782b12bec6f", - "shared_secret": "8be7a417efbdd3587c6f82ddd1d29956789d28c2413b8383590c5b80cc53e04a" + "sha3_256_hash_of_ciphertext": "20e06ce25d864f8e7a80a19e23cee6830575a072476504fd10e37b296ef8de73", + "shared_secret": "2f714d31bbc778518e2b67d264065d9731c12149cf931211e649addd6daf0b92" }, { "key_generation_seed": "d322d56d8ef067ba1f24c92492b9c56df3a6ef54a304adc1b69913766a1ce69756047447b810cc094d400ab204cf9ae71e3afa68b88586ecb6498c68ac0e51b9", - "sha3_256_hash_of_public_key": "9cfeca12dfe978bf0b7ad7271487cf61b2b8f7c60f389f33fc18439a95bcbb63", - "sha3_256_hash_of_secret_key": "a2e37a55c9b80fb423f40585180b011f32402d0320259285b6e278df6c20ba60", + "sha3_256_hash_of_public_key": "3e9976d61a687df88a8abcc6651446b81b7d136df42bfa03473c84dfd64fdb3b", + "sha3_256_hash_of_secret_key": "5da40cacace6fa3712e49ef6700cd819aeea88264e6dc996681fff43d98c9830", "encapsulation_seed": "511c2ab40782322c06111e144e505328c4e5bfc890a5980a2bbc44aeda4c738b", - "sha3_256_hash_of_ciphertext": "44053f01ecb88811b9ee7a9ddd4234f94507c7cf64b6803b28c54bc605ec4e31", - "shared_secret": "79fcd201101e7e277c1b6cdc4475d63ea1dbc42ab94cf873bf0163c2aab0b5ff" + "sha3_256_hash_of_ciphertext": "48ddf3c7cf3f02af111c71607e93922176d0173ec63e890235fe981412824edd", + "shared_secret": "f2c29a0a4782d83f2073c7c37d90556b1a005f072f94063d2db8114430f36c8d" }, { "key_generation_seed": "2f1d8a3bebb34540324b9485fdf3d5be3b858f544abc3fc641b5728cafab03ba8d6c42e7270ee2b77b6045385f3d175984a0e260363166c73b0c70c971644363", - "sha3_256_hash_of_public_key": "9aa64a30bed5aa8300772066ef577f79bf4813e3315a15f2c28b2665e4dc7e2f", - "sha3_256_hash_of_secret_key": "837eb6ce037f235273d7686fd9d01bea14026e0a0f5f943884f18409cc4bc70a", + "sha3_256_hash_of_public_key": "c0cfd4113c5edd408adcd03d38b12f0b6ac17525c618d6d151a761a9eebc2635", + "sha3_256_hash_of_secret_key": "2c6ec490ffd55e0a744f3c506a497cf4af575cce6368bdc3b3bdbbae733fe7b4", "encapsulation_seed": "dca92dbec9b260dd97e8886f876862d6effc3b91fcf3fbc986cf56ab93ae79a2", - "sha3_256_hash_of_ciphertext": "02798b5af1a76a2b478ee05c630e62618e5e2d7ee0c411a82ed2bf888706fe28", - "shared_secret": "6c4484b6d7b0a376f52abb1811c712368a9f34bd108ffe7ca31c36a6ec8140f3" + "sha3_256_hash_of_ciphertext": "b6ba4dfdae02842f96b915ea0ebd1c97972c170cae975c89c5fbf26cbe9a52d0", + "shared_secret": "13c99ded4db3e6618f5927d58c89afbe83c86a86ac2073421b2560b3f8be5aa3" }, { "key_generation_seed": "31beda3462627f601cbc56f3ddf4424e1529c04737ef0ef2af6d7401f653b8a1812083bfa3b670e3eaf9b443702fb6db16ac1197656bbd61a8e25ed523b8d1e5", - "sha3_256_hash_of_public_key": "241e5c7b836862d7482d507973ae3fd8dae96eec4ecebcedb68fbda75e04b401", - "sha3_256_hash_of_secret_key": "95c79c2a867b3e8a4e4e545ff626cd49893b8e87eb188ed1516b159a24736c97", + "sha3_256_hash_of_public_key": "71c5534bb819e61a9d8a257ff2eb29598ae92eccfad38abbfc9bccde5ff95a1c", + "sha3_256_hash_of_secret_key": "107c5ef0842d1dfda257138d681ad7e1390e12c697111a2c804d8f014361cb4f", "encapsulation_seed": "57c170e691d7a914a901b9a11c62b8b569b3806427557a9dbac9faa720ec3641", - "sha3_256_hash_of_ciphertext": "cf3b2e2dc822949eb13638299fc2d5102c7132aa6cd54dd7834b13f05a4dece2", - "shared_secret": "8554d6af350f13471cfd45c23882e43dc81d8a094f6299e2ad33ef4c01a32058" + "sha3_256_hash_of_ciphertext": "671e3c316d4d8411237db4383fca82f76692867e9f6d15a2b82b17d934392341", + "shared_secret": "83302cab48eb0832bd8df0db3fce81595754772e4c951c444a1b2ee9f58c48c1" }, { "key_generation_seed": "cbdff028766d558af4466ef14043a1a9cf765f7748c63cc09dceb59ab39a4e4d8e9a30597e4b52ffa87a54b83c91d12a5e9c2cd90fcac2c11b3a348240411a4c", - "sha3_256_hash_of_public_key": "6ad1d739f1598a16c608a240cd13dfaf8263d74866315e2898a3431cf19e4685", - "sha3_256_hash_of_secret_key": "1ef733faa4f2cb53cb5d8975aa6797b5f37fd918aeda02178a40584475cdf667", + "sha3_256_hash_of_public_key": "4b53b4aec0d9f86a6377c63ff80150e40fc5347714c07591dc71c6beb8daaafc", + "sha3_256_hash_of_secret_key": "ed13d2a9ae5541b3fbfa19891b8c8a9f4f0957d940eb5d08ee0cd18cfb28e7a4", "encapsulation_seed": "6b5a14e1473abf5a33d44975ca2088bd8fa6fddcb3f80e8fd5c45b9d90c24a5c", - "sha3_256_hash_of_ciphertext": "1706e6983032950b47cb6c8586178b42d515ce929c1434c1a8c9e36d8b4db7a3", - "shared_secret": "f9646f73de3d93d8e5dc5beeaa65a30d8f3a1f8d6392190ee66ff28693fbadfa" + "sha3_256_hash_of_ciphertext": "b83f6022179a08cdadda2660f8cd7cb70df4be0be3ad85bebb090d086079b1d1", + "shared_secret": "93ce6d06568d795c2a28d1196f53cbaa2cb05df1427ac76f44df09d479e14241" }, { "key_generation_seed": "4c04310bea66305c6ca8ba6b8f61ca96257a67663afc11761f13fb5c7b324b6b8aec87a9a79204cee2986867a2906eb851b734b8b22b91d6749b1a5f07c44e3b", - "sha3_256_hash_of_public_key": "9510a2a0b4fcbd414fc61aff04a8df579660d14b13c40ec0470c45f639b65a58", - "sha3_256_hash_of_secret_key": "0bcfa8078582f60e218047d0016437601da8431f34ae6da12921f53958f32819", + "sha3_256_hash_of_public_key": "c2d52d0c837eb40dac0653a5e862d9fb8b832629cece9eaeb6d5feb48b6ef5da", + "sha3_256_hash_of_secret_key": "73ee0632229d740dd746e3ef7f0f1c29944dbc2d8f39b7860807c41c18bbb3af", "encapsulation_seed": "40e593754e6eddb7f9cf176ba2d5fd1087c90ad377556d0b0f686537b1a3165e", - "sha3_256_hash_of_ciphertext": "f9341d26e39b38a88ddef1708c96ee2068f569a59a4010745730d8290d637718", - "shared_secret": "1ee252e97b69445f7f109187645cd2879f55e10eb8361ab43b3492ff51f01815" + "sha3_256_hash_of_ciphertext": "3685126e86797a881f3bbee0eb85b76d755ff03858735c326731b8d802f023b5", + "shared_secret": "071db527a2ee8ce982527cb19355793859bb8557e7cc99dec58a53153eceddf4" }, { "key_generation_seed": "38a0d5f41d7dc1896efd1b45b0485634cef149828751b96087a0a6dd81b4d58aa2acf359556df4a2abaeb9dcee945829beb71185b4d6bd18b76e5668f253383a", - "sha3_256_hash_of_public_key": "cfbe9649d9d1c384baad67b91b2f3e21f2fadd6bb582a0b9cb016051dd82c75a", - "sha3_256_hash_of_secret_key": "09b118f7c4d059baf27284d127d4e85d55b84e4c92bf3127eeb318d2f5765401", + "sha3_256_hash_of_public_key": "4ff02338c9bb711d263140c471409f3c42813f38424698563d9550f85a168f2d", + "sha3_256_hash_of_secret_key": "3c89443dab5ce46f82f6b8260af0293ea52a680f1c4fe5e042f0aefb707526f3", "encapsulation_seed": "c152523abd8248bed40c3827bcf0f8e8127037a55c780695e2c28ea3e041a44c", - "sha3_256_hash_of_ciphertext": "94a8c287238191a107e74e31ec099086d83f198e6b0f3321da4d8f46ce01a0b2", - "shared_secret": "1e1ea5d6a18873c5c7fc8da79093f6d3db5b28fdd0aaa42726ad130c78e9bb88" + "sha3_256_hash_of_ciphertext": "b20e28f42ee5cf5569f1833af90334952074dd0ea0c2520f03fdf0fb24c17a64", + "shared_secret": "598bd66a4a063652b2a6b25b8d1c3bab0251682ce6c362a8c680295f47f3d6d9" }, { "key_generation_seed": "97b5665676e59e3538ebadaa8cd50df1f9fda1502d9894c616a946078e56b621df05318b5f655efe36f1b678cf4b875108a18db2fa312261caf839f84bd956c5", - "sha3_256_hash_of_public_key": "a19c2c9c907b129d01cc44a95949121c39534cc98b6d105e60fe519a000cc2ae", - "sha3_256_hash_of_secret_key": "f1c00070780a7a2ac5b57ff3ff765ca75278bb661d1635cac92792f9454fe8ba", + "sha3_256_hash_of_public_key": "bbccdbce67cf49fea044df5c767996681dd2714937d31c822f3c58cc34785aa7", + "sha3_256_hash_of_secret_key": "64fde53d297945ef2a0af6ddd044520cff8ec1388aa471e47ba4299c2cd46da4", "encapsulation_seed": "ad6466dd59f26b762fb02b19eedf5f79964da68bce0459b91c3a6ee5a7e01183", - "sha3_256_hash_of_ciphertext": "56e0b8ab3b302fae682938a45d9931e092d78877d1f8834bb43cd5c85582a205", - "shared_secret": "24619bb17c912fc992bd8272969cd5b6fd6b030122ee5af9365cac8b38e569fc" + "sha3_256_hash_of_ciphertext": "6f4cde00d3775858761742957833fe632e3d3082a9a6180477291bc23b682674", + "shared_secret": "92bd980f79cbb34c67594c6922549b99962e54d388034ea61f892fe250581c4e" }, { "key_generation_seed": "ef99224a03a85a46ef115474ec5b5d620da6795d6efcca4c9135d19958a9de62df7d92dda83e6b2ef4cce08c9134563063068a196d7b1a1a13623e48ae12528e", - "sha3_256_hash_of_public_key": "e4174b6e7542fbe80ab2bc06dfb802f691aff147ff90332d5ea739216c18d872", - "sha3_256_hash_of_secret_key": "f3f3a292f5cf01d6f7266461c9e8cd44bfc8f17e16035ab8d10af8177f389b86", + "sha3_256_hash_of_public_key": "3ef3581d438af7dec621304e0091f797346ca18a41f39401e9d03200ef48beb6", + "sha3_256_hash_of_secret_key": "299a76e97511d90f7925100db418472a9c3c12d6d48acf03618a6960998ee733", "encapsulation_seed": "1a4d5dff5847cfb48333e33bb00ca7301b144aa89dcd412ff5a3b1081d775b7f", - "sha3_256_hash_of_ciphertext": "5f878ca21c8c27ae9c41c43aaf1f3a2af62c73296e165c08b88c5b22592867be", - "shared_secret": "a990af801ddcf2009c82fe657fe3f068bae7e6bfc661e3e588354ba7d1b176e6" + "sha3_256_hash_of_ciphertext": "4ede793372276800e22c1893ae554ce0b53e413fbbc3595e69feadb2e1f6d57a", + "shared_secret": "b7325a08fa617e19260264bb02ed6b8ab2081589fd5dcc1e92b9d0d4ebfdb6b6" }, { "key_generation_seed": "b12f6fd965ea9c5b947db80fc60c83d5e232dca82e7263027c19bd62e5a6ff550f6aa3e88f7fa8a96067f8cdaeceeac90c2d0b5e277e56e9c405ec9420c30252", - "sha3_256_hash_of_public_key": "2006a70fa33ff4a65b00553734c5bd8cca0a65eb3a115d96b8aa90f8fdc5f8f4", - "sha3_256_hash_of_secret_key": "7334d4a1755e1e639b3e9eadb5996cd910b55d1de5790469f229231d3bfb1528", + "sha3_256_hash_of_public_key": "fa06bb0ff42f4d610a7b3df7544d66b97a486967cd9b62ba0142ebb10b8ee4ee", + "sha3_256_hash_of_secret_key": "4dcfc0ce12c4e87f02c616a8fb18c359cae017a2f8d339623a174dfaebfad98f", "encapsulation_seed": "34f44ec2092eeaf686f2ea170591a98527cbb03a4fa9477a7aef6b41a54feeb2", - "sha3_256_hash_of_ciphertext": "c2079637916c089b2afb9d6e9c6fa51308ab7720d5c2fca484c34ce614a14fc0", - "shared_secret": "11a2ceaa0c77f0602c4b2be3499e6df6b0339d9de90d04b2b12829f4758afaa5" + "sha3_256_hash_of_ciphertext": "591bf77f74463c50a4ffbe97c892e11f3cf7601813b7ad83b17038a173e21442", + "shared_secret": "b400082a764291666c080ae9ea9f22c383f3c1e87b4cc56775a19c8ec29a4157" }, { "key_generation_seed": "9f52af92ca165fdc38788f2b59ba02e01c8281ff7c1e60504688043a5fe814b04f3029e1be4e1c0258c3a22ff5b50b2674cc094ba7018da2a61569845c17d26f", - "sha3_256_hash_of_public_key": "631e1de2556ae65d57e600c21e8e355a4ed586d667177ca0b7545cb5a23d669f", - "sha3_256_hash_of_secret_key": "3d4d2c680a1e6aa83861ad95043ded260e720ae80060320feffa309b4281ba3d", + "sha3_256_hash_of_public_key": "86538ecdf65b7a485b73a34a72193af1ea3f884d820463601c7f843672bbec7d", + "sha3_256_hash_of_secret_key": "70e91b44585ed93e802868e0bfe88f68995f3c85d25c2a36b0b7d8de7c5e2f8d", "encapsulation_seed": "6250c81126572eec2da330271db36ee591f060fc7e53eeefe2e1c476c675fa33", - "sha3_256_hash_of_ciphertext": "2e9d6551050e32e204d7c062a4c18b8abdb91346e9f2c2708776827e0be4c514", - "shared_secret": "7571990ef1ef7e15cc920318fb75fd38c4ceb9abf7a4b1adc2175f99d1a0a275" + "sha3_256_hash_of_ciphertext": "83754e315ef22788354c1ec632429566929f9bd53e77d1d2cb52005274f64e1e", + "shared_secret": "03c7470224ba22fde280005d9a8f8354c49459e9a168cc282f9d41f4f0d2da2b" }, { "key_generation_seed": "851ea90fd3854cbf28fe39fb81f68e4b14345cf0d6eee7ec4ce772513df8410d1c0ec046899a777655233e4e1b5ca44e9afbdc67964bfd5d5e3dbb45e60d03cf", - "sha3_256_hash_of_public_key": "87f3829eff562789b3e19fafec92e4b5f95b45f3786f12d9c24915ca484a49ce", - "sha3_256_hash_of_secret_key": "9aa6c0546cf02085e2b3af65a7d7fd32d0f6d8080e1e7fbff6c39bcf3086ece4", + "sha3_256_hash_of_public_key": "27757389a4a68c898dab92d0f63c3340dfba51e00312a05e721932b95b11f6da", + "sha3_256_hash_of_secret_key": "b43f88e419ae589b85bb0ec6c9712d4870dbaf35d4c96d06ef0f8b9753b60034", "encapsulation_seed": "35d470bcc5880872754810dfb3f2796da2fd7f397537146f6488c27804072b34", - "sha3_256_hash_of_ciphertext": "14da42e207477f4383faf4004e58675f0380e7d621421b3c36b877acf3a45d5a", - "shared_secret": "27ba4cb50ae44cd938585e0a4905d76053dd851e5b6af4fd787446079aa5a4ab" + "sha3_256_hash_of_ciphertext": "0eb3d2bc103f7801dd8e002c6cc81bbcf11e070f465aba9b0b725fa9454acda7", + "shared_secret": "c31f7372e8c194a9589042477f34da3a60d591ea65e13bcccc07ba59402ede6d" }, { "key_generation_seed": "d304c9389cc973477f169788abcb9d511f843219d246a9b587822f422a70c2386590a2e5c7ed86cf2c5c2a898662bc9a81418720bbb632ef9cf0b845ed052d73", - "sha3_256_hash_of_public_key": "699fb2f061a75f111f4a7a60195d9045dc01716b6502cc107cbcedf122e8f619", - "sha3_256_hash_of_secret_key": "421f16805b1ceffcd64128b1296521ef812d3a8f4c5e3875a049f8de456b021a", + "sha3_256_hash_of_public_key": "efe6e93d8e755292fa875609f2f63bd194c87e6f04db7c83d8bb1b9d868bb779", + "sha3_256_hash_of_secret_key": "f54233dfd4679cbd6eb6f18c0615745d5b4fc2fefade52d966bffab6f0cc259f", "encapsulation_seed": "8d667921c5db401a86fe1c35dfcf164a6bb2ab7400fd6a0b67eafd4a0ed11940", - "sha3_256_hash_of_ciphertext": "b2485ef56c39d468193e387e72794e0ddc9b5404c1a6d90c3b94a5f3e13ba7b4", - "shared_secret": "d17b2738213a98f29ee46747c93308ee7000fa404b9a0c1acf3f89654ca2446e" + "sha3_256_hash_of_ciphertext": "942f3cd64ed1b2675f9f9823c068d59b2e007e66d38e06a2e4558dcba7f11efd", + "shared_secret": "9dfd08dbf59350ae2308096f935c6767daeddeb2c6997992d4a02c14b0e58c60" }, { "key_generation_seed": "89a6e3be304a3518fb82b18ca730f0b359cd6ba90664a493fb4f8edaf965b9c3b6591121e25d64010c25a18676033e1d7278ac5f2d0b43a31f3a4156ae710465", - "sha3_256_hash_of_public_key": "d3413880d082f26986fcf452a84a8da934ed06198b290ada1789e74d9081a9e7", - "sha3_256_hash_of_secret_key": "7b546a42ffe6b65cd9c5b8857c2518f4f8e0bf835c894a68d1743691fc9aad9d", + "sha3_256_hash_of_public_key": "87ada29bf78a689417b645fe127d124339422be80a993e623d13bc59f3406a6f", + "sha3_256_hash_of_secret_key": "6b8d44a2a71f2901b7ea97bd24df8d46041cd9ad4f0bc5d42ca27ee44981f740", "encapsulation_seed": "ec750b3939385a3f8df868119dc76f77ca845567ef068de6ada5478a56bc78b6", - "sha3_256_hash_of_ciphertext": "8290f3c4bec7c3b93f3d26e0be3b3fbfdd9c3f5806188fcf0fa1339133f29c7d", - "shared_secret": "954af53b4add522514b34cd2ab96669a76ca13f82aa2fd70826bc8ee790ccefb" + "sha3_256_hash_of_ciphertext": "aa86248e7e906ff3072a00647cbd3f6e5d0f3a4ec40efa6deb94b2df901d0097", + "shared_secret": "03952e1a4915d112b87569d1f79a39f5d69a8dc11c96d70c529d2162a6024dd7" }, { "key_generation_seed": "d569b935ce015c85f792f8f7fb0d83c4f53b492959361dd4f75fb764d656450176eae84d11c4528382828f7a689a0d5cff87b8ca0bba97feacb39b935a8788cb", - "sha3_256_hash_of_public_key": "e6eec2929feac2a86c9dacfa6214e2e353fda2d547c3829f5678025ff8418a1a", - "sha3_256_hash_of_secret_key": "5fac243c82807d7357a61023226a7c270525d96932162ca5c09fc8f7b9ec6cb3", + "sha3_256_hash_of_public_key": "0c87bedd5c16c32cc3867910f734bdcf09869c7604a59ce36660074f561e12da", + "sha3_256_hash_of_secret_key": "a72b7d93adcbfc6d89485fa923a4b1095e3d593916496e521187224efa42ffa5", "encapsulation_seed": "74f1d52af09b12c36eb062ea7528550cb4c18a3ce8e4f4ea9fac43ae383bc925", - "sha3_256_hash_of_ciphertext": "f1b10c800a42ae606c72eaad76accf059cccc02299fbd78a5d091f183f6c3f0e", - "shared_secret": "d0bbc576fb1aa43b6e76db0e87bc4ee3fa057c31642b37f3339217a1b041b521" + "sha3_256_hash_of_ciphertext": "7a75e486cc2dd3ffab4b1072b4056de9a56b55cf324e58d3f6cfd031a0dda594", + "shared_secret": "6d2e1f456c87d5a3c79456a6d35fda52f3e9cb858f85a5f7931f532fffe26dee" }, { "key_generation_seed": "5cbb141c2763425c274f7404fe530d9116e08c33f9f200a20b011cf563a28990fc9ebbe336dc464489861db8253606971bd0a9008a433ed17752d04023781552", - "sha3_256_hash_of_public_key": "c74f3b7fa6e2ef8ce99508c89cf3c71d666ab065a262581a5fb01b2c9b9444fa", - "sha3_256_hash_of_secret_key": "5c6998a20960109a4c9808f8f8575697b2b8d18c44c7e9dff97585ae43e6004c", + "sha3_256_hash_of_public_key": "9a9a59f83fc58d7194ccc92bd78a45f97f721a1eb554499d0e4d5b37aefc23a8", + "sha3_256_hash_of_secret_key": "ea5ce3a271f5e46f925259832d187a3c893e8088b76c19c93e0e798e4320d2fd", "encapsulation_seed": "4b3a70d85f640d1a2a852fb6fe96704af56a7415a8ee4282e9207bc3a2dc116a", - "sha3_256_hash_of_ciphertext": "e9ef0852ee47744b8c3e12cd728d9017465014eef51edf83a4502cb5218cee20", - "shared_secret": "91fbc37d4749ec6175c12f0d8eb6b6a8621e693c79f85f5cd2f557cafec5e7e9" + "sha3_256_hash_of_ciphertext": "d71fc29140e8725a4c4e8779d0ad3007990e08b1eb38856cc56f522e3079f601", + "shared_secret": "5c7c5cafe1fd7f3d12431ae93815c03419ff95b132caf568671ec23bdc74381c" }, { "key_generation_seed": "293abb6d1c207927945417cf84883ef010823e11b487ed55239e466e83696d0cff8563038aad865a817cab9ce98846ba75be9363718ecf5fea538aea90b2a558", - "sha3_256_hash_of_public_key": "7378ef967195c977d43a50d03205044006715a6a8a8263d717f40170b49e6bd0", - "sha3_256_hash_of_secret_key": "30bd5f16c3f242248a4c4cddc43508bf54535958657bda4dcf105216ddf47eb0", + "sha3_256_hash_of_public_key": "bda0815dd53b263afcc1f71d2501128c41fb3606af71c5e68f0752c6d3a479c5", + "sha3_256_hash_of_secret_key": "d502e7e6df2d84e46cef88a84c53f1fddd5488accd5e1e43aed5f4f08e16a8a7", "encapsulation_seed": "26e38ac804fb5b4d59ddf747715e7e6041d875f99c7b638024b4af82d622da60", - "sha3_256_hash_of_ciphertext": "37843616c8a4f7ea9480740b6624f41650da2bb1664cf228d85d6d71a0624528", - "shared_secret": "d586b441b8eaf7d053cc96b6835f093426677a7c3acc51aaa3ddbb66dd14a623" + "sha3_256_hash_of_ciphertext": "8d4b1f3ee23ceecf073d6576609767401286da5189a1b267bff30a710a69e67a", + "shared_secret": "1427c322f72898a0fffd13f674719c9288d524bdd19e6a362533c1108e3a6d2c" }, { "key_generation_seed": "74d87c7556f2671f2d666854a4d6e073e69f35421e6e1a428cccea49c37f972ce1fb7456ac0aa1b97068f452cba64ebdc138bcf5d36b0a0fada2a3b374141eb9", - "sha3_256_hash_of_public_key": "16fe956be4601573d72306a251f69bc2181253e2417e178341fd6553303ac189", - "sha3_256_hash_of_secret_key": "873c94f8bee9fe37265d5dc0c5d3bc1c706057c7efb3cd2cd5ca9ba45498d0d1", + "sha3_256_hash_of_public_key": "e3e96e658787ba3f6ffb47de56322541a2c81f68e2825c74cb75ab01d4b719d6", + "sha3_256_hash_of_secret_key": "17f821aae147fa517cf35169f9d0b59a30ffdd0ff8f46c1c9bfffe6791392f18", "encapsulation_seed": "a319d2b8f114f1acd866478bcdeba6fd164dc4e37b0adfa8d8034afb3e197376", - "sha3_256_hash_of_ciphertext": "cc677a81c73ea5139eed8d85782978d06192715933bc5aef560e737f6d57d0a7", - "shared_secret": "409bfd9102bd4632c6b5d3610eb349fe3e3bc51e73acc78a8e994a070e20e10c" + "sha3_256_hash_of_ciphertext": "7638e455aa855489cedd385a58cad62c49ee25f60be02bbcca6d7c3c383d27af", + "shared_secret": "d399b5ff0756707f8d1a1c2a683465c9ad4899788420643d59edf78f79b28dc1" }, { "key_generation_seed": "013bab0212d04ecd54b478daf72748003a25e2cb060ba6cc50bf95c292b8206b9da0c5da5f195b80fbb99c2e8b06926074f3f604b3f6195b5a5b9737876bba72", - "sha3_256_hash_of_public_key": "633bee89571e8fc16151491ea71234ab83289426559f90c67903a36e4afaa6f4", - "sha3_256_hash_of_secret_key": "3c3cff5f49a802cec693efbfc264f6a385210b1eed20f7bc5b07b51839961d14", + "sha3_256_hash_of_public_key": "eb3fdfcc0b171aa975028f96cd47fdba421ac08e29a0044cedc29fce35eb8510", + "sha3_256_hash_of_secret_key": "d1266b01cdbc6774ff0edbe64a593a110c462d07071077faa86faa9a0aa2365d", "encapsulation_seed": "ff646071b2509e6b75790917e08e4f0b0d9f0116ec6291c0b59eaa4b583ad830", - "sha3_256_hash_of_ciphertext": "6d94a31cff4761e3993308cb3e812a4a7f04f64d02ed3b46b418c2fc16189dfa", - "shared_secret": "5dd151a8015c0b16d79822832ff4cc0da7fd38eb73b7da59bc519d4d2374b808" + "sha3_256_hash_of_ciphertext": "0ed3b8be821742190f88bce0d86f834dec2a829496c5eb5bf51bab1a8419064c", + "shared_secret": "1a0ad65924728c415ee9c92d0dcd91396665a24c59cba878050390acf2eb44dd" }, { "key_generation_seed": "ccb073c4b90be0ad746e26fb093b60c70110bd1dcbcddb566a8cffb7b3caf80e71600a8982c350df524cde514431ded7aec23576530894bcbf0ec0bfef0bb64f", - "sha3_256_hash_of_public_key": "3217d034b472a846cd317681c0f36feea187bd40e546dc4ad69c2e67fd9d8303", - "sha3_256_hash_of_secret_key": "1503bc141825d523c9505d34f50dc0a01d7bc91cdaee6b99f4a85a24ce800496", + "sha3_256_hash_of_public_key": "d046d93317dc6d0ff28990721c3f94a93024ce01b01c0ca55d634c191c4280fa", + "sha3_256_hash_of_secret_key": "bdf5539c63b463c3dfefb7978bc44a46803117ccf066475bd17d5c82fcb49c0b", "encapsulation_seed": "0584270ec26f3b9818e4af074d17b2d51037cc8dfdcbe3b140fa4fed5deebc54", - "sha3_256_hash_of_ciphertext": "a63613ccfd2ecf8aa3adf0103ddd9eeedbde3282443bcf02513b4ab87360cabb", - "shared_secret": "1c729b8e580e124e715f19ea6f2409fc6de741afa3d9919b2b8bf3e54c053b51" + "sha3_256_hash_of_ciphertext": "b0cd3d31583e15ee8a55d85cd770cc6d64ab83429aebefdb55674f382b605c80", + "shared_secret": "9104061d3dbfac187f3a9eed801545a52f1fb0c3979ca8315aa31f67775d1036" }, { "key_generation_seed": "2e889f44e28901e9ac7ca6b2fffcb124c8979401b17064d7e1d51a7e3c3adbfa0e145e44aae52cfc609e6f47fd7a6f6af877190ff52256d0ac5b05b89c3f449f", - "sha3_256_hash_of_public_key": "d1756ecfaeb695001ac490f36c4638151bee98d367fb7adf0e06a470844068af", - "sha3_256_hash_of_secret_key": "a21acea0fd4354eb0c78d47caaf93c9f2434f1cf2d6b2194871ccd98f9522ced", + "sha3_256_hash_of_public_key": "21b12640bf755e94ba06204982458a9be11e1da542ece4f3d284886800fc8e8e", + "sha3_256_hash_of_secret_key": "4e3947282ebe9f8cd652343c30dfec9a5123c237af2fbb25aca522b6bb6bc4a9", "encapsulation_seed": "51e05c7b4ca3079781e8293f4eccebeeb2f8c8b4c59468eddb62a21bcb4ab8a3", - "sha3_256_hash_of_ciphertext": "3b322134b37fe8f5d7268fb74d1634ab8b35d456a973f7b0b427fb40a93b6db2", - "shared_secret": "b95ac8b73c703ab1154152b3ac73f054596ed23d3be328fbe20f936ea95fa926" + "sha3_256_hash_of_ciphertext": "43c21d2fc350a9682e8105ed680b36a04d02579ebab292d0a05db185021dcb44", + "shared_secret": "ca249f10d39267ec3725f56b90eb2e22cf8b577116af350f3d3c1e2cf090ff73" }, { "key_generation_seed": "174aaa36410566dc15a5e62874218d7abdde0b2c0f30d877bb80b1abd5f5a0a450a7a2354f7e5cefa6f4a4e9a1c411eb9364506e9e1204a8acb3cb77fbd2c4ed", - "sha3_256_hash_of_public_key": "1b1b0a8682caf72df2e0a48513a7358edbc77a615d6be6fe2a7145be66b7c509", - "sha3_256_hash_of_secret_key": "3e214f25fbf4d1bb670a87367399e1b2a9da3491cac5a22a2c18dcc44f3f1bae", + "sha3_256_hash_of_public_key": "95d9e5b9151d87fed52e287992acb897a07b10ada1dd83409a5ccddabf9d7cfa", + "sha3_256_hash_of_secret_key": "79e973da94d9166321c476a28a98a8d03ce079c9a99d6e4f55d2e2b4de936123", "encapsulation_seed": "9eca0fe36c80fc5eba171c3ae66a5b1c923faa50b4521bb055e7bf51005c93df", - "sha3_256_hash_of_ciphertext": "a2cd589c24c4c75bc0a3864dc84a85a7f0f3ac11c8578757f8e94054a7c186aa", - "shared_secret": "8c3851393e5c5997cc95f06da96300f6dd85c041343c98db2e742aaa5f78b298" + "sha3_256_hash_of_ciphertext": "18ccc37804b42db21ae4d7e238fedf4594f3d55303dc80c0e51c748ff4906ac0", + "shared_secret": "82a3856ca48c5dc582ac25605ab0c675ad646ee19acbaaab4ccb5350a3881b49" }, { "key_generation_seed": "351fe4313e2da7fac83d509f3103caf7b4c64a4d458fefdf636785ac361a1390f072d9b5a99f9c7a0a011e4dc10f6b600d611f40bba75071e7bee61d23fd5eda", - "sha3_256_hash_of_public_key": "2c54df6e9020e1e44b11b471dea97a382a2fe8d1042565bcd51ef21cc0884d68", - "sha3_256_hash_of_secret_key": "c6bc9c9e797a02684d3ad8de47919b8d8fdbee09258d084c7a9dc963c80401ac", + "sha3_256_hash_of_public_key": "3a7acfc3d283541d985e0abd85eba5315a17d6c4a7e4f248673da60c341c29fe", + "sha3_256_hash_of_secret_key": "2fda122953c3d9db88caa36cb8d5621663fec1dd0e19a274a5d85bea7a126076", "encapsulation_seed": "0c5719261caab51ae66b8c32e21c34e6d86ee4aa127d1b0195663c066497b2e9", - "sha3_256_hash_of_ciphertext": "0cd687f1c3e0d67c46cebf93c1217ddc972ad8662dd05830db350e1292542c1c", - "shared_secret": "4b681fff6a755e1dda908d070f0d9ac610d85c73079c1022fc67d255e36f1f71" + "sha3_256_hash_of_ciphertext": "024ade86d89c33d9d38face3b92986e72c699467402fe9c5aaca0904c5f5737a", + "shared_secret": "f1e13731a14d39f474806b8c177e23e4e2301a3b839539fef9591a71e4f67d29" }, { "key_generation_seed": "9bc5315580207c6c16dcf3a30c48daf278de12e8c27df6733e62f799068ad23d5a4d0a8a41c4f666854e9b13673071ceb2fd61def9a850c211e7c50071b1ddad", - "sha3_256_hash_of_public_key": "bdcaf7b417da8b8933279b33068f6fda313826c2eec500b224cbe046abeb37a7", - "sha3_256_hash_of_secret_key": "c96e176b19f4135add434d0dd219024587d49fdb649bf470e84d9518bbfa2879", + "sha3_256_hash_of_public_key": "21916dfe025b78fc6d4dd1d1541b51cd3eecca90ae52177431b33c708faf17b5", + "sha3_256_hash_of_secret_key": "c98bada554f301506c532ec774ee112106358d0b320407fb34051a604777f030", "encapsulation_seed": "0e59f6f9047c784c1f00b24454aa4f1bd32c92ae7e626549972f86fab90e7e89", - "sha3_256_hash_of_ciphertext": "b38711e358893a864b475f35328b2450fffd5087d631844f7ab0995de2b8310d", - "shared_secret": "bbaa67f1dad879f2fb33bd4ead45aec354bc8f05c7cbea1e433509faac022edf" + "sha3_256_hash_of_ciphertext": "b2737a0bd104c46a5f861914855f498287a33076c32a4241a46cf9690181ee98", + "shared_secret": "79c5817a4ba25295cfdc817cd303f3465852b93c0c908fc4a79e88c45f3b81f6" }, { "key_generation_seed": "d8b907b34d152ff8603b73051f772daa71eb902c47b7e2f070508269d757e02e36b817736cbc5f7b1dd6eef5fe6332fb1a598f3871e5470d440fd2ea631da28a", - "sha3_256_hash_of_public_key": "61e27e954728e2e2e230c94ff009417d7372938e2c29c38af22184eed530fa1f", - "sha3_256_hash_of_secret_key": "8baa58b1d3fab8ec5cee8841c9012506cad40bf58a677adac88f1a6400506d40", + "sha3_256_hash_of_public_key": "8f62011fbd5a1c10713d42a00a79ae7672e5e321872971f24ff71ed754178d63", + "sha3_256_hash_of_secret_key": "57d13f22524022911276023bff4af90abdf04885e2a598b04fa789123295835a", "encapsulation_seed": "a3963ade17d69debbc358dda82c7bebe2c39d25b36813058e7a161542e3f8c2b", - "sha3_256_hash_of_ciphertext": "7d47a21d95483a5845a4fddbb07b3435c29a56b5cf26f5d0abfa21bc39a2f2e6", - "shared_secret": "2c7b983d66978be80250c12bf723eb0300a744e80ad075c903fce95fae9e41a2" + "sha3_256_hash_of_ciphertext": "70dfcd3fb0d525cde1e38e158f6a4234006821031941efe3f9b4fa1e70c8bb36", + "shared_secret": "d92f866a744d0af51c8c2ba7b1fdf816e0334bff45182cabdfc722d75f8140c4" }, { "key_generation_seed": "684a29e4e5480a5f2533e1526b5fac8cdf5927f3d85087c71f928c59690eb56575d12195ec32a8686d0600e45d4a7f54219b0d7a3826d193a51b9156ecf2edd6", - "sha3_256_hash_of_public_key": "672e53b28d579974d268132187e7bd72238639c6f2ca154d50d98c74096ec330", - "sha3_256_hash_of_secret_key": "4c72f0a7ef5c3274c49365cca5e6770bc709ef12bdbd4fd7c2eb5faa296cdfe8", + "sha3_256_hash_of_public_key": "ed3d1dd05854a6542b24090a680b9aa9d6c65ef31cf1f4f5708affafeb2e3989", + "sha3_256_hash_of_secret_key": "d5bbcdd1c2fd57524e7926d071f71114a62b95f0579b62ac0f92ccaaac4e9dad", "encapsulation_seed": "97beafabf2c8575586487c7a80e8af5fc50f94b6051c1bc66a5ae9f66be3cea7", - "sha3_256_hash_of_ciphertext": "167b4e8b7517cad82ae0f49795918c4d33c79137a9c3e16000c4c55b30b1d382", - "shared_secret": "bbc58d06cc14f9e96a10acb1789d93b93933f1429cc53a1735b3cd995f086ce7" + "sha3_256_hash_of_ciphertext": "c54e484b3b05c6bb40bef10662de29ecda288b9374dcef8f89220d1bff2d09cd", + "shared_secret": "53b3b4ce1e75cfe52d22450bfa763d07985dbc585166b4781a7e6542f9bc03e3" }, { "key_generation_seed": "d76b3573f596eb286ab5231feec7499686b13021be36cb126c7ebeb9d7030daf248c0a21ea0bb6d6f56f12300e8584d8e9a34e0e6f52227281151ae4c305fb8f", - "sha3_256_hash_of_public_key": "b86d5b13bb8b72a9fb81245ab712f0d10f0e2e09b222143c420e3f2c3acea27b", - "sha3_256_hash_of_secret_key": "c25f2e16a0e6fbf0729e5ee89fbbdd71f00ff9a1abbb00cb47f26e9989eaf678", + "sha3_256_hash_of_public_key": "6fe12a1e2d742dcaf56c585651ed6edce4f410aca0fc83275b5acb19daeb149d", + "sha3_256_hash_of_secret_key": "b9e5eb23d136e49d2b5b7964430a1f98c78cd3526f97b1fa0ffb8fb0ea9ffd79", "encapsulation_seed": "75461decd34c50d6a094b4a64fb75e5e9479f8f9250d82bb7d729dedeb2d4b65", - "sha3_256_hash_of_ciphertext": "8919940aeb732930c496fa9832b0c09382663accda45be1ee22930c545eb3a37", - "shared_secret": "e045e0391e15a66d6208467078f2ba5e429cc586c410ca6c5f3c032c21761955" + "sha3_256_hash_of_ciphertext": "763f4d04f8eb62a3599d9d095c77861f122e90a0113fa290b17d500766fe333e", + "shared_secret": "e7165b66834d919f8c8737c7b4df17a0668c57a87b821af78fe68cbea325aab6" }, { "key_generation_seed": "b87439fde81c9e39eebe7cf741c685785532c1dd23e8ef868b9ce7a541010f3d1646460817a0fce5836bdfe124a7448e7adf7b8ecc2652ac6d280e986682df71", - "sha3_256_hash_of_public_key": "85441cbd71c18717e9de7359b920a9a3bb7f32e619806f4e4718c585085be624", - "sha3_256_hash_of_secret_key": "93b65d2df33d3e3ab0d53c1d0a21f3752e2c5962f7d960b888b2a8c495b1b133", + "sha3_256_hash_of_public_key": "30c784bb2ca3538979b24246c2644907484719c531ea39f13c5a34046f8e5cc3", + "sha3_256_hash_of_secret_key": "ff96c20a150142ec36186277a6f7b15e4fb93e9648385ef23186fbef674f1600", "encapsulation_seed": "2607dcf4fd6ca1c614c21b5e37c24981c32b91c8c3e6955777da8a3f5d9c9335", - "sha3_256_hash_of_ciphertext": "422509b01b8fff9468e867a2b5ebe5d3e27314de5c058b2c79a61ccf464f4df7", - "shared_secret": "0b8584b75838e084839d58c89cb1749e82ec06a0e85464c7546dd96870547d29" + "sha3_256_hash_of_ciphertext": "edee28e97f72a1798809668a1b9b9b3dc05d794d69af6cb476f524e6acad3d8d", + "shared_secret": "19599e218264837d06839b6cb9a09af3bc4cdc78f7d9c00fe030ee92ba3bd54c" }, { "key_generation_seed": "056661b38038da4fdd7426f32a81576c73ed84843b305168a374f934e27a4e1b79238a80dcfd7c992d84b2dffa67493e669243d4fa38c46b090bdf86bc548411", - "sha3_256_hash_of_public_key": "065fb6156acaac591f1bf3ce71c4a046be8c6c55eb9a84d29569bd2b144c73e2", - "sha3_256_hash_of_secret_key": "0121afcc6aeb8be9f1c5b06d5b65cc1c03e9366ed7b85fc511d853c5eee230cc", + "sha3_256_hash_of_public_key": "b30fe432c2e9744430805aef6b75cf3011ff387e323558212b9d71ed71f044f7", + "sha3_256_hash_of_secret_key": "2c4c6d6ed6fd6cf8b53a352a038b9fea6648a9521604140f54268381dfaa1144", "encapsulation_seed": "38c89bbe7145c29e9a831c11431eb9929cb24fb4992db20737e4687d397fd732", - "sha3_256_hash_of_ciphertext": "f1d3b745d86f860e508ad8b6d5c8a72ef833c280ec11e99516f4ead3c42509be", - "shared_secret": "3547a15b5748990a5436bdc4db283738eb7d64bdb6ff566c96f7edec607ccc9b" + "sha3_256_hash_of_ciphertext": "b536c56ac5b187bf7372e726bef28c7a46b51e2bb3bbbcb3cab014c6f5999061", + "shared_secret": "dc5f3931026bcedd2f57b65601f683895c365862d28a65356e94049773de2ae0" }, { "key_generation_seed": "a1b52d871612a1c611ae0944f9e71858f35d3bd14f20e96a931720668bdf0a6b1f135cf64b6403e103afae34da038613e2853bbfc36baafa3c6a95347193f37c", - "sha3_256_hash_of_public_key": "ced77d358342759291c2bd225b0bd82d659d28a24bbc5eda8f47975b780cd129", - "sha3_256_hash_of_secret_key": "16e06287bd8d71c78f1657bbd6d5d12c22f6bad7658e68dd849d7751da950860", + "sha3_256_hash_of_public_key": "ab02b962b6350a9e1314baaa272b6b13db3d1edc9f09d3addf07f6826a3556bf", + "sha3_256_hash_of_secret_key": "abf4653476aae658e4603990ddddad56c09da5fab6b9a3e328b9fcd670547652", "encapsulation_seed": "b2c35e33c72d90182791f0e12a0324f5b216efcab2c8da1bee025dfbe13f4152", - "sha3_256_hash_of_ciphertext": "fdfd351fbb15c92843b44489fee162d40ce2eea4856059731490afda1268b985", - "shared_secret": "852ba9be42763c5a74a75778eb839a3738a8ceed1520b0588f9dccdd91907228" + "sha3_256_hash_of_ciphertext": "fc2394d4ed9b1e2b073d73d02eb4ef8ab3633932e58641a58507d7c977b62c04", + "shared_secret": "7dbfce1fc7d937884e7b3fa7c8eaadb37e1663f77d7c8659b8f43abadf16cba8" }, { "key_generation_seed": "952b49c803d6d6fba69f4375adce8594847a00bcae2179da49af2aed0423250262d7033947ae42ca53522a65fbafe18d3bc3e0cb66164e9a094fe4b44d8977ed", - "sha3_256_hash_of_public_key": "2fdb7c7e39ce1625c20a13a1c91aa5909d8b03b064d00877dce2415020370c72", - "sha3_256_hash_of_secret_key": "ffdb52b23a9ca4b71ec882031ebcb33a0ecc6731c13c817b24f3a06e48273778", + "sha3_256_hash_of_public_key": "c153354b0187e658306a0c860b1fe6ed14686ca77d37b7c82d66ff62149406b7", + "sha3_256_hash_of_secret_key": "bc48868d03fb12ad5a98d35a739388b66e17b589aeb6ad4335d2d2e0c933910f", "encapsulation_seed": "afb7d6dc2b7eb6d84acc080c1be63c98afe7b07786b5801f716444a3e8e64800", - "sha3_256_hash_of_ciphertext": "215d83f872221c5fd4ee4da557e17299dc102c52dba1fc4bc3f8c16805da7f1e", - "shared_secret": "618a8496b8850609c09dd1d18798ee2bfff3ed7ef6f8b8034fffcec98f291d69" + "sha3_256_hash_of_ciphertext": "0fdc0a9a35e5cdcdea8d39e95086e35db8f4ec92f13a7d9afad49adb5faf1e70", + "shared_secret": "09f64cee1af4d8738ab149d34a106ea7b19ac43e5a2536defe689824409050ba" }, { "key_generation_seed": "3c815e57e9233e975fa1630208aab206b71ae0db37a7a8789ac683d9f9b2d29801c8e376fdb140ee343106c093af7cb149b316ba79446ceb4e5e0cedb9b164f9", - "sha3_256_hash_of_public_key": "86bb11e7d9c1368fbba34ce3a2f169c2464ef5fbc11f73843c456467b6cdbd4e", - "sha3_256_hash_of_secret_key": "5d46659798d268f1314ad1e7c1735c480301f5877773403966e928bc3fd33d1b", + "sha3_256_hash_of_public_key": "2ab47ca9355ece6cc643c3274c46efbd6e927b8b4d11ae8f80b5345b487a5c71", + "sha3_256_hash_of_secret_key": "9f65505a34f12eee3e5f6ba1cc622dc0024c4be87dc0648ff9e1edf9ffca943a", "encapsulation_seed": "28f5e9dbda122b2cf8f3754fe9e0c73a84ad4b0c093522e0b62cf815d60bbc3c", - "sha3_256_hash_of_ciphertext": "5ff5d6bdb110bac57e58a4e288d056a1384f9823606a42daef2ae82e0b7574b2", - "shared_secret": "cbb8b7a05f48b47d163cf8c2fad32bc586f47f2c2e0911da349f29b1e3286c22" + "sha3_256_hash_of_ciphertext": "5c7bfaf193010937498fafd5f4eb4665996c6a963ba25368439dbe05c56bd99c", + "shared_secret": "7104fe381d6d7995b4d550278a66a719b9e79d9bdc38fb0bb60212c4355cc520" }, { "key_generation_seed": "588760826dcfbd36d9abe6ae44a669bb3ebba6a218eab69e30f18a3bd536576e0e860576285483bb5fd36e2f944d32c4317bebc1e441470c1372046a790d79d4", - "sha3_256_hash_of_public_key": "29253478090cb4d580bc2a912645bc685061e5d4437b3811eda69c865ea9923c", - "sha3_256_hash_of_secret_key": "aadce411f3708e9727e4a7e4e198781e1ef5e8f4c4c14add1e25f5758649e265", + "sha3_256_hash_of_public_key": "3ab27768ce397a94bb7d29f5dad97d54054915eb66be41023e5d7052a10ed1e6", + "sha3_256_hash_of_secret_key": "2b091ca0237c155627226a58c1ea9a049127e7e30e397307ae20343e21408dbe", "encapsulation_seed": "b0d713cbef0bb1df70cbb425d1e9373e9f7790fdc7980cc96a240dfc53f1e8e2", - "sha3_256_hash_of_ciphertext": "675039d66fcb631a050a8b24415b50f331350bd6697f9c977eef15c15d4cacca", - "shared_secret": "1eef87404f318351413d52ba8a07cfa5e72f235d6f91afd7fb8ad3e683ce0a55" + "sha3_256_hash_of_ciphertext": "1987dbb44cd3fcd1b3fded283f54d82a2dd146508124282d59a8f862be82a2a0", + "shared_secret": "79b1ce19715dd0a74ada36d31f63f3242716890a66d6348232c914c8e5c4c499" }, { "key_generation_seed": "47550e9edacb6ddce3d9ab81f6b61080dd4f2693854acb05e0ccc7a4fb6390fbf89d7d99d5c3e0d10d6ef9af054d842375f695abb28e3b8eb495100f04306e92", - "sha3_256_hash_of_public_key": "286de7dc142efe935e84b0aeebbd32d050fd9d8b008a94e59454b19ea401611d", - "sha3_256_hash_of_secret_key": "a6b53edf9efd7fa67a478456a5b6a379876c248f623ea45f4b541a8db00c524e", + "sha3_256_hash_of_public_key": "4c20aa5a85b2e43c56e051698c75bfc27bb9b1722501a6502d1c0dac0aa7f1b0", + "sha3_256_hash_of_secret_key": "684968be82e153d8eafea3ad507544b512bc1b0768775fa5732a12ec2b3b22c6", "encapsulation_seed": "32bdcdb7059fe27f6409901980c080308951ffd90deffa8317b4d213a5f04495", - "sha3_256_hash_of_ciphertext": "f03d44bd9bdf3bfd486919fec2177b8b685a9981de4cbc2a9e98b7e9b0a528fd", - "shared_secret": "ca2c0bba56645e4fce4b7e38a7bb4b839e754bf2834a302a2614377eddd6ae60" + "sha3_256_hash_of_ciphertext": "5a1273ac88362d6933e9f8e203af5df0ce809b23e125abfbea3f72bc386f17b6", + "shared_secret": "66e872a4b3baa42bc3e8e4ee787ebe070a094f05d2a0792ae2ae60f8bd0ee0e7" }, { "key_generation_seed": "610afb64be8cc1df288cfb016ee2f44c6c07113de7f6fee071fe0c3fe31c6215cd292e4c5f9e1a55e0489bceffb204d672a6215f4f3980a646d9f880817c52dd", - "sha3_256_hash_of_public_key": "029a2e12c3e6aa668afb5be8a82576813fac7b8e61c5a88aff94ecc2770c585e", - "sha3_256_hash_of_secret_key": "413ae41ee83e17b74ac654c2aca57abe8f8ed0409acf7cc8b301e3d6bb049cfe", + "sha3_256_hash_of_public_key": "72c30933b8e50425fefbf58d711f58cbf9fd8ebd2835a1b55469a2a1b993eace", + "sha3_256_hash_of_secret_key": "f156a8742efc92c7a7c5e07116d139872ec520aad1fdb146cbcff70c350a45a6", "encapsulation_seed": "4ed7c92d83bd03b2a25b567f17ae55542e2f6a4308ec0f3fe69f8ba5ae24331b", - "sha3_256_hash_of_ciphertext": "e8992f7b7b619c03cb9f0c991e3a9c20f91beb707c177ad4e02a5808d10d8769", - "shared_secret": "9155619e28de6cc0670ce70e0ad270f0e885e5f5f8d6d38426938ae1036d6ffa" + "sha3_256_hash_of_ciphertext": "c3c80130ce1ccb69036c753567b55e2e93df33496228735300b7640f2993c09b", + "shared_secret": "56551e57abc7b80a842db9ee65aaf6e65b7c4ca10fc297e9bb0a6364e6255bdb" }, { "key_generation_seed": "e1953800acaa85ac02a906c72cb8e8d704e8d27820345f88f71e89c1f549afcc8c64c049c6dfc0f1476cffd520b055756162f7ec94243de6b14ac0b9e5fb366c", - "sha3_256_hash_of_public_key": "e3ec3671cc7675a321af8584a0961101c04a432772431e77f5740ba3b2ef488d", - "sha3_256_hash_of_secret_key": "93bf696bf0671c3845c4b246f29701a0978eec5b49de81589009e235903061e0", + "sha3_256_hash_of_public_key": "bce58a5d05a4840f835b8ce39703f77bb31f20b9ee4fd3795c2e326244208b28", + "sha3_256_hash_of_secret_key": "abc33aecf69474343f3848633db85e595a465bcbd408472257e00be338664ecc", "encapsulation_seed": "060ea5d2ed1dd88144a9885e79278590821c22917b55a48920f96b53ebe0e689", - "sha3_256_hash_of_ciphertext": "6634bd840d2dbb01463cfe5b4e3e54d1eabc081cfbdc14d0bc118911ed8d3cce", - "shared_secret": "d1f24383d5b8d0c3c0a6a5f8f7d38ccce13ec179a84b0b09bcda4c9988f3eb4e" + "sha3_256_hash_of_ciphertext": "a500aa79a567933c2cb80ea580fff3298a345398243052f2ac292591810328b4", + "shared_secret": "30abe054c82a82299e7edd52870f461ff6048daab627b6c848a9d4f1c4641a0f" }, { "key_generation_seed": "c719f9b2d16399b7326ce4eca30dabefe8fdaab18e9f6df888b0a134ef355570e40771856eb77e4633504899fcb86c6a3d433d0b8d60e26f07bd61f1d4ed69bd", - "sha3_256_hash_of_public_key": "79836213a513bd4cfd42ed281304e3ee4560e4e0c60fa53781f83d5bd2bbea52", - "sha3_256_hash_of_secret_key": "65deb55fea451375ef335e7faac73917d32220fc70c95f371fdb16e712beeb26", + "sha3_256_hash_of_public_key": "0293675aaefa1219f8794d114bbb004463f9c631729734cb430f26f38886537e", + "sha3_256_hash_of_secret_key": "b25401df9f852f7383fc87fa7cbd267b9de2e80bb37946e9fa8d040134a9e31d", "encapsulation_seed": "10ef9426f8c4a13b52325c5bb4ead4596ecf2c6b5bd2d37d8350e90d4164fdd9", - "sha3_256_hash_of_ciphertext": "ba79883ad64a6f2b256004233d87809a8c390327a23c739334f773507e003aa7", - "shared_secret": "d2dab0b39b7f62de3ca9826f9dd15a4201191a0e0c690d3e52b305a9d3af2d0f" + "sha3_256_hash_of_ciphertext": "3e0e87ded530c595b63064109c6d64c78253f3bbac5f3bcba552539fa7daa004", + "shared_secret": "4b525f467ee0d96c1f4b899a114936343ec21c74738b05555b2bab9a5d0b5513" }, { "key_generation_seed": "e9acbb774be970206c3a738e243b420805a509fa59fa902044be2f0d013650d2ded5edaec5de3bf5b4d7c2f2e18e87f499c1968993eff196753db8045e2c8ba8", - "sha3_256_hash_of_public_key": "0c2e803c2872400c49e1bb10232946ab939319e84ff32cd354dc15d082cde5a3", - "sha3_256_hash_of_secret_key": "d37f172803739d074d71a2be32125eb1ba4250128342e34b882fcba38b259248", + "sha3_256_hash_of_public_key": "cadbc64e263f1afdcddf2ad63f2fcd19799a0a8f43ec867477e249ed5fe716f8", + "sha3_256_hash_of_secret_key": "ae483cd66ace708eb15d06b55b1414e1ca1cd440d8867932261fe16a41eab8dd", "encapsulation_seed": "a4bd30a64cbf29a4e290fa1cc1dfb99e68348713041e4409a1af23c5d80c15c4", - "sha3_256_hash_of_ciphertext": "13d437b2fd9d67ca0699a3dacd977fba5d072fa6b482043d63e8a9548ba6a3fb", - "shared_secret": "6869ca370a496af2dbaa866265d91ba6be54b9686b1b8dd5714f6ba861b0d1e8" + "sha3_256_hash_of_ciphertext": "b4c90f9d9595c242112c963a6f24b6023083a0751e341522eb4460a0eed65f25", + "shared_secret": "6cba1b31809b333ea40f2f67bad438226d91bd61b08860357a840cbcc8fabfc5" }, { "key_generation_seed": "c1b3cbffad4b306f9af0cdd3028876486dbe858875c9b6497fe20172a986c82b1c96249919cedc2369d8d739ab125e0d2ccb82dfebcd90240a545cdfe07511f2", - "sha3_256_hash_of_public_key": "5818ac8d7a38c781e3a0bc43d088e6d391d1d67d9639b260bb6f58a19a57150d", - "sha3_256_hash_of_secret_key": "280e4774d1b2401580216fa70fb24c2c214ac5dc7f3841710a42e14d6aa09663", + "sha3_256_hash_of_public_key": "5ca1708c7c6e354b69720b4b4a0c358fe9a6ad3febe78bb2a71691658acae21a", + "sha3_256_hash_of_secret_key": "eb002a4709c8b95bf166e0942d47453c32b93e32e4273aef846c296d1590d58a", "encapsulation_seed": "f4b66a7d3b65b896dfe100b2cad24b175a1168cfd2ae11fd704b835f6bcd311a", - "sha3_256_hash_of_ciphertext": "51eb70249a1abebd5159f1069b1acda2304f25fc9cbd9f4a625b58df448b47dc", - "shared_secret": "502d92b2a7e1804892ffb8ff009987a58f35baa30c0392c83859fde82105a9aa" + "sha3_256_hash_of_ciphertext": "3d21fa1e7c4b9e5b3f68f956afe6fac216d42fd9a3707b7a61932c8ebb5103b3", + "shared_secret": "8087b456d37e6aff785a0ca104cb03ef71fa2d6652c52dcd86220cacf878afeb" }, { "key_generation_seed": "ff7495b8575b5a98e4fd21fb4c3e58cbb60f14bef21aa74cf8802e3153f14807bdc370460375a778d1a31d01c42b66367ed8d9e8f84551002f552f0e52102b5d", - "sha3_256_hash_of_public_key": "172cf4f8dace8a96b8f70da966080a5e3f132873ca7544343377a99b65e8147f", - "sha3_256_hash_of_secret_key": "31136804b6c14f3a0a00a3295a5fed8d606369e64d272d432c59d7fe0ccc3e47", + "sha3_256_hash_of_public_key": "04f0066489947b572f76e1dfc2e24297b210ed0aaf228788a0b349d11689e064", + "sha3_256_hash_of_secret_key": "656696013b36db5535aa376104d5e2beb2c9a708282aa6a5f0ed42cbeefcf98c", "encapsulation_seed": "1d7b03d3c5eefb8ae5799dc569aa668f1bcb8c86607b089d3530cf61d6380147", - "sha3_256_hash_of_ciphertext": "9b38b66fdfe80acab82bf9577676f6566b4429f78a14f7486b07c96ae7be921b", - "shared_secret": "48eb4b840c0d957f28808e434786c02a8f99d3464ccb3caf91cef4a0f8e70c4f" + "sha3_256_hash_of_ciphertext": "a29dc0e0107aed03c698c2448cba21940bf9923c2098225ea3421bdb474a8ecd", + "shared_secret": "6799d393f4000857868049c19a102e5c04c55a6bfe3a41abeb4fb6d5228cda97" }, { "key_generation_seed": "bdc3fba1c32751139fc45bacffb3ea97f26573d804a5f27a459293d95190ed8efd5a08f656a6eb8cd20679930a31caa6a6331c4b133a6838c223ef9f769f6246", - "sha3_256_hash_of_public_key": "268b6356f92c57da6dd34494b927e8764adf0ad519612ef0d1b8951e50966c2f", - "sha3_256_hash_of_secret_key": "3bf02cee24670ca40b7280d8047fa147b24c5e286dcae9c24bace9465bb19f61", + "sha3_256_hash_of_public_key": "67ce6c8abcf3ec4d93505d3be02c039e5a12538e5e59adb5a5d709b9b342938d", + "sha3_256_hash_of_secret_key": "b68d06399932cb2d32b2a2aaf12e68568f160092efac36ade3536cfe6fc88d45", "encapsulation_seed": "554f3385b382f4a46314de37ee3885addfc5332bd4038785094e0a832e9e8c2c", - "sha3_256_hash_of_ciphertext": "fe8c3fcee4be152aff29e55f42f2fb1354ae55ccbe38400bc901ca032ede1ef6", - "shared_secret": "f9507f70421be90f21138a1e135329ee8228682cc948a6914ea58624d396df0b" + "sha3_256_hash_of_ciphertext": "93a08f27c7cd6ba3d5e6c8b6c833d8c65f05edb2cfd7eaf5bd392cd1563552ca", + "shared_secret": "dbbe6f3b6f5a35789697792e209428ba1f53d1b98ac2c0d1893cfee641e40375" }, { "key_generation_seed": "447f6076a627bbc5ad7773fbfeb14b4ba9ac43a0f8b99fb6dcd5e452aa3c47ec20a7237801f470fcc2bd9fd7bea8322859b850f7882d362947432913dd068c01", - "sha3_256_hash_of_public_key": "4c6d304e0494d88d83b5e3aa5761df3b299551a24f28994d2747b2b08945bead", - "sha3_256_hash_of_secret_key": "5de91ca73756eee74da3cac78a1fb329a02f8587f212bb9bc0b29e0e654a5795", + "sha3_256_hash_of_public_key": "7fe853da745a27a1462668bb66c4348b7f4bf25c70527b360b2fd104cda48fe5", + "sha3_256_hash_of_secret_key": "85a7c0a52f7898df5e3ba9ee378057b9e354dc2108c5f8c60a10fc20c9eda749", "encapsulation_seed": "38bf0033b779edf5367d9ebc01c988af90904c560970815837380650e4749eea", - "sha3_256_hash_of_ciphertext": "805ce0ab06c568b614cacbfa4cce5e65929e2846932a90e9418513dd48cf3358", - "shared_secret": "24caabaafe2063f812eaf57c58b6c0376ed8ff778cec1980ee9c3228801a75a5" + "sha3_256_hash_of_ciphertext": "23e8b844258ff739aceecb17073a7f2be2f89030ba7ca699470e4add6f55321b", + "shared_secret": "494550faf270431de90c96d2ddcb7c19249d5e85305b3b43626386c30b7aba5f" }, { "key_generation_seed": "2d5df64d62cb07fe630310bb801c658dbf3d97993e68626745de39d37fbfc2b27b534537addaba4ecf14f02ab317d36cb9f0f50222ced7cf029dff8a0d3d2fd9", - "sha3_256_hash_of_public_key": "72be2f5cd569e6229f00014854633f7b278e90af4ea593411909467a03e29cfb", - "sha3_256_hash_of_secret_key": "a68ca31b91491a129af9f280cb4c60c046e7a7ccddf41c9bd98663f8512ca34b", + "sha3_256_hash_of_public_key": "65297f711f12a5ff123e6de59d1f16878e93a31612015fb961bc572f3e999cea", + "sha3_256_hash_of_secret_key": "f80261900b053c4d1c5e3b445588f1aca6a9959b969b6a60df08f1a12da1b661", "encapsulation_seed": "048ea516d0ebbd9f709b47eaac66f344c571cf50f0d01c9466aa061a50b66a24", - "sha3_256_hash_of_ciphertext": "d27a36808f09d6165aefc5d253090027eeff0653268c55a0b3de2a751ec765be", - "shared_secret": "9f734b15fc7dd99bc10d6cc7de5d2c93ac789a5665e508a95d075dffbad25abb" + "sha3_256_hash_of_ciphertext": "7c4f753d71b67d7a6691db0e7d9bf2c2a13f9f48a0d9602be60e080262bf50f1", + "shared_secret": "eec9e658edcad5a8a705644ccd35aa3d785cc258666ff749bdbbafae6700f1b9" }, { "key_generation_seed": "25056d1b8113bb362dd979d98643d7a7ac9c4f95994c0ba060609b6d07002ff3f48a9254dd40b117941fa35a66bb50296327b725525deef70e128ca8045ec451", - "sha3_256_hash_of_public_key": "0831c75b153fa17d336a79ff6e88ddf485daf7b1b0bcf39d8df15319d52ac67e", - "sha3_256_hash_of_secret_key": "2b983d7cb50880cff761441b6a2c66b7a41642cfd2a8cc297a5df53f0ed1947f", + "sha3_256_hash_of_public_key": "51634cb33a2bc3fc22ff47b58d7879d703bdd661ad3c290a6d812485ef0ce8ff", + "sha3_256_hash_of_secret_key": "e9d2895dabc85514f2f1a543440ac0de41d49cf21686327bcc6066d21a2b93a0", "encapsulation_seed": "686c921c9db1263e78ae753b1c9c2e7936b8229dca48c0942c56c6bca4f10917", - "sha3_256_hash_of_ciphertext": "0892527da24957468b1b8fab49ad2d7dd6d238eca54624fce6a3c2dbbbe8d194", - "shared_secret": "d27e55f2a1f9ef336c8537f11da9875e03cc7dde8951d81b0740457609654107" + "sha3_256_hash_of_ciphertext": "8d971865b1ec760640db6e480ed27fcac239bb1c36e72054afc530d957672c27", + "shared_secret": "d5c5e6657d310b0ccef250c9664a02c846ecb241f2404ca851d8219f93cb0d27" }, { "key_generation_seed": "e4d34e12982aeeb1d62fd488d9b9e28557ed3429292239fb4f76fa9098009acae6c45c7fc62329b13c8d29844405db8ff6860de474bf727ecd19e54e6e1a141b", - "sha3_256_hash_of_public_key": "b30cedc4316b63d75b641fbad2f33241a3fc47ab8b3ee1a3ed597e5b04f77c68", - "sha3_256_hash_of_secret_key": "a49a7533c671e533deec55af218ee511c57014070e138c7059853e08c34b0a78", + "sha3_256_hash_of_public_key": "45cccc2997b502ed631257065214ab9afed11f00ca5c18c92c4d6b917165fd1c", + "sha3_256_hash_of_secret_key": "3a0f0c13760dfc8bf1bf79bdb1b4f94aa33989529be306bb826b07e089105b47", "encapsulation_seed": "2387772e50059cabda53cb93ba24b19ae529496c03b36584169451525c4a0e7e", - "sha3_256_hash_of_ciphertext": "390b3b6f9a0f9d97ccd452c83bf47416b22fd06b4d8968c44ee6effa7980e68c", - "shared_secret": "ed5903d1cf02861444cad7fc3793b4e1b9b6d0324bf6babfb768bb2f84300086" + "sha3_256_hash_of_ciphertext": "c60ba523dc75a1c9f8dd617f1cc775f6d1cee0fd7614da1a5366eee5950b6f10", + "shared_secret": "f62460025ebbb273f00207758a1215c3a8053d2ac66cee11c6760aeef7e35d24" }, { "key_generation_seed": "cd6a99396eb3539ca663a51e42063a3a262cc1c5a5fce1566f0597b52ad9fa325a3407f591791a5db4578b5972093a95bec3b8e70c1d542c9b5c9789729f8922", - "sha3_256_hash_of_public_key": "ee044dbdf6787ff038dbf9c133557169c62fc1ce2580739369aa87df00b49648", - "sha3_256_hash_of_secret_key": "9e865967f0d1e7d3f6a49f2bb623ced2a7b1408a945e02adbdca35846b70e7b9", + "sha3_256_hash_of_public_key": "89560d4e598328f6302a9762bda2b0f29fa8ee34fe48dc4847810fc6f44cc198", + "sha3_256_hash_of_secret_key": "30f40a1a6f4adda2a9e73f3a881f3d10414031a0f5fc0f70ffa4966b29bb1a7f", "encapsulation_seed": "155c29c5f0378df0cd0e847a80a07143cf7522fcd880c9229eb9feb1ce340cd2", - "sha3_256_hash_of_ciphertext": "6858db6eafd97259e6d775d881f7a877010179d4f827680426946b9ac4571261", - "shared_secret": "0d301028c1cb31dedc8a702a9e95b7d3589f68a6a1f600af84ae0f543e625361" + "sha3_256_hash_of_ciphertext": "932a09da1c6de03fddf0b45ca31f2446c5c2a3d47af171cde29149167e735cd6", + "shared_secret": "74efee46e7b26f5022416ae9bf4a52a3940966b37fab0c3ee2e8fbb24ded6bf8" }, { "key_generation_seed": "6c8c53ed6f65e6b2e324b84364e10de42d1c26a106d4d1c99eee79c78586fb55b9402bf02481ce4b27a52e87feb92c4399c7f2988d40e942e7496ad15ad2aa88", - "sha3_256_hash_of_public_key": "e965ac6995d525e324e8252d8e2c2da909a29b24baca8b68daa5122cb539a474", - "sha3_256_hash_of_secret_key": "91051a381626e9465fc7ab20a1944eca64be461330bda53e7d1838a74597392d", + "sha3_256_hash_of_public_key": "878025deeed7dab8e62d43c3d2096e4682692537c70ebab9e1561cba88b05ec0", + "sha3_256_hash_of_secret_key": "5469881eca81b37faa66f4d9f63c20ecf61fa8337a095410fc19eeacd774b863", "encapsulation_seed": "a9cb9a61a3324b1ea5afe693b32784e2871096b2ca14a11acc9577c52359a241", - "sha3_256_hash_of_ciphertext": "42bfb5584610497fbc8080a664139afa534b39a417cb69ab0d2a16c8737eb1cb", - "shared_secret": "354d86b389021a3196b75c6582927b3a005fbfee0951f34d9cd5c8f415fa50f9" + "sha3_256_hash_of_ciphertext": "0407bedaefe91d921a6442f34fe88c04e62389fc63dafe78a1a2b93723786a10", + "shared_secret": "92fd1bb6ea9f1a0a195b3ca29e457f4b3f401fb4521842196d9471f50f5c7249" }, { "key_generation_seed": "2107204cd995f1df14314d5381f8c5440f09a347502e161cffc0a2ec3dcfbc7324c3da70fe850e80aa818301d60c70f3038153866dcd5d179e22db59b8991bb4", - "sha3_256_hash_of_public_key": "a3d8a85f38cfda38c66ae39b2f9186ef7bc1e0c98e8976a6cbc6c4875d73d7fb", - "sha3_256_hash_of_secret_key": "cf7e797f8f7229a08206034737e54fe46645ab2fabdbfc8662b45a2604876b65", + "sha3_256_hash_of_public_key": "7d30385f988dc748b843b7b7f569e58ccc9215503e1bc2f28f5019fc72fe6d33", + "sha3_256_hash_of_secret_key": "5b425d514afec91db185ec5e84bfd545453da4f3acfef398e7b3548c63f713f9", "encapsulation_seed": "e99fbae8a024ebbbdcef32ce213f6aa942e3eca925e5da4c09975d773b33a175", - "sha3_256_hash_of_ciphertext": "ce7b65856502b280e02a36d906e018c6a23cae99f27ef6d65762c87ddfedff56", - "shared_secret": "3afcfdc446f93a8169024a24fc0383692843cfd6b4854a8e490892fc35aad4cb" + "sha3_256_hash_of_ciphertext": "886a86759ae6a21a6dabe37a4b4443bdd358502f0719b5b9178dbb6b9f7e27e6", + "shared_secret": "e1a195eb1093af69edf107980f94adb3058378cb79dc807684c26c4ee1308533" }, { "key_generation_seed": "63a925685a8ac5bbd918faa33ac397d1ffbcf99135d9da7c3d6ff7aa4c50af3d3afdb8a246a56ee71465591831c371f2eb87467b0559dedd776ba063ee6d2f93", - "sha3_256_hash_of_public_key": "aa73b40dedd61e6fdaac86971965c03ab14ae69e8130426fdf830bd57d0974ce", - "sha3_256_hash_of_secret_key": "1e7f3f1e5632d1df538b564304f56689742d1f652d8d32f019b45183af68a20e", + "sha3_256_hash_of_public_key": "0697d2f9e047e603b8845c9ecb168576f9d8bc7f3c831b6ec15c5fa4f744315d", + "sha3_256_hash_of_secret_key": "8b634d3c1e118577cc095a8bc53d05bc8c869f2001f3ef591dffd8cffffea969", "encapsulation_seed": "67a216f37d67f5e74f782f1badbce1cc8c80a6130aec305b421899a4faa0a6c3", - "sha3_256_hash_of_ciphertext": "b6c40fd53bcd9ee1e70bc6783b402ae34c24dec724e63262d8583c90cd10256b", - "shared_secret": "ebba9a8bae936c829c1445c68595da96919041ee3d9b0fe27ca93db691146874" + "sha3_256_hash_of_ciphertext": "a9c68747a9697af9d9442e3d5341161afcd1977777bb40dfd8642807d96f3ccb", + "shared_secret": "fa8721164f599caeb949141b24a124f2d576b3b58c1914af2b05da26b09bee30" }, { "key_generation_seed": "6a1aee5e708c1b47f02bdacce4f56c860f74fc7cfec1ef3b58285b1c8ad7fec2230e05b7114ff0395cc6634db1eae8258072d09c09f291e92d6620b177dc50d7", - "sha3_256_hash_of_public_key": "cf754f2ee43694865a09ca7beb0deda9b1328fd0abdf30ca5c338e27e8be04b5", - "sha3_256_hash_of_secret_key": "928592604aa44df8f2072f26e9511129f61da0b7f57acb3f6896635a9764ea87", + "sha3_256_hash_of_public_key": "d49e426ae85eaa6c911c4dca80caba6e28e5f645a54d8c016de51a2b98241a29", + "sha3_256_hash_of_secret_key": "cb272fd45a2a27a517bbe1d77d99c027b8664d596bd77d18c4e861ab9900b0fe", "encapsulation_seed": "52b19fea232c9154a3e431e9d69cda40013cf2d485c3cd027ad24e645420420b", - "sha3_256_hash_of_ciphertext": "a4b50ad169b436877652a6c64dbbffdd63f53274ddcf58f3c96c3929215aa956", - "shared_secret": "f063c0908deb2e61faa0c4c0f5051b2c8af7265060681df14bacb30f0228b3b3" + "sha3_256_hash_of_ciphertext": "a569fc93ed9b0342e4090782e82b576632dfef108ece59234c783f80e1862de8", + "shared_secret": "d479c2f5e622cf848d921a7155cbbade062d0fb3ce7535d1859eb03e18ac64f1" }, { "key_generation_seed": "6396b328b100e4c7f4bcae69875edea1a1982421558c608c13c592bf7b5d0fef1100ced48add211a5c937b8d6079d8e271af3f949edc61f70e60453aef20dea9", - "sha3_256_hash_of_public_key": "3a842153dee9e035299d7e268c9492d71188f9fb24bdc2dd20c1ddca647a1523", - "sha3_256_hash_of_secret_key": "28ee987bc4ae5a321d2669950dbf87596fc4b35c29f192836005064aa3dadee1", + "sha3_256_hash_of_public_key": "903d69da169d8f3f65eec290acf30078fe51bcbd1aeaf412dfe2d31c7b10157c", + "sha3_256_hash_of_secret_key": "87b236ca8da0c7a9d38d7714e7ac16e6dad2fb5282a04b846afedbbc0449b395", "encapsulation_seed": "64440adb05db3308b189bf999f9ee16e8ee3a6ccbe11eebf0d3ae4b172da7d2f", - "sha3_256_hash_of_ciphertext": "126b64a28d82d06ca81f7e86d33f4949634924e04528d1142061320eaadcb841", - "shared_secret": "02d2e466e170bf45d3e9d357e2f04c34cda408cf147e9ff7a6e8c715f2c88ace" + "sha3_256_hash_of_ciphertext": "d74122c64015ba74b20c9a675bf688952d42ea421aa5c7b6c82eb6dcf0cdc092", + "shared_secret": "0dc813eb106eb0d4864ffc38432937a1db0d27745788775a8299e93d1c808f18" }, { "key_generation_seed": "a453bcacdd2b0d4646009e5ed451c3c45f08fb827ef733db3c517a9dc1af93e67a3cc8aa3239d4c52ce4c95afdeff6efbfacac10d294edc0e7cf4535059bfdba", - "sha3_256_hash_of_public_key": "da43cae3c4da51d69a57eb87094a03cd3a9c3e6b4ed864cc691a60f0509cc646", - "sha3_256_hash_of_secret_key": "b204cd1c3122b29a3d99cb77e11427fc102375699928c5a6fe816f96bb212627", + "sha3_256_hash_of_public_key": "08cff1967030a528e748b708b0fb783577f249c04ea5536d2da034fd0d15fbac", + "sha3_256_hash_of_secret_key": "de3ea809c8eaa873e0aaef44d481d8ae72799a0b746c5847f3d412865871bf63", "encapsulation_seed": "c8bb46b3a7344ad170c2052fb042b5a3b62e0590562ee82577b1081f6f114d16", - "sha3_256_hash_of_ciphertext": "228dfe300e3fabe4d4e550754ebcbbf72a796209c1d24e7ae93abb79e1cf17dd", - "shared_secret": "6a5b0842c122ab6ee251399492b061d2ab3e40843f4dc01c12fbd5bd545c600c" + "sha3_256_hash_of_ciphertext": "f0cbdd82f5731bf4177a14a3abfdaaef5fbe94a71ff3f1b7852a010b1d4d7eff", + "shared_secret": "c71d65ecbae83e06c622e28a4eff43c10041539d851149dbdf295eb121550d5e" }, { "key_generation_seed": "47ca2b77c5b717f423222c2730ca5cb9c856bc951d01b2b2c80bd76ccb5539b78f1481d7cab000e33fa07de8dc9627a85e76fabb4428a3376e66300cf12a0787", - "sha3_256_hash_of_public_key": "6533c524a32345eefdadc74a3c6ad7e981832797faf1068955b79f118dff9358", - "sha3_256_hash_of_secret_key": "b9dee52055b1f9a2b25a0c1be4d9f30d2ecd7c5a09f0f5294de2d49a55ac9fe0", + "sha3_256_hash_of_public_key": "b5ed4c3fb678a44d92486cf091333c7f035541614729496d5dd45ce580f0d263", + "sha3_256_hash_of_secret_key": "c313fdffb08de4e928bf32e08a8d0310ea94f9713381f81cdd494a3d4af09553", "encapsulation_seed": "2e2b70609f3fe029a14d09d5d659871ac776ce2797a0355f16e2eb68f5613fd1", - "sha3_256_hash_of_ciphertext": "2d7e8fbd6f2257b05eaaa2ca1643c452b4e0b623c9ad72027cca8dd8b7b5b91d", - "shared_secret": "2486c0a6cf17d9635dbca1f8395784cde54dccb7df10fced92183f983478fac1" + "sha3_256_hash_of_ciphertext": "5c266d232b038abc42ac484a721f63094ce50740008e0be68571018d8355099f", + "shared_secret": "82360ffb5455f6dfdfc6bfc1a3999eb7453365ca311a0077c9d74968ed27b7a1" }, { "key_generation_seed": "aaf6eb40e596a5e3e8218871e708b089240dcbe7fd3641f0e5e41e071ce49107e2f8d320ac3cb0c52efdc753282f092bc39baf4a18783a48ea031a191865eb78", - "sha3_256_hash_of_public_key": "e2f60f27da7f318eb94a74b437f8e0bc9513e9bcc38dad99c174c1d75e0145f1", - "sha3_256_hash_of_secret_key": "68eaa8143a71bd5f6df29b128781e3f2a5fbc5d20534afb223ddcc64bc767f5a", + "sha3_256_hash_of_public_key": "e9037042553968ff3007cdb135e368ecf440e4187e554af9d0ff272911ced339", + "sha3_256_hash_of_secret_key": "21dc6c39559081b2ca594cee9e9825ff973158cce0d11b38a51b503952daa372", "encapsulation_seed": "4725dd8fb314bfd8ee23731c2341dbe114606d9abe6434c471b5573e7df193bb", - "sha3_256_hash_of_ciphertext": "b5b2de55cfaea8fe543f67c4f45a69780c3e2d932e56e0b574d9b40b56ddc1f1", - "shared_secret": "85690ee044e4d8e0540ff984775b59bb5134383c4e229e79e37d7d77632fadaa" + "sha3_256_hash_of_ciphertext": "525a66ef29f0c8a0f989dae8592e9e00cb7f347915217d53f08a7699c2b912ed", + "shared_secret": "77ef6dc5a6c8ff657070e418fdb3eb272c8784a9c38bbef950c8ac1de5ec5578" }, { "key_generation_seed": "6500f32c93415cfdbc0bd31d78d5be95cb9060c8cfa2013955b56f8b6868b322393308641a9a4647f230201e1389624a296b55192a9819fcb19ab77c25f95445", - "sha3_256_hash_of_public_key": "d4bf608793939ecba27dff5889d4d921c583999a57e20a48085ac549573e6abf", - "sha3_256_hash_of_secret_key": "5f9a14a9c41fc228306d79417015408f31bc9c3d97579616bd68a3d3444f9bd2", + "sha3_256_hash_of_public_key": "806aea6700e293f433a97e4b2c8485e6b4ac19ad493c4c16a10a2a884d58f5ee", + "sha3_256_hash_of_secret_key": "f446ecefbf4c63e8897a89123ff38bee2aece076fc7b268b6379c996999085ac", "encapsulation_seed": "818d3bb8ebfb32bf464775f7139bac0a5bddce80ec5798595992f9403002cd5d", - "sha3_256_hash_of_ciphertext": "99fb7b7767fa94e74936a6678acfd5a2306b156f90f4608d507768a25403a16f", - "shared_secret": "d179d901a0570bd23aa52570c5c233a2240d4724e81d98c9ceedb74187eb75a6" + "sha3_256_hash_of_ciphertext": "c7c82e2b3d0d3bcb73c5d9203ca3acc94ae8818794afc7610cf48a21e830c450", + "shared_secret": "b0978add3085e1c972bfaf86655a287946f3853cfb372f6fa5813a11b6c4e103" }, { "key_generation_seed": "7643cef2d62cc5aaeecf754653ea62294cd2208e5bf3ddeea209e3dc45373d49eac9d531a532770837a854b4f5531f6e0c8d6c10183b30d3435498c2dd142951", - "sha3_256_hash_of_public_key": "65f03add3941d22c80d50659f501f8cca1b448d84462ccb93d5f065889484bc0", - "sha3_256_hash_of_secret_key": "e4513cfd1dd2153d30d15b023421cb8e8456e6a40e612847e1713e915a29a87c", + "sha3_256_hash_of_public_key": "33df23b37987c6b557e4c0f8fa9e466312f19e7e90cd0a67abe6a145cbca9d44", + "sha3_256_hash_of_secret_key": "039031ac6171ad5fa8734fa3d60cc5b6590574c09ae0c02564c1907ebc772d3c", "encapsulation_seed": "c92aa5fb91c980d9cade9ce99d4c75b2ffa7d6a6ff9bd59def1aa701f2a0992b", - "sha3_256_hash_of_ciphertext": "4cd7f0af86623b34c0b137a0516b876daa73ffd65d75871ddc828f86a7e9b224", - "shared_secret": "6d574af7fcb241fed8763b2d0a352870baf85ef686e90eea31f8500c35945ef7" + "sha3_256_hash_of_ciphertext": "6fc3012eab242c5a3dcf99b82c5e5230fb8a4d45902afc7bb82648298d8a00b3", + "shared_secret": "b888ef3a969e162edab17c3d3de9ca682de60a0fd6ac97e1b5a54171dba12a3f" }, { "key_generation_seed": "f8ee95521060c03bb8dacc79f7eb7db640f545f315613a35d447a09e504cb4e13fc3d8392cb53f36ed647364a04e37278a0e0a45b720f4a75c580c9920eba98d", - "sha3_256_hash_of_public_key": "b8a3b8cf4709204a2fdb19889b0022ea655dfd58ff27e17d530510e1eef45793", - "sha3_256_hash_of_secret_key": "1f7cdadf3d4707efe1b7a6173d8f7b8a9f864ab388c3271d79ec424d9da3e896", + "sha3_256_hash_of_public_key": "30a5771b76066feb7f606a82cce122964da1be0b6872ee319832214ec677738c", + "sha3_256_hash_of_secret_key": "644983542c87680786b41fb07f959451f1507165353080a3789810fdf557f961", "encapsulation_seed": "7e8086a01dc5b3bb9eda25bcc45d27f99874841b97237968495800e007696ac5", - "sha3_256_hash_of_ciphertext": "1ca889a71a087ccee4ee1a178c3c55ce3649583f3db924e5c1003ccabc44091d", - "shared_secret": "b1090cf26276a81c22ef0e4479a4c705fe294d3b892051ddce7eab16495e0783" + "sha3_256_hash_of_ciphertext": "6d468584c0336dad723a1c3ea970d53837373372287371eeed8e08ca06e010cc", + "shared_secret": "2fc09a1852f458bc7afb58baea4d6e318bf6801e7804b98cfc250b0a1470c598" }, { "key_generation_seed": "b8bd0493a882e3a49b4e0f6256fb1fea0912562fd9ba26ec3d6c9cc12c8973abd7e4b5d8021c486b9c3114d7cbbeb7cd49eba8a61bc2bcae1f1bef30a1daf76d", - "sha3_256_hash_of_public_key": "46fe6c37136273736ccb11df5b6d55debbc087de802404b72a003c5e8c809719", - "sha3_256_hash_of_secret_key": "3177ed170e84ff15fa1e744adc9ce806e431a68f15a7a026c6092bf593dec6a1", + "sha3_256_hash_of_public_key": "31fcd120f19fe976236711e58b4ad172d25ce01eb88bc9d6d051c56564a0db11", + "sha3_256_hash_of_secret_key": "1502619da09b1bb5e418004fb0263c8f067cb9317053ed502c501c5b5ba4d331", "encapsulation_seed": "bb321ef14d44d8698df879fd52450567657f52a2df8d111185dcd7d4f30a72d4", - "sha3_256_hash_of_ciphertext": "aa9a0ea1823a84bc84649d26e249899437844827fe7c63d4828a5144929fa00a", - "shared_secret": "2fda9fa72321be3a0946d6d914c7ae714b9cc175619ab8abfd1f1fd499e0dc27" + "sha3_256_hash_of_ciphertext": "369203e0da6ebef7ae651a3111e67303f89f568b9897ae4c24497b3180e0bcf2", + "shared_secret": "930131d3145d5485f06c16a9420a612330843e6524dd74654a85c383e28f2cc1" }, { "key_generation_seed": "c0407e41ddf48d333978b89bcf2db01e4613425b456249e76a6f25b8a2827bf5b2dca81e3f5f748d23c9d356a2209f6b2d60247b2e45c9808de497f64f124643", - "sha3_256_hash_of_public_key": "a074ed1f76e97d68434ba4af2af0e549204222679e9e643580c35af3cdd247ce", - "sha3_256_hash_of_secret_key": "8f9b3f631d0fb04477846ae09aea725f1cc65b2cdefe2108cdb399c36db9b487", + "sha3_256_hash_of_public_key": "42f75d6e3755c28f3081ecc9db44f6cc7cec9891756d74093716697781fc8cb5", + "sha3_256_hash_of_secret_key": "21b9bc0035097cb2b892a3f4ad5660b160b18973b735181beec815eaf5ba5286", "encapsulation_seed": "210a423dadd899b810f011794b79aa7f860823ac1962370e791287d3a1afa384", - "sha3_256_hash_of_ciphertext": "a4fb01f55eb2986c1f90cece43330bee1b16d7bda48d617fc94aa14fc540ec4e", - "shared_secret": "23798e8b9eaa0b369842cad83a2bc32206f791229c830d7593b9150161168011" + "sha3_256_hash_of_ciphertext": "c6d1d905150eb6586eea72b13f7210d9830e8e689f9da7d9c04fa7705f21cf01", + "shared_secret": "b276a4fb4cf77eab502dfdf56eae9f8a8ff5e7f5df3f6cfc80614b193c87f08d" }, { "key_generation_seed": "334382d39164d1989696a2ff77b25a28af8bead9883b5365eb6fcca7c1781cc9aba5068af837be962f439f233593d193ce5e08f7d66efb3389885927b89d2523", - "sha3_256_hash_of_public_key": "26659f74fc9ec372fe18be4ed6aa28b7cd84ad1c0f0115dad011a11d20fda9ed", - "sha3_256_hash_of_secret_key": "5e3f83cb08ff80183879af9ade3631bed2a468e429ad027a5afeafd9a6f66362", + "sha3_256_hash_of_public_key": "43d6c8562cdec0e87d00c8ca8060da3f031ab663ddb43148eebd67969b7fd490", + "sha3_256_hash_of_secret_key": "d3c172cde1f249c0a7fdb003ecc0a189776b616378b188744e407ccc601fea7f", "encapsulation_seed": "bc856afe24213e3d14c3d6f9b89223bbcfb2c890722d770fa3492c1e46d1c302", - "sha3_256_hash_of_ciphertext": "6a4204db4803d26d7b8a769033e047f3b4cb616bf5451b88a1fb3ff219bba9cd", - "shared_secret": "d5c63d2bd297e2d8beb6755d6aefe7234dea8ecfba9acda48e643d89a4b95869" + "sha3_256_hash_of_ciphertext": "353cdb064a37df87524874d3f60afdf4077be0ad96e1ab61a9ff1745d1e6e5a3", + "shared_secret": "f4924920e64013fae72cfdd1e94b217eebd55a011f6b7542958abb297e4fd180" }, { "key_generation_seed": "6995143e8eb8a6e93840f76eec844f67d2b5f75b1839a5040337e61f9806764a0f4dff8e56f68440836a072412a30d851ace2c7c6f02d60e7a8420001a63e6c6", - "sha3_256_hash_of_public_key": "2ca3d8ad2dab1dd8a2f4320658fe6eacabf70d907920593919119cf374516336", - "sha3_256_hash_of_secret_key": "2798448395f6ae3223550e7d5255e6a605b430229f5809b6efd0683a6b9ca402", + "sha3_256_hash_of_public_key": "3cabf1c47e7aaada59ded4fa8ce378ce1d9eba621ebfe8cc96a111aaedc4b6cf", + "sha3_256_hash_of_secret_key": "225563503590841152fcf47d4665b7cfc76e2b9de23c0e24b527395549f9f7ff", "encapsulation_seed": "5fc00f89563e44b24cd67d0ce684effe5731619fd08e7d72e2406eb016afb66b", - "sha3_256_hash_of_ciphertext": "dbd5fc0e1df33ff8af9efd5e281a2b98160f98653803cbd54e3a07292b37fcc7", - "shared_secret": "29d6a229adf49a1139794209307b0ca24be5825b2771809232fb718660162475" + "sha3_256_hash_of_ciphertext": "f11aa37ffca654d11cb5f9aa294ab734302851b434b57e0f5bb811bb5bafc177", + "shared_secret": "412bafc716efe4ff928d9a86ea4665dd841e2f102a8363b994a0faad63251eda" }, { "key_generation_seed": "995eff7e0d195c6d0533f3dc194d47e60f9ad14696144cde694d60a95f3e96b4b28f7e7a15a005f92400ce33db073d49b53871594a88fc45e0f94207b5f0f2dc", - "sha3_256_hash_of_public_key": "de62eff56f6b49a156d065d85eaf0aa21ca229a20fa4e1372a410ab1c4ab6e7e", - "sha3_256_hash_of_secret_key": "6766cef3fe644a233caddf208074b58e6e83f8a78aecd00911c29a08f6f0b0f3", + "sha3_256_hash_of_public_key": "2853cbbda86e7039b635d4cc850f494d42b240acb54ab2316791e9ef5b45f1d2", + "sha3_256_hash_of_secret_key": "87ffcfe7a504e0dca284d8cf509a92a24f82ed7c46a8c1604d9a2d6d14b1cd11", "encapsulation_seed": "ea22a76065db4b565ee1807fbd813b43bde72b0e08407fb867c6a18995025e50", - "sha3_256_hash_of_ciphertext": "4c669e33b0227c9c2040cdacdbcb7d22b9984372587985ed8f860ffc8d037e79", - "shared_secret": "2a56a7a6d5b4c0500ec00a92e322e69be9e93006240889552072482966c54f56" + "sha3_256_hash_of_ciphertext": "ae8fb4bcfc08f8daa486b185540b501680e511f46fe8a628b8fe449d5a51590a", + "shared_secret": "c514d4086428200e118c1c297ce5ed865d7452cd7770363961bbb834f56c564a" }, { "key_generation_seed": "3e809ec8dd0fec0d911a4e3fac20f70fbb128c5de94dc7184ca7310ae9157a98d8128601c28b1def8d393a0db283229f7c7383152a814e7cefe8ef9d9768c473", - "sha3_256_hash_of_public_key": "66f161d27dc34e1a2f4b98b14a2b221d7eae26a593bfe432487d9994cb480656", - "sha3_256_hash_of_secret_key": "2237f6cbb452d375878b82c474a7c948ff587a5f3ed02bbba1459fa7ff8ef802", + "sha3_256_hash_of_public_key": "2d5680b483287bbd3e61a91839cca9e761429186176b7bc64034ad43f16f65e9", + "sha3_256_hash_of_secret_key": "bed74aff196e7ec7bbb4dcaac39ee1a79cfb35140cf4c400b6ef2fdfc53afc6f", "encapsulation_seed": "e9602b34fe73ad57f4bf6ead99743d645641553a5b9b9bf2e7016629e3e9bd76", - "sha3_256_hash_of_ciphertext": "8a2453a21a031cb8966924607a28882426fab2018826192e9bf833bdd38e0631", - "shared_secret": "ecb62b03f640ae4a9d89685fa0070efa93c24dfcff0d555142f9de25b62f861c" + "sha3_256_hash_of_ciphertext": "d46f403ce5a0dd92937acc508501305da6bcd32b56ff5d986fd6a07e713ab92c", + "shared_secret": "a175feba4c1bab576085bb12683d2bc44e98c75f543cee714c75391c559450ce" }, { "key_generation_seed": "dbf1c465fff3d9f783bd9ee61a573715e45691147b8904439b5ffaa64f94ff7bb6d75eac6c76ced1b0a025b40a55440712ad8424672e761e9bc400d63812006f", - "sha3_256_hash_of_public_key": "7537e68ccf14e8b7e57090d8f648529dc461ca3950288879e88116acaf57b4a2", - "sha3_256_hash_of_secret_key": "bd8e44337eef01251217c4702c99232c001b33870953473d83a7486fd25484cf", + "sha3_256_hash_of_public_key": "38635cec71b814aaac223f748d13158dbe8eb902d9125fdc22202c4d59251cbc", + "sha3_256_hash_of_secret_key": "f3b87926951408dbb27fc2a4a6c14c40fedc8a1cf5c34ab398d91d554eae344f", "encapsulation_seed": "f72b9080a6c051bbdb9b0abc1949034be0f89a9f73fe277ec4d4740c78d04a83", - "sha3_256_hash_of_ciphertext": "6077c60641c03aa8b36213dddf938311ce6b7b8801f967d42713e73249fe7c55", - "shared_secret": "6cc30699701927e07b559d708f93126ed70af254cf37e9056ec9a8d72bfbfc79" + "sha3_256_hash_of_ciphertext": "50350977c400c1318bac5e32925d0f575dd3559587f42d025f4e71648e697218", + "shared_secret": "9781578191ebf49b162aa768d093a332b9c849c11e240187cec2ee969d4b3860" }, { "key_generation_seed": "1f7cfd2b70863154e8a69d1758532e86c20cfc763d67c758bd10a13b24e759b5273b38bddc18488024ec90e62a4110129a42a16d2a93c45439888e76008604c6", - "sha3_256_hash_of_public_key": "82f68b15681cca5c2852c18d6e88bcb102a059c1d21936582adb71790cc0a335", - "sha3_256_hash_of_secret_key": "fd483ddc211c5c27f453bca56158e1f8084f075a7b06f5098cc3204427bf8197", + "sha3_256_hash_of_public_key": "af97825a77f2f4b6a45ec1a579f9f83e89c025d8d6876db26874f38348604293", + "sha3_256_hash_of_secret_key": "b2f08250a2681bbbd3c355e2dc61bda33cfe39f3dbbd2a3f3c41ee2266084cc8", "encapsulation_seed": "f1e5542190db8ecf4b8d617a04fd3783ad0df78bf8dab749afb57db8321d151b", - "sha3_256_hash_of_ciphertext": "5c6cfa16f63b1aa93a2b5edc2f4b14c9782f286f53deedf3153f329a2ae2d57a", - "shared_secret": "250e7f67bb34dd5477471e3a701fb71a8138a1920eb807824380f88a944a6fa3" + "sha3_256_hash_of_ciphertext": "33acafd1de1d8d8c7a9ff9a6cd69fd013b46b79e74a9180e99d5fa87805dc0de", + "shared_secret": "515dc87c21e6b134a577e4eeccf43a982ba7eac1224d701cf099ad07fee77cb7" }, { "key_generation_seed": "3a19577908efd37697b8edc7fdaf47d1bd3ad01a1b77faf794bee5b9c3192a6fa3729672816f3eba84c9638a79676eeac0f22c8a48e0c5d50a26ff0844c66b99", - "sha3_256_hash_of_public_key": "104fbf09445794c0ea0654f5caf70ee09d51c8386d4e1f467b10633c710ac2a4", - "sha3_256_hash_of_secret_key": "73fb93953ae666a9df1bf933ba56b8655ea9e319c0110c78d49f8480ae1aa3fd", + "sha3_256_hash_of_public_key": "8517ab7585926764ec7acff3c747479e837831429b97b7cf49ac3763bd9ebbe0", + "sha3_256_hash_of_secret_key": "7e5684a04d59f9166f6b408dbc8ae5daf3ec6678cf5eec1e5a9016392cd6c8db", "encapsulation_seed": "74efa414ae171bf60b6f884cb7e5ce12028f49365daccfa23e845d551711660b", - "sha3_256_hash_of_ciphertext": "e51772e769f778067916e81a561ba6f64fae6096a2b4d4b945d9117e7c36e2b1", - "shared_secret": "0210935a18f1add5ebc2e1107bf40a628ef9cf8f6e7cdac81dc0291bb50a5a3f" + "sha3_256_hash_of_ciphertext": "0515c19fb395ed94194a60a6f7883d6351fa61ff18060be4cfe2eb9f81ec0024", + "shared_secret": "edc2c0314c7c5b2b071b85e373c06b31fa54dc499168d4b43b15f1d05b8b7ea9" }, { "key_generation_seed": "ae0f65e29f38804a6759f70f4d01e2aaff7fe1c91ebc4f892dd0de3ab2e68ea5e03ff73e02a217659f53d8c47556bf3d8c94040f630d63605e2d0f923579370c", - "sha3_256_hash_of_public_key": "0f353d6a29813d354471eb8b4c38df93939eb3b1db80ddd1cdd6558a9f2687a3", - "sha3_256_hash_of_secret_key": "8a9edd6278707108652f3a5bc244592cb7a82c24634583ed2d3eb6a176b216b8", + "sha3_256_hash_of_public_key": "1bb014bb0d6489c14f5411051f9667aabce54da7a8deb73b627e3873d9390a35", + "sha3_256_hash_of_secret_key": "b890e330079934f2aac63e5f8d236054fabc8d6a6e057672a7a20150ae08a9a0", "encapsulation_seed": "0b4c3cffb2ba4380ead13dc0d8acad2356b448a810da1df29f264c44aab6d24f", - "sha3_256_hash_of_ciphertext": "a00c37bd326205575fcbbc100ed54630aa0f2d6dd9e69807d49151ac9a81c429", - "shared_secret": "34169fc520e944f94ff1fa3799db802a4c1b26cb2971bf196259a937ab8362ca" + "sha3_256_hash_of_ciphertext": "79018c9e998deaec058d73d702b669e10c89dd8285f431aa6e422a948a39cce2", + "shared_secret": "b3363e6e6dba3e41ac2c63895c461765bc8a0250880d3dd6e8a4479a7fd3921c" }, { "key_generation_seed": "6084a235f79dd093ef6d185b54e69df33dacee73a9bf2f379004421a10e3a79d9f684fb055ece19459eb464e91e126a7a6e3ed11ccee0046da234d964c985110", - "sha3_256_hash_of_public_key": "12e89c47142418c26396ef0174c02f69dc00022d56494d31af935490edee6385", - "sha3_256_hash_of_secret_key": "bc13b19f01d4cab36dac2154e0fd8fb7d2fa012596363942847f1b0bb3715f90", + "sha3_256_hash_of_public_key": "c9a546b5c0a567855039f6c1bca60414684e7bd1f8eeb7913f3a1795ba4bad4c", + "sha3_256_hash_of_secret_key": "be5fc57b3efd80d7e82b23f62123814ce04e83ce5c998ba42e7bb978dc70469a", "encapsulation_seed": "1c82471dcdfca3a6942061ab4f3d5bf0d197321437c706d9cccccce449447002", - "sha3_256_hash_of_ciphertext": "aed1a4ee810b81cb8ee49ee00e94ff4553f0ad2176fe4d27a09f4e68157fcc3b", - "shared_secret": "b5901e97eb656a09d2dd132528148ad07a0a89f638717eb53516a9ad19aa36bf" + "sha3_256_hash_of_ciphertext": "6c1b69d56c493f6f313d3c996336b8f84b76fac2d5ab5a3d795613b27eb10912", + "shared_secret": "8e648593c8f6f6f7a97ce7a2d151ada30fbbc7f3c4fc517d8cbadd71e6a17476" }, { "key_generation_seed": "acd1c0217fad5caa4235544dd9de153ab1880ccf4c76f16f236fae4e4bfda04cf03a8abb0a5010f400ae5722a75bdf5a2f6d5b546b34d73857cb1bfc7e587aa7", - "sha3_256_hash_of_public_key": "2fac52ca60594e514333ead02cb1bfa5cd1d9ecda4a0b25ccdfc47ad3f632a85", - "sha3_256_hash_of_secret_key": "2743b7a9dd83a6b9bb5c2685f28b5629b2e31132ac64788a0929557d3449dfc0", + "sha3_256_hash_of_public_key": "8f7bfdde2a7116ff4010cf829cbb18512f7cf44237c02241a1f75fe3ba8d22bf", + "sha3_256_hash_of_secret_key": "3f53a0acb384db89ca83d031bf210b072860adcaceecd79c36b4669407c1c227", "encapsulation_seed": "46fe60a18124125ab93e0c578f1c02f1bd1301595013001c7f3c2fa56cde294e", - "sha3_256_hash_of_ciphertext": "7a039d19c45cc557036189cbbc63445b3504a689db56845ece99d593f165c6af", - "shared_secret": "df5117706beedfb521f0f021069fe9650d0844194339033de6997dced05268c8" + "sha3_256_hash_of_ciphertext": "cc25f35631396f01cc366e019a7f15034cb2341d6c00924b538d25a227ed181b", + "shared_secret": "bcdd6f0d744d2a35147323a4a0451fbfb7d60d73c161c1f8c6a2b5e9f4239c65" }, { "key_generation_seed": "241191401a63afa750f05662e354dddbc683c776ce3222beb83e3cf913d7ed7ca59b3bd23b49a95bc1fad20070fec930b6060bd827d742b077092e422268e15d", - "sha3_256_hash_of_public_key": "3eb856043b822df9d60b55fccb537afa3cacca9ef50433bde1dd9831e534d192", - "sha3_256_hash_of_secret_key": "398ae3423ba5c6bb05920e83e8939a104c3e4ad91647edc7db1667efe438cbfa", + "sha3_256_hash_of_public_key": "27b1b921723cedf55fe756ff5fb67d555296c6185d171ed8ba01393d1a735018", + "sha3_256_hash_of_secret_key": "40db89fcd941566546d554db0342237611e5ef6fdf8c790f03357091af0648ee", "encapsulation_seed": "52fb7cb6a633fd2e83f2892bd9441b48fe59ecee6d026f5246fa7f2a5e55ee3b", - "sha3_256_hash_of_ciphertext": "05c9617befed785811fcc44d0fce5ae3a1ec66c4d1217ab42e4b754d0ef6207e", - "shared_secret": "eed6ecb831c881508f99ea115745448a7b312a4fa97f65044ebcede172dee2fa" + "sha3_256_hash_of_ciphertext": "c5b4844dd10ecf508ea6ed2d96d2328d3f14df6a2a16093bf88ca1283e30f41f", + "shared_secret": "072551e254959ce9f2c67657b41122d8a98cde044bb2f60955bdc6e5dbe55277" }, { "key_generation_seed": "b9a6b0c05677e957d41a34ba03bd06f2a9092e31f63389397d7e70fde6409d18e99c0e7b82be89bc3c1eaee6680aa4efd394e40c2b3f30523c8117f7c26a8969", - "sha3_256_hash_of_public_key": "306aed2a804a1c9bad4ab9e59f6126ad7c8633cdd0c2dd9d4c6f639d312ed47b", - "sha3_256_hash_of_secret_key": "88b28cf6fe19424ff82fc2bb096423b71f0cb8cf985af31bc15ceb4ed18a5e62", + "sha3_256_hash_of_public_key": "32a2a1197d78798bbeb13ce2e92cd7ed94b410adc37b1b31dc060af11fec8a8b", + "sha3_256_hash_of_secret_key": "602bedde695713681a96c94a9a6d35308102ae18d3f3beb92a981e4a3b7704f3", "encapsulation_seed": "0f81a5f97082121244403da3feeb734f6084b314b8d94beb11627aa6ad1914e9", - "sha3_256_hash_of_ciphertext": "315ef84926802ecbbb437f8f50927d3a391b55ee6e47dbd19aa9adeebb808008", - "shared_secret": "d6cb77dc96f9ae4bf8b2fc0e277935b3b7b7a59f749ff2c08ad42659dbce386b" + "sha3_256_hash_of_ciphertext": "e4631748f7cba566889ca2c5d90c47bba17000a0d934c4242a9a3d6dfac039e8", + "shared_secret": "88c0c1e22b68cd65e1eedd6d6208c36492fb674e26ba4e0d4e55f831a1affc96" }, { "key_generation_seed": "28a96c71577ba00c94f99fe965bc595a26db2b3ca6ab5cf8e443cdd8462b17929c35d165453e5fcdc6f9df64526d9de698f2bd3e6bac6c7fdd86601b9ba5f4a5", - "sha3_256_hash_of_public_key": "9bb3963cc1c5cf2b2d1c6ca76226328ab765a79999ccc71fe98d5bf3b34f51b1", - "sha3_256_hash_of_secret_key": "d8c2492023fb1175a84c19b3ce20f03dd12b1c26b65176d5582c319124bc0e24", + "sha3_256_hash_of_public_key": "7cc3f47f319f88da508f841e536a056625f206fe499387d27307257682237f96", + "sha3_256_hash_of_secret_key": "064bf50ddc823a97adfc93d52ecbff03a0fd5d94ab38874a5abaedbdaba67309", "encapsulation_seed": "31af9345365549ea0360169ed57daf98cc5444799d4c75d9f1f5d615e9df8a91", - "sha3_256_hash_of_ciphertext": "ae36e333ece7ca60c9bc2c4ddd01ca88443fd73bab08502656873b703af8925d", - "shared_secret": "1592f1413331f1871b41ff298bfa669bca667241790370d81163c9050b8ac365" + "sha3_256_hash_of_ciphertext": "b34a0a91afbc9599ae00e67ba4ebf0d8308b3e06efcfa148aed519b0f073ddc8", + "shared_secret": "56f717e4baddc2250873d667f73a442b05ca2f8714d4dc4d295f899217c92c9e" }, { "key_generation_seed": "c08ba2ef8c3a0a043afad931652d7a19e6e8cb670f840de5f1fa03309b2ca9ec5fe6141a25f7ab9f875f79e0a82d6ea5cde5a017ab637d5fdb7c42646a1d71df", - "sha3_256_hash_of_public_key": "6d029bb2121c788b5b6ead7226df664490dae362c4befb615717d81c656b3273", - "sha3_256_hash_of_secret_key": "0f2c7bd16d9289c3c27136df0cb6ebc624e80144cb92e6f0c897f58a53617ac3", + "sha3_256_hash_of_public_key": "beaeb6ff178f3228defdd117e6ba75a34abb70e86f31fdb16d74d91e6c1b47a7", + "sha3_256_hash_of_secret_key": "9cf056be85f240e1ae5b73656c07bfe83ba8ec7212973bac19cffbb80dae7249", "encapsulation_seed": "774ae54093d694ef40b63b62c73e6c98295f606feb8699807eda1d030ffb996d", - "sha3_256_hash_of_ciphertext": "f8a85f106c6144edf1c7906ec26e292f0390aa9d45a22e67ba2ea018ff565c4d", - "shared_secret": "966f35c6bc47b4525d9af1ba350e8f44ea448cd1d90cf4e9c55ae5878920b7cd" + "sha3_256_hash_of_ciphertext": "89243e04aa17615c309cae73fbfe985e0716c7fe3b8283b5e84c3caa67b5ad3f", + "shared_secret": "35f5517999e15ed842904d53d5b4747639d1165014ab77474c0dbc310e586186" }, { "key_generation_seed": "0e3b30e102d707538c2671060f603bb0b8a014103f132d63b09ece07e4a4c75b11eafeca9e810796c34e8cfce9d59342884456007b01ddd12edce6d10ed87e4c", - "sha3_256_hash_of_public_key": "64c819d9bf66855f6ae70627f04da8378547e5867e2eb9759fe0971efd601c4a", - "sha3_256_hash_of_secret_key": "e85b62236d5c6c691a9076dc58bd5da80999eccc8df973c7d0e7e65d8465ea7d", + "sha3_256_hash_of_public_key": "b2b71b8aaccf14842a6d4ecb713612f801a5044147fb9e6987ad3863759de31e", + "sha3_256_hash_of_secret_key": "01158ea58361ef89d935c9f845711c7f581322afddaf14e255f71c1dcc9c0024", "encapsulation_seed": "9f27a47604ab5146caaf0aafe6d149424f8d66e39ba3baf5e6c73b19221b7e21", - "sha3_256_hash_of_ciphertext": "e9149359cc37143b0b565bd413a04f41a7833c5b76012a9263a086ac34071684", - "shared_secret": "aa333af0226492126c6985130ac7df2226a64d6d5c5314ce3f7a99add6696d49" + "sha3_256_hash_of_ciphertext": "ddf853fbd339780b3f571de2aefb30f760454f2cc1f0fca009bc829afb1f3f7d", + "shared_secret": "a7159981a68244549b96b27991e1323013c353bdd9c8d6f583897c35923e87a8" }, { "key_generation_seed": "2478f7d3de6041e7e5cd11c5e2ef483d1aa6218eb126444091535f6ae532fa7311136e2681df2ef881b51a092a9badbe72c9772c169808521c47149578621e28", - "sha3_256_hash_of_public_key": "db315cafbaec2f8a0142f45affff65289e826c9244ab1cb03f9f65df3e3cbcf7", - "sha3_256_hash_of_secret_key": "be98d62e4724c0d960ad4839298d4571f9871033b63bdf10d3b0e589db376ffa", + "sha3_256_hash_of_public_key": "a13cb3f23ccbd9ca6a75823d1ba14ef03664560f397133935103ded2d7480b99", + "sha3_256_hash_of_secret_key": "710b3a8c8d49ee38390cd2776c42ad74a520c8d6ebd39b514f6fbf28c6c74b45", "encapsulation_seed": "90044031b7597b5e60a4f946b713e8996d0426d2cb013243d9b7d8f8ef159a0f", - "sha3_256_hash_of_ciphertext": "9f9368ba712cfee95f28a808cb2c23116a0c8da3910c0def2ef4e55947d7101b", - "shared_secret": "9535303e6035e30c6605c9e0f10c553dcd73828d8525cb190fea79937e093331" + "sha3_256_hash_of_ciphertext": "f5c4738d0ac3b25048186a2049668247c04033cb363e9d23b5d1518f8fa7e70f", + "shared_secret": "c4041a29c5b744e9039bf5155cb3ac0b799356829557a7aa3feb4b3585e6cf62" }, { "key_generation_seed": "9d405d3ebdaf35fa8722de431b669722acaaea2fd10b814310b17f78b66147d16ceb14f7662be0c42779459f69a145c0e2ce9f0bd9a0cd1bf32ed5694cc9ae32", - "sha3_256_hash_of_public_key": "c8d853e65b5b118e28b7cb6f0d5d6f282e0ea20fd72f3690a6b232b20a8a55ec", - "sha3_256_hash_of_secret_key": "7a5e854bad628be7b99f524f52a97b0959c0ee67a7a10ad24b970e6e3aeeeb80", + "sha3_256_hash_of_public_key": "68302cc5af214ceda67ff8161b29bc300c4be8e1a4139437aead8a9ede3cd4ca", + "sha3_256_hash_of_secret_key": "5d6904a6478f0632ec56477321a6d6ec5ccdf299bed0b6ee9f4b32c6b5effec3", "encapsulation_seed": "a7a31e140891ea37d2b6424b59b1f84f89220f32dcb73e037eb912b389d34a48", - "sha3_256_hash_of_ciphertext": "31b04a4127558df57844413928b29b11547de5afc088d568a962fe080c97f190", - "shared_secret": "0caa79e0054182c15e54159fbe36d9fb09481331a560ccd9714fff81db5615c4" + "sha3_256_hash_of_ciphertext": "b4ddaeac7b4080e5e9bccdd2cbec4395a1393e61e038bedae9542db78769b923", + "shared_secret": "b8441852349193321f466ccbd3afa48bafe903288108312de26e9bf0de9f680c" }, { "key_generation_seed": "9a86490f0615f3edf789cb0654066e9ee339cc59f968281f3b89213f83c692edfaeb2ef44d2f608621e831187ce79b2d2f4a20f1568bbe76b0d3d5af36111714", - "sha3_256_hash_of_public_key": "f69bd52cb1d071f1cc7720f949d44f66f40c917eb30f3a4b0eb519ecad2d03dc", - "sha3_256_hash_of_secret_key": "b6ef04e6acbcd1bb072d1cd28412cdb00ee40d04ce5b39442a2efd6756292167", + "sha3_256_hash_of_public_key": "149ca4d94813f81c792060502e09a88ea694c5de863ce6a50516cacb1c3f44bc", + "sha3_256_hash_of_secret_key": "8e69c68f8a7a0ad82b033a0bdc94d253d3e7e8516d67e86bb95d219a1090529c", "encapsulation_seed": "70eb3f791faa91f1f982fa477dbcddeb2c55691c07f93b04cd31b37544c94b42", - "sha3_256_hash_of_ciphertext": "d8fac8ffc3d8dfebe66c219f4189b780d5ba8fe28d5ab79264345639740913b0", - "shared_secret": "744ce1aa5a9c515c6571ad6e2f5985df8434e35e9f714cf3659f184b5db4086f" + "sha3_256_hash_of_ciphertext": "5fbbb17b2c8ecbb8c74f2cf6259404cb9e0cadd393174e49e88298c6b7a34a22", + "shared_secret": "9d0d9ba501da1b46775258f5c0904721906b237c3461da6c31d70da8575fac37" }, { "key_generation_seed": "6dfd9b575872560c7bdc2732c4a28dac4db04e535eb8e402c3dffd145c09ce47a2985c1c4d203778597947d710dec806e36b0cd949fe460ef141213bfc525e5b", - "sha3_256_hash_of_public_key": "10e01965f9c196d2f5f90ce3ce8f552f8a0d76ba8f5345365392febc50560012", - "sha3_256_hash_of_secret_key": "2b5c6d5fe9b09ab5a027522e699401223ae9d304ac912f1b15f0f647dd9a0a7f", + "sha3_256_hash_of_public_key": "e5c52e639e5acd0fb97c7eb44df56df5250c6de7d171c467ce6887eaa4ee3d61", + "sha3_256_hash_of_secret_key": "6b452ca57379b09ea36746b5b55be3b73df4faf809d7899c5368a51eb4b18cab", "encapsulation_seed": "30f4095015ba88b6d969672ca3f438c395dacf7d476ea7a9e805ce932d270a13", - "sha3_256_hash_of_ciphertext": "e8b01628c7d63f16c59e67352399a760581f341ed41535013490502e884733be", - "shared_secret": "726f7d790df4c860a0b2c40de9d62c85d0ff70c704ce5a1b3f6bf1b3e3f66cd8" + "sha3_256_hash_of_ciphertext": "9ec7acd421fd05aeb4440720890cb1ebfba0f0ba3d9b57268b583ea10720a32d", + "shared_secret": "188aa07faa2b7a19b6b7bfbd4cbb1ad829a7415d601fdc3b635528db136cac52" }, { "key_generation_seed": "6fca9f4e384d8418075cc064c70730801bdb8249899d456a77130d5beeb3662cce7683f8a03d3cf04e46970ff7d6a12494ae12558346dfc8fd9370bf944a0102", - "sha3_256_hash_of_public_key": "7c3991fa7983d0dd6e7157cfb152538466e9d5c3998a2b8ed862162b91ca851c", - "sha3_256_hash_of_secret_key": "72e786018ae9ab8293fa51cb7ca3ff0435e7cccbd5ae02b4680b92c148590265", + "sha3_256_hash_of_public_key": "9a350302631bd506be010a3f42112ae4ea731d515d80c3a21fcce60cc4d945ab", + "sha3_256_hash_of_secret_key": "985f528fdd675f3efdbe95a03e071f28e2dd16b425c51651a1e645f6b87eb25e", "encapsulation_seed": "cf31220f44de862e1719570e1b26e897790159366a385452334fe24cdcae28ba", - "sha3_256_hash_of_ciphertext": "5b2e8a3e38c13b53393c8654e92eeb6251ddbe50de4b3c5203a06977491f2fbc", - "shared_secret": "68f3e22d1b2d8c57bff32160e550becfce535fdcb327394aabeb60eede263213" + "sha3_256_hash_of_ciphertext": "df8cc2e78b5df8a43e7ae87566452a5df656f13f93a22566116a84c30b786f8c", + "shared_secret": "70df7eeecb6ad19b54498071e0840f4957e935a62feba82fe29531f79c2c1651" }, { "key_generation_seed": "e58f71bf175c0550a67e00e0f7b3b7fc36bc2707bf0c93044a492626de36301a7f7054814869cf7625e45647bc1547aff288dbb90699b2ad84893f3b755d9722", - "sha3_256_hash_of_public_key": "8aacd8940ff6fc27f175342be74d48075f8ae9320cae20a41c879c27c1bf815d", - "sha3_256_hash_of_secret_key": "f7399dbf35fcc57a9bff87b0087755faa75267788cd0921b9ebc5cde8b656271", + "sha3_256_hash_of_public_key": "866573e536b4017c02e31c8ed7455c841a5ccdb795fc200acaf1da2fb936bb59", + "sha3_256_hash_of_secret_key": "e8a4ede82799c3a425b82912df460d5d1e78757b4a917177489839abb92029f2", "encapsulation_seed": "bb5e65669a44e5d5c709bafa98c16ccba6ac2c4ae923334f69a11543eda64f5d", - "sha3_256_hash_of_ciphertext": "aac868f2299bcd272afacf50f1ab0db3d092d33565cffb5645d8b92271e7e893", - "shared_secret": "7f6085840a30c6b1fb9dca782e0c78a2264d54726c04c3127956f131165426c8" + "sha3_256_hash_of_ciphertext": "99d967e7c92a7d7e2ed54b1339472d8780e0a7671aa9afb8fa2f19cf96353821", + "shared_secret": "8baaf439867c9761e78a64652a383e21682969d18f84dbae0d3a63095948863d" }, { "key_generation_seed": "e3fc575ed51513e62aba655d24cd9c8f1c6c848aaffa946c49a53ac3ea59e474d82c2f1bf2e6aebde5660fa73356982e12999d8fdafbb3cb186341d0386dead0", - "sha3_256_hash_of_public_key": "149e0b6b49fe8adba1217c2c57c83f2b8c5f1d92f319e502b184a65869214f75", - "sha3_256_hash_of_secret_key": "6dfa4d29af6a0e8413d5591339c15d2e2cfac3f502f49acca3efb53b53624666", + "sha3_256_hash_of_public_key": "b33387825115cba8b0ae7da0d1aada1ce4ab05bc2479b360b6c56dfa870ca825", + "sha3_256_hash_of_secret_key": "7c35640775e31eaba8a119a8e89e1e2180177a55e54391c3fa6675829d721b01", "encapsulation_seed": "9ddb3aa9c7905d1a438c93bcf78e3e321813580371ab4e1289e2dbf3701972c2", - "sha3_256_hash_of_ciphertext": "ced7a64ce643faebac8ffd39c6a4594732b35f1d6899978ba192b87003d3ad27", - "shared_secret": "96e30641ea4280168da37291a3063342ced8e77b33b5415819938c0bd7264ffc" + "sha3_256_hash_of_ciphertext": "d42759ad66725175d4d8d3cb6519e9074d6c13d4d183863f1695f0e3b831a10a", + "shared_secret": "60b466221ec831f91a91b76ec6bbc29726f65ebcacc96f9e191f57a1399be186" }, { "key_generation_seed": "470b4943f0fe7fd0d8ec5185aba0d1db09d112934e4fb4787e2bbc6b88466e7b8b2809fd40008be70a6b184981101724bc3d5ec5e1956b510b82fd5ad0668a5a", - "sha3_256_hash_of_public_key": "29b1bff7f12eda28dfedfbf0ac16e27008c9fdc62c35e53b28a312bdc91c40bf", - "sha3_256_hash_of_secret_key": "762a61eb847c017ece920f51d5da7a9036ed8b835bfd7793527321ec635e2fd0", + "sha3_256_hash_of_public_key": "720fd4f96ab2cac1be382907e8cba0702018ca27b28ea8f93cc19c4809885a3b", + "sha3_256_hash_of_secret_key": "c1ec32b739485e2437a6b4dbed289f0cb7dea0ed3b2add99d4c49a3eeda1b0fe", "encapsulation_seed": "26d90b190a6c3d0d9a86cf66005154e7086749e966e7187c249ccb9329fd3b8b", - "sha3_256_hash_of_ciphertext": "bf49310a35f9ba7994645f12949e658b0dd43d3de76386dc20d08c650522f86c", - "shared_secret": "47e54c85cc0e2503629a8bfdcfe038c3cf692d723d462bab733c7c8e0aa37b02" + "sha3_256_hash_of_ciphertext": "5fae7a10471d5303e5f6ee5d1e34013528af4945de811ffa1828648986607299", + "shared_secret": "6a302778f406082fa285c5ee299d78b048e837c5012f42f9a80e8659b10defda" }, { "key_generation_seed": "6df4385db978d27b27d2aa5e452e4152b36f097503d9581ac3390105c5727e7dc95fa08ed106ce84660e8a4c90bd2b22634e40769aa0090a101c5dddad45edc5", - "sha3_256_hash_of_public_key": "b990059e901097d00e0ebaf40c5d5dab009c66798489d357e760478ce884cce5", - "sha3_256_hash_of_secret_key": "37a044795bd330e4dc60a6d84bc6e99664d1be418b0239661d2ff16d1501573f", + "sha3_256_hash_of_public_key": "bfa4b55c7baf2651415d3f28d221b291b175340a07843b299a46e02e22657634", + "sha3_256_hash_of_secret_key": "605c4a98f3775c9678804fd5795946c1657311d123b5c7d1544192a205c043d3", "encapsulation_seed": "7db6d1a129d6123f1f805b79ad3b413012ea86aed42a05e98e7b1f32f9fbbdec", - "sha3_256_hash_of_ciphertext": "329115908d0763110a387c99778e4746861e80367ee90fd821cda9acdb93fd64", - "shared_secret": "8569bd042465a2c4af628425cb102b15ed4f5feee16090e2234f3a884a0fa938" + "sha3_256_hash_of_ciphertext": "39e07846b4ca91147a0b680f5411c75db937a6855f08939f746ea3d5f9a11d51", + "shared_secret": "88a46d35cf07e48c6528b95016aa0c414344e090ee897fd80f26b67bc0451c7f" }, { "key_generation_seed": "dbacba825728444921b227cdba54446b3f6881b47be9cd02832f78b023b1bee0e15274a8e2bc08fe818b117ba28c5dfae74d54fcdf6f20052f79be333edc8dde", - "sha3_256_hash_of_public_key": "175eb63c3144108548720ce7ee0f43a9ff3f52a9924efe9f2f59318bb93c86b5", - "sha3_256_hash_of_secret_key": "1993d7639b79f5e4871a7c58a69fec50f96c1424c2c0ee030ac054ae1b88a56f", + "sha3_256_hash_of_public_key": "9675fc6d1e3cc4e0eb62d31b6b4f10022d373d2718f3d20ee1cc00ef6892d9a0", + "sha3_256_hash_of_secret_key": "c463b8ab9069814e5308cf9742c6ab6e08c355fa34c0d2e65df1962589eba56e", "encapsulation_seed": "1d129b27be7384c359d04311fe5c44917d1fde4bfb57314f483ac617edd5ac49", - "sha3_256_hash_of_ciphertext": "8f4225838f2964a986336bacddc40836a98c32cca68c6afcbcf9ef68d9a3760b", - "shared_secret": "c184e0b019c2db772e2c1ca6f97f47478d99cf0c4c5ae1406f51d15815022123" + "sha3_256_hash_of_ciphertext": "5c7ef87c49f71d3098fe3d33b22bc8191f440bcdf1d04a46f293c5e6b16af12f", + "shared_secret": "f3c5586476f4814a2d3728a6f0ceed7d19d076b790d3675e48611c4b8df9702e" }, { "key_generation_seed": "690eb71fd7052b906eaec09937a8ed374e0b02afa27c2f14399932be5839fad281c38c2cb5cfafac81b96a810ab749b61806b6d54c9f8cf4bf1be0192423288f", - "sha3_256_hash_of_public_key": "9bc32a138a2fb5b6072464172abe0fd97e9eabf357c3fa5391d94a415b53abd3", - "sha3_256_hash_of_secret_key": "3db4ab1393cfc8b1c708cf8efdb1c443c975878898b60182c22af66375cba13a", + "sha3_256_hash_of_public_key": "9d162fce2f019205a2106acc8e3e3465b6fa3912a06c764e625cbe3b95dea6c8", + "sha3_256_hash_of_secret_key": "eeb3bd9d8636b55722f42b3342e415b23df96d1c9b2c5b9c1c2a3e619348ba6f", "encapsulation_seed": "bbc773ebd2df42c36ae05952d6a64c63a5dfb82ceb3ef4f8d4df3a30ec8c0467", - "sha3_256_hash_of_ciphertext": "f1c85f9530d4471eb1401fcf422a29533738c485a6be25f0b554ebf40b49d49d", - "shared_secret": "6d72e23c8a4cc60b2f14adc788a5c480033bbf6eb111070912bc83ad7b89280b" + "sha3_256_hash_of_ciphertext": "d482f25e93fd142aa009f2f2569427ebcf04b87aca2bef5e022bcbc1e5972ed1", + "shared_secret": "a828fc1446ff04a950e4f551e442aeba279f44de0ec5296fd981bcbe6ee90d8e" }, { "key_generation_seed": "32e0ea9089fa928482c0770da545af1bb871a03ce38604138b0d08ea2a10ca2bc06c5bef7b6508409daf847a64c8d30d0974fd3ba7476dc76c46b458a036d884", - "sha3_256_hash_of_public_key": "7ef43a72ef04766f1e899d25c9a005009c788b5faf985123cfb3fb97975de26d", - "sha3_256_hash_of_secret_key": "77431cb18010a604d56fe5a623bed2ffd028a741f176fa09546e9a45a48caa5e", + "sha3_256_hash_of_public_key": "3e834e34f198ab5a3504cfa0c6af6ab78de3a3ef5667e6065e084cf5d2a5bb32", + "sha3_256_hash_of_secret_key": "d74767e217cfaaf75adc92927107c76d7267b1d7b3b76f2f8ae5a9044aa290f2", "encapsulation_seed": "5b17a6adad541efcbf5ae4b0c0452cd2ce32e4f0f8701801c5b63e197c1fcbf4", - "sha3_256_hash_of_ciphertext": "83ddab2e25614544649a1e497b5b21c40a3e154e8a22c270f63cb0c40aa868fd", - "shared_secret": "29e6b1edac0a9aa33066c113167e42c64d70215ed04963d8be2d4c2dcd0f6589" + "sha3_256_hash_of_ciphertext": "3a41b6054d918e9613e8d4eab83628f7c82b6ef447ecdacd0a74cc21be6b47aa", + "shared_secret": "d98b18f7b6717b8f6b3e331d6d8f9d3633eb70f54133a78e2345138420edf89d" }, { "key_generation_seed": "6fb2ec719f2a0dea152bf3f64b9d148f8ab8ba88f64e61f5db53e12d59f525574f797c007e4061f95c7d56cfc7ee5c49e849dde3fea8f25e7876df2a18515c34", - "sha3_256_hash_of_public_key": "2c0db43f39b672b2cd912f907cf76a0f6fda925eb2d205546431be0b37b20411", - "sha3_256_hash_of_secret_key": "09844e203f4d8fa30728ab388b9d654847febbf5c9cd939cdc11c9c9be24ce9c", + "sha3_256_hash_of_public_key": "c5e157ff4357d3c26b7c4b45315f0689f135c85d952a64648b0a8cec03741fe0", + "sha3_256_hash_of_secret_key": "edc6b8e2036f9ce7ef87dc58d4866ad9f320ffab1aa22371b7b56ec727f77531", "encapsulation_seed": "61ab87659525de9656af41246f20e1dbe85c24e335e7ecf9493f46168bc14e94", - "sha3_256_hash_of_ciphertext": "a2108ea2c446b566a50c228928893e2e4bde5fafb2184af92eb1314113bde0d6", - "shared_secret": "cfd1b82181543656807880f6e2576f0b095bf84629b3367e9bdede24662ee42e" + "sha3_256_hash_of_ciphertext": "7324a073d06af373494ecfc7960cfb81484e9ae64bc16e13651b015cdfb73668", + "shared_secret": "b7d5919f0bab0e2715a97cab993656831bc8a3dc86c3bd32e64ccb4762f70499" }, { "key_generation_seed": "527fb88c8bd9a4d6031dad15e63878abd2b559e7e08d61f69e8e78fca964ee6ae32d432b4f9f751bde0496c580a181ffed762aa35454a02d3f1f47ee0394c89c", - "sha3_256_hash_of_public_key": "aae8e61b905723fa092fb95b839f6de3670c39ce0498c27b87d20c24e7f64e22", - "sha3_256_hash_of_secret_key": "3880f7ca8fc33575a7a6d8bb46fec86a3f12e0068630507ed245d8bc278fbe5d", + "sha3_256_hash_of_public_key": "f5cedd022077b1a6a052f5287219393cd2e0366d0f5531b2f7ea8704d2900ce5", + "sha3_256_hash_of_secret_key": "882916ad7b7707feae2885f13bdf19d36931886c4bfd188fd46b6b6adeeb8d78", "encapsulation_seed": "eca2adc3da1fb15f34033405ec08ef2f46163df4bfcccf8842c600ce0bc2026c", - "sha3_256_hash_of_ciphertext": "ec48b3ec403609a0ce2d1268cadda8184ab9629cc5913135ffdecd420eed1aa9", - "shared_secret": "f7331b0a4674969838482b7184fa92e5246f11f5b5e284c3e179effff7eb6329" + "sha3_256_hash_of_ciphertext": "84e4fab74ef96f7b3ec50d7afdf69445b4326fe3ad695efcbf56426c0a6df6c8", + "shared_secret": "149e4e38a07d18c0b08edf9c47e425b56f7da87b2b9c855bedd29f6f0a8fe5fa" }, { "key_generation_seed": "ac6fcfaeeef795b6ef9e062f02bf42975fa01e7d91ba832f74e05269a72684d05aeda108ea4d6c6bc0fb958286850422bc357ca67b83c986048e0d0087fa11ec", - "sha3_256_hash_of_public_key": "64e085f67e48f00a7a7f82963e8c67176bff839a54fa1008328c0612f98d83d3", - "sha3_256_hash_of_secret_key": "0bfbc25d9df751f4c30907095eb6d9a75ed07fa23218ad0fffc469f0e55553c2", + "sha3_256_hash_of_public_key": "a53a20ea03e400a843c8cf4d04bfe0c0a3ce63dde01045e2669f7ae5da790577", + "sha3_256_hash_of_secret_key": "9d1e4432908352535074efbfa7cde3e6738e073fd512e04e9601380fb40b7614", "encapsulation_seed": "c4f15bec2d7701339d0ade4835193bea3632edcf89e74992620d9eb623a0d0d4", - "sha3_256_hash_of_ciphertext": "fb74b727ad120c18915dca475f3082cd34ded7ae20a308106384ffb5caa029d3", - "shared_secret": "c89d62938a5caabfd5b30d82ea88aced52ef5f8ec0528e59a654e1f6aff1cc2f" + "sha3_256_hash_of_ciphertext": "071204e26ed00e7a1f226d4e971cfb2d9502e17da99f5479235763cb7723ac5d", + "shared_secret": "38a1fcaf302905e18940605e49e5f44c747b06e789acc9c395211823598ef516" }, { "key_generation_seed": "ba2fb9318d4dbe7488057c33e95e6f054583a2800c41bb83083c330a914a12cfe63f8ffda3565c2424c89b20974b748a65a5aba75133fcb3156dfb6626a83bab", - "sha3_256_hash_of_public_key": "8dab879de09b58d0fc7ade140393ffb5343abbddabdc118fad519b14436a964c", - "sha3_256_hash_of_secret_key": "7c53072fd98ea7bd8c5e873688b1a5650fe7e11c791407ac8c118b7958cf414b", + "sha3_256_hash_of_public_key": "cacca228846450ebb8f04a2a5ef2d919dfa47c4aa265f4cedd10cf74eef3ecc1", + "sha3_256_hash_of_secret_key": "a01db77c5983b2472e616dfc04666a2112924dda5ffbf00a989cf1a48578898b", "encapsulation_seed": "28878249e2ac2b6263422993923a0c8bd05ce56e385ed13c943b03d226856947", - "sha3_256_hash_of_ciphertext": "a1f1579c4ce8eb725e697623321b3d9f55f4b1d0def10b898535ef6614e9923e", - "shared_secret": "204d9272682710b52fb39b1176af3ff737848978770310df0c67996f6cb596c3" + "sha3_256_hash_of_ciphertext": "dd0b438cb7dcda28762d06e61f1765baef8003d0d86ff48cd4f9788cae8e8618", + "shared_secret": "403543b0f8e519ba4ab878c40ab5aed412ea06bfeb2b864baa5ef4b81a42c454" }, { "key_generation_seed": "aa6dd1e5799cdf7af9c4fc632b3eb9d51d66e85c8e0a21ec98664fc51ab63c7dfda268813efab5204efa60f78bf81d320d01ac09ac06244f7afbd2d80fd356d9", - "sha3_256_hash_of_public_key": "919a696301240cd6129f66be58e19d99b0d827d9932785cd9ea3d92f7ba54463", - "sha3_256_hash_of_secret_key": "cb1d7301f15951883cc3f287d4dd8fdf5c9b7022f558dff551c2ade5f5065755", + "sha3_256_hash_of_public_key": "4126f5151d1b086e26a88bd9f20710ef06aa0f834722b801f6b79c031f1f9213", + "sha3_256_hash_of_secret_key": "9a6c24b5ae556241f3e6b07a7576971173ecfe474be9c6b09fd12ddef8b5f75e", "encapsulation_seed": "17fc65f7fbd7c75ceec421dee84dff5a8cb22764a182db17e0ebe857f54d60eb", - "sha3_256_hash_of_ciphertext": "f02654803493821dd9c2ed23f9e46a36addd5fca0da706bbeeda87a2df9fec4f", - "shared_secret": "76e5f7623e3e867fd12f28dfda4311f7cd90a405b73e994e857f693573fd2b8a" + "sha3_256_hash_of_ciphertext": "7c2b9cd82c349fdc534ac30eaa18bf83afd0736b17a4320963571c109451a5b6", + "shared_secret": "f7a280462f93b619888b5a72da3749556e53ef4f4440df728c8db1edcc86cea4" }, { "key_generation_seed": "195d6c86a3df4c21e3007d7f2768b43c74cb3060e0eca77f0a5d3271542b9a84ae77e0f9f21eabd8c0c6eea7767f4e10fde5c2d79b8400bf96b19014b457ec21", - "sha3_256_hash_of_public_key": "cb6d7232426bdbdfdacd373c9190722e7bf342825f7d829185dcc9120588fc76", - "sha3_256_hash_of_secret_key": "a85e24cc2eafdfe40d82f46471112e1359628b9955f3feae9955b48d563ac952", + "sha3_256_hash_of_public_key": "b6f12914ed31f14f79c652eed4db478de7ebd263fe27052509fee10b50f2d053", + "sha3_256_hash_of_secret_key": "1a4de442c4c6db97bfa12227c4423237a869c93154e2c5ca49cacbd0ef730485", "encapsulation_seed": "fa0489f3730100609488e951e6aaa15c0f193bc1dbcfcd013bc418d6c507b176", - "sha3_256_hash_of_ciphertext": "17336b9ede3a1c26abe725828a5afbe746035a73dfd4a8fbde5040fbabeb2b8d", - "shared_secret": "874ac966970f29935db73c231e71a3559b2504e5446151b99c199276617b3824" + "sha3_256_hash_of_ciphertext": "41d75dd4690637576652071cb46987cc26321a07bb47a1cfb07f30d2153920c5", + "shared_secret": "fef3730b905431d14aa7aa7bb1d253cd912335c590b8d7de1e7aa4e0ff76be04" } -] +] \ No newline at end of file diff --git a/libcrux-ml-kem/cg/tests/mlkem768_nistkats.json b/libcrux-ml-kem/cg/tests/mlkem768_nistkats.json index 6a819f80d..7292c63df 100644 --- a/libcrux-ml-kem/cg/tests/mlkem768_nistkats.json +++ b/libcrux-ml-kem/cg/tests/mlkem768_nistkats.json @@ -1,802 +1,802 @@ [ { "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d8626ed79d451140800e03b59b956f8210e556067407d13dc90fa9e8b872bfb8f", - "sha3_256_hash_of_public_key": "d4ec143b50f01423b177895edee22bb739f647ecf85f50bc25ef7b5a725dee86", - "sha3_256_hash_of_secret_key": "245bc1d8cdd4893e4c471e8fccfa7019df0fd10f2d5375f36b4af5f4222aca6a", + "sha3_256_hash_of_public_key": "f57262661358cde8d3ebf990e5fd1d5b896c992ccfaadb5256b68bbf5943b132", + "sha3_256_hash_of_secret_key": "7deef44965b03d76de543ad6ef9e74a2772fa5a9fa0e761120dac767cf0152ef", "encapsulation_seed": "147c03f7a5bebba406c8fae1874d7f13c80efe79a3a9a874cc09fe76f6997615", - "sha3_256_hash_of_ciphertext": "bb62281b4aacc5a90a5ccdc5cd3dbe3867c502e8e6ec963ab329a9da0a20a75a", - "shared_secret": "729fa06ac93c5efdfbf1272a96cef167a393947ab7dc2d11ed7de8ac3c947fa8" + "sha3_256_hash_of_ciphertext": "6e777e2cf8054659136a971d9e70252f301226930c19c470ee0688163a63c15b", + "shared_secret": "e7184a0975ee3470878d2d159ec83129c8aec253d4ee17b4810311d198cd0368" }, { "key_generation_seed": "d60b93492a1d8c1c7ba6fc0b733137f3406cee8110a93f170e7a78658af326d9003271531cf27285b8721ed5cb46853043b346a66cba6cf765f1b0eaa40bf672", - "sha3_256_hash_of_public_key": "2cedad700b675e98641bea57b936bd8befce2d5161e0ef4ef8406e70f1e2c27c", - "sha3_256_hash_of_secret_key": "0a84cc895da138b944accbef3ff1a0004b8a0d8af5d426d2b82ea4c0e585cc6a", + "sha3_256_hash_of_public_key": "7b00751eb9b1253231213f8a14f06f0fe1b7a4fdb7d1cfe44c161e577e5e8f0a", + "sha3_256_hash_of_secret_key": "3a8c009e8e648ac572d5592e4a92907fae0c1767be41c544b59dc3ffe61f7ded", "encapsulation_seed": "cde797df8ce67231f6c5d15811843e01eb2ab84c7490931240822adbddd72046", - "sha3_256_hash_of_ciphertext": "c15158a536d89bf3bafaea44cd442827a82f6eb772849015f3fec68a29d589dc", - "shared_secret": "c00e4ede0a4fa212980e6736686bf73585a0adf8d38fec212c860a0d3d055d1c" + "sha3_256_hash_of_ciphertext": "bce1bf3450f574130b9561ee11565fa41d599d05d2136f10ad2c013eb5d13ca9", + "shared_secret": "5f0c5d9f39d3e724b5a2bd54e69e360f72ffab5d4d6cc5e572fecba80acd4796" }, { "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345e82fcc97ca60ccb27bf6938c975658aeb8b4d37cffbde25d97e561f36c219ade", - "sha3_256_hash_of_public_key": "3dbc65b722a8982d058e27d409f04f744551ecde9015b62607cf67bb8ececbb8", - "sha3_256_hash_of_secret_key": "0ffced333b5d13fff22b81e66d57b6e2a6dba0285fe2a82d5537df51a8d3eac3", + "sha3_256_hash_of_public_key": "9bda55b63cffa9bf953993918b18cd6595ea6433b479e89b5cd3c9339e4468cb", + "sha3_256_hash_of_secret_key": "d5fc96564df6e53622b2db8295a80a44e3bad7147696e2ad1f728639c98791b1", "encapsulation_seed": "f43f68fbd694f0a6d307297110ecd4739876489fdf07eb9b03364e2ed0ff96e9", - "sha3_256_hash_of_ciphertext": "aec80e6fe21e2616352b4c148f9fa0e30986541fb0969df7873b1336b23a8de0", - "shared_secret": "8f50401bc9b1f857fd870902d4065f6cec8cb825db3eb22573c6167442b6e19b" + "sha3_256_hash_of_ciphertext": "2a8b5d9bdcac1b7ffb6d655368e15148308eee98ae34f4105eaae87f24a008a2", + "shared_secret": "7f3bcc03a35a0030255264914e5d88a0c93611c7ca21f0609678a88ca42ce1c9" }, { "key_generation_seed": "050d58f9f757edc1e8180e3808b806f5bbb3586db3470b069826d1bb9a4efc2cde950541fd53a8a47aaa8cdfe80d928262a5ef7f8129ec3ef92f78d7cc32ef60", - "sha3_256_hash_of_public_key": "94391b7a41175a41c15cd995ebc69c83b29e4bcea6c186611dc4a79578e37f4c", - "sha3_256_hash_of_secret_key": "e3904266e186b34a397014c95f6d314cd6e1c813348b02e977d0fd21d9bb681b", + "sha3_256_hash_of_public_key": "647a81f0f1b3e3dacb6e73e900f7c078cdfaa7119a5ede48c7685fdb7e0fe2f5", + "sha3_256_hash_of_secret_key": "1cf686cb8732c73a38b35d73b0b28fb120bc89cda1554d9f12adedc057862081", "encapsulation_seed": "ea74fbc3c546500ed684bed6fe3c496d3b86d2d6dfaf223969b942e9a8c95e85", - "sha3_256_hash_of_ciphertext": "39fa8e1d0a5e4bb987618734ee4903771886030b2d8bea4b5a9b0cb672ebb279", - "shared_secret": "3221d7b046caccbded38e369625f69bac60c2d7efacad8f24170b10c5d222830" + "sha3_256_hash_of_ciphertext": "1c51c85ce66d80c1f9bb138e5bce84dd75cee4260c8817e06c6f2bd920601530", + "shared_secret": "c630736985fdb7830d7446e18b6b81fa4a707a6058964b99190120de85e7559c" }, { "key_generation_seed": "66b79b844e0c2adad694e0478661ac46fe6b6001f6a71ff8e2f034b1fd8833d3be2d3c64d38269a1ee8660b9a2beaeb9f5ac022e8f0a357feebfd13b06813854", - "sha3_256_hash_of_public_key": "c5dbd68b3a8c148b2e7ac049bb986e14dd1cebfa1cbf3edd6bae85a4d2dda082", - "sha3_256_hash_of_secret_key": "b3fa7958f4b7ccb68712ae948c3f08740c8b89a69e53ad4e9959234e6869d8fe", + "sha3_256_hash_of_public_key": "811aea11a24a4b09e428415f82ee836e930c3b77867aafc5e6728149e3f2bd1b", + "sha3_256_hash_of_secret_key": "6a1ff1351c538a5661fc3576c29408c19f42da3688fa16f9ec5ead6a84420db5", "encapsulation_seed": "64efa87a12cb96f98b9b81a7e5128a959c74e5332aaab0444fca7b4a5e5e0216", - "sha3_256_hash_of_ciphertext": "ca9f95c38dc95f51b6b62ec709539f0d1e9fa64e49ce4ad10bbe62868f35cfc5", - "shared_secret": "1d746afc4160c75aaa6c6967f4eee941e09546a039027f05f0f8a483710ac334" + "sha3_256_hash_of_ciphertext": "db4dedc1e4d383acaf974fb50ffbf881bd3938ad196fb9aebeeb1bf1ddc94e10", + "shared_secret": "41e078d0d0c4fe5df5c6683171d5c1c3f1ef152c4945f9cb299f74278ce4cc4f" }, { "key_generation_seed": "7ec408f52c9aa723d0c41d9987682a5f4ce6c9da7cd0215af60bbaf5484ab353a08ccf451b049fd51d7a9ad77ae14a81569df8c9bd3a8f1ebea86fdcfb823082", - "sha3_256_hash_of_public_key": "62e0447f7b5ae8a806b741ca5c302230b555c3786c11f3eb43894a8f45e3f7b1", - "sha3_256_hash_of_secret_key": "1a3249c268754c86d2e02ba9d87c2b60b220bf2406b71037cfaf6b089477ffb4", + "sha3_256_hash_of_public_key": "76c64235d8bd63438f13dcd038f286b9f4242070a5bec4d8990075008667aad3", + "sha3_256_hash_of_secret_key": "fb19a847c01b5bb4bc607ce0c65e50ca6869946a97625baea129c2ba07e00c01", "encapsulation_seed": "8a95d71228acaa5f9ae6f9d9ca8ae55fde296463b41083a39e833e37c4c90f88", - "sha3_256_hash_of_ciphertext": "ec7bb1327a69aeaf626a76d344be1156eac160262128a64477a194805b926233", - "shared_secret": "722fccef7142c46f74eb57a10b13e420d6554e9d18507f660bd1be96d3cebbcc" + "sha3_256_hash_of_ciphertext": "c8c63c879a7a803db4e5779ca5acb1f16f5c86c38258f583a9f1e43303ff36d0", + "shared_secret": "7da491b5623a43ae17160a54e45e8328453cfe1acc692a1e300906ebd2a1d9b2" }, { "key_generation_seed": "c121915bfef6abdfc177dae2f5a24218f9abda2559afc6741b08e0e61ab433eb84ef52db5eaa6df8ec3a0bc5ffa730db0dde8c5f38f266d5c680a78d264a7b96", - "sha3_256_hash_of_public_key": "0c1d832af7b7282d8bd81a2237107ee60d81e28eb64d6a153ae0eaa1a25797c2", - "sha3_256_hash_of_secret_key": "fd6b5d3f120ca009871ca24552a6118917ea882f12f30dc8097f6614d9d36080", + "sha3_256_hash_of_public_key": "ae654e4412fd220548280b7a6ace9f2f0bc7b059fc103060346e53bc3c3161d8", + "sha3_256_hash_of_secret_key": "9088118150f9137e8ed76eb5e3a706f66f31c570fa7f0dfe75c0e81c4540878e", "encapsulation_seed": "90d79d75d0bbb8921cf70d46bab497022a8e750efdc99e5f1bae653275441c7b", - "sha3_256_hash_of_ciphertext": "da36cb6137a777acb4afbc0932811f75ef1d6732031309ae7e2de1543aaf5c2c", - "shared_secret": "ee7c5fb6a63ace944e1eae1bd4b182263d918754c33753b904853551b2b46cb8" + "sha3_256_hash_of_ciphertext": "2ce235a49669184efdbff64176f93017127735170c2e1c1b159fc746ef30d18e", + "shared_secret": "eeba3c0571fa453fcd9f7f0d6baeb75d59ec9854c12846089d65bd8dadf9f6b0" }, { "key_generation_seed": "d86634ecf96cc2603761e284c0e36734cedec64e7ff486469e38539c71141c5a99daf37400cfe59841afc412ec97f2929dc84a6f3c36f378ee84ce3e46cd1209", - "sha3_256_hash_of_public_key": "2b757ac0425152bef72ed852ab1eb44f4359499407bb6a020ff843a31657c5fe", - "sha3_256_hash_of_secret_key": "27dbbc7918c31e9ab57808f439c4f4189cc318a62422457f4fed733be959c816", + "sha3_256_hash_of_public_key": "6ecea55c3d5c042d2dca3a3925faaa9112561827dceb0754580814a84be19b87", + "sha3_256_hash_of_secret_key": "33448769334ee9aa43d7ac22a003d9ae89a1ef5a9765deef2946c91fea0a1a5e", "encapsulation_seed": "be8a32f97b9a8d596382c02fa2a0eeebc15c083e970ddaa4f2622b91d6718663", - "sha3_256_hash_of_ciphertext": "85efbfd0b096fa921711ea66b17bcf7c9a6240711b38a88830dbd9d716f07195", - "shared_secret": "77cfbdae47854e9e10765cf397eca9ab2bf2b7522817152b22e18b6e09795016" + "sha3_256_hash_of_ciphertext": "14540bfc038f3eb76f418a8851513054a998e16a06f97c117417ae0a35f90e4f", + "shared_secret": "8bf57e5d1ce24e9942b1b3f456d184d4c0937b9b699e69c6524e93e140f39c90" }, { "key_generation_seed": "0610678ff4dc3128e1619f915dc192c220f8fad94da1943b90aaec401683a492da1804ddb5aa9b1c6a47a98f8505a49bae2affde5fe75e69e828e546a6771004", - "sha3_256_hash_of_public_key": "53b9d62e64f9069d9fb94ea2c0806459b201531f4fddd708d162981cc1fb3757", - "sha3_256_hash_of_secret_key": "f4b964b7ab3e09fdf3d91527da06a4d29ef28344709a41739ef56f18bd5b984b", + "sha3_256_hash_of_public_key": "576cb9d31e5146967756cf7356926f2e20fc7c1fde9954cb2f593d96a80ab860", + "sha3_256_hash_of_secret_key": "2031c133d7d85e616d932c6204d7ec0f3bd0303ec609e3c7c08092e1ea443972", "encapsulation_seed": "da2cfaf69e25b2a89ff2557bbb6f69e01d8e2e7bb27a7a1ce7e40fead16f33b2", - "sha3_256_hash_of_ciphertext": "379a57a8f19110d5e0d747a2c184877d71f00fea95cd815b4c0e8782b12bec6f", - "shared_secret": "8be7a417efbdd3587c6f82ddd1d29956789d28c2413b8383590c5b80cc53e04a" + "sha3_256_hash_of_ciphertext": "20e06ce25d864f8e7a80a19e23cee6830575a072476504fd10e37b296ef8de73", + "shared_secret": "2f714d31bbc778518e2b67d264065d9731c12149cf931211e649addd6daf0b92" }, { "key_generation_seed": "d322d56d8ef067ba1f24c92492b9c56df3a6ef54a304adc1b69913766a1ce69756047447b810cc094d400ab204cf9ae71e3afa68b88586ecb6498c68ac0e51b9", - "sha3_256_hash_of_public_key": "9cfeca12dfe978bf0b7ad7271487cf61b2b8f7c60f389f33fc18439a95bcbb63", - "sha3_256_hash_of_secret_key": "a2e37a55c9b80fb423f40585180b011f32402d0320259285b6e278df6c20ba60", + "sha3_256_hash_of_public_key": "3e9976d61a687df88a8abcc6651446b81b7d136df42bfa03473c84dfd64fdb3b", + "sha3_256_hash_of_secret_key": "5da40cacace6fa3712e49ef6700cd819aeea88264e6dc996681fff43d98c9830", "encapsulation_seed": "511c2ab40782322c06111e144e505328c4e5bfc890a5980a2bbc44aeda4c738b", - "sha3_256_hash_of_ciphertext": "44053f01ecb88811b9ee7a9ddd4234f94507c7cf64b6803b28c54bc605ec4e31", - "shared_secret": "79fcd201101e7e277c1b6cdc4475d63ea1dbc42ab94cf873bf0163c2aab0b5ff" + "sha3_256_hash_of_ciphertext": "48ddf3c7cf3f02af111c71607e93922176d0173ec63e890235fe981412824edd", + "shared_secret": "f2c29a0a4782d83f2073c7c37d90556b1a005f072f94063d2db8114430f36c8d" }, { "key_generation_seed": "2f1d8a3bebb34540324b9485fdf3d5be3b858f544abc3fc641b5728cafab03ba8d6c42e7270ee2b77b6045385f3d175984a0e260363166c73b0c70c971644363", - "sha3_256_hash_of_public_key": "9aa64a30bed5aa8300772066ef577f79bf4813e3315a15f2c28b2665e4dc7e2f", - "sha3_256_hash_of_secret_key": "837eb6ce037f235273d7686fd9d01bea14026e0a0f5f943884f18409cc4bc70a", + "sha3_256_hash_of_public_key": "c0cfd4113c5edd408adcd03d38b12f0b6ac17525c618d6d151a761a9eebc2635", + "sha3_256_hash_of_secret_key": "2c6ec490ffd55e0a744f3c506a497cf4af575cce6368bdc3b3bdbbae733fe7b4", "encapsulation_seed": "dca92dbec9b260dd97e8886f876862d6effc3b91fcf3fbc986cf56ab93ae79a2", - "sha3_256_hash_of_ciphertext": "02798b5af1a76a2b478ee05c630e62618e5e2d7ee0c411a82ed2bf888706fe28", - "shared_secret": "6c4484b6d7b0a376f52abb1811c712368a9f34bd108ffe7ca31c36a6ec8140f3" + "sha3_256_hash_of_ciphertext": "b6ba4dfdae02842f96b915ea0ebd1c97972c170cae975c89c5fbf26cbe9a52d0", + "shared_secret": "13c99ded4db3e6618f5927d58c89afbe83c86a86ac2073421b2560b3f8be5aa3" }, { "key_generation_seed": "31beda3462627f601cbc56f3ddf4424e1529c04737ef0ef2af6d7401f653b8a1812083bfa3b670e3eaf9b443702fb6db16ac1197656bbd61a8e25ed523b8d1e5", - "sha3_256_hash_of_public_key": "241e5c7b836862d7482d507973ae3fd8dae96eec4ecebcedb68fbda75e04b401", - "sha3_256_hash_of_secret_key": "95c79c2a867b3e8a4e4e545ff626cd49893b8e87eb188ed1516b159a24736c97", + "sha3_256_hash_of_public_key": "71c5534bb819e61a9d8a257ff2eb29598ae92eccfad38abbfc9bccde5ff95a1c", + "sha3_256_hash_of_secret_key": "107c5ef0842d1dfda257138d681ad7e1390e12c697111a2c804d8f014361cb4f", "encapsulation_seed": "57c170e691d7a914a901b9a11c62b8b569b3806427557a9dbac9faa720ec3641", - "sha3_256_hash_of_ciphertext": "cf3b2e2dc822949eb13638299fc2d5102c7132aa6cd54dd7834b13f05a4dece2", - "shared_secret": "8554d6af350f13471cfd45c23882e43dc81d8a094f6299e2ad33ef4c01a32058" + "sha3_256_hash_of_ciphertext": "671e3c316d4d8411237db4383fca82f76692867e9f6d15a2b82b17d934392341", + "shared_secret": "83302cab48eb0832bd8df0db3fce81595754772e4c951c444a1b2ee9f58c48c1" }, { "key_generation_seed": "cbdff028766d558af4466ef14043a1a9cf765f7748c63cc09dceb59ab39a4e4d8e9a30597e4b52ffa87a54b83c91d12a5e9c2cd90fcac2c11b3a348240411a4c", - "sha3_256_hash_of_public_key": "6ad1d739f1598a16c608a240cd13dfaf8263d74866315e2898a3431cf19e4685", - "sha3_256_hash_of_secret_key": "1ef733faa4f2cb53cb5d8975aa6797b5f37fd918aeda02178a40584475cdf667", + "sha3_256_hash_of_public_key": "4b53b4aec0d9f86a6377c63ff80150e40fc5347714c07591dc71c6beb8daaafc", + "sha3_256_hash_of_secret_key": "ed13d2a9ae5541b3fbfa19891b8c8a9f4f0957d940eb5d08ee0cd18cfb28e7a4", "encapsulation_seed": "6b5a14e1473abf5a33d44975ca2088bd8fa6fddcb3f80e8fd5c45b9d90c24a5c", - "sha3_256_hash_of_ciphertext": "1706e6983032950b47cb6c8586178b42d515ce929c1434c1a8c9e36d8b4db7a3", - "shared_secret": "f9646f73de3d93d8e5dc5beeaa65a30d8f3a1f8d6392190ee66ff28693fbadfa" + "sha3_256_hash_of_ciphertext": "b83f6022179a08cdadda2660f8cd7cb70df4be0be3ad85bebb090d086079b1d1", + "shared_secret": "93ce6d06568d795c2a28d1196f53cbaa2cb05df1427ac76f44df09d479e14241" }, { "key_generation_seed": "4c04310bea66305c6ca8ba6b8f61ca96257a67663afc11761f13fb5c7b324b6b8aec87a9a79204cee2986867a2906eb851b734b8b22b91d6749b1a5f07c44e3b", - "sha3_256_hash_of_public_key": "9510a2a0b4fcbd414fc61aff04a8df579660d14b13c40ec0470c45f639b65a58", - "sha3_256_hash_of_secret_key": "0bcfa8078582f60e218047d0016437601da8431f34ae6da12921f53958f32819", + "sha3_256_hash_of_public_key": "c2d52d0c837eb40dac0653a5e862d9fb8b832629cece9eaeb6d5feb48b6ef5da", + "sha3_256_hash_of_secret_key": "73ee0632229d740dd746e3ef7f0f1c29944dbc2d8f39b7860807c41c18bbb3af", "encapsulation_seed": "40e593754e6eddb7f9cf176ba2d5fd1087c90ad377556d0b0f686537b1a3165e", - "sha3_256_hash_of_ciphertext": "f9341d26e39b38a88ddef1708c96ee2068f569a59a4010745730d8290d637718", - "shared_secret": "1ee252e97b69445f7f109187645cd2879f55e10eb8361ab43b3492ff51f01815" + "sha3_256_hash_of_ciphertext": "3685126e86797a881f3bbee0eb85b76d755ff03858735c326731b8d802f023b5", + "shared_secret": "071db527a2ee8ce982527cb19355793859bb8557e7cc99dec58a53153eceddf4" }, { "key_generation_seed": "38a0d5f41d7dc1896efd1b45b0485634cef149828751b96087a0a6dd81b4d58aa2acf359556df4a2abaeb9dcee945829beb71185b4d6bd18b76e5668f253383a", - "sha3_256_hash_of_public_key": "cfbe9649d9d1c384baad67b91b2f3e21f2fadd6bb582a0b9cb016051dd82c75a", - "sha3_256_hash_of_secret_key": "09b118f7c4d059baf27284d127d4e85d55b84e4c92bf3127eeb318d2f5765401", + "sha3_256_hash_of_public_key": "4ff02338c9bb711d263140c471409f3c42813f38424698563d9550f85a168f2d", + "sha3_256_hash_of_secret_key": "3c89443dab5ce46f82f6b8260af0293ea52a680f1c4fe5e042f0aefb707526f3", "encapsulation_seed": "c152523abd8248bed40c3827bcf0f8e8127037a55c780695e2c28ea3e041a44c", - "sha3_256_hash_of_ciphertext": "94a8c287238191a107e74e31ec099086d83f198e6b0f3321da4d8f46ce01a0b2", - "shared_secret": "1e1ea5d6a18873c5c7fc8da79093f6d3db5b28fdd0aaa42726ad130c78e9bb88" + "sha3_256_hash_of_ciphertext": "b20e28f42ee5cf5569f1833af90334952074dd0ea0c2520f03fdf0fb24c17a64", + "shared_secret": "598bd66a4a063652b2a6b25b8d1c3bab0251682ce6c362a8c680295f47f3d6d9" }, { "key_generation_seed": "97b5665676e59e3538ebadaa8cd50df1f9fda1502d9894c616a946078e56b621df05318b5f655efe36f1b678cf4b875108a18db2fa312261caf839f84bd956c5", - "sha3_256_hash_of_public_key": "a19c2c9c907b129d01cc44a95949121c39534cc98b6d105e60fe519a000cc2ae", - "sha3_256_hash_of_secret_key": "f1c00070780a7a2ac5b57ff3ff765ca75278bb661d1635cac92792f9454fe8ba", + "sha3_256_hash_of_public_key": "bbccdbce67cf49fea044df5c767996681dd2714937d31c822f3c58cc34785aa7", + "sha3_256_hash_of_secret_key": "64fde53d297945ef2a0af6ddd044520cff8ec1388aa471e47ba4299c2cd46da4", "encapsulation_seed": "ad6466dd59f26b762fb02b19eedf5f79964da68bce0459b91c3a6ee5a7e01183", - "sha3_256_hash_of_ciphertext": "56e0b8ab3b302fae682938a45d9931e092d78877d1f8834bb43cd5c85582a205", - "shared_secret": "24619bb17c912fc992bd8272969cd5b6fd6b030122ee5af9365cac8b38e569fc" + "sha3_256_hash_of_ciphertext": "6f4cde00d3775858761742957833fe632e3d3082a9a6180477291bc23b682674", + "shared_secret": "92bd980f79cbb34c67594c6922549b99962e54d388034ea61f892fe250581c4e" }, { "key_generation_seed": "ef99224a03a85a46ef115474ec5b5d620da6795d6efcca4c9135d19958a9de62df7d92dda83e6b2ef4cce08c9134563063068a196d7b1a1a13623e48ae12528e", - "sha3_256_hash_of_public_key": "e4174b6e7542fbe80ab2bc06dfb802f691aff147ff90332d5ea739216c18d872", - "sha3_256_hash_of_secret_key": "f3f3a292f5cf01d6f7266461c9e8cd44bfc8f17e16035ab8d10af8177f389b86", + "sha3_256_hash_of_public_key": "3ef3581d438af7dec621304e0091f797346ca18a41f39401e9d03200ef48beb6", + "sha3_256_hash_of_secret_key": "299a76e97511d90f7925100db418472a9c3c12d6d48acf03618a6960998ee733", "encapsulation_seed": "1a4d5dff5847cfb48333e33bb00ca7301b144aa89dcd412ff5a3b1081d775b7f", - "sha3_256_hash_of_ciphertext": "5f878ca21c8c27ae9c41c43aaf1f3a2af62c73296e165c08b88c5b22592867be", - "shared_secret": "a990af801ddcf2009c82fe657fe3f068bae7e6bfc661e3e588354ba7d1b176e6" + "sha3_256_hash_of_ciphertext": "4ede793372276800e22c1893ae554ce0b53e413fbbc3595e69feadb2e1f6d57a", + "shared_secret": "b7325a08fa617e19260264bb02ed6b8ab2081589fd5dcc1e92b9d0d4ebfdb6b6" }, { "key_generation_seed": "b12f6fd965ea9c5b947db80fc60c83d5e232dca82e7263027c19bd62e5a6ff550f6aa3e88f7fa8a96067f8cdaeceeac90c2d0b5e277e56e9c405ec9420c30252", - "sha3_256_hash_of_public_key": "2006a70fa33ff4a65b00553734c5bd8cca0a65eb3a115d96b8aa90f8fdc5f8f4", - "sha3_256_hash_of_secret_key": "7334d4a1755e1e639b3e9eadb5996cd910b55d1de5790469f229231d3bfb1528", + "sha3_256_hash_of_public_key": "fa06bb0ff42f4d610a7b3df7544d66b97a486967cd9b62ba0142ebb10b8ee4ee", + "sha3_256_hash_of_secret_key": "4dcfc0ce12c4e87f02c616a8fb18c359cae017a2f8d339623a174dfaebfad98f", "encapsulation_seed": "34f44ec2092eeaf686f2ea170591a98527cbb03a4fa9477a7aef6b41a54feeb2", - "sha3_256_hash_of_ciphertext": "c2079637916c089b2afb9d6e9c6fa51308ab7720d5c2fca484c34ce614a14fc0", - "shared_secret": "11a2ceaa0c77f0602c4b2be3499e6df6b0339d9de90d04b2b12829f4758afaa5" + "sha3_256_hash_of_ciphertext": "591bf77f74463c50a4ffbe97c892e11f3cf7601813b7ad83b17038a173e21442", + "shared_secret": "b400082a764291666c080ae9ea9f22c383f3c1e87b4cc56775a19c8ec29a4157" }, { "key_generation_seed": "9f52af92ca165fdc38788f2b59ba02e01c8281ff7c1e60504688043a5fe814b04f3029e1be4e1c0258c3a22ff5b50b2674cc094ba7018da2a61569845c17d26f", - "sha3_256_hash_of_public_key": "631e1de2556ae65d57e600c21e8e355a4ed586d667177ca0b7545cb5a23d669f", - "sha3_256_hash_of_secret_key": "3d4d2c680a1e6aa83861ad95043ded260e720ae80060320feffa309b4281ba3d", + "sha3_256_hash_of_public_key": "86538ecdf65b7a485b73a34a72193af1ea3f884d820463601c7f843672bbec7d", + "sha3_256_hash_of_secret_key": "70e91b44585ed93e802868e0bfe88f68995f3c85d25c2a36b0b7d8de7c5e2f8d", "encapsulation_seed": "6250c81126572eec2da330271db36ee591f060fc7e53eeefe2e1c476c675fa33", - "sha3_256_hash_of_ciphertext": "2e9d6551050e32e204d7c062a4c18b8abdb91346e9f2c2708776827e0be4c514", - "shared_secret": "7571990ef1ef7e15cc920318fb75fd38c4ceb9abf7a4b1adc2175f99d1a0a275" + "sha3_256_hash_of_ciphertext": "83754e315ef22788354c1ec632429566929f9bd53e77d1d2cb52005274f64e1e", + "shared_secret": "03c7470224ba22fde280005d9a8f8354c49459e9a168cc282f9d41f4f0d2da2b" }, { "key_generation_seed": "851ea90fd3854cbf28fe39fb81f68e4b14345cf0d6eee7ec4ce772513df8410d1c0ec046899a777655233e4e1b5ca44e9afbdc67964bfd5d5e3dbb45e60d03cf", - "sha3_256_hash_of_public_key": "87f3829eff562789b3e19fafec92e4b5f95b45f3786f12d9c24915ca484a49ce", - "sha3_256_hash_of_secret_key": "9aa6c0546cf02085e2b3af65a7d7fd32d0f6d8080e1e7fbff6c39bcf3086ece4", + "sha3_256_hash_of_public_key": "27757389a4a68c898dab92d0f63c3340dfba51e00312a05e721932b95b11f6da", + "sha3_256_hash_of_secret_key": "b43f88e419ae589b85bb0ec6c9712d4870dbaf35d4c96d06ef0f8b9753b60034", "encapsulation_seed": "35d470bcc5880872754810dfb3f2796da2fd7f397537146f6488c27804072b34", - "sha3_256_hash_of_ciphertext": "14da42e207477f4383faf4004e58675f0380e7d621421b3c36b877acf3a45d5a", - "shared_secret": "27ba4cb50ae44cd938585e0a4905d76053dd851e5b6af4fd787446079aa5a4ab" + "sha3_256_hash_of_ciphertext": "0eb3d2bc103f7801dd8e002c6cc81bbcf11e070f465aba9b0b725fa9454acda7", + "shared_secret": "c31f7372e8c194a9589042477f34da3a60d591ea65e13bcccc07ba59402ede6d" }, { "key_generation_seed": "d304c9389cc973477f169788abcb9d511f843219d246a9b587822f422a70c2386590a2e5c7ed86cf2c5c2a898662bc9a81418720bbb632ef9cf0b845ed052d73", - "sha3_256_hash_of_public_key": "699fb2f061a75f111f4a7a60195d9045dc01716b6502cc107cbcedf122e8f619", - "sha3_256_hash_of_secret_key": "421f16805b1ceffcd64128b1296521ef812d3a8f4c5e3875a049f8de456b021a", + "sha3_256_hash_of_public_key": "efe6e93d8e755292fa875609f2f63bd194c87e6f04db7c83d8bb1b9d868bb779", + "sha3_256_hash_of_secret_key": "f54233dfd4679cbd6eb6f18c0615745d5b4fc2fefade52d966bffab6f0cc259f", "encapsulation_seed": "8d667921c5db401a86fe1c35dfcf164a6bb2ab7400fd6a0b67eafd4a0ed11940", - "sha3_256_hash_of_ciphertext": "b2485ef56c39d468193e387e72794e0ddc9b5404c1a6d90c3b94a5f3e13ba7b4", - "shared_secret": "d17b2738213a98f29ee46747c93308ee7000fa404b9a0c1acf3f89654ca2446e" + "sha3_256_hash_of_ciphertext": "942f3cd64ed1b2675f9f9823c068d59b2e007e66d38e06a2e4558dcba7f11efd", + "shared_secret": "9dfd08dbf59350ae2308096f935c6767daeddeb2c6997992d4a02c14b0e58c60" }, { "key_generation_seed": "89a6e3be304a3518fb82b18ca730f0b359cd6ba90664a493fb4f8edaf965b9c3b6591121e25d64010c25a18676033e1d7278ac5f2d0b43a31f3a4156ae710465", - "sha3_256_hash_of_public_key": "d3413880d082f26986fcf452a84a8da934ed06198b290ada1789e74d9081a9e7", - "sha3_256_hash_of_secret_key": "7b546a42ffe6b65cd9c5b8857c2518f4f8e0bf835c894a68d1743691fc9aad9d", + "sha3_256_hash_of_public_key": "87ada29bf78a689417b645fe127d124339422be80a993e623d13bc59f3406a6f", + "sha3_256_hash_of_secret_key": "6b8d44a2a71f2901b7ea97bd24df8d46041cd9ad4f0bc5d42ca27ee44981f740", "encapsulation_seed": "ec750b3939385a3f8df868119dc76f77ca845567ef068de6ada5478a56bc78b6", - "sha3_256_hash_of_ciphertext": "8290f3c4bec7c3b93f3d26e0be3b3fbfdd9c3f5806188fcf0fa1339133f29c7d", - "shared_secret": "954af53b4add522514b34cd2ab96669a76ca13f82aa2fd70826bc8ee790ccefb" + "sha3_256_hash_of_ciphertext": "aa86248e7e906ff3072a00647cbd3f6e5d0f3a4ec40efa6deb94b2df901d0097", + "shared_secret": "03952e1a4915d112b87569d1f79a39f5d69a8dc11c96d70c529d2162a6024dd7" }, { "key_generation_seed": "d569b935ce015c85f792f8f7fb0d83c4f53b492959361dd4f75fb764d656450176eae84d11c4528382828f7a689a0d5cff87b8ca0bba97feacb39b935a8788cb", - "sha3_256_hash_of_public_key": "e6eec2929feac2a86c9dacfa6214e2e353fda2d547c3829f5678025ff8418a1a", - "sha3_256_hash_of_secret_key": "5fac243c82807d7357a61023226a7c270525d96932162ca5c09fc8f7b9ec6cb3", + "sha3_256_hash_of_public_key": "0c87bedd5c16c32cc3867910f734bdcf09869c7604a59ce36660074f561e12da", + "sha3_256_hash_of_secret_key": "a72b7d93adcbfc6d89485fa923a4b1095e3d593916496e521187224efa42ffa5", "encapsulation_seed": "74f1d52af09b12c36eb062ea7528550cb4c18a3ce8e4f4ea9fac43ae383bc925", - "sha3_256_hash_of_ciphertext": "f1b10c800a42ae606c72eaad76accf059cccc02299fbd78a5d091f183f6c3f0e", - "shared_secret": "d0bbc576fb1aa43b6e76db0e87bc4ee3fa057c31642b37f3339217a1b041b521" + "sha3_256_hash_of_ciphertext": "7a75e486cc2dd3ffab4b1072b4056de9a56b55cf324e58d3f6cfd031a0dda594", + "shared_secret": "6d2e1f456c87d5a3c79456a6d35fda52f3e9cb858f85a5f7931f532fffe26dee" }, { "key_generation_seed": "5cbb141c2763425c274f7404fe530d9116e08c33f9f200a20b011cf563a28990fc9ebbe336dc464489861db8253606971bd0a9008a433ed17752d04023781552", - "sha3_256_hash_of_public_key": "c74f3b7fa6e2ef8ce99508c89cf3c71d666ab065a262581a5fb01b2c9b9444fa", - "sha3_256_hash_of_secret_key": "5c6998a20960109a4c9808f8f8575697b2b8d18c44c7e9dff97585ae43e6004c", + "sha3_256_hash_of_public_key": "9a9a59f83fc58d7194ccc92bd78a45f97f721a1eb554499d0e4d5b37aefc23a8", + "sha3_256_hash_of_secret_key": "ea5ce3a271f5e46f925259832d187a3c893e8088b76c19c93e0e798e4320d2fd", "encapsulation_seed": "4b3a70d85f640d1a2a852fb6fe96704af56a7415a8ee4282e9207bc3a2dc116a", - "sha3_256_hash_of_ciphertext": "e9ef0852ee47744b8c3e12cd728d9017465014eef51edf83a4502cb5218cee20", - "shared_secret": "91fbc37d4749ec6175c12f0d8eb6b6a8621e693c79f85f5cd2f557cafec5e7e9" + "sha3_256_hash_of_ciphertext": "d71fc29140e8725a4c4e8779d0ad3007990e08b1eb38856cc56f522e3079f601", + "shared_secret": "5c7c5cafe1fd7f3d12431ae93815c03419ff95b132caf568671ec23bdc74381c" }, { "key_generation_seed": "293abb6d1c207927945417cf84883ef010823e11b487ed55239e466e83696d0cff8563038aad865a817cab9ce98846ba75be9363718ecf5fea538aea90b2a558", - "sha3_256_hash_of_public_key": "7378ef967195c977d43a50d03205044006715a6a8a8263d717f40170b49e6bd0", - "sha3_256_hash_of_secret_key": "30bd5f16c3f242248a4c4cddc43508bf54535958657bda4dcf105216ddf47eb0", + "sha3_256_hash_of_public_key": "bda0815dd53b263afcc1f71d2501128c41fb3606af71c5e68f0752c6d3a479c5", + "sha3_256_hash_of_secret_key": "d502e7e6df2d84e46cef88a84c53f1fddd5488accd5e1e43aed5f4f08e16a8a7", "encapsulation_seed": "26e38ac804fb5b4d59ddf747715e7e6041d875f99c7b638024b4af82d622da60", - "sha3_256_hash_of_ciphertext": "37843616c8a4f7ea9480740b6624f41650da2bb1664cf228d85d6d71a0624528", - "shared_secret": "d586b441b8eaf7d053cc96b6835f093426677a7c3acc51aaa3ddbb66dd14a623" + "sha3_256_hash_of_ciphertext": "8d4b1f3ee23ceecf073d6576609767401286da5189a1b267bff30a710a69e67a", + "shared_secret": "1427c322f72898a0fffd13f674719c9288d524bdd19e6a362533c1108e3a6d2c" }, { "key_generation_seed": "74d87c7556f2671f2d666854a4d6e073e69f35421e6e1a428cccea49c37f972ce1fb7456ac0aa1b97068f452cba64ebdc138bcf5d36b0a0fada2a3b374141eb9", - "sha3_256_hash_of_public_key": "16fe956be4601573d72306a251f69bc2181253e2417e178341fd6553303ac189", - "sha3_256_hash_of_secret_key": "873c94f8bee9fe37265d5dc0c5d3bc1c706057c7efb3cd2cd5ca9ba45498d0d1", + "sha3_256_hash_of_public_key": "e3e96e658787ba3f6ffb47de56322541a2c81f68e2825c74cb75ab01d4b719d6", + "sha3_256_hash_of_secret_key": "17f821aae147fa517cf35169f9d0b59a30ffdd0ff8f46c1c9bfffe6791392f18", "encapsulation_seed": "a319d2b8f114f1acd866478bcdeba6fd164dc4e37b0adfa8d8034afb3e197376", - "sha3_256_hash_of_ciphertext": "cc677a81c73ea5139eed8d85782978d06192715933bc5aef560e737f6d57d0a7", - "shared_secret": "409bfd9102bd4632c6b5d3610eb349fe3e3bc51e73acc78a8e994a070e20e10c" + "sha3_256_hash_of_ciphertext": "7638e455aa855489cedd385a58cad62c49ee25f60be02bbcca6d7c3c383d27af", + "shared_secret": "d399b5ff0756707f8d1a1c2a683465c9ad4899788420643d59edf78f79b28dc1" }, { "key_generation_seed": "013bab0212d04ecd54b478daf72748003a25e2cb060ba6cc50bf95c292b8206b9da0c5da5f195b80fbb99c2e8b06926074f3f604b3f6195b5a5b9737876bba72", - "sha3_256_hash_of_public_key": "633bee89571e8fc16151491ea71234ab83289426559f90c67903a36e4afaa6f4", - "sha3_256_hash_of_secret_key": "3c3cff5f49a802cec693efbfc264f6a385210b1eed20f7bc5b07b51839961d14", + "sha3_256_hash_of_public_key": "eb3fdfcc0b171aa975028f96cd47fdba421ac08e29a0044cedc29fce35eb8510", + "sha3_256_hash_of_secret_key": "d1266b01cdbc6774ff0edbe64a593a110c462d07071077faa86faa9a0aa2365d", "encapsulation_seed": "ff646071b2509e6b75790917e08e4f0b0d9f0116ec6291c0b59eaa4b583ad830", - "sha3_256_hash_of_ciphertext": "6d94a31cff4761e3993308cb3e812a4a7f04f64d02ed3b46b418c2fc16189dfa", - "shared_secret": "5dd151a8015c0b16d79822832ff4cc0da7fd38eb73b7da59bc519d4d2374b808" + "sha3_256_hash_of_ciphertext": "0ed3b8be821742190f88bce0d86f834dec2a829496c5eb5bf51bab1a8419064c", + "shared_secret": "1a0ad65924728c415ee9c92d0dcd91396665a24c59cba878050390acf2eb44dd" }, { "key_generation_seed": "ccb073c4b90be0ad746e26fb093b60c70110bd1dcbcddb566a8cffb7b3caf80e71600a8982c350df524cde514431ded7aec23576530894bcbf0ec0bfef0bb64f", - "sha3_256_hash_of_public_key": "3217d034b472a846cd317681c0f36feea187bd40e546dc4ad69c2e67fd9d8303", - "sha3_256_hash_of_secret_key": "1503bc141825d523c9505d34f50dc0a01d7bc91cdaee6b99f4a85a24ce800496", + "sha3_256_hash_of_public_key": "d046d93317dc6d0ff28990721c3f94a93024ce01b01c0ca55d634c191c4280fa", + "sha3_256_hash_of_secret_key": "bdf5539c63b463c3dfefb7978bc44a46803117ccf066475bd17d5c82fcb49c0b", "encapsulation_seed": "0584270ec26f3b9818e4af074d17b2d51037cc8dfdcbe3b140fa4fed5deebc54", - "sha3_256_hash_of_ciphertext": "a63613ccfd2ecf8aa3adf0103ddd9eeedbde3282443bcf02513b4ab87360cabb", - "shared_secret": "1c729b8e580e124e715f19ea6f2409fc6de741afa3d9919b2b8bf3e54c053b51" + "sha3_256_hash_of_ciphertext": "b0cd3d31583e15ee8a55d85cd770cc6d64ab83429aebefdb55674f382b605c80", + "shared_secret": "9104061d3dbfac187f3a9eed801545a52f1fb0c3979ca8315aa31f67775d1036" }, { "key_generation_seed": "2e889f44e28901e9ac7ca6b2fffcb124c8979401b17064d7e1d51a7e3c3adbfa0e145e44aae52cfc609e6f47fd7a6f6af877190ff52256d0ac5b05b89c3f449f", - "sha3_256_hash_of_public_key": "d1756ecfaeb695001ac490f36c4638151bee98d367fb7adf0e06a470844068af", - "sha3_256_hash_of_secret_key": "a21acea0fd4354eb0c78d47caaf93c9f2434f1cf2d6b2194871ccd98f9522ced", + "sha3_256_hash_of_public_key": "21b12640bf755e94ba06204982458a9be11e1da542ece4f3d284886800fc8e8e", + "sha3_256_hash_of_secret_key": "4e3947282ebe9f8cd652343c30dfec9a5123c237af2fbb25aca522b6bb6bc4a9", "encapsulation_seed": "51e05c7b4ca3079781e8293f4eccebeeb2f8c8b4c59468eddb62a21bcb4ab8a3", - "sha3_256_hash_of_ciphertext": "3b322134b37fe8f5d7268fb74d1634ab8b35d456a973f7b0b427fb40a93b6db2", - "shared_secret": "b95ac8b73c703ab1154152b3ac73f054596ed23d3be328fbe20f936ea95fa926" + "sha3_256_hash_of_ciphertext": "43c21d2fc350a9682e8105ed680b36a04d02579ebab292d0a05db185021dcb44", + "shared_secret": "ca249f10d39267ec3725f56b90eb2e22cf8b577116af350f3d3c1e2cf090ff73" }, { "key_generation_seed": "174aaa36410566dc15a5e62874218d7abdde0b2c0f30d877bb80b1abd5f5a0a450a7a2354f7e5cefa6f4a4e9a1c411eb9364506e9e1204a8acb3cb77fbd2c4ed", - "sha3_256_hash_of_public_key": "1b1b0a8682caf72df2e0a48513a7358edbc77a615d6be6fe2a7145be66b7c509", - "sha3_256_hash_of_secret_key": "3e214f25fbf4d1bb670a87367399e1b2a9da3491cac5a22a2c18dcc44f3f1bae", + "sha3_256_hash_of_public_key": "95d9e5b9151d87fed52e287992acb897a07b10ada1dd83409a5ccddabf9d7cfa", + "sha3_256_hash_of_secret_key": "79e973da94d9166321c476a28a98a8d03ce079c9a99d6e4f55d2e2b4de936123", "encapsulation_seed": "9eca0fe36c80fc5eba171c3ae66a5b1c923faa50b4521bb055e7bf51005c93df", - "sha3_256_hash_of_ciphertext": "a2cd589c24c4c75bc0a3864dc84a85a7f0f3ac11c8578757f8e94054a7c186aa", - "shared_secret": "8c3851393e5c5997cc95f06da96300f6dd85c041343c98db2e742aaa5f78b298" + "sha3_256_hash_of_ciphertext": "18ccc37804b42db21ae4d7e238fedf4594f3d55303dc80c0e51c748ff4906ac0", + "shared_secret": "82a3856ca48c5dc582ac25605ab0c675ad646ee19acbaaab4ccb5350a3881b49" }, { "key_generation_seed": "351fe4313e2da7fac83d509f3103caf7b4c64a4d458fefdf636785ac361a1390f072d9b5a99f9c7a0a011e4dc10f6b600d611f40bba75071e7bee61d23fd5eda", - "sha3_256_hash_of_public_key": "2c54df6e9020e1e44b11b471dea97a382a2fe8d1042565bcd51ef21cc0884d68", - "sha3_256_hash_of_secret_key": "c6bc9c9e797a02684d3ad8de47919b8d8fdbee09258d084c7a9dc963c80401ac", + "sha3_256_hash_of_public_key": "3a7acfc3d283541d985e0abd85eba5315a17d6c4a7e4f248673da60c341c29fe", + "sha3_256_hash_of_secret_key": "2fda122953c3d9db88caa36cb8d5621663fec1dd0e19a274a5d85bea7a126076", "encapsulation_seed": "0c5719261caab51ae66b8c32e21c34e6d86ee4aa127d1b0195663c066497b2e9", - "sha3_256_hash_of_ciphertext": "0cd687f1c3e0d67c46cebf93c1217ddc972ad8662dd05830db350e1292542c1c", - "shared_secret": "4b681fff6a755e1dda908d070f0d9ac610d85c73079c1022fc67d255e36f1f71" + "sha3_256_hash_of_ciphertext": "024ade86d89c33d9d38face3b92986e72c699467402fe9c5aaca0904c5f5737a", + "shared_secret": "f1e13731a14d39f474806b8c177e23e4e2301a3b839539fef9591a71e4f67d29" }, { "key_generation_seed": "9bc5315580207c6c16dcf3a30c48daf278de12e8c27df6733e62f799068ad23d5a4d0a8a41c4f666854e9b13673071ceb2fd61def9a850c211e7c50071b1ddad", - "sha3_256_hash_of_public_key": "bdcaf7b417da8b8933279b33068f6fda313826c2eec500b224cbe046abeb37a7", - "sha3_256_hash_of_secret_key": "c96e176b19f4135add434d0dd219024587d49fdb649bf470e84d9518bbfa2879", + "sha3_256_hash_of_public_key": "21916dfe025b78fc6d4dd1d1541b51cd3eecca90ae52177431b33c708faf17b5", + "sha3_256_hash_of_secret_key": "c98bada554f301506c532ec774ee112106358d0b320407fb34051a604777f030", "encapsulation_seed": "0e59f6f9047c784c1f00b24454aa4f1bd32c92ae7e626549972f86fab90e7e89", - "sha3_256_hash_of_ciphertext": "b38711e358893a864b475f35328b2450fffd5087d631844f7ab0995de2b8310d", - "shared_secret": "bbaa67f1dad879f2fb33bd4ead45aec354bc8f05c7cbea1e433509faac022edf" + "sha3_256_hash_of_ciphertext": "b2737a0bd104c46a5f861914855f498287a33076c32a4241a46cf9690181ee98", + "shared_secret": "79c5817a4ba25295cfdc817cd303f3465852b93c0c908fc4a79e88c45f3b81f6" }, { "key_generation_seed": "d8b907b34d152ff8603b73051f772daa71eb902c47b7e2f070508269d757e02e36b817736cbc5f7b1dd6eef5fe6332fb1a598f3871e5470d440fd2ea631da28a", - "sha3_256_hash_of_public_key": "61e27e954728e2e2e230c94ff009417d7372938e2c29c38af22184eed530fa1f", - "sha3_256_hash_of_secret_key": "8baa58b1d3fab8ec5cee8841c9012506cad40bf58a677adac88f1a6400506d40", + "sha3_256_hash_of_public_key": "8f62011fbd5a1c10713d42a00a79ae7672e5e321872971f24ff71ed754178d63", + "sha3_256_hash_of_secret_key": "57d13f22524022911276023bff4af90abdf04885e2a598b04fa789123295835a", "encapsulation_seed": "a3963ade17d69debbc358dda82c7bebe2c39d25b36813058e7a161542e3f8c2b", - "sha3_256_hash_of_ciphertext": "7d47a21d95483a5845a4fddbb07b3435c29a56b5cf26f5d0abfa21bc39a2f2e6", - "shared_secret": "2c7b983d66978be80250c12bf723eb0300a744e80ad075c903fce95fae9e41a2" + "sha3_256_hash_of_ciphertext": "70dfcd3fb0d525cde1e38e158f6a4234006821031941efe3f9b4fa1e70c8bb36", + "shared_secret": "d92f866a744d0af51c8c2ba7b1fdf816e0334bff45182cabdfc722d75f8140c4" }, { "key_generation_seed": "684a29e4e5480a5f2533e1526b5fac8cdf5927f3d85087c71f928c59690eb56575d12195ec32a8686d0600e45d4a7f54219b0d7a3826d193a51b9156ecf2edd6", - "sha3_256_hash_of_public_key": "672e53b28d579974d268132187e7bd72238639c6f2ca154d50d98c74096ec330", - "sha3_256_hash_of_secret_key": "4c72f0a7ef5c3274c49365cca5e6770bc709ef12bdbd4fd7c2eb5faa296cdfe8", + "sha3_256_hash_of_public_key": "ed3d1dd05854a6542b24090a680b9aa9d6c65ef31cf1f4f5708affafeb2e3989", + "sha3_256_hash_of_secret_key": "d5bbcdd1c2fd57524e7926d071f71114a62b95f0579b62ac0f92ccaaac4e9dad", "encapsulation_seed": "97beafabf2c8575586487c7a80e8af5fc50f94b6051c1bc66a5ae9f66be3cea7", - "sha3_256_hash_of_ciphertext": "167b4e8b7517cad82ae0f49795918c4d33c79137a9c3e16000c4c55b30b1d382", - "shared_secret": "bbc58d06cc14f9e96a10acb1789d93b93933f1429cc53a1735b3cd995f086ce7" + "sha3_256_hash_of_ciphertext": "c54e484b3b05c6bb40bef10662de29ecda288b9374dcef8f89220d1bff2d09cd", + "shared_secret": "53b3b4ce1e75cfe52d22450bfa763d07985dbc585166b4781a7e6542f9bc03e3" }, { "key_generation_seed": "d76b3573f596eb286ab5231feec7499686b13021be36cb126c7ebeb9d7030daf248c0a21ea0bb6d6f56f12300e8584d8e9a34e0e6f52227281151ae4c305fb8f", - "sha3_256_hash_of_public_key": "b86d5b13bb8b72a9fb81245ab712f0d10f0e2e09b222143c420e3f2c3acea27b", - "sha3_256_hash_of_secret_key": "c25f2e16a0e6fbf0729e5ee89fbbdd71f00ff9a1abbb00cb47f26e9989eaf678", + "sha3_256_hash_of_public_key": "6fe12a1e2d742dcaf56c585651ed6edce4f410aca0fc83275b5acb19daeb149d", + "sha3_256_hash_of_secret_key": "b9e5eb23d136e49d2b5b7964430a1f98c78cd3526f97b1fa0ffb8fb0ea9ffd79", "encapsulation_seed": "75461decd34c50d6a094b4a64fb75e5e9479f8f9250d82bb7d729dedeb2d4b65", - "sha3_256_hash_of_ciphertext": "8919940aeb732930c496fa9832b0c09382663accda45be1ee22930c545eb3a37", - "shared_secret": "e045e0391e15a66d6208467078f2ba5e429cc586c410ca6c5f3c032c21761955" + "sha3_256_hash_of_ciphertext": "763f4d04f8eb62a3599d9d095c77861f122e90a0113fa290b17d500766fe333e", + "shared_secret": "e7165b66834d919f8c8737c7b4df17a0668c57a87b821af78fe68cbea325aab6" }, { "key_generation_seed": "b87439fde81c9e39eebe7cf741c685785532c1dd23e8ef868b9ce7a541010f3d1646460817a0fce5836bdfe124a7448e7adf7b8ecc2652ac6d280e986682df71", - "sha3_256_hash_of_public_key": "85441cbd71c18717e9de7359b920a9a3bb7f32e619806f4e4718c585085be624", - "sha3_256_hash_of_secret_key": "93b65d2df33d3e3ab0d53c1d0a21f3752e2c5962f7d960b888b2a8c495b1b133", + "sha3_256_hash_of_public_key": "30c784bb2ca3538979b24246c2644907484719c531ea39f13c5a34046f8e5cc3", + "sha3_256_hash_of_secret_key": "ff96c20a150142ec36186277a6f7b15e4fb93e9648385ef23186fbef674f1600", "encapsulation_seed": "2607dcf4fd6ca1c614c21b5e37c24981c32b91c8c3e6955777da8a3f5d9c9335", - "sha3_256_hash_of_ciphertext": "422509b01b8fff9468e867a2b5ebe5d3e27314de5c058b2c79a61ccf464f4df7", - "shared_secret": "0b8584b75838e084839d58c89cb1749e82ec06a0e85464c7546dd96870547d29" + "sha3_256_hash_of_ciphertext": "edee28e97f72a1798809668a1b9b9b3dc05d794d69af6cb476f524e6acad3d8d", + "shared_secret": "19599e218264837d06839b6cb9a09af3bc4cdc78f7d9c00fe030ee92ba3bd54c" }, { "key_generation_seed": "056661b38038da4fdd7426f32a81576c73ed84843b305168a374f934e27a4e1b79238a80dcfd7c992d84b2dffa67493e669243d4fa38c46b090bdf86bc548411", - "sha3_256_hash_of_public_key": "065fb6156acaac591f1bf3ce71c4a046be8c6c55eb9a84d29569bd2b144c73e2", - "sha3_256_hash_of_secret_key": "0121afcc6aeb8be9f1c5b06d5b65cc1c03e9366ed7b85fc511d853c5eee230cc", + "sha3_256_hash_of_public_key": "b30fe432c2e9744430805aef6b75cf3011ff387e323558212b9d71ed71f044f7", + "sha3_256_hash_of_secret_key": "2c4c6d6ed6fd6cf8b53a352a038b9fea6648a9521604140f54268381dfaa1144", "encapsulation_seed": "38c89bbe7145c29e9a831c11431eb9929cb24fb4992db20737e4687d397fd732", - "sha3_256_hash_of_ciphertext": "f1d3b745d86f860e508ad8b6d5c8a72ef833c280ec11e99516f4ead3c42509be", - "shared_secret": "3547a15b5748990a5436bdc4db283738eb7d64bdb6ff566c96f7edec607ccc9b" + "sha3_256_hash_of_ciphertext": "b536c56ac5b187bf7372e726bef28c7a46b51e2bb3bbbcb3cab014c6f5999061", + "shared_secret": "dc5f3931026bcedd2f57b65601f683895c365862d28a65356e94049773de2ae0" }, { "key_generation_seed": "a1b52d871612a1c611ae0944f9e71858f35d3bd14f20e96a931720668bdf0a6b1f135cf64b6403e103afae34da038613e2853bbfc36baafa3c6a95347193f37c", - "sha3_256_hash_of_public_key": "ced77d358342759291c2bd225b0bd82d659d28a24bbc5eda8f47975b780cd129", - "sha3_256_hash_of_secret_key": "16e06287bd8d71c78f1657bbd6d5d12c22f6bad7658e68dd849d7751da950860", + "sha3_256_hash_of_public_key": "ab02b962b6350a9e1314baaa272b6b13db3d1edc9f09d3addf07f6826a3556bf", + "sha3_256_hash_of_secret_key": "abf4653476aae658e4603990ddddad56c09da5fab6b9a3e328b9fcd670547652", "encapsulation_seed": "b2c35e33c72d90182791f0e12a0324f5b216efcab2c8da1bee025dfbe13f4152", - "sha3_256_hash_of_ciphertext": "fdfd351fbb15c92843b44489fee162d40ce2eea4856059731490afda1268b985", - "shared_secret": "852ba9be42763c5a74a75778eb839a3738a8ceed1520b0588f9dccdd91907228" + "sha3_256_hash_of_ciphertext": "fc2394d4ed9b1e2b073d73d02eb4ef8ab3633932e58641a58507d7c977b62c04", + "shared_secret": "7dbfce1fc7d937884e7b3fa7c8eaadb37e1663f77d7c8659b8f43abadf16cba8" }, { "key_generation_seed": "952b49c803d6d6fba69f4375adce8594847a00bcae2179da49af2aed0423250262d7033947ae42ca53522a65fbafe18d3bc3e0cb66164e9a094fe4b44d8977ed", - "sha3_256_hash_of_public_key": "2fdb7c7e39ce1625c20a13a1c91aa5909d8b03b064d00877dce2415020370c72", - "sha3_256_hash_of_secret_key": "ffdb52b23a9ca4b71ec882031ebcb33a0ecc6731c13c817b24f3a06e48273778", + "sha3_256_hash_of_public_key": "c153354b0187e658306a0c860b1fe6ed14686ca77d37b7c82d66ff62149406b7", + "sha3_256_hash_of_secret_key": "bc48868d03fb12ad5a98d35a739388b66e17b589aeb6ad4335d2d2e0c933910f", "encapsulation_seed": "afb7d6dc2b7eb6d84acc080c1be63c98afe7b07786b5801f716444a3e8e64800", - "sha3_256_hash_of_ciphertext": "215d83f872221c5fd4ee4da557e17299dc102c52dba1fc4bc3f8c16805da7f1e", - "shared_secret": "618a8496b8850609c09dd1d18798ee2bfff3ed7ef6f8b8034fffcec98f291d69" + "sha3_256_hash_of_ciphertext": "0fdc0a9a35e5cdcdea8d39e95086e35db8f4ec92f13a7d9afad49adb5faf1e70", + "shared_secret": "09f64cee1af4d8738ab149d34a106ea7b19ac43e5a2536defe689824409050ba" }, { "key_generation_seed": "3c815e57e9233e975fa1630208aab206b71ae0db37a7a8789ac683d9f9b2d29801c8e376fdb140ee343106c093af7cb149b316ba79446ceb4e5e0cedb9b164f9", - "sha3_256_hash_of_public_key": "86bb11e7d9c1368fbba34ce3a2f169c2464ef5fbc11f73843c456467b6cdbd4e", - "sha3_256_hash_of_secret_key": "5d46659798d268f1314ad1e7c1735c480301f5877773403966e928bc3fd33d1b", + "sha3_256_hash_of_public_key": "2ab47ca9355ece6cc643c3274c46efbd6e927b8b4d11ae8f80b5345b487a5c71", + "sha3_256_hash_of_secret_key": "9f65505a34f12eee3e5f6ba1cc622dc0024c4be87dc0648ff9e1edf9ffca943a", "encapsulation_seed": "28f5e9dbda122b2cf8f3754fe9e0c73a84ad4b0c093522e0b62cf815d60bbc3c", - "sha3_256_hash_of_ciphertext": "5ff5d6bdb110bac57e58a4e288d056a1384f9823606a42daef2ae82e0b7574b2", - "shared_secret": "cbb8b7a05f48b47d163cf8c2fad32bc586f47f2c2e0911da349f29b1e3286c22" + "sha3_256_hash_of_ciphertext": "5c7bfaf193010937498fafd5f4eb4665996c6a963ba25368439dbe05c56bd99c", + "shared_secret": "7104fe381d6d7995b4d550278a66a719b9e79d9bdc38fb0bb60212c4355cc520" }, { "key_generation_seed": "588760826dcfbd36d9abe6ae44a669bb3ebba6a218eab69e30f18a3bd536576e0e860576285483bb5fd36e2f944d32c4317bebc1e441470c1372046a790d79d4", - "sha3_256_hash_of_public_key": "29253478090cb4d580bc2a912645bc685061e5d4437b3811eda69c865ea9923c", - "sha3_256_hash_of_secret_key": "aadce411f3708e9727e4a7e4e198781e1ef5e8f4c4c14add1e25f5758649e265", + "sha3_256_hash_of_public_key": "3ab27768ce397a94bb7d29f5dad97d54054915eb66be41023e5d7052a10ed1e6", + "sha3_256_hash_of_secret_key": "2b091ca0237c155627226a58c1ea9a049127e7e30e397307ae20343e21408dbe", "encapsulation_seed": "b0d713cbef0bb1df70cbb425d1e9373e9f7790fdc7980cc96a240dfc53f1e8e2", - "sha3_256_hash_of_ciphertext": "675039d66fcb631a050a8b24415b50f331350bd6697f9c977eef15c15d4cacca", - "shared_secret": "1eef87404f318351413d52ba8a07cfa5e72f235d6f91afd7fb8ad3e683ce0a55" + "sha3_256_hash_of_ciphertext": "1987dbb44cd3fcd1b3fded283f54d82a2dd146508124282d59a8f862be82a2a0", + "shared_secret": "79b1ce19715dd0a74ada36d31f63f3242716890a66d6348232c914c8e5c4c499" }, { "key_generation_seed": "47550e9edacb6ddce3d9ab81f6b61080dd4f2693854acb05e0ccc7a4fb6390fbf89d7d99d5c3e0d10d6ef9af054d842375f695abb28e3b8eb495100f04306e92", - "sha3_256_hash_of_public_key": "286de7dc142efe935e84b0aeebbd32d050fd9d8b008a94e59454b19ea401611d", - "sha3_256_hash_of_secret_key": "a6b53edf9efd7fa67a478456a5b6a379876c248f623ea45f4b541a8db00c524e", + "sha3_256_hash_of_public_key": "4c20aa5a85b2e43c56e051698c75bfc27bb9b1722501a6502d1c0dac0aa7f1b0", + "sha3_256_hash_of_secret_key": "684968be82e153d8eafea3ad507544b512bc1b0768775fa5732a12ec2b3b22c6", "encapsulation_seed": "32bdcdb7059fe27f6409901980c080308951ffd90deffa8317b4d213a5f04495", - "sha3_256_hash_of_ciphertext": "f03d44bd9bdf3bfd486919fec2177b8b685a9981de4cbc2a9e98b7e9b0a528fd", - "shared_secret": "ca2c0bba56645e4fce4b7e38a7bb4b839e754bf2834a302a2614377eddd6ae60" + "sha3_256_hash_of_ciphertext": "5a1273ac88362d6933e9f8e203af5df0ce809b23e125abfbea3f72bc386f17b6", + "shared_secret": "66e872a4b3baa42bc3e8e4ee787ebe070a094f05d2a0792ae2ae60f8bd0ee0e7" }, { "key_generation_seed": "610afb64be8cc1df288cfb016ee2f44c6c07113de7f6fee071fe0c3fe31c6215cd292e4c5f9e1a55e0489bceffb204d672a6215f4f3980a646d9f880817c52dd", - "sha3_256_hash_of_public_key": "029a2e12c3e6aa668afb5be8a82576813fac7b8e61c5a88aff94ecc2770c585e", - "sha3_256_hash_of_secret_key": "413ae41ee83e17b74ac654c2aca57abe8f8ed0409acf7cc8b301e3d6bb049cfe", + "sha3_256_hash_of_public_key": "72c30933b8e50425fefbf58d711f58cbf9fd8ebd2835a1b55469a2a1b993eace", + "sha3_256_hash_of_secret_key": "f156a8742efc92c7a7c5e07116d139872ec520aad1fdb146cbcff70c350a45a6", "encapsulation_seed": "4ed7c92d83bd03b2a25b567f17ae55542e2f6a4308ec0f3fe69f8ba5ae24331b", - "sha3_256_hash_of_ciphertext": "e8992f7b7b619c03cb9f0c991e3a9c20f91beb707c177ad4e02a5808d10d8769", - "shared_secret": "9155619e28de6cc0670ce70e0ad270f0e885e5f5f8d6d38426938ae1036d6ffa" + "sha3_256_hash_of_ciphertext": "c3c80130ce1ccb69036c753567b55e2e93df33496228735300b7640f2993c09b", + "shared_secret": "56551e57abc7b80a842db9ee65aaf6e65b7c4ca10fc297e9bb0a6364e6255bdb" }, { "key_generation_seed": "e1953800acaa85ac02a906c72cb8e8d704e8d27820345f88f71e89c1f549afcc8c64c049c6dfc0f1476cffd520b055756162f7ec94243de6b14ac0b9e5fb366c", - "sha3_256_hash_of_public_key": "e3ec3671cc7675a321af8584a0961101c04a432772431e77f5740ba3b2ef488d", - "sha3_256_hash_of_secret_key": "93bf696bf0671c3845c4b246f29701a0978eec5b49de81589009e235903061e0", + "sha3_256_hash_of_public_key": "bce58a5d05a4840f835b8ce39703f77bb31f20b9ee4fd3795c2e326244208b28", + "sha3_256_hash_of_secret_key": "abc33aecf69474343f3848633db85e595a465bcbd408472257e00be338664ecc", "encapsulation_seed": "060ea5d2ed1dd88144a9885e79278590821c22917b55a48920f96b53ebe0e689", - "sha3_256_hash_of_ciphertext": "6634bd840d2dbb01463cfe5b4e3e54d1eabc081cfbdc14d0bc118911ed8d3cce", - "shared_secret": "d1f24383d5b8d0c3c0a6a5f8f7d38ccce13ec179a84b0b09bcda4c9988f3eb4e" + "sha3_256_hash_of_ciphertext": "a500aa79a567933c2cb80ea580fff3298a345398243052f2ac292591810328b4", + "shared_secret": "30abe054c82a82299e7edd52870f461ff6048daab627b6c848a9d4f1c4641a0f" }, { "key_generation_seed": "c719f9b2d16399b7326ce4eca30dabefe8fdaab18e9f6df888b0a134ef355570e40771856eb77e4633504899fcb86c6a3d433d0b8d60e26f07bd61f1d4ed69bd", - "sha3_256_hash_of_public_key": "79836213a513bd4cfd42ed281304e3ee4560e4e0c60fa53781f83d5bd2bbea52", - "sha3_256_hash_of_secret_key": "65deb55fea451375ef335e7faac73917d32220fc70c95f371fdb16e712beeb26", + "sha3_256_hash_of_public_key": "0293675aaefa1219f8794d114bbb004463f9c631729734cb430f26f38886537e", + "sha3_256_hash_of_secret_key": "b25401df9f852f7383fc87fa7cbd267b9de2e80bb37946e9fa8d040134a9e31d", "encapsulation_seed": "10ef9426f8c4a13b52325c5bb4ead4596ecf2c6b5bd2d37d8350e90d4164fdd9", - "sha3_256_hash_of_ciphertext": "ba79883ad64a6f2b256004233d87809a8c390327a23c739334f773507e003aa7", - "shared_secret": "d2dab0b39b7f62de3ca9826f9dd15a4201191a0e0c690d3e52b305a9d3af2d0f" + "sha3_256_hash_of_ciphertext": "3e0e87ded530c595b63064109c6d64c78253f3bbac5f3bcba552539fa7daa004", + "shared_secret": "4b525f467ee0d96c1f4b899a114936343ec21c74738b05555b2bab9a5d0b5513" }, { "key_generation_seed": "e9acbb774be970206c3a738e243b420805a509fa59fa902044be2f0d013650d2ded5edaec5de3bf5b4d7c2f2e18e87f499c1968993eff196753db8045e2c8ba8", - "sha3_256_hash_of_public_key": "0c2e803c2872400c49e1bb10232946ab939319e84ff32cd354dc15d082cde5a3", - "sha3_256_hash_of_secret_key": "d37f172803739d074d71a2be32125eb1ba4250128342e34b882fcba38b259248", + "sha3_256_hash_of_public_key": "cadbc64e263f1afdcddf2ad63f2fcd19799a0a8f43ec867477e249ed5fe716f8", + "sha3_256_hash_of_secret_key": "ae483cd66ace708eb15d06b55b1414e1ca1cd440d8867932261fe16a41eab8dd", "encapsulation_seed": "a4bd30a64cbf29a4e290fa1cc1dfb99e68348713041e4409a1af23c5d80c15c4", - "sha3_256_hash_of_ciphertext": "13d437b2fd9d67ca0699a3dacd977fba5d072fa6b482043d63e8a9548ba6a3fb", - "shared_secret": "6869ca370a496af2dbaa866265d91ba6be54b9686b1b8dd5714f6ba861b0d1e8" + "sha3_256_hash_of_ciphertext": "b4c90f9d9595c242112c963a6f24b6023083a0751e341522eb4460a0eed65f25", + "shared_secret": "6cba1b31809b333ea40f2f67bad438226d91bd61b08860357a840cbcc8fabfc5" }, { "key_generation_seed": "c1b3cbffad4b306f9af0cdd3028876486dbe858875c9b6497fe20172a986c82b1c96249919cedc2369d8d739ab125e0d2ccb82dfebcd90240a545cdfe07511f2", - "sha3_256_hash_of_public_key": "5818ac8d7a38c781e3a0bc43d088e6d391d1d67d9639b260bb6f58a19a57150d", - "sha3_256_hash_of_secret_key": "280e4774d1b2401580216fa70fb24c2c214ac5dc7f3841710a42e14d6aa09663", + "sha3_256_hash_of_public_key": "5ca1708c7c6e354b69720b4b4a0c358fe9a6ad3febe78bb2a71691658acae21a", + "sha3_256_hash_of_secret_key": "eb002a4709c8b95bf166e0942d47453c32b93e32e4273aef846c296d1590d58a", "encapsulation_seed": "f4b66a7d3b65b896dfe100b2cad24b175a1168cfd2ae11fd704b835f6bcd311a", - "sha3_256_hash_of_ciphertext": "51eb70249a1abebd5159f1069b1acda2304f25fc9cbd9f4a625b58df448b47dc", - "shared_secret": "502d92b2a7e1804892ffb8ff009987a58f35baa30c0392c83859fde82105a9aa" + "sha3_256_hash_of_ciphertext": "3d21fa1e7c4b9e5b3f68f956afe6fac216d42fd9a3707b7a61932c8ebb5103b3", + "shared_secret": "8087b456d37e6aff785a0ca104cb03ef71fa2d6652c52dcd86220cacf878afeb" }, { "key_generation_seed": "ff7495b8575b5a98e4fd21fb4c3e58cbb60f14bef21aa74cf8802e3153f14807bdc370460375a778d1a31d01c42b66367ed8d9e8f84551002f552f0e52102b5d", - "sha3_256_hash_of_public_key": "172cf4f8dace8a96b8f70da966080a5e3f132873ca7544343377a99b65e8147f", - "sha3_256_hash_of_secret_key": "31136804b6c14f3a0a00a3295a5fed8d606369e64d272d432c59d7fe0ccc3e47", + "sha3_256_hash_of_public_key": "04f0066489947b572f76e1dfc2e24297b210ed0aaf228788a0b349d11689e064", + "sha3_256_hash_of_secret_key": "656696013b36db5535aa376104d5e2beb2c9a708282aa6a5f0ed42cbeefcf98c", "encapsulation_seed": "1d7b03d3c5eefb8ae5799dc569aa668f1bcb8c86607b089d3530cf61d6380147", - "sha3_256_hash_of_ciphertext": "9b38b66fdfe80acab82bf9577676f6566b4429f78a14f7486b07c96ae7be921b", - "shared_secret": "48eb4b840c0d957f28808e434786c02a8f99d3464ccb3caf91cef4a0f8e70c4f" + "sha3_256_hash_of_ciphertext": "a29dc0e0107aed03c698c2448cba21940bf9923c2098225ea3421bdb474a8ecd", + "shared_secret": "6799d393f4000857868049c19a102e5c04c55a6bfe3a41abeb4fb6d5228cda97" }, { "key_generation_seed": "bdc3fba1c32751139fc45bacffb3ea97f26573d804a5f27a459293d95190ed8efd5a08f656a6eb8cd20679930a31caa6a6331c4b133a6838c223ef9f769f6246", - "sha3_256_hash_of_public_key": "268b6356f92c57da6dd34494b927e8764adf0ad519612ef0d1b8951e50966c2f", - "sha3_256_hash_of_secret_key": "3bf02cee24670ca40b7280d8047fa147b24c5e286dcae9c24bace9465bb19f61", + "sha3_256_hash_of_public_key": "67ce6c8abcf3ec4d93505d3be02c039e5a12538e5e59adb5a5d709b9b342938d", + "sha3_256_hash_of_secret_key": "b68d06399932cb2d32b2a2aaf12e68568f160092efac36ade3536cfe6fc88d45", "encapsulation_seed": "554f3385b382f4a46314de37ee3885addfc5332bd4038785094e0a832e9e8c2c", - "sha3_256_hash_of_ciphertext": "fe8c3fcee4be152aff29e55f42f2fb1354ae55ccbe38400bc901ca032ede1ef6", - "shared_secret": "f9507f70421be90f21138a1e135329ee8228682cc948a6914ea58624d396df0b" + "sha3_256_hash_of_ciphertext": "93a08f27c7cd6ba3d5e6c8b6c833d8c65f05edb2cfd7eaf5bd392cd1563552ca", + "shared_secret": "dbbe6f3b6f5a35789697792e209428ba1f53d1b98ac2c0d1893cfee641e40375" }, { "key_generation_seed": "447f6076a627bbc5ad7773fbfeb14b4ba9ac43a0f8b99fb6dcd5e452aa3c47ec20a7237801f470fcc2bd9fd7bea8322859b850f7882d362947432913dd068c01", - "sha3_256_hash_of_public_key": "4c6d304e0494d88d83b5e3aa5761df3b299551a24f28994d2747b2b08945bead", - "sha3_256_hash_of_secret_key": "5de91ca73756eee74da3cac78a1fb329a02f8587f212bb9bc0b29e0e654a5795", + "sha3_256_hash_of_public_key": "7fe853da745a27a1462668bb66c4348b7f4bf25c70527b360b2fd104cda48fe5", + "sha3_256_hash_of_secret_key": "85a7c0a52f7898df5e3ba9ee378057b9e354dc2108c5f8c60a10fc20c9eda749", "encapsulation_seed": "38bf0033b779edf5367d9ebc01c988af90904c560970815837380650e4749eea", - "sha3_256_hash_of_ciphertext": "805ce0ab06c568b614cacbfa4cce5e65929e2846932a90e9418513dd48cf3358", - "shared_secret": "24caabaafe2063f812eaf57c58b6c0376ed8ff778cec1980ee9c3228801a75a5" + "sha3_256_hash_of_ciphertext": "23e8b844258ff739aceecb17073a7f2be2f89030ba7ca699470e4add6f55321b", + "shared_secret": "494550faf270431de90c96d2ddcb7c19249d5e85305b3b43626386c30b7aba5f" }, { "key_generation_seed": "2d5df64d62cb07fe630310bb801c658dbf3d97993e68626745de39d37fbfc2b27b534537addaba4ecf14f02ab317d36cb9f0f50222ced7cf029dff8a0d3d2fd9", - "sha3_256_hash_of_public_key": "72be2f5cd569e6229f00014854633f7b278e90af4ea593411909467a03e29cfb", - "sha3_256_hash_of_secret_key": "a68ca31b91491a129af9f280cb4c60c046e7a7ccddf41c9bd98663f8512ca34b", + "sha3_256_hash_of_public_key": "65297f711f12a5ff123e6de59d1f16878e93a31612015fb961bc572f3e999cea", + "sha3_256_hash_of_secret_key": "f80261900b053c4d1c5e3b445588f1aca6a9959b969b6a60df08f1a12da1b661", "encapsulation_seed": "048ea516d0ebbd9f709b47eaac66f344c571cf50f0d01c9466aa061a50b66a24", - "sha3_256_hash_of_ciphertext": "d27a36808f09d6165aefc5d253090027eeff0653268c55a0b3de2a751ec765be", - "shared_secret": "9f734b15fc7dd99bc10d6cc7de5d2c93ac789a5665e508a95d075dffbad25abb" + "sha3_256_hash_of_ciphertext": "7c4f753d71b67d7a6691db0e7d9bf2c2a13f9f48a0d9602be60e080262bf50f1", + "shared_secret": "eec9e658edcad5a8a705644ccd35aa3d785cc258666ff749bdbbafae6700f1b9" }, { "key_generation_seed": "25056d1b8113bb362dd979d98643d7a7ac9c4f95994c0ba060609b6d07002ff3f48a9254dd40b117941fa35a66bb50296327b725525deef70e128ca8045ec451", - "sha3_256_hash_of_public_key": "0831c75b153fa17d336a79ff6e88ddf485daf7b1b0bcf39d8df15319d52ac67e", - "sha3_256_hash_of_secret_key": "2b983d7cb50880cff761441b6a2c66b7a41642cfd2a8cc297a5df53f0ed1947f", + "sha3_256_hash_of_public_key": "51634cb33a2bc3fc22ff47b58d7879d703bdd661ad3c290a6d812485ef0ce8ff", + "sha3_256_hash_of_secret_key": "e9d2895dabc85514f2f1a543440ac0de41d49cf21686327bcc6066d21a2b93a0", "encapsulation_seed": "686c921c9db1263e78ae753b1c9c2e7936b8229dca48c0942c56c6bca4f10917", - "sha3_256_hash_of_ciphertext": "0892527da24957468b1b8fab49ad2d7dd6d238eca54624fce6a3c2dbbbe8d194", - "shared_secret": "d27e55f2a1f9ef336c8537f11da9875e03cc7dde8951d81b0740457609654107" + "sha3_256_hash_of_ciphertext": "8d971865b1ec760640db6e480ed27fcac239bb1c36e72054afc530d957672c27", + "shared_secret": "d5c5e6657d310b0ccef250c9664a02c846ecb241f2404ca851d8219f93cb0d27" }, { "key_generation_seed": "e4d34e12982aeeb1d62fd488d9b9e28557ed3429292239fb4f76fa9098009acae6c45c7fc62329b13c8d29844405db8ff6860de474bf727ecd19e54e6e1a141b", - "sha3_256_hash_of_public_key": "b30cedc4316b63d75b641fbad2f33241a3fc47ab8b3ee1a3ed597e5b04f77c68", - "sha3_256_hash_of_secret_key": "a49a7533c671e533deec55af218ee511c57014070e138c7059853e08c34b0a78", + "sha3_256_hash_of_public_key": "45cccc2997b502ed631257065214ab9afed11f00ca5c18c92c4d6b917165fd1c", + "sha3_256_hash_of_secret_key": "3a0f0c13760dfc8bf1bf79bdb1b4f94aa33989529be306bb826b07e089105b47", "encapsulation_seed": "2387772e50059cabda53cb93ba24b19ae529496c03b36584169451525c4a0e7e", - "sha3_256_hash_of_ciphertext": "390b3b6f9a0f9d97ccd452c83bf47416b22fd06b4d8968c44ee6effa7980e68c", - "shared_secret": "ed5903d1cf02861444cad7fc3793b4e1b9b6d0324bf6babfb768bb2f84300086" + "sha3_256_hash_of_ciphertext": "c60ba523dc75a1c9f8dd617f1cc775f6d1cee0fd7614da1a5366eee5950b6f10", + "shared_secret": "f62460025ebbb273f00207758a1215c3a8053d2ac66cee11c6760aeef7e35d24" }, { "key_generation_seed": "cd6a99396eb3539ca663a51e42063a3a262cc1c5a5fce1566f0597b52ad9fa325a3407f591791a5db4578b5972093a95bec3b8e70c1d542c9b5c9789729f8922", - "sha3_256_hash_of_public_key": "ee044dbdf6787ff038dbf9c133557169c62fc1ce2580739369aa87df00b49648", - "sha3_256_hash_of_secret_key": "9e865967f0d1e7d3f6a49f2bb623ced2a7b1408a945e02adbdca35846b70e7b9", + "sha3_256_hash_of_public_key": "89560d4e598328f6302a9762bda2b0f29fa8ee34fe48dc4847810fc6f44cc198", + "sha3_256_hash_of_secret_key": "30f40a1a6f4adda2a9e73f3a881f3d10414031a0f5fc0f70ffa4966b29bb1a7f", "encapsulation_seed": "155c29c5f0378df0cd0e847a80a07143cf7522fcd880c9229eb9feb1ce340cd2", - "sha3_256_hash_of_ciphertext": "6858db6eafd97259e6d775d881f7a877010179d4f827680426946b9ac4571261", - "shared_secret": "0d301028c1cb31dedc8a702a9e95b7d3589f68a6a1f600af84ae0f543e625361" + "sha3_256_hash_of_ciphertext": "932a09da1c6de03fddf0b45ca31f2446c5c2a3d47af171cde29149167e735cd6", + "shared_secret": "74efee46e7b26f5022416ae9bf4a52a3940966b37fab0c3ee2e8fbb24ded6bf8" }, { "key_generation_seed": "6c8c53ed6f65e6b2e324b84364e10de42d1c26a106d4d1c99eee79c78586fb55b9402bf02481ce4b27a52e87feb92c4399c7f2988d40e942e7496ad15ad2aa88", - "sha3_256_hash_of_public_key": "e965ac6995d525e324e8252d8e2c2da909a29b24baca8b68daa5122cb539a474", - "sha3_256_hash_of_secret_key": "91051a381626e9465fc7ab20a1944eca64be461330bda53e7d1838a74597392d", + "sha3_256_hash_of_public_key": "878025deeed7dab8e62d43c3d2096e4682692537c70ebab9e1561cba88b05ec0", + "sha3_256_hash_of_secret_key": "5469881eca81b37faa66f4d9f63c20ecf61fa8337a095410fc19eeacd774b863", "encapsulation_seed": "a9cb9a61a3324b1ea5afe693b32784e2871096b2ca14a11acc9577c52359a241", - "sha3_256_hash_of_ciphertext": "42bfb5584610497fbc8080a664139afa534b39a417cb69ab0d2a16c8737eb1cb", - "shared_secret": "354d86b389021a3196b75c6582927b3a005fbfee0951f34d9cd5c8f415fa50f9" + "sha3_256_hash_of_ciphertext": "0407bedaefe91d921a6442f34fe88c04e62389fc63dafe78a1a2b93723786a10", + "shared_secret": "92fd1bb6ea9f1a0a195b3ca29e457f4b3f401fb4521842196d9471f50f5c7249" }, { "key_generation_seed": "2107204cd995f1df14314d5381f8c5440f09a347502e161cffc0a2ec3dcfbc7324c3da70fe850e80aa818301d60c70f3038153866dcd5d179e22db59b8991bb4", - "sha3_256_hash_of_public_key": "a3d8a85f38cfda38c66ae39b2f9186ef7bc1e0c98e8976a6cbc6c4875d73d7fb", - "sha3_256_hash_of_secret_key": "cf7e797f8f7229a08206034737e54fe46645ab2fabdbfc8662b45a2604876b65", + "sha3_256_hash_of_public_key": "7d30385f988dc748b843b7b7f569e58ccc9215503e1bc2f28f5019fc72fe6d33", + "sha3_256_hash_of_secret_key": "5b425d514afec91db185ec5e84bfd545453da4f3acfef398e7b3548c63f713f9", "encapsulation_seed": "e99fbae8a024ebbbdcef32ce213f6aa942e3eca925e5da4c09975d773b33a175", - "sha3_256_hash_of_ciphertext": "ce7b65856502b280e02a36d906e018c6a23cae99f27ef6d65762c87ddfedff56", - "shared_secret": "3afcfdc446f93a8169024a24fc0383692843cfd6b4854a8e490892fc35aad4cb" + "sha3_256_hash_of_ciphertext": "886a86759ae6a21a6dabe37a4b4443bdd358502f0719b5b9178dbb6b9f7e27e6", + "shared_secret": "e1a195eb1093af69edf107980f94adb3058378cb79dc807684c26c4ee1308533" }, { "key_generation_seed": "63a925685a8ac5bbd918faa33ac397d1ffbcf99135d9da7c3d6ff7aa4c50af3d3afdb8a246a56ee71465591831c371f2eb87467b0559dedd776ba063ee6d2f93", - "sha3_256_hash_of_public_key": "aa73b40dedd61e6fdaac86971965c03ab14ae69e8130426fdf830bd57d0974ce", - "sha3_256_hash_of_secret_key": "1e7f3f1e5632d1df538b564304f56689742d1f652d8d32f019b45183af68a20e", + "sha3_256_hash_of_public_key": "0697d2f9e047e603b8845c9ecb168576f9d8bc7f3c831b6ec15c5fa4f744315d", + "sha3_256_hash_of_secret_key": "8b634d3c1e118577cc095a8bc53d05bc8c869f2001f3ef591dffd8cffffea969", "encapsulation_seed": "67a216f37d67f5e74f782f1badbce1cc8c80a6130aec305b421899a4faa0a6c3", - "sha3_256_hash_of_ciphertext": "b6c40fd53bcd9ee1e70bc6783b402ae34c24dec724e63262d8583c90cd10256b", - "shared_secret": "ebba9a8bae936c829c1445c68595da96919041ee3d9b0fe27ca93db691146874" + "sha3_256_hash_of_ciphertext": "a9c68747a9697af9d9442e3d5341161afcd1977777bb40dfd8642807d96f3ccb", + "shared_secret": "fa8721164f599caeb949141b24a124f2d576b3b58c1914af2b05da26b09bee30" }, { "key_generation_seed": "6a1aee5e708c1b47f02bdacce4f56c860f74fc7cfec1ef3b58285b1c8ad7fec2230e05b7114ff0395cc6634db1eae8258072d09c09f291e92d6620b177dc50d7", - "sha3_256_hash_of_public_key": "cf754f2ee43694865a09ca7beb0deda9b1328fd0abdf30ca5c338e27e8be04b5", - "sha3_256_hash_of_secret_key": "928592604aa44df8f2072f26e9511129f61da0b7f57acb3f6896635a9764ea87", + "sha3_256_hash_of_public_key": "d49e426ae85eaa6c911c4dca80caba6e28e5f645a54d8c016de51a2b98241a29", + "sha3_256_hash_of_secret_key": "cb272fd45a2a27a517bbe1d77d99c027b8664d596bd77d18c4e861ab9900b0fe", "encapsulation_seed": "52b19fea232c9154a3e431e9d69cda40013cf2d485c3cd027ad24e645420420b", - "sha3_256_hash_of_ciphertext": "a4b50ad169b436877652a6c64dbbffdd63f53274ddcf58f3c96c3929215aa956", - "shared_secret": "f063c0908deb2e61faa0c4c0f5051b2c8af7265060681df14bacb30f0228b3b3" + "sha3_256_hash_of_ciphertext": "a569fc93ed9b0342e4090782e82b576632dfef108ece59234c783f80e1862de8", + "shared_secret": "d479c2f5e622cf848d921a7155cbbade062d0fb3ce7535d1859eb03e18ac64f1" }, { "key_generation_seed": "6396b328b100e4c7f4bcae69875edea1a1982421558c608c13c592bf7b5d0fef1100ced48add211a5c937b8d6079d8e271af3f949edc61f70e60453aef20dea9", - "sha3_256_hash_of_public_key": "3a842153dee9e035299d7e268c9492d71188f9fb24bdc2dd20c1ddca647a1523", - "sha3_256_hash_of_secret_key": "28ee987bc4ae5a321d2669950dbf87596fc4b35c29f192836005064aa3dadee1", + "sha3_256_hash_of_public_key": "903d69da169d8f3f65eec290acf30078fe51bcbd1aeaf412dfe2d31c7b10157c", + "sha3_256_hash_of_secret_key": "87b236ca8da0c7a9d38d7714e7ac16e6dad2fb5282a04b846afedbbc0449b395", "encapsulation_seed": "64440adb05db3308b189bf999f9ee16e8ee3a6ccbe11eebf0d3ae4b172da7d2f", - "sha3_256_hash_of_ciphertext": "126b64a28d82d06ca81f7e86d33f4949634924e04528d1142061320eaadcb841", - "shared_secret": "02d2e466e170bf45d3e9d357e2f04c34cda408cf147e9ff7a6e8c715f2c88ace" + "sha3_256_hash_of_ciphertext": "d74122c64015ba74b20c9a675bf688952d42ea421aa5c7b6c82eb6dcf0cdc092", + "shared_secret": "0dc813eb106eb0d4864ffc38432937a1db0d27745788775a8299e93d1c808f18" }, { "key_generation_seed": "a453bcacdd2b0d4646009e5ed451c3c45f08fb827ef733db3c517a9dc1af93e67a3cc8aa3239d4c52ce4c95afdeff6efbfacac10d294edc0e7cf4535059bfdba", - "sha3_256_hash_of_public_key": "da43cae3c4da51d69a57eb87094a03cd3a9c3e6b4ed864cc691a60f0509cc646", - "sha3_256_hash_of_secret_key": "b204cd1c3122b29a3d99cb77e11427fc102375699928c5a6fe816f96bb212627", + "sha3_256_hash_of_public_key": "08cff1967030a528e748b708b0fb783577f249c04ea5536d2da034fd0d15fbac", + "sha3_256_hash_of_secret_key": "de3ea809c8eaa873e0aaef44d481d8ae72799a0b746c5847f3d412865871bf63", "encapsulation_seed": "c8bb46b3a7344ad170c2052fb042b5a3b62e0590562ee82577b1081f6f114d16", - "sha3_256_hash_of_ciphertext": "228dfe300e3fabe4d4e550754ebcbbf72a796209c1d24e7ae93abb79e1cf17dd", - "shared_secret": "6a5b0842c122ab6ee251399492b061d2ab3e40843f4dc01c12fbd5bd545c600c" + "sha3_256_hash_of_ciphertext": "f0cbdd82f5731bf4177a14a3abfdaaef5fbe94a71ff3f1b7852a010b1d4d7eff", + "shared_secret": "c71d65ecbae83e06c622e28a4eff43c10041539d851149dbdf295eb121550d5e" }, { "key_generation_seed": "47ca2b77c5b717f423222c2730ca5cb9c856bc951d01b2b2c80bd76ccb5539b78f1481d7cab000e33fa07de8dc9627a85e76fabb4428a3376e66300cf12a0787", - "sha3_256_hash_of_public_key": "6533c524a32345eefdadc74a3c6ad7e981832797faf1068955b79f118dff9358", - "sha3_256_hash_of_secret_key": "b9dee52055b1f9a2b25a0c1be4d9f30d2ecd7c5a09f0f5294de2d49a55ac9fe0", + "sha3_256_hash_of_public_key": "b5ed4c3fb678a44d92486cf091333c7f035541614729496d5dd45ce580f0d263", + "sha3_256_hash_of_secret_key": "c313fdffb08de4e928bf32e08a8d0310ea94f9713381f81cdd494a3d4af09553", "encapsulation_seed": "2e2b70609f3fe029a14d09d5d659871ac776ce2797a0355f16e2eb68f5613fd1", - "sha3_256_hash_of_ciphertext": "2d7e8fbd6f2257b05eaaa2ca1643c452b4e0b623c9ad72027cca8dd8b7b5b91d", - "shared_secret": "2486c0a6cf17d9635dbca1f8395784cde54dccb7df10fced92183f983478fac1" + "sha3_256_hash_of_ciphertext": "5c266d232b038abc42ac484a721f63094ce50740008e0be68571018d8355099f", + "shared_secret": "82360ffb5455f6dfdfc6bfc1a3999eb7453365ca311a0077c9d74968ed27b7a1" }, { "key_generation_seed": "aaf6eb40e596a5e3e8218871e708b089240dcbe7fd3641f0e5e41e071ce49107e2f8d320ac3cb0c52efdc753282f092bc39baf4a18783a48ea031a191865eb78", - "sha3_256_hash_of_public_key": "e2f60f27da7f318eb94a74b437f8e0bc9513e9bcc38dad99c174c1d75e0145f1", - "sha3_256_hash_of_secret_key": "68eaa8143a71bd5f6df29b128781e3f2a5fbc5d20534afb223ddcc64bc767f5a", + "sha3_256_hash_of_public_key": "e9037042553968ff3007cdb135e368ecf440e4187e554af9d0ff272911ced339", + "sha3_256_hash_of_secret_key": "21dc6c39559081b2ca594cee9e9825ff973158cce0d11b38a51b503952daa372", "encapsulation_seed": "4725dd8fb314bfd8ee23731c2341dbe114606d9abe6434c471b5573e7df193bb", - "sha3_256_hash_of_ciphertext": "b5b2de55cfaea8fe543f67c4f45a69780c3e2d932e56e0b574d9b40b56ddc1f1", - "shared_secret": "85690ee044e4d8e0540ff984775b59bb5134383c4e229e79e37d7d77632fadaa" + "sha3_256_hash_of_ciphertext": "525a66ef29f0c8a0f989dae8592e9e00cb7f347915217d53f08a7699c2b912ed", + "shared_secret": "77ef6dc5a6c8ff657070e418fdb3eb272c8784a9c38bbef950c8ac1de5ec5578" }, { "key_generation_seed": "6500f32c93415cfdbc0bd31d78d5be95cb9060c8cfa2013955b56f8b6868b322393308641a9a4647f230201e1389624a296b55192a9819fcb19ab77c25f95445", - "sha3_256_hash_of_public_key": "d4bf608793939ecba27dff5889d4d921c583999a57e20a48085ac549573e6abf", - "sha3_256_hash_of_secret_key": "5f9a14a9c41fc228306d79417015408f31bc9c3d97579616bd68a3d3444f9bd2", + "sha3_256_hash_of_public_key": "806aea6700e293f433a97e4b2c8485e6b4ac19ad493c4c16a10a2a884d58f5ee", + "sha3_256_hash_of_secret_key": "f446ecefbf4c63e8897a89123ff38bee2aece076fc7b268b6379c996999085ac", "encapsulation_seed": "818d3bb8ebfb32bf464775f7139bac0a5bddce80ec5798595992f9403002cd5d", - "sha3_256_hash_of_ciphertext": "99fb7b7767fa94e74936a6678acfd5a2306b156f90f4608d507768a25403a16f", - "shared_secret": "d179d901a0570bd23aa52570c5c233a2240d4724e81d98c9ceedb74187eb75a6" + "sha3_256_hash_of_ciphertext": "c7c82e2b3d0d3bcb73c5d9203ca3acc94ae8818794afc7610cf48a21e830c450", + "shared_secret": "b0978add3085e1c972bfaf86655a287946f3853cfb372f6fa5813a11b6c4e103" }, { "key_generation_seed": "7643cef2d62cc5aaeecf754653ea62294cd2208e5bf3ddeea209e3dc45373d49eac9d531a532770837a854b4f5531f6e0c8d6c10183b30d3435498c2dd142951", - "sha3_256_hash_of_public_key": "65f03add3941d22c80d50659f501f8cca1b448d84462ccb93d5f065889484bc0", - "sha3_256_hash_of_secret_key": "e4513cfd1dd2153d30d15b023421cb8e8456e6a40e612847e1713e915a29a87c", + "sha3_256_hash_of_public_key": "33df23b37987c6b557e4c0f8fa9e466312f19e7e90cd0a67abe6a145cbca9d44", + "sha3_256_hash_of_secret_key": "039031ac6171ad5fa8734fa3d60cc5b6590574c09ae0c02564c1907ebc772d3c", "encapsulation_seed": "c92aa5fb91c980d9cade9ce99d4c75b2ffa7d6a6ff9bd59def1aa701f2a0992b", - "sha3_256_hash_of_ciphertext": "4cd7f0af86623b34c0b137a0516b876daa73ffd65d75871ddc828f86a7e9b224", - "shared_secret": "6d574af7fcb241fed8763b2d0a352870baf85ef686e90eea31f8500c35945ef7" + "sha3_256_hash_of_ciphertext": "6fc3012eab242c5a3dcf99b82c5e5230fb8a4d45902afc7bb82648298d8a00b3", + "shared_secret": "b888ef3a969e162edab17c3d3de9ca682de60a0fd6ac97e1b5a54171dba12a3f" }, { "key_generation_seed": "f8ee95521060c03bb8dacc79f7eb7db640f545f315613a35d447a09e504cb4e13fc3d8392cb53f36ed647364a04e37278a0e0a45b720f4a75c580c9920eba98d", - "sha3_256_hash_of_public_key": "b8a3b8cf4709204a2fdb19889b0022ea655dfd58ff27e17d530510e1eef45793", - "sha3_256_hash_of_secret_key": "1f7cdadf3d4707efe1b7a6173d8f7b8a9f864ab388c3271d79ec424d9da3e896", + "sha3_256_hash_of_public_key": "30a5771b76066feb7f606a82cce122964da1be0b6872ee319832214ec677738c", + "sha3_256_hash_of_secret_key": "644983542c87680786b41fb07f959451f1507165353080a3789810fdf557f961", "encapsulation_seed": "7e8086a01dc5b3bb9eda25bcc45d27f99874841b97237968495800e007696ac5", - "sha3_256_hash_of_ciphertext": "1ca889a71a087ccee4ee1a178c3c55ce3649583f3db924e5c1003ccabc44091d", - "shared_secret": "b1090cf26276a81c22ef0e4479a4c705fe294d3b892051ddce7eab16495e0783" + "sha3_256_hash_of_ciphertext": "6d468584c0336dad723a1c3ea970d53837373372287371eeed8e08ca06e010cc", + "shared_secret": "2fc09a1852f458bc7afb58baea4d6e318bf6801e7804b98cfc250b0a1470c598" }, { "key_generation_seed": "b8bd0493a882e3a49b4e0f6256fb1fea0912562fd9ba26ec3d6c9cc12c8973abd7e4b5d8021c486b9c3114d7cbbeb7cd49eba8a61bc2bcae1f1bef30a1daf76d", - "sha3_256_hash_of_public_key": "46fe6c37136273736ccb11df5b6d55debbc087de802404b72a003c5e8c809719", - "sha3_256_hash_of_secret_key": "3177ed170e84ff15fa1e744adc9ce806e431a68f15a7a026c6092bf593dec6a1", + "sha3_256_hash_of_public_key": "31fcd120f19fe976236711e58b4ad172d25ce01eb88bc9d6d051c56564a0db11", + "sha3_256_hash_of_secret_key": "1502619da09b1bb5e418004fb0263c8f067cb9317053ed502c501c5b5ba4d331", "encapsulation_seed": "bb321ef14d44d8698df879fd52450567657f52a2df8d111185dcd7d4f30a72d4", - "sha3_256_hash_of_ciphertext": "aa9a0ea1823a84bc84649d26e249899437844827fe7c63d4828a5144929fa00a", - "shared_secret": "2fda9fa72321be3a0946d6d914c7ae714b9cc175619ab8abfd1f1fd499e0dc27" + "sha3_256_hash_of_ciphertext": "369203e0da6ebef7ae651a3111e67303f89f568b9897ae4c24497b3180e0bcf2", + "shared_secret": "930131d3145d5485f06c16a9420a612330843e6524dd74654a85c383e28f2cc1" }, { "key_generation_seed": "c0407e41ddf48d333978b89bcf2db01e4613425b456249e76a6f25b8a2827bf5b2dca81e3f5f748d23c9d356a2209f6b2d60247b2e45c9808de497f64f124643", - "sha3_256_hash_of_public_key": "a074ed1f76e97d68434ba4af2af0e549204222679e9e643580c35af3cdd247ce", - "sha3_256_hash_of_secret_key": "8f9b3f631d0fb04477846ae09aea725f1cc65b2cdefe2108cdb399c36db9b487", + "sha3_256_hash_of_public_key": "42f75d6e3755c28f3081ecc9db44f6cc7cec9891756d74093716697781fc8cb5", + "sha3_256_hash_of_secret_key": "21b9bc0035097cb2b892a3f4ad5660b160b18973b735181beec815eaf5ba5286", "encapsulation_seed": "210a423dadd899b810f011794b79aa7f860823ac1962370e791287d3a1afa384", - "sha3_256_hash_of_ciphertext": "a4fb01f55eb2986c1f90cece43330bee1b16d7bda48d617fc94aa14fc540ec4e", - "shared_secret": "23798e8b9eaa0b369842cad83a2bc32206f791229c830d7593b9150161168011" + "sha3_256_hash_of_ciphertext": "c6d1d905150eb6586eea72b13f7210d9830e8e689f9da7d9c04fa7705f21cf01", + "shared_secret": "b276a4fb4cf77eab502dfdf56eae9f8a8ff5e7f5df3f6cfc80614b193c87f08d" }, { "key_generation_seed": "334382d39164d1989696a2ff77b25a28af8bead9883b5365eb6fcca7c1781cc9aba5068af837be962f439f233593d193ce5e08f7d66efb3389885927b89d2523", - "sha3_256_hash_of_public_key": "26659f74fc9ec372fe18be4ed6aa28b7cd84ad1c0f0115dad011a11d20fda9ed", - "sha3_256_hash_of_secret_key": "5e3f83cb08ff80183879af9ade3631bed2a468e429ad027a5afeafd9a6f66362", + "sha3_256_hash_of_public_key": "43d6c8562cdec0e87d00c8ca8060da3f031ab663ddb43148eebd67969b7fd490", + "sha3_256_hash_of_secret_key": "d3c172cde1f249c0a7fdb003ecc0a189776b616378b188744e407ccc601fea7f", "encapsulation_seed": "bc856afe24213e3d14c3d6f9b89223bbcfb2c890722d770fa3492c1e46d1c302", - "sha3_256_hash_of_ciphertext": "6a4204db4803d26d7b8a769033e047f3b4cb616bf5451b88a1fb3ff219bba9cd", - "shared_secret": "d5c63d2bd297e2d8beb6755d6aefe7234dea8ecfba9acda48e643d89a4b95869" + "sha3_256_hash_of_ciphertext": "353cdb064a37df87524874d3f60afdf4077be0ad96e1ab61a9ff1745d1e6e5a3", + "shared_secret": "f4924920e64013fae72cfdd1e94b217eebd55a011f6b7542958abb297e4fd180" }, { "key_generation_seed": "6995143e8eb8a6e93840f76eec844f67d2b5f75b1839a5040337e61f9806764a0f4dff8e56f68440836a072412a30d851ace2c7c6f02d60e7a8420001a63e6c6", - "sha3_256_hash_of_public_key": "2ca3d8ad2dab1dd8a2f4320658fe6eacabf70d907920593919119cf374516336", - "sha3_256_hash_of_secret_key": "2798448395f6ae3223550e7d5255e6a605b430229f5809b6efd0683a6b9ca402", + "sha3_256_hash_of_public_key": "3cabf1c47e7aaada59ded4fa8ce378ce1d9eba621ebfe8cc96a111aaedc4b6cf", + "sha3_256_hash_of_secret_key": "225563503590841152fcf47d4665b7cfc76e2b9de23c0e24b527395549f9f7ff", "encapsulation_seed": "5fc00f89563e44b24cd67d0ce684effe5731619fd08e7d72e2406eb016afb66b", - "sha3_256_hash_of_ciphertext": "dbd5fc0e1df33ff8af9efd5e281a2b98160f98653803cbd54e3a07292b37fcc7", - "shared_secret": "29d6a229adf49a1139794209307b0ca24be5825b2771809232fb718660162475" + "sha3_256_hash_of_ciphertext": "f11aa37ffca654d11cb5f9aa294ab734302851b434b57e0f5bb811bb5bafc177", + "shared_secret": "412bafc716efe4ff928d9a86ea4665dd841e2f102a8363b994a0faad63251eda" }, { "key_generation_seed": "995eff7e0d195c6d0533f3dc194d47e60f9ad14696144cde694d60a95f3e96b4b28f7e7a15a005f92400ce33db073d49b53871594a88fc45e0f94207b5f0f2dc", - "sha3_256_hash_of_public_key": "de62eff56f6b49a156d065d85eaf0aa21ca229a20fa4e1372a410ab1c4ab6e7e", - "sha3_256_hash_of_secret_key": "6766cef3fe644a233caddf208074b58e6e83f8a78aecd00911c29a08f6f0b0f3", + "sha3_256_hash_of_public_key": "2853cbbda86e7039b635d4cc850f494d42b240acb54ab2316791e9ef5b45f1d2", + "sha3_256_hash_of_secret_key": "87ffcfe7a504e0dca284d8cf509a92a24f82ed7c46a8c1604d9a2d6d14b1cd11", "encapsulation_seed": "ea22a76065db4b565ee1807fbd813b43bde72b0e08407fb867c6a18995025e50", - "sha3_256_hash_of_ciphertext": "4c669e33b0227c9c2040cdacdbcb7d22b9984372587985ed8f860ffc8d037e79", - "shared_secret": "2a56a7a6d5b4c0500ec00a92e322e69be9e93006240889552072482966c54f56" + "sha3_256_hash_of_ciphertext": "ae8fb4bcfc08f8daa486b185540b501680e511f46fe8a628b8fe449d5a51590a", + "shared_secret": "c514d4086428200e118c1c297ce5ed865d7452cd7770363961bbb834f56c564a" }, { "key_generation_seed": "3e809ec8dd0fec0d911a4e3fac20f70fbb128c5de94dc7184ca7310ae9157a98d8128601c28b1def8d393a0db283229f7c7383152a814e7cefe8ef9d9768c473", - "sha3_256_hash_of_public_key": "66f161d27dc34e1a2f4b98b14a2b221d7eae26a593bfe432487d9994cb480656", - "sha3_256_hash_of_secret_key": "2237f6cbb452d375878b82c474a7c948ff587a5f3ed02bbba1459fa7ff8ef802", + "sha3_256_hash_of_public_key": "2d5680b483287bbd3e61a91839cca9e761429186176b7bc64034ad43f16f65e9", + "sha3_256_hash_of_secret_key": "bed74aff196e7ec7bbb4dcaac39ee1a79cfb35140cf4c400b6ef2fdfc53afc6f", "encapsulation_seed": "e9602b34fe73ad57f4bf6ead99743d645641553a5b9b9bf2e7016629e3e9bd76", - "sha3_256_hash_of_ciphertext": "8a2453a21a031cb8966924607a28882426fab2018826192e9bf833bdd38e0631", - "shared_secret": "ecb62b03f640ae4a9d89685fa0070efa93c24dfcff0d555142f9de25b62f861c" + "sha3_256_hash_of_ciphertext": "d46f403ce5a0dd92937acc508501305da6bcd32b56ff5d986fd6a07e713ab92c", + "shared_secret": "a175feba4c1bab576085bb12683d2bc44e98c75f543cee714c75391c559450ce" }, { "key_generation_seed": "dbf1c465fff3d9f783bd9ee61a573715e45691147b8904439b5ffaa64f94ff7bb6d75eac6c76ced1b0a025b40a55440712ad8424672e761e9bc400d63812006f", - "sha3_256_hash_of_public_key": "7537e68ccf14e8b7e57090d8f648529dc461ca3950288879e88116acaf57b4a2", - "sha3_256_hash_of_secret_key": "bd8e44337eef01251217c4702c99232c001b33870953473d83a7486fd25484cf", + "sha3_256_hash_of_public_key": "38635cec71b814aaac223f748d13158dbe8eb902d9125fdc22202c4d59251cbc", + "sha3_256_hash_of_secret_key": "f3b87926951408dbb27fc2a4a6c14c40fedc8a1cf5c34ab398d91d554eae344f", "encapsulation_seed": "f72b9080a6c051bbdb9b0abc1949034be0f89a9f73fe277ec4d4740c78d04a83", - "sha3_256_hash_of_ciphertext": "6077c60641c03aa8b36213dddf938311ce6b7b8801f967d42713e73249fe7c55", - "shared_secret": "6cc30699701927e07b559d708f93126ed70af254cf37e9056ec9a8d72bfbfc79" + "sha3_256_hash_of_ciphertext": "50350977c400c1318bac5e32925d0f575dd3559587f42d025f4e71648e697218", + "shared_secret": "9781578191ebf49b162aa768d093a332b9c849c11e240187cec2ee969d4b3860" }, { "key_generation_seed": "1f7cfd2b70863154e8a69d1758532e86c20cfc763d67c758bd10a13b24e759b5273b38bddc18488024ec90e62a4110129a42a16d2a93c45439888e76008604c6", - "sha3_256_hash_of_public_key": "82f68b15681cca5c2852c18d6e88bcb102a059c1d21936582adb71790cc0a335", - "sha3_256_hash_of_secret_key": "fd483ddc211c5c27f453bca56158e1f8084f075a7b06f5098cc3204427bf8197", + "sha3_256_hash_of_public_key": "af97825a77f2f4b6a45ec1a579f9f83e89c025d8d6876db26874f38348604293", + "sha3_256_hash_of_secret_key": "b2f08250a2681bbbd3c355e2dc61bda33cfe39f3dbbd2a3f3c41ee2266084cc8", "encapsulation_seed": "f1e5542190db8ecf4b8d617a04fd3783ad0df78bf8dab749afb57db8321d151b", - "sha3_256_hash_of_ciphertext": "5c6cfa16f63b1aa93a2b5edc2f4b14c9782f286f53deedf3153f329a2ae2d57a", - "shared_secret": "250e7f67bb34dd5477471e3a701fb71a8138a1920eb807824380f88a944a6fa3" + "sha3_256_hash_of_ciphertext": "33acafd1de1d8d8c7a9ff9a6cd69fd013b46b79e74a9180e99d5fa87805dc0de", + "shared_secret": "515dc87c21e6b134a577e4eeccf43a982ba7eac1224d701cf099ad07fee77cb7" }, { "key_generation_seed": "3a19577908efd37697b8edc7fdaf47d1bd3ad01a1b77faf794bee5b9c3192a6fa3729672816f3eba84c9638a79676eeac0f22c8a48e0c5d50a26ff0844c66b99", - "sha3_256_hash_of_public_key": "104fbf09445794c0ea0654f5caf70ee09d51c8386d4e1f467b10633c710ac2a4", - "sha3_256_hash_of_secret_key": "73fb93953ae666a9df1bf933ba56b8655ea9e319c0110c78d49f8480ae1aa3fd", + "sha3_256_hash_of_public_key": "8517ab7585926764ec7acff3c747479e837831429b97b7cf49ac3763bd9ebbe0", + "sha3_256_hash_of_secret_key": "7e5684a04d59f9166f6b408dbc8ae5daf3ec6678cf5eec1e5a9016392cd6c8db", "encapsulation_seed": "74efa414ae171bf60b6f884cb7e5ce12028f49365daccfa23e845d551711660b", - "sha3_256_hash_of_ciphertext": "e51772e769f778067916e81a561ba6f64fae6096a2b4d4b945d9117e7c36e2b1", - "shared_secret": "0210935a18f1add5ebc2e1107bf40a628ef9cf8f6e7cdac81dc0291bb50a5a3f" + "sha3_256_hash_of_ciphertext": "0515c19fb395ed94194a60a6f7883d6351fa61ff18060be4cfe2eb9f81ec0024", + "shared_secret": "edc2c0314c7c5b2b071b85e373c06b31fa54dc499168d4b43b15f1d05b8b7ea9" }, { "key_generation_seed": "ae0f65e29f38804a6759f70f4d01e2aaff7fe1c91ebc4f892dd0de3ab2e68ea5e03ff73e02a217659f53d8c47556bf3d8c94040f630d63605e2d0f923579370c", - "sha3_256_hash_of_public_key": "0f353d6a29813d354471eb8b4c38df93939eb3b1db80ddd1cdd6558a9f2687a3", - "sha3_256_hash_of_secret_key": "8a9edd6278707108652f3a5bc244592cb7a82c24634583ed2d3eb6a176b216b8", + "sha3_256_hash_of_public_key": "1bb014bb0d6489c14f5411051f9667aabce54da7a8deb73b627e3873d9390a35", + "sha3_256_hash_of_secret_key": "b890e330079934f2aac63e5f8d236054fabc8d6a6e057672a7a20150ae08a9a0", "encapsulation_seed": "0b4c3cffb2ba4380ead13dc0d8acad2356b448a810da1df29f264c44aab6d24f", - "sha3_256_hash_of_ciphertext": "a00c37bd326205575fcbbc100ed54630aa0f2d6dd9e69807d49151ac9a81c429", - "shared_secret": "34169fc520e944f94ff1fa3799db802a4c1b26cb2971bf196259a937ab8362ca" + "sha3_256_hash_of_ciphertext": "79018c9e998deaec058d73d702b669e10c89dd8285f431aa6e422a948a39cce2", + "shared_secret": "b3363e6e6dba3e41ac2c63895c461765bc8a0250880d3dd6e8a4479a7fd3921c" }, { "key_generation_seed": "6084a235f79dd093ef6d185b54e69df33dacee73a9bf2f379004421a10e3a79d9f684fb055ece19459eb464e91e126a7a6e3ed11ccee0046da234d964c985110", - "sha3_256_hash_of_public_key": "12e89c47142418c26396ef0174c02f69dc00022d56494d31af935490edee6385", - "sha3_256_hash_of_secret_key": "bc13b19f01d4cab36dac2154e0fd8fb7d2fa012596363942847f1b0bb3715f90", + "sha3_256_hash_of_public_key": "c9a546b5c0a567855039f6c1bca60414684e7bd1f8eeb7913f3a1795ba4bad4c", + "sha3_256_hash_of_secret_key": "be5fc57b3efd80d7e82b23f62123814ce04e83ce5c998ba42e7bb978dc70469a", "encapsulation_seed": "1c82471dcdfca3a6942061ab4f3d5bf0d197321437c706d9cccccce449447002", - "sha3_256_hash_of_ciphertext": "aed1a4ee810b81cb8ee49ee00e94ff4553f0ad2176fe4d27a09f4e68157fcc3b", - "shared_secret": "b5901e97eb656a09d2dd132528148ad07a0a89f638717eb53516a9ad19aa36bf" + "sha3_256_hash_of_ciphertext": "6c1b69d56c493f6f313d3c996336b8f84b76fac2d5ab5a3d795613b27eb10912", + "shared_secret": "8e648593c8f6f6f7a97ce7a2d151ada30fbbc7f3c4fc517d8cbadd71e6a17476" }, { "key_generation_seed": "acd1c0217fad5caa4235544dd9de153ab1880ccf4c76f16f236fae4e4bfda04cf03a8abb0a5010f400ae5722a75bdf5a2f6d5b546b34d73857cb1bfc7e587aa7", - "sha3_256_hash_of_public_key": "2fac52ca60594e514333ead02cb1bfa5cd1d9ecda4a0b25ccdfc47ad3f632a85", - "sha3_256_hash_of_secret_key": "2743b7a9dd83a6b9bb5c2685f28b5629b2e31132ac64788a0929557d3449dfc0", + "sha3_256_hash_of_public_key": "8f7bfdde2a7116ff4010cf829cbb18512f7cf44237c02241a1f75fe3ba8d22bf", + "sha3_256_hash_of_secret_key": "3f53a0acb384db89ca83d031bf210b072860adcaceecd79c36b4669407c1c227", "encapsulation_seed": "46fe60a18124125ab93e0c578f1c02f1bd1301595013001c7f3c2fa56cde294e", - "sha3_256_hash_of_ciphertext": "7a039d19c45cc557036189cbbc63445b3504a689db56845ece99d593f165c6af", - "shared_secret": "df5117706beedfb521f0f021069fe9650d0844194339033de6997dced05268c8" + "sha3_256_hash_of_ciphertext": "cc25f35631396f01cc366e019a7f15034cb2341d6c00924b538d25a227ed181b", + "shared_secret": "bcdd6f0d744d2a35147323a4a0451fbfb7d60d73c161c1f8c6a2b5e9f4239c65" }, { "key_generation_seed": "241191401a63afa750f05662e354dddbc683c776ce3222beb83e3cf913d7ed7ca59b3bd23b49a95bc1fad20070fec930b6060bd827d742b077092e422268e15d", - "sha3_256_hash_of_public_key": "3eb856043b822df9d60b55fccb537afa3cacca9ef50433bde1dd9831e534d192", - "sha3_256_hash_of_secret_key": "398ae3423ba5c6bb05920e83e8939a104c3e4ad91647edc7db1667efe438cbfa", + "sha3_256_hash_of_public_key": "27b1b921723cedf55fe756ff5fb67d555296c6185d171ed8ba01393d1a735018", + "sha3_256_hash_of_secret_key": "40db89fcd941566546d554db0342237611e5ef6fdf8c790f03357091af0648ee", "encapsulation_seed": "52fb7cb6a633fd2e83f2892bd9441b48fe59ecee6d026f5246fa7f2a5e55ee3b", - "sha3_256_hash_of_ciphertext": "05c9617befed785811fcc44d0fce5ae3a1ec66c4d1217ab42e4b754d0ef6207e", - "shared_secret": "eed6ecb831c881508f99ea115745448a7b312a4fa97f65044ebcede172dee2fa" + "sha3_256_hash_of_ciphertext": "c5b4844dd10ecf508ea6ed2d96d2328d3f14df6a2a16093bf88ca1283e30f41f", + "shared_secret": "072551e254959ce9f2c67657b41122d8a98cde044bb2f60955bdc6e5dbe55277" }, { "key_generation_seed": "b9a6b0c05677e957d41a34ba03bd06f2a9092e31f63389397d7e70fde6409d18e99c0e7b82be89bc3c1eaee6680aa4efd394e40c2b3f30523c8117f7c26a8969", - "sha3_256_hash_of_public_key": "306aed2a804a1c9bad4ab9e59f6126ad7c8633cdd0c2dd9d4c6f639d312ed47b", - "sha3_256_hash_of_secret_key": "88b28cf6fe19424ff82fc2bb096423b71f0cb8cf985af31bc15ceb4ed18a5e62", + "sha3_256_hash_of_public_key": "32a2a1197d78798bbeb13ce2e92cd7ed94b410adc37b1b31dc060af11fec8a8b", + "sha3_256_hash_of_secret_key": "602bedde695713681a96c94a9a6d35308102ae18d3f3beb92a981e4a3b7704f3", "encapsulation_seed": "0f81a5f97082121244403da3feeb734f6084b314b8d94beb11627aa6ad1914e9", - "sha3_256_hash_of_ciphertext": "315ef84926802ecbbb437f8f50927d3a391b55ee6e47dbd19aa9adeebb808008", - "shared_secret": "d6cb77dc96f9ae4bf8b2fc0e277935b3b7b7a59f749ff2c08ad42659dbce386b" + "sha3_256_hash_of_ciphertext": "e4631748f7cba566889ca2c5d90c47bba17000a0d934c4242a9a3d6dfac039e8", + "shared_secret": "88c0c1e22b68cd65e1eedd6d6208c36492fb674e26ba4e0d4e55f831a1affc96" }, { "key_generation_seed": "28a96c71577ba00c94f99fe965bc595a26db2b3ca6ab5cf8e443cdd8462b17929c35d165453e5fcdc6f9df64526d9de698f2bd3e6bac6c7fdd86601b9ba5f4a5", - "sha3_256_hash_of_public_key": "9bb3963cc1c5cf2b2d1c6ca76226328ab765a79999ccc71fe98d5bf3b34f51b1", - "sha3_256_hash_of_secret_key": "d8c2492023fb1175a84c19b3ce20f03dd12b1c26b65176d5582c319124bc0e24", + "sha3_256_hash_of_public_key": "7cc3f47f319f88da508f841e536a056625f206fe499387d27307257682237f96", + "sha3_256_hash_of_secret_key": "064bf50ddc823a97adfc93d52ecbff03a0fd5d94ab38874a5abaedbdaba67309", "encapsulation_seed": "31af9345365549ea0360169ed57daf98cc5444799d4c75d9f1f5d615e9df8a91", - "sha3_256_hash_of_ciphertext": "ae36e333ece7ca60c9bc2c4ddd01ca88443fd73bab08502656873b703af8925d", - "shared_secret": "1592f1413331f1871b41ff298bfa669bca667241790370d81163c9050b8ac365" + "sha3_256_hash_of_ciphertext": "b34a0a91afbc9599ae00e67ba4ebf0d8308b3e06efcfa148aed519b0f073ddc8", + "shared_secret": "56f717e4baddc2250873d667f73a442b05ca2f8714d4dc4d295f899217c92c9e" }, { "key_generation_seed": "c08ba2ef8c3a0a043afad931652d7a19e6e8cb670f840de5f1fa03309b2ca9ec5fe6141a25f7ab9f875f79e0a82d6ea5cde5a017ab637d5fdb7c42646a1d71df", - "sha3_256_hash_of_public_key": "6d029bb2121c788b5b6ead7226df664490dae362c4befb615717d81c656b3273", - "sha3_256_hash_of_secret_key": "0f2c7bd16d9289c3c27136df0cb6ebc624e80144cb92e6f0c897f58a53617ac3", + "sha3_256_hash_of_public_key": "beaeb6ff178f3228defdd117e6ba75a34abb70e86f31fdb16d74d91e6c1b47a7", + "sha3_256_hash_of_secret_key": "9cf056be85f240e1ae5b73656c07bfe83ba8ec7212973bac19cffbb80dae7249", "encapsulation_seed": "774ae54093d694ef40b63b62c73e6c98295f606feb8699807eda1d030ffb996d", - "sha3_256_hash_of_ciphertext": "f8a85f106c6144edf1c7906ec26e292f0390aa9d45a22e67ba2ea018ff565c4d", - "shared_secret": "966f35c6bc47b4525d9af1ba350e8f44ea448cd1d90cf4e9c55ae5878920b7cd" + "sha3_256_hash_of_ciphertext": "89243e04aa17615c309cae73fbfe985e0716c7fe3b8283b5e84c3caa67b5ad3f", + "shared_secret": "35f5517999e15ed842904d53d5b4747639d1165014ab77474c0dbc310e586186" }, { "key_generation_seed": "0e3b30e102d707538c2671060f603bb0b8a014103f132d63b09ece07e4a4c75b11eafeca9e810796c34e8cfce9d59342884456007b01ddd12edce6d10ed87e4c", - "sha3_256_hash_of_public_key": "64c819d9bf66855f6ae70627f04da8378547e5867e2eb9759fe0971efd601c4a", - "sha3_256_hash_of_secret_key": "e85b62236d5c6c691a9076dc58bd5da80999eccc8df973c7d0e7e65d8465ea7d", + "sha3_256_hash_of_public_key": "b2b71b8aaccf14842a6d4ecb713612f801a5044147fb9e6987ad3863759de31e", + "sha3_256_hash_of_secret_key": "01158ea58361ef89d935c9f845711c7f581322afddaf14e255f71c1dcc9c0024", "encapsulation_seed": "9f27a47604ab5146caaf0aafe6d149424f8d66e39ba3baf5e6c73b19221b7e21", - "sha3_256_hash_of_ciphertext": "e9149359cc37143b0b565bd413a04f41a7833c5b76012a9263a086ac34071684", - "shared_secret": "aa333af0226492126c6985130ac7df2226a64d6d5c5314ce3f7a99add6696d49" + "sha3_256_hash_of_ciphertext": "ddf853fbd339780b3f571de2aefb30f760454f2cc1f0fca009bc829afb1f3f7d", + "shared_secret": "a7159981a68244549b96b27991e1323013c353bdd9c8d6f583897c35923e87a8" }, { "key_generation_seed": "2478f7d3de6041e7e5cd11c5e2ef483d1aa6218eb126444091535f6ae532fa7311136e2681df2ef881b51a092a9badbe72c9772c169808521c47149578621e28", - "sha3_256_hash_of_public_key": "db315cafbaec2f8a0142f45affff65289e826c9244ab1cb03f9f65df3e3cbcf7", - "sha3_256_hash_of_secret_key": "be98d62e4724c0d960ad4839298d4571f9871033b63bdf10d3b0e589db376ffa", + "sha3_256_hash_of_public_key": "a13cb3f23ccbd9ca6a75823d1ba14ef03664560f397133935103ded2d7480b99", + "sha3_256_hash_of_secret_key": "710b3a8c8d49ee38390cd2776c42ad74a520c8d6ebd39b514f6fbf28c6c74b45", "encapsulation_seed": "90044031b7597b5e60a4f946b713e8996d0426d2cb013243d9b7d8f8ef159a0f", - "sha3_256_hash_of_ciphertext": "9f9368ba712cfee95f28a808cb2c23116a0c8da3910c0def2ef4e55947d7101b", - "shared_secret": "9535303e6035e30c6605c9e0f10c553dcd73828d8525cb190fea79937e093331" + "sha3_256_hash_of_ciphertext": "f5c4738d0ac3b25048186a2049668247c04033cb363e9d23b5d1518f8fa7e70f", + "shared_secret": "c4041a29c5b744e9039bf5155cb3ac0b799356829557a7aa3feb4b3585e6cf62" }, { "key_generation_seed": "9d405d3ebdaf35fa8722de431b669722acaaea2fd10b814310b17f78b66147d16ceb14f7662be0c42779459f69a145c0e2ce9f0bd9a0cd1bf32ed5694cc9ae32", - "sha3_256_hash_of_public_key": "c8d853e65b5b118e28b7cb6f0d5d6f282e0ea20fd72f3690a6b232b20a8a55ec", - "sha3_256_hash_of_secret_key": "7a5e854bad628be7b99f524f52a97b0959c0ee67a7a10ad24b970e6e3aeeeb80", + "sha3_256_hash_of_public_key": "68302cc5af214ceda67ff8161b29bc300c4be8e1a4139437aead8a9ede3cd4ca", + "sha3_256_hash_of_secret_key": "5d6904a6478f0632ec56477321a6d6ec5ccdf299bed0b6ee9f4b32c6b5effec3", "encapsulation_seed": "a7a31e140891ea37d2b6424b59b1f84f89220f32dcb73e037eb912b389d34a48", - "sha3_256_hash_of_ciphertext": "31b04a4127558df57844413928b29b11547de5afc088d568a962fe080c97f190", - "shared_secret": "0caa79e0054182c15e54159fbe36d9fb09481331a560ccd9714fff81db5615c4" + "sha3_256_hash_of_ciphertext": "b4ddaeac7b4080e5e9bccdd2cbec4395a1393e61e038bedae9542db78769b923", + "shared_secret": "b8441852349193321f466ccbd3afa48bafe903288108312de26e9bf0de9f680c" }, { "key_generation_seed": "9a86490f0615f3edf789cb0654066e9ee339cc59f968281f3b89213f83c692edfaeb2ef44d2f608621e831187ce79b2d2f4a20f1568bbe76b0d3d5af36111714", - "sha3_256_hash_of_public_key": "f69bd52cb1d071f1cc7720f949d44f66f40c917eb30f3a4b0eb519ecad2d03dc", - "sha3_256_hash_of_secret_key": "b6ef04e6acbcd1bb072d1cd28412cdb00ee40d04ce5b39442a2efd6756292167", + "sha3_256_hash_of_public_key": "149ca4d94813f81c792060502e09a88ea694c5de863ce6a50516cacb1c3f44bc", + "sha3_256_hash_of_secret_key": "8e69c68f8a7a0ad82b033a0bdc94d253d3e7e8516d67e86bb95d219a1090529c", "encapsulation_seed": "70eb3f791faa91f1f982fa477dbcddeb2c55691c07f93b04cd31b37544c94b42", - "sha3_256_hash_of_ciphertext": "d8fac8ffc3d8dfebe66c219f4189b780d5ba8fe28d5ab79264345639740913b0", - "shared_secret": "744ce1aa5a9c515c6571ad6e2f5985df8434e35e9f714cf3659f184b5db4086f" + "sha3_256_hash_of_ciphertext": "5fbbb17b2c8ecbb8c74f2cf6259404cb9e0cadd393174e49e88298c6b7a34a22", + "shared_secret": "9d0d9ba501da1b46775258f5c0904721906b237c3461da6c31d70da8575fac37" }, { "key_generation_seed": "6dfd9b575872560c7bdc2732c4a28dac4db04e535eb8e402c3dffd145c09ce47a2985c1c4d203778597947d710dec806e36b0cd949fe460ef141213bfc525e5b", - "sha3_256_hash_of_public_key": "10e01965f9c196d2f5f90ce3ce8f552f8a0d76ba8f5345365392febc50560012", - "sha3_256_hash_of_secret_key": "2b5c6d5fe9b09ab5a027522e699401223ae9d304ac912f1b15f0f647dd9a0a7f", + "sha3_256_hash_of_public_key": "e5c52e639e5acd0fb97c7eb44df56df5250c6de7d171c467ce6887eaa4ee3d61", + "sha3_256_hash_of_secret_key": "6b452ca57379b09ea36746b5b55be3b73df4faf809d7899c5368a51eb4b18cab", "encapsulation_seed": "30f4095015ba88b6d969672ca3f438c395dacf7d476ea7a9e805ce932d270a13", - "sha3_256_hash_of_ciphertext": "e8b01628c7d63f16c59e67352399a760581f341ed41535013490502e884733be", - "shared_secret": "726f7d790df4c860a0b2c40de9d62c85d0ff70c704ce5a1b3f6bf1b3e3f66cd8" + "sha3_256_hash_of_ciphertext": "9ec7acd421fd05aeb4440720890cb1ebfba0f0ba3d9b57268b583ea10720a32d", + "shared_secret": "188aa07faa2b7a19b6b7bfbd4cbb1ad829a7415d601fdc3b635528db136cac52" }, { "key_generation_seed": "6fca9f4e384d8418075cc064c70730801bdb8249899d456a77130d5beeb3662cce7683f8a03d3cf04e46970ff7d6a12494ae12558346dfc8fd9370bf944a0102", - "sha3_256_hash_of_public_key": "7c3991fa7983d0dd6e7157cfb152538466e9d5c3998a2b8ed862162b91ca851c", - "sha3_256_hash_of_secret_key": "72e786018ae9ab8293fa51cb7ca3ff0435e7cccbd5ae02b4680b92c148590265", + "sha3_256_hash_of_public_key": "9a350302631bd506be010a3f42112ae4ea731d515d80c3a21fcce60cc4d945ab", + "sha3_256_hash_of_secret_key": "985f528fdd675f3efdbe95a03e071f28e2dd16b425c51651a1e645f6b87eb25e", "encapsulation_seed": "cf31220f44de862e1719570e1b26e897790159366a385452334fe24cdcae28ba", - "sha3_256_hash_of_ciphertext": "5b2e8a3e38c13b53393c8654e92eeb6251ddbe50de4b3c5203a06977491f2fbc", - "shared_secret": "68f3e22d1b2d8c57bff32160e550becfce535fdcb327394aabeb60eede263213" + "sha3_256_hash_of_ciphertext": "df8cc2e78b5df8a43e7ae87566452a5df656f13f93a22566116a84c30b786f8c", + "shared_secret": "70df7eeecb6ad19b54498071e0840f4957e935a62feba82fe29531f79c2c1651" }, { "key_generation_seed": "e58f71bf175c0550a67e00e0f7b3b7fc36bc2707bf0c93044a492626de36301a7f7054814869cf7625e45647bc1547aff288dbb90699b2ad84893f3b755d9722", - "sha3_256_hash_of_public_key": "8aacd8940ff6fc27f175342be74d48075f8ae9320cae20a41c879c27c1bf815d", - "sha3_256_hash_of_secret_key": "f7399dbf35fcc57a9bff87b0087755faa75267788cd0921b9ebc5cde8b656271", + "sha3_256_hash_of_public_key": "866573e536b4017c02e31c8ed7455c841a5ccdb795fc200acaf1da2fb936bb59", + "sha3_256_hash_of_secret_key": "e8a4ede82799c3a425b82912df460d5d1e78757b4a917177489839abb92029f2", "encapsulation_seed": "bb5e65669a44e5d5c709bafa98c16ccba6ac2c4ae923334f69a11543eda64f5d", - "sha3_256_hash_of_ciphertext": "aac868f2299bcd272afacf50f1ab0db3d092d33565cffb5645d8b92271e7e893", - "shared_secret": "7f6085840a30c6b1fb9dca782e0c78a2264d54726c04c3127956f131165426c8" + "sha3_256_hash_of_ciphertext": "99d967e7c92a7d7e2ed54b1339472d8780e0a7671aa9afb8fa2f19cf96353821", + "shared_secret": "8baaf439867c9761e78a64652a383e21682969d18f84dbae0d3a63095948863d" }, { "key_generation_seed": "e3fc575ed51513e62aba655d24cd9c8f1c6c848aaffa946c49a53ac3ea59e474d82c2f1bf2e6aebde5660fa73356982e12999d8fdafbb3cb186341d0386dead0", - "sha3_256_hash_of_public_key": "149e0b6b49fe8adba1217c2c57c83f2b8c5f1d92f319e502b184a65869214f75", - "sha3_256_hash_of_secret_key": "6dfa4d29af6a0e8413d5591339c15d2e2cfac3f502f49acca3efb53b53624666", + "sha3_256_hash_of_public_key": "b33387825115cba8b0ae7da0d1aada1ce4ab05bc2479b360b6c56dfa870ca825", + "sha3_256_hash_of_secret_key": "7c35640775e31eaba8a119a8e89e1e2180177a55e54391c3fa6675829d721b01", "encapsulation_seed": "9ddb3aa9c7905d1a438c93bcf78e3e321813580371ab4e1289e2dbf3701972c2", - "sha3_256_hash_of_ciphertext": "ced7a64ce643faebac8ffd39c6a4594732b35f1d6899978ba192b87003d3ad27", - "shared_secret": "96e30641ea4280168da37291a3063342ced8e77b33b5415819938c0bd7264ffc" + "sha3_256_hash_of_ciphertext": "d42759ad66725175d4d8d3cb6519e9074d6c13d4d183863f1695f0e3b831a10a", + "shared_secret": "60b466221ec831f91a91b76ec6bbc29726f65ebcacc96f9e191f57a1399be186" }, { "key_generation_seed": "470b4943f0fe7fd0d8ec5185aba0d1db09d112934e4fb4787e2bbc6b88466e7b8b2809fd40008be70a6b184981101724bc3d5ec5e1956b510b82fd5ad0668a5a", - "sha3_256_hash_of_public_key": "29b1bff7f12eda28dfedfbf0ac16e27008c9fdc62c35e53b28a312bdc91c40bf", - "sha3_256_hash_of_secret_key": "762a61eb847c017ece920f51d5da7a9036ed8b835bfd7793527321ec635e2fd0", + "sha3_256_hash_of_public_key": "720fd4f96ab2cac1be382907e8cba0702018ca27b28ea8f93cc19c4809885a3b", + "sha3_256_hash_of_secret_key": "c1ec32b739485e2437a6b4dbed289f0cb7dea0ed3b2add99d4c49a3eeda1b0fe", "encapsulation_seed": "26d90b190a6c3d0d9a86cf66005154e7086749e966e7187c249ccb9329fd3b8b", - "sha3_256_hash_of_ciphertext": "bf49310a35f9ba7994645f12949e658b0dd43d3de76386dc20d08c650522f86c", - "shared_secret": "47e54c85cc0e2503629a8bfdcfe038c3cf692d723d462bab733c7c8e0aa37b02" + "sha3_256_hash_of_ciphertext": "5fae7a10471d5303e5f6ee5d1e34013528af4945de811ffa1828648986607299", + "shared_secret": "6a302778f406082fa285c5ee299d78b048e837c5012f42f9a80e8659b10defda" }, { "key_generation_seed": "6df4385db978d27b27d2aa5e452e4152b36f097503d9581ac3390105c5727e7dc95fa08ed106ce84660e8a4c90bd2b22634e40769aa0090a101c5dddad45edc5", - "sha3_256_hash_of_public_key": "b990059e901097d00e0ebaf40c5d5dab009c66798489d357e760478ce884cce5", - "sha3_256_hash_of_secret_key": "37a044795bd330e4dc60a6d84bc6e99664d1be418b0239661d2ff16d1501573f", + "sha3_256_hash_of_public_key": "bfa4b55c7baf2651415d3f28d221b291b175340a07843b299a46e02e22657634", + "sha3_256_hash_of_secret_key": "605c4a98f3775c9678804fd5795946c1657311d123b5c7d1544192a205c043d3", "encapsulation_seed": "7db6d1a129d6123f1f805b79ad3b413012ea86aed42a05e98e7b1f32f9fbbdec", - "sha3_256_hash_of_ciphertext": "329115908d0763110a387c99778e4746861e80367ee90fd821cda9acdb93fd64", - "shared_secret": "8569bd042465a2c4af628425cb102b15ed4f5feee16090e2234f3a884a0fa938" + "sha3_256_hash_of_ciphertext": "39e07846b4ca91147a0b680f5411c75db937a6855f08939f746ea3d5f9a11d51", + "shared_secret": "88a46d35cf07e48c6528b95016aa0c414344e090ee897fd80f26b67bc0451c7f" }, { "key_generation_seed": "dbacba825728444921b227cdba54446b3f6881b47be9cd02832f78b023b1bee0e15274a8e2bc08fe818b117ba28c5dfae74d54fcdf6f20052f79be333edc8dde", - "sha3_256_hash_of_public_key": "175eb63c3144108548720ce7ee0f43a9ff3f52a9924efe9f2f59318bb93c86b5", - "sha3_256_hash_of_secret_key": "1993d7639b79f5e4871a7c58a69fec50f96c1424c2c0ee030ac054ae1b88a56f", + "sha3_256_hash_of_public_key": "9675fc6d1e3cc4e0eb62d31b6b4f10022d373d2718f3d20ee1cc00ef6892d9a0", + "sha3_256_hash_of_secret_key": "c463b8ab9069814e5308cf9742c6ab6e08c355fa34c0d2e65df1962589eba56e", "encapsulation_seed": "1d129b27be7384c359d04311fe5c44917d1fde4bfb57314f483ac617edd5ac49", - "sha3_256_hash_of_ciphertext": "8f4225838f2964a986336bacddc40836a98c32cca68c6afcbcf9ef68d9a3760b", - "shared_secret": "c184e0b019c2db772e2c1ca6f97f47478d99cf0c4c5ae1406f51d15815022123" + "sha3_256_hash_of_ciphertext": "5c7ef87c49f71d3098fe3d33b22bc8191f440bcdf1d04a46f293c5e6b16af12f", + "shared_secret": "f3c5586476f4814a2d3728a6f0ceed7d19d076b790d3675e48611c4b8df9702e" }, { "key_generation_seed": "690eb71fd7052b906eaec09937a8ed374e0b02afa27c2f14399932be5839fad281c38c2cb5cfafac81b96a810ab749b61806b6d54c9f8cf4bf1be0192423288f", - "sha3_256_hash_of_public_key": "9bc32a138a2fb5b6072464172abe0fd97e9eabf357c3fa5391d94a415b53abd3", - "sha3_256_hash_of_secret_key": "3db4ab1393cfc8b1c708cf8efdb1c443c975878898b60182c22af66375cba13a", + "sha3_256_hash_of_public_key": "9d162fce2f019205a2106acc8e3e3465b6fa3912a06c764e625cbe3b95dea6c8", + "sha3_256_hash_of_secret_key": "eeb3bd9d8636b55722f42b3342e415b23df96d1c9b2c5b9c1c2a3e619348ba6f", "encapsulation_seed": "bbc773ebd2df42c36ae05952d6a64c63a5dfb82ceb3ef4f8d4df3a30ec8c0467", - "sha3_256_hash_of_ciphertext": "f1c85f9530d4471eb1401fcf422a29533738c485a6be25f0b554ebf40b49d49d", - "shared_secret": "6d72e23c8a4cc60b2f14adc788a5c480033bbf6eb111070912bc83ad7b89280b" + "sha3_256_hash_of_ciphertext": "d482f25e93fd142aa009f2f2569427ebcf04b87aca2bef5e022bcbc1e5972ed1", + "shared_secret": "a828fc1446ff04a950e4f551e442aeba279f44de0ec5296fd981bcbe6ee90d8e" }, { "key_generation_seed": "32e0ea9089fa928482c0770da545af1bb871a03ce38604138b0d08ea2a10ca2bc06c5bef7b6508409daf847a64c8d30d0974fd3ba7476dc76c46b458a036d884", - "sha3_256_hash_of_public_key": "7ef43a72ef04766f1e899d25c9a005009c788b5faf985123cfb3fb97975de26d", - "sha3_256_hash_of_secret_key": "77431cb18010a604d56fe5a623bed2ffd028a741f176fa09546e9a45a48caa5e", + "sha3_256_hash_of_public_key": "3e834e34f198ab5a3504cfa0c6af6ab78de3a3ef5667e6065e084cf5d2a5bb32", + "sha3_256_hash_of_secret_key": "d74767e217cfaaf75adc92927107c76d7267b1d7b3b76f2f8ae5a9044aa290f2", "encapsulation_seed": "5b17a6adad541efcbf5ae4b0c0452cd2ce32e4f0f8701801c5b63e197c1fcbf4", - "sha3_256_hash_of_ciphertext": "83ddab2e25614544649a1e497b5b21c40a3e154e8a22c270f63cb0c40aa868fd", - "shared_secret": "29e6b1edac0a9aa33066c113167e42c64d70215ed04963d8be2d4c2dcd0f6589" + "sha3_256_hash_of_ciphertext": "3a41b6054d918e9613e8d4eab83628f7c82b6ef447ecdacd0a74cc21be6b47aa", + "shared_secret": "d98b18f7b6717b8f6b3e331d6d8f9d3633eb70f54133a78e2345138420edf89d" }, { "key_generation_seed": "6fb2ec719f2a0dea152bf3f64b9d148f8ab8ba88f64e61f5db53e12d59f525574f797c007e4061f95c7d56cfc7ee5c49e849dde3fea8f25e7876df2a18515c34", - "sha3_256_hash_of_public_key": "2c0db43f39b672b2cd912f907cf76a0f6fda925eb2d205546431be0b37b20411", - "sha3_256_hash_of_secret_key": "09844e203f4d8fa30728ab388b9d654847febbf5c9cd939cdc11c9c9be24ce9c", + "sha3_256_hash_of_public_key": "c5e157ff4357d3c26b7c4b45315f0689f135c85d952a64648b0a8cec03741fe0", + "sha3_256_hash_of_secret_key": "edc6b8e2036f9ce7ef87dc58d4866ad9f320ffab1aa22371b7b56ec727f77531", "encapsulation_seed": "61ab87659525de9656af41246f20e1dbe85c24e335e7ecf9493f46168bc14e94", - "sha3_256_hash_of_ciphertext": "a2108ea2c446b566a50c228928893e2e4bde5fafb2184af92eb1314113bde0d6", - "shared_secret": "cfd1b82181543656807880f6e2576f0b095bf84629b3367e9bdede24662ee42e" + "sha3_256_hash_of_ciphertext": "7324a073d06af373494ecfc7960cfb81484e9ae64bc16e13651b015cdfb73668", + "shared_secret": "b7d5919f0bab0e2715a97cab993656831bc8a3dc86c3bd32e64ccb4762f70499" }, { "key_generation_seed": "527fb88c8bd9a4d6031dad15e63878abd2b559e7e08d61f69e8e78fca964ee6ae32d432b4f9f751bde0496c580a181ffed762aa35454a02d3f1f47ee0394c89c", - "sha3_256_hash_of_public_key": "aae8e61b905723fa092fb95b839f6de3670c39ce0498c27b87d20c24e7f64e22", - "sha3_256_hash_of_secret_key": "3880f7ca8fc33575a7a6d8bb46fec86a3f12e0068630507ed245d8bc278fbe5d", + "sha3_256_hash_of_public_key": "f5cedd022077b1a6a052f5287219393cd2e0366d0f5531b2f7ea8704d2900ce5", + "sha3_256_hash_of_secret_key": "882916ad7b7707feae2885f13bdf19d36931886c4bfd188fd46b6b6adeeb8d78", "encapsulation_seed": "eca2adc3da1fb15f34033405ec08ef2f46163df4bfcccf8842c600ce0bc2026c", - "sha3_256_hash_of_ciphertext": "ec48b3ec403609a0ce2d1268cadda8184ab9629cc5913135ffdecd420eed1aa9", - "shared_secret": "f7331b0a4674969838482b7184fa92e5246f11f5b5e284c3e179effff7eb6329" + "sha3_256_hash_of_ciphertext": "84e4fab74ef96f7b3ec50d7afdf69445b4326fe3ad695efcbf56426c0a6df6c8", + "shared_secret": "149e4e38a07d18c0b08edf9c47e425b56f7da87b2b9c855bedd29f6f0a8fe5fa" }, { "key_generation_seed": "ac6fcfaeeef795b6ef9e062f02bf42975fa01e7d91ba832f74e05269a72684d05aeda108ea4d6c6bc0fb958286850422bc357ca67b83c986048e0d0087fa11ec", - "sha3_256_hash_of_public_key": "64e085f67e48f00a7a7f82963e8c67176bff839a54fa1008328c0612f98d83d3", - "sha3_256_hash_of_secret_key": "0bfbc25d9df751f4c30907095eb6d9a75ed07fa23218ad0fffc469f0e55553c2", + "sha3_256_hash_of_public_key": "a53a20ea03e400a843c8cf4d04bfe0c0a3ce63dde01045e2669f7ae5da790577", + "sha3_256_hash_of_secret_key": "9d1e4432908352535074efbfa7cde3e6738e073fd512e04e9601380fb40b7614", "encapsulation_seed": "c4f15bec2d7701339d0ade4835193bea3632edcf89e74992620d9eb623a0d0d4", - "sha3_256_hash_of_ciphertext": "fb74b727ad120c18915dca475f3082cd34ded7ae20a308106384ffb5caa029d3", - "shared_secret": "c89d62938a5caabfd5b30d82ea88aced52ef5f8ec0528e59a654e1f6aff1cc2f" + "sha3_256_hash_of_ciphertext": "071204e26ed00e7a1f226d4e971cfb2d9502e17da99f5479235763cb7723ac5d", + "shared_secret": "38a1fcaf302905e18940605e49e5f44c747b06e789acc9c395211823598ef516" }, { "key_generation_seed": "ba2fb9318d4dbe7488057c33e95e6f054583a2800c41bb83083c330a914a12cfe63f8ffda3565c2424c89b20974b748a65a5aba75133fcb3156dfb6626a83bab", - "sha3_256_hash_of_public_key": "8dab879de09b58d0fc7ade140393ffb5343abbddabdc118fad519b14436a964c", - "sha3_256_hash_of_secret_key": "7c53072fd98ea7bd8c5e873688b1a5650fe7e11c791407ac8c118b7958cf414b", + "sha3_256_hash_of_public_key": "cacca228846450ebb8f04a2a5ef2d919dfa47c4aa265f4cedd10cf74eef3ecc1", + "sha3_256_hash_of_secret_key": "a01db77c5983b2472e616dfc04666a2112924dda5ffbf00a989cf1a48578898b", "encapsulation_seed": "28878249e2ac2b6263422993923a0c8bd05ce56e385ed13c943b03d226856947", - "sha3_256_hash_of_ciphertext": "a1f1579c4ce8eb725e697623321b3d9f55f4b1d0def10b898535ef6614e9923e", - "shared_secret": "204d9272682710b52fb39b1176af3ff737848978770310df0c67996f6cb596c3" + "sha3_256_hash_of_ciphertext": "dd0b438cb7dcda28762d06e61f1765baef8003d0d86ff48cd4f9788cae8e8618", + "shared_secret": "403543b0f8e519ba4ab878c40ab5aed412ea06bfeb2b864baa5ef4b81a42c454" }, { "key_generation_seed": "aa6dd1e5799cdf7af9c4fc632b3eb9d51d66e85c8e0a21ec98664fc51ab63c7dfda268813efab5204efa60f78bf81d320d01ac09ac06244f7afbd2d80fd356d9", - "sha3_256_hash_of_public_key": "919a696301240cd6129f66be58e19d99b0d827d9932785cd9ea3d92f7ba54463", - "sha3_256_hash_of_secret_key": "cb1d7301f15951883cc3f287d4dd8fdf5c9b7022f558dff551c2ade5f5065755", + "sha3_256_hash_of_public_key": "4126f5151d1b086e26a88bd9f20710ef06aa0f834722b801f6b79c031f1f9213", + "sha3_256_hash_of_secret_key": "9a6c24b5ae556241f3e6b07a7576971173ecfe474be9c6b09fd12ddef8b5f75e", "encapsulation_seed": "17fc65f7fbd7c75ceec421dee84dff5a8cb22764a182db17e0ebe857f54d60eb", - "sha3_256_hash_of_ciphertext": "f02654803493821dd9c2ed23f9e46a36addd5fca0da706bbeeda87a2df9fec4f", - "shared_secret": "76e5f7623e3e867fd12f28dfda4311f7cd90a405b73e994e857f693573fd2b8a" + "sha3_256_hash_of_ciphertext": "7c2b9cd82c349fdc534ac30eaa18bf83afd0736b17a4320963571c109451a5b6", + "shared_secret": "f7a280462f93b619888b5a72da3749556e53ef4f4440df728c8db1edcc86cea4" }, { "key_generation_seed": "195d6c86a3df4c21e3007d7f2768b43c74cb3060e0eca77f0a5d3271542b9a84ae77e0f9f21eabd8c0c6eea7767f4e10fde5c2d79b8400bf96b19014b457ec21", - "sha3_256_hash_of_public_key": "cb6d7232426bdbdfdacd373c9190722e7bf342825f7d829185dcc9120588fc76", - "sha3_256_hash_of_secret_key": "a85e24cc2eafdfe40d82f46471112e1359628b9955f3feae9955b48d563ac952", + "sha3_256_hash_of_public_key": "b6f12914ed31f14f79c652eed4db478de7ebd263fe27052509fee10b50f2d053", + "sha3_256_hash_of_secret_key": "1a4de442c4c6db97bfa12227c4423237a869c93154e2c5ca49cacbd0ef730485", "encapsulation_seed": "fa0489f3730100609488e951e6aaa15c0f193bc1dbcfcd013bc418d6c507b176", - "sha3_256_hash_of_ciphertext": "17336b9ede3a1c26abe725828a5afbe746035a73dfd4a8fbde5040fbabeb2b8d", - "shared_secret": "874ac966970f29935db73c231e71a3559b2504e5446151b99c199276617b3824" + "sha3_256_hash_of_ciphertext": "41d75dd4690637576652071cb46987cc26321a07bb47a1cfb07f30d2153920c5", + "shared_secret": "fef3730b905431d14aa7aa7bb1d253cd912335c590b8d7de1e7aa4e0ff76be04" } -] +] \ No newline at end of file From cddeebe4f0d5144d28116740de7862135dc49a96 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 19 Aug 2024 16:51:04 +0200 Subject: [PATCH 073/172] Update C extraction --- libcrux-ml-kem/c/code_gen.txt | 4 +- libcrux-ml-kem/c/internal/libcrux_core.h | 40 +- .../c/internal/libcrux_mlkem_avx2.h | 67 +- .../c/internal/libcrux_mlkem_portable.h | 70 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 4 +- .../c/internal/libcrux_sha3_internal.h | 4 +- libcrux-ml-kem/c/libcrux_core.c | 40 +- libcrux-ml-kem/c/libcrux_core.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 865 ++++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 799 ++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 4 +- libcrux-ml-kem/c/libcrux_sha3.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 4 +- libcrux-ml-kem/cg.yaml | 4 +- libcrux-ml-kem/cg/code_gen.txt | 4 +- libcrux-ml-kem/cg/libcrux_core.h | 16 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 4 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 682 +++++++++----- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 607 ++++++++---- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 4 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 4 +- 43 files changed, 2079 insertions(+), 1495 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 65ad8e763..03eef7a95 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a -F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 +F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 +Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index bc7d92069..3a34dc3a4 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __internal_libcrux_core_H @@ -75,7 +75,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_8e1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_b01( uint8_t value[1568U]); /** @@ -91,7 +91,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_121( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_9c1( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -104,7 +104,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_db1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_0b1( uint8_t value[3168U]); /** @@ -116,7 +116,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_ec1( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_2d1( uint8_t value[1568U]); /** @@ -130,7 +130,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_6f1( +uint8_t *libcrux_ml_kem_types_as_slice_cb_331( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -142,7 +142,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_b41( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_fd1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -165,7 +165,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_8e0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_b00( uint8_t value[1184U]); /** @@ -181,7 +181,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_120( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_9c0( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -194,7 +194,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_db0( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_0b0( uint8_t value[2400U]); /** @@ -206,7 +206,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_ec0( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_2d0( uint8_t value[1088U]); /** @@ -220,7 +220,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_6f0( +uint8_t *libcrux_ml_kem_types_as_slice_cb_330( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -232,7 +232,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_b40( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_fd0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -255,7 +255,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_8e( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_b0( uint8_t value[800U]); /** @@ -271,7 +271,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_12( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_9c( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -284,7 +284,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_db( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_0b( uint8_t value[1632U]); /** @@ -319,7 +319,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_ec( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_2d( uint8_t value[768U]); /** @@ -333,7 +333,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_6f( +uint8_t *libcrux_ml_kem_types_as_slice_cb_33( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -367,7 +367,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_b4( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_fd( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 45a032565..3a131f0dd 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -32,7 +32,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_f91(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_a71(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -47,7 +47,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_271(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_911(uint8_t randomness[64U]); /** Packed API @@ -60,7 +60,8 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_271(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 @@ -70,7 +71,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_0d1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_501(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -90,14 +91,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_f21( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 @@ -113,7 +114,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_411( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e21( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -138,14 +139,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_591( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics - K= 3 - SECRET_KEY_SIZE= 2400 @@ -164,7 +165,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_6e1( +void libcrux_ml_kem_ind_cca_decapsulate_ff1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -176,7 +177,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_f90(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_a70(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -191,7 +192,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_270(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_910(uint8_t randomness[64U]); /** Packed API @@ -204,7 +205,8 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_270(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 4 - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 @@ -214,7 +216,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_0d0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_500(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -234,14 +236,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_f20( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 @@ -257,7 +259,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_410( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e20( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -282,14 +284,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_590( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics - K= 4 - SECRET_KEY_SIZE= 3168 @@ -308,7 +310,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_6e0( +void libcrux_ml_kem_ind_cca_decapsulate_ff0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -320,7 +322,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_f9(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_a7(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -335,7 +337,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_27(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_91(uint8_t randomness[64U]); /** Packed API @@ -348,7 +350,8 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_27(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 2 - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 @@ -357,7 +360,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0d( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_50( uint8_t randomness[64U]); /** @@ -378,14 +381,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_f2( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics - K= 2 - CIPHERTEXT_SIZE= 768 @@ -401,7 +404,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_41( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e2( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -426,14 +429,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_59( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics - K= 2 - SECRET_KEY_SIZE= 1632 @@ -452,7 +455,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_6e( +void libcrux_ml_kem_ind_cca_decapsulate_ff( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 8476cfc9b..5aaafd15a 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c21(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_6d1(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -53,7 +53,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c81(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_2c1(uint8_t randomness[64U]); /** Packed API @@ -66,8 +66,8 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c81(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 4 - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 @@ -77,7 +77,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f91(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_951(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -98,7 +98,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_de1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_511( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -106,7 +106,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_de1( A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], -libcrux_ml_kem_ind_cca_MlKem with const generics +libcrux_ml_kem_variant_MlKem with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 - PUBLIC_KEY_SIZE= 1568 @@ -121,7 +121,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_8f1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_511( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -147,7 +147,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_881( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -155,7 +155,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c1( A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], -libcrux_ml_kem_ind_cca_MlKem with const generics +libcrux_ml_kem_variant_MlKem with const generics - K= 4 - SECRET_KEY_SIZE= 3168 - CPA_SECRET_KEY_SIZE= 1536 @@ -173,7 +173,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_811( +void libcrux_ml_kem_ind_cca_decapsulate_461( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -185,7 +185,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c20(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_6d0(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -201,7 +201,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c80(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_2c0(uint8_t randomness[64U]); /** Packed API @@ -214,8 +214,8 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c80(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 2 - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 @@ -225,7 +225,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_f90(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_950(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -246,7 +246,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_de0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_510( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -254,7 +254,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_de0( A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], -libcrux_ml_kem_ind_cca_MlKem with const generics +libcrux_ml_kem_variant_MlKem with const generics - K= 2 - CIPHERTEXT_SIZE= 768 - PUBLIC_KEY_SIZE= 800 @@ -269,7 +269,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_8f0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_510( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -295,7 +295,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_880( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -303,7 +303,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c0( A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], -libcrux_ml_kem_ind_cca_MlKem with const generics +libcrux_ml_kem_variant_MlKem with const generics - K= 2 - SECRET_KEY_SIZE= 1632 - CPA_SECRET_KEY_SIZE= 768 @@ -321,7 +321,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_810( +void libcrux_ml_kem_ind_cca_decapsulate_460( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -333,7 +333,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c2(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_6d(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -349,7 +349,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c8(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_2c(uint8_t randomness[64U]); /** Packed API @@ -362,8 +362,8 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c8(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 @@ -373,7 +373,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f9(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_95(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -394,7 +394,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_de( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_51( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -402,7 +402,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_de( A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], -libcrux_ml_kem_ind_cca_MlKem with const generics +libcrux_ml_kem_variant_MlKem with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 - PUBLIC_KEY_SIZE= 1184 @@ -417,7 +417,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8f( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_51( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -443,7 +443,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_88( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -451,7 +451,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c( A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], -libcrux_ml_kem_ind_cca_MlKem with const generics +libcrux_ml_kem_variant_MlKem with const generics - K= 3 - SECRET_KEY_SIZE= 2400 - CPA_SECRET_KEY_SIZE= 1152 @@ -469,7 +469,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_81( +void libcrux_ml_kem_ind_cca_decapsulate_46( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 24e4c990b..f506619e4 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index b8e6978ec..18a83f604 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 86b12376b..b06a85db4 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #include "internal/libcrux_core.h" @@ -96,7 +96,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_8e1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_b01( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -119,7 +119,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_121( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_9c1( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -135,7 +135,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_db1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_0b1( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -154,7 +154,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_ec1( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_2d1( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -175,7 +175,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_6f1( +uint8_t *libcrux_ml_kem_types_as_slice_cb_331( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -189,7 +189,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_b41( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_fd1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -222,7 +222,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_8e0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_b00( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -245,7 +245,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_120( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_9c0( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -261,7 +261,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_db0( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_0b0( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -280,7 +280,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_ec0( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_2d0( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -301,7 +301,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_6f0( +uint8_t *libcrux_ml_kem_types_as_slice_cb_330( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -315,7 +315,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_b40( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_fd0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -348,7 +348,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_8e( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_b0( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -371,7 +371,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_12( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_9c( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -386,7 +386,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_db( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_0b( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -425,7 +425,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_ec( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_2d( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -446,7 +446,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_6f( +uint8_t *libcrux_ml_kem_types_as_slice_cb_33( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -498,7 +498,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_b4( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_fd( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index b502bf359..7da8bf1f4 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 729432ad7..97c2e1a4a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 85a1dce7f..0f86e3360 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #include "libcrux_mlkem1024_avx2.h" @@ -38,11 +38,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_ea( +static void decapsulate_6e( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_6e0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ff0(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_ea(private_key, ciphertext, ret); + decapsulate_6e(private_key, ciphertext, ret); } /** @@ -83,11 +83,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_d0( +static void decapsulate_unpacked_98( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f0(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_590(key_pair, ciphertext, ret); } /** @@ -101,7 +101,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d0(private_key, ciphertext, ret); + decapsulate_unpacked_98(private_key, ciphertext, ret); } /** @@ -121,14 +121,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_14( +static tuple_21 encapsulate_46( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_410(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_e20(uu____0, copy_of_randomness); } /** @@ -145,7 +145,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_14(uu____0, copy_of_randomness); + return encapsulate_46(uu____0, copy_of_randomness); } /** @@ -169,7 +169,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_4c( +static tuple_21 encapsulate_unpacked_e3( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = @@ -177,7 +177,7 @@ static tuple_21 encapsulate_unpacked_4c( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e0(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_f20(uu____0, copy_of_randomness); } @@ -199,7 +199,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_4c(uu____0, copy_of_randomness); + return encapsulate_unpacked_e3(uu____0, copy_of_randomness); } /** @@ -216,12 +216,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_1a( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_32( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_0d0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_500(copy_of_randomness); } /** @@ -232,7 +232,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1a(copy_of_randomness); + return generate_keypair_32(copy_of_randomness); } /** @@ -251,11 +251,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_c0(uint8_t randomness[64U]) { +generate_keypair_unpacked_71(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_270( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_910( copy_of_randomness); } @@ -268,7 +268,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c0(copy_of_randomness); + return generate_keypair_unpacked_71(copy_of_randomness); } /** @@ -282,8 +282,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_c90(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_f90(public_key); +static bool validate_public_key_370(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_a70(public_key); } /** @@ -294,7 +294,7 @@ static bool validate_public_key_c90(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_c90(public_key.value)) { + if (validate_public_key_370(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index b99bd8543..16ebe6f37 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index a207fbbab..754be38e6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #include "libcrux_mlkem1024_portable.h" @@ -38,11 +38,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_3c( +static void decapsulate_7a( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_811(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_461(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_3c(private_key, ciphertext, ret); + decapsulate_7a(private_key, ciphertext, ret); } /** @@ -83,11 +83,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_d0( +static void decapsulate_unpacked_ff( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c1(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_881(key_pair, ciphertext, ret); } /** @@ -101,7 +101,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d0(private_key, ciphertext, ret); + decapsulate_unpacked_ff(private_key, ciphertext, ret); } /** @@ -121,14 +121,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_a5( +static tuple_21 encapsulate_a1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_8f1(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_511(uu____0, copy_of_randomness); } /** @@ -145,7 +145,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_a5(uu____0, copy_of_randomness); + return encapsulate_a1(uu____0, copy_of_randomness); } /** @@ -169,7 +169,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_5a( +static tuple_21 encapsulate_unpacked_f3( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = @@ -177,7 +177,7 @@ static tuple_21 encapsulate_unpacked_5a( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_de1(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_511(uu____0, copy_of_randomness); } @@ -199,7 +199,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_5a(uu____0, copy_of_randomness); + return encapsulate_unpacked_f3(uu____0, copy_of_randomness); } /** @@ -217,12 +217,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_00( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_e3( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_f91(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_951(copy_of_randomness); } /** @@ -233,7 +233,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_00(copy_of_randomness); + return generate_keypair_e3(copy_of_randomness); } /** @@ -252,11 +252,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_d2(uint8_t randomness[64U]) { +generate_keypair_unpacked_24(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c81( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_2c1( copy_of_randomness); } @@ -269,7 +269,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d2(copy_of_randomness); + return generate_keypair_unpacked_24(copy_of_randomness); } /** @@ -283,8 +283,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_9d1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_c21(public_key); +static bool validate_public_key_561(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_6d1(public_key); } /** @@ -295,7 +295,7 @@ static bool validate_public_key_9d1(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_9d1(public_key.value)) { + if (validate_public_key_561(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index daa5a6f2c..7f2d005b3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 387170991..7f5ace68e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 31357fee4..e1c489daf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #include "libcrux_mlkem512_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_d3(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_db(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_6e(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ff(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_d3(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_d3(private_key, ciphertext, ret); + decapsulate_db(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_d9( +static void decapsulate_unpacked_8b( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_59(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_d9( void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d9(private_key, ciphertext, ret); + decapsulate_unpacked_8b(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_bd( +static tuple_ec encapsulate_c2( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_41(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_e2(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_bd(uu____0, copy_of_randomness); + return encapsulate_c2(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_2e( +static tuple_ec encapsulate_unpacked_a4( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = @@ -173,7 +173,7 @@ static tuple_ec encapsulate_unpacked_2e( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_f2(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_2e(uu____0, copy_of_randomness); + return encapsulate_unpacked_a4(uu____0, copy_of_randomness); } /** @@ -210,12 +210,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_3e( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1d( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_0d(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_50(copy_of_randomness); } /** @@ -226,7 +226,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_3e(copy_of_randomness); + return generate_keypair_1d(copy_of_randomness); } /** @@ -245,11 +245,11 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_7f(uint8_t randomness[64U]) { +generate_keypair_unpacked_22(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_27( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_91( copy_of_randomness); } @@ -262,7 +262,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_7f(copy_of_randomness); + return generate_keypair_unpacked_22(copy_of_randomness); } /** @@ -276,8 +276,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_c9(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_f9(public_key); +static bool validate_public_key_37(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_a7(public_key); } /** @@ -288,7 +288,7 @@ static bool validate_public_key_c9(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_c9(public_key.value)) { + if (validate_public_key_37(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index f0594d0a7..21988191c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index e2ee05849..e891b5796 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #include "libcrux_mlkem512_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_60(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_35(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_810(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_460(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_60(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_60(private_key, ciphertext, ret); + decapsulate_35(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_4f( +static void decapsulate_unpacked_fd( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c0(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_880(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_4f( void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_4f(private_key, ciphertext, ret); + decapsulate_unpacked_fd(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_51( +static tuple_ec encapsulate_28( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_8f0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_510(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_51(uu____0, copy_of_randomness); + return encapsulate_28(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_b3( +static tuple_ec encapsulate_unpacked_83( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = @@ -173,7 +173,7 @@ static tuple_ec encapsulate_unpacked_b3( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_de0(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_510(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_b3(uu____0, copy_of_randomness); + return encapsulate_unpacked_83(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_68( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_fd( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_f90(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_950(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_68(copy_of_randomness); + return generate_keypair_fd(copy_of_randomness); } /** @@ -246,11 +246,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_9e(uint8_t randomness[64U]) { +generate_keypair_unpacked_21(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c80( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_2c0( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_9e(copy_of_randomness); + return generate_keypair_unpacked_21(copy_of_randomness); } /** @@ -277,8 +277,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_9d0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_c20(public_key); +static bool validate_public_key_560(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_6d0(public_key); } /** @@ -289,7 +289,7 @@ static bool validate_public_key_9d0(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_9d0(public_key.value)) { + if (validate_public_key_560(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 0042942bc..a2d87bcf3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index d36bab9af..27839fed0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index f34aece0b..9f5c91258 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #include "libcrux_mlkem768_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_25( +static void decapsulate_d4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_6e1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ff1(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_25( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_25(private_key, ciphertext, ret); + decapsulate_d4(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_b4( +static void decapsulate_unpacked_1e( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f1(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_591(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_b4( void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_b4(private_key, ciphertext, ret); + decapsulate_unpacked_1e(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_27( +static tuple_3c encapsulate_ce( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_411(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_e21(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_27(uu____0, copy_of_randomness); + return encapsulate_ce(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_ff( +static tuple_3c encapsulate_unpacked_04( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -173,7 +173,7 @@ static tuple_3c encapsulate_unpacked_ff( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e1(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_f21(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ff(uu____0, copy_of_randomness); + return encapsulate_unpacked_04(uu____0, copy_of_randomness); } /** @@ -210,12 +210,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_93( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_02( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_0d1(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_501(copy_of_randomness); } /** @@ -226,7 +226,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_93(copy_of_randomness); + return generate_keypair_02(copy_of_randomness); } /** @@ -245,11 +245,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_51(uint8_t randomness[64U]) { +generate_keypair_unpacked_3c(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_271( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_911( copy_of_randomness); } @@ -262,7 +262,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_51(copy_of_randomness); + return generate_keypair_unpacked_3c(copy_of_randomness); } /** @@ -276,8 +276,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_c91(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_f91(public_key); +static bool validate_public_key_371(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_a71(public_key); } /** @@ -288,7 +288,7 @@ static bool validate_public_key_c91(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_c91(public_key.value)) { + if (validate_public_key_371(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 43657f081..bb1d58364 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 617074ec1..b0d6b190a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #include "libcrux_mlkem768_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_e3( +static void decapsulate_82( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_81(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_46(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_e3( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_e3(private_key, ciphertext, ret); + decapsulate_82(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_fc( +static void decapsulate_unpacked_17( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_88(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_fc( void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_fc(private_key, ciphertext, ret); + decapsulate_unpacked_17(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_30( +static tuple_3c encapsulate_4f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_8f(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_51(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_30(uu____0, copy_of_randomness); + return encapsulate_4f(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_d1( +static tuple_3c encapsulate_unpacked_11( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -173,7 +173,7 @@ static tuple_3c encapsulate_unpacked_d1( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_de(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_51(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_d1(uu____0, copy_of_randomness); + return encapsulate_unpacked_11(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c1( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_19( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_f9(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_95(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_c1(copy_of_randomness); + return generate_keypair_19(copy_of_randomness); } /** @@ -246,11 +246,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_05(uint8_t randomness[64U]) { +generate_keypair_unpacked_ef(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c8( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_2c( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_05(copy_of_randomness); + return generate_keypair_unpacked_ef(copy_of_randomness); } /** @@ -277,8 +277,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_9d(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_c2(public_key); +static bool validate_public_key_56(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_6d(public_key); } /** @@ -289,7 +289,7 @@ static bool validate_public_key_9d(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_9d(public_key.value)) { + if (validate_public_key_56(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 85ac2699f..3a7a3da28 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index a1cafa4cd..79cabacb5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #include "internal/libcrux_mlkem_avx2.h" @@ -1069,7 +1069,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_71(Eurydice_slice serialized) { +deserialize_to_reduced_ring_element_ab(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -1096,7 +1096,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a84( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a54( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; @@ -1113,7 +1113,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a84( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_71(ring_element); + deserialize_to_reduced_ring_element_ab(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1126,7 +1126,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_66(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_a3(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1139,8 +1139,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_ea_fc(__m256i vector) { - return shift_right_66(vector); +static __m256i shift_right_ea_42(__m256i vector) { + return shift_right_a3(vector); } /** @@ -1150,7 +1150,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static __m256i to_unsigned_representative_14(__m256i a) { - __m256i t = shift_right_ea_fc(a); + __m256i t = shift_right_ea_42(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -1250,9 +1250,9 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_f91(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_a71(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_a84( + deserialize_ring_elements_reduced_a54( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); @@ -1293,6 +1293,31 @@ static KRML_MUSTINLINE void G_a9_e11(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_d8 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void cpa_keygen_seed_d8_451( + Eurydice_slice key_generation_seed, uint8_t ret[64U]) { + uint8_t seed[33U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + seed, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t), + key_generation_seed, uint8_t); + seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = + (uint8_t)(size_t)3U; + uint8_t ret0[64U]; + G_a9_e11(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); +} + /** A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2372,10 +2397,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b0 generate_keypair_unpacked_e81( +static tuple_9b0 generate_keypair_unpacked_581( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_e11(key_generation_seed, hashed); + cpa_keygen_seed_d8_451(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -2458,7 +2483,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_a71( +static void closure_991( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_89_9b();); @@ -2474,7 +2499,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_d6( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_4c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -2510,7 +2535,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_271(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_911(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2518,18 +2543,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_271(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = generate_keypair_unpacked_e81(ind_cpa_keypair_randomness); + tuple_9b0 uu____0 = generate_keypair_unpacked_581(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_a71(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_991(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_d6(&ind_cpa_public_key.A[j][i1]); + clone_d5_4c(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -2579,7 +2604,8 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_271(uint8_t randomness[64U]) { /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 3 - PRIVATE_KEY_SIZE= 1152 - PUBLIC_KEY_SIZE= 1184 @@ -2587,10 +2613,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_931( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_b71( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_e11(key_generation_seed, hashed); + cpa_keygen_seed_d8_451(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -2658,7 +2684,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_8e1( +static KRML_MUSTINLINE void serialize_kem_secret_key_5a1( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2711,7 +2737,8 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_8e1( /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 @@ -2721,7 +2748,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_0d1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_501(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2730,13 +2757,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0d1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_931(ind_cpa_keypair_randomness); + generate_keypair_b71(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_8e1( + serialize_kem_secret_key_5a1( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2745,13 +2772,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0d1(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_db0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_0b0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_120( - uu____2, libcrux_ml_kem_types_from_b6_8e0(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_9c0( + uu____2, libcrux_ml_kem_types_from_b6_b00(copy_of_public_key)); } /** @@ -2766,7 +2793,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_581(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_321(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_9b();); @@ -2834,7 +2861,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_3d( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_48( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2858,7 +2885,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_64( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_10( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2878,7 +2905,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_fb( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_b5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2896,7 +2923,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_eb(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_b3(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); @@ -2911,7 +2938,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_39( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_6e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2926,7 +2953,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_39( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_eb( + inv_ntt_layer_int_vec_step_reduce_b3( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2943,17 +2970,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_e61( +static KRML_MUSTINLINE void invert_ntt_montgomery_4e1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_3d(&zeta_i, re); - invert_ntt_at_layer_2_64(&zeta_i, re); - invert_ntt_at_layer_3_fb(&zeta_i, re); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_48(&zeta_i, re); + invert_ntt_at_layer_2_10(&zeta_i, re); + invert_ntt_at_layer_3_b5(&zeta_i, re); + invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_e6(re); } @@ -2967,7 +2994,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_c7( +static KRML_MUSTINLINE void add_error_reduce_89_db( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2991,7 +3018,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_541( +static KRML_MUSTINLINE void compute_vector_u_a31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -3021,8 +3048,8 @@ static KRML_MUSTINLINE void compute_vector_u_541( ntt_multiply_89_44(a_element, &r_as_ntt[j]); add_to_ring_element_89_ce1(&result[i1], &product); } - invert_ntt_montgomery_e61(&result[i1]); - add_error_reduce_89_c7(&result[i1], &error_1[i1]); + invert_ntt_montgomery_4e1(&result[i1]); + add_error_reduce_89_db(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3035,7 +3062,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_d7(__m256i v) { +static __m256i decompress_1_80(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3049,7 +3076,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_d3(uint8_t serialized[32U]) { +deserialize_then_decompress_message_f3(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; @@ -3058,7 +3085,7 @@ deserialize_then_decompress_message_d3(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_d7(coefficient_compressed);); + re.coefficients[i0] = decompress_1_80(coefficient_compressed);); return re; } @@ -3073,7 +3100,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_6a( +add_message_error_reduce_89_bd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3103,7 +3130,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_f91( +compute_ring_element_v_301( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -3113,8 +3140,8 @@ compute_ring_element_v_f91( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_ce1(&result, &product);); - invert_ntt_montgomery_e61(&result); - result = add_message_error_reduce_89_6a(error_2, message, result); + invert_ntt_montgomery_4e1(&result); + result = add_message_error_reduce_89_bd(error_2, message, result); return result; } @@ -3125,7 +3152,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_e0(__m256i vector) { +compress_ciphertext_coefficient_05(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3172,8 +3199,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_ea_9b(__m256i vector) { - return compress_ciphertext_coefficient_e0(vector); +static __m256i compress_ea_01(__m256i vector) { + return compress_ciphertext_coefficient_05(vector); } /** @@ -3182,14 +3209,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_d0( +static KRML_MUSTINLINE void compress_then_serialize_10_27( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_9b(to_unsigned_representative_14(re->coefficients[i0])); + compress_ea_01(to_unsigned_representative_14(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3207,7 +3234,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_e00(__m256i vector) { +compress_ciphertext_coefficient_050(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3254,8 +3281,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_ea_9b0(__m256i vector) { - return compress_ciphertext_coefficient_e00(vector); +static __m256i compress_ea_010(__m256i vector) { + return compress_ciphertext_coefficient_050(vector); } /** @@ -3265,10 +3292,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_56( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_ae( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_d0(re, uu____0); + compress_then_serialize_10_27(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3284,7 +3311,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_9b1( +static void compress_then_serialize_u_c11( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3300,7 +3327,7 @@ static void compress_then_serialize_u_9b1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_56(&re, ret); + compress_then_serialize_ring_element_u_ae(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3313,7 +3340,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_e01(__m256i vector) { +compress_ciphertext_coefficient_051(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3360,8 +3387,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_ea_9b1(__m256i vector) { - return compress_ciphertext_coefficient_e01(vector); +static __m256i compress_ea_011(__m256i vector) { + return compress_ciphertext_coefficient_051(vector); } /** @@ -3370,14 +3397,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_fb( +static KRML_MUSTINLINE void compress_then_serialize_4_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_9b1(to_unsigned_representative_14(re.coefficients[i0])); + compress_ea_011(to_unsigned_representative_14(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); Eurydice_slice_copy( @@ -3394,7 +3421,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_e02(__m256i vector) { +compress_ciphertext_coefficient_052(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3441,8 +3468,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_ea_9b2(__m256i vector) { - return compress_ciphertext_coefficient_e02(vector); +static __m256i compress_ea_012(__m256i vector) { + return compress_ciphertext_coefficient_052(vector); } /** @@ -3451,14 +3478,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_8e( +static KRML_MUSTINLINE void compress_then_serialize_5_14( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_ea_9b2(to_unsigned_representative_14(re.coefficients[i0])); + compress_ea_012(to_unsigned_representative_14(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); Eurydice_slice_copy( @@ -3475,9 +3502,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_6d( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_13( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_fb(re, out); + compress_then_serialize_4_d8(re, out); } /** @@ -3538,7 +3565,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_af1( +static void encrypt_unpacked_ce1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -3556,7 +3583,7 @@ static void encrypt_unpacked_af1( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_581(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_321(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3570,25 +3597,25 @@ static void encrypt_unpacked_af1( sample_from_binomial_distribution_730( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_541(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a31(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_d3(copy_of_message); + deserialize_then_decompress_message_f3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_f91(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_301(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_9b1( + compress_then_serialize_u_c11( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_6d( + compress_then_serialize_ring_element_v_13( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3612,7 +3639,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_f21( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -3639,7 +3666,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e1( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_af1(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_ce1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -3649,7 +3676,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e1( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_ec0(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_2d0(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -3661,16 +3688,16 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e1( } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_c11(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_f41(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3691,7 +3718,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a83( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a53( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; @@ -3708,7 +3735,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a83( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_71(ring_element); + deserialize_to_reduced_ring_element_ab(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -3733,10 +3760,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_a31(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_c01(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_a83( + deserialize_ring_elements_reduced_a53( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -3760,7 +3787,7 @@ static void encrypt_a31(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_581(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_321(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3774,42 +3801,42 @@ static void encrypt_a31(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_730( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_541(A, r_as_ntt, error_1, u); + compute_vector_u_a31(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_d3(copy_of_message); + deserialize_then_decompress_message_f3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_f91(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_301(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_9b1( + compress_then_serialize_u_c11( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_6d( + compress_then_serialize_ring_element_v_13( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_be1(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_aa1(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3820,7 +3847,7 @@ static KRML_MUSTINLINE void kdf_af_be1(Eurydice_slice shared_secret, /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 @@ -3836,11 +3863,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_411( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e21( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_c11( + entropy_preprocess_d8_f41( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -3850,7 +3877,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_411( size_t); uint8_t ret[32U]; H_a9_a11(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f0(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_330(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -3864,19 +3891,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_411( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f0(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_330(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_a31(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_c01(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_ec0(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_2d0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_be1(shared_secret, shared_secret_array); + kdf_d8_aa1(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3895,7 +3922,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_57(__m256i vector) { +decompress_ciphertext_coefficient_ab(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3939,8 +3966,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_ea_8c(__m256i vector) { - return decompress_ciphertext_coefficient_57(vector); +static __m256i decompress_ciphertext_coefficient_ea_de(__m256i vector) { + return decompress_ciphertext_coefficient_ab(vector); } /** @@ -3950,7 +3977,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_94(Eurydice_slice serialized) { +deserialize_then_decompress_10_66(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { @@ -3958,7 +3985,7 @@ deserialize_then_decompress_10_94(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_8c(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_de(coefficient); } return re; } @@ -3970,7 +3997,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_570(__m256i vector) { +decompress_ciphertext_coefficient_ab0(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4014,8 +4041,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_ea_8c0(__m256i vector) { - return decompress_ciphertext_coefficient_570(vector); +static __m256i decompress_ciphertext_coefficient_ea_de0(__m256i vector) { + return decompress_ciphertext_coefficient_ab0(vector); } /** @@ -4025,7 +4052,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_ec(Eurydice_slice serialized) { +deserialize_then_decompress_11_af(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { @@ -4033,7 +4060,7 @@ deserialize_then_decompress_11_ec(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_8c0(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_de0(coefficient); } return re; } @@ -4045,8 +4072,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_0e(Eurydice_slice serialized) { - return deserialize_then_decompress_10_94(serialized); +deserialize_then_decompress_ring_element_u_9c(Eurydice_slice serialized) { + return deserialize_then_decompress_10_66(serialized); } /** @@ -4055,7 +4082,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_c1( +static KRML_MUSTINLINE void ntt_vector_u_e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); @@ -4080,7 +4107,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7a1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_7b1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -4103,8 +4130,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7a1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_0e(u_bytes); - ntt_vector_u_c1(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_9c(u_bytes); + ntt_vector_u_e0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4118,7 +4145,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_571(__m256i vector) { +decompress_ciphertext_coefficient_ab1(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4162,8 +4189,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_ea_8c1(__m256i vector) { - return decompress_ciphertext_coefficient_571(vector); +static __m256i decompress_ciphertext_coefficient_ea_de1(__m256i vector) { + return decompress_ciphertext_coefficient_ab1(vector); } /** @@ -4173,7 +4200,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_cc(Eurydice_slice serialized) { +deserialize_then_decompress_4_fa(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { @@ -4181,7 +4208,7 @@ deserialize_then_decompress_4_cc(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_8c1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_de1(coefficient); } return re; } @@ -4193,7 +4220,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_572(__m256i vector) { +decompress_ciphertext_coefficient_ab2(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4237,8 +4264,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_ea_8c2(__m256i vector) { - return decompress_ciphertext_coefficient_572(vector); +static __m256i decompress_ciphertext_coefficient_ea_de2(__m256i vector) { + return decompress_ciphertext_coefficient_ab2(vector); } /** @@ -4248,7 +4275,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_21(Eurydice_slice serialized) { +deserialize_then_decompress_5_6a(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { @@ -4257,7 +4284,7 @@ deserialize_then_decompress_5_21(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_8c2(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_de2(re.coefficients[i0]); } return re; } @@ -4269,8 +4296,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_13(Eurydice_slice serialized) { - return deserialize_then_decompress_4_cc(serialized); +deserialize_then_decompress_ring_element_v_ac(Eurydice_slice serialized) { + return deserialize_then_decompress_4_fa(serialized); } /** @@ -4284,7 +4311,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_97(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_89_36(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4312,7 +4339,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_3b1( +compute_message_a61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -4321,8 +4348,8 @@ compute_message_3b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_ce1(&result, &product);); - invert_ntt_montgomery_e61(&result); - result = subtract_reduce_89_97(v, result); + invert_ntt_montgomery_4e1(&result); + result = subtract_reduce_89_36(v, result); return result; } @@ -4332,7 +4359,7 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_97( +static KRML_MUSTINLINE void compress_then_serialize_message_0b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( @@ -4384,19 +4411,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_8c1( +static void decrypt_unpacked_5f1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_7a1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7b1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_13( + deserialize_then_decompress_ring_element_v_ac( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_3b1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_a61(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_97(message, ret0); + compress_then_serialize_message_0b(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4447,11 +4474,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_591( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_8c1(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_5f1(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -4480,7 +4507,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f1( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b40(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_fd0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_dd3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4491,11 +4518,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_af1(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_ce1(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_b40(ciphertext), + libcrux_ml_kem_types_as_ref_00_fd0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4513,7 +4540,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_0e(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_81(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -4534,7 +4561,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_d71( +static KRML_MUSTINLINE void deserialize_secret_key_461( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -4551,7 +4578,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_d71( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_0e(secret_bytes); + deserialize_to_uncompressed_ring_element_81(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4569,10 +4596,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_191(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_a81(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_d71(secret_key, secret_as_ntt); + deserialize_secret_key_461(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4584,14 +4611,14 @@ static void decrypt_191(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_8c1(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_5f1(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics - K= 3 - SECRET_KEY_SIZE= 2400 @@ -4610,7 +4637,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_6e1( +void libcrux_ml_kem_ind_cca_decapsulate_ff1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4628,7 +4655,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_6e1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_191(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_a81(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -4650,7 +4677,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_6e1( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b40(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_fd0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_dd3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4660,17 +4687,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_6e1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_a31(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_c01(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_be1(Eurydice_array_to_slice( + kdf_d8_aa1(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_be1(shared_secret0, shared_secret); + kdf_d8_aa1(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_b40(ciphertext), + libcrux_ml_kem_types_as_ref_00_fd0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4692,7 +4719,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a82( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a52( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; @@ -4709,7 +4736,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a82( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_71(ring_element); + deserialize_to_reduced_ring_element_ab(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4788,9 +4815,9 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_f90(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_a70(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_a82( + deserialize_ring_elements_reduced_a52( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); @@ -4831,6 +4858,31 @@ static KRML_MUSTINLINE void G_a9_e10(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_d8 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void cpa_keygen_seed_d8_450( + Eurydice_slice key_generation_seed, uint8_t ret[64U]) { + uint8_t seed[33U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + seed, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t), + key_generation_seed, uint8_t); + seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = + (uint8_t)(size_t)4U; + uint8_t ret0[64U]; + G_a9_e10(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); +} + /** A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5474,10 +5526,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_54 generate_keypair_unpacked_e80( +static tuple_54 generate_keypair_unpacked_580( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_e10(key_generation_seed, hashed); + cpa_keygen_seed_d8_450(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5560,7 +5612,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_a70( +static void closure_990( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_89_9b();); @@ -5592,7 +5644,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_270(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_910(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5600,18 +5652,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_270(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_54 uu____0 = generate_keypair_unpacked_e80(ind_cpa_keypair_randomness); + tuple_54 uu____0 = generate_keypair_unpacked_580(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_a70(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_990(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_d6(&ind_cpa_public_key.A[j][i1]); + clone_d5_4c(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5661,7 +5713,8 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_270(uint8_t randomness[64U]) { /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 4 - PRIVATE_KEY_SIZE= 1536 - PUBLIC_KEY_SIZE= 1568 @@ -5669,10 +5722,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_930( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_b70( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_e10(key_generation_seed, hashed); + cpa_keygen_seed_d8_450(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5740,7 +5793,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_8e0( +static KRML_MUSTINLINE void serialize_kem_secret_key_5a0( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5793,7 +5846,8 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_8e0( /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 4 - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 @@ -5803,7 +5857,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_0d0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_500(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5812,13 +5866,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0d0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_930(ind_cpa_keypair_randomness); + generate_keypair_b70(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_8e0( + serialize_kem_secret_key_5a0( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5827,13 +5881,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0d0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_db1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_0b1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_121( - uu____2, libcrux_ml_kem_types_from_b6_8e1(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_9c1( + uu____2, libcrux_ml_kem_types_from_b6_b01(copy_of_public_key)); } /** @@ -5848,7 +5902,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_580(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_320(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_9b();); @@ -5904,17 +5958,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_e60( +static KRML_MUSTINLINE void invert_ntt_montgomery_4e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_3d(&zeta_i, re); - invert_ntt_at_layer_2_64(&zeta_i, re); - invert_ntt_at_layer_3_fb(&zeta_i, re); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_48(&zeta_i, re); + invert_ntt_at_layer_2_10(&zeta_i, re); + invert_ntt_at_layer_3_b5(&zeta_i, re); + invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_e6(re); } @@ -5927,7 +5981,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_540( +static KRML_MUSTINLINE void compute_vector_u_a30( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -5957,8 +6011,8 @@ static KRML_MUSTINLINE void compute_vector_u_540( ntt_multiply_89_44(a_element, &r_as_ntt[j]); add_to_ring_element_89_ce0(&result[i1], &product); } - invert_ntt_montgomery_e60(&result[i1]); - add_error_reduce_89_c7(&result[i1], &error_1[i1]); + invert_ntt_montgomery_4e0(&result[i1]); + add_error_reduce_89_db(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -5975,7 +6029,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_f90( +compute_ring_element_v_300( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -5985,8 +6039,8 @@ compute_ring_element_v_f90( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_ce0(&result, &product);); - invert_ntt_montgomery_e60(&result); - result = add_message_error_reduce_89_6a(error_2, message, result); + invert_ntt_montgomery_4e0(&result); + result = add_message_error_reduce_89_bd(error_2, message, result); return result; } @@ -5996,14 +6050,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_280( +static KRML_MUSTINLINE void compress_then_serialize_11_cf0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_9b0(to_unsigned_representative_14(re->coefficients[i0])); + compress_ea_010(to_unsigned_representative_14(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6021,10 +6075,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_560( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_ae0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_280(re, uu____0); + compress_then_serialize_11_cf0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -6040,7 +6094,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_9b0( +static void compress_then_serialize_u_c10( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6056,7 +6110,7 @@ static void compress_then_serialize_u_9b0( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_560(&re, ret); + compress_then_serialize_ring_element_u_ae0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -6069,9 +6123,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_6d0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_130( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_8e(re, out); + compress_then_serialize_5_14(re, out); } /** @@ -6132,7 +6186,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_af0( +static void encrypt_unpacked_ce0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -6150,7 +6204,7 @@ static void encrypt_unpacked_af0( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_580(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_320(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -6164,25 +6218,25 @@ static void encrypt_unpacked_af0( sample_from_binomial_distribution_730( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_540(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a30(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_d3(copy_of_message); + deserialize_then_decompress_message_f3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_f90(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_300(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_9b0( + compress_then_serialize_u_c10( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_6d0( + compress_then_serialize_ring_element_v_130( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -6206,7 +6260,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_f20( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6233,7 +6287,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e0( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_af0(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_ce0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6243,7 +6297,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e0( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_ec1(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_2d1(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6255,16 +6309,16 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e0( } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_c10(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_f40(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6285,7 +6339,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a81( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a51( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; @@ -6302,7 +6356,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a81( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_71(ring_element); + deserialize_to_reduced_ring_element_ab(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6327,10 +6381,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_a30(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_c00(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_a81( + deserialize_ring_elements_reduced_a51( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -6354,7 +6408,7 @@ static void encrypt_a30(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_580(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_320(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -6368,42 +6422,42 @@ static void encrypt_a30(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_730( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_540(A, r_as_ntt, error_1, u); + compute_vector_u_a30(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_d3(copy_of_message); + deserialize_then_decompress_message_f3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_f90(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_300(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_9b0( + compress_then_serialize_u_c10( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_6d0( + compress_then_serialize_ring_element_v_130( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_be0(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_aa0(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6414,7 +6468,7 @@ static KRML_MUSTINLINE void kdf_af_be0(Eurydice_slice shared_secret, /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 @@ -6430,11 +6484,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_410( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e20( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_c10( + entropy_preprocess_d8_f40( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -6444,7 +6498,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_410( size_t); uint8_t ret[32U]; H_a9_a10(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_6f1(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_331(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6458,19 +6512,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_410( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_6f1(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_331(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_a30(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_c00(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_ec1(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_2d1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_be0(shared_secret, shared_secret_array); + kdf_d8_aa0(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6489,8 +6543,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_0e0(Eurydice_slice serialized) { - return deserialize_then_decompress_11_ec(serialized); +deserialize_then_decompress_ring_element_u_9c0(Eurydice_slice serialized) { + return deserialize_then_decompress_11_af(serialized); } /** @@ -6499,7 +6553,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_c10( +static KRML_MUSTINLINE void ntt_vector_u_e00( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); @@ -6524,7 +6578,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7a0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_7b0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; @@ -6547,8 +6601,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7a0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_0e0(u_bytes); - ntt_vector_u_c10(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_9c0(u_bytes); + ntt_vector_u_e00(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6562,8 +6616,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_130(Eurydice_slice serialized) { - return deserialize_then_decompress_5_21(serialized); +deserialize_then_decompress_ring_element_v_ac0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_6a(serialized); } /** @@ -6579,7 +6633,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_3b0( +compute_message_a60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -6588,8 +6642,8 @@ compute_message_3b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_ce0(&result, &product);); - invert_ntt_montgomery_e60(&result); - result = subtract_reduce_89_97(v, result); + invert_ntt_montgomery_4e0(&result); + result = subtract_reduce_89_36(v, result); return result; } @@ -6627,19 +6681,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_8c0( +static void decrypt_unpacked_5f0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_7a0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7b0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_130( + deserialize_then_decompress_ring_element_v_ac0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_3b0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_a60(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_97(message, ret0); + compress_then_serialize_message_0b(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6678,12 +6732,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_590( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_8c0(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_5f0(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -6712,7 +6766,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f0( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b41(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_fd1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_dd1(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -6723,11 +6777,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_af0(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_ce0(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_b41(ciphertext), + libcrux_ml_kem_types_as_ref_00_fd1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -6747,7 +6801,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_d70( +static KRML_MUSTINLINE void deserialize_secret_key_460( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; @@ -6764,7 +6818,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_d70( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_0e(secret_bytes); + deserialize_to_uncompressed_ring_element_81(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6782,10 +6836,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_190(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_a80(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_d70(secret_key, secret_as_ntt); + deserialize_secret_key_460(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -6797,14 +6851,14 @@ static void decrypt_190(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_8c0(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_5f0(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics - K= 4 - SECRET_KEY_SIZE= 3168 @@ -6823,7 +6877,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_6e0( +void libcrux_ml_kem_ind_cca_decapsulate_ff0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6842,7 +6896,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_6e0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_190(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_a80(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -6864,7 +6918,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_6e0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b41(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_fd1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_dd1(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -6874,17 +6928,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_6e0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_a30(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_c00(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_be0(Eurydice_array_to_slice( + kdf_d8_aa0(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_be0(shared_secret0, shared_secret); + kdf_d8_aa0(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_b41(ciphertext), + libcrux_ml_kem_types_as_ref_00_fd1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6906,7 +6960,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a80( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a50( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; @@ -6923,7 +6977,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a80( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_71(ring_element); + deserialize_to_reduced_ring_element_ab(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7002,9 +7056,9 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_f9(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_a7(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_a80( + deserialize_ring_elements_reduced_a50( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); @@ -7045,6 +7099,31 @@ static KRML_MUSTINLINE void G_a9_e1(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_d8 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void cpa_keygen_seed_d8_45( + Eurydice_slice key_generation_seed, uint8_t ret[64U]) { + uint8_t seed[33U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + seed, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t), + key_generation_seed, uint8_t); + seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = + (uint8_t)(size_t)2U; + uint8_t ret0[64U]; + G_a9_e1(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); +} + /** A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7681,10 +7760,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_e8( +static tuple_4c generate_keypair_unpacked_58( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_e1(key_generation_seed, hashed); + cpa_keygen_seed_d8_45(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7767,7 +7846,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_a7( +static void closure_99( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_89_9b();); @@ -7799,7 +7878,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_27(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_91(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -7807,18 +7886,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_27(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c uu____0 = generate_keypair_unpacked_e8(ind_cpa_keypair_randomness); + tuple_4c uu____0 = generate_keypair_unpacked_58(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_a7(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_99(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_d6(&ind_cpa_public_key.A[j][i1]); + clone_d5_4c(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7868,7 +7947,8 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_27(uint8_t randomness[64U]) { /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 2 - PRIVATE_KEY_SIZE= 768 - PUBLIC_KEY_SIZE= 800 @@ -7876,10 +7956,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_93( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_b7( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_e1(key_generation_seed, hashed); + cpa_keygen_seed_d8_45(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7947,7 +8027,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_8e( +static KRML_MUSTINLINE void serialize_kem_secret_key_5a( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -8000,7 +8080,8 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_8e( /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 2 - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 @@ -8009,7 +8090,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0d( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_50( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -8019,13 +8100,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0d( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_93(ind_cpa_keypair_randomness); + generate_keypair_b7(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_8e( + serialize_kem_secret_key_5a( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8034,13 +8115,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0d( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_db(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_0b(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_12( - uu____2, libcrux_ml_kem_types_from_b6_8e(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_9c( + uu____2, libcrux_ml_kem_types_from_b6_b0(copy_of_public_key)); } /** @@ -8101,7 +8182,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_58(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_32(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_9b();); @@ -8157,17 +8238,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_e6( +static KRML_MUSTINLINE void invert_ntt_montgomery_4e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_3d(&zeta_i, re); - invert_ntt_at_layer_2_64(&zeta_i, re); - invert_ntt_at_layer_3_fb(&zeta_i, re); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_48(&zeta_i, re); + invert_ntt_at_layer_2_10(&zeta_i, re); + invert_ntt_at_layer_3_b5(&zeta_i, re); + invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_e6(re); } @@ -8180,7 +8261,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_54( +static KRML_MUSTINLINE void compute_vector_u_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -8210,8 +8291,8 @@ static KRML_MUSTINLINE void compute_vector_u_54( ntt_multiply_89_44(a_element, &r_as_ntt[j]); add_to_ring_element_89_ce(&result[i1], &product); } - invert_ntt_montgomery_e6(&result[i1]); - add_error_reduce_89_c7(&result[i1], &error_1[i1]); + invert_ntt_montgomery_4e(&result[i1]); + add_error_reduce_89_db(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -8228,7 +8309,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_f9( +compute_ring_element_v_30( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -8238,8 +8319,8 @@ compute_ring_element_v_f9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_ce(&result, &product);); - invert_ntt_montgomery_e6(&result); - result = add_message_error_reduce_89_6a(error_2, message, result); + invert_ntt_montgomery_4e(&result); + result = add_message_error_reduce_89_bd(error_2, message, result); return result; } @@ -8255,7 +8336,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_9b( +static void compress_then_serialize_u_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8271,7 +8352,7 @@ static void compress_then_serialize_u_9b( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_56(&re, ret); + compress_then_serialize_ring_element_u_ae(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8335,7 +8416,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_af( +static void encrypt_unpacked_ce( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -8353,7 +8434,7 @@ static void encrypt_unpacked_af( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_58(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_32(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -8367,25 +8448,25 @@ static void encrypt_unpacked_af( sample_from_binomial_distribution_730( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_54(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a3(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_d3(copy_of_message); + deserialize_then_decompress_message_f3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_f9(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_30(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_9b( + compress_then_serialize_u_c1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_6d( + compress_then_serialize_ring_element_v_13( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -8409,7 +8490,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_f2( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -8436,7 +8517,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_af(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_ce(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -8446,7 +8527,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_2d(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -8458,16 +8539,16 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e( } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_c1(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_f4(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8488,7 +8569,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a8( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a5( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; @@ -8505,7 +8586,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a8( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_71(ring_element); + deserialize_to_reduced_ring_element_ab(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8530,10 +8611,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_a3(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_c0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_a8( + deserialize_ring_elements_reduced_a5( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -8557,7 +8638,7 @@ static void encrypt_a3(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_58(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_32(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -8571,42 +8652,42 @@ static void encrypt_a3(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_730( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_54(A, r_as_ntt, error_1, u); + compute_vector_u_a3(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_d3(copy_of_message); + deserialize_then_decompress_message_f3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_f9(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_30(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_9b( + compress_then_serialize_u_c1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_6d( + compress_then_serialize_ring_element_v_13( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_be(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_aa(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8617,7 +8698,7 @@ static KRML_MUSTINLINE void kdf_af_be(Eurydice_slice shared_secret, /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics - K= 2 - CIPHERTEXT_SIZE= 768 @@ -8633,11 +8714,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_41( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e2( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_c1( + entropy_preprocess_d8_f4( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -8647,7 +8728,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_41( size_t); uint8_t ret[32U]; H_a9_a1(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_33(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -8661,19 +8742,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_41( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_33(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_a3(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_c0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_2d(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_be(shared_secret, shared_secret_array); + kdf_d8_aa(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8697,7 +8778,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7a( +static KRML_MUSTINLINE void deserialize_then_decompress_u_7b( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; @@ -8720,8 +8801,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7a( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_0e(u_bytes); - ntt_vector_u_c1(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_9c(u_bytes); + ntt_vector_u_e0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8741,7 +8822,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_3b( +compute_message_a6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -8750,8 +8831,8 @@ compute_message_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_ce(&result, &product);); - invert_ntt_montgomery_e6(&result); - result = subtract_reduce_89_97(v, result); + invert_ntt_montgomery_4e(&result); + result = subtract_reduce_89_36(v, result); return result; } @@ -8789,19 +8870,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_8c( +static void decrypt_unpacked_5f( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_7a(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7b(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_13( + deserialize_then_decompress_ring_element_v_ac( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_3b(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_a6(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_97(message, ret0); + compress_then_serialize_message_0b(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8840,11 +8921,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_59( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_8c(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_5f(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -8873,7 +8954,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b4(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_fd(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_dd(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -8884,11 +8965,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_af(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_ce(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_b4(ciphertext), + libcrux_ml_kem_types_as_ref_00_fd(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -8908,7 +8989,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_d7( +static KRML_MUSTINLINE void deserialize_secret_key_46( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; @@ -8925,7 +9006,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_d7( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_0e(secret_bytes); + deserialize_to_uncompressed_ring_element_81(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8943,10 +9024,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_19(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_a8(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_d7(secret_key, secret_as_ntt); + deserialize_secret_key_46(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -8958,14 +9039,14 @@ static void decrypt_19(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_8c(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_5f(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics - K= 2 - SECRET_KEY_SIZE= 1632 @@ -8984,7 +9065,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_6e( +void libcrux_ml_kem_ind_cca_decapsulate_ff( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -9002,7 +9083,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_6e( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_19(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_a8(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -9024,7 +9105,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_6e( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b4(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_fd(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_dd(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -9034,16 +9115,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_6e( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_a3(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_c0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_be(Eurydice_array_to_slice((size_t)32U, + kdf_d8_aa(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_be(shared_secret0, shared_secret); + kdf_d8_aa(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_b4(ciphertext), + libcrux_ml_kem_types_as_ref_00_fd(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index ed45eece4..38b8a1dad 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index f7e24f0e5..68997c944 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index e066c6784..aee7d70ec 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index d2ac40a4f..723b6492f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #include "internal/libcrux_mlkem_portable.h" @@ -2275,7 +2275,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_e1(Eurydice_slice serialized) { +deserialize_to_reduced_ring_element_b0(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -2304,7 +2304,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b74( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; @@ -2321,7 +2321,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d4( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_e1(ring_element); + deserialize_to_reduced_ring_element_b0(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2470,9 +2470,9 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c21(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_6d1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_9d4( + deserialize_ring_elements_reduced_b74( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); @@ -2513,6 +2513,31 @@ static KRML_MUSTINLINE void G_f1_e41(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_d8 +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void cpa_keygen_seed_d8_1a( + Eurydice_slice key_generation_seed, uint8_t ret[64U]) { + uint8_t seed[33U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + seed, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t), + key_generation_seed, uint8_t); + seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = + (uint8_t)(size_t)4U; + uint8_t ret0[64U]; + G_f1_e41(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); +} + /** A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3604,10 +3629,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_421( +static tuple_540 generate_keypair_unpacked_c11( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_e41(key_generation_seed, hashed); + cpa_keygen_seed_d8_1a(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3691,7 +3716,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_881( +static void closure_e71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_89_8d();); @@ -3707,7 +3732,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_84( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3747,7 +3772,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c81(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_2c1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3755,18 +3780,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c81(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_540 uu____0 = generate_keypair_unpacked_421(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_c11(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_881(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_e71(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_51(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3816,8 +3841,8 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c81(uint8_t randomness[64U]) { /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 4 - PRIVATE_KEY_SIZE= 1536 - PUBLIC_KEY_SIZE= 1568 @@ -3825,10 +3850,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_6e1( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_d51( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_e41(key_generation_seed, hashed); + cpa_keygen_seed_d8_1a(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3896,7 +3921,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_d8( +static KRML_MUSTINLINE void serialize_kem_secret_key_2d( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3949,8 +3974,8 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_d8( /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 4 - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 @@ -3960,7 +3985,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f91(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_951(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3969,13 +3994,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f91(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_6e1(ind_cpa_keypair_randomness); + generate_keypair_d51(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_d8( + serialize_kem_secret_key_2d( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3984,13 +4009,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f91(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_db1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_0b1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_121( - uu____2, libcrux_ml_kem_types_from_b6_8e1(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_9c1( + uu____2, libcrux_ml_kem_types_from_b6_b01(copy_of_public_key)); } /** @@ -4006,7 +4031,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_f11(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_8d();); @@ -4074,7 +4099,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_46( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_6e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4098,7 +4123,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_53( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_63( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4118,7 +4143,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_17( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_23( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4138,7 +4163,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_d9( + inv_ntt_layer_int_vec_step_reduce_69( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4158,7 +4183,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_1a( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_3b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4173,7 +4198,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_1a( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_d9( + inv_ntt_layer_int_vec_step_reduce_69( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4190,17 +4215,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_951( +static KRML_MUSTINLINE void invert_ntt_montgomery_b51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_46(&zeta_i, re); - invert_ntt_at_layer_2_53(&zeta_i, re); - invert_ntt_at_layer_3_17(&zeta_i, re); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_6e(&zeta_i, re); + invert_ntt_at_layer_2_63(&zeta_i, re); + invert_ntt_at_layer_3_23(&zeta_i, re); + invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_61(re); } @@ -4214,7 +4239,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_c3( +static KRML_MUSTINLINE void add_error_reduce_89_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4241,7 +4266,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_221( +static KRML_MUSTINLINE void compute_vector_u_e41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -4271,8 +4296,8 @@ static KRML_MUSTINLINE void compute_vector_u_221( ntt_multiply_89_17(a_element, &r_as_ntt[j]); add_to_ring_element_89_e81(&result[i1], &product); } - invert_ntt_montgomery_951(&result[i1]); - add_error_reduce_89_c3(&result[i1], &error_1[i1]); + invert_ntt_montgomery_b51(&result[i1]); + add_error_reduce_89_7a(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4286,7 +4311,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_b3(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_e7(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4300,7 +4325,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_6c(uint8_t serialized[32U]) { +deserialize_then_decompress_message_5e(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; @@ -4311,7 +4336,7 @@ deserialize_then_decompress_message_6c(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_b3(coefficient_compressed); + decompress_1_e7(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4327,7 +4352,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_a1( +add_message_error_reduce_89_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4360,7 +4385,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_ba1( +compute_ring_element_v_691( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4370,8 +4395,8 @@ compute_ring_element_v_ba1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_e81(&result, &product);); - invert_ntt_montgomery_951(&result); - result = add_message_error_reduce_89_a1(error_2, message, result); + invert_ntt_montgomery_b51(&result); + result = add_message_error_reduce_89_e6(error_2, message, result); return result; } @@ -4445,7 +4470,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_f80( +static KRML_MUSTINLINE void compress_then_serialize_11_210( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; @@ -4470,10 +4495,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_540( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_960( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_f80(re, uu____0); + compress_then_serialize_11_210(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4489,7 +4514,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_621( +static void compress_then_serialize_u_6e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4505,7 +4530,7 @@ static void compress_then_serialize_u_621( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_540(&re, ret); + compress_then_serialize_ring_element_u_960(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4549,7 +4574,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_f6( +static KRML_MUSTINLINE void compress_then_serialize_4_1e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -4604,7 +4629,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_06( +static KRML_MUSTINLINE void compress_then_serialize_5_d3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -4628,9 +4653,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_200( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_bc0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_06(re, out); + compress_then_serialize_5_d3(re, out); } /** @@ -4692,7 +4717,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_c51( +static void encrypt_unpacked_781( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -4710,7 +4735,7 @@ static void encrypt_unpacked_c51( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_381(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_f11(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4724,25 +4749,25 @@ static void encrypt_unpacked_c51( sample_from_binomial_distribution_34( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_221(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_e41(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_6c(copy_of_message); + deserialize_then_decompress_message_5e(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_ba1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_691(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_621( + compress_then_serialize_u_6e1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_200( + compress_then_serialize_ring_element_v_bc0( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4767,7 +4792,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_de1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_511( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4794,7 +4819,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_de1( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_c51(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_781(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4804,7 +4829,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_de1( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_ec1(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_2d1(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4816,16 +4841,16 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_de1( } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_77(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_62(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4846,7 +4871,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d3( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b73( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; @@ -4863,7 +4888,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d3( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_e1(ring_element); + deserialize_to_reduced_ring_element_b0(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4889,10 +4914,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_091(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_b41(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_9d3( + deserialize_ring_elements_reduced_b73( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -4916,7 +4941,7 @@ static void encrypt_091(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_381(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_f11(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4930,42 +4955,42 @@ static void encrypt_091(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_34( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_221(A, r_as_ntt, error_1, u); + compute_vector_u_e41(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_6c(copy_of_message); + deserialize_then_decompress_message_5e(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_ba1(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_691(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_621( + compress_then_serialize_u_6e1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_200( + compress_then_serialize_ring_element_v_bc0( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_11(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_8d(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4977,7 +5002,7 @@ static KRML_MUSTINLINE void kdf_af_11(Eurydice_slice shared_secret, A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], -libcrux_ml_kem_ind_cca_MlKem with const generics +libcrux_ml_kem_variant_MlKem with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 - PUBLIC_KEY_SIZE= 1568 @@ -4992,11 +5017,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_8f1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_511( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_77( + entropy_preprocess_d8_62( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5006,7 +5031,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_8f1( size_t); uint8_t ret[32U]; H_f1_1a1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_6f1(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_331(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5020,19 +5045,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_8f1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_6f1(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_331(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_091(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_b41(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_ec1(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_2d1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_11(shared_secret, shared_secret_array); + kdf_d8_8d(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -5088,7 +5113,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_12(Eurydice_slice serialized) { +deserialize_then_decompress_10_c6(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { @@ -5148,7 +5173,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_3a(Eurydice_slice serialized) { +deserialize_then_decompress_11_ca(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { @@ -5171,8 +5196,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_a00(Eurydice_slice serialized) { - return deserialize_then_decompress_11_3a(serialized); +deserialize_then_decompress_ring_element_u_420(Eurydice_slice serialized) { + return deserialize_then_decompress_11_ca(serialized); } /** @@ -5181,7 +5206,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_500( +static KRML_MUSTINLINE void ntt_vector_u_c80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); @@ -5206,7 +5231,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_d71( +static KRML_MUSTINLINE void deserialize_then_decompress_u_1e1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; @@ -5229,8 +5254,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_d71( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a00(u_bytes); - ntt_vector_u_500(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_420(u_bytes); + ntt_vector_u_c80(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5281,7 +5306,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_1f(Eurydice_slice serialized) { +deserialize_then_decompress_4_9d(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { @@ -5341,7 +5366,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_e2(Eurydice_slice serialized) { +deserialize_then_decompress_5_89(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { @@ -5364,8 +5389,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_8e0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_e2(serialized); +deserialize_then_decompress_ring_element_v_220(Eurydice_slice serialized) { + return deserialize_then_decompress_5_89(serialized); } /** @@ -5379,7 +5404,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_7e(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_84(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5410,7 +5435,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_601( +compute_message_3f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -5419,8 +5444,8 @@ compute_message_601( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_e81(&result, &product);); - invert_ntt_montgomery_951(&result); - result = subtract_reduce_89_7e(v, result); + invert_ntt_montgomery_b51(&result); + result = subtract_reduce_89_84(v, result); return result; } @@ -5430,7 +5455,7 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_15( +static KRML_MUSTINLINE void compress_then_serialize_message_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( @@ -5484,19 +5509,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_821( +static void decrypt_unpacked_fe1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_d71(ciphertext, u_as_ntt); + deserialize_then_decompress_u_1e1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_8e0( + deserialize_then_decompress_ring_element_v_220( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_601(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3f1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_15(message, ret0); + compress_then_serialize_message_a9(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5548,12 +5573,12 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_881( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_821(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_fe1(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5582,7 +5607,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c1( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b41(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_fd1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_ee3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5593,11 +5618,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_c51(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_781(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_b41(ciphertext), + libcrux_ml_kem_types_as_ref_00_fd1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5615,7 +5640,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_22(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_ff(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -5638,7 +5663,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_bb1( +static KRML_MUSTINLINE void deserialize_secret_key_d21( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; @@ -5655,7 +5680,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_bb1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_22(secret_bytes); + deserialize_to_uncompressed_ring_element_ff(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5673,10 +5698,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_501(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_861(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_bb1(secret_key, secret_as_ntt); + deserialize_secret_key_d21(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5688,7 +5713,7 @@ static void decrypt_501(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_821(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_fe1(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5696,7 +5721,7 @@ static void decrypt_501(Eurydice_slice secret_key, uint8_t *ciphertext, A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], -libcrux_ml_kem_ind_cca_MlKem with const generics +libcrux_ml_kem_variant_MlKem with const generics - K= 4 - SECRET_KEY_SIZE= 3168 - CPA_SECRET_KEY_SIZE= 1536 @@ -5714,7 +5739,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_811( +void libcrux_ml_kem_ind_cca_decapsulate_461( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5733,7 +5758,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_811( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_501(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_861(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5755,7 +5780,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_811( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b41(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_fd1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_ee3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5765,17 +5790,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_811( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_091(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_b41(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_11(Eurydice_array_to_slice((size_t)32U, + kdf_d8_8d(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_11(shared_secret0, shared_secret); + kdf_d8_8d(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_b41(ciphertext), + libcrux_ml_kem_types_as_ref_00_fd1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5797,7 +5822,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b72( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; @@ -5814,7 +5839,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d2( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_e1(ring_element); + deserialize_to_reduced_ring_element_b0(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5893,9 +5918,9 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c20(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_6d0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_9d2( + deserialize_ring_elements_reduced_b72( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); @@ -5936,6 +5961,31 @@ static KRML_MUSTINLINE void G_f1_e40(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_d8 +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void cpa_keygen_seed_d8_17( + Eurydice_slice key_generation_seed, uint8_t ret[64U]) { + uint8_t seed[33U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + seed, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t), + key_generation_seed, uint8_t); + seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = + (uint8_t)(size_t)2U; + uint8_t ret0[64U]; + G_f1_e40(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); +} + /** A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6568,10 +6618,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_420( +static tuple_4c0 generate_keypair_unpacked_c10( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_e40(key_generation_seed, hashed); + cpa_keygen_seed_d8_17(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6655,7 +6705,7 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_880( +static void closure_e70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_89_8d();); @@ -6688,7 +6738,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c80(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_2c0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6696,18 +6746,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c80(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c0 uu____0 = generate_keypair_unpacked_420(ind_cpa_keypair_randomness); + tuple_4c0 uu____0 = generate_keypair_unpacked_c10(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_880(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_e70(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_51(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6757,8 +6807,8 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c80(uint8_t randomness[64U]) { /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 2 - PRIVATE_KEY_SIZE= 768 - PUBLIC_KEY_SIZE= 800 @@ -6766,10 +6816,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_6e0( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_d50( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_e40(key_generation_seed, hashed); + cpa_keygen_seed_d8_17(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6837,7 +6887,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_48( +static KRML_MUSTINLINE void serialize_kem_secret_key_f4( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6890,8 +6940,8 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_48( /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 2 - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 @@ -6901,7 +6951,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_f90(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_950(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6910,13 +6960,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f90(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_6e0(ind_cpa_keypair_randomness); + generate_keypair_d50(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_48( + serialize_kem_secret_key_f4( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6925,13 +6975,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f90(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_db(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_0b(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_12( - uu____2, libcrux_ml_kem_types_from_b6_8e(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_9c( + uu____2, libcrux_ml_kem_types_from_b6_b0(copy_of_public_key)); } /** @@ -6979,7 +7029,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_f10(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_8d();); @@ -7035,17 +7085,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_950( +static KRML_MUSTINLINE void invert_ntt_montgomery_b50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_46(&zeta_i, re); - invert_ntt_at_layer_2_53(&zeta_i, re); - invert_ntt_at_layer_3_17(&zeta_i, re); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_6e(&zeta_i, re); + invert_ntt_at_layer_2_63(&zeta_i, re); + invert_ntt_at_layer_3_23(&zeta_i, re); + invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_61(re); } @@ -7058,7 +7108,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_220( +static KRML_MUSTINLINE void compute_vector_u_e40( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -7088,8 +7138,8 @@ static KRML_MUSTINLINE void compute_vector_u_220( ntt_multiply_89_17(a_element, &r_as_ntt[j]); add_to_ring_element_89_e80(&result[i1], &product); } - invert_ntt_montgomery_950(&result[i1]); - add_error_reduce_89_c3(&result[i1], &error_1[i1]); + invert_ntt_montgomery_b50(&result[i1]); + add_error_reduce_89_7a(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -7106,7 +7156,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_ba0( +compute_ring_element_v_690( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -7116,8 +7166,8 @@ compute_ring_element_v_ba0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_e80(&result, &product);); - invert_ntt_montgomery_950(&result); - result = add_message_error_reduce_89_a1(error_2, message, result); + invert_ntt_montgomery_b50(&result); + result = add_message_error_reduce_89_e6(error_2, message, result); return result; } @@ -7127,7 +7177,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_c9( +static KRML_MUSTINLINE void compress_then_serialize_10_b3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -7152,10 +7202,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_54( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_96( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_c9(re, uu____0); + compress_then_serialize_10_b3(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -7171,7 +7221,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_620( +static void compress_then_serialize_u_6e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7187,7 +7237,7 @@ static void compress_then_serialize_u_620( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_54(&re, ret); + compress_then_serialize_ring_element_u_96(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7200,9 +7250,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_20( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_bc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_f6(re, out); + compress_then_serialize_4_1e(re, out); } /** @@ -7264,7 +7314,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_c50( +static void encrypt_unpacked_780( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -7282,7 +7332,7 @@ static void encrypt_unpacked_c50( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_380(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_f10(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7296,25 +7346,25 @@ static void encrypt_unpacked_c50( sample_from_binomial_distribution_34( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_220(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_e40(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_6c(copy_of_message); + deserialize_then_decompress_message_5e(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_ba0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_690(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_620( + compress_then_serialize_u_6e0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_20( + compress_then_serialize_ring_element_v_bc( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7339,7 +7389,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_de0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_510( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -7366,7 +7416,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_de0( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_c50(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_780(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -7376,7 +7426,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_de0( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_2d(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -7388,16 +7438,16 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_de0( } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_cc(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_3b(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7418,7 +7468,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b71( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; @@ -7435,7 +7485,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_e1(ring_element); + deserialize_to_reduced_ring_element_b0(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7461,10 +7511,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_090(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_b40(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_9d1( + deserialize_ring_elements_reduced_b71( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -7488,7 +7538,7 @@ static void encrypt_090(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_380(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_f10(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7502,42 +7552,42 @@ static void encrypt_090(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_34( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_220(A, r_as_ntt, error_1, u); + compute_vector_u_e40(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_6c(copy_of_message); + deserialize_then_decompress_message_5e(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_ba0(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_690(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_620( + compress_then_serialize_u_6e0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_20( + compress_then_serialize_ring_element_v_bc( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_04(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_3d(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7549,7 +7599,7 @@ static KRML_MUSTINLINE void kdf_af_04(Eurydice_slice shared_secret, A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], -libcrux_ml_kem_ind_cca_MlKem with const generics +libcrux_ml_kem_variant_MlKem with const generics - K= 2 - CIPHERTEXT_SIZE= 768 - PUBLIC_KEY_SIZE= 800 @@ -7564,11 +7614,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_8f0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_510( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_cc( + entropy_preprocess_d8_3b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -7578,7 +7628,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_8f0( size_t); uint8_t ret[32U]; H_f1_1a0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_33(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -7592,19 +7642,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_8f0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_33(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_090(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_b40(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_2d(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_04(shared_secret, shared_secret_array); + kdf_d8_3d(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7623,8 +7673,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_a0(Eurydice_slice serialized) { - return deserialize_then_decompress_10_12(serialized); +deserialize_then_decompress_ring_element_u_42(Eurydice_slice serialized) { + return deserialize_then_decompress_10_c6(serialized); } /** @@ -7633,7 +7683,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_50( +static KRML_MUSTINLINE void ntt_vector_u_c8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); @@ -7658,7 +7708,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_d70( +static KRML_MUSTINLINE void deserialize_then_decompress_u_1e0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; @@ -7681,8 +7731,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_d70( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a0(u_bytes); - ntt_vector_u_50(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_42(u_bytes); + ntt_vector_u_c8(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7696,8 +7746,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_8e(Eurydice_slice serialized) { - return deserialize_then_decompress_4_1f(serialized); +deserialize_then_decompress_ring_element_v_22(Eurydice_slice serialized) { + return deserialize_then_decompress_4_9d(serialized); } /** @@ -7713,7 +7763,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_600( +compute_message_3f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -7722,8 +7772,8 @@ compute_message_600( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_e80(&result, &product);); - invert_ntt_montgomery_950(&result); - result = subtract_reduce_89_7e(v, result); + invert_ntt_montgomery_b50(&result); + result = subtract_reduce_89_84(v, result); return result; } @@ -7761,19 +7811,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_820( +static void decrypt_unpacked_fe0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_d70(ciphertext, u_as_ntt); + deserialize_then_decompress_u_1e0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_8e( + deserialize_then_decompress_ring_element_v_22( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_600(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3f0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_15(message, ret0); + compress_then_serialize_message_a9(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7813,11 +7863,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_880( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_820(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_fe0(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -7846,7 +7896,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c0( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b4(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_fd(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_ee1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7857,11 +7907,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_c50(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_780(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_b4(ciphertext), + libcrux_ml_kem_types_as_ref_00_fd(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -7881,7 +7931,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_bb0( +static KRML_MUSTINLINE void deserialize_secret_key_d20( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; @@ -7898,7 +7948,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_bb0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_22(secret_bytes); + deserialize_to_uncompressed_ring_element_ff(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7916,10 +7966,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_500(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_860(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_bb0(secret_key, secret_as_ntt); + deserialize_secret_key_d20(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7931,7 +7981,7 @@ static void decrypt_500(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_820(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_fe0(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7939,7 +7989,7 @@ static void decrypt_500(Eurydice_slice secret_key, uint8_t *ciphertext, A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], -libcrux_ml_kem_ind_cca_MlKem with const generics +libcrux_ml_kem_variant_MlKem with const generics - K= 2 - SECRET_KEY_SIZE= 1632 - CPA_SECRET_KEY_SIZE= 768 @@ -7957,7 +8007,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_810( +void libcrux_ml_kem_ind_cca_decapsulate_460( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7975,7 +8025,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_810( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_500(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_860(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7997,7 +8047,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_810( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b4(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_fd(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_ee1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -8007,17 +8057,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_810( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_090(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_b40(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_04(Eurydice_array_to_slice((size_t)32U, + kdf_d8_3d(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_04(shared_secret0, shared_secret); + kdf_d8_3d(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_b4(ciphertext), + libcrux_ml_kem_types_as_ref_00_fd(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -8039,7 +8089,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b70( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; @@ -8056,7 +8106,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_e1(ring_element); + deserialize_to_reduced_ring_element_b0(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8135,9 +8185,9 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c2(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_6d(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_9d0( + deserialize_ring_elements_reduced_b70( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); @@ -8178,6 +8228,31 @@ static KRML_MUSTINLINE void G_f1_e4(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_d8 +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void cpa_keygen_seed_d8_68( + Eurydice_slice key_generation_seed, uint8_t ret[64U]) { + uint8_t seed[33U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + seed, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t), + key_generation_seed, uint8_t); + seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = + (uint8_t)(size_t)3U; + uint8_t ret0[64U]; + G_f1_e4(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); +} + /** A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8799,10 +8874,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_42( +static tuple_9b generate_keypair_unpacked_c1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_e4(key_generation_seed, hashed); + cpa_keygen_seed_d8_68(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8886,7 +8961,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_88( +static void closure_e7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_89_8d();); @@ -8919,7 +8994,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c8(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_2c(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8927,18 +9002,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c8(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = generate_keypair_unpacked_42(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_c1(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_88(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_e7(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_51(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8988,8 +9063,8 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c8(uint8_t randomness[64U]) { /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 3 - PRIVATE_KEY_SIZE= 1152 - PUBLIC_KEY_SIZE= 1184 @@ -8997,10 +9072,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_6e( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_d5( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_e4(key_generation_seed, hashed); + cpa_keygen_seed_d8_68(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -9068,7 +9143,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_4c( +static KRML_MUSTINLINE void serialize_kem_secret_key_de( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -9121,8 +9196,8 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_4c( /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 @@ -9132,7 +9207,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f9(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_95(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -9141,13 +9216,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f9(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_6e(ind_cpa_keypair_randomness); + generate_keypair_d5(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_4c( + serialize_kem_secret_key_de( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -9156,13 +9231,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f9(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_db0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_0b0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_120( - uu____2, libcrux_ml_kem_types_from_b6_8e0(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_9c0( + uu____2, libcrux_ml_kem_types_from_b6_b00(copy_of_public_key)); } /** @@ -9178,7 +9253,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_f1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_8d();); @@ -9234,17 +9309,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_95( +static KRML_MUSTINLINE void invert_ntt_montgomery_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_46(&zeta_i, re); - invert_ntt_at_layer_2_53(&zeta_i, re); - invert_ntt_at_layer_3_17(&zeta_i, re); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_6e(&zeta_i, re); + invert_ntt_at_layer_2_63(&zeta_i, re); + invert_ntt_at_layer_3_23(&zeta_i, re); + invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_61(re); } @@ -9257,7 +9332,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_22( +static KRML_MUSTINLINE void compute_vector_u_e4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -9287,8 +9362,8 @@ static KRML_MUSTINLINE void compute_vector_u_22( ntt_multiply_89_17(a_element, &r_as_ntt[j]); add_to_ring_element_89_e8(&result[i1], &product); } - invert_ntt_montgomery_95(&result[i1]); - add_error_reduce_89_c3(&result[i1], &error_1[i1]); + invert_ntt_montgomery_b5(&result[i1]); + add_error_reduce_89_7a(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -9305,7 +9380,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_ba( +compute_ring_element_v_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -9315,8 +9390,8 @@ compute_ring_element_v_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_e8(&result, &product);); - invert_ntt_montgomery_95(&result); - result = add_message_error_reduce_89_a1(error_2, message, result); + invert_ntt_montgomery_b5(&result); + result = add_message_error_reduce_89_e6(error_2, message, result); return result; } @@ -9332,7 +9407,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_62( +static void compress_then_serialize_u_6e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -9348,7 +9423,7 @@ static void compress_then_serialize_u_62( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_54(&re, ret); + compress_then_serialize_ring_element_u_96(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -9413,7 +9488,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_c5( +static void encrypt_unpacked_78( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -9431,7 +9506,7 @@ static void encrypt_unpacked_c5( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_38(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_f1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -9445,25 +9520,25 @@ static void encrypt_unpacked_c5( sample_from_binomial_distribution_34( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_22(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_e4(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_6c(copy_of_message); + deserialize_then_decompress_message_5e(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_ba(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_69(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_62( + compress_then_serialize_u_6e( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_20( + compress_then_serialize_ring_element_v_bc( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -9488,7 +9563,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_de( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_51( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -9515,7 +9590,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_de( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_c5(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_78(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -9525,7 +9600,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_de( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_ec0(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_2d0(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -9537,16 +9612,16 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_de( } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_75(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_f0(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -9567,7 +9642,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b7( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; @@ -9584,7 +9659,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_e1(ring_element); + deserialize_to_reduced_ring_element_b0(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -9610,10 +9685,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_09(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_b4(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_9d( + deserialize_ring_elements_reduced_b7( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -9637,7 +9712,7 @@ static void encrypt_09(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_38(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_f1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -9651,42 +9726,42 @@ static void encrypt_09(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_34( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_22(A, r_as_ntt, error_1, u); + compute_vector_u_e4(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_6c(copy_of_message); + deserialize_then_decompress_message_5e(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_ba(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_69(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_62( + compress_then_serialize_u_6e( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_20( + compress_then_serialize_ring_element_v_bc( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_73(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_86(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -9698,7 +9773,7 @@ static KRML_MUSTINLINE void kdf_af_73(Eurydice_slice shared_secret, A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], -libcrux_ml_kem_ind_cca_MlKem with const generics +libcrux_ml_kem_variant_MlKem with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 - PUBLIC_KEY_SIZE= 1184 @@ -9713,11 +9788,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8f( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_51( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_75( + entropy_preprocess_d8_f0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -9727,7 +9802,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8f( size_t); uint8_t ret[32U]; H_f1_1a(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f0(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_330(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -9741,19 +9816,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8f( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f0(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_330(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_09(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_b4(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_ec0(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_2d0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_73(shared_secret, shared_secret_array); + kdf_d8_86(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -9777,7 +9852,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_d7( +static KRML_MUSTINLINE void deserialize_then_decompress_u_1e( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -9800,8 +9875,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_d7( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a0(u_bytes); - ntt_vector_u_50(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_42(u_bytes); + ntt_vector_u_c8(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -9821,7 +9896,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_60( +compute_message_3f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -9830,8 +9905,8 @@ compute_message_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_e8(&result, &product);); - invert_ntt_montgomery_95(&result); - result = subtract_reduce_89_7e(v, result); + invert_ntt_montgomery_b5(&result); + result = subtract_reduce_89_84(v, result); return result; } @@ -9869,19 +9944,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_82( +static void decrypt_unpacked_fe( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_d7(ciphertext, u_as_ntt); + deserialize_then_decompress_u_1e(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_8e( + deserialize_then_decompress_ring_element_v_22( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_60(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3f(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_15(message, ret0); + compress_then_serialize_message_a9(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9921,11 +9996,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_88( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_82(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_fe(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -9954,7 +10029,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b40(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_fd0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_ee(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -9965,11 +10040,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_c5(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_78(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_b40(ciphertext), + libcrux_ml_kem_types_as_ref_00_fd0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -9989,7 +10064,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_bb( +static KRML_MUSTINLINE void deserialize_secret_key_d2( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -10006,7 +10081,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_bb( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_22(secret_bytes); + deserialize_to_uncompressed_ring_element_ff(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -10024,10 +10099,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_50(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_86(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_bb(secret_key, secret_as_ntt); + deserialize_secret_key_d2(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -10039,7 +10114,7 @@ static void decrypt_50(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_82(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_fe(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -10047,7 +10122,7 @@ static void decrypt_50(Eurydice_slice secret_key, uint8_t *ciphertext, A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], -libcrux_ml_kem_ind_cca_MlKem with const generics +libcrux_ml_kem_variant_MlKem with const generics - K= 3 - SECRET_KEY_SIZE= 2400 - CPA_SECRET_KEY_SIZE= 1152 @@ -10065,7 +10140,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_81( +void libcrux_ml_kem_ind_cca_decapsulate_46( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -10083,7 +10158,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_81( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_50(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_86(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -10105,7 +10180,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_81( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b40(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_fd0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_ee(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -10115,16 +10190,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_81( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_09(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_b4(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_73(Eurydice_array_to_slice((size_t)32U, + kdf_d8_86(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_73(shared_secret0, shared_secret); + kdf_d8_86(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_b40(ciphertext), + libcrux_ml_kem_types_as_ref_00_fd0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index ab2e72412..57830eca7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 840bfcb9a..4f45438c4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index d9f06d3ce..f242d58ae 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 1348c2b96..f47df6dee 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 7bed880f5..e38d13c86 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index a66762532..9c567ccc1 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 805558782..ec6db46b1 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg.yaml b/libcrux-ml-kem/cg.yaml index 4edf75ad1..5d57f7855 100644 --- a/libcrux-ml-kem/cg.yaml +++ b/libcrux-ml-kem/cg.yaml @@ -96,8 +96,8 @@ files: inline_static: true private: exact: - - [ libcrux_ml_kem, ind_cca, MlKem ] - - [ libcrux_ml_kem, ind_cca, Kyber ] + - [ libcrux_ml_kem, variant, MlKem ] + - [ libcrux_ml_kem, variant, Kyber ] api: patterns: - [libcrux_ml_kem, "*"] diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index d9db0038c..03eef7a95 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a -F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 +F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 +Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 7ce61b53b..8ca3e2817 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_core_H @@ -236,7 +236,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_b6_8e(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_b6_b0(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -273,7 +273,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_12(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_17_9c(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -289,7 +289,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_05_db(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_05_0b(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -352,7 +352,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_ec(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_1e(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -372,7 +372,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_6f( +static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_25( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -424,7 +424,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_e0( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index e3b12090d..f5b6c2327 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 6d8885e7b..7d6b1a6dc 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_mlkem768_avx2_H @@ -1240,7 +1240,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_29(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_49(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_9b(); } @@ -1252,7 +1252,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_fe( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -1276,7 +1276,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_23( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_62( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -1294,7 +1294,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_23( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_fe( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1323,7 +1323,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_5b(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_15(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_9b(); } @@ -1335,7 +1335,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_84( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_5a( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1387,9 +1387,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_22( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_02( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_84( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_5a( vector); } @@ -1401,7 +1401,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_2b( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_be( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -1412,7 +1412,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_2b( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_22( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_02( coefficient); } return re; @@ -1426,7 +1426,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_840( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_5a0( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1478,9 +1478,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_220( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_020( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_840( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_5a0( vector); } @@ -1492,7 +1492,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_4a( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_7d( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -1503,7 +1503,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_4a( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_220( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_020( coefficient); } return re; @@ -1517,9 +1517,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5d( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_7f( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_2b(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_be(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1682,7 +1682,7 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_92( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U, @@ -1713,7 +1713,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_5e( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8e( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -1738,9 +1738,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_5e( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5d( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_7f( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_92(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_51(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1755,7 +1755,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_841( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_5a1( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1807,9 +1807,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_221( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_021( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_841( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_5a1( vector); } @@ -1821,7 +1821,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_02( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_2b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -1832,7 +1832,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_02( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_221( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_021( coefficient); } return re; @@ -1846,7 +1846,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_842( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_5a2( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1898,9 +1898,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_222( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_022( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_842( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_5a2( vector); } @@ -1912,7 +1912,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_75( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_48( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -1923,7 +1923,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_75( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_222( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_022( re.coefficients[i0]); } return re; @@ -1937,9 +1937,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_69( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e1( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_02(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_2b(serialized); } /** @@ -2042,7 +2042,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_3d( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_fb( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2069,7 +2069,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_64( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ad( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2092,7 +2092,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_fb( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_b7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2113,7 +2113,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_eb(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_26(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); @@ -2132,7 +2132,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2147,7 +2147,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_eb( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_26( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2165,20 +2165,20 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_e6( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_de( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_3d(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_64(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_fb(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_fb(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ad(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_b7(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9c(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9c(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9c(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9c(&zeta_i, re, (size_t)7U); libcrux_ml_kem_polynomial_poly_barrett_reduce_89_e6(re); } @@ -2195,7 +2195,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_89_d9( +libcrux_ml_kem_polynomial_subtract_reduce_89_0b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2225,7 +2225,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_a7( +libcrux_ml_kem_matrix_compute_message_2e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -2238,8 +2238,8 @@ libcrux_ml_kem_matrix_compute_message_a7( &u_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_e6(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_d9(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_de(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_0b(v, result); return result; } @@ -2250,7 +2250,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_5b(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_23(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2264,9 +2264,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_36( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_80( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_5b(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_23(vector); } /** @@ -2278,7 +2278,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i libcrux_ml_kem_vector_traits_to_unsigned_representative_14(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_36(a); + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_80(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2292,7 +2292,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_ef( +libcrux_ml_kem_serialize_compress_then_serialize_message_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2347,20 +2347,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_1e( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_5e(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8e(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_69( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e1( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_a7(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_2e(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_ef(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_a2(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2375,11 +2375,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_8e(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_c4(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_23(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_62(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2391,7 +2391,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_8e(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_1e(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2450,7 +2450,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c1( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_47( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_9b(); } @@ -2469,7 +2469,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_71( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e6( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -2500,7 +2500,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a8( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_09( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; @@ -2518,7 +2518,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a8( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_71( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e6( ring_element); deserialized_pk[i0] = uu____0; } @@ -3350,7 +3350,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_24(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_8a(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_9b(); } @@ -3367,7 +3367,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_58(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_71(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3445,7 +3445,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_ae(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_c1(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_9b(); } @@ -3460,7 +3460,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_c7( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_6d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3485,7 +3485,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_54( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_58( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -3517,8 +3517,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_54( libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_e6(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_c7(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_de(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_6d(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3532,7 +3532,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_d7(__m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_2e(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3547,7 +3547,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_d3( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_bd( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -3558,7 +3558,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_d3( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_d7(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_2e(coefficient_compressed); } return re; } @@ -3575,7 +3575,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_6a( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_d2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3606,7 +3606,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_f9( +libcrux_ml_kem_matrix_compute_ring_element_v_73( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -3620,8 +3620,8 @@ libcrux_ml_kem_matrix_compute_ring_element_v_f9( &r_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_e6(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_6a( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_de(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_d2( error_2, message, result); return result; } @@ -3634,7 +3634,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_94( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_25( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3689,9 +3689,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_85( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_8c( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_94( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_25( vector); } @@ -3703,13 +3703,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_d0( +libcrux_ml_kem_serialize_compress_then_serialize_10_fe( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_85( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_8c( libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re->coefficients[i0])); uint8_t bytes[20U]; @@ -3730,7 +3730,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_940( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_250( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3785,9 +3785,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_850( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_8c0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_940( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_250( vector); } @@ -3799,13 +3799,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_28( +libcrux_ml_kem_serialize_compress_then_serialize_11_c6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_850( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_8c0( libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re->coefficients[i0])); uint8_t bytes[22U]; @@ -3827,10 +3827,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_56( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_d0(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_fe(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3847,7 +3847,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_9b( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3863,7 +3863,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_9b( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_56(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_61(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3878,7 +3878,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_941( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_251( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3933,9 +3933,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_851( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_8c1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_941( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_251( vector); } @@ -3947,13 +3947,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_fb( +libcrux_ml_kem_serialize_compress_then_serialize_4_54( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_851( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_8c1( libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re.coefficients[i0])); uint8_t bytes[8U]; @@ -3973,7 +3973,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_942( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_252( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4028,9 +4028,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_852( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_8c2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_942( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_252( vector); } @@ -4042,13 +4042,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_8e( +libcrux_ml_kem_serialize_compress_then_serialize_5_9f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_852( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_8c2( libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re.coefficients[i0])); uint8_t bytes[10U]; @@ -4069,9 +4069,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6d( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_fb(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_54(re, out); } /** @@ -4092,12 +4092,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_a3(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_c1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a8( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_09( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -4121,7 +4121,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_a3(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_58( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_71( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4136,44 +4136,44 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_a3(Eurydice_slice public_key, libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_54(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_58(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_d3( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_bd( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_f9( + libcrux_ml_kem_matrix_compute_ring_element_v_73( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_9b( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e6( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6d( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6b( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_43 +A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_73( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_aa( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -4185,7 +4185,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_73( /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics - K= 3 - SECRET_KEY_SIZE= 2400 @@ -4205,7 +4205,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_e7( +static inline void libcrux_ml_kem_ind_cca_decapsulate_13( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4223,7 +4223,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e7( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_8e(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_c4(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -4247,7 +4247,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e7( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( @@ -4258,18 +4258,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e7( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a3(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_c1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_73( + libcrux_ml_kem_variant_kdf_d8_aa( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_73(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_d8_aa(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_e0(ciphertext), + libcrux_ml_kem_types_as_ref_00_ae(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4302,10 +4302,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_5f( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_1c( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_e7(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_13(private_key, ciphertext, ret); } /** @@ -4319,7 +4319,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_5f(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_1c(private_key, ciphertext, ret); } @@ -4428,7 +4428,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_3b( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_ad( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -4446,7 +4446,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_3b( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_58( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_71( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4461,27 +4461,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_3b( libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_54(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_58(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_d3( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_bd( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_f9( + libcrux_ml_kem_matrix_compute_ring_element_v_73( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_9b( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e6( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6d( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6b( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4509,11 +4509,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_4a( +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_d9( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_1e( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -4543,7 +4543,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_4a( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_e0(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ae(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( @@ -4555,11 +4555,11 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_4a( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_3b( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_ad( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_e0(ciphertext), + libcrux_ml_kem_types_as_ref_00_ae(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4596,10 +4596,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_20( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_bd( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_4a(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_d9(key_pair, ciphertext, ret); } /** @@ -4613,22 +4613,22 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_20( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_bd( private_key, ciphertext, ret); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_43 +A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_9b( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_f4( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4654,7 +4654,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_a1( /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 @@ -4671,11 +4671,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_db( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_9b( + libcrux_ml_kem_variant_entropy_preprocess_d8_f4( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -4686,7 +4686,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_6f(public_key), + libcrux_ml_kem_types_as_slice_cb_25(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4701,20 +4701,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_25(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a3(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_c1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_1e(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_73(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_aa(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4746,14 +4746,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_67( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_0a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_41(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_db(uu____0, copy_of_randomness); } /** @@ -4771,7 +4771,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_67( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_0a( uu____0, copy_of_randomness); } @@ -4794,7 +4794,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_42( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_6e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4822,7 +4822,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_42( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_3b(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_ad(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4832,7 +4832,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_42( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_1e(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4866,7 +4866,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_29( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_34( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -4874,7 +4874,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_29( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_42(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_6e(uu____0, copy_of_randomness); } @@ -4895,10 +4895,37 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_29( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_34( uu____0, copy_of_randomness); } +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_d8 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_45( + Eurydice_slice key_generation_seed, uint8_t ret[64U]) { + uint8_t seed[33U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + seed, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t), + key_generation_seed, uint8_t); + seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = + (uint8_t)(size_t)3U; + uint8_t ret0[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_e1( + Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); +} + /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5098,7 +5125,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_5a( /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 3 - PRIVATE_KEY_SIZE= 1152 - PUBLIC_KEY_SIZE= 1184 @@ -5108,9 +5136,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_93(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_b7(Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_e1(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_45(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5184,7 +5212,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_8e( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5a( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5237,7 +5265,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_8e( /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 @@ -5248,7 +5277,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_0d(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_50(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5257,13 +5286,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0d(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_93(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_b7(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_8e( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5a( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5272,13 +5301,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0d(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_db(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_0b(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_12( - uu____2, libcrux_ml_kem_types_from_b6_8e(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_9c( + uu____2, libcrux_ml_kem_types_from_b6_b0(copy_of_public_key)); } /** @@ -5297,12 +5326,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_98( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_a5( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_0d(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_50(copy_of_randomness); } /** @@ -5314,7 +5343,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_98( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_a5( copy_of_randomness); } @@ -5381,10 +5410,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_bc( +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_53( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_e1(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_45(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5473,7 +5502,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_3d(size_t _j) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_27(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_89_9b(); } @@ -5491,7 +5520,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_8a( +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_16( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -5510,7 +5539,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_d5_f0( +libcrux_ml_kem_polynomial_clone_d5_41( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5534,7 +5563,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_03(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_81(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5542,7 +5571,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_03(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_bc( + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_53( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; @@ -5550,14 +5579,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_03(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_8a(i, A[i]); + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_16(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_f0(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_41(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5624,12 +5653,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_03( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_f3( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_03( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_81( copy_of_randomness); } @@ -5643,23 +5672,23 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_03( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_f3( copy_of_randomness); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::Kyber)} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c +A monomorphic instance of libcrux_ml_kem.variant.kdf_33 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_41( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_e8( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5684,7 +5713,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_41( /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_Kyber +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_Kyber with const generics - K= 3 - SECRET_KEY_SIZE= 2400 @@ -5704,7 +5733,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_e70( +static inline void libcrux_ml_kem_ind_cca_decapsulate_130( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5722,7 +5751,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e70( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_8e(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_c4(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5746,7 +5775,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e70( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( @@ -5757,18 +5786,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e70( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a3(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_c1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_41( + libcrux_ml_kem_variant_kdf_33_e8( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_41(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_33_e8(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_e0(ciphertext), + libcrux_ml_kem_types_as_ref_00_ae(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5802,10 +5831,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_67( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_74( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_e70(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_130(private_key, ciphertext, ret); } /** @@ -5819,22 +5848,22 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_67( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_74( private_key, ciphertext, ret); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::Kyber)} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_6c +A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_33 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_a0( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_6c( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_a1(randomness, ret); } @@ -5842,7 +5871,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_a0( /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_Kyber +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_Kyber with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 @@ -5859,11 +5888,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_410( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_db0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_a0( + libcrux_ml_kem_variant_entropy_preprocess_33_6c( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5874,7 +5903,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_410( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_6f(public_key), + libcrux_ml_kem_types_as_slice_cb_25(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5889,20 +5918,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_410( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_25(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a3(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_c1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_1e(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_41(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_e8(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5937,14 +5966,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ee( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_04( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_410(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_db0(uu____0, copy_of_randomness); } /** @@ -5962,10 +5991,197 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ee( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_04( uu____0, copy_of_randomness); } +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::Kyber)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_33 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_2c( + Eurydice_slice key_generation_seed, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G_a9_e1(key_generation_seed, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_Kyber +with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 +libcrux_ml_kem_ind_cpa_generate_keypair_b70( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + libcrux_ml_kem_variant_cpa_keygen_seed_33_2c(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_ac(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( + copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(copy_of_prf_input, + domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e_58(A_transpose, secret_as_ntt, + error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + unwrap_41_83(dst, seed_for_A); + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_5a( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_79(secret_as_ntt, + secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_Kyber +with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_500(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_b70(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5a( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), + implicit_rejection_value, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_05_0b(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_9c( + uu____2, libcrux_ml_kem_types_from_b6_b0(copy_of_public_key)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_generate_keypair with const +generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_38( + uint8_t randomness[64U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_500(copy_of_randomness); +} + +/** + Generate Kyber 768 Key Pair +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_38( + copy_of_randomness); +} + /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types @@ -5975,7 +6191,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c10( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_470( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_9b(); } @@ -5995,7 +6211,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a80( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_090( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; @@ -6013,7 +6229,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a80( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_71( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e6( ring_element); deserialized_pk[i0] = uu____0; } @@ -6031,10 +6247,10 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_f9( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_ce( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a80( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_090( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); @@ -6062,9 +6278,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ab( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_fc( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_f9(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_ce(public_key); } /** @@ -6076,7 +6292,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ab( + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_fc( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 24236e9f0..e112cd90b 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_mlkem768_portable_H @@ -2474,7 +2474,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_3a(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_da(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_8d(); } @@ -2485,7 +2485,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_18( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ac( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -2510,7 +2510,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_26( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_e8( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -2528,7 +2528,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_26( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_18( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ac( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2556,7 +2556,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_b5(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_3e(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_8d(); } @@ -2605,7 +2605,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_fb( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_21( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -2669,7 +2669,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_fb( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_e0( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -2695,9 +2695,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d6( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_b5( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_fb(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_21(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2865,7 +2865,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_8e( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U, @@ -2895,7 +2895,7 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0d( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_48( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -2920,9 +2920,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0d( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d6( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_b5( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_8e(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_8b(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2974,7 +2974,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_be( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_12( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -3038,7 +3038,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_09( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_84( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -3064,9 +3064,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_04( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c6( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_be(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_12(serialized); } /** @@ -3172,7 +3172,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_46( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_17( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3198,7 +3198,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_bb( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3220,7 +3220,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_17( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_f2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3242,7 +3242,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_d9( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_27( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3263,7 +3263,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3278,7 +3278,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_d9( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_27( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3295,20 +3295,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_95( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_46(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_17(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_17(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_bb(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_f2(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8d(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8d(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8d(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8d(&zeta_i, re, (size_t)7U); libcrux_ml_kem_polynomial_poly_barrett_reduce_89_61(re); } @@ -3324,7 +3324,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_2a( +libcrux_ml_kem_polynomial_subtract_reduce_89_b6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3356,7 +3356,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_06( +libcrux_ml_kem_matrix_compute_message_bc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -3369,8 +3369,8 @@ libcrux_ml_kem_matrix_compute_message_06( &u_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_95(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_2a(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c1(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_b6(v, result); return result; } @@ -3429,7 +3429,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_71( +libcrux_ml_kem_serialize_compress_then_serialize_message_4c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3485,20 +3485,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_26( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_25( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0d(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_48(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_04( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c6( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_06(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_bc(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_71(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_4c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3512,11 +3512,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_35(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_a2(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_26(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_e8(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3528,7 +3528,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_35(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_26(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_25(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3583,7 +3583,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_45( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_30( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_8d(); } @@ -3601,7 +3601,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e1( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b0( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -3633,7 +3633,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1c( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; @@ -3651,7 +3651,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e1( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b0( ring_element); deserialized_pk[i0] = uu____0; } @@ -4454,7 +4454,7 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_d0(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_c7(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_8d(); } @@ -4471,7 +4471,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_53(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4546,7 +4546,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_ca(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_22(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_8d(); } @@ -4560,7 +4560,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_c3( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4587,7 +4587,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_22( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_3d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -4619,8 +4619,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_22( libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_95(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_c3(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c1(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_3a(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4634,7 +4634,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_b3( +libcrux_ml_kem_vector_traits_decompress_1_7e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4649,7 +4649,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_6c( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_e6( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -4662,7 +4662,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_6c( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_b3(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_7e(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4679,7 +4679,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_a1( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_4a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4712,7 +4712,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_ba( +libcrux_ml_kem_matrix_compute_ring_element_v_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4726,8 +4726,8 @@ libcrux_ml_kem_matrix_compute_ring_element_v_ba( &r_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_95(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_a1( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c1(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_4a( error_2, message, result); return result; } @@ -4773,7 +4773,7 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_c9( +libcrux_ml_kem_serialize_compress_then_serialize_10_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -4834,7 +4834,7 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_f8( +libcrux_ml_kem_serialize_compress_then_serialize_11_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -4862,10 +4862,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_54( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_c9(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_69(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4881,7 +4881,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_62( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_08( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4897,7 +4897,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_62( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_54(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_80(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4945,7 +4945,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_f6( +libcrux_ml_kem_serialize_compress_then_serialize_4_c2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -5005,7 +5005,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_06( +libcrux_ml_kem_serialize_compress_then_serialize_5_0a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -5032,9 +5032,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_20( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_f6(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_c2(re, out); } /** @@ -5055,12 +5055,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_09(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_59(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1c( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -5084,7 +5084,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_09(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_53( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5099,43 +5099,43 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_09(Eurydice_slice public_key, libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_22(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_3d(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_6c( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_e6( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_ba( + libcrux_ml_kem_matrix_compute_ring_element_v_da( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_62( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_08( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_20( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7f( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_43 +A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_b8( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_86( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -5148,7 +5148,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_b8( A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], -libcrux_ml_kem_ind_cca_MlKem with const generics +libcrux_ml_kem_variant_MlKem with const generics - K= 3 - SECRET_KEY_SIZE= 2400 - CPA_SECRET_KEY_SIZE= 1152 @@ -5166,7 +5166,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_54( +static inline void libcrux_ml_kem_ind_cca_decapsulate_1c( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5184,7 +5184,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_54( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_35(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_a2(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5208,7 +5208,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_54( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( @@ -5219,18 +5219,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_54( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_09(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_59(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_b8( + libcrux_ml_kem_variant_kdf_d8_86( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_b8(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_d8_86(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_e0(ciphertext), + libcrux_ml_kem_types_as_ref_00_ae(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5263,10 +5263,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_d4( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_90( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_54(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_1c(private_key, ciphertext, ret); } /** @@ -5279,7 +5279,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_d4( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_d4( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_90( private_key, ciphertext, ret); } @@ -5388,7 +5388,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_27( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_4c( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -5406,7 +5406,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_27( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_53( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5421,27 +5421,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_27( libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_22(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_3d(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_6c( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_e6( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_ba( + libcrux_ml_kem_matrix_compute_ring_element_v_da( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_62( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_08( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_20( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7f( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5469,11 +5469,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_d5( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_26( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_25( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5503,7 +5503,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_e0(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ae(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( @@ -5515,11 +5515,11 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_27( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_4c( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_e0(ciphertext), + libcrux_ml_kem_types_as_ref_00_ae(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5555,10 +5555,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_ea( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_ba( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_d5(key_pair, ciphertext, ret); } /** @@ -5571,21 +5571,21 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_ea( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_ea( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_ba( private_key, ciphertext, ret); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_43 +A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_a2( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_f0( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5611,7 +5611,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_1a( A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], -libcrux_ml_kem_ind_cca_MlKem with const generics +libcrux_ml_kem_variant_MlKem with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 - PUBLIC_KEY_SIZE= 1184 @@ -5626,11 +5626,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8f( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_3b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_a2( + libcrux_ml_kem_variant_entropy_preprocess_d8_f0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5641,7 +5641,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8f( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_6f(public_key), + libcrux_ml_kem_types_as_slice_cb_25(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5656,20 +5656,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8f( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_25(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_09(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_59(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_1e(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_b8(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_86(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5700,14 +5700,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_56( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_31( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_8f(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_3b(uu____0, copy_of_randomness); } /** @@ -5724,7 +5724,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_56( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_31( uu____0, copy_of_randomness); } @@ -5747,7 +5747,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_c0( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_5b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5775,7 +5775,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_c0( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_27(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_4c(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5785,7 +5785,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_c0( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_1e(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5818,7 +5818,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_6f( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_43( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -5826,7 +5826,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_6f( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_c0(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_5b(uu____0, copy_of_randomness); } @@ -5846,10 +5846,36 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_6f( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_43( uu____0, copy_of_randomness); } +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_d8 +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_68( + Eurydice_slice key_generation_seed, uint8_t ret[64U]) { + uint8_t seed[33U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + seed, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t), + key_generation_seed, uint8_t); + seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = + (uint8_t)(size_t)3U; + uint8_t ret0[64U]; + libcrux_ml_kem_hash_functions_portable_G_f1_e4( + Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); +} + /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6046,8 +6072,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_04( /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 3 - PRIVATE_KEY_SIZE= 1152 - PUBLIC_KEY_SIZE= 1184 @@ -6056,9 +6082,9 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_6e(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_d5(Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_e4(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_68(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6131,7 +6157,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_4c( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_de( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -6184,8 +6210,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_4c( /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 @@ -6195,7 +6221,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f9(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_95(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6204,13 +6230,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f9(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_6e(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_d5(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_4c( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_de( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6219,13 +6245,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f9(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_db(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_0b(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_12( - uu____2, libcrux_ml_kem_types_from_b6_8e(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_9c( + uu____2, libcrux_ml_kem_types_from_b6_b0(copy_of_public_key)); } /** @@ -6244,12 +6270,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_c1( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_19( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_f9(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_95(copy_of_randomness); } /** @@ -6260,7 +6286,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_c1( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_19( copy_of_randomness); } @@ -6327,10 +6353,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_32( +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_7b( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_e4(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_68(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6419,7 +6445,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_b8(size_t _j) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_c8(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_89_8d(); } @@ -6437,7 +6463,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_27( +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_d8( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -6455,7 +6481,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_d5_28( +libcrux_ml_kem_polynomial_clone_d5_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6482,7 +6508,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_34(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_cb(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6490,7 +6516,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_34(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_32( + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_7b( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -6498,14 +6524,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_34(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_27(i, A[i]); + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_d8(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_28(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_a5(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6571,12 +6597,12 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_c3( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_20( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_34( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_cb( copy_of_randomness); } @@ -6589,22 +6615,22 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_c3( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_20( copy_of_randomness); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::Kyber)} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c +A monomorphic instance of libcrux_ml_kem.variant.kdf_33 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_ee( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_78( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -6630,7 +6656,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_ee( A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], -libcrux_ml_kem_ind_cca_Kyber with const generics +libcrux_ml_kem_variant_Kyber with const generics - K= 3 - SECRET_KEY_SIZE= 2400 - CPA_SECRET_KEY_SIZE= 1152 @@ -6648,7 +6674,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_540( +static inline void libcrux_ml_kem_ind_cca_decapsulate_1c0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6666,7 +6692,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_540( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_35(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_a2(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -6690,7 +6716,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_540( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( @@ -6701,18 +6727,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_540( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_09(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_59(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_ee( + libcrux_ml_kem_variant_kdf_33_78( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_ee(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_33_78(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_e0(ciphertext), + libcrux_ml_kem_types_as_ref_00_ae(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6746,10 +6772,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_a6( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_ee( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_540(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_1c0(private_key, ciphertext, ret); } /** @@ -6762,21 +6788,21 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_a6( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_a6( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_ee( private_key, ciphertext, ret); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::Kyber)} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_6c +A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_33 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_cf( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_64( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_1a(randomness, ret); } @@ -6785,7 +6811,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_cf( A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], -libcrux_ml_kem_ind_cca_Kyber with const generics +libcrux_ml_kem_variant_Kyber with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 - PUBLIC_KEY_SIZE= 1184 @@ -6800,11 +6826,11 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8f0( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_3b0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_cf( + libcrux_ml_kem_variant_entropy_preprocess_33_64( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -6815,7 +6841,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8f0( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_6f(public_key), + libcrux_ml_kem_types_as_slice_cb_25(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6830,20 +6856,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8f0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_25(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_09(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_59(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_1e(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_ee(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_78(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6878,14 +6904,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_54( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_03( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_8f0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_3b0(uu____0, copy_of_randomness); } /** @@ -6902,10 +6928,193 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_54( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_03( uu____0, copy_of_randomness); } +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::Kyber)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_33 +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_d8( + Eurydice_slice key_generation_seed, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_portable_G_f1_e4(key_generation_seed, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_Kyber with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 +libcrux_ml_kem_ind_cpa_generate_keypair_d50( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + libcrux_ml_kem_variant_cpa_keygen_seed_33_d8(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_05(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7( + copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7(copy_of_prf_input, + domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e_cb(A_transpose, secret_as_ntt, + error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + unwrap_41_83(dst, seed_for_A); + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_04( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_87(secret_as_ntt, + secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_Kyber with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_950(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_d50(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_de( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), + implicit_rejection_value, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_05_0b(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_9c( + uu____2, libcrux_ml_kem_types_from_b6_b0(copy_of_public_key)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.kyber_generate_keypair with const +generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_b8( + uint8_t randomness[64U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_950(copy_of_randomness); +} + +/** + Generate Kyber 768 Key Pair +*/ +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair( + uint8_t randomness[64U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_b8( + copy_of_randomness); +} + /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types @@ -6914,7 +7123,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_450( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_300( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_8d(); } @@ -6933,7 +7142,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1c0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; @@ -6951,7 +7160,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e1( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b0( ring_element); deserialized_pk[i0] = uu____0; } @@ -6968,10 +7177,10 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_c2( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_79( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d0( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1c0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); @@ -6998,9 +7207,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_9d( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_7f( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_c2(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_79(public_key); } /** @@ -7011,7 +7220,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_9d( static inline Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_9d( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_7f( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index eaf91e1fb..5d5dd3c96 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index a79b33184..e8d675b08 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d */ #ifndef __libcrux_sha3_portable_H From cd20a27542b8bef6084541a1ce9c09f36efa9e8e Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 20 Aug 2024 08:41:14 +0200 Subject: [PATCH 074/172] update Cargo.lock --- Cargo.lock | 210 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 132 insertions(+), 78 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 78a064964..d05b611e1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -63,7 +63,7 @@ version = "1.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6d36fc52c7f6c869915e99412912f22093507da8d9e942ceaf66fe4b7c14422a" dependencies = [ - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -73,7 +73,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5bf74e1b6e971609db8ca7a9ce79fd5768ab6ae46441c572e46cf596f59e57f8" dependencies = [ "anstyle", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -143,7 +143,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.72", + "syn 2.0.75", "which", ] @@ -191,12 +191,13 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.6" +version = "1.1.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2aba8f4e9906c7ce3c73463f62a7f0c65183ada1a2d47e397cc8810827f9694f" +checksum = "72db2f7947ecee9b03b510377e8bb9077afa27176fdbff55c51027e976fdcc48" dependencies = [ "jobserver", "libc", + "shlex", ] [[package]] @@ -289,9 +290,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.11" +version = "4.5.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35723e6a11662c2afb578bcf0b88bf6ea8e21282a953428f240574fcc3a2b5b3" +checksum = "ed6719fffa43d0d87e5fd8caeab59be1554fb028cd30edc88fc4369b17971019" dependencies = [ "clap_builder", "clap_derive", @@ -299,9 +300,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.11" +version = "4.5.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49eb96cbfa7cfa35017b7cd548c75b14c3118c98b423041d70562665e07fb0fa" +checksum = "216aec2b177652e3846684cbfe25c9964d18ec45234f0f5da5157b207ed1aab6" dependencies = [ "anstream", "anstyle", @@ -311,14 +312,14 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.5.11" +version = "4.5.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d029b67f89d30bbb547c89fd5161293c0aec155fc691d7924b64550662db93e" +checksum = "501d359d5f3dcaf6ecdeee48833ae73ec6e42723a1e52419c79abf9507eec0a0" dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -362,9 +363,9 @@ checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "cpufeatures" -version = "0.2.12" +version = "0.2.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" +checksum = "51e852e6dc9a5bed1fae92dd2375037bf2b768725bf3be87811edee3249d09ad" dependencies = [ "libc", ] @@ -482,7 +483,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -532,9 +533,9 @@ dependencies = [ [[package]] name = "dunce" -version = "1.0.4" +version = "1.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" +checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" [[package]] name = "ecdsa" @@ -607,7 +608,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" dependencies = [ "libc", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -701,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax/?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "num-bigint", @@ -711,7 +712,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax/#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "num-bigint", @@ -721,31 +722,33 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax/?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", + "paste", "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax/#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "paste", "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax/?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" dependencies = [ "proc-macro2", "quote", @@ -757,7 +760,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax/#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" dependencies = [ "proc-macro2", "quote", @@ -774,9 +777,9 @@ checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" [[package]] name = "hermit-abi" -version = "0.3.9" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" +checksum = "fbf6a919d6cf397374f7dfeeea91d974c7c0a7221d0d0f4f20d859d329e53fcc" [[package]] name = "hex" @@ -811,7 +814,7 @@ version = "0.5.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" dependencies = [ - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -831,13 +834,13 @@ dependencies = [ [[package]] name = "is-terminal" -version = "0.4.12" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b" +checksum = "261f68e344040fbd0edea105bef17c66edf46f984ddb1115b775ce31be948f4b" dependencies = [ "hermit-abi", "libc", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -881,9 +884,9 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.69" +version = "0.3.70" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "29c15563dc2726973df627357ce0c9ddddbea194836909d655df6a75d2cf296d" +checksum = "1868808506b929d7b0cfa8f75951347aa71bb21144b7791bae35d9bccfcfe37a" dependencies = [ "wasm-bindgen", ] @@ -921,9 +924,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.155" +version = "0.2.158" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" +checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" [[package]] name = "libcrux" @@ -1141,6 +1144,16 @@ version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" +[[package]] +name = "minicov" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c71e683cd655513b99affab7d317deb690528255a0d5f717f1024093c12b169" +dependencies = [ + "cc", + "walkdir", +] + [[package]] name = "minimal-lexical" version = "0.2.1" @@ -1226,7 +1239,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -1253,6 +1266,12 @@ dependencies = [ "sha2", ] +[[package]] +name = "paste" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" + [[package]] name = "pem-rfc7468" version = "0.7.0" @@ -1319,9 +1338,12 @@ dependencies = [ [[package]] name = "ppv-lite86" -version = "0.2.17" +version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" +checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04" +dependencies = [ + "zerocopy", +] [[package]] name = "pqcrypto-dilithium" @@ -1384,7 +1406,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" dependencies = [ "proc-macro2", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -1512,9 +1534,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.10.5" +version = "1.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b91213439dad192326a0d7c6ee3955910425f441d7038e0d6933b0aec5c4517f" +checksum = "4219d74c6b67a3654a9fbebc4b419e22126d13d2f3c4a07ee0cb61ff79a79619" dependencies = [ "aho-corasick", "memchr", @@ -1561,7 +1583,7 @@ dependencies = [ "libc", "spin", "untrusted", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -1589,7 +1611,7 @@ dependencies = [ "errno", "libc", "linux-raw-sys", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -1635,29 +1657,29 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.204" +version = "1.0.208" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" +checksum = "cff085d2cb684faa248efb494c39b68e522822ac0de72ccf08109abde717cfb2" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.204" +version = "1.0.208" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" +checksum = "24008e81ff7613ed8e5ba0cfaf24e2c2f1e5b8a0495711e44fcd4882fca62bcf" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] name = "serde_json" -version = "1.0.121" +version = "1.0.125" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ab380d7d9f22ef3f21ad3e6c1ebe8e4fc7a2000ccba2e4d71fc96f15b2cb609" +checksum = "83c8e735a073ccf5be70aa8066aa984eaf2fa000db6c8d0100ae605b366d31ed" dependencies = [ "itoa", "memchr", @@ -1749,9 +1771,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.72" +version = "2.0.75" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af" +checksum = "f6af063034fc1935ede7be0122941bafa9bacb949334d090b77ca98b5817c7d9" dependencies = [ "proc-macro2", "quote", @@ -1850,34 +1872,35 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8" +checksum = "a82edfc16a6c469f5f44dc7b571814045d60404b55a0ee849f9bcfa2e63dd9b5" dependencies = [ "cfg-if", + "once_cell", "wasm-bindgen-macro", ] [[package]] name = "wasm-bindgen-backend" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "614d787b966d3989fa7bb98a654e369c762374fd3213d212cfc0251257e747da" +checksum = "9de396da306523044d3302746f1208fa71d7532227f15e347e2d93e4145dd77b" dependencies = [ "bumpalo", "log", "once_cell", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-futures" -version = "0.4.42" +version = "0.4.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76bc14366121efc8dbb487ab05bcc9d346b3b5ec0eaa76e46594cabbe51762c0" +checksum = "61e9300f63a621e96ed275155c108eb6f843b6a26d053f122ab69724559dc8ed" dependencies = [ "cfg-if", "js-sys", @@ -1887,9 +1910,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1f8823de937b71b9460c0c34e25f3da88250760bec0ebac694b49997550d726" +checksum = "585c4c91a46b072c92e908d99cb1dcdf95c5218eeb6f3bf1efa991ee7a68cccf" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -1897,31 +1920,32 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" +checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", "wasm-bindgen-backend", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-shared" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" +checksum = "c62a0a307cb4a311d3a07867860911ca130c3494e8c2719593806c08bc5d0484" [[package]] name = "wasm-bindgen-test" -version = "0.3.42" +version = "0.3.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9bf62a58e0780af3e852044583deee40983e5886da43a271dd772379987667b" +checksum = "68497a05fb21143a08a7d24fc81763384a3072ee43c44e86aad1744d6adef9d9" dependencies = [ "console_error_panic_hook", "js-sys", + "minicov", "scoped-tls", "wasm-bindgen", "wasm-bindgen-futures", @@ -1930,20 +1954,20 @@ dependencies = [ [[package]] name = "wasm-bindgen-test-macro" -version = "0.3.42" +version = "0.3.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b7f89739351a2e03cb94beb799d47fb2cac01759b40ec441f7de39b00cbf7ef0" +checksum = "4b8220be1fa9e4c889b30fd207d4906657e7e90b12e0e6b0c8b8d8709f5de021" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] name = "web-sys" -version = "0.3.69" +version = "0.3.70" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77afa9a11836342370f4817622a2f0f418b134426d91a82dfb48f532d2ec13ef" +checksum = "26fdeaafd9bd129f65e7c031593c24d62186301e0c72c8978fa1678be7d532c0" dependencies = [ "js-sys", "wasm-bindgen", @@ -1963,11 +1987,11 @@ dependencies = [ [[package]] name = "winapi-util" -version = "0.1.8" +version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b" +checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ - "windows-sys", + "windows-sys 0.59.0", ] [[package]] @@ -1979,6 +2003,15 @@ dependencies = [ "windows-targets", ] +[[package]] +name = "windows-sys" +version = "0.59.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +dependencies = [ + "windows-targets", +] + [[package]] name = "windows-targets" version = "0.52.6" @@ -2067,6 +2100,27 @@ dependencies = [ "zeroize", ] +[[package]] +name = "zerocopy" +version = "0.7.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" +dependencies = [ + "byteorder", + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.7.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.75", +] + [[package]] name = "zeroize" version = "1.8.1" @@ -2084,5 +2138,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] From 8a4b78694bcb2efed95a5f51acdeef637a226f19 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 20 Aug 2024 15:09:54 +0200 Subject: [PATCH 075/172] PSQ registration protocol --- libcrux-psq/examples/encaps.rs | 25 -- libcrux-psq/src/cred.rs | 85 +++++++ libcrux-psq/src/ecdh_binder.rs | 329 ------------------------ libcrux-psq/src/lib.rs | 59 +---- libcrux-psq/src/psk_registration.rs | 372 ++++++++++++++++++++++++++++ libcrux-psq/src/psq.rs | 185 ++++++++++---- 6 files changed, 608 insertions(+), 447 deletions(-) delete mode 100644 libcrux-psq/examples/encaps.rs create mode 100644 libcrux-psq/src/cred.rs delete mode 100644 libcrux-psq/src/ecdh_binder.rs create mode 100644 libcrux-psq/src/psk_registration.rs diff --git a/libcrux-psq/examples/encaps.rs b/libcrux-psq/examples/encaps.rs deleted file mode 100644 index d98bb488c..000000000 --- a/libcrux-psq/examples/encaps.rs +++ /dev/null @@ -1,25 +0,0 @@ -use std::time::Duration; - -use libcrux_psq::{ - ecdh_binder::send_ecdh_bound_psq, - psq::{generate_key_pair, Algorithm}, -}; -use rand::thread_rng; - -fn main() { - let mut rng = thread_rng(); - let mlkem_keypair = generate_key_pair(Algorithm::MlKem768, &mut rng).unwrap(); - let (_receiver_dh_sk, receiver_dh_pk) = libcrux_ecdh::x25519_key_gen(&mut rng).unwrap(); - let (initiator_dh_sk, _initiator_dh_pk) = libcrux_ecdh::x25519_key_gen(&mut rng).unwrap(); - - for _ in 0..100_000 { - let _ = core::hint::black_box(send_ecdh_bound_psq( - &mlkem_keypair.1, - &receiver_dh_pk, - &initiator_dh_sk, - Duration::from_secs(3600), - b"example context", - &mut rng, - )); - } -} diff --git a/libcrux-psq/src/cred.rs b/libcrux-psq/src/cred.rs new file mode 100644 index 000000000..855d1f9e5 --- /dev/null +++ b/libcrux-psq/src/cred.rs @@ -0,0 +1,85 @@ +//! This module provides a trait for a generic signature primitive. +use crate::Error; + +/// A generic signature primitive. +pub trait Credential { + /// The credentials' signature objects. + type Signature; + /// The credentials' signing key objects. + type SigningKey; + /// The credentials' verification key objects. + type VerificationKey; + /// Length (in bytes) of a serialized verification key. + const VK_LEN: usize; + /// Length (in bytes) of a serialized signature. + const SIG_LEN: usize; + + /// Return a signature, as well as the verification key needed to + /// verify the signature. + fn sign( + signing_key: &Self::SigningKey, + message: &[u8], + ) -> Result<(Self::Signature, Self::VerificationKey), Error>; + + /// Verify a signature. + fn verify( + verification_key: &Self::VerificationKey, + signature: &Self::Signature, + message: &[u8], + ) -> Result<(), Error>; + + /// Serialize a signature to bytes. + fn serialize_signature(signature: &Self::Signature) -> Vec; + + /// Serialize a verification key to bytes. + fn serialize_verification_key(verification_key: &Self::VerificationKey) -> Vec; + + /// Deserialize a verification key. + fn deserialize_verification_key(bytes: &[u8]) -> Result; + + /// Deserialize a signature. + fn deserialize_signature(bytes: &[u8]) -> Result; +} + +/// A no-op signature primitive that does nothing. +pub struct NoAuth {} + +impl Credential for NoAuth { + type Signature = (); + type SigningKey = (); + type VerificationKey = (); + + const VK_LEN: usize = 0; + const SIG_LEN: usize = 0; + + fn sign( + _signing_key: &Self::SigningKey, + _message: &[u8], + ) -> Result<(Self::Signature, Self::VerificationKey), Error> { + Ok(((), ())) + } + + fn verify( + _verification_key: &Self::VerificationKey, + _signature: &Self::Signature, + _message: &[u8], + ) -> Result<(), Error> { + Ok(()) + } + + fn serialize_signature(_signature: &Self::Signature) -> Vec { + Vec::new() + } + + fn serialize_verification_key(_verification_key: &Self::VerificationKey) -> Vec { + Vec::new() + } + + fn deserialize_verification_key(_bytes: &[u8]) -> Result { + Ok(()) + } + + fn deserialize_signature(_bytes: &[u8]) -> Result { + Ok(()) + } +} diff --git a/libcrux-psq/src/ecdh_binder.rs b/libcrux-psq/src/ecdh_binder.rs deleted file mode 100644 index 2058cbe15..000000000 --- a/libcrux-psq/src/ecdh_binder.rs +++ /dev/null @@ -1,329 +0,0 @@ -//! # ECDH Binder -//! -//! This module implements a protocol binder that binds a post-quantum -//! pre-shared key component to an outer ECDH based key agreement. At -//! the moment, the implementation supports only X25519 keys for the -//! outer protocol. - -use libcrux::aead::{decrypt, Algorithm}; -use libcrux_ecdh::{X25519PrivateKey, X25519PublicKey}; -use std::time::{Duration, SystemTime}; - -use rand::{CryptoRng, Rng}; - -use crate::{ - psq::{PrivateKey, PublicKey}, - Error, Psk, -}; - -const DH_PSK_CONTEXT: &[u8] = b"DH-PSK"; -const DH_PSK_LENGTH: usize = 32; - -const AEAD_RECEIVER: &[u8] = b"AEAD-Responder"; -const AEAD_INITIATOR: &[u8] = b"AEAD-Initiator"; -const AEAD_KEY_NONCE: usize = Algorithm::key_size(Algorithm::Chacha20Poly1305) - + Algorithm::nonce_size(Algorithm::Chacha20Poly1305); - -const AEAD_KEY_LENGTH: usize = Algorithm::key_size(Algorithm::Chacha20Poly1305); - -struct AeadMac { - tag: libcrux::aead::Tag, - ctxt: [u8; 48], -} - -/// An ECDH-bound PSQ encapsulation. -pub struct ECDHPsk { - encapsulation: crate::psq::Ciphertext, - initiator_dh_pk: [u8; 32], - aead_mac: AeadMac, - psk_ttl: Duration, - ts: Duration, -} - -/// Generates a post-quantum pre-shared key (PQ-PSK) bound to an ECDH key. -/// -/// The encapsulated PSK is valid for the given duration -/// `psk_ttl`, based on milliseconds since the UNIX epoch until -/// current system time. Parameter `sctx` is used to -/// cryptographically bind the generated PSK to a given outer -/// protocol context and may be considered public. -pub fn send_ecdh_bound_psq( - psq_pk: &PublicKey, - receiver_dh_pk: &X25519PublicKey, - initiator_dh_sk: &X25519PrivateKey, - psk_ttl: Duration, - sctx: &[u8], - rng: &mut (impl CryptoRng + Rng), -) -> Result<(Psk, ECDHPsk), Error> { - let now = SystemTime::now(); - let ts = now - .duration_since(SystemTime::UNIX_EPOCH) - .map_err(|_| Error::OsError)?; - let ts_seconds = ts.as_secs(); - let ts_subsec_millis = ts.subsec_millis(); - let mut ts_ttl = [0u8; 28]; - ts_ttl[0..8].copy_from_slice(&ts_seconds.to_be_bytes()); - ts_ttl[8..12].copy_from_slice(&ts_subsec_millis.to_be_bytes()); - ts_ttl[12..].copy_from_slice(&psk_ttl.as_millis().to_be_bytes()); - - let (ss_q, encapsulation) = psq_pk.gen_pq_psk(sctx, rng)?; - let ss_dh = libcrux_ecdh::x25519_derive(receiver_dh_pk, initiator_dh_sk) - .map_err(|_| Error::CryptoError)?; - - // ikm = ss_q || ss_dh - let mut ikm = [0u8; 64]; - ikm[0..32].copy_from_slice(&ss_q); - ikm[32..].copy_from_slice(&ss_dh.0); - - let prk = libcrux_hkdf::extract(libcrux_hkdf::Algorithm::Sha256, b"", ikm); - - let psk: [u8; DH_PSK_LENGTH] = libcrux_hkdf::expand( - libcrux_hkdf::Algorithm::Sha256, - prk, - DH_PSK_CONTEXT, - DH_PSK_LENGTH, - ) - .map_err(|_| Error::CryptoError)? - .try_into() - .map_err(|_| Error::CryptoError)?; - - // NOTE: Make this a real cipherstate and pass it outside? - let (initiator_iv, initiator_key, _receiver_iv, _receiver_key) = derive_cipherstate(psk)?; - - let aad = ts_ttl; - let mut initiator_dh_pk = [0u8; 32]; - initiator_dh_pk.copy_from_slice( - &libcrux_ecdh::secret_to_public(libcrux_ecdh::Algorithm::X25519, initiator_dh_sk) - .map_err(|_| Error::CryptoError)?, - ); - let mut ctxt = [0u8; 48]; - ctxt[0..32].copy_from_slice(&initiator_dh_pk); - - let aead_mac = libcrux::aead::encrypt(&initiator_key, &mut ctxt, initiator_iv, &aad) - .map_err(|_| Error::CryptoError)?; - let aead_mac = AeadMac { - tag: aead_mac, - ctxt: ctxt.to_owned(), - }; - - Ok(( - psk, - ECDHPsk { - encapsulation, - initiator_dh_pk, - aead_mac, - psk_ttl, - ts, - }, - )) -} - -/// Derive an ECDH-bound PSK from a PQ-PSK message. -/// -/// Errors if the PQ-PSK message lifetime is elapsed. -pub fn receive_ecdh_bound_psq( - receiver_pqsk: &PrivateKey, - receiver_pqpk: &PublicKey, - receiver_dh_sk: &X25519PrivateKey, - ecdh_psk_message: &ECDHPsk, - sctx: &[u8], -) -> Result { - let ECDHPsk { - encapsulation, - initiator_dh_pk, - aead_mac, - psk_ttl, - ts, - } = ecdh_psk_message; - let ss_q = receiver_pqsk.derive_pq_psk(receiver_pqpk, encapsulation, sctx)?; - let initiator_dh_pk_bytes: [u8; 32] = initiator_dh_pk.to_owned(); - let initiator_dh_pk_point = libcrux_ecdh::X25519PublicKey(initiator_dh_pk_bytes); - let ss_dh = libcrux_ecdh::x25519_derive(&initiator_dh_pk_point, receiver_dh_sk) - .map_err(|_| Error::CryptoError)?; - - // ikm = ss_q || ss_dh - let mut ikm = [0u8; 64]; - ikm[0..32].copy_from_slice(&ss_q); - ikm[32..].copy_from_slice(&ss_dh.0); - - let prk = libcrux_hkdf::extract(libcrux_hkdf::Algorithm::Sha256, b"", ikm); - - let psk: [u8; DH_PSK_LENGTH] = libcrux_hkdf::expand( - libcrux_hkdf::Algorithm::Sha256, - prk, - DH_PSK_CONTEXT, - DH_PSK_LENGTH, - ) - .map_err(|_| Error::CryptoError)? - .try_into() - .map_err(|_| Error::CryptoError)?; - - // NOTE: Make this a real cipherstate and pass it outside? - let (initiator_iv, initiator_key, _receiver_iv, _receiver_key) = derive_cipherstate(psk)?; - - let ts_seconds = ts.as_secs(); - let ts_subsec_millis = ts.subsec_millis(); - let mut ts_ttl = [0u8; 28]; - ts_ttl[0..8].copy_from_slice(&ts_seconds.to_be_bytes()); - ts_ttl[8..12].copy_from_slice(&ts_subsec_millis.to_be_bytes()); - ts_ttl[12..].copy_from_slice(&psk_ttl.as_millis().to_be_bytes()); - - let aad = ts_ttl; - let mut initiator_dh_pk_decrypted = aead_mac.ctxt.to_owned(); - decrypt( - &initiator_key, - &mut initiator_dh_pk_decrypted, - initiator_iv, - &aad, - &aead_mac.tag, - ) - .unwrap(); - - // validate TTL - let now = SystemTime::now(); - let ts_since_epoch = - Duration::from_secs(ts_seconds) + Duration::from_millis((ts_subsec_millis).into()); - let now = now - .duration_since(SystemTime::UNIX_EPOCH) - .map_err(|_| Error::OsError)?; - - if now < ts_since_epoch { - // time seems to have gone backwards - Err(Error::OsError) - } else if initiator_dh_pk_decrypted[0..32] != *initiator_dh_pk - || now - ts_since_epoch >= *psk_ttl - { - Err(Error::BinderError) - } else { - Ok(psk) - } -} - -fn derive_cipherstate( - psk: [u8; 32], -) -> Result< - ( - libcrux::aead::Iv, - libcrux::aead::Key, - libcrux::aead::Iv, - libcrux::aead::Key, - ), - Error, -> { - let (initiator_iv, initiator_key) = derive_key_iv(psk, AEAD_INITIATOR)?; - let (receiver_iv, receiver_key) = derive_key_iv(psk, AEAD_RECEIVER)?; - - Ok((initiator_iv, initiator_key, receiver_iv, receiver_key)) -} - -fn derive_key_iv( - psk: [u8; 32], - info: &[u8], -) -> Result<(libcrux::aead::Iv, libcrux::aead::Key), Error> { - let key_iv_bytes = - libcrux_hkdf::expand(libcrux_hkdf::Algorithm::Sha256, psk, info, AEAD_KEY_NONCE) - .map_err(|_| Error::CryptoError)?; - let (key_bytes, iv_bytes) = key_iv_bytes.split_at(AEAD_KEY_LENGTH); - let key = libcrux::aead::Key::from_slice(libcrux::aead::Algorithm::Chacha20Poly1305, key_bytes) - .map_err(|_| Error::CryptoError)?; - let iv = libcrux::aead::Iv(iv_bytes.try_into().map_err(|_| Error::CryptoError)?); - Ok((iv, key)) -} - -#[cfg(test)] -mod tests { - use std::time::Duration; - - use super::*; - - #[test] - fn simple() { - let mut rng = rand::thread_rng(); - let (receiver_pqsk, receiver_pqpk) = - crate::psq::generate_key_pair(crate::psq::Algorithm::MlKem768, &mut rng).unwrap(); - let (receiver_dh_sk, receiver_dh_pk) = libcrux_ecdh::x25519_key_gen(&mut rng).unwrap(); - let (initiator_dh_sk, _initiator_dh_pk) = libcrux_ecdh::x25519_key_gen(&mut rng).unwrap(); - - let sctx = b"test context"; - let (_psk_initiator, ecdh_psk_message) = send_ecdh_bound_psq( - &receiver_pqpk, - &receiver_dh_pk, - &initiator_dh_sk, - Duration::from_secs(3600), - sctx, - &mut rng, - ) - .unwrap(); - - let _psk_receiver = receive_ecdh_bound_psq( - &receiver_pqsk, - &receiver_pqpk, - &receiver_dh_sk, - &ecdh_psk_message, - sctx, - ) - .unwrap(); - } - - #[test] - #[should_panic] - fn zero_ttl() { - let mut rng = rand::thread_rng(); - let (receiver_pqsk, receiver_pqpk) = - crate::psq::generate_key_pair(crate::psq::Algorithm::X25519, &mut rng).unwrap(); - let (receiver_dh_sk, receiver_dh_pk) = libcrux_ecdh::x25519_key_gen(&mut rng).unwrap(); - let (initiator_dh_sk, _initiator_dh_pk) = libcrux_ecdh::x25519_key_gen(&mut rng).unwrap(); - - let sctx = b"test context"; - let (_psk_initiator, ecdh_psk_message) = send_ecdh_bound_psq( - &receiver_pqpk, - &receiver_dh_pk, - &initiator_dh_sk, - Duration::from_secs(0), - sctx, - &mut rng, - ) - .unwrap(); - - let _psk_receiver = receive_ecdh_bound_psq( - &receiver_pqsk, - &receiver_pqpk, - &receiver_dh_sk, - &ecdh_psk_message, - sctx, - ) - .unwrap(); - } - - #[test] - #[should_panic] - fn expired_timestamp() { - let mut rng = rand::thread_rng(); - let (receiver_pqsk, receiver_pqpk) = - crate::psq::generate_key_pair(crate::psq::Algorithm::X25519, &mut rng).unwrap(); - let (receiver_dh_sk, receiver_dh_pk) = libcrux_ecdh::x25519_key_gen(&mut rng).unwrap(); - let (initiator_dh_sk, _initiator_dh_pk) = libcrux_ecdh::x25519_key_gen(&mut rng).unwrap(); - - let sctx = b"test context"; - let (_psk_initiator, ecdh_psk_message) = send_ecdh_bound_psq( - &receiver_pqpk, - &receiver_dh_pk, - &initiator_dh_sk, - Duration::from_secs(1), - sctx, - &mut rng, - ) - .unwrap(); - - std::thread::sleep(Duration::from_secs(2)); - - let _psk_receiver = receive_ecdh_bound_psq( - &receiver_pqsk, - &receiver_pqpk, - &receiver_dh_sk, - &ecdh_psk_message, - sctx, - ) - .unwrap(); - } -} diff --git a/libcrux-psq/src/lib.rs b/libcrux-psq/src/lib.rs index e27cba690..f2945046c 100644 --- a/libcrux-psq/src/lib.rs +++ b/libcrux-psq/src/lib.rs @@ -1,51 +1,7 @@ -//! # Modular PQ-PSK Protocol -//! -//! This crate implements a method to generate post-quantum pre-shared keys -//! bound to specific outer protocol contexts. The goal is to harden the outer -//! (potentially classical) protocol against harvest-now-decrypt-later quantum -//! adversaries. -//! -//! Example usage of a PSK bound to an ECDH protocol context: -//! ``` -//! use std::time::Duration; -//! -//! use libcrux_psq::{ -//! ecdh_binder::{receive_ecdh_bound_psq, send_ecdh_bound_psq}, -//! psq::{generate_key_pair, Algorithm}, -//! }; -//! use rand::thread_rng; -//! -//! fn main() { -//! let mut rng = thread_rng(); -//! let (receiver_pqsk, receiver_pqpk) = generate_key_pair(Algorithm::MlKem768, &mut rng).unwrap(); -//! let (receiver_dh_sk, receiver_dh_pk) = libcrux_ecdh::x25519_key_gen(&mut rng).unwrap(); -//! let (initiator_dh_sk, _initiator_dh_pk) = libcrux_ecdh::x25519_key_gen(&mut rng).unwrap(); -//! -//! // Generate a PSK and PSK message bound to a specific ECDH key pair. -//! let (psk_initiator, ecdh_psk_message) = send_ecdh_bound_psq( -//! &receiver_pqpk, -//! &receiver_dh_pk, -//! &initiator_dh_sk, -//! Duration::from_secs(3600), -//! b"example context", -//! &mut rng, -//! ) -//! .unwrap(); -//! -//! // Derive a PSK from the PSK message. -//! let psk_receiver = receive_ecdh_bound_psq( -//! &receiver_pqsk, -//! &receiver_pqpk, -//! &receiver_dh_sk, -//! &ecdh_psk_message, -//! b"example context", -//! ) -//! .unwrap(); -//! -//! assert_eq!(psk_initiator, psk_receiver); -//! } -//! ``` +//! # PQ-PSK //! +//! This crate implements a protocol for establishing and mutually +//! registering a PQ-PSK between an initiator and a responder. #![deny(missing_docs)] @@ -60,8 +16,10 @@ pub enum Error { PSQGenerationError, /// An error during PSK decapsulation PSQDerivationError, + /// An error during credential processing + CredError, /// An error during binder computation - BinderError, + RegistrationError, /// An error in the underlying cryptographic algorithms CryptoError, /// Error relating to operating system environment @@ -77,5 +35,6 @@ impl From for Error { const PSK_LENGTH: usize = 32; type Psk = [u8; PSK_LENGTH]; -pub mod ecdh_binder; -pub mod psq; +pub mod cred; +pub mod psk_registration; +mod psq; diff --git a/libcrux-psq/src/psk_registration.rs b/libcrux-psq/src/psk_registration.rs new file mode 100644 index 000000000..b804768ff --- /dev/null +++ b/libcrux-psq/src/psk_registration.rs @@ -0,0 +1,372 @@ +//! # PSK Registration Protocol +//! +//! This module implements a protocol for mutual registration of a +//! PQ-PSK between an initiator and a responder. + +use libcrux::aead::Algorithm; +use std::time::{Duration, SystemTime}; + +use rand::{CryptoRng, Rng}; + +use crate::{ + cred::Credential, + psq::{self, Ciphertext}, + Error, Psk, +}; + +const PSK_REGISTRATION_CONTEXT: &[u8] = b"PSK-Registration"; +const PSK_LENGTH: usize = 32; + +const AEAD_RESPONDER: &[u8] = b"AEAD-Responder"; +const AEAD_INITIATOR: &[u8] = b"AEAD-Initiator"; +const AEAD_KEY_NONCE: usize = Algorithm::key_size(Algorithm::Chacha20Poly1305) + + Algorithm::nonce_size(Algorithm::Chacha20Poly1305); + +const AEAD_KEY_LENGTH: usize = Algorithm::key_size(Algorithm::Chacha20Poly1305); + +struct AeadMac { + tag: libcrux::aead::Tag, + ctxt: Vec, +} + +/// The Initiator's message to the responder. +pub struct InitiatorMsg { + encapsulation: Ciphertext, + aead_mac: AeadMac, +} + +/// The Responder's message to the initiator. +pub struct ResponderMsg { + aead_mac: AeadMac, +} + +/// A finished PSK with an attached storage handle. +pub struct RegisteredPsk { + psk: Psk, + psk_handle: Vec, +} + +/// The protocol initiator. +pub struct Initiator { + k_pq: [u8; 32], +} + +/// The protocol responder. +/// +/// Is in charge of designating a PSK storage handle. +pub struct Responder {} + +impl Initiator { + fn send_initial_message( + sctx: &[u8], + psk_ttl: Duration, + pqpk_responder: &psq::PublicKey, + signing_key: &C::SigningKey, + rng: &mut (impl CryptoRng + Rng), + ) -> Result<(Self, InitiatorMsg), Error> { + let (k_pq, enc_pq) = pqpk_responder.gen_pq_psk(sctx, rng)?; + let (initiator_iv, initiator_key, _receiver_iv, _receiver_key) = derive_cipherstate(&k_pq)?; + + let now = SystemTime::now(); + let ts = now + .duration_since(SystemTime::UNIX_EPOCH) + .map_err(|_| Error::OsError)?; + + let ts_ttl = serialize_ts_ttl(&ts, &psk_ttl); + + let (signature, verification_key) = C::sign(signing_key, &enc_pq.serialize())?; + let signature_bytes = C::serialize_signature(&signature); + let vk_bytes = C::serialize_verification_key(&verification_key); + + let mut message = Vec::new(); + message.extend_from_slice(&ts_ttl); + message.extend_from_slice(&vk_bytes); + message.extend_from_slice(&signature_bytes); + + let (tag, ctxt) = + libcrux::aead::encrypt_detached(&initiator_key, &mut message, initiator_iv, b"") + .map_err(|_| Error::CryptoError)?; + let aead_mac = AeadMac { + tag, + ctxt: ctxt.to_owned(), + }; + + Ok(( + Self { k_pq }, + InitiatorMsg { + encapsulation: enc_pq, + aead_mac, + }, + )) + } + + fn complete_handshake(&self, responder_message: &ResponderMsg) -> Result { + let (_initiator_iv, _initiator_key, responder_iv, responder_key) = + derive_cipherstate(&self.k_pq)?; + + let psk_handle = libcrux::aead::decrypt_detached( + &responder_key, + responder_message.aead_mac.ctxt.clone(), + responder_iv, + b"", + &responder_message.aead_mac.tag, + ) + .map_err(|_| Error::CryptoError)?; + + let psk = derive_psk(&self.k_pq)?; + + Ok(RegisteredPsk { psk, psk_handle }) + } +} + +fn serialize_ts_ttl(ts: &Duration, psk_ttl: &Duration) -> [u8; 28] { + let ts_seconds = ts.as_secs(); + let ts_subsec_millis = ts.subsec_millis(); + let mut ts_ttl = [0u8; 28]; + ts_ttl[0..8].copy_from_slice(&ts_seconds.to_be_bytes()); + ts_ttl[8..12].copy_from_slice(&ts_subsec_millis.to_be_bytes()); + ts_ttl[12..].copy_from_slice(&psk_ttl.as_millis().to_be_bytes()); + + ts_ttl +} + +fn deserialize_ts(bytes: &[u8]) -> Result<(u64, u32), Error> { + let ts_seconds = u64::from_be_bytes( + bytes[0..8] + .try_into() + .map_err(|_| Error::RegistrationError)?, + ); + let ts_subsec_millis = u32::from_be_bytes( + bytes[8..12] + .try_into() + .map_err(|_| Error::RegistrationError)?, + ); + + Ok((ts_seconds, ts_subsec_millis)) +} + +impl Responder { + fn send( + psk_handle: &[u8], + psk_ttl: Duration, + sctxt: &[u8], + pqpk: &psq::PublicKey, + pqsk: &psq::PrivateKey, + initiator_message: &InitiatorMsg, + ) -> Result<(RegisteredPsk, ResponderMsg), Error> { + let k_pq = pqsk.derive_pq_psk(pqpk, &initiator_message.encapsulation, sctxt)?; + let (initiator_iv, initiator_key, responder_iv, responder_key) = derive_cipherstate(&k_pq)?; + + let msg_bytes = libcrux::aead::decrypt_detached( + &initiator_key, + initiator_message.aead_mac.ctxt.clone(), + initiator_iv, + b"", + &initiator_message.aead_mac.tag, + ) + .map_err(|_| Error::CryptoError)?; + + let verification_key = C::deserialize_verification_key(&msg_bytes[28..28 + C::VK_LEN])?; + let signature = C::deserialize_signature(&msg_bytes[28 + C::VK_LEN..])?; + + if !C::verify( + &verification_key, + &signature, + &initiator_message.encapsulation.serialize(), + ) + .is_ok() + { + return Err(Error::RegistrationError); + } + + let (ts_seconds, ts_subsec_millis) = deserialize_ts(&msg_bytes)?; + + // validate TTL + let now = SystemTime::now(); + let ts_since_epoch = + Duration::from_secs(ts_seconds) + Duration::from_millis((ts_subsec_millis).into()); + let now = now + .duration_since(SystemTime::UNIX_EPOCH) + .map_err(|_| Error::OsError)?; + + let psk = derive_psk(&k_pq)?; + + let (tag, ctxt) = + libcrux::aead::encrypt_detached(&responder_key, psk_handle, responder_iv, b"") + .map_err(|_| Error::CryptoError)?; + + let aead_mac = AeadMac { + tag, + ctxt: ctxt.to_owned(), + }; + + if now < ts_since_epoch { + // time seems to have gone backwards + Err(Error::OsError) + } else if now - ts_since_epoch >= psk_ttl { + Err(Error::RegistrationError) + } else { + Ok(( + RegisteredPsk { + psk, + psk_handle: psk_handle.to_owned(), + }, + ResponderMsg { aead_mac }, + )) + } + } +} + +fn derive_psk(prk: &[u8; 32]) -> Result { + let psk: [u8; PSK_LENGTH] = libcrux_hkdf::expand( + libcrux_hkdf::Algorithm::Sha256, + prk, + PSK_REGISTRATION_CONTEXT, + PSK_LENGTH, + ) + .map_err(|_| Error::CryptoError)? + .try_into() + .map_err(|_| Error::CryptoError)?; + + Ok(psk) +} + +fn derive_cipherstate( + psk: &[u8; 32], +) -> Result< + ( + libcrux::aead::Iv, + libcrux::aead::Key, + libcrux::aead::Iv, + libcrux::aead::Key, + ), + Error, +> { + let (initiator_iv, initiator_key) = derive_key_iv(psk, AEAD_INITIATOR)?; + let (receiver_iv, receiver_key) = derive_key_iv(psk, AEAD_RESPONDER)?; + + Ok((initiator_iv, initiator_key, receiver_iv, receiver_key)) +} + +fn derive_key_iv( + psk: &[u8; 32], + info: &[u8], +) -> Result<(libcrux::aead::Iv, libcrux::aead::Key), Error> { + let key_iv_bytes = + libcrux_hkdf::expand(libcrux_hkdf::Algorithm::Sha256, psk, info, AEAD_KEY_NONCE) + .map_err(|_| Error::CryptoError)?; + let (key_bytes, iv_bytes) = key_iv_bytes.split_at(AEAD_KEY_LENGTH); + let key = libcrux::aead::Key::from_slice(libcrux::aead::Algorithm::Chacha20Poly1305, key_bytes) + .map_err(|_| Error::CryptoError)?; + let iv = libcrux::aead::Iv(iv_bytes.try_into().map_err(|_| Error::CryptoError)?); + Ok((iv, key)) +} + +#[cfg(test)] +mod tests { + use std::time::Duration; + + use crate::cred::NoAuth; + + use super::*; + + #[test] + fn simple() { + let mut rng = rand::thread_rng(); + let (receiver_pqsk, receiver_pqpk) = + crate::psq::generate_key_pair(crate::psq::Algorithm::MlKem768, &mut rng).unwrap(); + let sctx = b"test context"; + let psk_handle = b"test handle"; + let (initiator, initiator_msg) = Initiator::send_initial_message::( + sctx, + Duration::from_secs(3600), + &receiver_pqpk, + &(), + &mut rng, + ) + .unwrap(); + + let (handled_psk_responder, respone_msg) = Responder::send::( + psk_handle, + Duration::from_secs(3600), + sctx, + &receiver_pqpk, + &receiver_pqsk, + &initiator_msg, + ) + .unwrap(); + + assert_eq!(handled_psk_responder.psk_handle, psk_handle); + + let handled_psk_initiator = initiator.complete_handshake(&respone_msg).unwrap(); + + assert_eq!( + handled_psk_initiator.psk_handle, + handled_psk_responder.psk_handle + ); + assert_eq!(handled_psk_initiator.psk, handled_psk_responder.psk); + } +} + +// #[test] +// #[should_panic] +// fn zero_ttl() { +// let mut rng = rand::thread_rng(); +// let (receiver_pqsk, receiver_pqpk) = +// crate::psq::generate_key_pair(crate::psq::Algorithm::X25519, &mut rng).unwrap(); +// let (receiver_dh_sk, receiver_dh_pk) = libcrux_ecdh::x25519_key_gen(&mut rng).unwrap(); +// let (initiator_dh_sk, _initiator_dh_pk) = libcrux_ecdh::x25519_key_gen(&mut rng).unwrap(); + +// let sctx = b"test context"; +// let (_psk_initiator, ecdh_psk_message) = send_ecdh_bound_psq( +// &receiver_pqpk, +// &receiver_dh_pk, +// &initiator_dh_sk, +// Duration::from_secs(0), +// sctx, +// &mut rng, +// ) +// .unwrap(); + +// let _psk_receiver = receive_ecdh_bound_psq( +// &receiver_pqsk, +// &receiver_pqpk, +// &receiver_dh_sk, +// &ecdh_psk_message, +// sctx, +// ) +// .unwrap(); +// } + +// #[test] +// #[should_panic] +// fn expired_timestamp() { +// let mut rng = rand::thread_rng(); +// let (receiver_pqsk, receiver_pqpk) = +// crate::psq::generate_key_pair(crate::psq::Algorithm::X25519, &mut rng).unwrap(); +// let (receiver_dh_sk, receiver_dh_pk) = libcrux_ecdh::x25519_key_gen(&mut rng).unwrap(); +// let (initiator_dh_sk, _initiator_dh_pk) = libcrux_ecdh::x25519_key_gen(&mut rng).unwrap(); + +// let sctx = b"test context"; +// let (_psk_initiator, ecdh_psk_message) = send_ecdh_bound_psq( +// &receiver_pqpk, +// &receiver_dh_pk, +// &initiator_dh_sk, +// Duration::from_secs(1), +// sctx, +// &mut rng, +// ) +// .unwrap(); + +// std::thread::sleep(Duration::from_secs(2)); + +// let _psk_receiver = receive_ecdh_bound_psq( +// &receiver_pqsk, +// &receiver_pqpk, +// &receiver_dh_sk, +// &ecdh_psk_message, +// sctx, +// ) +// .unwrap(); +// } +// } diff --git a/libcrux-psq/src/psq.rs b/libcrux-psq/src/psq.rs index 320e769dc..f8f9a52af 100644 --- a/libcrux-psq/src/psq.rs +++ b/libcrux-psq/src/psq.rs @@ -10,7 +10,17 @@ use rand::{CryptoRng, Rng}; use crate::Error; const K0_LENGTH: usize = 32; -type PrePsk = [u8; K0_LENGTH]; +const KM_LENGTH: usize = 32; + +const CONFIRMATION_CONTEXT: &[u8] = b"Confirmation"; +const PSK_CONTEXT: &[u8] = b"PSK"; +const MAC_INPUT: &[u8] = b"MAC-Input"; + +const PRE_PSK_LENGTH: usize = 32; +type PrePsk = [u8; PRE_PSK_LENGTH]; + +const MAC_LENGTH: usize = 32; +type Mac = [u8; MAC_LENGTH]; /// The algorithm that should be used for the internal KEM. pub enum Algorithm { @@ -24,13 +34,27 @@ pub enum Algorithm { XWingKemDraft02, } -pub(crate) enum Ciphertext { +pub(crate) enum InnerCiphertext { X25519(libcrux_kem::Ct), MlKem768(libcrux_kem::Ct), XWingKemDraft02(libcrux_kem::Ct), ClassicMcEliece(classic_mceliece_rust::Ciphertext), } +/// A PSQ ciphertext, including MAC. +pub struct Ciphertext { + inner_ctxt: InnerCiphertext, + mac: Mac, +} + +impl Ciphertext { + pub(crate) fn serialize(&self) -> Vec { + let mut serialized = self.inner_ctxt.encode(); + serialized.extend_from_slice(&self.mac); + serialized + } +} + /// A PSQ public key pub enum PublicKey<'a> { /// for use with X25519-based protocol @@ -73,18 +97,19 @@ impl SharedSecret<'_> { } } -impl Ciphertext { +impl InnerCiphertext { fn encode(&self) -> Vec { match self { - Ciphertext::X25519(ct) => ct.encode(), - Ciphertext::MlKem768(ct) => ct.encode(), - Ciphertext::ClassicMcEliece(ct) => ct.as_ref().to_owned(), - Ciphertext::XWingKemDraft02(ct) => ct.encode(), + InnerCiphertext::X25519(ct) => ct.encode(), + InnerCiphertext::MlKem768(ct) => ct.encode(), + InnerCiphertext::ClassicMcEliece(ct) => ct.as_ref().to_owned(), + InnerCiphertext::XWingKemDraft02(ct) => ct.encode(), } } + fn decapsulate(&self, sk: &PrivateKey) -> Result { match self { - Ciphertext::X25519(ct) => { + InnerCiphertext::X25519(ct) => { if let PrivateKey::X25519(sk) = sk { let ss = ct.decapsulate(sk)?; Ok(SharedSecret::X25519(ss)) @@ -92,7 +117,7 @@ impl Ciphertext { Err(Error::InvalidPrivateKey) } } - Ciphertext::MlKem768(ct) => { + InnerCiphertext::MlKem768(ct) => { if let PrivateKey::MlKem768(sk) = sk { let ss = ct.decapsulate(sk)?; Ok(SharedSecret::MlKem768(ss)) @@ -100,7 +125,7 @@ impl Ciphertext { Err(Error::InvalidPrivateKey) } } - Ciphertext::ClassicMcEliece(ct) => { + InnerCiphertext::ClassicMcEliece(ct) => { if let PrivateKey::ClassicMcEliece(sk) = sk { let ss = decapsulate_boxed(ct, sk); Ok(SharedSecret::ClassicMcEliece(ss)) @@ -108,7 +133,7 @@ impl Ciphertext { Err(Error::InvalidPrivateKey) } } - Ciphertext::XWingKemDraft02(ct) => { + InnerCiphertext::XWingKemDraft02(ct) => { if let PrivateKey::XWingKemDraft02(sk) = sk { let ss = ct.decapsulate(sk)?; Ok(SharedSecret::XWingKemDraft02(ss)) @@ -182,28 +207,28 @@ impl PublicKey<'_> { pub(crate) fn encapsulate( &self, rng: &mut (impl CryptoRng + Rng), - ) -> Result<(SharedSecret, Ciphertext), Error> { + ) -> Result<(SharedSecret, InnerCiphertext), Error> { match self { PublicKey::X25519(pk) => { let (ss, enc) = pk.encapsulate(rng)?; - Ok((SharedSecret::X25519(ss), Ciphertext::X25519(enc))) + Ok((SharedSecret::X25519(ss), InnerCiphertext::X25519(enc))) } PublicKey::MlKem768(pk) => { let (ss, enc) = pk.encapsulate(rng)?; - Ok((SharedSecret::MlKem768(ss), Ciphertext::MlKem768(enc))) + Ok((SharedSecret::MlKem768(ss), InnerCiphertext::MlKem768(enc))) } PublicKey::ClassicMcEliece(pk) => { let (enc, ss) = encapsulate_boxed(pk, rng); Ok(( SharedSecret::ClassicMcEliece(ss), - Ciphertext::ClassicMcEliece(enc), + InnerCiphertext::ClassicMcEliece(enc), )) } PublicKey::XWingKemDraft02(pk) => { let (ss, enc) = pk.encapsulate(rng)?; Ok(( SharedSecret::XWingKemDraft02(ss), - Ciphertext::XWingKemDraft02(enc), + InnerCiphertext::XWingKemDraft02(enc), )) } } @@ -216,25 +241,79 @@ impl PublicKey<'_> { sctx: &[u8], rng: &mut (impl CryptoRng + Rng), ) -> Result<(PrePsk, Ciphertext), Error> { - let (ik, enc) = self + let (ikm, enc) = self .encapsulate(rng) .map_err(|_| Error::PSQGenerationError)?; - let mut info = self.encode(); - info.extend_from_slice(&enc.encode()); - info.extend_from_slice(sctx); - - let k0 = libcrux_hkdf::expand( - libcrux_hkdf::Algorithm::Sha256, - ik.encode(), - info, - K0_LENGTH, - ) - .map_err(|_| Error::PSQGenerationError)?; - - Ok((k0.try_into().map_err(|_| Error::CryptoError)?, enc)) + + let k0 = compute_k0(self, &ikm, &enc, sctx)?; + let mac = compute_mac(&k0)?; + let psk = compute_psk(&k0)?; + + Ok(( + psk, + Ciphertext { + inner_ctxt: enc, + mac, + }, + )) } } +fn compute_psk(k0: &[u8]) -> Result { + let psk: PrePsk = libcrux_hkdf::expand( + libcrux_hkdf::Algorithm::Sha256, + k0, + PSK_CONTEXT, + PRE_PSK_LENGTH, + ) + .map_err(|_| Error::PSQGenerationError)? + .try_into() + .expect("should receive the correct number of bytes from HKDF"); + Ok(psk) +} + +fn compute_k0( + pqpk: &PublicKey, + ikm: &SharedSecret, + enc: &InnerCiphertext, + sctx: &[u8], +) -> Result, Error> { + let mut info = pqpk.encode(); + info.extend_from_slice(&enc.encode()); + info.extend_from_slice(sctx); + + let k0 = libcrux_hkdf::expand( + libcrux_hkdf::Algorithm::Sha256, + ikm.encode(), + info, + K0_LENGTH, + ) + .map_err(|_| Error::PSQDerivationError)?; + + Ok(k0) +} + +fn compute_mac(k0: &[u8]) -> Result { + let km = libcrux_hkdf::expand( + libcrux_hkdf::Algorithm::Sha256, + &k0, + CONFIRMATION_CONTEXT, + KM_LENGTH, + ) + .map_err(|_| Error::PSQGenerationError)?; + + let mac: Mac = libcrux_hmac::hmac( + libcrux_hmac::Algorithm::Sha256, + &km, + &MAC_INPUT, + Some(MAC_LENGTH), + ) + .try_into() + .expect("should receive the correct number of bytes from HMAC"); + + Ok(mac) +} + impl PrivateKey<'_> { /// Derive a PSQ component from a PSQ component message. /// @@ -245,23 +324,43 @@ impl PrivateKey<'_> { enc: &Ciphertext, sctx: &[u8], ) -> Result { - let ik = enc + let Ciphertext { inner_ctxt, mac } = enc; + let ik = inner_ctxt .decapsulate(self) .map_err(|_| Error::PSQDerivationError)?; - let mut info = pk.encode(); - info.extend_from_slice(&enc.encode()); - info.extend_from_slice(sctx); - - let k0 = libcrux_hkdf::expand( - libcrux_hkdf::Algorithm::Sha256, - ik.encode(), - info, - K0_LENGTH, - ) - .map_err(|_| Error::PSQDerivationError)?; - k0.try_into().map_err(|_| Error::CryptoError) + let k0 = compute_k0(pk, &ik, inner_ctxt, sctx)?; + let recomputed_mac = compute_mac(&k0)?; + + if compare(&recomputed_mac, mac) == 0 { + let psk = compute_psk(&k0)?; + Ok(psk) + } else { + Err(Error::PSQDerivationError) + } + } +} + +/// Return 1 if `value` is not zero and 0 otherwise. +fn inz(value: u8) -> u8 { + let value = value as u16; + let result = ((value | (!value).wrapping_add(1)) >> 8) & 1; + result as u8 +} + +#[inline(never)] // Don't inline this to avoid that the compiler optimizes this out. +fn is_non_zero(value: u8) -> u8 { + core::hint::black_box(inz(value)) +} + +/// Best-effort constant time comparison. +fn compare(lhs: &[u8], rhs: &[u8]) -> u8 { + let mut r: u8 = 0; + for i in 0..lhs.len() { + r |= lhs[i] ^ rhs[i]; } + + is_non_zero(r) } #[cfg(test)] From 86d7ef73ac75680a852a1db96fd8a3c7ece98678 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 20 Aug 2024 15:27:56 +0200 Subject: [PATCH 076/172] Update documentation --- libcrux-psq/README.md | 75 ++++++++++++++++++++--------- libcrux-psq/src/psk_registration.rs | 4 +- 2 files changed, 54 insertions(+), 25 deletions(-) diff --git a/libcrux-psq/README.md b/libcrux-psq/README.md index 7656963b7..5e9107811 100644 --- a/libcrux-psq/README.md +++ b/libcrux-psq/README.md @@ -1,24 +1,63 @@ # Post-Quantum Pre-Shared-Key Protocol (PSQ) # -This crate implements a protocol for agreeing on a pre-shared key such -that the protocol messages are secure against -harvest-now-decrypt-later (HNDL) passive quantum attackers. +This crate implements a protocol for establishing and mutually +registering a pre-shared key such that the protocol messages are +secure against harvest-now-decrypt-later (HNDL) passive quantum +attackers. The protocol between initator `A` and receiver `B` roughly works as follows: ``` -A: (ik, enc) <- PQ-KEM(pk_B) - K_0 <- KDF(ik, pk_B || enc || sctxt) - K_m <- KDF(K_0, "Confirmation") - K <- KDF(K_0, "PSK") - mac_ttl <- MAC(K_m, psk_ttl) -A -> B: (enc, psk_ttl, mac_ttl) +A: (K_pq, enc_pq) <- PQPSK.Encaps(pqpk_B, sctx) + (K_regA, N_regA) <- KDF(K_pq, "AEAD-Responder-Initiator") + (K_regB, N_regB) <- KDF(K_pq, "AEAD-Initiator-Responder") + PSK <- KDF(K_pq, "PSK-Registration") + ts <- get_timestamp() + signature <- Sign(sk_A, enc_pq) + +A -> B: (enc_pq, ctxt_A = AEAD.Encrypt(K_regA, N_regA, ts || signature || vk_A || ...)) + +B: K_pq <- PQPSK.Decaps(pqsk_B, pqpk_B, sctx) + (K_regA, N_regA) <- KDF(K_pq, "AEAD-Responder-Initiator") + (K_regB, N_regB) <- KDF(K_pq, "AEAD-Initiator-Responder") + (ts || signature || vk_A || ...) <- AEAD.Decrypt(K_reqA, N_regA, ctxt) + if Verify(vk, signature, enc_pq) != 1 || ts_elapsed(ts, psk_ttl) then + ABORT + else + PSK <- KDF(K_pq, "PSK-Registration") + psk_handle <- gen_handle() + store (psk_handle, PSK) + +B -> A: ctxt_B = AEAD.Encrypt(K_regB, N_regB, psk_handle) + +A: psk_handle <- AEAD.Decrypt(K_reqB, N_regB, ctxt_B) + PSK <- KDF(K_pq, "PSK-Registration") + store (psk_handle, PSK) +``` +where `PQPSK.Encaps(pqpk_B, sctx)` denotes the following procedure: +``` +(ik, enc) <- PQ-KEM.Encaps(pk_B) +K_0 <- KDF(ik, pk_B || enc || sctxt) +K_m <- KDF(K_0, "Confirmation") +K <- KDF(K_0, "PQ-PSK") +mac <- MAC(K_m, "MAC-Input") +return (K, enc||mac) ``` -Where -* `pk_B` is the receiver's KEM public key, +`PQPSK.Decaps(sk_B, pk_B, enc||mac)` denotes the following procedure: +``` +ik <- PQ-KEM.Decaps(pqsk_B, enc) +K_0 <- KDF(ik, pk_B || enc || sctxt) +K_m <- KDF(K_0, "Confirmation") +K <- KDF(K_0, "PQ-PSK") +recomputed_mac <- MAC(K_m, "MAC-Input") +if mac != recomputed_mac then ABORT +else return K +``` +and +* `pqpk_B` is the receiver's KEM public key, +* `pqsk_B` is the receiver's KEM private key, * `sctx` is context information for the given session of the protocol, * `psk_ttl` specifies for how long the PSK should be considered valid, and -* `K` is the final PSK that is derived from the decapsulated shared - secret based on the internal KEM. +* `psk_handle` is a storage handle for the established PSK, designated by the responder. The crate implements the protocol based on several different internal KEMs: @@ -35,13 +74,3 @@ For x25519 and ML-KEM, we use `libcrux`'s optimized implementations, the Classic McEliece-based protocol uses crate [`classic-mceliece-rust`](https://crates.io/crates/classic-mceliece-rust). -# Running benchmarks -To run a set of benchmarks comparing the underlying KEMs run -```sh -cargo bench -``` - -To get a comparison of public key and message sizes in bytes run -```sh -cargo run --example sizes -``` diff --git a/libcrux-psq/src/psk_registration.rs b/libcrux-psq/src/psk_registration.rs index b804768ff..7987d3993 100644 --- a/libcrux-psq/src/psk_registration.rs +++ b/libcrux-psq/src/psk_registration.rs @@ -17,8 +17,8 @@ use crate::{ const PSK_REGISTRATION_CONTEXT: &[u8] = b"PSK-Registration"; const PSK_LENGTH: usize = 32; -const AEAD_RESPONDER: &[u8] = b"AEAD-Responder"; -const AEAD_INITIATOR: &[u8] = b"AEAD-Initiator"; +const AEAD_RESPONDER: &[u8] = b"AEAD-Responder-Initiator"; +const AEAD_INITIATOR: &[u8] = b"AEAD-Initiator-Responder"; const AEAD_KEY_NONCE: usize = Algorithm::key_size(Algorithm::Chacha20Poly1305) + Algorithm::nonce_size(Algorithm::Chacha20Poly1305); From f6c4464eea3e32579d6e27bed505b415cfc5dee1 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 20 Aug 2024 15:56:03 +0200 Subject: [PATCH 077/172] Clippy --- libcrux-psq/src/lib.rs | 2 +- libcrux-psq/src/psk_registration.rs | 23 ++++++++++++++++------- libcrux-psq/src/psq.rs | 4 ++-- 3 files changed, 19 insertions(+), 10 deletions(-) diff --git a/libcrux-psq/src/lib.rs b/libcrux-psq/src/lib.rs index f2945046c..8a8ab0ef5 100644 --- a/libcrux-psq/src/lib.rs +++ b/libcrux-psq/src/lib.rs @@ -37,4 +37,4 @@ type Psk = [u8; PSK_LENGTH]; pub mod cred; pub mod psk_registration; -mod psq; +pub mod psq; diff --git a/libcrux-psq/src/psk_registration.rs b/libcrux-psq/src/psk_registration.rs index 7987d3993..989a95384 100644 --- a/libcrux-psq/src/psk_registration.rs +++ b/libcrux-psq/src/psk_registration.rs @@ -42,8 +42,10 @@ pub struct ResponderMsg { /// A finished PSK with an attached storage handle. pub struct RegisteredPsk { - psk: Psk, - psk_handle: Vec, + /// The PSK + pub psk: Psk, + /// The PSK's handle for storing + pub psk_handle: Vec, } /// The protocol initiator. @@ -57,7 +59,8 @@ pub struct Initiator { pub struct Responder {} impl Initiator { - fn send_initial_message( + /// Send the initial message encapsulating a PQ-PrePSK. + pub fn send_initial_message( sctx: &[u8], psk_ttl: Duration, pqpk_responder: &psq::PublicKey, @@ -100,7 +103,12 @@ impl Initiator { )) } - fn complete_handshake(&self, responder_message: &ResponderMsg) -> Result { + /// Receive the responder's respone and derive a PSK under the + /// given handle. + pub fn complete_handshake( + &self, + responder_message: &ResponderMsg, + ) -> Result { let (_initiator_iv, _initiator_key, responder_iv, responder_key) = derive_cipherstate(&self.k_pq)?; @@ -146,7 +154,8 @@ fn deserialize_ts(bytes: &[u8]) -> Result<(u64, u32), Error> { } impl Responder { - fn send( + /// On successful decapsulation of the PQ-PrePSK, send the response. + pub fn send( psk_handle: &[u8], psk_ttl: Duration, sctxt: &[u8], @@ -169,12 +178,12 @@ impl Responder { let verification_key = C::deserialize_verification_key(&msg_bytes[28..28 + C::VK_LEN])?; let signature = C::deserialize_signature(&msg_bytes[28 + C::VK_LEN..])?; - if !C::verify( + if C::verify( &verification_key, &signature, &initiator_message.encapsulation.serialize(), ) - .is_ok() + .is_err() { return Err(Error::RegistrationError); } diff --git a/libcrux-psq/src/psq.rs b/libcrux-psq/src/psq.rs index f8f9a52af..d34589493 100644 --- a/libcrux-psq/src/psq.rs +++ b/libcrux-psq/src/psq.rs @@ -296,7 +296,7 @@ fn compute_k0( fn compute_mac(k0: &[u8]) -> Result { let km = libcrux_hkdf::expand( libcrux_hkdf::Algorithm::Sha256, - &k0, + k0, CONFIRMATION_CONTEXT, KM_LENGTH, ) @@ -305,7 +305,7 @@ fn compute_mac(k0: &[u8]) -> Result { let mac: Mac = libcrux_hmac::hmac( libcrux_hmac::Algorithm::Sha256, &km, - &MAC_INPUT, + MAC_INPUT, Some(MAC_LENGTH), ) .try_into() From 72ab01226718f67aa5bce18d83033b86a0889fe5 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 21 Aug 2024 10:38:54 +0000 Subject: [PATCH 078/172] put the ml-kem unpacked API behind a feature --- .github/workflows/mlkem.yml | 5 +++ libcrux-ml-kem/Cargo.toml | 7 ++-- libcrux-ml-kem/c-nss.sh | 21 +++++++++++ libcrux-ml-kem/c.sh | 1 + libcrux-ml-kem/src/cfg.rs | 2 ++ libcrux-ml-kem/src/hash_functions.rs | 1 + libcrux-ml-kem/src/ind_cca.rs | 19 ++++++---- libcrux-ml-kem/src/ind_cca/instantiations.rs | 7 +++- libcrux-ml-kem/src/ind_cpa.rs | 10 ++++-- libcrux-ml-kem/src/mlkem1024.rs | 22 +++++++----- libcrux-ml-kem/src/mlkem512.rs | 23 ++++++++---- libcrux-ml-kem/src/mlkem768.rs | 22 +++++++----- libcrux-ml-kem/src/variant.rs | 6 ++-- libcrux-ml-kem/src/vector/traits.rs | 2 ++ libcrux-ml-kem/tests/nistkats.rs | 1 + libcrux-ml-kem/tests/self.rs | 38 ++++++++++++++------ 16 files changed, 139 insertions(+), 48 deletions(-) create mode 100755 libcrux-ml-kem/c-nss.sh diff --git a/.github/workflows/mlkem.yml b/.github/workflows/mlkem.yml index 55a65b2b9..6e7c59209 100644 --- a/.github/workflows/mlkem.yml +++ b/.github/workflows/mlkem.yml @@ -88,6 +88,11 @@ jobs: rustc --print=cfg cargo build --verbose $RUST_TARGET_FLAG --features pre-verification + - name: 🔨 Build unpacked + run: | + rustc --print=cfg + cargo build --verbose $RUST_TARGET_FLAG --features pre-verification,unpacked + - name: 🔨 Build Release run: cargo build --verbose --release $RUST_TARGET_FLAG --features pre-verification diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index ac96cf23b..eef3b10fe 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -36,14 +36,17 @@ default = ["std", "mlkem512", "mlkem768", "mlkem1024"] # Hardware features can be force enabled. # It is not recommended to use these. This crate performs CPU feature detection # and enables the features when they are available. -simd128 = ["libcrux-sha3/simd128","libcrux-intrinsics/simd128"] -simd256 = ["libcrux-sha3/simd256","libcrux-intrinsics/simd256"] +simd128 = ["libcrux-sha3/simd128", "libcrux-intrinsics/simd128"] +simd256 = ["libcrux-sha3/simd256", "libcrux-intrinsics/simd256"] # Features for the different key sizes of ML-KEM mlkem512 = [] mlkem768 = [] mlkem1024 = [] +# Enable the unpacked API +unpacked = [] + # Enable Round 3 Kyber in addition to ML-KEM kyber = [] diff --git a/libcrux-ml-kem/c-nss.sh b/libcrux-ml-kem/c-nss.sh new file mode 100755 index 000000000..10bb88dba --- /dev/null +++ b/libcrux-ml-kem/c-nss.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +set -e +set -o pipefail + +./c.sh --mlkem768 + +if [[ -n "$NSS_HOME" ]]; then + files=(libcrux_core.c libcrux_core.h libcrux_mlkem768.h libcrux_mlkem768_portable.c libcrux_mlkem768_portable.h libcrux_mlkem_portable.c libcrux_mlkem_portable.h libcrux_sha3.h libcrux_sha3_internal.h) + echo "copying ..." + for file in "${files[@]}"; do + echo " c/$file" + cp c/$file $NSS_HOME/lib/freebl/verified/ + done + + internal_files=(libcrux_core.h libcrux_mlkem_portable.h libcrux_sha3_internal.h) + for file in "${internal_files[@]}"; do + echo " c/internal/$file" + cp c/internal/$file $NSS_HOME/lib/freebl/verified/internal/ + done +fi diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index 142ece36a..d6fc41bf8 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -41,6 +41,7 @@ while [ $# -gt 0 ]; do --glue) glue="$2"; shift ;; --mlkem768) features="${features} --cargo-arg=--no-default-features --cargo-arg=--features=mlkem768" ;; --kyber768) features="${features} --cargo-arg=--features=kyber" ;; + --unpacked) features="${features} --cargo-arg=--features=unpacked" ;; --no-glue) eurydice_glue=0 ;; --no-karamel_include) karamel_include=0 ;; --no-unrolling) unrolling=0 ;; diff --git a/libcrux-ml-kem/src/cfg.rs b/libcrux-ml-kem/src/cfg.rs index 9f2c6644b..8b234dbee 100644 --- a/libcrux-ml-kem/src/cfg.rs +++ b/libcrux-ml-kem/src/cfg.rs @@ -15,6 +15,7 @@ macro_rules! cfg_pre_verification { ($($item:item)*) => { $( #[cfg(feature = "pre-verification")] + #[cfg_attr(docsrs, doc(cfg(feature = "pre-verification")))] $item )* } @@ -26,6 +27,7 @@ macro_rules! cfg_kyber { ($($item:item)*) => { $( #[cfg(feature = "kyber")] + #[cfg_attr(docsrs, doc(cfg(feature = "kyber")))] $item )* } diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs index 7c04849de..6aa8c9133 100644 --- a/libcrux-ml-kem/src/hash_functions.rs +++ b/libcrux-ml-kem/src/hash_functions.rs @@ -394,6 +394,7 @@ pub(crate) mod avx2 { } /// A SIMD128 implementation of [`Hash`] for NEON +#[cfg(feature = "simd128")] pub(crate) mod neon { use super::*; use libcrux_sha3::neon::x2::{self, incremental::KeccakState}; diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 993d2ad24..2931ff80f 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -1,21 +1,24 @@ use crate::{ - constant_time_ops::{ - compare_ciphertexts_in_constant_time, - compare_ciphertexts_select_shared_secret_in_constant_time, - select_shared_secret_in_constant_time, - }, + constant_time_ops::compare_ciphertexts_select_shared_secret_in_constant_time, constants::{CPA_PKE_KEY_GENERATION_SEED_SIZE, H_DIGEST_SIZE, SHARED_SECRET_SIZE}, hash_functions::Hash, ind_cpa::serialize_public_key, - polynomial::PolynomialRingElement, serialize::deserialize_ring_elements_reduced, types::*, utils::into_padded_array, variant::*, vector::Operations, }; +#[cfg(feature = "unpacked")] +use crate::{ + constant_time_ops::{ + compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, + }, + polynomial::PolynomialRingElement, +}; /// Types for the unpacked API. +#[cfg(feature = "unpacked")] pub mod unpacked { use crate::{ind_cpa::unpacked::*, vector::traits::Operations}; @@ -37,6 +40,7 @@ pub mod unpacked { pub public_key: MlKemPublicKeyUnpacked, } } +#[cfg(feature = "unpacked")] use unpacked::*; /// Seed size for key generation @@ -279,6 +283,7 @@ pub(crate) fn decapsulate< // Unpacked API // Generate Unpacked Keys +#[cfg(feature = "unpacked")] pub(crate) fn generate_keypair_unpacked< const K: usize, const CPA_PRIVATE_KEY_SIZE: usize, @@ -338,6 +343,7 @@ pub(crate) fn generate_keypair_unpacked< } // Encapsulate with Unpacked Public Key +#[cfg(feature = "unpacked")] pub(crate) fn encapsulate_unpacked< const K: usize, const CIPHERTEXT_SIZE: usize, @@ -386,6 +392,7 @@ pub(crate) fn encapsulate_unpacked< } // Decapsulate with Unpacked Private Key +#[cfg(feature = "unpacked")] pub(crate) fn decapsulate_unpacked< const K: usize, const SECRET_KEY_SIZE: usize, diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index f68a24dfb..582fe79a9 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -6,8 +6,10 @@ macro_rules! instantiate { KEY_GENERATION_SEED_SIZE, SHARED_SECRET_SIZE, }; + #[cfg(feature = "unpacked")] pub(crate) type MlKemKeyPairUnpacked = crate::ind_cca::unpacked::MlKemKeyPairUnpacked; + #[cfg(feature = "unpacked")] pub(crate) type MlKemPublicKeyUnpacked = crate::ind_cca::unpacked::MlKemPublicKeyUnpacked; @@ -249,6 +251,7 @@ macro_rules! instantiate { } /// Unpacked API + #[cfg(feature = "unpacked")] pub(crate) fn generate_keypair_unpacked< const K: usize, const CPA_PRIVATE_KEY_SIZE: usize, @@ -274,6 +277,7 @@ macro_rules! instantiate { } /// Portable encapsualte + #[cfg(feature = "unpacked")] pub(crate) fn encapsulate_unpacked< const K: usize, const CIPHERTEXT_SIZE: usize, @@ -312,7 +316,8 @@ macro_rules! instantiate { } /// Portable decapsulate - pub fn decapsulate_unpacked< + #[cfg(feature = "unpacked")] + pub(crate) fn decapsulate_unpacked< const K: usize, const SECRET_KEY_SIZE: usize, const CPA_SECRET_KEY_SIZE: usize, diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 5af3ff65c..9704a32ab 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -1,3 +1,5 @@ +#[cfg(feature = "unpacked")] +use crate::variant::MlKem; use crate::{ constants::{BYTES_PER_RING_ELEMENT, COEFFICIENTS_IN_RING_ELEMENT, SHARED_SECRET_SIZE}, hash_functions::Hash, @@ -14,12 +16,12 @@ use crate::{ serialize_uncompressed_ring_element, }, utils::into_padded_array, - variant::{MlKem, Variant}, + variant::Variant, vector::Operations, }; -#[allow(non_snake_case)] /// Types for the unpacked API. +#[allow(non_snake_case)] pub mod unpacked { use crate::{polynomial::PolynomialRingElement, vector::traits::Operations}; @@ -29,13 +31,13 @@ pub mod unpacked { } /// An unpacked ML-KEM IND-CPA Private Key + #[cfg(feature = "unpacked")] pub(crate) struct IndCpaPublicKeyUnpacked { pub(crate) t_as_ntt: [PolynomialRingElement; K], pub(crate) seed_for_A: [u8; 32], pub(crate) A: [[PolynomialRingElement; K]; K], } } - use unpacked::*; /// Concatenate `t` and `ρ` into the public key. @@ -165,6 +167,7 @@ fn sample_vector_cbd_then_ntt< /// The NIST FIPS 203 standard can be found at /// . #[allow(non_snake_case)] +#[cfg(feature = "unpacked")] pub(crate) fn generate_keypair_unpacked< const K: usize, const ETA1: usize, @@ -321,6 +324,7 @@ fn compress_then_serialize_u< /// The NIST FIPS 203 standard can be found at /// . #[allow(non_snake_case)] +#[cfg(feature = "unpacked")] pub(crate) fn encrypt_unpacked< const K: usize, const CIPHERTEXT_SIZE: usize, diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 83cce9ad9..9ced0e292 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -1,12 +1,7 @@ //! ML-KEM 1024 - -use super::{ - constants::*, - ind_cca::{unpacked::*, *}, - types::*, - vector::traits::VectorType, - *, -}; +use super::{constants::*, ind_cca::*, types::*, *}; +#[cfg(feature = "unpacked")] +use super::{ind_cca::unpacked::*, vector::traits::VectorType}; // Kyber 1024 parameters const RANK_1024: usize = 4; @@ -53,9 +48,11 @@ pub type MlKem1024KeyPair = MlKemKeyPair = MlKemPublicKeyUnpacked; /// Am Unpacked ML-KEM 1024 Key pair #[allow(type_alias_bounds)] +#[cfg(feature = "unpacked")] pub type MlKem1024KeyPairUnpacked = MlKemKeyPairUnpacked; // Instantiate the different functions. @@ -86,6 +83,7 @@ macro_rules! instantiate { /// Generate Kyber 1024 Key Pair #[cfg(feature = "kyber")] + #[cfg_attr(docsrs, doc(cfg(feature = "kyber")))] pub fn kyber_generate_key_pair( randomness: [u8; KEY_GENERATION_SEED_SIZE], ) -> MlKem1024KeyPair { @@ -147,6 +145,7 @@ macro_rules! instantiate { /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. #[cfg(feature = "kyber")] + #[cfg_attr(docsrs, doc(cfg(feature = "kyber")))] pub fn kyber_encapsulate( public_key: &MlKem1024PublicKey, randomness: [u8; SHARED_SECRET_SIZE], @@ -201,6 +200,7 @@ macro_rules! instantiate { /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. #[cfg(feature = "kyber")] + #[cfg_attr(docsrs, doc(cfg(feature = "kyber")))] pub fn kyber_decapsulate( private_key: &MlKem1024PrivateKey, ciphertext: &MlKem1024Ciphertext, @@ -226,6 +226,8 @@ macro_rules! instantiate { } /// Generate ML-KEM 1024 Key Pair in "unpacked" form + #[cfg(feature = "unpacked")] + #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] pub fn generate_key_pair_unpacked( randomness: [u8; KEY_GENERATION_SEED_SIZE], ) -> MlKem1024KeyPairUnpacked<$vec> { @@ -260,6 +262,8 @@ let _ = ()" ) )] + #[cfg(feature = "unpacked")] + #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] pub fn encapsulate_unpacked( public_key: &MlKem1024PublicKeyUnpacked<$vec>, randomness: [u8; SHARED_SECRET_SIZE], @@ -286,6 +290,8 @@ let _ = /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] /// and an [`MlKem1024Ciphertext`]. + #[cfg(feature = "unpacked")] + #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] pub fn decapsulate_unpacked( private_key: &MlKem1024KeyPairUnpacked<$vec>, ciphertext: &MlKem1024Ciphertext, diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 7a4d5f30f..53cec6878 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -1,11 +1,7 @@ //! ML-KEM 512 -use super::{ - constants::*, - ind_cca::{unpacked::*, *}, - types::*, - vector::traits::VectorType, - *, -}; +use super::{constants::*, ind_cca::*, types::*, *}; +#[cfg(feature = "unpacked")] +use super::{ind_cca::unpacked::*, vector::traits::VectorType}; // Kyber 512 parameters const RANK_512: usize = 2; @@ -50,9 +46,13 @@ pub type MlKem512KeyPair = MlKemKeyPair = MlKemPublicKeyUnpacked; /// Am Unpacked ML-KEM 512 Key pair #[allow(type_alias_bounds)] +#[cfg(feature = "unpacked")] +#[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] pub type MlKem512KeyPairUnpacked = MlKemKeyPairUnpacked; // Instantiate the different functions. @@ -96,6 +96,7 @@ macro_rules! instantiate { /// Generate Kyber 512 Key Pair #[cfg(feature = "kyber")] + #[cfg_attr(docsrs, doc(cfg(feature = "kyber")))] pub fn kyber_generate_key_pair( randomness: [u8; KEY_GENERATION_SEED_SIZE], ) -> MlKem512KeyPair { @@ -141,6 +142,7 @@ macro_rules! instantiate { /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. #[cfg(feature = "kyber")] + #[cfg_attr(docsrs, doc(cfg(feature = "kyber")))] pub fn kyber_encapsulate( public_key: &MlKem512PublicKey, randomness: [u8; SHARED_SECRET_SIZE], @@ -195,6 +197,7 @@ macro_rules! instantiate { /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. #[cfg(feature = "kyber")] + #[cfg_attr(docsrs, doc(cfg(feature = "kyber")))] pub fn kyber_decapsulate( private_key: &MlKem512PrivateKey, ciphertext: &MlKem512Ciphertext, @@ -220,6 +223,8 @@ macro_rules! instantiate { } /// Generate ML-KEM 512 Key Pair in "unpacked" form + #[cfg(feature = "unpacked")] + #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] pub fn generate_key_pair_unpacked( randomness: [u8; KEY_GENERATION_SEED_SIZE], ) -> MlKem512KeyPairUnpacked<$vec> { @@ -252,6 +257,8 @@ let _ = ()" ) )] + #[cfg(feature = "unpacked")] + #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] pub fn encapsulate_unpacked( public_key: &MlKem512PublicKeyUnpacked<$vec>, randomness: [u8; SHARED_SECRET_SIZE], @@ -278,6 +285,8 @@ let _ = /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] /// and an [`MlKem512Ciphertext`]. + #[cfg(feature = "unpacked")] + #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] pub fn decapsulate_unpacked( private_key: &MlKem512KeyPairUnpacked<$vec>, ciphertext: &MlKem512Ciphertext, diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index b5b8ee0c6..712af0b86 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -1,13 +1,8 @@ //! ML-KEM 768 //! - -use super::{ - constants::*, - ind_cca::{unpacked::*, *}, - types::*, - vector::traits::VectorType, - *, -}; +use super::{constants::*, ind_cca::*, types::*, *}; +#[cfg(feature = "unpacked")] +use super::{ind_cca::unpacked::*, vector::traits::VectorType}; // Kyber 768 parameters const RANK_768: usize = 3; @@ -53,9 +48,11 @@ pub type MlKem768KeyPair = MlKemKeyPair = MlKemPublicKeyUnpacked; /// Am Unpacked ML-KEM 768 Key pair #[allow(type_alias_bounds)] +#[cfg(feature = "unpacked")] pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked; // Instantiate the different functions. @@ -99,6 +96,7 @@ macro_rules! instantiate { /// Generate Kyber 768 Key Pair #[cfg(feature = "kyber")] + #[cfg_attr(docsrs, doc(cfg(feature = "kyber")))] pub fn kyber_generate_key_pair( randomness: [u8; KEY_GENERATION_SEED_SIZE], ) -> MlKem768KeyPair { @@ -145,6 +143,7 @@ macro_rules! instantiate { /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. #[cfg(feature = "kyber")] + #[cfg_attr(docsrs, doc(cfg(feature = "kyber")))] pub fn kyber_encapsulate( public_key: &MlKem768PublicKey, randomness: [u8; SHARED_SECRET_SIZE], @@ -199,6 +198,7 @@ macro_rules! instantiate { /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. #[cfg(feature = "kyber")] + #[cfg_attr(docsrs, doc(cfg(feature = "kyber")))] pub fn kyber_decapsulate( private_key: &MlKem768PrivateKey, ciphertext: &MlKem768Ciphertext, @@ -224,6 +224,8 @@ macro_rules! instantiate { } /// Generate ML-KEM 768 Key Pair in "unpacked" form + #[cfg(feature = "unpacked")] + #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] pub fn generate_key_pair_unpacked( randomness: [u8; KEY_GENERATION_SEED_SIZE], ) -> MlKem768KeyPairUnpacked<$vec> { @@ -256,6 +258,8 @@ let _ = ()" ) )] + #[cfg(feature = "unpacked")] + #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] pub fn encapsulate_unpacked( public_key: &MlKem768PublicKeyUnpacked<$vec>, randomness: [u8; SHARED_SECRET_SIZE], @@ -282,6 +286,8 @@ let _ = /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] /// and an [`MlKem768Ciphertext`]. + #[cfg(feature = "unpacked")] + #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] pub fn decapsulate_unpacked( private_key: &MlKem768KeyPairUnpacked<$vec>, ciphertext: &MlKem768Ciphertext, diff --git a/libcrux-ml-kem/src/variant.rs b/libcrux-ml-kem/src/variant.rs index b9869d092..46f5916e2 100644 --- a/libcrux-ml-kem/src/variant.rs +++ b/libcrux-ml-kem/src/variant.rs @@ -2,9 +2,7 @@ //! differences between the NIST standard FIPS 203 (ML-KEM) and the //! Round 3 CRYSTALS-Kyber submissions in the NIST PQ competition. -use crate::{ - constants::{CPA_PKE_KEY_GENERATION_SEED_SIZE, H_DIGEST_SIZE}, hash_functions::Hash, utils::into_padded_array, MlKemCiphertext, -}; +use crate::{constants::CPA_PKE_KEY_GENERATION_SEED_SIZE, hash_functions::Hash, MlKemCiphertext}; /// This trait collects differences in specification between ML-KEM /// (FIPS 203) and the Round 3 CRYSTALS-Kyber submission in the @@ -36,6 +34,8 @@ impl Variant for Kyber { shared_secret: &[u8], ciphertext: &MlKemCiphertext, ) -> [u8; 32] { + use crate::{constants::H_DIGEST_SIZE, utils::into_padded_array}; + let mut kdf_input: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&shared_secret); kdf_input[H_DIGEST_SIZE..].copy_from_slice(&Hasher::H(ciphertext.as_slice())); Hasher::PRF::<32>(&kdf_input) diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 87bb9138f..8f392ea41 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -85,6 +85,8 @@ pub fn decompress_1(v: T) -> T { /// Internal vectors. /// /// Used in the unpacked API. +#[cfg(feature = "unpacked")] pub trait VectorType: Operations {} +#[cfg(feature = "unpacked")] impl VectorType for T {} diff --git a/libcrux-ml-kem/tests/nistkats.rs b/libcrux-ml-kem/tests/nistkats.rs index 744a0ce14..7617d3768 100644 --- a/libcrux-ml-kem/tests/nistkats.rs +++ b/libcrux-ml-kem/tests/nistkats.rs @@ -42,6 +42,7 @@ macro_rules! impl_nist_known_answer_tests { let key_pair = $key_gen_derand(kat.key_generation_seed); let public_key_hash = sha256(key_pair.pk()); + eprintln!("pk hash: {}", hex::encode(public_key_hash)); let secret_key_hash = sha256(key_pair.sk()); assert_eq!(public_key_hash, kat.sha3_256_hash_of_public_key, "lhs: computed public key hash, rhs: hash from kat"); diff --git a/libcrux-ml-kem/tests/self.rs b/libcrux-ml-kem/tests/self.rs index 6f47366b7..065183385 100644 --- a/libcrux-ml-kem/tests/self.rs +++ b/libcrux-ml-kem/tests/self.rs @@ -34,7 +34,7 @@ macro_rules! impl_consistency { }; } -#[cfg(feature = "pre-verification")] +#[cfg(all(feature = "pre-verification", feature = "unpacked"))] macro_rules! impl_consistency_unpacked { ($name:ident, $key_gen:expr, $encaps:expr, $key_gen_unpacked:expr, $encaps_unpacked:expr, $decaps_unpacked:expr) => { #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)] @@ -229,7 +229,11 @@ impl_consistency!( libcrux_ml_kem::mlkem1024::decapsulate ); -#[cfg(all(feature = "mlkem512", feature = "pre-verification"))] +#[cfg(all( + feature = "mlkem512", + feature = "pre-verification", + feature = "unpacked" +))] impl_consistency_unpacked!( consistency_unpacked_512_portable, libcrux_ml_kem::mlkem512::portable::generate_key_pair, @@ -242,7 +246,8 @@ impl_consistency_unpacked!( #[cfg(all( feature = "mlkem512", feature = "pre-verification", - feature = "simd128" + feature = "simd128", + feature = "unpacked" ))] impl_consistency_unpacked!( consistency_unpacked_512_neon, @@ -256,7 +261,8 @@ impl_consistency_unpacked!( #[cfg(all( feature = "mlkem512", feature = "pre-verification", - feature = "simd256" + feature = "simd256", + feature = "unpacked" ))] impl_consistency_unpacked!( consistency_unpacked_512_avx2, @@ -267,7 +273,11 @@ impl_consistency_unpacked!( libcrux_ml_kem::mlkem512::avx2::decapsulate_unpacked ); -#[cfg(all(feature = "mlkem1024", feature = "pre-verification"))] +#[cfg(all( + feature = "mlkem1024", + feature = "pre-verification", + feature = "unpacked" +))] impl_consistency_unpacked!( consistency_unpacked_1024_portable, libcrux_ml_kem::mlkem1024::portable::generate_key_pair, @@ -280,7 +290,8 @@ impl_consistency_unpacked!( #[cfg(all( feature = "mlkem1024", feature = "pre-verification", - feature = "simd128" + feature = "simd128", + feature = "unpacked" ))] impl_consistency_unpacked!( consistency_unpacked_1024_neon, @@ -294,7 +305,8 @@ impl_consistency_unpacked!( #[cfg(all( feature = "mlkem1024", feature = "pre-verification", - feature = "simd256" + feature = "simd256", + feature = "unpacked" ))] impl_consistency_unpacked!( consistency_unpacked_1024_avx2, @@ -305,7 +317,11 @@ impl_consistency_unpacked!( libcrux_ml_kem::mlkem1024::avx2::decapsulate_unpacked ); -#[cfg(all(feature = "mlkem768", feature = "pre-verification"))] +#[cfg(all( + feature = "mlkem768", + feature = "pre-verification", + feature = "unpacked" +))] impl_consistency_unpacked!( consistency_unpacked_768_portable, libcrux_ml_kem::mlkem768::portable::generate_key_pair, @@ -318,7 +334,8 @@ impl_consistency_unpacked!( #[cfg(all( feature = "mlkem768", feature = "pre-verification", - feature = "simd128" + feature = "simd128", + feature = "unpacked" ))] impl_consistency_unpacked!( consistency_unpacked_768_neon, @@ -332,7 +349,8 @@ impl_consistency_unpacked!( #[cfg(all( feature = "mlkem768", feature = "pre-verification", - feature = "simd256" + feature = "simd256", + feature = "unpacked" ))] impl_consistency_unpacked!( consistency_unpacked_768_avx2, From 9a130a852767d2f8881c458e022bf35fec1f6afe Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 21 Aug 2024 11:41:07 +0000 Subject: [PATCH 079/172] docrs fixes for mlkem --- libcrux-ml-kem/src/ind_cca.rs | 2 +- libcrux-ml-kem/src/mlkem1024.rs | 4 +++- libcrux-ml-kem/src/mlkem768.rs | 2 ++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 2931ff80f..9b1dc773f 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -19,7 +19,7 @@ use crate::{ /// Types for the unpacked API. #[cfg(feature = "unpacked")] -pub mod unpacked { +pub(crate) mod unpacked { use crate::{ind_cpa::unpacked::*, vector::traits::Operations}; /// An unpacked ML-KEM IND-CCA Private Key diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 9ced0e292..3a7acf194 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -49,10 +49,12 @@ pub type MlKem1024KeyPair = MlKemKeyPair = MlKemPublicKeyUnpacked; /// Am Unpacked ML-KEM 1024 Key pair #[allow(type_alias_bounds)] #[cfg(feature = "unpacked")] +#[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] pub type MlKem1024KeyPairUnpacked = MlKemKeyPairUnpacked; // Instantiate the different functions. @@ -248,7 +250,7 @@ macro_rules! instantiate { /// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. /// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: - /// https://github.com/hacspec/hax/issues/770 + /// #[cfg_attr( hax, hax_lib::fstar::before( diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 712af0b86..7cc7cff5c 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -49,10 +49,12 @@ pub type MlKem768KeyPair = MlKemKeyPair = MlKemPublicKeyUnpacked; /// Am Unpacked ML-KEM 768 Key pair #[allow(type_alias_bounds)] #[cfg(feature = "unpacked")] +#[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked; // Instantiate the different functions. From c49daa8b06ed82d9d2e94e59c85b885272e301a2 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 21 Aug 2024 11:51:24 +0000 Subject: [PATCH 080/172] extract C code without unpacked API --- libcrux-ml-kem/c/CMakeLists.txt | 5 + libcrux-ml-kem/c/benches/mlkem768.cc | 4 + libcrux-ml-kem/c/code_gen.txt | 4 +- libcrux-ml-kem/c/internal/libcrux_core.h | 46 +- .../c/internal/libcrux_mlkem_avx2.h | 223 +- .../c/internal/libcrux_mlkem_portable.h | 232 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 4 +- .../c/internal/libcrux_sha3_internal.h | 4 +- libcrux-ml-kem/c/libcrux_core.c | 55 +- libcrux-ml-kem/c/libcrux_core.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 163 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 37 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 163 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 37 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 159 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 35 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 159 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 35 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 159 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 35 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 159 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 35 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 3768 +++++------------ libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 181 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 3765 +++++----------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 181 +- libcrux-ml-kem/c/libcrux_sha3.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 60 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 36 +- libcrux-ml-kem/c/tests/mlkem768.cc | 7 + 36 files changed, 2558 insertions(+), 7225 deletions(-) diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index 96cdd5529..121558310 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -102,6 +102,11 @@ endif() # --- Tests +if(DEFINED ENV{LIBCRUX_UNPACKED}) + add_compile_definitions(LIBCRUX_UNPACKED) +endif(DEFINED ENV{LIBCRUX_UNPACKED}) + + # Get gtests include(FetchContent) FetchContent_Declare(googletest diff --git a/libcrux-ml-kem/c/benches/mlkem768.cc b/libcrux-ml-kem/c/benches/mlkem768.cc index 6af1573f5..1efe8a607 100644 --- a/libcrux-ml-kem/c/benches/mlkem768.cc +++ b/libcrux-ml-kem/c/benches/mlkem768.cc @@ -69,6 +69,7 @@ BENCHMARK(kyber768_key_generation); BENCHMARK(kyber768_encapsulation); BENCHMARK(kyber768_decapsulation); +#ifdef LIBCRUX_UNPACKED static void kyber768_key_generation_unpacked(benchmark::State &state) { @@ -119,6 +120,7 @@ kyber768_decapsulation_unpacked(benchmark::State &state) BENCHMARK(kyber768_key_generation_unpacked); BENCHMARK(kyber768_encapsulation_unpacked); BENCHMARK(kyber768_decapsulation_unpacked); +#endif // #ifdef LIBCRUX_UNPACKED #ifdef LIBCRUX_AARCH64 #include "libcrux_mlkem768_neon.h" @@ -229,6 +231,7 @@ BENCHMARK(kyber768_key_generation_avx2); BENCHMARK(kyber768_encapsulation_avx2); BENCHMARK(kyber768_decapsulation_avx2); +#ifdef LIBCRUX_UNPACKED static void kyber768_key_generation_avx2_unpacked(benchmark::State &state) { @@ -279,6 +282,7 @@ kyber768_decapsulation_avx2_unpacked(benchmark::State &state) BENCHMARK(kyber768_key_generation_avx2_unpacked); BENCHMARK(kyber768_encapsulation_avx2_unpacked); BENCHMARK(kyber768_decapsulation_avx2_unpacked); +#endif // #ifdef LIBCRUX_UNPACKED #endif diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 03eef7a95..c92c5be17 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a -F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d +F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty +Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 3a34dc3a4..3f6e7498f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __internal_libcrux_core_H @@ -25,14 +25,8 @@ extern "C" { static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); -uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - Eurydice_slice lhs, Eurydice_slice rhs); - #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) -void libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]); - void libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( Eurydice_slice lhs_c, Eurydice_slice rhs_c, Eurydice_slice lhs_s, Eurydice_slice rhs_s, uint8_t ret[32U]); @@ -75,7 +69,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_b01( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_da1( uint8_t value[1568U]); /** @@ -91,7 +85,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_9c1( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_351( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -104,7 +98,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_0b1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_f21( uint8_t value[3168U]); /** @@ -116,7 +110,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_2d1( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_a91( uint8_t value[1568U]); /** @@ -130,7 +124,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_331( +uint8_t *libcrux_ml_kem_types_as_slice_cb_f11( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -142,7 +136,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_fd1( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_a61( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -165,7 +159,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_b00( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_da0( uint8_t value[1184U]); /** @@ -181,7 +175,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_9c0( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_350( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -194,7 +188,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_0b0( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_f20( uint8_t value[2400U]); /** @@ -206,7 +200,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_2d0( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_a90( uint8_t value[1088U]); /** @@ -220,7 +214,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_330( +uint8_t *libcrux_ml_kem_types_as_slice_cb_f10( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -232,7 +226,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_fd0( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_a60( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -255,7 +249,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_b0( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_da( uint8_t value[800U]); /** @@ -271,7 +265,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_9c( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_35( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -284,7 +278,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_0b( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_f2( uint8_t value[1632U]); /** @@ -319,7 +313,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_2d( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_a9( uint8_t value[768U]); /** @@ -333,7 +327,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_33( +uint8_t *libcrux_ml_kem_types_as_slice_cb_f1( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -367,7 +361,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_fd( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_a6( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 3a131f0dd..0507dbaaf 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -25,29 +25,23 @@ extern "C" { #include "internal/libcrux_sha3_avx2.h" /** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 + */ -bool libcrux_ml_kem_ind_cca_validate_public_key_a71(uint8_t *public_key); +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + __m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics - K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 */ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_911(uint8_t randomness[64U]); +bool libcrux_ml_kem_ind_cca_validate_public_key_0a1(uint8_t *public_key); /** Packed API @@ -71,29 +65,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_501(uint8_t randomness[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_f21( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]); +libcrux_ml_kem_ind_cca_generate_keypair_191(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -114,35 +86,10 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e21( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d21( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_591( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -165,7 +112,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_ff1( +void libcrux_ml_kem_ind_cca_decapsulate_421( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -177,22 +124,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_a70(uint8_t *public_key); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_910(uint8_t randomness[64U]); +bool libcrux_ml_kem_ind_cca_validate_public_key_0a0(uint8_t *public_key); /** Packed API @@ -216,29 +148,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_500(uint8_t randomness[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_f20( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]); +libcrux_ml_kem_ind_cca_generate_keypair_190(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -259,35 +169,10 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e20( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_d20( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_590( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -310,7 +195,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_ff0( +void libcrux_ml_kem_ind_cca_decapsulate_420( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -322,22 +207,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_a7(uint8_t *public_key); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_91(uint8_t randomness[64U]); +bool libcrux_ml_kem_ind_cca_validate_public_key_0a(uint8_t *public_key); /** Packed API @@ -360,31 +230,9 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_50( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_19( uint8_t randomness[64U]); -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_f2( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]); - /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -404,35 +252,10 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e2( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_d2( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_59( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); - /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -455,7 +278,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_ff( +void libcrux_ml_kem_ind_cca_decapsulate_42( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 5aaafd15a..a9b732317 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __internal_libcrux_mlkem_portable_H @@ -30,30 +30,23 @@ extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR) /** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 + */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6d1(uint8_t *public_key); +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics - K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 */ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_2c1(uint8_t randomness[64U]); +bool libcrux_ml_kem_ind_cca_validate_public_key_3f1(uint8_t *public_key); /** Packed API @@ -77,30 +70,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_951(uint8_t randomness[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_511( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, - uint8_t randomness[32U]); +libcrux_ml_kem_ind_cca_generate_keypair_8c1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -121,36 +91,10 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_511( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_881( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -173,7 +117,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_461( +void libcrux_ml_kem_ind_cca_decapsulate_fd1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -185,23 +129,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6d0(uint8_t *public_key); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_2c0(uint8_t randomness[64U]); +bool libcrux_ml_kem_ind_cca_validate_public_key_3f0(uint8_t *public_key); /** Packed API @@ -225,30 +153,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_950(uint8_t randomness[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_510( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, - uint8_t randomness[32U]); +libcrux_ml_kem_ind_cca_generate_keypair_8c0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -269,36 +174,10 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_510( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_880( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); - /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -321,7 +200,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_460( +void libcrux_ml_kem_ind_cca_decapsulate_fd0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -333,23 +212,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6d(uint8_t *public_key); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_2c(uint8_t randomness[64U]); +bool libcrux_ml_kem_ind_cca_validate_public_key_3f(uint8_t *public_key); /** Packed API @@ -373,30 +236,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_95(uint8_t randomness[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_51( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]); +libcrux_ml_kem_ind_cca_generate_keypair_8c(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -417,36 +257,10 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_51( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_88( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -469,7 +283,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_46( +void libcrux_ml_kem_ind_cca_decapsulate_fd( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index f506619e4..e87fcff90 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 18a83f604..34d3839a2 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index b06a85db4..cf2942eaf 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #include "internal/libcrux_core.h" @@ -43,9 +43,8 @@ static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) { return is_non_zero(r); } -KRML_NOINLINE uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - Eurydice_slice lhs, Eurydice_slice rhs) { +static KRML_NOINLINE uint8_t +compare_ciphertexts_in_constant_time(Eurydice_slice lhs, Eurydice_slice rhs) { return compare(lhs, rhs); } @@ -68,8 +67,7 @@ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -KRML_NOINLINE void -libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( +static KRML_NOINLINE void select_shared_secret_in_constant_time( Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { select_ct(lhs, rhs, selector, ret); @@ -78,12 +76,9 @@ libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( void libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( Eurydice_slice lhs_c, Eurydice_slice rhs_c, Eurydice_slice lhs_s, Eurydice_slice rhs_s, uint8_t ret[32U]) { - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - lhs_c, rhs_c); + uint8_t selector = compare_ciphertexts_in_constant_time(lhs_c, rhs_c); uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - lhs_s, rhs_s, selector, ret0); + select_shared_secret_in_constant_time(lhs_s, rhs_s, selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -96,7 +91,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_b01( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_da1( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -119,7 +114,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_9c1( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_351( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -135,7 +130,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_0b1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_f21( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -154,7 +149,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_2d1( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_a91( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -175,7 +170,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_331( +uint8_t *libcrux_ml_kem_types_as_slice_cb_f11( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -189,7 +184,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_fd1( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_a61( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -222,7 +217,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_b00( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_da0( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -245,7 +240,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_9c0( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_350( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -261,7 +256,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_0b0( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_f20( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -280,7 +275,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_2d0( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_a90( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -301,7 +296,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_330( +uint8_t *libcrux_ml_kem_types_as_slice_cb_f10( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -315,7 +310,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_fd0( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_a60( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -348,7 +343,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_b0( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_da( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -371,7 +366,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_9c( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_35( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -386,7 +381,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_0b( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_f2( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -425,7 +420,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_2d( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_a9( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -446,7 +441,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_33( +uint8_t *libcrux_ml_kem_types_as_slice_cb_f1( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -498,7 +493,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_fd( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_a6( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 7da8bf1f4..d284f5255 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 97c2e1a4a..7a7138a01 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 0f86e3360..6bd395b40 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #include "libcrux_mlkem1024_avx2.h" @@ -38,11 +38,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_6e( +static void decapsulate_c1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ff0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_420(private_key, ciphertext, ret); } /** @@ -56,52 +56,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_6e(private_key, ciphertext, ret); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const -generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -static void decapsulate_unpacked_98( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_590(key_pair, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - decapsulate_unpacked_98(private_key, ciphertext, ret); + decapsulate_c1(private_key, ciphertext, ret); } /** @@ -121,14 +76,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_46( +static tuple_21 encapsulate_67( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e20(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_d20(uu____0, copy_of_randomness); } /** @@ -145,61 +100,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_46(uu____0, copy_of_randomness); -} - -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const -generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static tuple_21 encapsulate_unpacked_e3( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_f20(uu____0, - copy_of_randomness); -} - -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ -tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_e3(uu____0, copy_of_randomness); + return encapsulate_67(uu____0, copy_of_randomness); } /** @@ -216,12 +117,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_32( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_7e( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_500(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_190(copy_of_randomness); } /** @@ -232,43 +133,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_32(copy_of_randomness); -} - -/** - Unpacked API -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const -generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_71(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_910( - copy_of_randomness); -} - -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_71(copy_of_randomness); + return generate_keypair_7e(copy_of_randomness); } /** @@ -282,8 +147,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_370(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_a70(public_key); +static bool validate_public_key_320(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_0a0(public_key); } /** @@ -294,7 +159,7 @@ static bool validate_public_key_370(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_370(public_key.value)) { + if (validate_public_key_320(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 16ebe6f37..c428d45b7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __libcrux_mlkem1024_avx2_H @@ -20,7 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem_avx2.h" /** Decapsulate ML-KEM 1024 @@ -33,17 +32,6 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - /** Encapsulate ML-KEM 1024 @@ -55,33 +43,12 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ -tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]); - /** Generate ML-KEM 1024 Key Pair */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]); - /** Validate a public key. diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 754be38e6..50124a101 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #include "libcrux_mlkem1024_portable.h" @@ -38,11 +38,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_7a( +static void decapsulate_b6( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_461(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_fd1(private_key, ciphertext, ret); } /** @@ -56,52 +56,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_7a(private_key, ciphertext, ret); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const -generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -static void decapsulate_unpacked_ff( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_881(key_pair, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - decapsulate_unpacked_ff(private_key, ciphertext, ret); + decapsulate_b6(private_key, ciphertext, ret); } /** @@ -121,14 +76,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_a1( +static tuple_21 encapsulate_40( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_511(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_f41(uu____0, copy_of_randomness); } /** @@ -145,61 +100,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_a1(uu____0, copy_of_randomness); -} - -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const -generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static tuple_21 encapsulate_unpacked_f3( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_511(uu____0, - copy_of_randomness); -} - -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ -tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_f3(uu____0, copy_of_randomness); + return encapsulate_40(uu____0, copy_of_randomness); } /** @@ -217,12 +118,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_e3( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_12( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_951(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_8c1(copy_of_randomness); } /** @@ -233,43 +134,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_e3(copy_of_randomness); -} - -/** - Unpacked API -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with -const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_24(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_2c1( - copy_of_randomness); -} - -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_24(copy_of_randomness); + return generate_keypair_12(copy_of_randomness); } /** @@ -283,8 +148,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_561(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_6d1(public_key); +static bool validate_public_key_f71(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_3f1(public_key); } /** @@ -295,7 +160,7 @@ static bool validate_public_key_561(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_561(public_key.value)) { + if (validate_public_key_f71(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 7f2d005b3..682534bbb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __libcrux_mlkem1024_portable_H @@ -20,7 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem_portable.h" /** Decapsulate ML-KEM 1024 @@ -33,17 +32,6 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - /** Encapsulate ML-KEM 1024 @@ -55,33 +43,12 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ -tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, - uint8_t randomness[32U]); - /** Generate ML-KEM 1024 Key Pair */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( - uint8_t randomness[64U]); - /** Validate a public key. diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 7f5ace68e..0bd6bf2eb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index e1c489daf..9a861af2f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #include "libcrux_mlkem512_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_db(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_f8(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ff(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_42(private_key, ciphertext, ret); } /** @@ -54,50 +54,7 @@ static void decapsulate_db(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_db(private_key, ciphertext, ret); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const -generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -static void decapsulate_unpacked_8b( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_59(key_pair, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_8b(private_key, ciphertext, ret); + decapsulate_f8(private_key, ciphertext, ret); } /** @@ -117,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_c2( +static tuple_ec encapsulate_72( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e2(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_d2(uu____0, copy_of_randomness); } /** @@ -141,59 +98,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_c2(uu____0, copy_of_randomness); -} - -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const -generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static tuple_ec encapsulate_unpacked_a4( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_f2(uu____0, - copy_of_randomness); -} - -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_a4(uu____0, copy_of_randomness); + return encapsulate_72(uu____0, copy_of_randomness); } /** @@ -210,12 +115,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1d( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_9f( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_50(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_19(copy_of_randomness); } /** @@ -226,43 +131,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1d(copy_of_randomness); -} - -/** - Unpacked API -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const -generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_22(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_91( - copy_of_randomness); -} - -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_22(copy_of_randomness); + return generate_keypair_9f(copy_of_randomness); } /** @@ -276,8 +145,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_37(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_a7(public_key); +static bool validate_public_key_32(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_0a(public_key); } /** @@ -288,7 +157,7 @@ static bool validate_public_key_37(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_37(public_key.value)) { + if (validate_public_key_32(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 21988191c..51620676c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __libcrux_mlkem512_avx2_H @@ -20,7 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem_avx2.h" /** Decapsulate ML-KEM 512 @@ -33,17 +32,6 @@ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); - /** Encapsulate ML-KEM 512 @@ -55,31 +43,12 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]); - /** Generate ML-KEM 512 Key Pair */ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]); - /** Validate a public key. diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index e891b5796..da66678c6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #include "libcrux_mlkem512_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_35(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_cf(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_460(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_fd0(private_key, ciphertext, ret); } /** @@ -54,50 +54,7 @@ static void decapsulate_35(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_35(private_key, ciphertext, ret); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const -generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -static void decapsulate_unpacked_fd( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_880(key_pair, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_fd(private_key, ciphertext, ret); + decapsulate_cf(private_key, ciphertext, ret); } /** @@ -117,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_28( +static tuple_ec encapsulate_2b( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_510(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_f40(uu____0, copy_of_randomness); } /** @@ -141,59 +98,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_28(uu____0, copy_of_randomness); -} - -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const -generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static tuple_ec encapsulate_unpacked_83( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_510(uu____0, - copy_of_randomness); -} - -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_83(uu____0, copy_of_randomness); + return encapsulate_2b(uu____0, copy_of_randomness); } /** @@ -211,12 +116,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_fd( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_48( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_950(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_8c0(copy_of_randomness); } /** @@ -227,43 +132,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_fd(copy_of_randomness); -} - -/** - Unpacked API -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with -const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_21(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_2c0( - copy_of_randomness); -} - -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_21(copy_of_randomness); + return generate_keypair_48(copy_of_randomness); } /** @@ -277,8 +146,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_560(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_6d0(public_key); +static bool validate_public_key_f70(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_3f0(public_key); } /** @@ -289,7 +158,7 @@ static bool validate_public_key_560(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_560(public_key.value)) { + if (validate_public_key_f70(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index a2d87bcf3..697c65cd3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __libcrux_mlkem512_portable_H @@ -20,7 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem_portable.h" /** Decapsulate ML-KEM 512 @@ -33,17 +32,6 @@ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); - /** Encapsulate ML-KEM 512 @@ -55,31 +43,12 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, - uint8_t randomness[32U]); - /** Generate ML-KEM 512 Key Pair */ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( - uint8_t randomness[64U]); - /** Validate a public key. diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 27839fed0..a4aba4d66 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 9f5c91258..ef03c9787 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #include "libcrux_mlkem768_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_d4( +static void decapsulate_ba( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ff1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_421(private_key, ciphertext, ret); } /** @@ -54,50 +54,7 @@ static void decapsulate_d4( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_d4(private_key, ciphertext, ret); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static void decapsulate_unpacked_1e( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_591(key_pair, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_1e(private_key, ciphertext, ret); + decapsulate_ba(private_key, ciphertext, ret); } /** @@ -117,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_ce( +static tuple_3c encapsulate_8a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e21(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_d21(uu____0, copy_of_randomness); } /** @@ -141,59 +98,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ce(uu____0, copy_of_randomness); -} - -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static tuple_3c encapsulate_unpacked_04( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_f21(uu____0, - copy_of_randomness); -} - -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_04(uu____0, copy_of_randomness); + return encapsulate_8a(uu____0, copy_of_randomness); } /** @@ -210,12 +115,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_02( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_68( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_501(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_191(copy_of_randomness); } /** @@ -226,43 +131,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_02(copy_of_randomness); -} - -/** - Unpacked API -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_3c(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_911( - copy_of_randomness); -} - -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_3c(copy_of_randomness); + return generate_keypair_68(copy_of_randomness); } /** @@ -276,8 +145,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_371(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_a71(public_key); +static bool validate_public_key_321(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_0a1(public_key); } /** @@ -288,7 +157,7 @@ static bool validate_public_key_371(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_371(public_key.value)) { + if (validate_public_key_321(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index bb1d58364..813dfefb0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __libcrux_mlkem768_avx2_H @@ -20,7 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem_avx2.h" /** Decapsulate ML-KEM 768 @@ -33,17 +32,6 @@ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - /** Encapsulate ML-KEM 768 @@ -55,31 +43,12 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]); - /** Generate ML-KEM 768 Key Pair */ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]); - /** Validate a public key. diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index b0d6b190a..eeb4a3abb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #include "libcrux_mlkem768_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_82( +static void decapsulate_69( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_46(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_fd(private_key, ciphertext, ret); } /** @@ -54,50 +54,7 @@ static void decapsulate_82( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_82(private_key, ciphertext, ret); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static void decapsulate_unpacked_17( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_88(key_pair, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_17(private_key, ciphertext, ret); + decapsulate_69(private_key, ciphertext, ret); } /** @@ -117,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_4f( +static tuple_3c encapsulate_43( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_51(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_f4(uu____0, copy_of_randomness); } /** @@ -141,59 +98,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_4f(uu____0, copy_of_randomness); -} - -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static tuple_3c encapsulate_unpacked_11( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_51(uu____0, - copy_of_randomness); -} - -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_11(uu____0, copy_of_randomness); + return encapsulate_43(uu____0, copy_of_randomness); } /** @@ -211,12 +116,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_19( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_d5( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_95(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_8c(copy_of_randomness); } /** @@ -227,43 +132,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_19(copy_of_randomness); -} - -/** - Unpacked API -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with -const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_ef(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_2c( - copy_of_randomness); -} - -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_ef(copy_of_randomness); + return generate_keypair_d5(copy_of_randomness); } /** @@ -277,8 +146,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_56(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_6d(public_key); +static bool validate_public_key_f7(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_3f(public_key); } /** @@ -289,7 +158,7 @@ static bool validate_public_key_56(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_56(public_key.value)) { + if (validate_public_key_f7(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 3a7a3da28..ee82d1370 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __libcrux_mlkem768_portable_H @@ -20,7 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem_portable.h" /** Decapsulate ML-KEM 768 @@ -33,17 +32,6 @@ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - /** Encapsulate ML-KEM 768 @@ -55,31 +43,12 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]); - /** Generate ML-KEM 768 Key Pair */ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( - uint8_t randomness[64U]); - /** Validate a public key. diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 79cabacb5..03a7b6c5c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #include "internal/libcrux_mlkem_avx2.h" @@ -1035,7 +1035,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_9b(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_e4(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); @@ -1069,8 +1069,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_ab(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); +deserialize_to_reduced_ring_element_65(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1096,12 +1096,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a54( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_914( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_9b();); + deserialized_pk[i] = ZERO_89_e4();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1113,7 +1113,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a54( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ab(ring_element); + deserialize_to_reduced_ring_element_65(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1126,7 +1126,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_a3(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_38(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1139,8 +1139,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_ea_42(__m256i vector) { - return shift_right_a3(vector); +static __m256i shift_right_ea_4d(__m256i vector) { + return shift_right_38(vector); } /** @@ -1149,8 +1149,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_unsigned_representative_14(__m256i a) { - __m256i t = shift_right_ea_42(a); +static __m256i to_unsigned_representative_10(__m256i a) { + __m256i t = shift_right_ea_4d(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -1162,13 +1162,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_aa( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_30( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = to_unsigned_representative_14(re->coefficients[i0]); + __m256i coefficient = to_unsigned_representative_10(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1189,7 +1189,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_791( +static KRML_MUSTINLINE void serialize_secret_key_911( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1207,7 +1207,7 @@ static KRML_MUSTINLINE void serialize_secret_key_791( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_aa(&re, ret0); + serialize_uncompressed_ring_element_30(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -1225,14 +1225,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_5a1( +static KRML_MUSTINLINE void serialize_public_key_591( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_791(t_as_ntt, ret0); + serialize_secret_key_911(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -1250,15 +1250,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_a71(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_0a1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_a54( + deserialize_ring_elements_reduced_914( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_5a1( + serialize_public_key_591( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1267,19 +1267,6 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_a71(uint8_t *public_key) { (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; -} tuple_9b0; - /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} @@ -1303,7 +1290,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_451( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_1c1( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -1324,10 +1311,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static void closure_b91( +static void closure_341( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_9b();); + ret[i] = ZERO_89_e4();); } /** @@ -1457,7 +1444,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f93( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_013( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1580,7 +1567,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f94( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_014( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1623,8 +1610,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_89_46(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); +from_i16_array_89_b6(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_e4(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1641,9 +1628,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_191( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_fb1( int16_t s[272U]) { - return from_i16_array_89_46( + return from_i16_array_89_b6( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1653,7 +1640,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_af1( +static KRML_MUSTINLINE void sample_from_xof_5b1( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -1668,7 +1655,7 @@ static KRML_MUSTINLINE void sample_from_xof_af1( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_f93( + bool done = sample_from_uniform_distribution_next_013( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -1680,7 +1667,7 @@ static KRML_MUSTINLINE void sample_from_xof_af1( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_f94( + done = sample_from_uniform_distribution_next_014( copy_of_randomness, sampled_coefficients, out); } } @@ -1689,7 +1676,7 @@ static KRML_MUSTINLINE void sample_from_xof_af1( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_191(copy_of_out[i]);); + ret0[i] = closure_fb1(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1701,12 +1688,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_ac1( +static KRML_MUSTINLINE void sample_matrix_A_041( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_b91(A_transpose[i]);); + closure_341(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -1721,7 +1708,7 @@ static KRML_MUSTINLINE void sample_matrix_A_ac1( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_af1(copy_of_seeds, sampled); + sample_from_xof_5b1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -1860,7 +1847,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_ee(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_bd(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -1894,7 +1881,7 @@ sample_from_binomial_distribution_2_ee(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_46( + return from_i16_array_89_b6( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1905,7 +1892,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_c4(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_6f(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -1938,7 +1925,7 @@ sample_from_binomial_distribution_3_c4(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_46( + return from_i16_array_89_b6( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1949,8 +1936,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_730(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_ee(randomness); +sample_from_binomial_distribution_5d0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_bd(randomness); } /** @@ -1959,7 +1946,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_fd( +static KRML_MUSTINLINE void ntt_at_layer_7_b2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -1984,7 +1971,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i montgomery_multiply_fe_3e(__m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_60(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -1995,8 +1982,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_a7(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_3e(b, zeta_r); +ntt_layer_int_vec_step_2b(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_60(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -2009,7 +1996,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_5a( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_27( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2022,7 +2009,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_5a( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_a7( + ntt_layer_int_vec_step_2b( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2039,7 +2026,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_c4( +static KRML_MUSTINLINE void ntt_at_layer_3_9e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2055,7 +2042,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_2d( +static KRML_MUSTINLINE void ntt_at_layer_2_41( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2074,7 +2061,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_42( +static KRML_MUSTINLINE void ntt_at_layer_1_4f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2101,7 +2088,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_e6( +static KRML_MUSTINLINE void poly_barrett_reduce_89_25( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2117,17 +2104,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b2( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_7c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_fd(re); + ntt_at_layer_7_b2(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c4(&zeta_i, re); - ntt_at_layer_2_2d(&zeta_i, re); - ntt_at_layer_1_42(&zeta_i, re); - poly_barrett_reduce_89_e6(re); + ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_9e(&zeta_i, re); + ntt_at_layer_2_41(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_25(re); } /** @@ -2142,11 +2129,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_081( +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_881( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_9b();); + re_as_ntt[i] = ZERO_89_e4();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2161,9 +2148,9 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_081( PRFxN_a9_a12(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_730( + re_as_ntt[i0] = sample_from_binomial_distribution_5d0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_b2(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_7c(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -2215,9 +2202,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_89_44(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_89_91(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_9b(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_e4(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2252,7 +2239,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_ce1( +static KRML_MUSTINLINE void add_to_ring_element_89_1c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2272,7 +2259,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_standard_domain_c8(__m256i v) { +static __m256i to_standard_domain_b0(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -2287,14 +2274,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_06( +static KRML_MUSTINLINE void add_standard_error_reduce_89_5b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - to_standard_domain_c8(self->coefficients[j]); + to_standard_domain_b0(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &error->coefficients[j])); @@ -2310,14 +2297,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_581( +static KRML_MUSTINLINE void compute_As_plus_e_401( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_9b();); + result[i] = ZERO_89_e4();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2338,269 +2325,16 @@ static KRML_MUSTINLINE void compute_As_plus_e_581( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_44(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ce1(&result[i1], &product); + ntt_multiply_89_91(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_1c1(&result[i1], &product); } - add_standard_error_reduce_89_06(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_5b(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_9b0 generate_keypair_unpacked_581( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - cpa_keygen_seed_d8_451(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - sample_matrix_A_ac1(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_081(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_081(copy_of_prf_input, domain_separator).fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_581(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_991( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_9b();); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_4c( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - __m256i ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, __m256i, void *); - memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_a9_a11(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_911(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_9b0 uu____0 = generate_keypair_unpacked_581(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_991(A[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_4c(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t pk_serialized[1184U]; - serialize_public_key_5a1( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_a11(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2613,10 +2347,10 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_b71( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_fd1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_451(key_generation_seed, hashed); + cpa_keygen_seed_d8_1c1(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -2625,14 +2359,14 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_b71( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - sample_matrix_A_ac1(ret, true, A_transpose); + sample_matrix_A_041(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_081(copy_of_prf_input0, 0U); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_881(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -2644,20 +2378,20 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_b71( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_081(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_881(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_581(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_401(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - serialize_public_key_5a1( + serialize_public_key_591( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_791(secret_as_ntt, secret_key_serialized); + serialize_secret_key_911(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2674,6 +2408,19 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_b71( return lit; } +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void H_a9_a11(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + /** Serialize the secret key. */ @@ -2684,7 +2431,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_5a1( +static KRML_MUSTINLINE void serialize_kem_secret_key_9c1( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2748,7 +2495,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_501(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_191(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2757,13 +2504,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_501(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_b71(ind_cpa_keypair_randomness); + generate_keypair_fd1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_5a1( + serialize_kem_secret_key_9c1( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2772,13 +2519,69 @@ libcrux_ml_kem_ind_cca_generate_keypair_501(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_0b0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_f20(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_9c0( - uu____2, libcrux_ml_kem_types_from_b6_b00(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_350( + uu____2, libcrux_ml_kem_types_from_b6_da0(copy_of_public_key)); +} + +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void entropy_preprocess_d8_6d1(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_913( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_e4();); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(public_key, uint8_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_65(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } /** @@ -2793,10 +2596,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_321(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_d71(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_9b();); + error_1[i] = ZERO_89_e4();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2812,7 +2615,7 @@ sample_ring_element_cbd_321(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_730( + sample_from_binomial_distribution_5d0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -2861,7 +2664,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_48( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_64( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2885,7 +2688,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_10( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_c0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2905,7 +2708,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_b5( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_da( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2923,11 +2726,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_b3(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_19(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = montgomery_multiply_fe_3e(a_minus_b, zeta_r); + b = montgomery_multiply_fe_60(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2938,7 +2741,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_6e( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ad( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2953,7 +2756,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_6e( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_b3( + inv_ntt_layer_int_vec_step_reduce_19( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2970,18 +2773,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_4e1( +static KRML_MUSTINLINE void invert_ntt_montgomery_781( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_48(&zeta_i, re); - invert_ntt_at_layer_2_10(&zeta_i, re); - invert_ntt_at_layer_3_b5(&zeta_i, re); - invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_e6(re); + invert_ntt_at_layer_1_64(&zeta_i, re); + invert_ntt_at_layer_2_c0(&zeta_i, re); + invert_ntt_at_layer_3_da(&zeta_i, re); + invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_25(re); } /** @@ -2994,7 +2797,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_db( +static KRML_MUSTINLINE void add_error_reduce_89_da( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3018,14 +2821,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_a31( +static KRML_MUSTINLINE void compute_vector_u_7c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_9b();); + result[i] = ZERO_89_e4();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3045,11 +2848,11 @@ static KRML_MUSTINLINE void compute_vector_u_a31( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_44(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ce1(&result[i1], &product); + ntt_multiply_89_91(a_element, &r_as_ntt[j]); + add_to_ring_element_89_1c1(&result[i1], &product); } - invert_ntt_montgomery_4e1(&result[i1]); - add_error_reduce_89_db(&result[i1], &error_1[i1]); + invert_ntt_montgomery_781(&result[i1]); + add_error_reduce_89_da(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3062,7 +2865,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_80(__m256i v) { +static __m256i decompress_1_5d(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3076,8 +2879,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_f3(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); +deserialize_then_decompress_message_53(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -3085,7 +2888,7 @@ deserialize_then_decompress_message_f3(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_80(coefficient_compressed);); + re.coefficients[i0] = decompress_1_5d(coefficient_compressed);); return re; } @@ -3100,7 +2903,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_bd( +add_message_error_reduce_89_f9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3130,18 +2933,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_301( +compute_ring_element_v_391( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_e4(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ce1(&result, &product);); - invert_ntt_montgomery_4e1(&result); - result = add_message_error_reduce_89_bd(error_2, message, result); + ntt_multiply_89_91(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_1c1(&result, &product);); + invert_ntt_montgomery_781(&result); + result = add_message_error_reduce_89_f9(error_2, message, result); return result; } @@ -3152,7 +2955,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_05(__m256i vector) { +compress_ciphertext_coefficient_34(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3199,8 +3002,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_ea_01(__m256i vector) { - return compress_ciphertext_coefficient_05(vector); +static __m256i compress_ea_77(__m256i vector) { + return compress_ciphertext_coefficient_34(vector); } /** @@ -3209,14 +3012,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_27( +static KRML_MUSTINLINE void compress_then_serialize_10_c6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_01(to_unsigned_representative_14(re->coefficients[i0])); + compress_ea_77(to_unsigned_representative_10(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3234,7 +3037,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_050(__m256i vector) { +compress_ciphertext_coefficient_340(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3281,8 +3084,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_ea_010(__m256i vector) { - return compress_ciphertext_coefficient_050(vector); +static __m256i compress_ea_770(__m256i vector) { + return compress_ciphertext_coefficient_340(vector); } /** @@ -3292,10 +3095,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_ae( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_27(re, uu____0); + compress_then_serialize_10_c6(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3311,7 +3114,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_c11( +static void compress_then_serialize_u_fa1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3327,7 +3130,7 @@ static void compress_then_serialize_u_c11( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_ae(&re, ret); + compress_then_serialize_ring_element_u_f8(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3340,7 +3143,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_051(__m256i vector) { +compress_ciphertext_coefficient_341(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3387,8 +3190,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_ea_011(__m256i vector) { - return compress_ciphertext_coefficient_051(vector); +static __m256i compress_ea_771(__m256i vector) { + return compress_ciphertext_coefficient_341(vector); } /** @@ -3397,14 +3200,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_d8( +static KRML_MUSTINLINE void compress_then_serialize_4_34( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_011(to_unsigned_representative_14(re.coefficients[i0])); + compress_ea_771(to_unsigned_representative_10(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); Eurydice_slice_copy( @@ -3421,7 +3224,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_052(__m256i vector) { +compress_ciphertext_coefficient_342(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3468,8 +3271,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_ea_012(__m256i vector) { - return compress_ciphertext_coefficient_052(vector); +static __m256i compress_ea_772(__m256i vector) { + return compress_ciphertext_coefficient_342(vector); } /** @@ -3478,14 +3281,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_14( +static KRML_MUSTINLINE void compress_then_serialize_5_9d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_ea_012(to_unsigned_representative_14(re.coefficients[i0])); + compress_ea_772(to_unsigned_representative_10(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); Eurydice_slice_copy( @@ -3502,54 +3305,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_13( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_d8(re, out); + compress_then_serialize_4_34(re, out); } /** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -3565,15 +3327,24 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_ce1( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { +static void encrypt_921(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + deserialize_ring_elements_reduced_913( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + sample_matrix_A_041(ret0, false, A); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_081(copy_of_prf_input0, 0U); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_881(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -3583,7 +3354,7 @@ static void encrypt_unpacked_ce1( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_321(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_d71(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3594,249 +3365,45 @@ static void encrypt_unpacked_ce1( PRF_a9_dd4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_730( + sample_from_binomial_distribution_5d0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_a31(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_7c1(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_f3(copy_of_message); + deserialize_then_decompress_message_53(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_301(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_391(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_c11( + compress_then_serialize_u_fa1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_13( + compress_then_serialize_ring_element_v_d0( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_f21( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_a9_e11(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_unpacked_ce1(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_2d0(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void entropy_preprocess_d8_f41(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - randomness, uint8_t); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a53( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_9b();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ab(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_c01(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_a53( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - sample_matrix_A_ac1(ret0, false, A); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_081(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = - sample_ring_element_cbd_321(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_dd4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_730( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_a31(A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_f3(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_301(t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_c11( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_13( - uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_aa1(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_801(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3863,11 +3430,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e21( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d21( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_f41( + entropy_preprocess_d8_6d1( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -3877,7 +3444,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e21( size_t); uint8_t ret[32U]; H_a9_a11(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_330(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f10(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -3891,19 +3458,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e21( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_330(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f10(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_c01(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_921(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_2d0(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_a90(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_aa1(shared_secret, shared_secret_array); + kdf_d8_801(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3915,6 +3482,69 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e21( return lit; } +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_to_uncompressed_ring_element_a8(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + } + return re; +} + +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_de1( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_e4();); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(secret_key, uint8_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_a8(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; +} IndCpaPrivateKeyUnpacked_a0; + /** A monomorphic instance of libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const @@ -3922,7 +3552,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_ab(__m256i vector) { +decompress_ciphertext_coefficient_7b(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3966,8 +3596,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_ea_de(__m256i vector) { - return decompress_ciphertext_coefficient_ab(vector); +static __m256i decompress_ciphertext_coefficient_ea_d6(__m256i vector) { + return decompress_ciphertext_coefficient_7b(vector); } /** @@ -3977,15 +3607,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_66(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); +deserialize_then_decompress_10_5a(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_de(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d6(coefficient); } return re; } @@ -3997,7 +3627,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_ab0(__m256i vector) { +decompress_ciphertext_coefficient_7b0(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4041,8 +3671,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_ea_de0(__m256i vector) { - return decompress_ciphertext_coefficient_ab0(vector); +static __m256i decompress_ciphertext_coefficient_ea_d60(__m256i vector) { + return decompress_ciphertext_coefficient_7b0(vector); } /** @@ -4052,15 +3682,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_af(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); +deserialize_then_decompress_11_14(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_de0(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d60(coefficient); } return re; } @@ -4072,8 +3702,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_9c(Eurydice_slice serialized) { - return deserialize_then_decompress_10_66(serialized); +deserialize_then_decompress_ring_element_u_a9(Eurydice_slice serialized) { + return deserialize_then_decompress_10_5a(serialized); } /** @@ -4082,17 +3712,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_e0( +static KRML_MUSTINLINE void ntt_vector_u_40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c4(&zeta_i, re); - ntt_at_layer_2_2d(&zeta_i, re); - ntt_at_layer_1_42(&zeta_i, re); - poly_barrett_reduce_89_e6(re); + ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_9e(&zeta_i, re); + ntt_at_layer_2_41(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_25(re); } /** @@ -4107,12 +3737,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7b1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_c11( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_9b();); + u_as_ntt[i] = ZERO_89_e4();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -4130,8 +3760,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7b1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_9c(u_bytes); - ntt_vector_u_e0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a9(u_bytes); + ntt_vector_u_40(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4145,7 +3775,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_ab1(__m256i vector) { +decompress_ciphertext_coefficient_7b1(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4189,8 +3819,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_ea_de1(__m256i vector) { - return decompress_ciphertext_coefficient_ab1(vector); +static __m256i decompress_ciphertext_coefficient_ea_d61(__m256i vector) { + return decompress_ciphertext_coefficient_7b1(vector); } /** @@ -4200,15 +3830,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_fa(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); +deserialize_then_decompress_4_2d(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_de1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d61(coefficient); } return re; } @@ -4220,7 +3850,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_ab2(__m256i vector) { +decompress_ciphertext_coefficient_7b2(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4264,8 +3894,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_ea_de2(__m256i vector) { - return decompress_ciphertext_coefficient_ab2(vector); +static __m256i decompress_ciphertext_coefficient_ea_d62(__m256i vector) { + return decompress_ciphertext_coefficient_7b2(vector); } /** @@ -4275,8 +3905,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_6a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); +deserialize_then_decompress_5_6e(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -4284,7 +3914,7 @@ deserialize_then_decompress_5_6a(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_de2(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_d62(re.coefficients[i0]); } return re; } @@ -4296,8 +3926,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_ac(Eurydice_slice serialized) { - return deserialize_then_decompress_4_fa(serialized); +deserialize_then_decompress_ring_element_v_25(Eurydice_slice serialized) { + return deserialize_then_decompress_4_2d(serialized); } /** @@ -4311,7 +3941,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_36(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_89_01(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4339,17 +3969,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_a61( +compute_message_0c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_e4(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ce1(&result, &product);); - invert_ntt_montgomery_4e1(&result); - result = subtract_reduce_89_36(v, result); + ntt_multiply_89_91(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_1c1(&result, &product);); + invert_ntt_montgomery_781(&result); + result = subtract_reduce_89_01(v, result); return result; } @@ -4359,12 +3989,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_0b( +static KRML_MUSTINLINE void compress_then_serialize_message_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_representative_14(re.coefficients[i0]); + __m256i coefficient = to_unsigned_representative_10(re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); uint8_t bytes[2U]; @@ -4411,19 +4041,46 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_5f1( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { +static void decrypt_unpacked_001(IndCpaPrivateKeyUnpacked_a0 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_7b1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_c11(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_ac( + deserialize_then_decompress_ring_element_v_25( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_a61(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_0c1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_0b(message, ret0); + compress_then_serialize_message_2d(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_051(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + deserialize_secret_key_de1(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + IndCpaPrivateKeyUnpacked_a0 secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + decrypt_unpacked_001(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4454,9 +4111,10 @@ static KRML_MUSTINLINE void PRF_a9_dd3(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 3 - SECRET_KEY_SIZE= 2400 - CPA_SECRET_KEY_SIZE= 1152 @@ -4474,171 +4132,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_591( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_5f1(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_a9_e11(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_ea3( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_fd0(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_dd3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_ce1(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_fd0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_81(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); - } - return re; -} - -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_461( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_9b();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_81(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_a81(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_461(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_5f1(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_ff1( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, +void libcrux_ml_kem_ind_cca_decapsulate_421( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), @@ -4655,7 +4150,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_ff1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_a81(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_051(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -4677,7 +4172,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_ff1( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_fd0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a60(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_dd3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4687,17 +4182,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_ff1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_c01(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_921(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_aa1(Eurydice_array_to_slice( + kdf_d8_801(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_aa1(shared_secret0, shared_secret); + kdf_d8_801(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_fd0(ciphertext), + libcrux_ml_kem_types_as_ref_00_a60(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4719,12 +4214,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a52( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_912( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_9b();); + deserialized_pk[i] = ZERO_89_e4();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4736,7 +4231,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a52( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ab(ring_element); + deserialize_to_reduced_ring_element_65(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4754,7 +4249,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_790( +static KRML_MUSTINLINE void serialize_secret_key_910( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -4772,7 +4267,7 @@ static KRML_MUSTINLINE void serialize_secret_key_790( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_aa(&re, ret0); + serialize_uncompressed_ring_element_30(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4790,14 +4285,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_5a0( +static KRML_MUSTINLINE void serialize_public_key_590( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_790(t_as_ntt, ret0); + serialize_secret_key_910(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4815,15 +4310,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_a70(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_0a0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_a52( + deserialize_ring_elements_reduced_912( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_5a0( + serialize_public_key_590( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -4832,19 +4327,6 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_a70(uint8_t *public_key) { (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]] - -*/ -typedef struct tuple_54_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 snd; -} tuple_54; - /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} @@ -4868,7 +4350,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_450( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_1c0( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4889,10 +4371,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static void closure_b90( +static void closure_340( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_9b();); + ret[i] = ZERO_89_e4();); } /** @@ -5025,7 +4507,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f91( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_011( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -5151,7 +4633,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f92( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_012( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -5189,9 +4671,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_190( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_fb0( int16_t s[272U]) { - return from_i16_array_89_46( + return from_i16_array_89_b6( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5201,7 +4683,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_af0( +static KRML_MUSTINLINE void sample_from_xof_5b0( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -5216,7 +4698,7 @@ static KRML_MUSTINLINE void sample_from_xof_af0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_f91( + bool done = sample_from_uniform_distribution_next_011( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -5228,7 +4710,7 @@ static KRML_MUSTINLINE void sample_from_xof_af0( uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_f92( + done = sample_from_uniform_distribution_next_012( copy_of_randomness, sampled_coefficients, out); } } @@ -5237,7 +4719,7 @@ static KRML_MUSTINLINE void sample_from_xof_af0( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_190(copy_of_out[i]);); + ret0[i] = closure_fb0(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -5249,12 +4731,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_ac0( +static KRML_MUSTINLINE void sample_matrix_A_040( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_b90(A_transpose[i]);); + closure_340(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5269,7 +4751,7 @@ static KRML_MUSTINLINE void sample_matrix_A_ac0( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_af0(copy_of_seeds, sampled); + sample_from_xof_5b0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5367,11 +4849,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_080( +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_880( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_9b();); + re_as_ntt[i] = ZERO_89_e4();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5386,9 +4868,9 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_080( PRFxN_a9_a11(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_730( + re_as_ntt[i0] = sample_from_binomial_distribution_5d0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_b2(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_7c(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -5416,7 +4898,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_ce0( +static KRML_MUSTINLINE void add_to_ring_element_89_1c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5439,14 +4921,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_580( +static KRML_MUSTINLINE void compute_As_plus_e_400( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_9b();); + result[i] = ZERO_89_e4();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5467,10 +4949,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_580( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_44(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ce0(&result[i1], &product); + ntt_multiply_89_91(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_1c0(&result[i1], &product); } - add_standard_error_reduce_89_06(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_5b(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -5478,58 +4960,21 @@ static KRML_MUSTINLINE void compute_As_plus_e_580( } /** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_54 generate_keypair_unpacked_580( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_fd0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_450(key_generation_seed, hashed); + cpa_keygen_seed_d8_1c0(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5538,14 +4983,14 @@ static tuple_54 generate_keypair_unpacked_580( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - sample_matrix_A_ac0(ret, true, A_transpose); + sample_matrix_A_040(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_080(copy_of_prf_input0, 0U); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_880(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5557,65 +5002,34 @@ static tuple_54 generate_keypair_unpacked_580( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_080(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_880(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_580(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_400(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); + uint8_t public_key_serialized[1568U]; + serialize_public_key_590( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + public_key_serialized); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key_910(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[4U] - [4U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + uint8_t copy_of_secret_key_serialized[1536U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_990( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_9b();); + uint8_t copy_of_public_key_serialized[1568U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); + return lit; } /** @@ -5632,168 +5046,16 @@ static KRML_MUSTINLINE void H_a9_a10(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 + Serialize the secret key. */ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_910(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_54 uu____0 = generate_keypair_unpacked_580(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_990(A[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_4c(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; - memcpy(uu____2, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t pk_serialized[1568U]; - serialize_public_key_5a0( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_a10(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 +- SERIALIZED_KEY_LEN= 3168 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_b70( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - cpa_keygen_seed_d8_450(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - sample_matrix_A_ac0(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_080(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_080(copy_of_prf_input, domain_separator).fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_580(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); - uint8_t public_key_serialized[1568U]; - serialize_public_key_5a0( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_790(secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1536U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1568U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -- SERIALIZED_KEY_LEN= 3168 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_5a0( +static KRML_MUSTINLINE void serialize_kem_secret_key_9c0( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5857,7 +5119,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_500(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_190(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5866,13 +5128,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_500(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_b70(ind_cpa_keypair_randomness); + generate_keypair_fd0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_5a0( + serialize_kem_secret_key_9c0( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5881,13 +5143,69 @@ libcrux_ml_kem_ind_cca_generate_keypair_500(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_0b1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_f21(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_9c1( - uu____2, libcrux_ml_kem_types_from_b6_b01(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_351( + uu____2, libcrux_ml_kem_types_from_b6_da1(copy_of_public_key)); +} + +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void entropy_preprocess_d8_6d0(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1536 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_911( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_e4();); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(public_key, uint8_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_65(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } /** @@ -5902,10 +5220,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_320(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_d70(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_9b();); + error_1[i] = ZERO_89_e4();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5921,7 +5239,7 @@ sample_ring_element_cbd_320(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_730( + sample_from_binomial_distribution_5d0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -5958,18 +5276,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_4e0( +static KRML_MUSTINLINE void invert_ntt_montgomery_780( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_48(&zeta_i, re); - invert_ntt_at_layer_2_10(&zeta_i, re); - invert_ntt_at_layer_3_b5(&zeta_i, re); - invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_e6(re); + invert_ntt_at_layer_1_64(&zeta_i, re); + invert_ntt_at_layer_2_c0(&zeta_i, re); + invert_ntt_at_layer_3_da(&zeta_i, re); + invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_25(re); } /** @@ -5981,14 +5299,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_a30( +static KRML_MUSTINLINE void compute_vector_u_7c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_9b();); + result[i] = ZERO_89_e4();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6008,11 +5326,11 @@ static KRML_MUSTINLINE void compute_vector_u_a30( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_44(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ce0(&result[i1], &product); + ntt_multiply_89_91(a_element, &r_as_ntt[j]); + add_to_ring_element_89_1c0(&result[i1], &product); } - invert_ntt_montgomery_4e0(&result[i1]); - add_error_reduce_89_db(&result[i1], &error_1[i1]); + invert_ntt_montgomery_780(&result[i1]); + add_error_reduce_89_da(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -6029,18 +5347,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_300( +compute_ring_element_v_390( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_e4(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ce0(&result, &product);); - invert_ntt_montgomery_4e0(&result); - result = add_message_error_reduce_89_bd(error_2, message, result); + ntt_multiply_89_91(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_1c0(&result, &product);); + invert_ntt_montgomery_780(&result); + result = add_message_error_reduce_89_f9(error_2, message, result); return result; } @@ -6050,14 +5368,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_cf0( +static KRML_MUSTINLINE void compress_then_serialize_11_780( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_010(to_unsigned_representative_14(re->coefficients[i0])); + compress_ea_770(to_unsigned_representative_10(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6075,10 +5393,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_ae0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_f80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_cf0(re, uu____0); + compress_then_serialize_11_780(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -6094,7 +5412,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_c10( +static void compress_then_serialize_u_fa0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6110,7 +5428,7 @@ static void compress_then_serialize_u_c10( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_ae0(&re, ret); + compress_then_serialize_ring_element_u_f80(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -6123,54 +5441,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_130( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d00( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_14(re, out); + compress_then_serialize_5_9d(re, out); } /** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 @@ -6186,15 +5463,24 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_ce0( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { +static void encrypt_920(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + deserialize_ring_elements_reduced_911( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), + t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + sample_matrix_A_040(ret0, false, A); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_080(copy_of_prf_input0, 0U); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_880(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -6204,7 +5490,7 @@ static void encrypt_unpacked_ce0( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_320(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_d70(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -6215,37 +5501,57 @@ static void encrypt_unpacked_ce0( PRF_a9_dd2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_730( + sample_from_binomial_distribution_5d0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_a30(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_7c0(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_f3(copy_of_message); + deserialize_then_decompress_message_53(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_300(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_390(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_c10( + compress_then_serialize_u_fa0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_130( + compress_then_serialize_ring_element_v_d00( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE void kdf_d8_800(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 - PUBLIC_KEY_SIZE= 1568 @@ -6260,19 +5566,25 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_f20( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_d20( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_d8_6d0( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + uint8_t ret[32U]; + H_a9_a10(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f11(public_key), + uint8_t), + ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; G_a9_e10(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( @@ -6281,23 +5593,21 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_f20( Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = - &public_key->ind_cpa_public_key; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f11(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_ce0(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); + encrypt_920(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_2d1(copy_of_ciphertext); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_a91(copy_of_ciphertext); + uint8_t shared_secret_array[32U]; + kdf_d8_800(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6309,281 +5619,97 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_f20( } /** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::MlKem)} + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. */ /** -A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_f40(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - randomness, uint8_t); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a51( - Eurydice_slice public_key, +static KRML_MUSTINLINE void deserialize_secret_key_de0( + Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_9b();); + secret_as_ntt[i] = ZERO_89_e4();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ab(ring_element); - deserialized_pk[i0] = uu____0; + deserialize_to_uncompressed_ring_element_a8(secret_bytes); + secret_as_ntt[i0] = uu____0; } memcpy( - ret, deserialized_pk, + ret, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct IndCpaPrivateKeyUnpacked_01_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; +} IndCpaPrivateKeyUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_u_a90(Eurydice_slice serialized) { + return deserialize_then_decompress_11_14(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void ntt_vector_u_400( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_9e(&zeta_i, re); + ntt_at_layer_2_41(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_25(re); +} + +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 - U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_c00(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_a51( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - sample_matrix_A_ac0(ret0, false, A); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_080(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = - sample_ring_element_cbd_320(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; - memcpy( - error_1, uu____3.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_dd2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_730( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_a30(A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_f3(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_300(t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; - memcpy( - uu____5, u, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_c10( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, - (size_t)1408U, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_130( - uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -*/ -static KRML_MUSTINLINE void kdf_d8_aa0(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e20( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_d8_f40( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - uint8_t ret[32U]; - H_a9_a10(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_331(public_key), - uint8_t), - ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); - uint8_t hashed[64U]; - G_a9_e10(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_331(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_c00(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_2d1(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_d8_aa0(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_9c0(Eurydice_slice serialized) { - return deserialize_then_decompress_11_af(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void ntt_vector_u_e00( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c4(&zeta_i, re); - ntt_at_layer_2_2d(&zeta_i, re); - ntt_at_layer_1_42(&zeta_i, re); - poly_barrett_reduce_89_e6(re); -} - -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7b0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_c10( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_9b();); + u_as_ntt[i] = ZERO_89_e4();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -6601,8 +5727,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7b0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_9c0(u_bytes); - ntt_vector_u_e00(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a90(u_bytes); + ntt_vector_u_400(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6616,8 +5742,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_ac0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_6a(serialized); +deserialize_then_decompress_ring_element_v_250(Eurydice_slice serialized) { + return deserialize_then_decompress_5_6e(serialized); } /** @@ -6633,17 +5759,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_a60( +compute_message_0c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_e4(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ce0(&result, &product);); - invert_ntt_montgomery_4e0(&result); - result = subtract_reduce_89_36(v, result); + ntt_multiply_89_91(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_1c0(&result, &product);); + invert_ntt_montgomery_780(&result); + result = subtract_reduce_89_01(v, result); return result; } @@ -6681,19 +5807,46 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_5f0( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { +static void decrypt_unpacked_000(IndCpaPrivateKeyUnpacked_01 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_7b0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_c10(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_ac0( + deserialize_then_decompress_ring_element_v_250( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_a60(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_0c0(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_2d(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_050(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + deserialize_secret_key_de0(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + IndCpaPrivateKeyUnpacked_01 secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - compress_then_serialize_message_0b(message, ret0); + decrypt_unpacked_000(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6712,9 +5865,10 @@ static KRML_MUSTINLINE void PRF_a9_dd1(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 4 - SECRET_KEY_SIZE= 3168 - CPA_SECRET_KEY_SIZE= 1536 @@ -6732,242 +5886,97 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_590( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, +void libcrux_ml_kem_ind_cca_decapsulate_420( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), + (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_unpacked_5f0(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); + decrypt_050(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; G_a9_e10(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_ea4( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + libcrux_ml_kem_utils_into_padded_array_ea4(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_fd1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a61(ciphertext), uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; + uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_dd1(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_ce0(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_fd1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); + encrypt_920(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_d8_800(Eurydice_array_to_slice( + (size_t)32U, implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_d8_800(shared_secret0, shared_secret); uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_a61(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), - selector, ret0); + ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } /** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 800 +- K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_460( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_9b();); +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_910( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_e4();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_81(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_a80(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_460(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_5f0(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem -with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_ff0( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), - (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_a80(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); - uint8_t hashed[64U]; - G_a9_e10(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_ea4(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_fd1(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_dd1(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_c00(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_aa0(Eurydice_array_to_slice( - (size_t)32U, implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_d8_aa0(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_fd1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 800 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a50( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_9b();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6977,7 +5986,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a50( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ab(ring_element); + deserialize_to_reduced_ring_element_65(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6995,7 +6004,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_79( +static KRML_MUSTINLINE void serialize_secret_key_91( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -7013,7 +6022,7 @@ static KRML_MUSTINLINE void serialize_secret_key_79( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_aa(&re, ret0); + serialize_uncompressed_ring_element_30(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -7031,14 +6040,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_5a( +static KRML_MUSTINLINE void serialize_public_key_59( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_79(t_as_ntt, ret0); + serialize_secret_key_91(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7056,15 +6065,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_a7(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_0a(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_a50( + deserialize_ring_elements_reduced_910( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_5a( + serialize_public_key_59( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -7073,19 +6082,6 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_a7(uint8_t *public_key) { (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]] - -*/ -typedef struct tuple_4c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 snd; -} tuple_4c; - /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} @@ -7109,7 +6105,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_45( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_1c( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -7130,10 +6126,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static void closure_b9( +static void closure_34( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_9b();); + ret[i] = ZERO_89_e4();); } /** @@ -7260,7 +6256,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f9( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_01( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -7380,7 +6376,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f90( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_010( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -7418,9 +6414,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_19( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_fb( int16_t s[272U]) { - return from_i16_array_89_46( + return from_i16_array_89_b6( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7430,7 +6426,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_af( +static KRML_MUSTINLINE void sample_from_xof_5b( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -7445,7 +6441,7 @@ static KRML_MUSTINLINE void sample_from_xof_af( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_f9( + bool done = sample_from_uniform_distribution_next_01( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -7457,7 +6453,7 @@ static KRML_MUSTINLINE void sample_from_xof_af( uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_f90( + done = sample_from_uniform_distribution_next_010( copy_of_randomness, sampled_coefficients, out); } } @@ -7466,7 +6462,7 @@ static KRML_MUSTINLINE void sample_from_xof_af( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_19(copy_of_out[i]);); + ret0[i] = closure_fb(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -7478,12 +6474,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_ac( +static KRML_MUSTINLINE void sample_matrix_A_04( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_b9(A_transpose[i]);); + closure_34(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -7498,7 +6494,7 @@ static KRML_MUSTINLINE void sample_matrix_A_ac( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_af(copy_of_seeds, sampled); + sample_from_xof_5b(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7585,8 +6581,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_73(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_c4(randomness); +sample_from_binomial_distribution_5d(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_6f(randomness); } /** @@ -7601,11 +6597,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_08( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_88( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_9b();); + re_as_ntt[i] = ZERO_89_e4();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7620,9 +6616,9 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_08( PRFxN_a9_a1(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_73( + re_as_ntt[i0] = sample_from_binomial_distribution_5d( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_b2(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_7c(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -7650,7 +6646,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_ce( +static KRML_MUSTINLINE void add_to_ring_element_89_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -7673,14 +6669,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_58( +static KRML_MUSTINLINE void compute_As_plus_e_40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_9b();); + result[i] = ZERO_89_e4();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7701,10 +6697,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_58( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_44(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ce(&result[i1], &product); + ntt_multiply_89_91(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_1c(&result[i1], &product); } - add_standard_error_reduce_89_06(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_5b(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -7712,58 +6708,21 @@ static KRML_MUSTINLINE void compute_As_plus_e_58( } /** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_58( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_fd( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_45(key_generation_seed, hashed); + cpa_keygen_seed_d8_1c(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7772,14 +6731,14 @@ static tuple_4c generate_keypair_unpacked_58( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - sample_matrix_A_ac(ret, true, A_transpose); + sample_matrix_A_04(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_08(copy_of_prf_input0, 0U); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_88(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -7791,65 +6750,34 @@ static tuple_4c generate_keypair_unpacked_58( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_08(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_88(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_58(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_40(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); + uint8_t public_key_serialized[800U]; + serialize_public_key_59( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + public_key_serialized); + uint8_t secret_key_serialized[768U]; + serialize_secret_key_91(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[2U] - [2U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + uint8_t copy_of_secret_key_serialized[768U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static void closure_99( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_9b();); + uint8_t copy_of_public_key_serialized[800U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)800U * sizeof(uint8_t)); + return lit; } /** @@ -7866,168 +6794,16 @@ static KRML_MUSTINLINE void H_a9_a1(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 + Serialize the secret key. */ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_91(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_4c uu____0 = generate_keypair_unpacked_58(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_99(A[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_4c(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; - memcpy(uu____2, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t pk_serialized[800U]; - serialize_public_key_5a( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_a1(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem -with const generics -- K= 2 -- PRIVATE_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_b7( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - cpa_keygen_seed_d8_45(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - sample_matrix_A_ac(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_08(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_08(copy_of_prf_input, domain_separator).fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_58(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); - uint8_t public_key_serialized[800U]; - serialize_public_key_5a( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[768U]; - serialize_secret_key_79(secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[768U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[800U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)800U * sizeof(uint8_t)); - return lit; -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_5a( +static KRML_MUSTINLINE void serialize_kem_secret_key_9c( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -8090,7 +6866,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_50( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_19( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -8100,13 +6876,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_50( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_b7(ind_cpa_keypair_randomness); + generate_keypair_fd(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_5a( + serialize_kem_secret_key_9c( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8115,13 +6891,69 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_50( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_0b(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_f2(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_9c( - uu____2, libcrux_ml_kem_types_from_b6_b0(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_35( + uu____2, libcrux_ml_kem_types_from_b6_da(copy_of_public_key)); +} + +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void entropy_preprocess_d8_6d(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 768 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_91( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_e4();); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(public_key, uint8_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_65(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } /** @@ -8182,10 +7014,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_32(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_d7(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_9b();); + error_1[i] = ZERO_89_e4();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8201,7 +7033,7 @@ sample_ring_element_cbd_32(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_730( + sample_from_binomial_distribution_5d0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8238,360 +7070,124 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_4e( +static KRML_MUSTINLINE void invert_ntt_montgomery_78( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_48(&zeta_i, re); - invert_ntt_at_layer_2_10(&zeta_i, re); - invert_ntt_at_layer_3_b5(&zeta_i, re); - invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_e6(re); -} - -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_vector_u_a3( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_9b();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_44(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ce(&result[i1], &product); - } - invert_ntt_montgomery_4e(&result[i1]); - add_error_reduce_89_db(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_30( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ce(&result, &product);); - invert_ntt_montgomery_4e(&result); - result = add_message_error_reduce_89_bd(error_2, message, result); - return result; -} - -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- OUT_LEN= 640 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_c1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_ae(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); - } -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_ce( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_08(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = - sample_ring_element_cbd_32(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; - memcpy( - error_1, uu____3.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_dd0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_730( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_a3(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_f3(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_30(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; - memcpy( - uu____5, u, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_c1( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_13( - uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_f2( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_a9_e1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_unpacked_ce(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_2d(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_64(&zeta_i, re); + invert_ntt_at_layer_2_c0(&zeta_i, re); + invert_ntt_at_layer_3_da(&zeta_i, re); + invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_25(re); } /** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::MlKem)} + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ */ /** -A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_f4(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - randomness, uint8_t); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +static KRML_MUSTINLINE void compute_vector_u_7c( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_e4();); + for (size_t i0 = (size_t)0U; + i0 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_91(a_element, &r_as_ntt[j]); + add_to_ring_element_89_1c(&result[i1], &product); + } + invert_ntt_montgomery_78(&result[i1]); + add_error_reduce_89_da(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } /** - This function deserializes ring elements and reduces the result by the field - modulus. + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_39( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_e4(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_91(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_1c(&result, &product);); + invert_ntt_montgomery_78(&result); + result = add_message_error_reduce_89_f9(error_2, message, result); + return result; +} - This function MUST NOT be used on secret inputs. +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. */ /** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 768 +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics - K= 2 +- OUT_LEN= 640 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a5( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_9b();); +static void compress_then_serialize_u_fa( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], + Eurydice_slice out) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ab(ring_element); - deserialized_pk[i0] = uu____0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)640U / (size_t)2U), + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_f8(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } /** @@ -8611,10 +7207,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_c0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_92(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_a5( + deserialize_ring_elements_reduced_91( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -8622,13 +7218,13 @@ static void encrypt_c0(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - sample_matrix_A_ac(ret0, false, A); + sample_matrix_A_04(ret0, false, A); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_08(copy_of_prf_input0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_88(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -8638,7 +7234,7 @@ static void encrypt_c0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_32(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_d7(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -8649,28 +7245,28 @@ static void encrypt_c0(Eurydice_slice public_key, uint8_t message[32U], PRF_a9_dd0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_730( + sample_from_binomial_distribution_5d0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_a3(A, r_as_ntt, error_1, u); + compute_vector_u_7c(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_f3(copy_of_message); + deserialize_then_decompress_message_53(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_30(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_39(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_c1( + compress_then_serialize_u_fa( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_13( + compress_then_serialize_ring_element_v_d0( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -8687,7 +7283,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_aa(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_80(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8714,11 +7310,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e2( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_d2( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_f4( + entropy_preprocess_d8_6d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -8728,7 +7324,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e2( size_t); uint8_t ret[32U]; H_a9_a1(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_33(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f1(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -8742,19 +7338,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e2( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_33(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_c0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_92(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_2d(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_a9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_aa(shared_secret, shared_secret_array); + kdf_d8_80(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8766,6 +7362,50 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e2( return lit; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_de( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_e4();); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(secret_key, uint8_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_a8(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct IndCpaPrivateKeyUnpacked_d6_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; +} IndCpaPrivateKeyUnpacked_d6; + /** Call [`deserialize_then_decompress_ring_element_u`] on each ring element in the `ciphertext`. @@ -8778,12 +7418,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7b( +static KRML_MUSTINLINE void deserialize_then_decompress_u_c1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_9b();); + u_as_ntt[i] = ZERO_89_e4();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -8801,8 +7441,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7b( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_9c(u_bytes); - ntt_vector_u_e0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a9(u_bytes); + ntt_vector_u_40(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8822,17 +7462,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_a6( +compute_message_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_e4(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ce(&result, &product);); - invert_ntt_montgomery_4e(&result); - result = subtract_reduce_89_36(v, result); + ntt_multiply_89_91(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_1c(&result, &product);); + invert_ntt_montgomery_78(&result); + result = subtract_reduce_89_01(v, result); return result; } @@ -8870,150 +7510,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_5f( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { +static void decrypt_unpacked_00(IndCpaPrivateKeyUnpacked_d6 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_7b(ciphertext, u_as_ntt); + deserialize_then_decompress_u_c1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_ac( + deserialize_then_decompress_ring_element_v_25( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_a6(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_0b(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 2 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_a9_dd(Eurydice_slice input, uint8_t ret[32U]) { - PRF_45(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_59( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_5f(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_a9_e1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_ea0( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_fd(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_dd(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_unpacked_ce(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_fd(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); + compute_message_0c(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); + compress_then_serialize_message_2d(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_46( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_9b();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_81(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -9024,25 +7535,38 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_a8(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_05(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_46(secret_key, secret_as_ntt); + deserialize_secret_key_de(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - secret_key_unpacked; + IndCpaPrivateKeyUnpacked_d6 secret_key_unpacked; memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_5f(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_00(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 2 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_dd(Eurydice_slice input, uint8_t ret[32U]) { + PRF_45(input, ret); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -9065,7 +7589,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_ff( +void libcrux_ml_kem_ind_cca_decapsulate_42( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -9083,7 +7607,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_ff( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_a8(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_05(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -9105,7 +7629,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_ff( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_fd(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a6(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_dd(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -9115,16 +7639,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_ff( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_c0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_92(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_aa(Eurydice_array_to_slice((size_t)32U, + kdf_d8_80(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_aa(shared_secret0, shared_secret); + kdf_d8_80(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_fd(ciphertext), + libcrux_ml_kem_types_as_ref_00_a6(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 38b8a1dad..de251e8eb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __libcrux_mlkem_avx2_H @@ -352,183 +352,6 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} */ __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self); -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - __m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6; - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 723b6492f..4c13b8d96 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #include "internal/libcrux_mlkem_portable.h" @@ -2241,7 +2241,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_8d(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_ea(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2275,8 +2275,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_b0(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); +deserialize_to_reduced_ring_element_6d(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2304,12 +2304,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b74( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0c4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_8d();); + deserialized_pk[i] = ZERO_89_ea();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2321,7 +2321,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b74( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_b0(ring_element); + deserialize_to_reduced_ring_element_6d(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2335,7 +2335,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_68(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_94(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2354,8 +2354,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_f2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_68(v); +shift_right_0d_19(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_94(v); } /** @@ -2365,10 +2365,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_57( +to_unsigned_representative_db( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_f2(a); + shift_right_0d_19(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2381,14 +2381,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_3a( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_5b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_57(re->coefficients[i0]); + to_unsigned_representative_db(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2409,7 +2409,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_871( +static KRML_MUSTINLINE void serialize_secret_key_b51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2427,7 +2427,7 @@ static KRML_MUSTINLINE void serialize_secret_key_871( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_3a(&re, ret0); + serialize_uncompressed_ring_element_5b(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -2445,14 +2445,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_041( +static KRML_MUSTINLINE void serialize_public_key_791( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_871(t_as_ntt, ret0); + serialize_secret_key_b51(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -2470,15 +2470,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6d1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_3f1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_b74( + deserialize_ring_elements_reduced_0c4( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_041( + serialize_public_key_791( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2487,19 +2487,6 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_6d1(uint8_t *public_key) { (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$4size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$4size_t]] - -*/ -typedef struct tuple_540_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 snd; -} tuple_540; - /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash)} @@ -2523,7 +2510,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_1a( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_06( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -2545,10 +2532,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_081( +static void closure_4b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_8d();); + ret[i] = ZERO_89_ea();); } /** @@ -2684,7 +2671,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c3( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_db3( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2796,7 +2783,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c4( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_db4( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2839,8 +2826,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_89_ca(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); +from_i16_array_89_c1(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_ea(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2860,9 +2847,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2f1( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_041( int16_t s[272U]) { - return from_i16_array_89_ca( + return from_i16_array_89_c1( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2873,7 +2860,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_d41( +static KRML_MUSTINLINE void sample_from_xof_3f1( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -2887,7 +2874,7 @@ static KRML_MUSTINLINE void sample_from_xof_d41( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_2c3( + bool done = sample_from_uniform_distribution_next_db3( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -2899,7 +2886,7 @@ static KRML_MUSTINLINE void sample_from_xof_d41( uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_2c4( + done = sample_from_uniform_distribution_next_db4( copy_of_randomness, sampled_coefficients, out); } } @@ -2908,7 +2895,7 @@ static KRML_MUSTINLINE void sample_from_xof_d41( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_2f1(copy_of_out[i]);); + ret0[i] = closure_041(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2921,12 +2908,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_051( +static KRML_MUSTINLINE void sample_matrix_A_381( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_081(A_transpose[i]);); + closure_4b1(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -2941,7 +2928,7 @@ static KRML_MUSTINLINE void sample_matrix_A_051( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_d41(copy_of_seeds, sampled); + sample_from_xof_3f1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3063,7 +3050,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_52(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_85(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -3097,7 +3084,7 @@ sample_from_binomial_distribution_2_52(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_ca( + return from_i16_array_89_c1( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3108,7 +3095,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_b0(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_eb(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -3141,7 +3128,7 @@ sample_from_binomial_distribution_3_b0(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_ca( + return from_i16_array_89_c1( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3152,8 +3139,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_34(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_52(randomness); +sample_from_binomial_distribution_c6(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_85(randomness); } /** @@ -3162,7 +3149,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_09( +static KRML_MUSTINLINE void ntt_at_layer_7_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3190,7 +3177,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_a6( +montgomery_multiply_fe_67( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3204,12 +3191,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_a6( + ntt_layer_int_vec_step_0c( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_a6(b, zeta_r); + montgomery_multiply_fe_67(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3223,7 +3210,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_39( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_51( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3236,7 +3223,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_39( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_a6( + ntt_layer_int_vec_step_0c( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3253,7 +3240,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_a6( +static KRML_MUSTINLINE void ntt_at_layer_3_fd( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3271,7 +3258,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_23( +static KRML_MUSTINLINE void ntt_at_layer_2_ad( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3291,7 +3278,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_43( +static KRML_MUSTINLINE void ntt_at_layer_1_a2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3319,7 +3306,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_61( +static KRML_MUSTINLINE void poly_barrett_reduce_89_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3337,17 +3324,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_28( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_09(re); + ntt_at_layer_7_f4(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_a6(&zeta_i, re); - ntt_at_layer_2_23(&zeta_i, re); - ntt_at_layer_1_43(&zeta_i, re); - poly_barrett_reduce_89_61(re); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_fd(&zeta_i, re); + ntt_at_layer_2_ad(&zeta_i, re); + ntt_at_layer_1_a2(&zeta_i, re); + poly_barrett_reduce_89_8b(re); } /** @@ -3363,11 +3350,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_a71( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_fc1( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_8d();); + re_as_ntt[i] = ZERO_89_ea();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3382,9 +3369,9 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_a71( PRFxN_f1_932(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_34( + re_as_ntt[i0] = sample_from_binomial_distribution_c6( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_28(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_0f(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -3436,9 +3423,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_89_17(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_89_2a(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_8d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_ea(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3475,7 +3462,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_e81( +static KRML_MUSTINLINE void add_to_ring_element_89_841( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3500,7 +3487,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_a8( +to_standard_domain_59( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3516,14 +3503,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_22( +static KRML_MUSTINLINE void add_standard_error_reduce_89_03( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_a8(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_59(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3541,14 +3528,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_cb1( +static KRML_MUSTINLINE void compute_As_plus_e_601( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_8d();); + result[i] = ZERO_89_ea();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3569,275 +3556,16 @@ static KRML_MUSTINLINE void compute_As_plus_e_cb1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_17(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_e81(&result[i1], &product); + ntt_multiply_89_2a(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_841(&result[i1], &product); } - add_standard_error_reduce_89_22(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_03(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_540 generate_keypair_unpacked_c11( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - cpa_keygen_seed_d8_1a(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - sample_matrix_A_051(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_a71(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_a71(copy_of_prf_input, domain_separator).fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_cb1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[4U] - [4U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_540){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_e71( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_8d();); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_51( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; - libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * - sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_f1_1a1(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_2c1(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_540 uu____0 = generate_keypair_unpacked_c11(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_e71(A[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_51(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; - memcpy(uu____2, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - uint8_t pk_serialized[1568U]; - serialize_public_key_041( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_f1_1a1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_42 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3850,10 +3578,10 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_d51( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_fc1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_1a(key_generation_seed, hashed); + cpa_keygen_seed_d8_06(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3862,14 +3590,14 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_d51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - sample_matrix_A_051(ret, true, A_transpose); + sample_matrix_A_381(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_a71(copy_of_prf_input0, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_fc1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -3881,20 +3609,20 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_d51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_a71(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_fc1(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_cb1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_601(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[1568U]; - serialize_public_key_041( + serialize_public_key_791( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_871(secret_as_ntt, secret_key_serialized); + serialize_secret_key_b51(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3911,6 +3639,19 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_d51( return lit; } +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::portable::PortableHash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void H_f1_1a1(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_portable_H(input, ret); +} + /** Serialize the secret key. */ @@ -3921,7 +3662,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_2d( +static KRML_MUSTINLINE void serialize_kem_secret_key_6e( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3985,7 +3726,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_951(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_8c1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3994,13 +3735,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_951(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_d51(ind_cpa_keypair_randomness); + generate_keypair_fc1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_2d( + serialize_kem_secret_key_6e( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -4009,13 +3750,69 @@ libcrux_ml_kem_ind_cca_generate_keypair_951(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_0b1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_f21(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_9c1( - uu____2, libcrux_ml_kem_types_from_b6_b01(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_351( + uu____2, libcrux_ml_kem_types_from_b6_da1(copy_of_public_key)); +} + +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void entropy_preprocess_d8_77(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- PUBLIC_KEY_SIZE= 1536 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0c3( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_ea();); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(public_key, uint8_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_to_reduced_ring_element_6d(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** @@ -4031,10 +3828,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_f11(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_c71(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_8d();); + error_1[i] = ZERO_89_ea();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4050,7 +3847,7 @@ sample_ring_element_cbd_f11(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_34( + sample_from_binomial_distribution_c6( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -4099,7 +3896,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_6e( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_d2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4123,7 +3920,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_63( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_06( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4143,7 +3940,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_23( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_f9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4163,7 +3960,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_69( + inv_ntt_layer_int_vec_step_reduce_bb( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4171,7 +3968,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_a6(a_minus_b, zeta_r); + b = montgomery_multiply_fe_67(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4183,7 +3980,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_3b( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_1a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4198,7 +3995,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_3b( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_69( + inv_ntt_layer_int_vec_step_reduce_bb( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4215,18 +4012,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_b51( +static KRML_MUSTINLINE void invert_ntt_montgomery_7b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_6e(&zeta_i, re); - invert_ntt_at_layer_2_63(&zeta_i, re); - invert_ntt_at_layer_3_23(&zeta_i, re); - invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_61(re); + invert_ntt_at_layer_1_d2(&zeta_i, re); + invert_ntt_at_layer_2_06(&zeta_i, re); + invert_ntt_at_layer_3_f9(&zeta_i, re); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_8b(re); } /** @@ -4239,7 +4036,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_7a( +static KRML_MUSTINLINE void add_error_reduce_89_af( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4266,14 +4063,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_e41( +static KRML_MUSTINLINE void compute_vector_u_891( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_8d();); + result[i] = ZERO_89_ea();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4293,11 +4090,11 @@ static KRML_MUSTINLINE void compute_vector_u_e41( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_17(a_element, &r_as_ntt[j]); - add_to_ring_element_89_e81(&result[i1], &product); + ntt_multiply_89_2a(a_element, &r_as_ntt[j]); + add_to_ring_element_89_841(&result[i1], &product); } - invert_ntt_montgomery_b51(&result[i1]); - add_error_reduce_89_7a(&result[i1], &error_1[i1]); + invert_ntt_montgomery_7b1(&result[i1]); + add_error_reduce_89_af(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4311,7 +4108,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_e7(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_5d0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4325,8 +4122,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_5e(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); +deserialize_then_decompress_message_cd(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4336,7 +4133,7 @@ deserialize_then_decompress_message_5e(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_e7(coefficient_compressed); + decompress_1_5d0(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4352,7 +4149,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_e6( +add_message_error_reduce_89_63( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4385,18 +4182,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_691( +compute_ring_element_v_ca1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_ea(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_e81(&result, &product);); - invert_ntt_montgomery_b51(&result); - result = add_message_error_reduce_89_e6(error_2, message, result); + ntt_multiply_89_2a(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_841(&result, &product);); + invert_ntt_montgomery_7b1(&result); + result = add_message_error_reduce_89_63(error_2, message, result); return result; } @@ -4406,7 +4203,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_13(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_02(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4427,9 +4224,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_99( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_28( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_13(v); + return compress_02(v); } /** @@ -4438,7 +4235,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_130(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_020(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4460,8 +4257,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_990(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_130(v); +compress_0d_280(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_020(v); } /** @@ -4470,14 +4267,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_210( +static KRML_MUSTINLINE void compress_then_serialize_11_880( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_990(to_unsigned_representative_57(re->coefficients[i0])); + compress_0d_280(to_unsigned_representative_db(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4495,10 +4292,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_960( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_890( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_210(re, uu____0); + compress_then_serialize_11_880(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4514,7 +4311,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_6e1( +static void compress_then_serialize_u_141( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4530,7 +4327,7 @@ static void compress_then_serialize_u_6e1( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_960(&re, ret); + compress_then_serialize_ring_element_u_890(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4542,7 +4339,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_131(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_021(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4564,8 +4361,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_991(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_131(v); +compress_0d_281(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_021(v); } /** @@ -4574,14 +4371,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_1e( +static KRML_MUSTINLINE void compress_then_serialize_4_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_991(to_unsigned_representative_57(re.coefficients[i0])); + compress_0d_281(to_unsigned_representative_db(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4597,7 +4394,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_132(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_022(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4619,8 +4416,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_992(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_132(v); +compress_0d_282(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_022(v); } /** @@ -4629,14 +4426,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_d3( +static KRML_MUSTINLINE void compress_then_serialize_5_00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_992(to_unsigned_representative_57(re.coefficients[i0])); + compress_0d_282(to_unsigned_representative_db(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4653,54 +4450,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_bc0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_870( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_d3(re, out); + compress_then_serialize_5_00(re, out); } /** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics @@ -4717,15 +4473,24 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_781( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { +static void encrypt_831(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; + deserialize_ring_elements_reduced_0c3( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), + t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + sample_matrix_A_381(ret0, false, A); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_a71(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_fc1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4735,7 +4500,7 @@ static void encrypt_unpacked_781( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_f11(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_c71(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4746,251 +4511,45 @@ static void encrypt_unpacked_781( PRF_f1_ee4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_34( + sample_from_binomial_distribution_c6( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_e41(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_891(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_5e(copy_of_message); + deserialize_then_decompress_message_cd(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_691(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_ca1(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_6e1( + compress_then_serialize_u_141( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_bc0( + compress_then_serialize_ring_element_v_870( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] +with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_511( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_f1_e41(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_unpacked_781(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_2d1(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void entropy_preprocess_d8_62(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - randomness, uint8_t); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b73( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_8d();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_b0(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_b41(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_b73( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - sample_matrix_A_051(ret0, false, A); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_a71(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = - sample_ring_element_cbd_f11(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; - memcpy( - error_1, uu____3.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_f1_ee4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_34( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_e41(A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_5e(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_691(t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; - memcpy( - uu____5, u, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_6e1( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, - (size_t)1408U, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_bc0( - uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::MlKem)} */ -/** -A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -*/ -static KRML_MUSTINLINE void kdf_d8_8d(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_5f(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5017,11 +4576,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_511( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_62( + entropy_preprocess_d8_77( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5031,7 +4590,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_511( size_t); uint8_t ret[32U]; H_f1_1a1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_331(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f11(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5045,19 +4604,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_511( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_331(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f11(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_b41(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_831(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_2d1(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_a91(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_8d(shared_secret, shared_secret_array); + kdf_d8_5f(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -5069,6 +4628,71 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_511( return lit; } +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 +deserialize_to_uncompressed_ring_element_8c(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_411( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_ea();); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(secret_key, uint8_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_to_uncompressed_ring_element_8c(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $4size_t +*/ +typedef struct IndCpaPrivateKeyUnpacked_42_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; +} IndCpaPrivateKeyUnpacked_42; + /** A monomorphic instance of libcrux_ml_kem.vector.portable.compress.decompress_ciphertext_coefficient with @@ -5076,7 +4700,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_05( +decompress_ciphertext_coefficient_6b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5101,9 +4725,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_83( +decompress_ciphertext_coefficient_0d_5a( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_05(v); + return decompress_ciphertext_coefficient_6b(v); } /** @@ -5113,8 +4737,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_c6(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); +deserialize_then_decompress_10_0a(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -5123,7 +4747,7 @@ deserialize_then_decompress_10_c6(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_83(coefficient); + decompress_ciphertext_coefficient_0d_5a(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5136,7 +4760,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_050( +decompress_ciphertext_coefficient_6b0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5161,9 +4785,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_830( +decompress_ciphertext_coefficient_0d_5a0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_050(v); + return decompress_ciphertext_coefficient_6b0(v); } /** @@ -5173,8 +4797,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_ca(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); +deserialize_then_decompress_11_20(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -5183,7 +4807,7 @@ deserialize_then_decompress_11_ca(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_830(coefficient); + decompress_ciphertext_coefficient_0d_5a0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5196,8 +4820,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_420(Eurydice_slice serialized) { - return deserialize_then_decompress_11_ca(serialized); +deserialize_then_decompress_ring_element_u_120(Eurydice_slice serialized) { + return deserialize_then_decompress_11_20(serialized); } /** @@ -5206,17 +4830,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_c80( +static KRML_MUSTINLINE void ntt_vector_u_540( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_a6(&zeta_i, re); - ntt_at_layer_2_23(&zeta_i, re); - ntt_at_layer_1_43(&zeta_i, re); - poly_barrett_reduce_89_61(re); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_fd(&zeta_i, re); + ntt_at_layer_2_ad(&zeta_i, re); + ntt_at_layer_1_a2(&zeta_i, re); + poly_barrett_reduce_89_8b(re); } /** @@ -5231,12 +4855,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_1e1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_a31( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_8d();); + u_as_ntt[i] = ZERO_89_ea();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -5254,8 +4878,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1e1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_420(u_bytes); - ntt_vector_u_c80(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_120(u_bytes); + ntt_vector_u_540(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5269,7 +4893,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_051( +decompress_ciphertext_coefficient_6b1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5294,9 +4918,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_831( +decompress_ciphertext_coefficient_0d_5a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_051(v); + return decompress_ciphertext_coefficient_6b1(v); } /** @@ -5306,8 +4930,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_9d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); +deserialize_then_decompress_4_37(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -5316,7 +4940,7 @@ deserialize_then_decompress_4_9d(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_831(coefficient); + decompress_ciphertext_coefficient_0d_5a1(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5329,7 +4953,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_052( +decompress_ciphertext_coefficient_6b2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5354,9 +4978,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_832( +decompress_ciphertext_coefficient_0d_5a2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_052(v); + return decompress_ciphertext_coefficient_6b2(v); } /** @@ -5366,8 +4990,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_89(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); +deserialize_then_decompress_5_60(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5376,7 +5000,7 @@ deserialize_then_decompress_5_89(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_832(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_5a2(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5389,8 +5013,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_220(Eurydice_slice serialized) { - return deserialize_then_decompress_5_89(serialized); +deserialize_then_decompress_ring_element_v_010(Eurydice_slice serialized) { + return deserialize_then_decompress_5_60(serialized); } /** @@ -5404,7 +5028,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_84(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_a2(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5435,17 +5059,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_3f1( +compute_message_e71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_ea(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_e81(&result, &product);); - invert_ntt_montgomery_b51(&result); - result = subtract_reduce_89_84(v, result); + ntt_multiply_89_2a(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_841(&result, &product);); + invert_ntt_montgomery_7b1(&result); + result = subtract_reduce_89_a2(v, result); return result; } @@ -5455,13 +5079,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_a9( +static KRML_MUSTINLINE void compress_then_serialize_message_1b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_57(re.coefficients[i0]); + to_unsigned_representative_db(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5509,19 +5133,46 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_fe1( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { +static void decrypt_unpacked_a01(IndCpaPrivateKeyUnpacked_42 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_1e1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_a31(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_220( + deserialize_then_decompress_ring_element_v_010( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_3f1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_e71(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_1b(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_941(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; + deserialize_secret_key_411(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + IndCpaPrivateKeyUnpacked_42 secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - compress_then_serialize_message_a9(message, ret0); + decrypt_unpacked_a01(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5551,172 +5202,6 @@ static KRML_MUSTINLINE void PRF_f1_ee3(Eurydice_slice input, uint8_t ret[32U]) { PRF_2b(input, ret); } -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_881( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_fe1(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_f1_e41(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_ea4( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_fd1(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_ee3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_781(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_fd1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_ff(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_d21( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_8d();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_ff(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_861(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_d21(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t ret0[32U]; - decrypt_unpacked_fe1(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5739,7 +5224,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_461( +void libcrux_ml_kem_ind_cca_decapsulate_fd1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5758,7 +5243,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_461( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_861(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_941(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5780,7 +5265,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_461( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_fd1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a61(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_ee3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5790,17 +5275,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_461( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_b41(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_831(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_8d(Eurydice_array_to_slice((size_t)32U, + kdf_d8_5f(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_8d(shared_secret0, shared_secret); + kdf_d8_5f(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_fd1(ciphertext), + libcrux_ml_kem_types_as_ref_00_a61(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5822,12 +5307,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b72( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0c2( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_8d();); + deserialized_pk[i] = ZERO_89_ea();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5839,7 +5324,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b72( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_b0(ring_element); + deserialize_to_reduced_ring_element_6d(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5857,7 +5342,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_870( +static KRML_MUSTINLINE void serialize_secret_key_b50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5875,7 +5360,7 @@ static KRML_MUSTINLINE void serialize_secret_key_870( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_3a(&re, ret0); + serialize_uncompressed_ring_element_5b(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5893,14 +5378,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_040( +static KRML_MUSTINLINE void serialize_public_key_790( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_870(t_as_ntt, ret0); + serialize_secret_key_b50(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5918,15 +5403,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6d0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_3f0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_b72( + deserialize_ring_elements_reduced_0c2( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_040( + serialize_public_key_790( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5935,19 +5420,6 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_6d0(uint8_t *public_key) { (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$2size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$2size_t]] - -*/ -typedef struct tuple_4c0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae snd; -} tuple_4c0; - /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash)} @@ -5971,7 +5443,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_17( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_c0( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -5993,10 +5465,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_080( +static void closure_4b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_8d();); + ret[i] = ZERO_89_ea();); } /** @@ -6132,7 +5604,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c1( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_db1( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6244,7 +5716,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c2( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_db2( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6283,9 +5755,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2f0( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_040( int16_t s[272U]) { - return from_i16_array_89_ca( + return from_i16_array_89_c1( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6296,7 +5768,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_d40( +static KRML_MUSTINLINE void sample_from_xof_3f0( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -6310,7 +5782,7 @@ static KRML_MUSTINLINE void sample_from_xof_d40( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_2c1( + bool done = sample_from_uniform_distribution_next_db1( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -6322,7 +5794,7 @@ static KRML_MUSTINLINE void sample_from_xof_d40( uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_2c2( + done = sample_from_uniform_distribution_next_db2( copy_of_randomness, sampled_coefficients, out); } } @@ -6331,7 +5803,7 @@ static KRML_MUSTINLINE void sample_from_xof_d40( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_2f0(copy_of_out[i]);); + ret0[i] = closure_040(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6344,12 +5816,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_050( +static KRML_MUSTINLINE void sample_matrix_A_380( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_080(A_transpose[i]);); + closure_4b0(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6364,7 +5836,7 @@ static KRML_MUSTINLINE void sample_matrix_A_050( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_d40(copy_of_seeds, sampled); + sample_from_xof_3f0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6437,8 +5909,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_340(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_b0(randomness); +sample_from_binomial_distribution_c60(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_eb(randomness); } /** @@ -6454,11 +5926,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_a70( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_fc0( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_8d();); + re_as_ntt[i] = ZERO_89_ea();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6473,9 +5945,9 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_a70( PRFxN_f1_930(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_340( + re_as_ntt[i0] = sample_from_binomial_distribution_c60( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_28(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_0f(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -6503,7 +5975,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_e80( +static KRML_MUSTINLINE void add_to_ring_element_89_840( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6530,14 +6002,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_cb0( +static KRML_MUSTINLINE void compute_As_plus_e_600( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_8d();); + result[i] = ZERO_89_ea();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6558,10 +6030,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_cb0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_17(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_e80(&result[i1], &product); + ntt_multiply_89_2a(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_840(&result[i1], &product); } - add_standard_error_reduce_89_22(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_03(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -6569,59 +6041,21 @@ static KRML_MUSTINLINE void compute_As_plus_e_cb0( } /** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_c10( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_fc0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_17(key_generation_seed, hashed); + cpa_keygen_seed_d8_c0(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6630,14 +6064,14 @@ static tuple_4c0 generate_keypair_unpacked_c10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - sample_matrix_A_050(ret, true, A_transpose); + sample_matrix_A_380(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_a70(copy_of_prf_input0, 0U); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_fc0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6649,66 +6083,34 @@ static tuple_4c0 generate_keypair_unpacked_c10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_a70(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_fc0(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_cb0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_600(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); + uint8_t public_key_serialized[800U]; + serialize_public_key_790( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + public_key_serialized); + uint8_t secret_key_serialized[768U]; + serialize_secret_key_b50(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[2U] - [2U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); + uint8_t copy_of_secret_key_serialized[768U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static void closure_e70( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_8d();); + uint8_t copy_of_public_key_serialized[800U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)800U * sizeof(uint8_t)); + return lit; } /** @@ -6725,169 +6127,16 @@ static KRML_MUSTINLINE void H_f1_1a0(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 + Serialize the secret key. */ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_2c0(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_4c0 uu____0 = generate_keypair_unpacked_c10(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_e70(A[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_51(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; - memcpy(uu____2, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - uint8_t pk_serialized[800U]; - serialize_public_key_040( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_f1_1a0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_ae uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], -libcrux_ml_kem_variant_MlKem with const generics +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] +with const generics - K= 2 -- PRIVATE_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 +- SERIALIZED_KEY_LEN= 1632 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_d50( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - cpa_keygen_seed_d8_17(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - sample_matrix_A_050(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_a70(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_a70(copy_of_prf_input, domain_separator).fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_cb0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); - uint8_t public_key_serialized[800U]; - serialize_public_key_040( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[768U]; - serialize_secret_key_870(secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[768U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[800U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)800U * sizeof(uint8_t)); - return lit; -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] -with const generics -- K= 2 -- SERIALIZED_KEY_LEN= 1632 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_f4( +static KRML_MUSTINLINE void serialize_kem_secret_key_20( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6951,7 +6200,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_950(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_8c0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6960,13 +6209,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_950(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_d50(ind_cpa_keypair_randomness); + generate_keypair_fc0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_f4( + serialize_kem_secret_key_20( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6975,13 +6224,69 @@ libcrux_ml_kem_ind_cca_generate_keypair_950(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_0b(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_f2(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_9c( - uu____2, libcrux_ml_kem_types_from_b6_b0(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_35( + uu____2, libcrux_ml_kem_types_from_b6_da(copy_of_public_key)); +} + +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void entropy_preprocess_d8_3a(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- PUBLIC_KEY_SIZE= 768 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0c1( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_ea();); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(public_key, uint8_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_to_reduced_ring_element_6d(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** @@ -7029,10 +6334,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_f10(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_c70(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_8d();); + error_1[i] = ZERO_89_ea();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7048,7 +6353,7 @@ sample_ring_element_cbd_f10(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_34( + sample_from_binomial_distribution_c6( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -7085,18 +6390,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_b50( +static KRML_MUSTINLINE void invert_ntt_montgomery_7b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_6e(&zeta_i, re); - invert_ntt_at_layer_2_63(&zeta_i, re); - invert_ntt_at_layer_3_23(&zeta_i, re); - invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_61(re); + invert_ntt_at_layer_1_d2(&zeta_i, re); + invert_ntt_at_layer_2_06(&zeta_i, re); + invert_ntt_at_layer_3_f9(&zeta_i, re); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_8b(re); } /** @@ -7108,14 +6413,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_e40( +static KRML_MUSTINLINE void compute_vector_u_890( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_8d();); + result[i] = ZERO_89_ea();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7135,11 +6440,11 @@ static KRML_MUSTINLINE void compute_vector_u_e40( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_17(a_element, &r_as_ntt[j]); - add_to_ring_element_89_e80(&result[i1], &product); + ntt_multiply_89_2a(a_element, &r_as_ntt[j]); + add_to_ring_element_89_840(&result[i1], &product); } - invert_ntt_montgomery_b50(&result[i1]); - add_error_reduce_89_7a(&result[i1], &error_1[i1]); + invert_ntt_montgomery_7b0(&result[i1]); + add_error_reduce_89_af(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -7156,18 +6461,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_690( +compute_ring_element_v_ca0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_ea(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_e80(&result, &product);); - invert_ntt_montgomery_b50(&result); - result = add_message_error_reduce_89_e6(error_2, message, result); + ntt_multiply_89_2a(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_840(&result, &product);); + invert_ntt_montgomery_7b0(&result); + result = add_message_error_reduce_89_63(error_2, message, result); return result; } @@ -7177,14 +6482,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_b3( +static KRML_MUSTINLINE void compress_then_serialize_10_5b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_99(to_unsigned_representative_57(re->coefficients[i0])); + compress_0d_28(to_unsigned_representative_db(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -7202,10 +6507,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_96( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_89( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_b3(re, uu____0); + compress_then_serialize_10_5b(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -7221,7 +6526,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_6e0( +static void compress_then_serialize_u_140( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7237,7 +6542,7 @@ static void compress_then_serialize_u_6e0( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_96(&re, ret); + compress_then_serialize_ring_element_u_89(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7250,54 +6555,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_bc( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_87( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_1e(re, out); + compress_then_serialize_4_3c(re, out); } /** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics @@ -7314,15 +6578,24 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_780( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { +static void encrypt_830(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; + deserialize_ring_elements_reduced_0c1( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), + t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + sample_matrix_A_380(ret0, false, A); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_a70(copy_of_prf_input0, 0U); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_fc0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -7332,7 +6605,7 @@ static void encrypt_unpacked_780( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_f10(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_c70(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7343,38 +6616,57 @@ static void encrypt_unpacked_780( PRF_f1_ee2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_34( + sample_from_binomial_distribution_c6( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_e40(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_890(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_5e(copy_of_message); + deserialize_then_decompress_message_cd(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_690(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_ca0(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_6e0( + compress_then_serialize_u_140( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_bc( + compress_then_serialize_ring_element_v_87( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +*/ +static KRML_MUSTINLINE void kdf_d8_14(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 2 - CIPHERTEXT_SIZE= 768 - PUBLIC_KEY_SIZE= 800 @@ -7389,19 +6681,25 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_510( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_d8_3a( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + uint8_t ret[32U]; + H_f1_1a0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f1(public_key), + uint8_t), + ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; G_f1_e40(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( @@ -7410,23 +6708,21 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_510( Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____2 = - &public_key->ind_cpa_public_key; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_780(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); + encrypt_830(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_2d(copy_of_ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = + libcrux_ml_kem_types_from_01_a9(copy_of_ciphertext); + uint8_t shared_secret_array[32U]; + kdf_d8_14(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -7438,282 +6734,97 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_510( } /** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::MlKem)} + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. */ /** -A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_3b(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - randomness, uint8_t); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 768 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b71( - Eurydice_slice public_key, +static KRML_MUSTINLINE void deserialize_secret_key_410( + Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_8d();); + secret_as_ntt[i] = ZERO_89_ea();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_b0(ring_element); - deserialized_pk[i0] = uu____0; + deserialize_to_uncompressed_ring_element_8c(secret_bytes); + secret_as_ntt[i0] = uu____0; } memcpy( - ret, deserialized_pk, + ret, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_b40(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_b71( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - sample_matrix_A_050(ret0, false, A); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_a70(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = - sample_ring_element_cbd_f10(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; - memcpy( - error_1, uu____3.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_f1_ee2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_34( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_e40(A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_5e(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_690(t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; - memcpy( - uu____5, u, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_6e0( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_bc( - uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -*/ -static KRML_MUSTINLINE void kdf_d8_3d(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], -libcrux_ml_kem_variant_MlKem with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_510( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_d8_3b( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - uint8_t ret[32U]; - H_f1_1a0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_33(public_key), - uint8_t), - ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); - uint8_t hashed[64U]; - G_f1_e40(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_33(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_b40(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_2d(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_d8_3d(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_42(Eurydice_slice serialized) { - return deserialize_then_decompress_10_c6(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void ntt_vector_u_c8( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_a6(&zeta_i, re); - ntt_at_layer_2_23(&zeta_i, re); - ntt_at_layer_1_43(&zeta_i, re); - poly_barrett_reduce_89_61(re); -} - -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $2size_t +*/ +typedef struct IndCpaPrivateKeyUnpacked_ae_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; +} IndCpaPrivateKeyUnpacked_ae; + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 +deserialize_then_decompress_ring_element_u_12(Eurydice_slice serialized) { + return deserialize_then_decompress_10_0a(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void ntt_vector_u_54( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_fd(&zeta_i, re); + ntt_at_layer_2_ad(&zeta_i, re); + ntt_at_layer_1_a2(&zeta_i, re); + poly_barrett_reduce_89_8b(re); +} + +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics - K= 2 - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_1e0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_a30( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_8d();); + u_as_ntt[i] = ZERO_89_ea();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7731,8 +6842,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1e0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_42(u_bytes); - ntt_vector_u_c8(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_12(u_bytes); + ntt_vector_u_54(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7746,8 +6857,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_22(Eurydice_slice serialized) { - return deserialize_then_decompress_4_9d(serialized); +deserialize_then_decompress_ring_element_v_01(Eurydice_slice serialized) { + return deserialize_then_decompress_4_37(serialized); } /** @@ -7763,17 +6874,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_3f0( +compute_message_e70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_ea(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_e80(&result, &product);); - invert_ntt_montgomery_b50(&result); - result = subtract_reduce_89_84(v, result); + ntt_multiply_89_2a(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_840(&result, &product);); + invert_ntt_montgomery_7b0(&result); + result = subtract_reduce_89_a2(v, result); return result; } @@ -7811,19 +6922,46 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_fe0( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { +static void decrypt_unpacked_a00(IndCpaPrivateKeyUnpacked_ae *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_1e0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_a30(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_22( + deserialize_then_decompress_ring_element_v_01( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_3f0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_e70(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_1b(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_940(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; + deserialize_secret_key_410(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + IndCpaPrivateKeyUnpacked_ae secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - compress_then_serialize_message_a9(message, ret0); + decrypt_unpacked_a00(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7842,10 +6980,10 @@ static KRML_MUSTINLINE void PRF_f1_ee1(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 2 - SECRET_KEY_SIZE= 1632 - CPA_SECRET_KEY_SIZE= 768 @@ -7863,224 +7001,80 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_880( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, +void libcrux_ml_kem_ind_cca_decapsulate_fd0( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), + (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_unpacked_fe0(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); + decrypt_940(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; G_f1_e40(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_ea0( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_fd(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a6(ciphertext), uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; + uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_ee1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = - &key_pair->public_key.ind_cpa_public_key; + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_780(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_fd(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); + encrypt_830(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_d8_14(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_d8_14(shared_secret0, shared_secret); uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_a6(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), - selector, ret0); + ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } /** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_d20( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_8d();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_ff(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_860(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_d20(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t ret0[32U]; - decrypt_unpacked_fe0(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], -libcrux_ml_kem_variant_MlKem with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_460( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), - (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_860(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); - uint8_t hashed[64U]; - G_f1_e40(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_fd(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_ee1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_b40(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_3d(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_d8_3d(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_fd(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. */ /** A monomorphic instance of @@ -8089,12 +7083,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b70( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0c0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_8d();); + deserialized_pk[i] = ZERO_89_ea();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8106,7 +7100,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b70( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_b0(ring_element); + deserialize_to_reduced_ring_element_6d(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8124,7 +7118,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_87( +static KRML_MUSTINLINE void serialize_secret_key_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -8142,7 +7136,7 @@ static KRML_MUSTINLINE void serialize_secret_key_87( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_3a(&re, ret0); + serialize_uncompressed_ring_element_5b(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -8160,14 +7154,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_04( +static KRML_MUSTINLINE void serialize_public_key_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_87(t_as_ntt, ret0); + serialize_secret_key_b5(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -8185,15 +7179,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6d(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_3f(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_b70( + deserialize_ring_elements_reduced_0c0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_04( + serialize_public_key_79( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -8202,19 +7196,6 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_6d(uint8_t *public_key) { (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]] - -*/ -typedef struct tuple_9b_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 snd; -} tuple_9b; - /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash)} @@ -8238,7 +7219,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_68( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_0e( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -8260,10 +7241,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_08( +static void closure_4b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_8d();); + ret[i] = ZERO_89_ea();); } /** @@ -8399,7 +7380,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_db( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -8511,7 +7492,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c0( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_db0( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -8550,9 +7531,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2f( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_04( int16_t s[272U]) { - return from_i16_array_89_ca( + return from_i16_array_89_c1( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -8563,7 +7544,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_d4( +static KRML_MUSTINLINE void sample_from_xof_3f( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -8577,7 +7558,7 @@ static KRML_MUSTINLINE void sample_from_xof_d4( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_2c( + bool done = sample_from_uniform_distribution_next_db( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -8589,7 +7570,7 @@ static KRML_MUSTINLINE void sample_from_xof_d4( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_2c0( + done = sample_from_uniform_distribution_next_db0( copy_of_randomness, sampled_coefficients, out); } } @@ -8598,7 +7579,7 @@ static KRML_MUSTINLINE void sample_from_xof_d4( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_2f(copy_of_out[i]);); + ret0[i] = closure_04(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8611,12 +7592,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_05( +static KRML_MUSTINLINE void sample_matrix_A_38( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_08(A_transpose[i]);); + closure_4b(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -8631,7 +7612,7 @@ static KRML_MUSTINLINE void sample_matrix_A_05( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_d4(copy_of_seeds, sampled); + sample_from_xof_3f(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8710,11 +7691,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_a7( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_fc( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_8d();); + re_as_ntt[i] = ZERO_89_ea();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8729,9 +7710,9 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_a7( PRFxN_f1_93(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_34( + re_as_ntt[i0] = sample_from_binomial_distribution_c6( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_28(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_0f(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -8759,7 +7740,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_e8( +static KRML_MUSTINLINE void add_to_ring_element_89_84( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8786,14 +7767,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_cb( +static KRML_MUSTINLINE void compute_As_plus_e_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_8d();); + result[i] = ZERO_89_ea();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8814,10 +7795,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_cb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_17(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_e8(&result[i1], &product); + ntt_multiply_89_2a(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_84(&result[i1], &product); } - add_standard_error_reduce_89_22(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_03(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -8825,59 +7806,21 @@ static KRML_MUSTINLINE void compute_As_plus_e_cb( } /** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_c1( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_fc( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_68(key_generation_seed, hashed); + cpa_keygen_seed_d8_0e(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8886,14 +7829,14 @@ static tuple_9b generate_keypair_unpacked_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - sample_matrix_A_05(ret, true, A_transpose); + sample_matrix_A_38(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_a7(copy_of_prf_input0, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_fc(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -8905,66 +7848,34 @@ static tuple_9b generate_keypair_unpacked_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_a7(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_fc(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_cb(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_60(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); + uint8_t public_key_serialized[1184U]; + serialize_public_key_79( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key_b5(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_e7( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_8d();); + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + return lit; } /** @@ -8981,169 +7892,16 @@ static KRML_MUSTINLINE void H_f1_1a(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 + Serialize the secret key. */ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_2c(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_9b uu____0 = generate_keypair_unpacked_c1(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_e7(A[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_51(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t pk_serialized[1184U]; - serialize_public_key_04( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_f1_1a(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], -libcrux_ml_kem_variant_MlKem with const generics +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics - K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 +- SERIALIZED_KEY_LEN= 2400 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_d5( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - cpa_keygen_seed_d8_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - sample_matrix_A_05(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_a7(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_a7(copy_of_prf_input, domain_separator).fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_cb(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); - uint8_t public_key_serialized[1184U]; - serialize_public_key_04( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_87(secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1152U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1184U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_de( +static KRML_MUSTINLINE void serialize_kem_secret_key_48( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -9207,7 +7965,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_95(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_8c(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -9216,13 +7974,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_95(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_d5(ind_cpa_keypair_randomness); + generate_keypair_fc(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_de( + serialize_kem_secret_key_48( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -9231,13 +7989,69 @@ libcrux_ml_kem_ind_cca_generate_keypair_95(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_0b0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_f20(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_9c0( - uu____2, libcrux_ml_kem_types_from_b6_b00(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_350( + uu____2, libcrux_ml_kem_types_from_b6_da0(copy_of_public_key)); +} + +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void entropy_preprocess_d8_63(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0c( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_ea();); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(public_key, uint8_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_to_reduced_ring_element_6d(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** @@ -9253,10 +8067,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_f1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_c7(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_8d();); + error_1[i] = ZERO_89_ea();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -9272,7 +8086,7 @@ sample_ring_element_cbd_f1(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_34( + sample_from_binomial_distribution_c6( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -9309,362 +8123,124 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_b5( +static KRML_MUSTINLINE void invert_ntt_montgomery_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_6e(&zeta_i, re); - invert_ntt_at_layer_2_63(&zeta_i, re); - invert_ntt_at_layer_3_23(&zeta_i, re); - invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_3b(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_61(re); -} - -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_vector_u_e4( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_8d();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_17(a_element, &r_as_ntt[j]); - add_to_ring_element_89_e8(&result[i1], &product); - } - invert_ntt_montgomery_b5(&result[i1]); - add_error_reduce_89_7a(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + invert_ntt_at_layer_1_d2(&zeta_i, re); + invert_ntt_at_layer_2_06(&zeta_i, re); + invert_ntt_at_layer_3_f9(&zeta_i, re); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_8b(re); } /** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_69( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_e8(&result, &product);); - invert_ntt_montgomery_b5(&result); - result = add_message_error_reduce_89_e6(error_2, message, result); - return result; -} - -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_6e( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_96(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); - } -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_78( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_a7(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = - sample_ring_element_cbd_f1(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_f1_ee0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_34( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_e4(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_5e(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_69(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_6e( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_bc( - uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_51( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_f1_e4(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_unpacked_78(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_2d0(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_vector_u_89( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_ea();); + for (size_t i0 = (size_t)0U; + i0 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = + ntt_multiply_89_2a(a_element, &r_as_ntt[j]); + add_to_ring_element_89_84(&result[i1], &product); + } + invert_ntt_montgomery_7b(&result[i1]); + add_error_reduce_89_af(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::MlKem)} + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message */ /** -A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_f0(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - randomness, uint8_t); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 +compute_ring_element_v_ca( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_ea(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = + ntt_multiply_89_2a(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_84(&result, &product);); + invert_ntt_montgomery_7b(&result); + result = add_message_error_reduce_89_63(error_2, message, result); + return result; } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + Call [`compress_then_serialize_ring_element_u`] on each ring element. */ /** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1152 +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics - K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b7( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_8d();); +static void compress_then_serialize_u_14( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], + Eurydice_slice out) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_b0(ring_element); - deserialized_pk[i0] = uu____0; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_89(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** @@ -9685,10 +8261,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_b4(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_83(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_b7( + deserialize_ring_elements_reduced_0c( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -9696,13 +8272,13 @@ static void encrypt_b4(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - sample_matrix_A_05(ret0, false, A); + sample_matrix_A_38(ret0, false, A); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_a7(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_fc(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -9712,7 +8288,7 @@ static void encrypt_b4(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_f1(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_c7(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -9723,28 +8299,28 @@ static void encrypt_b4(Eurydice_slice public_key, uint8_t message[32U], PRF_f1_ee0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_34( + sample_from_binomial_distribution_c6( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_e4(A, r_as_ntt, error_1, u); + compute_vector_u_89(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_5e(copy_of_message); + deserialize_then_decompress_message_cd(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_69(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_ca(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_6e( + compress_then_serialize_u_14( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_bc( + compress_then_serialize_ring_element_v_87( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -9761,7 +8337,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_86(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_41(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -9788,11 +8364,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_51( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_f0( + entropy_preprocess_d8_63( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -9802,7 +8378,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_51( size_t); uint8_t ret[32U]; H_f1_1a(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_330(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f10(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -9816,19 +8392,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_51( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_330(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f10(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_b4(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_83(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_2d0(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_a90(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_86(shared_secret, shared_secret_array); + kdf_d8_41(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -9840,6 +8416,50 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_51( return lit; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_41( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_ea();); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(secret_key, uint8_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_to_uncompressed_ring_element_8c(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct IndCpaPrivateKeyUnpacked_f8_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; +} IndCpaPrivateKeyUnpacked_f8; + /** Call [`deserialize_then_decompress_ring_element_u`] on each ring element in the `ciphertext`. @@ -9852,12 +8472,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_1e( +static KRML_MUSTINLINE void deserialize_then_decompress_u_a3( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_8d();); + u_as_ntt[i] = ZERO_89_ea();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -9875,8 +8495,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1e( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_42(u_bytes); - ntt_vector_u_c8(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_12(u_bytes); + ntt_vector_u_54(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -9896,17 +8516,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_3f( +compute_message_e7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_ea(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_e8(&result, &product);); - invert_ntt_montgomery_b5(&result); - result = subtract_reduce_89_84(v, result); + ntt_multiply_89_2a(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_84(&result, &product);); + invert_ntt_montgomery_7b(&result); + result = subtract_reduce_89_a2(v, result); return result; } @@ -9944,151 +8564,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_fe( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { +static void decrypt_unpacked_a0(IndCpaPrivateKeyUnpacked_f8 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_1e(ciphertext, u_as_ntt); + deserialize_then_decompress_u_a3(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_22( + deserialize_then_decompress_ring_element_v_01( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_3f(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_a9(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF_f1 -with const generics -- K= 3 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_f1_ee(Eurydice_slice input, uint8_t ret[32U]) { - PRF_2b(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_88( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_fe(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_f1_e4(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_ea3( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_fd0(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_ee(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_78(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_fd0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); + compute_message_e7(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); + compress_then_serialize_message_1b(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_d2( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_8d();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_ff(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10099,25 +8589,38 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_86(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_94(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_d2(secret_key, secret_as_ntt); + deserialize_secret_key_41(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - secret_key_unpacked; + IndCpaPrivateKeyUnpacked_f8 secret_key_unpacked; memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_fe(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_a0(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::portable::PortableHash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF_f1 +with const generics +- K= 3 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_f1_ee(Eurydice_slice input, uint8_t ret[32U]) { + PRF_2b(input, ret); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -10140,7 +8643,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_46( +void libcrux_ml_kem_ind_cca_decapsulate_fd( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -10158,7 +8661,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_46( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_86(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_94(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -10180,7 +8683,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_46( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_fd0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a60(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_ee(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -10190,16 +8693,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_46( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_b4(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_83(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_86(Eurydice_array_to_slice((size_t)32U, + kdf_d8_41(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_86(shared_secret0, shared_secret); + kdf_d8_41(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_fd0(ciphertext), + libcrux_ml_kem_types_as_ref_00_a60(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 57830eca7..842002efe 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __libcrux_mlkem_portable_H @@ -635,183 +635,6 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_clone_3b( libcrux_ml_kem_vector_portable_vector_type_PortableVector *self); -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { - libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_42_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_42; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_42 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_ae_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_ae; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_ae private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8; - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 4f45438c4..413cb8cfa 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index f242d58ae..0faa15823 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index f47df6dee..1b23ca31d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index e38d13c86..1630106cf 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 9c567ccc1..aed8b3ad4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -7,16 +7,17 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #include "libcrux_sha3_neon.h" /** - A portable SHA3 512 implementation. + A portable SHA3 224 implementation. */ -void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { +KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, + Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -25,7 +26,28 @@ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { /** A portable SHA3 256 implementation. */ -void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { +KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, + Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +/** + A portable SHA3 384 implementation. +*/ +KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, + Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +/** + A portable SHA3 512 implementation. +*/ +KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, + Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -67,11 +89,11 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( } /** - Squeeze 2 times the next block in parallel in the + Squeeze 2 times the first three blocks in parallel in the [`KeccakState`] and return the output in `out0` and `out1`. */ KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -80,34 +102,14 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( } /** - Squeeze 2 times the first three blocks in parallel in the + Squeeze 2 times the next block in parallel in the [`KeccakState`] and return the output in `out0` and `out1`. */ KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } - -/** - A portable SHA3 224 implementation. -*/ -KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - A portable SHA3 384 implementation. -*/ -KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index ec6db46b1..f2144bb1f 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe */ #ifndef __libcrux_sha3_neon_H @@ -23,15 +23,25 @@ extern "C" { #include "libcrux_sha3_internal.h" /** - A portable SHA3 512 implementation. + A portable SHA3 224 implementation. */ -void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); +void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); /** A portable SHA3 256 implementation. */ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); +/** + A portable SHA3 384 implementation. +*/ +void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); + +/** + A portable SHA3 512 implementation. +*/ +void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); + /** Run SHAKE256 on both inputs in parallel. @@ -58,31 +68,21 @@ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( Eurydice_slice data1); /** - Squeeze 2 times the next block in parallel in the + Squeeze 2 times the first three blocks in parallel in the [`KeccakState`] and return the output in `out0` and `out1`. */ -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); /** - Squeeze 2 times the first three blocks in parallel in the + Squeeze 2 times the next block in parallel in the [`KeccakState`] and return the output in `out0` and `out1`. */ -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); -/** - A portable SHA3 224 implementation. -*/ -void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); - -/** - A portable SHA3 384 implementation. -*/ -void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/tests/mlkem768.cc b/libcrux-ml-kem/c/tests/mlkem768.cc index 0419c7a37..385492af1 100644 --- a/libcrux-ml-kem/c/tests/mlkem768.cc +++ b/libcrux-ml-kem/c/tests/mlkem768.cc @@ -203,6 +203,7 @@ TEST(MlKem768TestPortable, ConsistencyTest) LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); } +#ifdef LIBCRUX_UNPACKED TEST(MlKem768TestPortableUnpacked, ConsistencyTest) { uint8_t randomness[64]; @@ -221,6 +222,7 @@ TEST(MlKem768TestPortableUnpacked, ConsistencyTest) sharedSecret2, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); } +#endif // #ifdef LIBCRUX_UNPACKED TEST(Kyber768TestPortable, ModifiedCiphertextTest) { @@ -336,6 +338,7 @@ TEST(MlKem768TestPortable, NISTKnownAnswerTest) } } +#ifdef LIBCRUX_UNPACKED TEST(MlKem768TestPortableUnpacked, NISTKnownAnswerTest) { // XXX: This should be done in a portable way. @@ -370,6 +373,7 @@ TEST(MlKem768TestPortableUnpacked, NISTKnownAnswerTest) LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); } } +#endif // #ifdef LIBCRUX_UNPACKED #ifdef LIBCRUX_X64 #include "libcrux_mlkem768_avx2.h" @@ -504,6 +508,7 @@ TEST(MlKem768TestAvx2, NISTKnownAnswerTest) } } +#ifdef LIBCRUX_UNPACKED TEST(MlKem768TestAvx2Unpacked, NISTKnownAnswerTest) { // XXX: This should be done in a portable way. @@ -538,6 +543,8 @@ TEST(MlKem768TestAvx2Unpacked, NISTKnownAnswerTest) LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); } } +#endif // #ifdef LIBCRUX_UNPACKED + #endif // LIBCRUX_X64 #ifdef LIBCRUX_AARCH64 From 4c340d504eb87a212298066874b22d45726e538c Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 21 Aug 2024 11:52:26 +0000 Subject: [PATCH 081/172] enable unpacked features on docs.rs --- libcrux-ml-kem/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index eef3b10fe..c967a416b 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -79,7 +79,7 @@ name = "keygen" required-features = ["mlkem768"] [package.metadata."docs.rs"] -features = ["pre-verification", "kyber"] +features = ["pre-verification", "kyber", "unpacked"] rustdoc-args = ["--cfg", "doc_cfg"] [lints.rust] From 7d3aa4de53d928af9db06c189a774877d4472c45 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 21 Aug 2024 12:38:00 +0000 Subject: [PATCH 082/172] update mlkem F* extraction --- .../Libcrux_ml_kem.Hash_functions.fsti | 28 +- ...rux_ml_kem.Ind_cca.Instantiations.Avx2.fst | 69 +-- ...ux_ml_kem.Ind_cca.Instantiations.Avx2.fsti | 51 +- ...rux_ml_kem.Ind_cca.Instantiations.Neon.fst | 71 +-- ...ux_ml_kem.Ind_cca.Instantiations.Neon.fsti | 53 +- ...ml_kem.Ind_cca.Instantiations.Portable.fst | 72 +-- ...l_kem.Ind_cca.Instantiations.Portable.fsti | 53 +- .../Libcrux_ml_kem.Ind_cca.Multiplexing.fst | 50 +- .../Libcrux_ml_kem.Ind_cca.Multiplexing.fsti | 18 +- .../Libcrux_ml_kem.Ind_cca.Unpacked.fsti | 34 -- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 557 ++++-------------- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 211 +------ .../Libcrux_ml_kem.Ind_cpa.Unpacked.fsti | 9 - .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 490 +++++++-------- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 137 +---- .../extraction/Libcrux_ml_kem.Matrix.fst | 8 +- .../Libcrux_ml_kem.Mlkem1024.Avx2.fst | 44 +- .../Libcrux_ml_kem.Mlkem1024.Avx2.fsti | 61 +- .../Libcrux_ml_kem.Mlkem1024.Neon.fst | 44 +- .../Libcrux_ml_kem.Mlkem1024.Neon.fsti | 63 +- .../Libcrux_ml_kem.Mlkem1024.Portable.fst | 44 +- .../Libcrux_ml_kem.Mlkem1024.Portable.fsti | 63 +- .../extraction/Libcrux_ml_kem.Mlkem1024.fst | 14 +- .../extraction/Libcrux_ml_kem.Mlkem1024.fsti | 22 +- .../Libcrux_ml_kem.Mlkem512.Avx2.fst | 43 +- .../Libcrux_ml_kem.Mlkem512.Avx2.fsti | 59 +- .../Libcrux_ml_kem.Mlkem512.Neon.fst | 43 +- .../Libcrux_ml_kem.Mlkem512.Neon.fsti | 61 +- .../Libcrux_ml_kem.Mlkem512.Portable.fst | 44 +- .../Libcrux_ml_kem.Mlkem512.Portable.fsti | 61 +- .../extraction/Libcrux_ml_kem.Mlkem512.fst | 14 +- .../extraction/Libcrux_ml_kem.Mlkem512.fsti | 22 +- .../Libcrux_ml_kem.Mlkem768.Avx2.fst | 44 +- .../Libcrux_ml_kem.Mlkem768.Avx2.fsti | 59 +- .../Libcrux_ml_kem.Mlkem768.Neon.fst | 44 +- .../Libcrux_ml_kem.Mlkem768.Neon.fsti | 61 +- .../Libcrux_ml_kem.Mlkem768.Portable.fst | 44 +- .../Libcrux_ml_kem.Mlkem768.Portable.fsti | 61 +- .../extraction/Libcrux_ml_kem.Mlkem768.fst | 14 +- .../extraction/Libcrux_ml_kem.Mlkem768.fsti | 22 +- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 8 +- .../extraction/Libcrux_ml_kem.Polynomial.fst | 5 +- .../extraction/Libcrux_ml_kem.Sampling.fst | 6 +- .../extraction/Libcrux_ml_kem.Serialize.fst | 12 +- .../Libcrux_ml_kem.Types.Unpacked.fsti | 48 -- .../extraction/Libcrux_ml_kem.Types.fsti | 6 +- .../Libcrux_ml_kem.Vector.Avx2.Portable.fst | 351 ----------- .../Libcrux_ml_kem.Vector.Avx2.Portable.fsti | 30 - .../Libcrux_ml_kem.Vector.Avx2.Sampling.fst | 8 +- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 5 +- .../Libcrux_ml_kem.Vector.Neon.Ntt.fst | 24 +- .../Libcrux_ml_kem.Vector.Neon.Serialize.fst | 32 +- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 11 +- .../Libcrux_ml_kem.Vector.Traits.fsti | 146 +++-- .../proofs/fstar/extraction/Makefile | 3 - 55 files changed, 791 insertions(+), 2866 deletions(-) delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.Unpacked.fsti delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti index 738c92632..c8582760b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti @@ -10,40 +10,40 @@ open FStar.Mul /// - NEON /// - Portable class t_Hash (v_Self: Type0) (v_K: usize) = { - f_G_pre:t_Slice u8 -> bool; - f_G_post:t_Slice u8 -> t_Array u8 (sz 64) -> bool; + f_G_pre:t_Slice u8 -> Type0; + f_G_post:t_Slice u8 -> t_Array u8 (sz 64) -> Type0; f_G:x0: t_Slice u8 -> Prims.Pure (t_Array u8 (sz 64)) (f_G_pre x0) (fun result -> f_G_post x0 result); - f_H_pre:t_Slice u8 -> bool; - f_H_post:t_Slice u8 -> t_Array u8 (sz 32) -> bool; + f_H_pre:t_Slice u8 -> Type0; + f_H_post:t_Slice u8 -> t_Array u8 (sz 32) -> Type0; f_H:x0: t_Slice u8 -> Prims.Pure (t_Array u8 (sz 32)) (f_H_pre x0) (fun result -> f_H_post x0 result); - f_PRF_pre:v_LEN: usize -> t_Slice u8 -> bool; - f_PRF_post:v_LEN: usize -> t_Slice u8 -> t_Array u8 v_LEN -> bool; + f_PRF_pre:v_LEN: usize -> t_Slice u8 -> Type0; + f_PRF_post:v_LEN: usize -> t_Slice u8 -> t_Array u8 v_LEN -> Type0; f_PRF:v_LEN: usize -> x0: t_Slice u8 -> Prims.Pure (t_Array u8 v_LEN) (f_PRF_pre v_LEN x0) (fun result -> f_PRF_post v_LEN x0 result); - f_PRFxN_pre:v_LEN: usize -> t_Array (t_Array u8 (sz 33)) v_K -> bool; + f_PRFxN_pre:v_LEN: usize -> t_Array (t_Array u8 (sz 33)) v_K -> Type0; f_PRFxN_post:v_LEN: usize -> t_Array (t_Array u8 (sz 33)) v_K -> t_Array (t_Array u8 v_LEN) v_K - -> bool; + -> Type0; f_PRFxN:v_LEN: usize -> x0: t_Array (t_Array u8 (sz 33)) v_K -> Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) (f_PRFxN_pre v_LEN x0) (fun result -> f_PRFxN_post v_LEN x0 result); - f_shake128_init_absorb_pre:t_Array (t_Array u8 (sz 34)) v_K -> bool; - f_shake128_init_absorb_post:t_Array (t_Array u8 (sz 34)) v_K -> v_Self -> bool; + f_shake128_init_absorb_pre:t_Array (t_Array u8 (sz 34)) v_K -> Type0; + f_shake128_init_absorb_post:t_Array (t_Array u8 (sz 34)) v_K -> v_Self -> Type0; f_shake128_init_absorb:x0: t_Array (t_Array u8 (sz 34)) v_K -> Prims.Pure v_Self (f_shake128_init_absorb_pre x0) (fun result -> f_shake128_init_absorb_post x0 result); - f_shake128_squeeze_three_blocks_pre:v_Self -> bool; + f_shake128_squeeze_three_blocks_pre:v_Self -> Type0; f_shake128_squeeze_three_blocks_post:v_Self -> (v_Self & t_Array (t_Array u8 (sz 504)) v_K) - -> bool; + -> Type0; f_shake128_squeeze_three_blocks:x0: v_Self -> Prims.Pure (v_Self & t_Array (t_Array u8 (sz 504)) v_K) (f_shake128_squeeze_three_blocks_pre x0) (fun result -> f_shake128_squeeze_three_blocks_post x0 result); - f_shake128_squeeze_block_pre:v_Self -> bool; - f_shake128_squeeze_block_post:v_Self -> (v_Self & t_Array (t_Array u8 (sz 168)) v_K) -> bool; + f_shake128_squeeze_block_pre:v_Self -> Type0; + f_shake128_squeeze_block_post:v_Self -> (v_Self & t_Array (t_Array u8 (sz 168)) v_K) -> Type0; f_shake128_squeeze_block:x0: v_Self -> Prims.Pure (v_Self & t_Array (t_Array u8 (sz 168)) v_K) (f_shake128_squeeze_block_pre x0) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst index b0da52091..12985ff96 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -7,10 +7,22 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions.Avx2 in - let open Libcrux_ml_kem.Ind_cca in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Avx2 in () +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE + v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR + v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash + #Libcrux_ml_kem.Variant.t_MlKem public_key randomness + let validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -32,19 +44,7 @@ let decapsulate v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash - #Libcrux_ml_kem.Ind_cca.t_MlKem private_key ciphertext - -let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE - v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR - v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash - #Libcrux_ml_kem.Ind_cca.t_MlKem public_key randomness + #Libcrux_ml_kem.Variant.t_MlKem private_key ciphertext let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: @@ -54,43 +54,4 @@ let generate_keypair Libcrux_ml_kem.Ind_cca.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash - randomness - -let encapsulate_unpacked - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.encapsulate_unpacked v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE - v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash public_key randomness - -let decapsulate_unpacked - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - = - Libcrux_ml_kem.Ind_cca.decapsulate_unpacked v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE - v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE - v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash - key_pair ciphertext - -let generate_keypair_unpacked - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - = - Libcrux_ml_kem.Ind_cca.generate_keypair_unpacked v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash - randomness + #Libcrux_ml_kem.Variant.t_MlKem randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti index 5e93b95fd..cdab1e25f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -7,10 +7,19 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions.Avx2 in - let open Libcrux_ml_kem.Ind_cca in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Avx2 in () +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Portable public key validation val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) @@ -25,15 +34,6 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -val encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Portable generate key pair. val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: @@ -42,34 +42,3 @@ val generate_keypair : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) - -/// Portable encapsualte -val encapsulate_unpacked - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Portable decapsulate -val decapsulate_unpacked - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Unpacked API -val generate_keypair_unpacked - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst index ee22fe76c..30dbbeab8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst @@ -7,10 +7,23 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions.Neon in - let open Libcrux_ml_kem.Ind_cca in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Neon in () +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE + v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR + v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Variant.t_MlKem public_key + randomness + let validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -32,22 +45,9 @@ let decapsulate v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Ind_cca.t_MlKem private_key + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Variant.t_MlKem private_key ciphertext -let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE - v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR - v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Ind_cca.t_MlKem public_key - randomness - let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) @@ -56,43 +56,4 @@ let generate_keypair Libcrux_ml_kem.Ind_cca.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash randomness - -let encapsulate_unpacked - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.encapsulate_unpacked v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE - v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash public_key randomness - -let decapsulate_unpacked - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - = - Libcrux_ml_kem.Ind_cca.decapsulate_unpacked v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE - v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE - v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash key_pair ciphertext - -let generate_keypair_unpacked - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - = - Libcrux_ml_kem.Ind_cca.generate_keypair_unpacked v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash randomness + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Variant.t_MlKem randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti index 5b91ffe69..a1f27b1ab 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti @@ -7,10 +7,19 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions.Neon in - let open Libcrux_ml_kem.Ind_cca in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Neon in () +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Portable public key validation val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) @@ -25,15 +34,6 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -val encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Portable generate key pair. val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: @@ -42,36 +42,3 @@ val generate_keypair : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) - -/// Portable encapsualte -val encapsulate_unpacked - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Portable decapsulate -val decapsulate_unpacked - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Unpacked API -val generate_keypair_unpacked - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst index 793a0358f..1c7e37cca 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -7,10 +7,23 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions.Portable in - let open Libcrux_ml_kem.Ind_cca in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Portable in () +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE + v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR + v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Variant.t_MlKem + public_key randomness + let validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -32,22 +45,9 @@ let decapsulate v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Ind_cca.t_MlKem + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Variant.t_MlKem private_key ciphertext -let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE - v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR - v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Ind_cca.t_MlKem - public_key randomness - let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) @@ -56,43 +56,5 @@ let generate_keypair Libcrux_ml_kem.Ind_cca.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) randomness - -let encapsulate_unpacked - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.encapsulate_unpacked v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE - v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) public_key randomness - -let decapsulate_unpacked - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - = - Libcrux_ml_kem.Ind_cca.decapsulate_unpacked v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE - v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE - v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) key_pair ciphertext - -let generate_keypair_unpacked - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - = - Libcrux_ml_kem.Ind_cca.generate_keypair_unpacked v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) randomness + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Variant.t_MlKem + randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti index 1d56ac04e..1ea820a62 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -7,10 +7,19 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions.Portable in - let open Libcrux_ml_kem.Ind_cca in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Portable in () +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Portable public key validation val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) @@ -25,15 +34,6 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -val encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Portable generate key pair. val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: @@ -42,36 +42,3 @@ val generate_keypair : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) - -/// Portable encapsualte -val encapsulate_unpacked - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Portable decapsulate -val decapsulate_unpacked - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Unpacked API -val generate_keypair_unpacked - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst index 110c7795f..1f6aadbe3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst @@ -3,6 +3,31 @@ module Libcrux_ml_kem.Ind_cca.Multiplexing open Core open FStar.Mul +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + if Libcrux_platform.Platform.simd256_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE + v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE public_key randomness + else + if Libcrux_platform.Platform.simd128_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE + v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE public_key randomness + else + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate v_K v_CIPHERTEXT_SIZE + v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE public_key randomness + let validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -54,31 +79,6 @@ let decapsulate v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE private_key ciphertext -let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - = - if Libcrux_platform.Platform.simd256_support () - then - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE - v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE public_key randomness - else - if Libcrux_platform.Platform.simd128_support () - then - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE - v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE public_key randomness - else - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate v_K v_CIPHERTEXT_SIZE - v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE public_key randomness - let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti index f94109b2d..32b735bc8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti @@ -3,6 +3,15 @@ module Libcrux_ml_kem.Ind_cca.Multiplexing open Core open FStar.Mul +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -15,15 +24,6 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -val encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti deleted file mode 100644 index 8f34bc961..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti +++ /dev/null @@ -1,34 +0,0 @@ -module Libcrux_ml_kem.Ind_cca.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Traits in - () - -/// An unpacked ML-KEM IND-CCA Private Key -type t_MlKemPrivateKeyUnpacked - (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - = { - f_ind_cpa_private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector; - f_implicit_rejection_value:t_Array u8 (sz 32) -} - -/// An unpacked ML-KEM IND-CCA Private Key -type t_MlKemPublicKeyUnpacked - (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - = { - f_ind_cpa_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector; - f_public_key_hash:t_Array u8 (sz 32) -} - -/// An unpacked ML-KEM KeyPair -type t_MlKemKeyPairUnpacked - (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - = { - f_private_key:t_MlKemPrivateKeyUnpacked v_K v_Vector; - f_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector -} diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index e529309e6..29d2222df 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -7,8 +7,8 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in - let open Libcrux_ml_kem.Polynomial in let open Libcrux_ml_kem.Types in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Traits in () @@ -87,12 +87,10 @@ let serialize_kem_secret_key Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - public_key - <: - t_Array u8 (sz 32)) + (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + public_key <: t_Slice u8) <: @@ -158,137 +156,6 @@ let validate_public_key in public_key =. public_key_serialized -let decapsulate - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (#v_Vector #v_Hasher #v_Scheme: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i4: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: t_Variant v_Scheme) - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - = - let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) - v_CPA_SECRET_KEY_SIZE - in - let ind_cpa_public_key, secret_key:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 secret_key v_PUBLIC_KEY_SIZE - in - let ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 secret_key Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE - in - let decrypted:t_Array u8 (sz 32) = - Libcrux_ml_kem.Ind_cpa.decrypt v_K - v_CIPHERTEXT_SIZE - v_C1_SIZE - v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR - #v_Vector - ind_cpa_secret_key - ciphertext.Libcrux_ml_kem.Types.f_value - in - let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize decrypted <: t_Slice u8) - in - let to_hash:t_Array u8 (sz 64) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash - ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize) - (Core.Slice.impl__copy_from_slice #u8 - (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize ] - <: - t_Slice u8) - ind_cpa_public_key_hash - <: - t_Slice u8) - in - let hashed:t_Array u8 (sz 64) = - Libcrux_ml_kem.Hash_functions.f_G #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) - in - let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE - in - let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 - v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = - Libcrux_ml_kem.Utils.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE - implicit_rejection_value - in - let to_hash:t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash - ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize) - (Core.Slice.impl__copy_from_slice #u8 - (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize ] - <: - t_Slice u8) - (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - #(t_Slice u8) - #FStar.Tactics.Typeclasses.solve - ciphertext - <: - t_Slice u8) - <: - t_Slice u8) - in - let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = - Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (sz 32) - (Rust_primitives.unsize to_hash <: t_Slice u8) - in - let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = - Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE - v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher ind_cpa_public_key - decrypted pseudorandomness - in - let implicit_rejection_shared_secret:t_Array u8 (sz 32) = - f_kdf #v_Scheme - #FStar.Tactics.Typeclasses.solve - v_K - v_CIPHERTEXT_SIZE - #v_Hasher - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) - ciphertext - in - let shared_secret:t_Array u8 (sz 32) = - f_kdf #v_Scheme - #FStar.Tactics.Typeclasses.solve - v_K - v_CIPHERTEXT_SIZE - #v_Hasher - shared_secret - ciphertext - in - Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref - #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - #(t_Slice u8) - #FStar.Tactics.Typeclasses.solve - ciphertext - <: - t_Slice u8) - (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) - (Rust_primitives.unsize shared_secret <: t_Slice u8) - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) - let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) @@ -299,19 +166,19 @@ let encapsulate (#[FStar.Tactics.Typeclasses.tcresolve ()] i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: t_Variant v_Scheme) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (randomness: t_Array u8 (sz 32)) = let randomness:t_Array u8 (sz 32) = - f_entropy_preprocess #v_Scheme + Libcrux_ml_kem.Variant.f_entropy_preprocess #v_Scheme #FStar.Tactics.Typeclasses.solve v_K #v_Hasher - (Rust_primitives.unsize randomness <: t_Slice u8) + (randomness <: t_Slice u8) in let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize randomness <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -324,17 +191,10 @@ let encapsulate Core.Ops.Range.t_RangeFrom usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE - public_key - <: - t_Array u8 v_PUBLIC_KEY_SIZE) - <: - t_Slice u8) - <: - t_Array u8 (sz 32)) + (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (Libcrux_ml_kem.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) <: t_Slice u8) <: @@ -344,22 +204,19 @@ let encapsulate Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) + (hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher - (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE public_key - <: - t_Array u8 v_PUBLIC_KEY_SIZE) - <: - t_Slice u8) randomness pseudorandomness + (Libcrux_ml_kem.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) randomness + pseudorandomness in let ciphertext:Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE = Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) @@ -368,7 +225,7 @@ let encapsulate ciphertext in let shared_secret_array:t_Array u8 (sz 32) = - f_kdf #v_Scheme + Libcrux_ml_kem.Variant.f_kdf #v_Scheme #FStar.Tactics.Typeclasses.solve v_K v_CIPHERTEXT_SIZE @@ -380,158 +237,43 @@ let encapsulate <: (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) -let generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: +let decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) - (#v_Vector #v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: - Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#v_Vector #v_Hasher #v_Scheme: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (randomness: t_Array u8 (sz 64)) - = - let ind_cpa_keypair_randomness:t_Slice u8 = - randomness.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - <: - Core.Ops.Range.t_Range usize ] - in - let implicit_rejection_value:t_Slice u8 = - randomness.[ { - Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - <: - Core.Ops.Range.t_RangeFrom usize ] - in - let ind_cpa_private_key, public_key:(t_Array u8 v_CPA_PRIVATE_KEY_SIZE & - t_Array u8 v_PUBLIC_KEY_SIZE) = - Libcrux_ml_kem.Ind_cpa.generate_keypair v_K - v_CPA_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE - v_BYTES_PER_RING_ELEMENT - v_ETA1 - v_ETA1_RANDOMNESS_SIZE - #v_Vector - #v_Hasher - ind_cpa_keypair_randomness - in - let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = - serialize_kem_secret_key v_K - v_PRIVATE_KEY_SIZE - #v_Hasher - (Rust_primitives.unsize ind_cpa_private_key <: t_Slice u8) - (Rust_primitives.unsize public_key <: t_Slice u8) - implicit_rejection_value - in - let (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE):Libcrux_ml_kem.Types.t_MlKemPrivateKey - v_PRIVATE_KEY_SIZE = - Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) - #(t_Array u8 v_PRIVATE_KEY_SIZE) - #FStar.Tactics.Typeclasses.solve - secret_key_serialized - in - Libcrux_ml_kem.Types.impl__from v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE - private_key - (Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - #(t_Array u8 v_PUBLIC_KEY_SIZE) - #FStar.Tactics.Typeclasses.solve - public_key - <: - Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - -let encapsulate_unpacked - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: + i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K v_Vector) - (randomness: t_Array u8 (sz 32)) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = - let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize randomness <: t_Slice u8) - in - let to_hash:t_Array u8 (sz 64) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash - ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize) - (Core.Slice.impl__copy_from_slice #u8 - (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize ] - <: - t_Slice u8) - (Rust_primitives.unsize public_key.Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key_hash - <: - t_Slice u8) - <: - t_Slice u8) - in - let hashed:t_Array u8 (sz 64) = - Libcrux_ml_kem.Hash_functions.f_G #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) - in - let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = + let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE + (private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) + v_CPA_SECRET_KEY_SIZE in - let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = - Libcrux_ml_kem.Ind_cpa.encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE - v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN - v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher - public_key.Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key randomness pseudorandomness + let ind_cpa_public_key, secret_key:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 secret_key v_PUBLIC_KEY_SIZE in - let shared_secret_array:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let shared_secret_array:t_Array u8 (sz 32) = - Core.Slice.impl__copy_from_slice #u8 shared_secret_array shared_secret + let ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 secret_key Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE in - Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - #(t_Array u8 v_CIPHERTEXT_SIZE) - #FStar.Tactics.Typeclasses.solve - ciphertext, - shared_secret_array - <: - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - -let decapsulate_unpacked - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: - Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K v_Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - = let decrypted:t_Array u8 (sz 32) = - Libcrux_ml_kem.Ind_cpa.decrypt_unpacked v_K + Libcrux_ml_kem.Ind_cpa.decrypt v_K v_CIPHERTEXT_SIZE v_C1_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR #v_Vector - key_pair.Libcrux_ml_kem.Ind_cca.Unpacked.f_private_key - .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_private_key + ind_cpa_secret_key ciphertext.Libcrux_ml_kem.Types.f_value in let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize decrypted <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -544,10 +286,7 @@ let decapsulate_unpacked Core.Ops.Range.t_RangeFrom usize ] <: t_Slice u8) - (Rust_primitives.unsize key_pair.Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key - .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key_hash - <: - t_Slice u8) + ind_cpa_public_key_hash <: t_Slice u8) in @@ -555,20 +294,17 @@ let decapsulate_unpacked Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) + (hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = Libcrux_ml_kem.Utils.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE - (Rust_primitives.unsize key_pair.Libcrux_ml_kem.Ind_cca.Unpacked.f_private_key - .Libcrux_ml_kem.Ind_cca.Unpacked.f_implicit_rejection_value - <: - t_Slice u8) + implicit_rejection_value in let to_hash:t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -595,39 +331,54 @@ let decapsulate_unpacked #v_K #FStar.Tactics.Typeclasses.solve (sz 32) - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = - Libcrux_ml_kem.Ind_cpa.encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE - v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher - key_pair.Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key - .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key decrypted pseudorandomness - in - let selector:u8 = - Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_in_constant_time (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext - v_CIPHERTEXT_SIZE) - #(t_Slice u8) - #FStar.Tactics.Typeclasses.solve - ciphertext - <: - t_Slice u8) - (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) + Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE + v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher ind_cpa_public_key + decrypted pseudorandomness + in + let implicit_rejection_shared_secret:t_Array u8 (sz 32) = + Libcrux_ml_kem.Variant.f_kdf #v_Scheme + #FStar.Tactics.Typeclasses.solve + v_K + v_CIPHERTEXT_SIZE + #v_Hasher + (implicit_rejection_shared_secret <: t_Slice u8) + ciphertext + in + let shared_secret:t_Array u8 (sz 32) = + Libcrux_ml_kem.Variant.f_kdf #v_Scheme + #FStar.Tactics.Typeclasses.solve + v_K + v_CIPHERTEXT_SIZE + #v_Hasher + shared_secret + ciphertext in - Libcrux_ml_kem.Constant_time_ops.select_shared_secret_in_constant_time shared_secret - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) - selector + Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref + #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + (expected_ciphertext <: t_Slice u8) + (shared_secret <: t_Slice u8) + (implicit_rejection_shared_secret <: t_Slice u8) -let generate_keypair_unpacked +let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type0) + (#v_Vector #v_Hasher #v_Scheme: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: + i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: + i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) (randomness: t_Array u8 (sz 64)) = let ind_cpa_keypair_randomness:t_Slice u8 = @@ -645,135 +396,33 @@ let generate_keypair_unpacked <: Core.Ops.Range.t_RangeFrom usize ] in - let ind_cpa_private_key, ind_cpa_public_key:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked - v_K v_Vector & - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = - Libcrux_ml_kem.Ind_cpa.generate_keypair_unpacked v_K - v_ETA1 - v_ETA1_RANDOMNESS_SIZE - #v_Vector - #v_Hasher + let ind_cpa_private_key, public_key:(t_Array u8 v_CPA_PRIVATE_KEY_SIZE & + t_Array u8 v_PUBLIC_KEY_SIZE) = + Libcrux_ml_kem.Ind_cpa.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE + v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #v_Vector #v_Hasher #v_Scheme ind_cpa_keypair_randomness in - let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - v_K - (fun v__i -> - let v__i:usize = v__i in - Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K - (fun v__j -> - let v__j:usize = v__j in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - <: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - in - let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) - v_A - (fun v_A i -> - let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - v_K = - v_A - in - let i:usize = i in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) - v_A - (fun v_A j -> - let v_A:t_Array - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - v_A - in - let j:usize = j in - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A - i - (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A.[ i ] - <: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - j - (Core.Clone.f_clone #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement - v_Vector) - #FStar.Tactics.Typeclasses.solve - ((ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A.[ j ] - <: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K).[ i ] - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - <: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - <: - t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - v_K) - <: - t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) - in - let ind_cpa_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = - { ind_cpa_public_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_A = v_A } - <: - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector - in - let pk_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K - v_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - #v_Vector - ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt - (Rust_primitives.unsize ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A - <: - t_Slice u8) + let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = + serialize_kem_secret_key v_K + v_PRIVATE_KEY_SIZE + #v_Hasher + (ind_cpa_private_key <: t_Slice u8) + (public_key <: t_Slice u8) + implicit_rejection_value in - let public_key_hash:t_Array u8 (sz 32) = - Libcrux_ml_kem.Hash_functions.f_H #v_Hasher - #v_K + let (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE):Libcrux_ml_kem.Types.t_MlKemPrivateKey + v_PRIVATE_KEY_SIZE = + Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) + #(t_Array u8 v_PRIVATE_KEY_SIZE) #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize pk_serialized <: t_Slice u8) - in - let (implicit_rejection_value: t_Array u8 (sz 32)):t_Array u8 (sz 32) = - Core.Result.impl__unwrap #(t_Array u8 (sz 32)) - #Core.Array.t_TryFromSliceError - (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (sz 32)) - #FStar.Tactics.Typeclasses.solve - implicit_rejection_value - <: - Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) - in - { - Libcrux_ml_kem.Ind_cca.Unpacked.f_private_key - = - { - Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_private_key = ind_cpa_private_key; - Libcrux_ml_kem.Ind_cca.Unpacked.f_implicit_rejection_value = implicit_rejection_value - } - <: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPrivateKeyUnpacked v_K v_Vector; - Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key - = - { - Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key = ind_cpa_public_key; - Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key_hash = public_key_hash - } - <: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K v_Vector - } - <: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K v_Vector + secret_key_serialized + in + Libcrux_ml_kem.Types.impl__from v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE + private_key + (Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + #(t_Array u8 v_PUBLIC_KEY_SIZE) + #FStar.Tactics.Typeclasses.solve + public_key + <: + Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 62b324762..5815d4a85 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -7,8 +7,8 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in - let open Libcrux_ml_kem.Polynomial in let open Libcrux_ml_kem.Types in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Traits in () @@ -28,13 +28,6 @@ val serialize_kem_secret_key (private_key public_key implicit_rejection_value: t_Slice u8) : Prims.Pure (t_Array u8 v_SERIALIZED_KEY_LEN) Prims.l_True (fun _ -> Prims.l_True) -/// Implements [`Variant`], to perform the ML-KEM-specific actions -/// during encapsulation and decapsulation. -/// Specifically, -/// * during encapsulation, the initial randomness is used without prior hashing, -/// * the derivation of the shared secret does not include a hash of the ML-KEM ciphertext. -type t_MlKem = | MlKem : t_MlKem - val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (#v_Vector: Type0) @@ -42,168 +35,30 @@ val validate_public_key (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// This trait collects differences in specification between ML-KEM -/// (Draft FIPS 203) and the Round 3 CRYSTALS-Kyber submission in the -/// NIST PQ competition. -/// cf. FIPS 203 (Draft), section 1.3 -class t_Variant (v_Self: Type0) = { - f_kdf_pre: - v_K: usize -> - v_CIPHERTEXT_SIZE: usize -> - #v_Hasher: Type0 -> - {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - t_Slice u8 -> - Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE - -> bool; - f_kdf_post: - v_K: usize -> - v_CIPHERTEXT_SIZE: usize -> - #v_Hasher: Type0 -> - {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - t_Slice u8 -> - Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE -> - t_Array u8 (sz 32) - -> bool; - f_kdf: - v_K: usize -> - v_CIPHERTEXT_SIZE: usize -> - #v_Hasher: Type0 -> - {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - x0: t_Slice u8 -> - x1: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE - -> Prims.Pure (t_Array u8 (sz 32)) - (f_kdf_pre v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1) - (fun result -> f_kdf_post v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1 result); - f_entropy_preprocess_pre: - v_K: usize -> - #v_Hasher: Type0 -> - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - t_Slice u8 - -> bool; - f_entropy_preprocess_post: - v_K: usize -> - #v_Hasher: Type0 -> - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - t_Slice u8 -> - t_Array u8 (sz 32) - -> bool; - f_entropy_preprocess: - v_K: usize -> - #v_Hasher: Type0 -> - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - x0: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 32)) - (f_entropy_preprocess_pre v_K #v_Hasher #i3 x0) - (fun result -> f_entropy_preprocess_post v_K #v_Hasher #i3 x0 result) -} - -[@@ FStar.Tactics.Typeclasses.tcinstance] -let impl: t_Variant t_MlKem = - { - f_kdf_pre - = - (fun - (v_K: usize) - (v_CIPHERTEXT_SIZE: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (shared_secret: t_Slice u8) - (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - -> - true); - f_kdf_post - = - (fun - (v_K: usize) - (v_CIPHERTEXT_SIZE: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (shared_secret: t_Slice u8) - (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - (out1: t_Array u8 (sz 32)) - -> - true); - f_kdf - = - (fun - (v_K: usize) - (v_CIPHERTEXT_SIZE: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (shared_secret: t_Slice u8) - (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - -> - let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out shared_secret in - out); - f_entropy_preprocess_pre - = - (fun - (v_K: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (randomness: t_Slice u8) - -> - true); - f_entropy_preprocess_post - = - (fun - (v_K: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (randomness: t_Slice u8) - (out1: t_Array u8 (sz 32)) - -> - true); - f_entropy_preprocess - = - fun - (v_K: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (randomness: t_Slice u8) - -> - let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out randomness in - out - } - -val decapsulate - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (#v_Vector #v_Hasher #v_Scheme: Type0) - {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - {| i5: t_Variant v_Scheme |} - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (#v_Vector #v_Hasher #v_Scheme: Type0) {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - {| i5: t_Variant v_Scheme |} + {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (randomness: t_Array u8 (sz 32)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +val decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (#v_Vector #v_Hasher #v_Scheme: Type0) + {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + /// Packed API /// Generate a key pair. /// Depending on the `Vector` and `Hasher` used, this requires different hardware @@ -211,43 +66,11 @@ val encapsulate val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (#v_Vector #v_Hasher #v_Scheme: Type0) + {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) - -val encapsulate_unpacked - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K v_Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -val decapsulate_unpacked - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K v_Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -val generate_keypair_unpacked - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K v_Vector) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti index 2ee1ef2b7..0211568dc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti @@ -13,12 +13,3 @@ let _ = type t_IndCpaPrivateKeyUnpacked (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} = { f_secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K } - -/// An unpacked ML-KEM IND-CPA Private Key -type t_IndCpaPublicKeyUnpacked - (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - = { - f_t_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K; - f_seed_for_A:t_Array u8 (sz 32); - f_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K -} diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 2dc3193fa..f9cd4aa5c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Traits in () @@ -86,9 +87,7 @@ let sample_ring_element_cbd i (Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 #v_Vector - (Rust_primitives.unsize (prf_outputs.[ i ] <: t_Array u8 v_ETA2_RANDOMNESS_SIZE) - <: - t_Slice u8) + (prf_outputs.[ i ] <: t_Slice u8) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: @@ -175,9 +174,7 @@ let sample_vector_cbd_then_ntt i (Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA #v_Vector - (Rust_primitives.unsize (prf_outputs.[ i ] <: t_Array u8 v_ETA_RANDOMNESS_SIZE) - <: - t_Slice u8) + (prf_outputs.[ i ] <: t_Slice u8) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -251,13 +248,10 @@ let compress_then_serialize_u Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_u - v_COMPRESSION_FACTOR - v_BLOCK_LEN - #v_Vector - re - <: - t_Array u8 v_BLOCK_LEN) + (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_u v_COMPRESSION_FACTOR + v_BLOCK_LEN + #v_Vector + re <: t_Slice u8) <: @@ -292,7 +286,7 @@ let deserialize_then_decompress_u (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) #FStar.Tactics.Typeclasses.solve (Core.Slice.impl__chunks_exact #u8 - (Rust_primitives.unsize ciphertext <: t_Slice u8) + (ciphertext <: t_Slice u8) ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_U_COMPRESSION_FACTOR <: @@ -334,6 +328,125 @@ let deserialize_then_decompress_u in u_as_ntt +let encrypt + (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (public_key: t_Slice u8) + (message: t_Array u8 (sz 32)) + (randomness: t_Slice u8) + = + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_T_AS_NTT_ENCODED_SIZE + v_K + #v_Vector + (public_key.[ { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE } + <: + Core.Ops.Range.t_RangeTo usize ] + <: + t_Slice u8) + in + let seed:t_Slice u8 = + public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + in + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + Libcrux_ml_kem.Matrix.sample_matrix_A v_K + #v_Vector + #v_Hasher + (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed <: t_Array u8 (sz 34)) + false + in + let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = + Libcrux_ml_kem.Utils.into_padded_array (sz 33) randomness + in + let r_as_ntt, domain_separator:(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & + u8) = + sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE #v_Vector #v_Hasher prf_input 0uy + in + let error_1_, domain_separator:(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & + u8) = + sample_ring_element_cbd v_K + v_ETA2_RANDOMNESS_SIZE + v_ETA2 + #v_Vector + #v_Hasher + prf_input + domain_separator + in + let prf_input:t_Array u8 (sz 33) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input (sz 32) domain_separator + in + let (prf_output: t_Array u8 v_ETA2_RANDOMNESS_SIZE):t_Array u8 v_ETA2_RANDOMNESS_SIZE = + Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + v_ETA2_RANDOMNESS_SIZE + (prf_input <: t_Slice u8) + in + let error_2_:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 + #v_Vector + (prf_output <: t_Slice u8) + in + let u:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Libcrux_ml_kem.Matrix.compute_vector_u v_K #v_Vector v_A r_as_ntt error_1_ + in + let message_as_ring_element:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Libcrux_ml_kem.Serialize.deserialize_then_decompress_message #v_Vector message + in + let v:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Libcrux_ml_kem.Matrix.compute_ring_element_v v_K + #v_Vector + tt_as_ntt + r_as_ntt + error_2_ + message_as_ring_element + in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Rust_primitives.Hax.repeat 0uy v_CIPHERTEXT_SIZE in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range ciphertext + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } + <: + Core.Ops.Range.t_Range usize) + (compress_then_serialize_u v_K + v_C1_LEN + v_U_COMPRESSION_FACTOR + v_BLOCK_LEN + #v_Vector + u + (ciphertext.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + <: + t_Slice u8) + in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from ciphertext + ({ Core.Ops.Range.f_start = v_C1_LEN } <: Core.Ops.Range.t_RangeFrom usize) + (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_v v_V_COMPRESSION_FACTOR + v_C2_LEN + #v_Vector + v + (ciphertext.[ { Core.Ops.Range.f_start = v_C1_LEN } <: Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + <: + t_Slice u8) + in + ciphertext + let deserialize_secret_key (v_K: usize) (#v_Vector: Type0) @@ -444,11 +557,7 @@ let serialize_secret_key Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element - #v_Vector - re - <: - t_Array u8 (sz 384)) + (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element #v_Vector re <: t_Slice u8) <: @@ -484,12 +593,7 @@ let serialize_public_key Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (serialize_secret_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - #v_Vector - tt_as_ntt - <: - t_Array u8 v_RANKED_BYTES_PER_RING_ELEMENT) + (serialize_secret_key v_K v_RANKED_BYTES_PER_RING_ELEMENT #v_Vector tt_as_ntt <: t_Slice u8) <: @@ -512,243 +616,28 @@ let serialize_public_key in public_key_serialized -let decrypt_unpacked - (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: - usize) - (#v_Vector: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) - (secret_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector) - (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) - = - let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - deserialize_then_decompress_u v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR #v_Vector ciphertext - in - let v:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Serialize.deserialize_then_decompress_ring_element_v v_V_COMPRESSION_FACTOR - #v_Vector - (ciphertext.[ { Core.Ops.Range.f_start = v_VECTOR_U_ENCODED_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize ] - <: - t_Slice u8) - in - let message:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Matrix.compute_message v_K - #v_Vector - v - secret_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt - u_as_ntt - in - Libcrux_ml_kem.Serialize.compress_then_serialize_message #v_Vector message - -let decrypt - (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: - usize) - (#v_Vector: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) - (secret_key: t_Slice u8) - (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) - = - let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - deserialize_secret_key v_K #v_Vector secret_key - in - let secret_key_unpacked:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector = - { Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt = secret_as_ntt } - <: - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector - in - decrypt_unpacked v_K - v_CIPHERTEXT_SIZE - v_VECTOR_U_ENCODED_SIZE - v_U_COMPRESSION_FACTOR - v_V_COMPRESSION_FACTOR - #v_Vector - secret_key_unpacked - ciphertext - -let encrypt_unpacked - (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: - Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) - (message: t_Array u8 (sz 32)) - (randomness: t_Slice u8) - = - let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = - Libcrux_ml_kem.Utils.into_padded_array (sz 33) randomness - in - let r_as_ntt, domain_separator:(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & - u8) = - sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE #v_Vector #v_Hasher prf_input 0uy - in - let error_1_, domain_separator:(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & - u8) = - sample_ring_element_cbd v_K - v_ETA2_RANDOMNESS_SIZE - v_ETA2 - #v_Vector - #v_Hasher - prf_input - domain_separator - in - let prf_input:t_Array u8 (sz 33) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input (sz 32) domain_separator - in - let (prf_output: t_Array u8 v_ETA2_RANDOMNESS_SIZE):t_Array u8 v_ETA2_RANDOMNESS_SIZE = - Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - v_ETA2_RANDOMNESS_SIZE - (Rust_primitives.unsize prf_input <: t_Slice u8) - in - let error_2_:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 - #v_Vector - (Rust_primitives.unsize prf_output <: t_Slice u8) - in - let u:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Matrix.compute_vector_u v_K - #v_Vector - public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A - r_as_ntt - error_1_ - in - let message_as_ring_element:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Serialize.deserialize_then_decompress_message #v_Vector message - in - let v:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Matrix.compute_ring_element_v v_K - #v_Vector - public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt - r_as_ntt - error_2_ - message_as_ring_element - in - let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Rust_primitives.Hax.repeat 0uy v_CIPHERTEXT_SIZE in - let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range ciphertext - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } - <: - Core.Ops.Range.t_Range usize) - (compress_then_serialize_u v_K - v_C1_LEN - v_U_COMPRESSION_FACTOR - v_BLOCK_LEN - #v_Vector - u - (ciphertext.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - <: - t_Slice u8) - in - let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from ciphertext - ({ Core.Ops.Range.f_start = v_C1_LEN } <: Core.Ops.Range.t_RangeFrom usize) - (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_v v_V_COMPRESSION_FACTOR - v_C2_LEN - #v_Vector - v - (ciphertext.[ { Core.Ops.Range.f_start = v_C1_LEN } <: Core.Ops.Range.t_RangeFrom usize ] - <: - t_Slice u8) - <: - t_Slice u8) - in - ciphertext - -let encrypt - (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: +let generate_keypair + (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: - Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#v_Vector #v_Hasher #v_Scheme: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (public_key: t_Slice u8) - (message: t_Array u8 (sz 32)) - (randomness: t_Slice u8) - = - let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_T_AS_NTT_ENCODED_SIZE - v_K - #v_Vector - (public_key.[ { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE } - <: - Core.Ops.Range.t_RangeTo usize ] - <: - t_Slice u8) - in - let seed:t_Slice u8 = - public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize ] - in - let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Libcrux_ml_kem.Matrix.sample_matrix_A v_K - #v_Vector - #v_Hasher - (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed <: t_Array u8 (sz 34)) - false - in - let (seed_for_A: t_Array u8 (sz 32)):t_Array u8 (sz 32) = - Core.Result.impl__unwrap #(t_Array u8 (sz 32)) - #Core.Array.t_TryFromSliceError - (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (sz 32)) - #FStar.Tactics.Typeclasses.solve - seed - <: - Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) - in - let public_key_unpacked:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = - { - Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt = tt_as_ntt; - Libcrux_ml_kem.Ind_cpa.Unpacked.f_A = v_A; - Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A = seed_for_A - } - <: - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector - in - encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN - v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher public_key_unpacked message randomness - -let generate_keypair_unpacked - (v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: + i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) (key_generation_seed: t_Slice u8) = let hashed:t_Array u8 (sz 64) = - Libcrux_ml_kem.Hash_functions.f_G #v_Hasher - #v_K + Libcrux_ml_kem.Variant.f_cpa_keygen_seed #v_Scheme #FStar.Tactics.Typeclasses.solve + v_K + #v_Hasher key_generation_seed in let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32) + Core.Slice.impl__split_at #u8 (hashed <: t_Slice u8) (sz 32) in let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = @@ -789,60 +678,75 @@ let generate_keypair_unpacked <: Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) in - let pk:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = - { - Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt = tt_as_ntt; - Libcrux_ml_kem.Ind_cpa.Unpacked.f_A = v_A_transpose; - Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A = seed_for_A - } - <: - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + serialize_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #v_Vector + tt_as_ntt + (seed_for_A <: t_Slice u8) in - let sk:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector = - { Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt = secret_as_ntt } - <: - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector + let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = + serialize_secret_key v_K v_PRIVATE_KEY_SIZE #v_Vector secret_as_ntt in - sk, pk + secret_key_serialized, public_key_serialized <: - (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) -let generate_keypair - (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: +let decrypt_unpacked + (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: usize) - (#v_Vector #v_Hasher: Type0) + (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: + i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (key_generation_seed: t_Slice u8) + (secret_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector) + (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) = - let sk, pk:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = - generate_keypair_unpacked v_K - v_ETA1 - v_ETA1_RANDOMNESS_SIZE - #v_Vector - #v_Hasher - key_generation_seed + let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + deserialize_then_decompress_u v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR #v_Vector ciphertext in - let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - serialize_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE + let v:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Libcrux_ml_kem.Serialize.deserialize_then_decompress_ring_element_v v_V_COMPRESSION_FACTOR #v_Vector - pk.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt - (Rust_primitives.unsize pk.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) + (ciphertext.[ { Core.Ops.Range.f_start = v_VECTOR_U_ENCODED_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) in - let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = - serialize_secret_key v_K - v_PRIVATE_KEY_SIZE + let message:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Libcrux_ml_kem.Matrix.compute_message v_K #v_Vector - sk.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt + v + secret_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt + u_as_ntt in - secret_key_serialized, public_key_serialized - <: - (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) + Libcrux_ml_kem.Serialize.compress_then_serialize_message #v_Vector message + +let decrypt + (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: + usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (secret_key: t_Slice u8) + (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) + = + let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + deserialize_secret_key v_K #v_Vector secret_key + in + let secret_key_unpacked:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector = + { Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt = secret_as_ntt } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector + in + decrypt_unpacked v_K + v_CIPHERTEXT_SIZE + v_VECTOR_U_ENCODED_SIZE + v_U_COMPRESSION_FACTOR + v_V_COMPRESSION_FACTOR + #v_Vector + secret_key_unpacked + ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index b9e8e9af3..6aa9de813 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Traits in () @@ -55,6 +56,17 @@ val deserialize_then_decompress_u Prims.l_True (fun _ -> Prims.l_True) +val encrypt + (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (public_key: t_Slice u8) + (message: t_Array u8 (sz 32)) + (randomness: t_Slice u8) + : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) Prims.l_True (fun _ -> Prims.l_True) + /// Call [`deserialize_to_uncompressed_ring_element`] for each ring element. val deserialize_secret_key (v_K: usize) @@ -82,6 +94,18 @@ val serialize_public_key (seed_for_a: t_Slice u8) : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) +val generate_keypair + (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher #v_Scheme: Type0) + {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} + (key_generation_seed: t_Slice u8) + : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) + /// This function implements Algorithm 14 of the /// NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. /// Algorithm 14 is reproduced below: @@ -117,116 +141,3 @@ val decrypt (secret_key: t_Slice u8) (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// This function implements Algorithm 13 of the -/// NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. -/// Algorithm 13 is reproduced below: -/// ```plaintext -/// Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. -/// Input: message m ∈ 𝔹^{32}. -/// Input: encryption randomness r ∈ 𝔹^{32}. -/// Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. -/// N ← 0 -/// t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) -/// ρ ← ekₚₖₑ[384k: 384k + 32] -/// for (i ← 0; i < k; i++) -/// for(j ← 0; j < k; j++) -/// Â[i,j] ← SampleNTT(XOF(ρ, i, j)) -/// end for -/// end for -/// for(i ← 0; i < k; i++) -/// r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) -/// N ← N + 1 -/// end for -/// for(i ← 0; i < k; i++) -/// e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) -/// N ← N + 1 -/// end for -/// e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) -/// r̂ ← NTT(r) -/// u ← NTT-¹(Âᵀ ◦ r̂) + e₁ -/// μ ← Decompress₁(ByteDecode₁(m))) -/// v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ -/// c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) -/// c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) -/// return c ← (c₁ ‖ c₂) -/// ``` -/// The NIST FIPS 203 standard can be found at -/// . -val encrypt_unpacked - (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) - (message: t_Array u8 (sz 32)) - (randomness: t_Slice u8) - : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) Prims.l_True (fun _ -> Prims.l_True) - -val encrypt - (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (public_key: t_Slice u8) - (message: t_Array u8 (sz 32)) - (randomness: t_Slice u8) - : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) Prims.l_True (fun _ -> Prims.l_True) - -/// This function implements most of Algorithm 12 of the -/// NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation algorithm. -/// We say "most of" since Algorithm 12 samples the required randomness within -/// the function itself, whereas this implementation expects it to be provided -/// through the `key_generation_seed` parameter. -/// Algorithm 12 is reproduced below: -/// ```plaintext -/// Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. -/// Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. -/// d ←$ B -/// (ρ,σ) ← G(d) -/// N ← 0 -/// for (i ← 0; i < k; i++) -/// for(j ← 0; j < k; j++) -/// Â[i,j] ← SampleNTT(XOF(ρ, i, j)) -/// end for -/// end for -/// for(i ← 0; i < k; i++) -/// s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) -/// N ← N + 1 -/// end for -/// for(i ← 0; i < k; i++) -/// e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) -/// N ← N + 1 -/// end for -/// ŝ ← NTT(s) -/// ê ← NTT(e) -/// t̂ ← Â◦ŝ + ê -/// ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ -/// dkₚₖₑ ← ByteEncode₁₂(ŝ) -/// ``` -/// The NIST FIPS 203 standard can be found at -/// . -val generate_keypair_unpacked - (v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (key_generation_seed: t_Slice u8) - : Prims.Pure - (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) - Prims.l_True - (fun _ -> Prims.l_True) - -val generate_keypair - (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (key_generation_seed: t_Slice u8) - : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index c6c53893c..0dc329562 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -40,7 +40,7 @@ let compute_As_plus_e #FStar.Tactics.Typeclasses.solve (Core.Slice.impl__iter #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (Rust_primitives.unsize matrix_A + (matrix_A <: t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) @@ -74,7 +74,7 @@ let compute_As_plus_e #FStar.Tactics.Typeclasses.solve (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (Rust_primitives.unsize row + (row <: t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) <: @@ -203,7 +203,7 @@ let compute_vector_u #FStar.Tactics.Typeclasses.solve (Core.Slice.impl__iter #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (Rust_primitives.unsize a_as_ntt + (a_as_ntt <: t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) @@ -237,7 +237,7 @@ let compute_vector_u #FStar.Tactics.Typeclasses.solve (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (Rust_primitives.unsize row + (row <: t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) <: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst index d2ddcca9f..92d239a86 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem1024.Avx2 open Core open FStar.Mul +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) + (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = if Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 4) @@ -26,13 +33,6 @@ let decapsulate (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) - (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 4) (sz 1536) @@ -42,33 +42,3 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 2) (sz 128) randomness - -let encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate_unpacked (sz 4) (sz 1568) (sz 1568) - (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness - -let decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate_unpacked (sz 4) (sz 3168) (sz 1536) - (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1600) private_key ciphertext - -let generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair_unpacked (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) - randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti index 8e4515a33..2328c8d2a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti @@ -3,6 +3,17 @@ module Libcrux_ml_kem.Mlkem1024.Avx2 open Core open FStar.Mul +/// Encapsulate ML-KEM 1024 +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Validate a public key. /// Returns `Some(public_key)` if valid, and `None` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) @@ -18,58 +29,8 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -/// Encapsulate ML-KEM 1024 -/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Generate ML-KEM 1024 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) Prims.l_True (fun _ -> Prims.l_True) - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 1024 (unpacked) -/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -/// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: -/// https://github.com/hacspec/hax/issues/770 -val encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 1024 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] -/// and an [`MlKem1024Ciphertext`]. -val decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 1024 Key Pair in "unpacked" form -val generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst index cd42bf0a3..45a07df21 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem1024.Neon open Core open FStar.Mul +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) + (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = if Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 4) @@ -26,13 +33,6 @@ let decapsulate (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) - (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (sz 4) (sz 1536) @@ -42,33 +42,3 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 2) (sz 128) randomness - -let encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate_unpacked (sz 4) (sz 1568) (sz 1568) - (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness - -let decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.decapsulate_unpacked (sz 4) (sz 3168) (sz 1536) - (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1600) private_key ciphertext - -let generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair_unpacked (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) - randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti index 9e45629cc..5911a2ae3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti @@ -3,21 +3,6 @@ module Libcrux_ml_kem.Mlkem1024.Neon open Core open FStar.Mul -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 1024 -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. -val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - /// Encapsulate ML-KEM 1024 /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -29,49 +14,23 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -/// Generate ML-KEM 1024 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) - Prims.l_True - (fun _ -> Prims.l_True) - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 1024 (unpacked) -/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -/// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: -/// https://github.com/hacspec/hax/issues/770 -val encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) Prims.l_True (fun _ -> Prims.l_True) -/// Decapsulate ML-KEM 1024 (unpacked) +/// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] -/// and an [`MlKem1024Ciphertext`]. -val decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) +/// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -/// Generate ML-KEM 1024 Key Pair in "unpacked" form -val generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) +/// Generate ML-KEM 1024 Key Pair +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst index 52862d8b5..c28c2c857 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem1024.Portable open Core open FStar.Mul +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) + (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = if Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 4) @@ -26,13 +33,6 @@ let decapsulate (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) - (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 4) (sz 1536) @@ -42,33 +42,3 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 2) (sz 128) randomness - -let encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate_unpacked (sz 4) (sz 1568) (sz 1568) - (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness - -let decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate_unpacked (sz 4) (sz 3168) (sz 1536) - (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1600) private_key ciphertext - -let generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair_unpacked (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) - randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti index 747dc6b36..c28386f94 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti @@ -3,21 +3,6 @@ module Libcrux_ml_kem.Mlkem1024.Portable open Core open FStar.Mul -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 1024 -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. -val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - /// Encapsulate ML-KEM 1024 /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -29,49 +14,23 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -/// Generate ML-KEM 1024 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) - Prims.l_True - (fun _ -> Prims.l_True) - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 1024 (unpacked) -/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -/// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: -/// https://github.com/hacspec/hax/issues/770 -val encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) Prims.l_True (fun _ -> Prims.l_True) -/// Decapsulate ML-KEM 1024 (unpacked) +/// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] -/// and an [`MlKem1024Ciphertext`]. -val decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +/// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -/// Generate ML-KEM 1024 Key Pair in "unpacked" form -val generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +/// Generate ML-KEM 1024 Key Pair +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst index dbb30e27b..efef5d867 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem1024 open Core open FStar.Mul +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) + (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = if Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 4) @@ -26,13 +33,6 @@ let decapsulate (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) - (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 4) (sz 1536) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti index d85dd7674..698f0b9ef 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti @@ -62,6 +62,17 @@ let v_CPA_PKE_CIPHERTEXT_SIZE_1024_: usize = v_C1_SIZE_1024_ +! v_C2_SIZE_1024_ let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_1024_ +/// Encapsulate ML-KEM 1024 +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Validate a public key. /// Returns `Some(public_key)` if valid, and `None` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) @@ -77,17 +88,6 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -/// Encapsulate ML-KEM 1024 -/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Generate ML-KEM 1024 Key Pair /// Generate an ML-KEM key pair. The input is a byte array of size /// [`KEY_GENERATION_SEED_SIZE`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst index b490657c0..38bf6188b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem512.Avx2 open Core open FStar.Mul +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = if Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 2) @@ -24,13 +31,6 @@ let decapsulate (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness - let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 2) (sz 768) @@ -40,32 +40,3 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 3) (sz 192) randomness - -let encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate_unpacked (sz 2) (sz 768) (sz 800) (sz 768) - (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness - -let decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate_unpacked (sz 2) (sz 1632) (sz 768) (sz 800) - (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) - (sz 800) private_key ciphertext - -let generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair_unpacked (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) - randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti index 1b958a6e5..807f211cc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti @@ -3,6 +3,17 @@ module Libcrux_ml_kem.Mlkem512.Avx2 open Core open FStar.Mul +/// Encapsulate ML-KEM 512 +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Validate a public key. /// Returns `Some(public_key)` if valid, and `None` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) @@ -18,56 +29,8 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -/// Encapsulate ML-KEM 512 -/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Generate ML-KEM 512 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) Prims.l_True (fun _ -> Prims.l_True) - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 512 (unpacked) -/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -val encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 512 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] -/// and an [`MlKem512Ciphertext`]. -val decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 512 Key Pair in "unpacked" form -val generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst index 5dde35c74..4299e04c3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem512.Neon open Core open FStar.Mul +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = if Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 2) @@ -24,13 +31,6 @@ let decapsulate (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness - let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (sz 2) (sz 768) @@ -40,32 +40,3 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 3) (sz 192) randomness - -let encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate_unpacked (sz 2) (sz 768) (sz 800) (sz 768) - (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness - -let decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.decapsulate_unpacked (sz 2) (sz 1632) (sz 768) (sz 800) - (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) - (sz 800) private_key ciphertext - -let generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair_unpacked (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) - randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti index b6c6d2655..0c02c89fd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti @@ -3,21 +3,6 @@ module Libcrux_ml_kem.Mlkem512.Neon open Core open FStar.Mul -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 512 -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. -val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - /// Encapsulate ML-KEM 512 /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -29,47 +14,23 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -/// Generate ML-KEM 512 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) - Prims.l_True - (fun _ -> Prims.l_True) - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 512 (unpacked) -/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -val encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) Prims.l_True (fun _ -> Prims.l_True) -/// Decapsulate ML-KEM 512 (unpacked) +/// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] -/// and an [`MlKem512Ciphertext`]. -val decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) +/// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -/// Generate ML-KEM 512 Key Pair in "unpacked" form -val generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) +/// Generate ML-KEM 512 Key Pair +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst index 01b944e04..7a9d84fb6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem512.Portable open Core open FStar.Mul +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) + (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = if Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 2) @@ -24,13 +31,6 @@ let decapsulate (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) - (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness - let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 2) (sz 768) @@ -40,33 +40,3 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 3) (sz 192) randomness - -let encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate_unpacked (sz 2) (sz 768) (sz 800) - (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key - randomness - -let decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate_unpacked (sz 2) (sz 1632) (sz 768) - (sz 800) (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) - (sz 128) (sz 800) private_key ciphertext - -let generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair_unpacked (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) - randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti index 00602ea3e..a119efa43 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti @@ -3,21 +3,6 @@ module Libcrux_ml_kem.Mlkem512.Portable open Core open FStar.Mul -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 512 -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. -val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - /// Encapsulate ML-KEM 512 /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -29,47 +14,23 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -/// Generate ML-KEM 512 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) - Prims.l_True - (fun _ -> Prims.l_True) - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 512 (unpacked) -/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -val encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) Prims.l_True (fun _ -> Prims.l_True) -/// Decapsulate ML-KEM 512 (unpacked) +/// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] -/// and an [`MlKem512Ciphertext`]. -val decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +/// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -/// Generate ML-KEM 512 Key Pair in "unpacked" form -val generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +/// Generate ML-KEM 512 Key Pair +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst index c86f78fff..e5628c836 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem512 open Core open FStar.Mul +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = if Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 2) @@ -24,13 +31,6 @@ let decapsulate (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness - let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 2) (sz 768) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti index 5000bbfeb..d2fb363c4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti @@ -62,6 +62,17 @@ let v_CPA_PKE_CIPHERTEXT_SIZE_512_: usize = v_C1_SIZE_512_ +! v_C2_SIZE_512_ let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_512_ +/// Encapsulate ML-KEM 512 +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Validate a public key. /// Returns `Some(public_key)` if valid, and `None` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) @@ -77,17 +88,6 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -/// Encapsulate ML-KEM 512 -/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Generate ML-KEM 512 Key Pair /// The input is a byte array of size /// [`KEY_GENERATION_SEED_SIZE`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst index dbd466b67..306e91697 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem768.Avx2 open Core open FStar.Mul +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) + (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = if Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 3) @@ -26,13 +33,6 @@ let decapsulate (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) - (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 3) (sz 1152) @@ -42,33 +42,3 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 2) (sz 128) randomness - -let encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate_unpacked (sz 3) (sz 1088) (sz 1184) - (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness - -let decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate_unpacked (sz 3) (sz 2400) (sz 1152) - (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1120) private_key ciphertext - -let generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair_unpacked (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) - randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti index c1722ce4c..9a3179c1c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti @@ -3,6 +3,17 @@ module Libcrux_ml_kem.Mlkem768.Avx2 open Core open FStar.Mul +/// Encapsulate ML-KEM 768 +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Validate a public key. /// Returns `Some(public_key)` if valid, and `None` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) @@ -18,56 +29,8 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -/// Encapsulate ML-KEM 768 -/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Generate ML-KEM 768 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) Prims.l_True (fun _ -> Prims.l_True) - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 768 (unpacked) -/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -val encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 768 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] -/// and an [`MlKem768Ciphertext`]. -val decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 768 Key Pair in "unpacked" form -val generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst index 41af82736..020024946 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem768.Neon open Core open FStar.Mul +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) + (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = if Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 3) @@ -26,13 +33,6 @@ let decapsulate (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) - (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (sz 3) (sz 1152) @@ -42,33 +42,3 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 2) (sz 128) randomness - -let encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate_unpacked (sz 3) (sz 1088) (sz 1184) - (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness - -let decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.decapsulate_unpacked (sz 3) (sz 2400) (sz 1152) - (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1120) private_key ciphertext - -let generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair_unpacked (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) - randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti index c837a5760..6b65cf91f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti @@ -3,21 +3,6 @@ module Libcrux_ml_kem.Mlkem768.Neon open Core open FStar.Mul -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 768 -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. -val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - /// Encapsulate ML-KEM 768 /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -29,47 +14,23 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -/// Generate ML-KEM 768 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) - Prims.l_True - (fun _ -> Prims.l_True) - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 768 (unpacked) -/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -val encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) Prims.l_True (fun _ -> Prims.l_True) -/// Decapsulate ML-KEM 768 (unpacked) +/// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] -/// and an [`MlKem768Ciphertext`]. -val decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) +/// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -/// Generate ML-KEM 768 Key Pair in "unpacked" form -val generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) +/// Generate ML-KEM 768 Key Pair +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst index c047942db..14c69001d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem768.Portable open Core open FStar.Mul +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) + (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = if Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 3) @@ -26,13 +33,6 @@ let decapsulate (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) - (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 3) (sz 1152) @@ -42,33 +42,3 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 2) (sz 128) randomness - -let encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate_unpacked (sz 3) (sz 1088) (sz 1184) - (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness - -let decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate_unpacked (sz 3) (sz 2400) (sz 1152) - (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1120) private_key ciphertext - -let generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair_unpacked (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) - randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti index 1f5be7a00..95252b386 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti @@ -3,21 +3,6 @@ module Libcrux_ml_kem.Mlkem768.Portable open Core open FStar.Mul -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 768 -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. -val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - /// Encapsulate ML-KEM 768 /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -29,47 +14,23 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -/// Generate ML-KEM 768 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) - Prims.l_True - (fun _ -> Prims.l_True) - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 768 (unpacked) -/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -val encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) Prims.l_True (fun _ -> Prims.l_True) -/// Decapsulate ML-KEM 768 (unpacked) +/// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] -/// and an [`MlKem768Ciphertext`]. -val decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +/// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -/// Generate ML-KEM 768 Key Pair in "unpacked" form -val generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +/// Generate ML-KEM 768 Key Pair +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst index 32636e9a5..e814cd4de 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem768 open Core open FStar.Mul +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = if Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 3) @@ -26,13 +33,6 @@ let decapsulate (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 3) (sz 1152) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti index f8f0efabb..ea6223aa8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti @@ -62,6 +62,17 @@ let v_CPA_PKE_CIPHERTEXT_SIZE_768_: usize = v_C1_SIZE_768_ +! v_C2_SIZE_768_ let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_768_ +/// Encapsulate ML-KEM 768 +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Validate a public key. /// Returns `Some(public_key)` if valid, and `None` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) @@ -77,17 +88,6 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -/// Encapsulate ML-KEM 768 -/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Generate ML-KEM 768 Key Pair /// Generate an ML-KEM key pair. The input is a byte array of size /// [`KEY_GENERATION_SEED_SIZE`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index c5784bfea..3eae8cab8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -200,13 +200,7 @@ let ntt_at_layer_4_plus let _:Prims.unit = if true then - let _:Prims.unit = - if ~.(layer >=. sz 4 <: bool) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: layer >= 4" - <: - Rust_primitives.Hax.t_Never) - in + let _:Prims.unit = Hax_lib.v_assert (layer >=. sz 4 <: bool) in () in let step:usize = sz 1 < true); f_as_ref_post = (fun (self: t_MlKemCiphertext v_SIZE) (out: t_Slice u8) -> true); - f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> Rust_primitives.unsize self.f_value + f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8 } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -67,7 +67,7 @@ let impl_7 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_ { f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemPrivateKey v_SIZE) (out: t_Slice u8) -> true); - f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> Rust_primitives.unsize self.f_value + f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8 } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -111,7 +111,7 @@ let impl_13 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_ { f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemPublicKey v_SIZE) (out: t_Slice u8) -> true); - f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> Rust_primitives.unsize self.f_value + f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8 } [@@ FStar.Tactics.Typeclasses.tcinstance] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst deleted file mode 100644 index acdcf619b..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst +++ /dev/null @@ -1,351 +0,0 @@ -module Libcrux_ml_kem.Vector.Avx2.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let deserialize_11_int (bytes: t_Slice u8) = - let r0:i16 = - (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) - in - let r2:i16 = - ((((cast (bytes.[ sz 4 ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) - in - let r3:i16 = - (((cast (bytes.[ sz 5 ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) - in - let r4:i16 = - (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) - in - let r5:i16 = - ((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) - in - let r6:i16 = - (((cast (bytes.[ sz 9 ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) - in - let r7:i16 = - ((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) - in - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -let serialize_11_int (v: t_Slice i16) = - let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in - let r1:u8 = - ((cast ((v.[ sz 1 ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) - in - let r2:u8 = - ((cast ((v.[ sz 2 ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) - in - let r3:u8 = cast (((v.[ sz 2 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in - let r4:u8 = - ((cast ((v.[ sz 3 ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) - in - let r5:u8 = - ((cast ((v.[ sz 4 ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) - in - let r6:u8 = - ((cast ((v.[ sz 5 ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) - in - let r7:u8 = cast (((v.[ sz 5 ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8 in - let r8:u8 = - ((cast ((v.[ sz 6 ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) - in - let r9:u8 = - ((cast ((v.[ sz 7 ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) - in - let r10:u8 = cast ((v.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8 in - r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 - <: - (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - -let from_i16_array (array: t_Array i16 (sz 16)) = { f_elements = array } <: t_PortableVector - -let serialize_11_ (v: t_PortableVector) = - let r0_10_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.f_elements.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let r11_21_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.f_elements.[ { Core.Ops.Range.f_start = sz 8; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let result:t_Array u8 (sz 22) = Rust_primitives.Hax.repeat 0uy (sz 22) in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 0) r0_10_._1 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 1) r0_10_._2 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 2) r0_10_._3 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 3) r0_10_._4 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 4) r0_10_._5 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 5) r0_10_._6 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 6) r0_10_._7 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 7) r0_10_._8 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 8) r0_10_._9 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 9) r0_10_._10 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 10) r0_10_._11 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 11) r11_21_._1 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 12) r11_21_._2 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 13) r11_21_._3 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 14) r11_21_._4 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 15) r11_21_._5 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 16) r11_21_._6 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 17) r11_21_._7 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 18) r11_21_._8 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 19) r11_21_._9 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 20) r11_21_._10 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 21) r11_21_._11 - in - result - -let to_i16_array (v: t_PortableVector) = v.f_elements - -let zero (_: Prims.unit) = - { f_elements = Rust_primitives.Hax.repeat 0s (sz 16) } <: t_PortableVector - -let deserialize_11_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v:t_PortableVector = zero () in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 0) v0_7_._1 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 1) v0_7_._2 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 2) v0_7_._3 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 3) v0_7_._4 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 4) v0_7_._5 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 5) v0_7_._6 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 6) v0_7_._7 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 7) v0_7_._8 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 8) v8_15_._1 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 9) v8_15_._2 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 10) v8_15_._3 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 11) v8_15_._4 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 12) v8_15_._5 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 13) v8_15_._6 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 14) v8_15_._7 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 15) v8_15_._8 - } - <: - t_PortableVector - in - v diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti deleted file mode 100644 index fe64003c4..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti +++ /dev/null @@ -1,30 +0,0 @@ -module Libcrux_ml_kem.Vector.Avx2.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -val deserialize_11_int (bytes: t_Slice u8) - : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - Prims.l_True - (fun _ -> Prims.l_True) - -val serialize_11_int (v: t_Slice i16) - : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - Prims.l_True - (fun _ -> Prims.l_True) - -type t_PortableVector = { f_elements:t_Array i16 (sz 16) } - -val from_i16_array (array: t_Array i16 (sz 16)) - : Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) - -val serialize_11_ (v: t_PortableVector) - : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) - -val to_i16_array (v: t_PortableVector) - : Prims.Pure (t_Array i16 (sz 16)) Prims.l_True (fun _ -> Prims.l_True) - -val zero: Prims.unit -> Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) - -val deserialize_11_ (bytes: t_Slice u8) - : Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst index 89351a259..33c894793 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst @@ -22,9 +22,7 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = usize ] in let lower_shuffles:u8 = - Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (Rust_primitives.unsize lower_shuffles - <: - t_Slice u8) + Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (lower_shuffles <: t_Slice u8) in let lower_coefficients:u8 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 potential_coefficients @@ -46,9 +44,7 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = usize ] in let upper_shuffles:u8 = - Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (Rust_primitives.unsize upper_shuffles - <: - t_Slice u8) + Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (upper_shuffles <: t_Slice u8) in let upper_coefficients:u8 = Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l potential_coefficients diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index 3faac2293..a7fa366a9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -492,8 +492,7 @@ let deserialize_11_ (bytes: t_Slice u8) = #FStar.Tactics.Typeclasses.solve output in - Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i16 (Rust_primitives.unsize array <: t_Slice i16 - ) + Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i16 (array <: t_Slice i16) let serialize_11_ (vector: u8) = let array:t_Array i16 (sz 16) = Rust_primitives.Hax.repeat 0s (sz 16) in @@ -503,7 +502,7 @@ let serialize_11_ (vector: u8) = let input:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Traits.f_from_i16_array #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize array <: t_Slice i16) + (array <: t_Slice i16) in Libcrux_ml_kem.Vector.Traits.f_serialize_11_ #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst index cf6dd3074..dc8d03610 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst @@ -12,9 +12,7 @@ let inv_ntt_layer_1_step FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s32 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s32 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s32_s16 v @@ -84,9 +82,7 @@ let inv_ntt_layer_2_step FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s64 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s64 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s64_s16 v @@ -184,9 +180,7 @@ let ntt_layer_1_step FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let dup_a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s32 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s32 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s32_s16 v @@ -252,9 +246,7 @@ let ntt_layer_2_step (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let dup_a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s64 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s64 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s64_s16 v @@ -363,9 +355,7 @@ let ntt_multiply FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let a0:u8 = Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s16 lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high @@ -476,9 +466,7 @@ let ntt_multiply FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list in - let index:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize indexes <: t_Slice u8) - in + let index:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (indexes <: t_Slice u8) in let low2:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_u8 (Libcrux_intrinsics.Arm64_extract.v__vqtbl1q_u8 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u8_s16 low1 <: u8) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst index 437f01c03..aa783010c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst @@ -18,9 +18,7 @@ let deserialize_1_ (a: t_Slice u8) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifter <: t_Slice i16) - in + let shift:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifter <: t_Slice i16) in let low:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_s16 low shift in let high:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_s16 high shift in { @@ -42,17 +40,13 @@ let deserialize_12_ (v: t_Slice u8) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list in - let index_vec:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize indexes <: t_Slice u8) - in + let index_vec:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (indexes <: t_Slice u8) in let (shifts: t_Array i16 (sz 8)):t_Array i16 (sz 8) = let list = [0s; (-4s); 0s; (-4s); 0s; (-4s); 0s; (-4s)] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift_vec:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifts <: t_Slice i16) - in + let shift_vec:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifts <: t_Slice i16) in let mask12:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_u16 4095us in let input0:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in let input0:t_Array u8 (sz 16) = @@ -74,9 +68,7 @@ let deserialize_12_ (v: t_Slice u8) = <: t_Slice u8) in - let input_vec0:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize input0 <: t_Slice u8) - in + let input_vec0:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (input0 <: t_Slice u8) in let input1:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in let input1:t_Array u8 (sz 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range input1 @@ -97,9 +89,7 @@ let deserialize_12_ (v: t_Slice u8) = <: t_Slice u8) in - let input_vec1:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize input1 <: t_Slice u8) - in + let input_vec1:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (input1 <: t_Slice u8) in let moved0:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u16_u8 (Libcrux_intrinsics.Arm64_extract.v__vqtbl1q_u8 input_vec0 @@ -143,9 +133,7 @@ let serialize_1_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifter <: t_Slice i16) - in + let shift:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifter <: t_Slice i16) in let low:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low shift @@ -516,9 +504,7 @@ let serialize_4_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifter <: t_Slice i16) - in + let shift:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifter <: t_Slice i16) in let lowt:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_u16 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u16_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low @@ -728,7 +714,7 @@ let serialize_11_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Traits.f_from_i16_array #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize out_i16s <: t_Slice i16) + (out_i16s <: t_Slice i16) in Libcrux_ml_kem.Vector.Traits.f_serialize_11_ #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve @@ -739,7 +725,7 @@ let serialize_5_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Traits.f_from_i16_array #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize out_i16s <: t_Slice i16) + (out_i16s <: t_Slice i16) in Libcrux_ml_kem.Vector.Traits.f_serialize_5_ #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index 545469492..c7e8f4fdb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -163,18 +163,15 @@ let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Portabl if true then let _:Prims.unit = - if - ~.(((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) >=. 0s + Hax_lib.v_assert (((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] + <: + i16) >=. + 0s <: bool) && ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <. 4096s <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: v.elements[i] >= 0 && v.elements[i] < 4096" - - <: - Rust_primitives.Hax.t_Never) in () in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index f28357683..c5dbe6258 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -6,197 +6,187 @@ open FStar.Mul class t_Operations (v_Self: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]_super_11581440318597584651:Core.Marker.t_Copy v_Self; [@@@ FStar.Tactics.Typeclasses.no_method]_super_9442900250278684536:Core.Clone.t_Clone v_Self; - f_ZERO_pre:Prims.unit -> bool; - f_ZERO_post:Prims.unit -> v_Self -> bool; + f_ZERO_pre:Prims.unit -> Type0; + f_ZERO_post:Prims.unit -> v_Self -> Type0; f_ZERO:x0: Prims.unit -> Prims.Pure v_Self (f_ZERO_pre x0) (fun result -> f_ZERO_post x0 result); - f_from_i16_array_pre:t_Slice i16 -> bool; - f_from_i16_array_post:t_Slice i16 -> v_Self -> bool; + f_from_i16_array_pre:t_Slice i16 -> Type0; + f_from_i16_array_post:t_Slice i16 -> v_Self -> Type0; f_from_i16_array:x0: t_Slice i16 -> Prims.Pure v_Self (f_from_i16_array_pre x0) (fun result -> f_from_i16_array_post x0 result); - f_to_i16_array_pre:v_Self -> bool; - f_to_i16_array_post:v_Self -> t_Array i16 (sz 16) -> bool; + f_to_i16_array_pre:v_Self -> Type0; + f_to_i16_array_post:v_Self -> t_Array i16 (sz 16) -> Type0; f_to_i16_array:x0: v_Self -> Prims.Pure (t_Array i16 (sz 16)) (f_to_i16_array_pre x0) (fun result -> f_to_i16_array_post x0 result); - f_add_pre:v_Self -> v_Self -> bool; - f_add_post:v_Self -> v_Self -> v_Self -> bool; + f_add_pre:v_Self -> v_Self -> Type0; + f_add_post:v_Self -> v_Self -> v_Self -> Type0; f_add:x0: v_Self -> x1: v_Self -> Prims.Pure v_Self (f_add_pre x0 x1) (fun result -> f_add_post x0 x1 result); - f_sub_pre:v_Self -> v_Self -> bool; - f_sub_post:v_Self -> v_Self -> v_Self -> bool; + f_sub_pre:v_Self -> v_Self -> Type0; + f_sub_post:v_Self -> v_Self -> v_Self -> Type0; f_sub:x0: v_Self -> x1: v_Self -> Prims.Pure v_Self (f_sub_pre x0 x1) (fun result -> f_sub_post x0 x1 result); - f_multiply_by_constant_pre:v_Self -> i16 -> bool; - f_multiply_by_constant_post:v_Self -> i16 -> v_Self -> bool; + f_multiply_by_constant_pre:v_Self -> i16 -> Type0; + f_multiply_by_constant_post:v_Self -> i16 -> v_Self -> Type0; f_multiply_by_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_multiply_by_constant_pre x0 x1) (fun result -> f_multiply_by_constant_post x0 x1 result); - f_bitwise_and_with_constant_pre:v_Self -> i16 -> bool; - f_bitwise_and_with_constant_post:v_Self -> i16 -> v_Self -> bool; + f_bitwise_and_with_constant_pre:v_Self -> i16 -> Type0; + f_bitwise_and_with_constant_post:v_Self -> i16 -> v_Self -> Type0; f_bitwise_and_with_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_bitwise_and_with_constant_pre x0 x1) (fun result -> f_bitwise_and_with_constant_post x0 x1 result); - f_shift_right_pre:v_SHIFT_BY: i32 -> v_Self -> bool; - f_shift_right_post:v_SHIFT_BY: i32 -> v_Self -> v_Self -> bool; + f_shift_right_pre:v_SHIFT_BY: i32 -> v_Self -> Type0; + f_shift_right_post:v_SHIFT_BY: i32 -> v_Self -> v_Self -> Type0; f_shift_right:v_SHIFT_BY: i32 -> x0: v_Self -> Prims.Pure v_Self (f_shift_right_pre v_SHIFT_BY x0) (fun result -> f_shift_right_post v_SHIFT_BY x0 result); - f_cond_subtract_3329_pre:v_Self -> bool; - f_cond_subtract_3329_post:v_Self -> v_Self -> bool; + f_cond_subtract_3329_pre:v_Self -> Type0; + f_cond_subtract_3329_post:v_Self -> v_Self -> Type0; f_cond_subtract_3329_:x0: v_Self -> Prims.Pure v_Self (f_cond_subtract_3329_pre x0) (fun result -> f_cond_subtract_3329_post x0 result); - f_barrett_reduce_pre:v_Self -> bool; - f_barrett_reduce_post:v_Self -> v_Self -> bool; + f_barrett_reduce_pre:v_Self -> Type0; + f_barrett_reduce_post:v_Self -> v_Self -> Type0; f_barrett_reduce:x0: v_Self -> Prims.Pure v_Self (f_barrett_reduce_pre x0) (fun result -> f_barrett_reduce_post x0 result); - f_montgomery_multiply_by_constant_pre:v_Self -> i16 -> bool; - f_montgomery_multiply_by_constant_post:v_Self -> i16 -> v_Self -> bool; + f_montgomery_multiply_by_constant_pre:v_Self -> i16 -> Type0; + f_montgomery_multiply_by_constant_post:v_Self -> i16 -> v_Self -> Type0; f_montgomery_multiply_by_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_montgomery_multiply_by_constant_pre x0 x1) (fun result -> f_montgomery_multiply_by_constant_post x0 x1 result); - f_compress_1_pre:v_Self -> bool; - f_compress_1_post:v_Self -> v_Self -> bool; + f_compress_1_pre:v_Self -> Type0; + f_compress_1_post:v_Self -> v_Self -> Type0; f_compress_1_:x0: v_Self -> Prims.Pure v_Self (f_compress_1_pre x0) (fun result -> f_compress_1_post x0 result); - f_compress_pre:v_COEFFICIENT_BITS: i32 -> v_Self -> bool; - f_compress_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> bool; + f_compress_pre:v_COEFFICIENT_BITS: i32 -> v_Self -> Type0; + f_compress_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> Type0; f_compress:v_COEFFICIENT_BITS: i32 -> x0: v_Self -> Prims.Pure v_Self (f_compress_pre v_COEFFICIENT_BITS x0) (fun result -> f_compress_post v_COEFFICIENT_BITS x0 result); - f_decompress_ciphertext_coefficient_pre:v_COEFFICIENT_BITS: i32 -> v_Self -> bool; - f_decompress_ciphertext_coefficient_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> bool; + f_decompress_ciphertext_coefficient_pre:v_COEFFICIENT_BITS: i32 -> v_Self -> Type0; + f_decompress_ciphertext_coefficient_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> Type0; f_decompress_ciphertext_coefficient:v_COEFFICIENT_BITS: i32 -> x0: v_Self -> Prims.Pure v_Self (f_decompress_ciphertext_coefficient_pre v_COEFFICIENT_BITS x0) (fun result -> f_decompress_ciphertext_coefficient_post v_COEFFICIENT_BITS x0 result); - f_ntt_layer_1_step_pre:v_Self -> i16 -> i16 -> i16 -> i16 -> bool; - f_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> bool; + f_ntt_layer_1_step_pre:v_Self -> i16 -> i16 -> i16 -> i16 -> Type0; + f_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; f_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_ntt_layer_1_step_pre x0 x1 x2 x3 x4) (fun result -> f_ntt_layer_1_step_post x0 x1 x2 x3 x4 result); - f_ntt_layer_2_step_pre:v_Self -> i16 -> i16 -> bool; - f_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> bool; + f_ntt_layer_2_step_pre:v_Self -> i16 -> i16 -> Type0; + f_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> Type0; f_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_ntt_layer_2_step_pre x0 x1 x2) (fun result -> f_ntt_layer_2_step_post x0 x1 x2 result); - f_ntt_layer_3_step_pre:v_Self -> i16 -> bool; - f_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> bool; + f_ntt_layer_3_step_pre:v_Self -> i16 -> Type0; + f_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> Type0; f_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_ntt_layer_3_step_pre x0 x1) (fun result -> f_ntt_layer_3_step_post x0 x1 result); - f_inv_ntt_layer_1_step_pre:v_Self -> i16 -> i16 -> i16 -> i16 -> bool; - f_inv_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> bool; + f_inv_ntt_layer_1_step_pre:v_Self -> i16 -> i16 -> i16 -> i16 -> Type0; + f_inv_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; f_inv_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_1_step_pre x0 x1 x2 x3 x4) (fun result -> f_inv_ntt_layer_1_step_post x0 x1 x2 x3 x4 result); - f_inv_ntt_layer_2_step_pre:v_Self -> i16 -> i16 -> bool; - f_inv_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> bool; + f_inv_ntt_layer_2_step_pre:v_Self -> i16 -> i16 -> Type0; + f_inv_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> Type0; f_inv_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_2_step_pre x0 x1 x2) (fun result -> f_inv_ntt_layer_2_step_post x0 x1 x2 result); - f_inv_ntt_layer_3_step_pre:v_Self -> i16 -> bool; - f_inv_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> bool; + f_inv_ntt_layer_3_step_pre:v_Self -> i16 -> Type0; + f_inv_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> Type0; f_inv_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_3_step_pre x0 x1) (fun result -> f_inv_ntt_layer_3_step_post x0 x1 result); - f_ntt_multiply_pre:v_Self -> v_Self -> i16 -> i16 -> i16 -> i16 -> bool; - f_ntt_multiply_post:v_Self -> v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> bool; + f_ntt_multiply_pre:v_Self -> v_Self -> i16 -> i16 -> i16 -> i16 -> Type0; + f_ntt_multiply_post:v_Self -> v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; f_ntt_multiply:x0: v_Self -> x1: v_Self -> x2: i16 -> x3: i16 -> x4: i16 -> x5: i16 -> Prims.Pure v_Self (f_ntt_multiply_pre x0 x1 x2 x3 x4 x5) (fun result -> f_ntt_multiply_post x0 x1 x2 x3 x4 x5 result); - f_serialize_1_pre:v_Self -> bool; - f_serialize_1_post:v_Self -> t_Array u8 (sz 2) -> bool; + f_serialize_1_pre:v_Self -> Type0; + f_serialize_1_post:v_Self -> t_Array u8 (sz 2) -> Type0; f_serialize_1_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 2)) (f_serialize_1_pre x0) (fun result -> f_serialize_1_post x0 result); - f_deserialize_1_pre:t_Slice u8 -> bool; - f_deserialize_1_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_1_pre:t_Slice u8 -> Type0; + f_deserialize_1_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_1_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_1_pre x0) (fun result -> f_deserialize_1_post x0 result); - f_serialize_4_pre:v_Self -> bool; - f_serialize_4_post:v_Self -> t_Array u8 (sz 8) -> bool; + f_serialize_4_pre:v_Self -> Type0; + f_serialize_4_post:v_Self -> t_Array u8 (sz 8) -> Type0; f_serialize_4_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 8)) (f_serialize_4_pre x0) (fun result -> f_serialize_4_post x0 result); - f_deserialize_4_pre:t_Slice u8 -> bool; - f_deserialize_4_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_4_pre:t_Slice u8 -> Type0; + f_deserialize_4_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_4_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_4_pre x0) (fun result -> f_deserialize_4_post x0 result); - f_serialize_5_pre:v_Self -> bool; - f_serialize_5_post:v_Self -> t_Array u8 (sz 10) -> bool; + f_serialize_5_pre:v_Self -> Type0; + f_serialize_5_post:v_Self -> t_Array u8 (sz 10) -> Type0; f_serialize_5_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 10)) (f_serialize_5_pre x0) (fun result -> f_serialize_5_post x0 result); - f_deserialize_5_pre:t_Slice u8 -> bool; - f_deserialize_5_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_5_pre:t_Slice u8 -> Type0; + f_deserialize_5_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_5_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_5_pre x0) (fun result -> f_deserialize_5_post x0 result); - f_serialize_10_pre:v_Self -> bool; - f_serialize_10_post:v_Self -> t_Array u8 (sz 20) -> bool; + f_serialize_10_pre:v_Self -> Type0; + f_serialize_10_post:v_Self -> t_Array u8 (sz 20) -> Type0; f_serialize_10_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 20)) (f_serialize_10_pre x0) (fun result -> f_serialize_10_post x0 result); - f_deserialize_10_pre:t_Slice u8 -> bool; - f_deserialize_10_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_10_pre:t_Slice u8 -> Type0; + f_deserialize_10_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_10_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_10_pre x0) (fun result -> f_deserialize_10_post x0 result); - f_serialize_11_pre:v_Self -> bool; - f_serialize_11_post:v_Self -> t_Array u8 (sz 22) -> bool; + f_serialize_11_pre:v_Self -> Type0; + f_serialize_11_post:v_Self -> t_Array u8 (sz 22) -> Type0; f_serialize_11_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 22)) (f_serialize_11_pre x0) (fun result -> f_serialize_11_post x0 result); - f_deserialize_11_pre:t_Slice u8 -> bool; - f_deserialize_11_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_11_pre:t_Slice u8 -> Type0; + f_deserialize_11_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_11_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_11_pre x0) (fun result -> f_deserialize_11_post x0 result); - f_serialize_12_pre:v_Self -> bool; - f_serialize_12_post:v_Self -> t_Array u8 (sz 24) -> bool; + f_serialize_12_pre:v_Self -> Type0; + f_serialize_12_post:v_Self -> t_Array u8 (sz 24) -> Type0; f_serialize_12_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 24)) (f_serialize_12_pre x0) (fun result -> f_serialize_12_post x0 result); - f_deserialize_12_pre:t_Slice u8 -> bool; - f_deserialize_12_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_12_pre:t_Slice u8 -> Type0; + f_deserialize_12_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_12_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_12_pre x0) (fun result -> f_deserialize_12_post x0 result); - f_rej_sample_pre:t_Slice u8 -> t_Slice i16 -> bool; - f_rej_sample_post:t_Slice u8 -> t_Slice i16 -> (t_Slice i16 & usize) -> bool; + f_rej_sample_pre:t_Slice u8 -> t_Slice i16 -> Type0; + f_rej_sample_post:t_Slice u8 -> t_Slice i16 -> (t_Slice i16 & usize) -> Type0; f_rej_sample:x0: t_Slice u8 -> x1: t_Slice i16 -> Prims.Pure (t_Slice i16 & usize) (f_rej_sample_pre x0 x1) (fun result -> f_rej_sample_post x0 x1 result) } -/// Internal vectors. -/// Used in the unpacked API. -class t_VectorType (v_Self: Type0) = { - [@@@ FStar.Tactics.Typeclasses.no_method]_super_14104493667227926613:t_Operations v_Self -} - -[@@ FStar.Tactics.Typeclasses.tcinstance] -let impl (#v_T: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) - : t_VectorType v_T = { _super_14104493667227926613 = FStar.Tactics.Typeclasses.solve } - let v_FIELD_ELEMENTS_IN_VECTOR: usize = sz 16 let v_FIELD_MODULUS: i16 = 3329s diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 3c3c2a08b..747c4a7e3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -64,7 +64,6 @@ PANIC_FREE = Libcrux_ml_kem.Constant_time_ops.fst \ Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti \ Libcrux_ml_kem.Ind_cca.Multiplexing.fst \ Libcrux_ml_kem.Ind_cca.Multiplexing.fsti \ - Libcrux_ml_kem.Ind_cca.Unpacked.fsti \ Libcrux_ml_kem.Ind_cpa.fsti \ Libcrux_ml_kem.Ind_cpa.Unpacked.fsti \ Libcrux_ml_kem.Invert_ntt.fsti \ @@ -99,14 +98,12 @@ PANIC_FREE = Libcrux_ml_kem.Constant_time_ops.fst \ Libcrux_ml_kem.Serialize.fsti \ Libcrux_ml_kem.Types.fst \ Libcrux_ml_kem.Types.fsti \ - Libcrux_ml_kem.Types.Unpacked.fsti \ Libcrux_ml_kem.Utils.fst \ Libcrux_ml_kem.Utils.fsti \ Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti \ Libcrux_ml_kem.Vector.Avx2.Compress.fsti \ Libcrux_ml_kem.Vector.Avx2.fsti \ Libcrux_ml_kem.Vector.Avx2.Ntt.fsti \ - Libcrux_ml_kem.Vector.Avx2.Portable.fsti \ Libcrux_ml_kem.Vector.Avx2.Sampling.fsti \ Libcrux_ml_kem.Vector.Avx2.Serialize.fsti \ Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti \ From 7dec44a7b596c4612fbee1c652dc10c56888b368 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 21 Aug 2024 13:53:05 +0000 Subject: [PATCH 083/172] update cg extraction --- libcrux-ml-kem/cg/code_gen.txt | 4 +- libcrux-ml-kem/cg/libcrux_core.h | 18 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 4 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 1395 ++++------------ libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 1411 ++++------------- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 4 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 176 +- 7 files changed, 751 insertions(+), 2261 deletions(-) diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 03eef7a95..a38d0a5db 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a -F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d +F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty +Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 8ca3e2817..73953b59a 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 */ #ifndef __libcrux_core_H @@ -221,7 +221,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_3e( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_1d( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -236,7 +236,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_b6_b0(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_b6_da(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -273,7 +273,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_9c(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_17_35(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -289,7 +289,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_05_0b(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_05_f2(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -352,7 +352,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_1e(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_31(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -372,7 +372,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_25( +static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_26( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -424,7 +424,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index f5b6c2327..dc53c7231 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 7d6b1a6dc..bf0c5a47d 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 */ #ifndef __libcrux_mlkem768_avx2_H @@ -1211,7 +1211,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_89_9b(void) { +libcrux_ml_kem_polynomial_ZERO_89_e4(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); @@ -1240,8 +1240,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_49(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_9b(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_cc(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_e4(); } /** @@ -1252,10 +1252,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2f( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_9b(); + libcrux_ml_kem_polynomial_ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1276,12 +1276,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_62( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_3d( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_e4(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1294,7 +1294,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_62( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2f( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1323,8 +1323,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_15(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_9b(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_0b(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_e4(); } /** @@ -1335,7 +1335,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_5a( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_27( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1387,9 +1387,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_02( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_15( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_5a( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_27( vector); } @@ -1401,10 +1401,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_be( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_4a( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_9b(); + libcrux_ml_kem_polynomial_ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -1412,7 +1412,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_be( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_02( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_15( coefficient); } return re; @@ -1426,7 +1426,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_5a0( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_270( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1478,9 +1478,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_020( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_150( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_5a0( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_270( vector); } @@ -1492,10 +1492,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_7d( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_30( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_9b(); + libcrux_ml_kem_polynomial_ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -1503,7 +1503,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_7d( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_020( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_150( coefficient); } return re; @@ -1517,9 +1517,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_7f( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5b( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_be(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_4a(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1534,7 +1534,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_3e( +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_60( __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -1547,9 +1547,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a7(__m256i a, __m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_2b(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_3e(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_60(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1563,7 +1563,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_27( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1576,7 +1576,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a7( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_2b( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -1594,7 +1594,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_c4( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_9e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1613,7 +1613,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_2d( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_41( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1635,7 +1635,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_42( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1665,7 +1665,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_e6( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_25( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1682,21 +1682,21 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_51( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_9d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_c4(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_2d(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_42(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_e6(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_9e(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_41(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_25(re); } /** @@ -1713,12 +1713,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8e( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8c( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_e4(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1738,9 +1738,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8e( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_7f( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5b( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_51(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_9d(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1755,7 +1755,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_5a1( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_271( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1807,9 +1807,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_021( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_151( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_5a1( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_271( vector); } @@ -1821,10 +1821,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_2b( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_96( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_9b(); + libcrux_ml_kem_polynomial_ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -1832,7 +1832,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_2b( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_021( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_151( coefficient); } return re; @@ -1846,7 +1846,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_5a2( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_272( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1898,9 +1898,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_022( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_152( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_5a2( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_272( vector); } @@ -1912,10 +1912,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_48( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_72( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_9b(); + libcrux_ml_kem_polynomial_ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -1923,7 +1923,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_48( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_022( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_152( re.coefficients[i0]); } return re; @@ -1937,9 +1937,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e1( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_19( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_2b(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_96(serialized); } /** @@ -1981,11 +1981,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_89_44( +libcrux_ml_kem_polynomial_ntt_multiply_89_91( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_89_9b(); + libcrux_ml_kem_polynomial_ZERO_89_e4(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2021,7 +2021,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_ce( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2042,7 +2042,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_fb( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_31( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2069,7 +2069,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ad( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_0a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2092,7 +2092,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_b7( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_7c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2113,13 +2113,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_26(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_92(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_3e(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_60(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2132,7 +2132,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9c( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2147,7 +2147,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9c( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_26( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_92( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2165,22 +2165,22 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_de( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_fb(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ad(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_b7(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9c(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_31(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_0a(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_7c(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a6(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9c(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a6(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9c(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a6(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9c(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a6(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_e6(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_25(re); } /** @@ -2195,7 +2195,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_89_0b( +libcrux_ml_kem_polynomial_subtract_reduce_89_3e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2225,21 +2225,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_2e( +libcrux_ml_kem_matrix_compute_message_bf( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_9b(); + libcrux_ml_kem_polynomial_ZERO_89_e4(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_44(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_91(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_1c(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_de(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_0b(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f8(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_3e(v, result); return result; } @@ -2250,7 +2250,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_23(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_ac(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2264,9 +2264,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_80( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_94( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_23(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_ac(vector); } /** @@ -2277,8 +2277,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_14(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_80(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_10(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_94(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2292,13 +2292,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_a2( +libcrux_ml_kem_serialize_compress_then_serialize_message_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_14( + libcrux_ml_kem_vector_traits_to_unsigned_representative_10( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); @@ -2347,20 +2347,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_1e( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_ea( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8e(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8c(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e1( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_19( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_2e(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_bf(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_a2(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_0c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2375,11 +2375,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_c4(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_56(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_62(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_3d(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2391,7 +2391,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_c4(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_1e(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_ea(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2450,9 +2450,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_47( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_46( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_9b(); + return libcrux_ml_kem_polynomial_ZERO_89_e4(); } /** @@ -2469,10 +2469,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e6( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d4( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_9b(); + libcrux_ml_kem_polynomial_ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2500,12 +2500,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_09( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_e4(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -2518,7 +2518,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_09( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e6( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d4( ring_element); deserialized_pk[i0] = uu____0; } @@ -2535,8 +2535,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_11(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_9b(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_05(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_e4(); } /** @@ -2546,10 +2546,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_b9( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_34( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_e4(); } } @@ -2695,7 +2695,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f9( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_01( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2827,7 +2827,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f90( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_010( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2874,9 +2874,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_89_46(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_89_b6(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_9b(); + libcrux_ml_kem_polynomial_ZERO_89_e4(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2895,8 +2895,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_19(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_46( +libcrux_ml_kem_sampling_sample_from_xof_closure_fb(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_b6( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2907,7 +2907,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_af( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_5b( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -2924,7 +2924,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_af( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f9( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_01( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -2937,7 +2937,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_af( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f90( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_010( copy_of_randomness, sampled_coefficients, out); } } @@ -2947,7 +2947,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_af( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_19(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_fb(copy_of_out[i]); } memcpy( ret, ret0, @@ -2961,12 +2961,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ac( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_04( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_b9(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_34(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -2986,7 +2986,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ac( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_af(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_5b(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3030,8 +3030,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_d3(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_9b(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_69(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_e4(); } /** @@ -3142,7 +3142,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ee( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_bd( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3177,7 +3177,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ee( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_46( + return libcrux_ml_kem_polynomial_from_i16_array_89_b6( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3189,7 +3189,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_c4( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_6f( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3223,7 +3223,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_c4( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_46( + return libcrux_ml_kem_polynomial_from_i16_array_89_b6( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3235,9 +3235,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_5d( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ee( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_bd( randomness); } @@ -3248,7 +3248,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_fd( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_b2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3270,20 +3270,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b2( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_7c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_fd(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_b2(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_c4(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_2d(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_42(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_e6(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_9e(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_41(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_25(re); } /** @@ -3300,11 +3300,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_88(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_e4(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3323,9 +3323,9 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_5d( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b2(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_7c(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; @@ -3350,8 +3350,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_8a(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_9b(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_97(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_e4(); } /** @@ -3367,11 +3367,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_71(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_96(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_e4(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3390,7 +3390,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_71(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_5d( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -3445,8 +3445,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_c1(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_9b(); +libcrux_ml_kem_matrix_compute_vector_u_closure_ce(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_e4(); } /** @@ -3460,7 +3460,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_6d( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_8a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3485,14 +3485,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_58( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_5c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_e4(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3513,12 +3513,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_58( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_44(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_89_91(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_1c(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_de(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_6d(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f8(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_8a(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3532,7 +3532,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_2e(__m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_ed(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3547,10 +3547,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_bd( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_f9( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_9b(); + libcrux_ml_kem_polynomial_ZERO_89_e4(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = @@ -3558,7 +3558,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_bd( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_2e(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_ed(coefficient_compressed); } return re; } @@ -3575,7 +3575,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_d2( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3606,22 +3606,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_73( +libcrux_ml_kem_matrix_compute_ring_element_v_d2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_9b(); + libcrux_ml_kem_polynomial_ZERO_89_e4(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_44(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_91(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_1c(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_de(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_d2( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f8(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_80( error_2, message, result); return result; } @@ -3634,7 +3634,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_25( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_21( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3689,9 +3689,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_8c( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_73( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_25( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_21( vector); } @@ -3703,14 +3703,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_fe( +libcrux_ml_kem_serialize_compress_then_serialize_10_eb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_8c( - libcrux_ml_kem_vector_traits_to_unsigned_representative_14( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_73( + libcrux_ml_kem_vector_traits_to_unsigned_representative_10( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); @@ -3730,7 +3730,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_250( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_210( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3785,9 +3785,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_8c0( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_730( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_250( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_210( vector); } @@ -3799,14 +3799,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_c6( +libcrux_ml_kem_serialize_compress_then_serialize_11_01( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_8c0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_14( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_730( + libcrux_ml_kem_vector_traits_to_unsigned_representative_10( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); @@ -3827,10 +3827,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_61( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_fe(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_eb(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3847,7 +3847,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e6( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3863,7 +3863,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e6( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_61(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_f1(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3878,7 +3878,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_251( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_211( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3933,9 +3933,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_8c1( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_731( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_251( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_211( vector); } @@ -3947,14 +3947,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_54( +libcrux_ml_kem_serialize_compress_then_serialize_4_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_8c1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_14( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_731( + libcrux_ml_kem_vector_traits_to_unsigned_representative_10( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); @@ -3973,7 +3973,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_252( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_212( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4028,9 +4028,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_8c2( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_732( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_252( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_212( vector); } @@ -4042,14 +4042,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_9f( +libcrux_ml_kem_serialize_compress_then_serialize_5_ed( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_8c2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_14( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_732( + libcrux_ml_kem_vector_traits_to_unsigned_representative_10( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); @@ -4069,9 +4069,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6b( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_9e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_54(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_f0(re, out); } /** @@ -4092,12 +4092,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_c1(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_cb(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_09( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f4( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -4105,13 +4105,13 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_c1(Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_ac(ret0, false, A); + libcrux_ml_kem_matrix_sample_matrix_A_04(ret0, false, A); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_88( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -4121,7 +4121,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_c1(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_71( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_96( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4133,29 +4133,29 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_c1(Eurydice_slice public_key, libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_5d( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_58(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_5c(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_bd( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_f9( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_73( + libcrux_ml_kem_matrix_compute_ring_element_v_d2( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e6( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_61( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6b( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_9e( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4173,7 +4173,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_aa( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_80( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -4205,7 +4205,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_13( +static inline void libcrux_ml_kem_ind_cca_decapsulate_e5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4223,7 +4223,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_13( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_c4(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_56(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -4247,7 +4247,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_13( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( @@ -4258,18 +4258,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_13( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_c1(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_cb(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_aa( + libcrux_ml_kem_variant_kdf_d8_80( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_aa(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_d8_80(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ae(ciphertext), + libcrux_ml_kem_types_as_ref_00_dd(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4302,10 +4302,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_1c( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_14( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_13(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e5(private_key, ciphertext, ret); } /** @@ -4319,304 +4319,10 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_1c(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_14(private_key, ciphertext, ret); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_ad( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_71( - copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_58(public_key->A, r_as_ntt, error_1, - u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_bd( - copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_73( - public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e6( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6b( - uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_d9( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_1e( - &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_e1( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_ea0( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ae(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_ad( - uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ae(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_bd( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_d9(key_pair, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_bd( - private_key, ciphertext, ret); -} - /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)#1} @@ -4628,7 +4334,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_f4( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_6d( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4671,11 +4377,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_db( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_51( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_f4( + libcrux_ml_kem_variant_entropy_preprocess_d8_6d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -4686,7 +4392,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_db( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_25(public_key), + libcrux_ml_kem_types_as_slice_cb_26(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4701,20 +4407,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_db( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_25(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_26(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_c1(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_cb(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_1e(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_31(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_aa(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_80(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4746,14 +4452,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_0a( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_41( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_db(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_51(uu____0, copy_of_randomness); } /** @@ -4771,131 +4477,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_0a( - uu____0, copy_of_randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_6e( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_e1( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_ad(uu____2, copy_of_randomness, - pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_1e(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_34( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_6e(uu____0, - copy_of_randomness); -} - -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_34( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_41( uu____0, copy_of_randomness); } @@ -4910,7 +4492,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_45( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_1c( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4934,8 +4516,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_dc(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_9b(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_e0(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_e4(); } /** @@ -4945,7 +4527,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_c8( +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_b0( __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -4963,14 +4545,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_06( +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_5b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_c8( + libcrux_ml_kem_vector_traits_to_standard_domain_b0( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, @@ -4988,14 +4570,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_58( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_e4(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5017,12 +4599,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_58( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_44(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_89_91(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_89_1c(&result[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_06( + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_5b( &result[i1], &error_as_ntt[i1]); } memcpy( @@ -5038,14 +4620,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_aa( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_30( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_14( + libcrux_ml_kem_vector_traits_to_unsigned_representative_10( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); @@ -5068,7 +4650,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_79( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_91( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5086,7 +4668,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_79( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_aa(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_30(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5105,14 +4687,14 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_5a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_59( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_79(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_91(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5136,9 +4718,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_b7(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_fd(Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_45(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_1c(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5147,14 +4729,14 @@ libcrux_ml_kem_ind_cpa_generate_keypair_b7(Eurydice_slice key_generation_seed) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_ac(ret, true, A_transpose); + libcrux_ml_kem_matrix_sample_matrix_A_04(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_88( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( @@ -5167,23 +4749,23 @@ libcrux_ml_kem_ind_cpa_generate_keypair_b7(Eurydice_slice key_generation_seed) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_88(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_58(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_40(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_5a( + libcrux_ml_kem_ind_cpa_serialize_public_key_59( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_79(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_91(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5212,7 +4794,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_9c( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5277,7 +4859,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_50(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_19(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5286,13 +4868,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_50(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_b7(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_fd(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5a( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_9c( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5301,13 +4883,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_50(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_0b(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_f2(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_9c( - uu____2, libcrux_ml_kem_types_from_b6_b0(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_35( + uu____2, libcrux_ml_kem_types_from_b6_da(copy_of_public_key)); } /** @@ -5326,12 +4908,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_a5( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_c6( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_50(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_19(copy_of_randomness); } /** @@ -5343,336 +4925,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_a5( - copy_of_randomness); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; -} tuple_9b0; - -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_53( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_45(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_ac(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(copy_of_prf_input, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_58(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_27(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_9b(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_16( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); - } -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_d5_41( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - __m256i ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, __m256i, void *); - memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_81(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_53( - ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_16(i, A[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_41(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1; - } - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_5a( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_a1( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** - Unpacked API -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_f3( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_81( - copy_of_randomness); -} - -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_f3( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_c6( copy_of_randomness); } @@ -5688,7 +4941,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_e8( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_62( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5699,7 +4952,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_e8( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_3e(ciphertext), + libcrux_ml_kem_types_as_slice_d4_1d(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -5733,7 +4986,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_130( +static inline void libcrux_ml_kem_ind_cca_decapsulate_e50( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5751,7 +5004,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_130( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_c4(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_56(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5775,7 +5028,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_130( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( @@ -5786,18 +5039,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_130( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_c1(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_cb(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_e8( + libcrux_ml_kem_variant_kdf_33_62( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_e8(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_33_62(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ae(ciphertext), + libcrux_ml_kem_types_as_ref_00_dd(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5831,10 +5084,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_74( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_f4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_130(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e50(private_key, ciphertext, ret); } /** @@ -5848,7 +5101,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_74( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_f4( private_key, ciphertext, ret); } @@ -5863,7 +5116,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_6c( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_91( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_a1(randomness, ret); } @@ -5888,11 +5141,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_db0( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_510( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_6c( + libcrux_ml_kem_variant_entropy_preprocess_33_91( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5903,7 +5156,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_db0( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_25(public_key), + libcrux_ml_kem_types_as_slice_cb_26(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5918,20 +5171,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_db0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_25(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_26(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_c1(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_cb(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_1e(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_31(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_e8(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_62(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5966,14 +5219,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_04( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_9d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_db0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_510(uu____0, copy_of_randomness); } /** @@ -5991,7 +5244,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_04( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_9d( uu____0, copy_of_randomness); } @@ -6006,7 +5259,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_2c( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_30( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G_a9_e1(key_generation_seed, ret); } @@ -6025,10 +5278,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_b70( +libcrux_ml_kem_ind_cpa_generate_keypair_fd0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_2c(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_30(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6037,14 +5290,14 @@ libcrux_ml_kem_ind_cpa_generate_keypair_b70( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_ac(ret, true, A_transpose); + libcrux_ml_kem_matrix_sample_matrix_A_04(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_88( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( @@ -6057,23 +5310,23 @@ libcrux_ml_kem_ind_cpa_generate_keypair_b70( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_88(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_58(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_40(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_5a( + libcrux_ml_kem_ind_cpa_serialize_public_key_59( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_79(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_91(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6114,7 +5367,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_500(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_190(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6123,13 +5376,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_500(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_b70(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_fd0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5a( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_9c( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6138,13 +5391,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_500(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_0b(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_f2(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_9c( - uu____2, libcrux_ml_kem_types_from_b6_b0(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_35( + uu____2, libcrux_ml_kem_types_from_b6_da(copy_of_public_key)); } /** @@ -6161,12 +5414,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_38( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_e9( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_500(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_190(copy_of_randomness); } /** @@ -6178,7 +5431,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_38( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_e9( copy_of_randomness); } @@ -6191,9 +5444,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_470( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_460( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_9b(); + return libcrux_ml_kem_polynomial_ZERO_89_e4(); } /** @@ -6211,12 +5464,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_090( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f40( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_e4(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -6229,7 +5482,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_090( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e6( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d4( ring_element); deserialized_pk[i0] = uu____0; } @@ -6247,16 +5500,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_ce( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_52( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_090( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f40( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_5a( + libcrux_ml_kem_ind_cpa_serialize_public_key_59( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6278,9 +5531,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_fc( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_4d( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_ce(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_52(public_key); } /** @@ -6292,7 +5545,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_fc( + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_4d( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index e112cd90b..4e5fff02c 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 */ #ifndef __libcrux_mlkem768_portable_H @@ -28,26 +28,6 @@ extern "C" { #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_THREE_BLOCKS \ (LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE * (size_t)3U) -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G( - Eurydice_slice input, uint8_t ret[64U]) { - uint8_t digest[64U] = {0U}; - libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); - memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H( - Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -typedef struct libcrux_ml_kem_hash_functions_neon_Simd128Hash_s { - libcrux_sha3_neon_x2_incremental_KeccakState shake128_state[2U]; -} libcrux_ml_kem_hash_functions_neon_Simd128Hash; - static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; @@ -2446,7 +2426,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_89_8d(void) { +libcrux_ml_kem_polynomial_ZERO_89_ea(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2474,8 +2454,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_da(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_8d(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_36(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_ea(); } /** @@ -2485,10 +2465,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ac( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_8d(); + libcrux_ml_kem_polynomial_ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2510,12 +2490,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_e8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_e7( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2528,7 +2508,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_e8( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ac( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8b( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2556,8 +2536,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_3e(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_8d(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_58(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_ea(); } /** @@ -2567,7 +2547,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_05( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2592,9 +2572,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_83( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_05( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b( v); } @@ -2605,10 +2585,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_21( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_07( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_8d(); + libcrux_ml_kem_polynomial_ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -2617,7 +2597,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_21( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_83( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a( coefficient); re.coefficients[i0] = uu____0; } @@ -2631,7 +2611,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_050( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2656,9 +2636,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_830( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_050( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b0( v); } @@ -2669,10 +2649,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_e0( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_8b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_8d(); + libcrux_ml_kem_polynomial_ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2681,7 +2661,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_e0( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_830( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a0( coefficient); re.coefficients[i0] = uu____0; } @@ -2695,9 +2675,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_b5( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ab( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_21(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_07(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2712,7 +2692,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_67( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2726,12 +2706,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0c( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_67(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2745,7 +2725,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2758,7 +2738,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0c( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2775,7 +2755,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_a6( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_fd( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2795,7 +2775,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_23( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_ad( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2817,7 +2797,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_43( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_a2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2847,7 +2827,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_61( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2865,21 +2845,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_8b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_a6(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_23(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_43(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_61(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_fd(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_ad(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_a2(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(re); } /** @@ -2895,12 +2875,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_48( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_2a( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2920,9 +2900,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_48( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_b5( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ab( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_8b(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_55(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2936,7 +2916,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_051( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2961,9 +2941,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_831( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_051( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b1( v); } @@ -2974,10 +2954,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_12( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_57( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_8d(); + libcrux_ml_kem_polynomial_ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -2986,7 +2966,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_831( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a1( coefficient); re.coefficients[i0] = uu____0; } @@ -3000,7 +2980,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_052( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3025,9 +3005,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_832( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_052( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b2( v); } @@ -3038,10 +3018,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_84( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_65( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_8d(); + libcrux_ml_kem_polynomial_ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3050,7 +3030,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_84( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_832( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a2( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3064,9 +3044,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c6( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b6( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_12(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_57(serialized); } /** @@ -3107,11 +3087,11 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_89_17( +libcrux_ml_kem_polynomial_ntt_multiply_89_2a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_89_8d(); + libcrux_ml_kem_polynomial_ZERO_89_ea(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3148,7 +3128,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_e8( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_84( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3172,7 +3152,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_17( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_28( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3198,7 +3178,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_bb( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_f7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3220,7 +3200,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_f2( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_44( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3242,7 +3222,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_27( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_de( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3250,7 +3230,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_67(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3263,7 +3243,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8d( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_33( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3278,7 +3258,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8d( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_27( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_de( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3295,22 +3275,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c1( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_17(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_bb(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_f2(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_28(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_f7(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_44(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_33(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_33(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_33(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_33(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_61(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(re); } /** @@ -3324,7 +3304,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_b6( +libcrux_ml_kem_polynomial_subtract_reduce_89_97( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3356,21 +3336,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_bc( +libcrux_ml_kem_matrix_compute_message_97( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_8d(); + libcrux_ml_kem_polynomial_ZERO_89_ea(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_17(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_2a(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c1(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_b6(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cb(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_97(v, result); return result; } @@ -3380,7 +3360,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_68( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_94( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3400,9 +3380,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_f2( +libcrux_ml_kem_vector_portable_shift_right_0d_19( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_68(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_94(v); } /** @@ -3412,10 +3392,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_57( +libcrux_ml_kem_vector_traits_to_unsigned_representative_db( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_f2(a); + libcrux_ml_kem_vector_portable_shift_right_0d_19(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3429,13 +3409,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_4c( +libcrux_ml_kem_serialize_compress_then_serialize_message_25( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_57( + libcrux_ml_kem_vector_traits_to_unsigned_representative_db( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3485,20 +3465,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_25( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b5( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_48(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_2a(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c6( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b6( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_bc(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_97(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_4c(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_25(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3512,11 +3492,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_a2(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_49(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_e8(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_e7(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3528,7 +3508,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_a2(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_25(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_b5(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3583,9 +3563,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_30( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cd( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_8d(); + return libcrux_ml_kem_polynomial_ZERO_89_ea(); } /** @@ -3601,10 +3581,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b0( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_4c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_8d(); + libcrux_ml_kem_polynomial_ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3633,12 +3613,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1c( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_33( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -3651,7 +3631,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1c( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b0( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_4c( ring_element); deserialized_pk[i0] = uu____0; } @@ -3668,8 +3648,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_2a(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_8d(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_78(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_ea(); } /** @@ -3679,10 +3659,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_08( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_4b( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); } } @@ -3830,7 +3810,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_2c( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3951,7 +3931,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_2c0( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db0( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3997,9 +3977,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_89_ca(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_89_c1(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_8d(); + libcrux_ml_kem_polynomial_ZERO_89_ea(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -4020,8 +4000,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_2f(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_ca( +libcrux_ml_kem_sampling_sample_from_xof_closure_04(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_c1( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4032,7 +4012,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_d4( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_3f( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -4049,7 +4029,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_d4( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_2c( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -4062,7 +4042,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_d4( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_2c0( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db0( copy_of_randomness, sampled_coefficients, out); } } @@ -4072,7 +4052,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_2f(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_04(copy_of_out[i]); } memcpy( ret, ret0, @@ -4086,12 +4066,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_05( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_38( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_08(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_4b(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -4111,7 +4091,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_05( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_d4(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_3f(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4155,8 +4135,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_71(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_8d(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_f7(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_ea(); } /** @@ -4248,7 +4228,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_52( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_85( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4283,7 +4263,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_52( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_ca( + return libcrux_ml_kem_polynomial_from_i16_array_89_c1( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4294,7 +4274,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_b0( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_eb( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4328,7 +4308,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_b0( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_ca( + return libcrux_ml_kem_polynomial_from_i16_array_89_c1( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4339,9 +4319,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_52( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_85( randomness); } @@ -4351,7 +4331,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_09( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4374,20 +4354,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_28( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_09(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_f4(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_a6(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_23(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_43(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_61(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_fd(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_ad(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_a2(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(re); } /** @@ -4404,11 +4384,11 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4427,9 +4407,9 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_28(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0f(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; @@ -4454,8 +4434,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_c7(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_8d(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_f4(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_ea(); } /** @@ -4471,11 +4451,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_53(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_d5(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4494,7 +4474,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_53(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -4546,8 +4526,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_22(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_8d(); +libcrux_ml_kem_matrix_compute_vector_u_closure_23(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_ea(); } /** @@ -4560,7 +4540,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_97( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4587,14 +4567,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_3d( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4615,12 +4595,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_3d( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_17(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_89_2a(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c1(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_3a(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cb(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_97(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4634,7 +4614,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_7e( +libcrux_ml_kem_vector_traits_decompress_1_3b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4649,10 +4629,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_e6( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_63( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_8d(); + libcrux_ml_kem_polynomial_ZERO_89_ea(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4662,7 +4642,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_e6( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_7e(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_3b(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4679,7 +4659,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_4a( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4712,22 +4692,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_da( +libcrux_ml_kem_matrix_compute_ring_element_v_24( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_8d(); + libcrux_ml_kem_polynomial_ZERO_89_ea(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_17(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_2a(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c1(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_4a( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cb(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_7b( error_2, message, result); return result; } @@ -4738,7 +4718,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_13( +libcrux_ml_kem_vector_portable_compress_compress_02( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4761,9 +4741,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_99( +libcrux_ml_kem_vector_portable_compress_0d_28( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_13(v); + return libcrux_ml_kem_vector_portable_compress_compress_02(v); } /** @@ -4773,15 +4753,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_69( +libcrux_ml_kem_serialize_compress_then_serialize_10_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_99( - libcrux_ml_kem_vector_traits_to_unsigned_representative_57( + libcrux_ml_kem_vector_portable_compress_0d_28( + libcrux_ml_kem_vector_traits_to_unsigned_representative_db( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4799,7 +4779,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_130( +libcrux_ml_kem_vector_portable_compress_compress_020( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4822,9 +4802,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_990( +libcrux_ml_kem_vector_portable_compress_0d_280( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_130(v); + return libcrux_ml_kem_vector_portable_compress_compress_020(v); } /** @@ -4834,15 +4814,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_7b( +libcrux_ml_kem_serialize_compress_then_serialize_11_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_990( - libcrux_ml_kem_vector_traits_to_unsigned_representative_57( + libcrux_ml_kem_vector_portable_compress_0d_280( + libcrux_ml_kem_vector_traits_to_unsigned_representative_db( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4862,10 +4842,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_80( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_69(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_8b(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4881,7 +4861,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_08( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4897,7 +4877,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_08( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_80(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_60(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4910,7 +4890,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_131( +libcrux_ml_kem_vector_portable_compress_compress_021( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4933,9 +4913,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_991( +libcrux_ml_kem_vector_portable_compress_0d_281( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_131(v); + return libcrux_ml_kem_vector_portable_compress_compress_021(v); } /** @@ -4945,15 +4925,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_c2( +libcrux_ml_kem_serialize_compress_then_serialize_4_e5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_991( - libcrux_ml_kem_vector_traits_to_unsigned_representative_57( + libcrux_ml_kem_vector_portable_compress_0d_281( + libcrux_ml_kem_vector_traits_to_unsigned_representative_db( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4970,7 +4950,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_132( +libcrux_ml_kem_vector_portable_compress_compress_022( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4993,9 +4973,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_992( +libcrux_ml_kem_vector_portable_compress_0d_282( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_132(v); + return libcrux_ml_kem_vector_portable_compress_compress_022(v); } /** @@ -5005,15 +4985,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_0a( +libcrux_ml_kem_serialize_compress_then_serialize_5_73( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_992( - libcrux_ml_kem_vector_traits_to_unsigned_representative_57( + libcrux_ml_kem_vector_portable_compress_0d_282( + libcrux_ml_kem_vector_traits_to_unsigned_representative_db( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -5032,9 +5012,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7f( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_5b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_c2(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_e5(re, out); } /** @@ -5055,12 +5035,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_59(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_ff(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1c( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_33( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -5068,13 +5048,13 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_59(Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_05(ret0, false, A); + libcrux_ml_kem_matrix_sample_matrix_A_38(ret0, false, A); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -5084,7 +5064,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_59(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_53( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_d5( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5096,29 +5076,29 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_59(Eurydice_slice public_key, libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_3d(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_3a(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_e6( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_63( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_da( + libcrux_ml_kem_matrix_compute_ring_element_v_24( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_08( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c3( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7f( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_5b( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5135,7 +5115,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_86( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_41( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -5166,7 +5146,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_1c( +static inline void libcrux_ml_kem_ind_cca_decapsulate_da( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5184,7 +5164,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1c( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_a2(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_49(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5208,7 +5188,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1c( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( @@ -5219,18 +5199,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1c( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_59(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_ff(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_86( + libcrux_ml_kem_variant_kdf_d8_41( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_86(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_d8_41(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ae(ciphertext), + libcrux_ml_kem_types_as_ref_00_dd(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5263,10 +5243,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_90( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_62( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_1c(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_da(private_key, ciphertext, ret); } /** @@ -5279,299 +5259,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_90( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_90( - private_key, ciphertext, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8; - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_4c( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_53( - copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_3d(public_key->A, r_as_ntt, error_1, - u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_e6( - copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_da( - public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_08( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7f( - uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_d5( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_25( - &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_e4( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_ea0( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ae(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_4c( - uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ae(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_ba( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_d5(key_pair, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ -static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_ba( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_62( private_key, ciphertext, ret); } @@ -5585,7 +5273,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_63( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5626,11 +5314,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_3b( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b5( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_f0( + libcrux_ml_kem_variant_entropy_preprocess_d8_63( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5641,7 +5329,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_3b( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_25(public_key), + libcrux_ml_kem_types_as_slice_cb_26(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5656,20 +5344,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_3b( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_25(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_26(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_59(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_ff(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_1e(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_31(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_86(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_41(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5700,14 +5388,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_31( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_9c( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_3b(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_b5(uu____0, copy_of_randomness); } /** @@ -5724,129 +5412,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_31( - uu____0, copy_of_randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_5b( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_e4( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_4c(uu____2, copy_of_randomness, - pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_1e(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_43( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_5b(uu____0, - copy_of_randomness); -} - -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_43( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_9c( uu____0, copy_of_randomness); } @@ -5860,7 +5426,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_68( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_0e( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -5883,8 +5449,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_bd(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_8d(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_87(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_ea(); } /** @@ -5894,7 +5460,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_a8( +libcrux_ml_kem_vector_traits_to_standard_domain_59( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5911,7 +5477,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_22( +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_03( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5919,7 +5485,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_22( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_a8( + libcrux_ml_kem_vector_traits_to_standard_domain_59( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5938,14 +5504,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_cb( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5967,12 +5533,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_cb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_17(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_89_2a(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_22( + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_03( &result[i1], &error_as_ntt[i1]); } memcpy( @@ -5987,14 +5553,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_3a( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_57( + libcrux_ml_kem_vector_traits_to_unsigned_representative_db( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -6016,7 +5582,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_87( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -6034,7 +5600,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_87( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_3a(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5b(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -6052,14 +5618,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_04( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_87(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_b5(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6082,9 +5648,9 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_d5(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_fc(Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_68(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_0e(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6093,14 +5659,14 @@ libcrux_ml_kem_ind_cpa_generate_keypair_d5(Eurydice_slice key_generation_seed) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_05(ret, true, A_transpose); + libcrux_ml_kem_matrix_sample_matrix_A_38(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7( + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( @@ -6113,23 +5679,23 @@ libcrux_ml_kem_ind_cpa_generate_keypair_d5(Eurydice_slice key_generation_seed) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_cb(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_60(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_04( + libcrux_ml_kem_ind_cpa_serialize_public_key_79( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_87(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_b5(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6157,7 +5723,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_de( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_48( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -6221,7 +5787,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_95(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_8c(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6230,13 +5796,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_95(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_d5(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_fc(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_de( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_48( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6245,13 +5811,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_95(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_0b(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_f2(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_9c( - uu____2, libcrux_ml_kem_types_from_b6_b0(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_35( + uu____2, libcrux_ml_kem_types_from_b6_da(copy_of_public_key)); } /** @@ -6270,12 +5836,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_19( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d5( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_95(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_8c(copy_of_randomness); } /** @@ -6286,336 +5852,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_19( - copy_of_randomness); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]] - -*/ -typedef struct tuple_9b_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 snd; -} tuple_9b; - -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_7b( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_05(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7(copy_of_prf_input, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_cb(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_c8(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_8d(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_d8( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); - } -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_d5_a5( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; - libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * - sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_cb(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_7b( - ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_d8(i, A[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_a5(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1; - } - } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_04( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_1a( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** - Unpacked API -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with -const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_20( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_cb( - copy_of_randomness); -} - -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_20( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d5( copy_of_randomness); } @@ -6630,7 +5867,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_78( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_f0( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -6641,7 +5878,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_78( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_3e(ciphertext), + libcrux_ml_kem_types_as_slice_d4_1d(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -6674,7 +5911,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_1c0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_da0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6692,7 +5929,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1c0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_a2(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_49(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -6716,7 +5953,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1c0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( @@ -6727,18 +5964,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1c0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_59(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_ff(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_78( + libcrux_ml_kem_variant_kdf_33_f0( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_78(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_33_f0(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ae(ciphertext), + libcrux_ml_kem_types_as_ref_00_dd(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6772,10 +6009,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_ee( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_10( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_1c0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_da0(private_key, ciphertext, ret); } /** @@ -6788,7 +6025,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_ee( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_ee( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_10( private_key, ciphertext, ret); } @@ -6802,7 +6039,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_64( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_8a( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_1a(randomness, ret); } @@ -6826,11 +6063,11 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_3b0( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b50( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_64( + libcrux_ml_kem_variant_entropy_preprocess_33_8a( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -6841,7 +6078,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_3b0( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_25(public_key), + libcrux_ml_kem_types_as_slice_cb_26(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6856,20 +6093,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_3b0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_25(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_26(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_59(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_ff(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_1e(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_31(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_78(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_f0(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6904,14 +6141,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_03( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_48( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_3b0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_b50(uu____0, copy_of_randomness); } /** @@ -6928,7 +6165,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_03( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_48( uu____0, copy_of_randomness); } @@ -6942,7 +6179,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_d8( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_b6( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G_f1_e4(key_generation_seed, ret); } @@ -6960,10 +6197,10 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_d50( +libcrux_ml_kem_ind_cpa_generate_keypair_fc0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_d8(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_b6(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6972,14 +6209,14 @@ libcrux_ml_kem_ind_cpa_generate_keypair_d50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_05(ret, true, A_transpose); + libcrux_ml_kem_matrix_sample_matrix_A_38(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7( + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( @@ -6992,23 +6229,23 @@ libcrux_ml_kem_ind_cpa_generate_keypair_d50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_cb(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_60(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_04( + libcrux_ml_kem_ind_cpa_serialize_public_key_79( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_87(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_b5(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -7048,7 +6285,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_950(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_8c0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -7057,13 +6294,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_950(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_d50(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_fc0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_de( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_48( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7072,13 +6309,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_950(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_0b(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_f2(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_9c( - uu____2, libcrux_ml_kem_types_from_b6_b0(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_35( + uu____2, libcrux_ml_kem_types_from_b6_da(copy_of_public_key)); } /** @@ -7094,12 +6331,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_b8( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_9b( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_950(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_8c0(copy_of_randomness); } /** @@ -7111,7 +6348,7 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_b8( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_9b( copy_of_randomness); } @@ -7123,9 +6360,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_300( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cd0( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_8d(); + return libcrux_ml_kem_polynomial_ZERO_89_ea(); } /** @@ -7142,12 +6379,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1c0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_330( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -7160,7 +6397,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1c0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b0( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_4c( ring_element); deserialized_pk[i0] = uu____0; } @@ -7177,16 +6414,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_79( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_19( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1c0( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_330( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_04( + libcrux_ml_kem_ind_cpa_serialize_public_key_79( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -7207,9 +6444,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_7f( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_79(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_19(public_key); } /** @@ -7220,7 +6457,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_7f( static inline Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_7f( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 5d5dd3c96..1dc4635ed 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index e8d675b08..3e8e953d8 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -7,8 +7,8 @@ * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 */ #ifndef __libcrux_sha3_portable_H @@ -2155,95 +2155,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( libcrux_sha3_portable_keccakx1_ce1(buf0, buf); } -/** - A portable SHA3 512 implementation. -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - A portable SHA3 256 implementation. -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - Run SHAKE256 on both inputs in parallel. - - Writes the two results into `out0` and `out1` -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - typedef libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_KeccakState; -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; -} libcrux_sha3_neon_x2_incremental_KeccakState; - -/** - Initialise the `KeccakState2`. -*/ -static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState -libcrux_sha3_neon_x2_incremental_shake128_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. -*/ -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, - Eurydice_slice data1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - Squeeze 2 times the next block in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - Squeeze 2 times the first three blocks in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - /** Create a new SHAKE-128 state object. */ @@ -3547,6 +3461,16 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + A portable SHA3 256 implementation. +*/ +static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, + Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + /** A portable SHA3 384 implementation. */ @@ -3557,6 +3481,82 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + A portable SHA3 512 implementation. +*/ +static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, + Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ +static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; +} libcrux_sha3_neon_x2_incremental_KeccakState; + +/** + Initialise the `KeccakState2`. +*/ +static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState +libcrux_sha3_neon_x2_incremental_shake128_init(void) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, + Eurydice_slice data1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks with types uint64_t From ad45801411b58a5b3b34de856f7ab2ef365b8fa8 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 22 Aug 2024 10:41:28 +0200 Subject: [PATCH 084/172] mldsa feature detection - add build.rs for feature detection - add instantiations for 44 - add neon sha3 --- libcrux-ml-dsa/Cargo.toml | 3 +- libcrux-ml-dsa/benches/bench_utils.rs | 15 +- libcrux-ml-dsa/benches/manual44.rs | 21 +- libcrux-ml-dsa/build.rs | 34 +++ libcrux-ml-dsa/src/hash_functions.rs | 177 +++++++-------- libcrux-ml-dsa/src/ml_dsa_44.rs | 203 +++++++++--------- libcrux-ml-dsa/src/ml_dsa_65.rs | 6 - libcrux-ml-dsa/src/ml_dsa_87.rs | 6 - libcrux-ml-dsa/src/ml_dsa_generic.rs | 18 +- .../src/ml_dsa_generic/instantiations.rs | 141 ++++++++++++ libcrux-ml-dsa/src/sample.rs | 2 +- libcrux-ml-dsa/tests/nistkats.rs | 32 ++- libcrux-ml-dsa/tests/self.rs | 76 +++++-- libcrux-ml-dsa/tests/wycheproof_sign.rs | 31 ++- libcrux-ml-dsa/tests/wycheproof_verify.rs | 30 ++- libcrux-ml-kem/src/hash_functions.rs | 4 +- libcrux-sha3/src/lib.rs | 77 ++++++- 17 files changed, 616 insertions(+), 260 deletions(-) create mode 100644 libcrux-ml-dsa/build.rs create mode 100644 libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs diff --git a/libcrux-ml-dsa/Cargo.toml b/libcrux-ml-dsa/Cargo.toml index 5408a697b..47a96054a 100644 --- a/libcrux-ml-dsa/Cargo.toml +++ b/libcrux-ml-dsa/Cargo.toml @@ -22,7 +22,7 @@ hex = { version = "0.4.3", features = ["serde"] } serde_json = { version = "1.0" } serde = { version = "1.0", features = ["derive"] } criterion = "0.5" -pqcrypto-dilithium = { version = "0.5.0" } #, default-features = false +pqcrypto-dilithium = { version = "0.5.0" } #, default-features = false [features] simd128 = [] @@ -43,4 +43,3 @@ harness = false [[bench]] name = "ml-dsa" harness = false - diff --git a/libcrux-ml-dsa/benches/bench_utils.rs b/libcrux-ml-dsa/benches/bench_utils.rs index cc1b663eb..0ea3450e8 100644 --- a/libcrux-ml-dsa/benches/bench_utils.rs +++ b/libcrux-ml-dsa/benches/bench_utils.rs @@ -70,7 +70,8 @@ macro_rules! bench { #[macro_export] macro_rules! bench_group_libcrux { - ($variant:literal, $mod:ident, $keypair_t:ident, $signature_t:ident) => {{ + ($variant:literal, $mod:path, $keypair_t:ident, $signature_t:ident) => {{ + use $mod as p; bench!( "(libcrux) KeyGen", $variant, @@ -81,7 +82,7 @@ macro_rules! bench_group_libcrux { key_generation_seed }, |key_generation_seed: [u8; KEY_GENERATION_RANDOMNESS_SIZE]| { - $mod::generate_key_pair(key_generation_seed) + p::generate_key_pair(key_generation_seed) } ); @@ -94,7 +95,7 @@ macro_rules! bench_group_libcrux { bench_utils::random_array(); let signing_randomness: [u8; SIGNING_RANDOMNESS_SIZE] = bench_utils::random_array(); let message = bench_utils::random_array::<1023>(); - let keypair = $mod::generate_key_pair(key_generation_seed); + let keypair = p::generate_key_pair(key_generation_seed); (keypair, message, signing_randomness) }, @@ -102,7 +103,7 @@ macro_rules! bench_group_libcrux { $keypair_t, [u8; 1023], [u8; SIGNING_RANDOMNESS_SIZE] - )| { $mod::sign(&keypair.signing_key, &message, signing_randomness) } + )| { p::sign(&keypair.signing_key, &message, signing_randomness) } ); bench!( @@ -114,12 +115,12 @@ macro_rules! bench_group_libcrux { bench_utils::random_array(); let signing_randomness: [u8; SIGNING_RANDOMNESS_SIZE] = bench_utils::random_array(); let message = bench_utils::random_array::<1023>(); - let keypair = $mod::generate_key_pair(key_generation_seed); - let signature = $mod::sign(&keypair.signing_key, &message, signing_randomness); + let keypair = p::generate_key_pair(key_generation_seed); + let signature = p::sign(&keypair.signing_key, &message, signing_randomness); (keypair, message, signature) }, |(keypair, message, signature): ($keypair_t, [u8; 1023], $signature_t)| { - $mod::verify(&keypair.verification_key, &message, &signature).unwrap() + p::verify(&keypair.verification_key, &message, &signature).unwrap() } ); diff --git a/libcrux-ml-dsa/benches/manual44.rs b/libcrux-ml-dsa/benches/manual44.rs index 050296e14..a23a45a34 100644 --- a/libcrux-ml-dsa/benches/manual44.rs +++ b/libcrux-ml-dsa/benches/manual44.rs @@ -8,6 +8,25 @@ use pqcrypto_dilithium; mod bench_utils; fn main() { - bench_group_libcrux!("44", ml_dsa_44, MLDSA44KeyPair, MLDSA44Signature); + bench_group_libcrux!( + "44 portable", + ml_dsa_44::portable, + MLDSA44KeyPair, + MLDSA44Signature + ); + #[cfg(feature = "simd128")] + bench_group_libcrux!( + "44 sim1d28", + ml_dsa_44::neon, + MLDSA44KeyPair, + MLDSA44Signature + ); + #[cfg(feature = "simd256")] + bench_group_libcrux!( + "44 simd256", + ml_dsa_44::avx2, + MLDSA44KeyPair, + MLDSA44Signature + ); bench_group_pqclean!("44", dilithium2); } diff --git a/libcrux-ml-dsa/build.rs b/libcrux-ml-dsa/build.rs new file mode 100644 index 000000000..91a6fae70 --- /dev/null +++ b/libcrux-ml-dsa/build.rs @@ -0,0 +1,34 @@ +use std::env; + +fn main() { + let target_arch = env::var("CARGO_CFG_TARGET_ARCH").unwrap(); + let disable_simd128 = read_env("LIBCRUX_DISABLE_SIMD128"); + let disable_simd256 = read_env("LIBCRUX_DISABLE_SIMD256"); + + // Force a simd build. Make sure you know what you're doing. + let enable_simd128 = read_env("LIBCRUX_ENABLE_SIMD128"); + let enable_simd256 = read_env("LIBCRUX_ENABLE_SIMD256"); + + let simd128_possible = target_arch == "aarch64"; + if (simd128_possible || enable_simd128) && !disable_simd128 { + // We enable simd128 on all aarch64 builds. + println!("cargo:rustc-cfg=feature=\"simd128\""); + } + let simd126_possible = target_arch == "x86_64"; + if (simd126_possible || enable_simd256) && !disable_simd256 { + // We enable simd256 on all x86_64 builds. + // Note that this doesn't mean the required CPU features are available. + // But the compiler will support them and the runtime checks ensure that + // it's only used when available. + // + // We don't enable this on x86 because it seems to generate invalid code. + println!("cargo:rustc-cfg=feature=\"simd256\""); + } +} + +fn read_env(key: &str) -> bool { + match env::var(key) { + Ok(s) => s == "1" || s == "y" || s == "Y", + Err(_) => false, + } +} diff --git a/libcrux-ml-dsa/src/hash_functions.rs b/libcrux-ml-dsa/src/hash_functions.rs index 67177cf71..98ef7dc6a 100644 --- a/libcrux-ml-dsa/src/hash_functions.rs +++ b/libcrux-ml-dsa/src/hash_functions.rs @@ -48,16 +48,6 @@ pub(crate) mod shake128 { pub(crate) const BLOCK_SIZE: usize = 168; pub(crate) const FIVE_BLOCKS_SIZE: usize = BLOCK_SIZE * 5; - pub(crate) trait Xof { - fn init_absorb(input: &[u8]) -> Self; - - // TODO: - // - There should only be a `squeeze_block` and `squeeze_five_blocks` - // - Use mutable out instead if performance is better - fn squeeze_first_five_blocks(&mut self) -> [u8; FIVE_BLOCKS_SIZE]; - fn squeeze_next_block(&mut self) -> [u8; BLOCK_SIZE]; - } - /// When sampling matrix A we always want to do 4 absorb/squeeze calls in /// parallel. pub(crate) trait XofX4 { @@ -89,35 +79,6 @@ pub(crate) mod portable { use super::{shake128, shake256}; - /// Portable SHAKE 128 state - pub(crate) struct Shake128 { - state: KeccakState, - } - - impl shake128::Xof for Shake128 { - #[inline(always)] - fn init_absorb(input: &[u8]) -> Self { - let mut state = shake128_init(); - shake128_absorb_final(&mut state, &input); - - Self { state } - } - - #[inline(always)] - fn squeeze_first_five_blocks(&mut self) -> [u8; shake128::FIVE_BLOCKS_SIZE] { - let mut out = [0u8; shake128::FIVE_BLOCKS_SIZE]; - incremental::shake128_squeeze_first_five_blocks(&mut self.state, &mut out); - out - } - - #[inline(always)] - fn squeeze_next_block(&mut self) -> [u8; shake128::BLOCK_SIZE] { - let mut out = [0u8; shake128::BLOCK_SIZE]; - incremental::shake128_squeeze_next_block(&mut self.state, &mut out); - out - } - } - /// Portable SHAKE 128 x4 state. /// /// We're using a portable implementation so this is actually sequential. @@ -480,60 +441,32 @@ pub(crate) mod simd256 { pub(crate) mod neon { // FIXME: This is only a portable implementation for now. - use libcrux_sha3::portable::{ - incremental::{self, shake128_absorb_final, shake128_init}, - shake256, KeccakState, - }; + use libcrux_sha3::neon::x2::{self, incremental::KeccakState}; use super::{shake128, shake256}; - // TODO: - // - measure if neon is faster or slower for the sequential shakes. - - /// Neon SHAKE 128 state - pub(crate) struct PortableShake128 { - state: KeccakState, - } - - impl shake128::Xof for PortableShake128 { - #[inline(always)] - fn init_absorb(input: &[u8]) -> Self { - let mut state = shake128_init(); - shake128_absorb_final(&mut state, &input); - - Self { state } - } - - #[inline(always)] - fn squeeze_first_five_blocks(&mut self) -> [u8; shake128::FIVE_BLOCKS_SIZE] { - let mut out = [0u8; shake128::FIVE_BLOCKS_SIZE]; - incremental::shake128_squeeze_first_five_blocks(&mut self.state, &mut out); - out - } - - #[inline(always)] - fn squeeze_next_block(&mut self) -> [u8; shake128::BLOCK_SIZE] { - let mut out = [0u8; shake128::BLOCK_SIZE]; - incremental::shake128_squeeze_next_block(&mut self.state, &mut out); - out - } + pub(crate) struct Shake128x4 { + state: [KeccakState; 2], } - impl shake128::XofX4 for PortableShake128 { + impl shake128::XofX4 for Shake128x4 { /// Init the state and absorb 4 blocks in parallel. - /// We're using a portable implementation so this is actually sequential. - fn init_absorb(_input0: &[u8], _input1: &[u8], _input2: &[u8], _input3: &[u8]) -> Self { - todo!() + fn init_absorb(input0: &[u8], input1: &[u8], input2: &[u8], input3: &[u8]) -> Self { + let mut state = [x2::incremental::init(), x2::incremental::init()]; + x2::incremental::shake128_absorb_final(&mut state[0], &input0, &input1); + x2::incremental::shake128_absorb_final(&mut state[1], &input2, &input3); + Self { state } } fn squeeze_first_five_blocks( &mut self, - _out0: &mut [u8; shake128::FIVE_BLOCKS_SIZE], - _out1: &mut [u8; shake128::FIVE_BLOCKS_SIZE], - _out2: &mut [u8; shake128::FIVE_BLOCKS_SIZE], - _out3: &mut [u8; shake128::FIVE_BLOCKS_SIZE], + out0: &mut [u8; shake128::FIVE_BLOCKS_SIZE], + out1: &mut [u8; shake128::FIVE_BLOCKS_SIZE], + out2: &mut [u8; shake128::FIVE_BLOCKS_SIZE], + out3: &mut [u8; shake128::FIVE_BLOCKS_SIZE], ) { - todo!() + x2::incremental::shake128_squeeze_first_five_blocks(&mut self.state[0], out0, out1); + x2::incremental::shake128_squeeze_first_five_blocks(&mut self.state[1], out2, out3); } fn squeeze_next_block( @@ -544,36 +477,78 @@ pub(crate) mod neon { [u8; shake128::BLOCK_SIZE], [u8; shake128::BLOCK_SIZE], ) { - todo!() + let mut out0 = [0u8; shake128::BLOCK_SIZE]; + let mut out1 = [0u8; shake128::BLOCK_SIZE]; + let mut out2 = [0u8; shake128::BLOCK_SIZE]; + let mut out3 = [0u8; shake128::BLOCK_SIZE]; + x2::incremental::shake128_squeeze_next_block(&mut self.state[0], &mut out0, &mut out1); + x2::incremental::shake128_squeeze_next_block(&mut self.state[1], &mut out2, &mut out3); + + (out0, out1, out2, out3) } } - /// Portable SHAKE 256 state - pub(crate) struct PortableShake256 { - state: KeccakState, + /// Neon SHAKE 256 x4 state + pub(crate) struct Shake256x4 { + state: [KeccakState; 2], } - impl shake256::Xof for PortableShake256 { - fn shake256(input: &[u8], out: &mut [u8; OUTPUT_LENGTH]) { - shake256(out, input); + + impl shake256::XofX4 for Shake256x4 { + fn init_absorb(input0: &[u8], input1: &[u8], input2: &[u8], input3: &[u8]) -> Self { + let mut state = [x2::incremental::init(), x2::incremental::init()]; + x2::incremental::shake256_absorb_final(&mut state[0], &input0, &input1); + x2::incremental::shake256_absorb_final(&mut state[1], &input2, &input3); + Self { state } } - fn init_absorb(input: &[u8]) -> Self { - let mut state = incremental::shake256_init(); - incremental::shake256_absorb_final(&mut state, input); + fn squeeze_first_block( + &mut self, + ) -> ( + [u8; shake256::BLOCK_SIZE], + [u8; shake256::BLOCK_SIZE], + [u8; shake256::BLOCK_SIZE], + [u8; shake256::BLOCK_SIZE], + ) { + let mut out0 = [0u8; shake256::BLOCK_SIZE]; + let mut out1 = [0u8; shake256::BLOCK_SIZE]; + let mut out2 = [0u8; shake256::BLOCK_SIZE]; + let mut out3 = [0u8; shake256::BLOCK_SIZE]; + x2::incremental::shake256_squeeze_first_block(&mut self.state[0], &mut out0, &mut out1); + x2::incremental::shake256_squeeze_first_block(&mut self.state[1], &mut out2, &mut out3); - Self { state } + (out0, out1, out2, out3) } - fn squeeze_first_block(&mut self) -> [u8; shake256::BLOCK_SIZE] { - let mut out = [0u8; shake256::BLOCK_SIZE]; - incremental::shake256_squeeze_first_block(&mut self.state, &mut out); - out + fn squeeze_next_block( + &mut self, + ) -> ( + [u8; shake256::BLOCK_SIZE], + [u8; shake256::BLOCK_SIZE], + [u8; shake256::BLOCK_SIZE], + [u8; shake256::BLOCK_SIZE], + ) { + let mut out0 = [0u8; shake256::BLOCK_SIZE]; + let mut out1 = [0u8; shake256::BLOCK_SIZE]; + let mut out2 = [0u8; shake256::BLOCK_SIZE]; + let mut out3 = [0u8; shake256::BLOCK_SIZE]; + x2::incremental::shake256_squeeze_next_block(&mut self.state[0], &mut out0, &mut out1); + x2::incremental::shake256_squeeze_next_block(&mut self.state[1], &mut out2, &mut out3); + + (out0, out1, out2, out3) } - fn squeeze_next_block(&mut self) -> [u8; shake256::BLOCK_SIZE] { - let mut out = [0u8; shake256::BLOCK_SIZE]; - incremental::shake256_squeeze_next_block(&mut self.state, &mut out); - out + fn shake256( + input0: &[u8], + input1: &[u8], + input2: &[u8], + input3: &[u8], + out0: &mut [u8; OUT_LEN], + out1: &mut [u8; OUT_LEN], + out2: &mut [u8; OUT_LEN], + out3: &mut [u8; OUT_LEN], + ) { + x2::shake256(input0, input1, out0, out1); + x2::shake256(input2, input3, out2, out3); } } } diff --git a/libcrux-ml-dsa/src/ml_dsa_44.rs b/libcrux-ml-dsa/src/ml_dsa_44.rs index b2b1338c0..b03a1d6b2 100644 --- a/libcrux-ml-dsa/src/ml_dsa_44.rs +++ b/libcrux-ml-dsa/src/ml_dsa_44.rs @@ -60,105 +60,110 @@ pub type MLDSA44VerificationKey = MLDSAVerificationKey; pub type MLDSA44KeyPair = MLDSAKeyPair; pub type MLDSA44Signature = MLDSASignature; -// TODO: Multiplex more intelligently. -#[cfg(feature = "simd256")] -type SIMDUnit = crate::simd::avx2::AVX2SIMDUnit; -#[cfg(not(feature = "simd256"))] -type SIMDUnit = crate::simd::portable::PortableSIMDUnit; - -// For regular shake128 we only use portable. -type Shake128 = crate::hash_functions::portable::Shake128; - -#[cfg(feature = "simd256")] -type Shake128X4 = crate::hash_functions::simd256::Shake128; -#[cfg(not(feature = "simd256"))] -type Shake128X4 = crate::hash_functions::portable::Shake128X4; - -#[cfg(feature = "simd256")] -type Shake256X4 = crate::hash_functions::simd256::Shake256X4; -#[cfg(not(feature = "simd256"))] -type Shake256X4 = crate::hash_functions::portable::Shake256X4; - -// TODO: This is all portable for now. -#[cfg(feature = "simd256")] -type Shake256 = crate::hash_functions::portable::Shake256; -#[cfg(not(feature = "simd256"))] -type Shake256 = crate::hash_functions::portable::Shake256; - -/// Generate an ML-DSA-44 Key Pair -pub fn generate_key_pair(randomness: [u8; 32]) -> MLDSA44KeyPair { - let (signing_key, verification_key) = ml_dsa_generic::generate_key_pair::< - SIMDUnit, // TODO: Multiplex this based on platform detection. - Shake128, - Shake128X4, - Shake256, - Shake256X4, - ROWS_IN_A, - COLUMNS_IN_A, - ETA, - ERROR_RING_ELEMENT_SIZE, - SIGNING_KEY_SIZE, - VERIFICATION_KEY_SIZE, - >(randomness); - - MLDSA44KeyPair { - signing_key: MLDSASigningKey(signing_key), - verification_key: MLDSAVerificationKey(verification_key), - } +// // TODO: Multiplex more intelligently. +// #[cfg(feature = "simd256")] +// type SIMDUnit = crate::simd::avx2::AVX2SIMDUnit; +// #[cfg(not(feature = "simd256"))] +// type SIMDUnit = crate::simd::portable::PortableSIMDUnit; + +// // For regular shake128 we only use portable. +// type Shake128 = crate::hash_functions::portable::Shake128; + +// #[cfg(feature = "simd256")] +// type Shake128X4 = crate::hash_functions::simd256::Shake128; +// #[cfg(not(feature = "simd256"))] +// type Shake128X4 = crate::hash_functions::portable::Shake128X4; + +// #[cfg(feature = "simd256")] +// type Shake256X4 = crate::hash_functions::simd256::Shake256X4; +// #[cfg(not(feature = "simd256"))] +// type Shake256X4 = crate::hash_functions::portable::Shake256X4; + +// // TODO: This is all portable for now. +// #[cfg(feature = "simd256")] +// type Shake256 = crate::hash_functions::portable::Shake256; +// #[cfg(not(feature = "simd256"))] +// type Shake256 = crate::hash_functions::portable::Shake256; + +// Instantiate the different functions. +macro_rules! instantiate { + ($modp:ident, $p:path, $doc:expr) => { + #[doc = $doc] + pub mod $modp { + use super::*; + use $p as p; + + /// Generate an ML-DSA-44 Key Pair + pub fn generate_key_pair(randomness: [u8; 32]) -> MLDSA44KeyPair { + let (signing_key, verification_key) = p::generate_key_pair::< + ROWS_IN_A, + COLUMNS_IN_A, + ETA, + ERROR_RING_ELEMENT_SIZE, + SIGNING_KEY_SIZE, + VERIFICATION_KEY_SIZE, + >(randomness); + + MLDSA44KeyPair { + signing_key: MLDSASigningKey(signing_key), + verification_key: MLDSAVerificationKey(verification_key), + } + } + + /// Generate an ML-DSA-44 Signature + pub fn sign( + signing_key: &MLDSA44SigningKey, + message: &[u8], + randomness: [u8; SIGNING_RANDOMNESS_SIZE], + ) -> MLDSA44Signature { + p::sign::< + ROWS_IN_A, + COLUMNS_IN_A, + ETA, + ERROR_RING_ELEMENT_SIZE, + GAMMA1_EXPONENT, + GAMMA2, + COMMITMENT_RING_ELEMENT_SIZE, + COMMITMENT_VECTOR_SIZE, + COMMITMENT_HASH_SIZE, + ONES_IN_VERIFIER_CHALLENGE, + MAX_ONES_IN_HINT, + GAMMA1_RING_ELEMENT_SIZE, + SIGNING_KEY_SIZE, + SIGNATURE_SIZE, + >(&signing_key.0, message, randomness) + } + + /// Verify an ML-DSA-44 Signature + pub fn verify( + verification_key: &MLDSA44VerificationKey, + message: &[u8], + signature: &MLDSA44Signature, + ) -> Result<(), VerificationError> { + p::verify::< + ROWS_IN_A, + COLUMNS_IN_A, + SIGNATURE_SIZE, + VERIFICATION_KEY_SIZE, + GAMMA1_EXPONENT, + GAMMA1_RING_ELEMENT_SIZE, + GAMMA2, + BETA, + COMMITMENT_RING_ELEMENT_SIZE, + COMMITMENT_VECTOR_SIZE, + COMMITMENT_HASH_SIZE, + ONES_IN_VERIFIER_CHALLENGE, + MAX_ONES_IN_HINT, + >(&verification_key.0, message, &signature.0) + } + } + }; } -/// Generate an ML-DSA-44 Signature -pub fn sign( - signing_key: &MLDSA44SigningKey, - message: &[u8], - randomness: [u8; SIGNING_RANDOMNESS_SIZE], -) -> MLDSA44Signature { - ml_dsa_generic::sign::< - SIMDUnit, // TODO: Multiplex this based on platform detection. - Shake128, - Shake128X4, - Shake256, - Shake256X4, - ROWS_IN_A, - COLUMNS_IN_A, - ETA, - ERROR_RING_ELEMENT_SIZE, - GAMMA1_EXPONENT, - GAMMA2, - COMMITMENT_RING_ELEMENT_SIZE, - COMMITMENT_VECTOR_SIZE, - COMMITMENT_HASH_SIZE, - ONES_IN_VERIFIER_CHALLENGE, - MAX_ONES_IN_HINT, - GAMMA1_RING_ELEMENT_SIZE, - SIGNING_KEY_SIZE, - SIGNATURE_SIZE, - >(&signing_key.0, message, randomness) -} +// Instantiations -/// Verify an ML-DSA-44 Signature -pub fn verify( - verification_key: &MLDSA44VerificationKey, - message: &[u8], - signature: &MLDSA44Signature, -) -> Result<(), VerificationError> { - ml_dsa_generic::verify::< - SIMDUnit, // TODO: Multiplex this based on platform detection. - Shake128, - Shake128X4, - Shake256, - ROWS_IN_A, - COLUMNS_IN_A, - SIGNATURE_SIZE, - VERIFICATION_KEY_SIZE, - GAMMA1_EXPONENT, - GAMMA1_RING_ELEMENT_SIZE, - GAMMA2, - BETA, - COMMITMENT_RING_ELEMENT_SIZE, - COMMITMENT_VECTOR_SIZE, - COMMITMENT_HASH_SIZE, - ONES_IN_VERIFIER_CHALLENGE, - MAX_ONES_IN_HINT, - >(&verification_key.0, message, &signature.0) -} +instantiate! {portable, ml_dsa_generic::instantiations::portable, "Portable ML-DSA 44"} +#[cfg(feature = "simd256")] +instantiate! {avx2, ml_dsa_generic::instantiations::avx2, "AVX2 Optimised ML-DSA 44"} +#[cfg(feature = "simd128")] +instantiate! {neon, ml_dsa_generic::instantiations::neon, "Neon Optimised ML-DSA 44"} diff --git a/libcrux-ml-dsa/src/ml_dsa_65.rs b/libcrux-ml-dsa/src/ml_dsa_65.rs index 285b89d0d..4adc222eb 100644 --- a/libcrux-ml-dsa/src/ml_dsa_65.rs +++ b/libcrux-ml-dsa/src/ml_dsa_65.rs @@ -68,9 +68,6 @@ type SIMDUnit = crate::simd::avx2::AVX2SIMDUnit; #[cfg(not(feature = "simd256"))] type SIMDUnit = crate::simd::portable::PortableSIMDUnit; -// For regular shake128 we only use portable. -type Shake128 = crate::hash_functions::portable::Shake128; - #[cfg(feature = "simd256")] type Shake128X4 = crate::hash_functions::simd256::Shake128; #[cfg(not(feature = "simd256"))] @@ -91,7 +88,6 @@ type Shake256 = crate::hash_functions::portable::Shake256; pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_RANDOMNESS_SIZE]) -> MLDSA65KeyPair { let (signing_key, verification_key) = crate::ml_dsa_generic::generate_key_pair::< SIMDUnit, - Shake128, Shake128X4, Shake256, Shake256X4, @@ -117,7 +113,6 @@ pub fn sign( ) -> MLDSA65Signature { crate::ml_dsa_generic::sign::< SIMDUnit, - Shake128, Shake128X4, Shake256, Shake256X4, @@ -146,7 +141,6 @@ pub fn verify( ) -> Result<(), VerificationError> { crate::ml_dsa_generic::verify::< SIMDUnit, - Shake128, Shake128X4, Shake256, ROWS_IN_A, diff --git a/libcrux-ml-dsa/src/ml_dsa_87.rs b/libcrux-ml-dsa/src/ml_dsa_87.rs index 47840d027..0d9dcdc24 100644 --- a/libcrux-ml-dsa/src/ml_dsa_87.rs +++ b/libcrux-ml-dsa/src/ml_dsa_87.rs @@ -71,9 +71,6 @@ type SIMDUnit = crate::simd::avx2::AVX2SIMDUnit; #[cfg(not(feature = "simd256"))] type SIMDUnit = crate::simd::portable::PortableSIMDUnit; -// For regular shake128 we only use portable. -type Shake128 = crate::hash_functions::portable::Shake128; - #[cfg(feature = "simd256")] type Shake128X4 = crate::hash_functions::simd256::Shake128; #[cfg(not(feature = "simd256"))] @@ -94,7 +91,6 @@ type Shake256 = crate::hash_functions::portable::Shake256; pub fn generate_key_pair(randomness: [u8; 32]) -> MLDSA87KeyPair { let (signing_key, verification_key) = crate::ml_dsa_generic::generate_key_pair::< SIMDUnit, - Shake128, Shake128X4, Shake256, Shake256X4, @@ -120,7 +116,6 @@ pub fn sign( ) -> MLDSA87Signature { crate::ml_dsa_generic::sign::< SIMDUnit, - Shake128, Shake128X4, Shake256, Shake256X4, @@ -149,7 +144,6 @@ pub fn verify( ) -> Result<(), VerificationError> { crate::ml_dsa_generic::verify::< SIMDUnit, - Shake128, Shake128X4, Shake256, ROWS_IN_A, diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs index 7f90a1b3b..9bd57176a 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs @@ -20,6 +20,8 @@ use crate::{ MLDSASignature, }; +pub(crate) mod instantiations; + pub(crate) struct Signature< SIMDUnit: Operations, const COMMITMENT_HASH_SIZE: usize, @@ -31,10 +33,8 @@ pub(crate) struct Signature< pub hint: [[i32; COEFFICIENTS_IN_RING_ELEMENT]; ROWS_IN_A], } -#[allow(non_snake_case)] pub(crate) fn generate_key_pair< SIMDUnit: Operations, - Shake128: shake128::Xof, Shake128X4: shake128::XofX4, Shake256: shake256::Xof, Shake256X4: shake256::XofX4, @@ -51,19 +51,19 @@ pub(crate) fn generate_key_pair< let mut seed_expanded = [0; 128]; Shake256::shake256::<128>(&randomness, &mut seed_expanded); - let (seed_for_A, seed_expanded) = seed_expanded.split_at(SEED_FOR_A_SIZE); + let (seed_for_a, seed_expanded) = seed_expanded.split_at(SEED_FOR_A_SIZE); let (seed_for_error_vectors, seed_for_signing) = seed_expanded.split_at(SEED_FOR_ERROR_VECTORS_SIZE); - let A_as_ntt = samplex4::matrix_A::( - into_padded_array(seed_for_A), + let a_as_ntt = samplex4::matrix_A::( + into_padded_array(seed_for_a), ); let (s1, s2) = samplex4::sample_s1_and_s2::( into_padded_array(seed_for_error_vectors), ); - let t = compute_As1_plus_s2::(&A_as_ntt, &s1, &s2); + let t = compute_As1_plus_s2::(&a_as_ntt, &s1, &s2); let (t0, t1) = power2round_vector::(t); @@ -71,7 +71,7 @@ pub(crate) fn generate_key_pair< SIMDUnit, ROWS_IN_A, VERIFICATION_KEY_SIZE, - >(seed_for_A, t1); + >(seed_for_a, t1); let signing_key_serialized = encoding::signing_key::generate_serialized::< SIMDUnit, @@ -82,7 +82,7 @@ pub(crate) fn generate_key_pair< ERROR_RING_ELEMENT_SIZE, SIGNING_KEY_SIZE, >( - seed_for_A, + seed_for_a, seed_for_signing, &verification_key_serialized, s1, @@ -103,7 +103,6 @@ pub enum VerificationError { #[allow(non_snake_case)] pub(crate) fn sign< SIMDUnit: Operations, - Shake128: shake128::Xof, Shake128X4: shake128::XofX4, Shake256: shake256::Xof, Shake256X4: shake256::XofX4, @@ -276,7 +275,6 @@ pub(crate) fn sign< #[allow(non_snake_case)] pub(crate) fn verify< SIMDUnit: Operations, - Shake128: shake128::Xof, Shake128X4: shake128::XofX4, Shake256: shake256::Xof, const ROWS_IN_A: usize, diff --git a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs new file mode 100644 index 000000000..293e6d406 --- /dev/null +++ b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs @@ -0,0 +1,141 @@ +macro_rules! instantiate { + ($modp:ident, $simdunit:path, $shake128x4:path, $shake256:path, $shake256x4:path) => { + pub mod $modp { + use crate::{constants::*, ml_dsa_generic::VerificationError, types::*}; + + /// Generate key pair. + pub(crate) fn generate_key_pair< + const ROWS_IN_A: usize, + const COLUMNS_IN_A: usize, + const ETA: usize, + const ERROR_RING_ELEMENT_SIZE: usize, + const SIGNING_KEY_SIZE: usize, + const VERIFICATION_KEY_SIZE: usize, + >( + randomness: [u8; KEY_GENERATION_RANDOMNESS_SIZE], + ) -> ([u8; SIGNING_KEY_SIZE], [u8; VERIFICATION_KEY_SIZE]) { + crate::ml_dsa_generic::generate_key_pair::< + $simdunit, + $shake128x4, + $shake256, + $shake256x4, + ROWS_IN_A, + COLUMNS_IN_A, + ETA, + ERROR_RING_ELEMENT_SIZE, + SIGNING_KEY_SIZE, + VERIFICATION_KEY_SIZE, + >(randomness) + } + + /// Sign. + pub(crate) fn sign< + const ROWS_IN_A: usize, + const COLUMNS_IN_A: usize, + const ETA: usize, + const ERROR_RING_ELEMENT_SIZE: usize, + const GAMMA1_EXPONENT: usize, + const GAMMA2: i32, + const COMMITMENT_RING_ELEMENT_SIZE: usize, + const COMMITMENT_VECTOR_SIZE: usize, + const COMMITMENT_HASH_SIZE: usize, + const ONES_IN_VERIFIER_CHALLENGE: usize, + const MAX_ONES_IN_HINT: usize, + const GAMMA1_RING_ELEMENT_SIZE: usize, + const SIGNING_KEY_SIZE: usize, + const SIGNATURE_SIZE: usize, + >( + signing_key: &[u8; SIGNING_KEY_SIZE], + message: &[u8], + randomness: [u8; SIGNING_RANDOMNESS_SIZE], + ) -> MLDSASignature { + crate::ml_dsa_generic::sign::< + $simdunit, + $shake128x4, + $shake256, + $shake256x4, + ROWS_IN_A, + COLUMNS_IN_A, + ETA, + ERROR_RING_ELEMENT_SIZE, + GAMMA1_EXPONENT, + GAMMA2, + COMMITMENT_RING_ELEMENT_SIZE, + COMMITMENT_VECTOR_SIZE, + COMMITMENT_HASH_SIZE, + ONES_IN_VERIFIER_CHALLENGE, + MAX_ONES_IN_HINT, + GAMMA1_RING_ELEMENT_SIZE, + SIGNING_KEY_SIZE, + SIGNATURE_SIZE, + >(&signing_key, message, randomness) + } + + /// Verify + pub(crate) fn verify< + const ROWS_IN_A: usize, + const COLUMNS_IN_A: usize, + const SIGNATURE_SIZE: usize, + const VERIFICATION_KEY_SIZE: usize, + const GAMMA1_EXPONENT: usize, + const GAMMA1_RING_ELEMENT_SIZE: usize, + const GAMMA2: i32, + const BETA: i32, + const COMMITMENT_RING_ELEMENT_SIZE: usize, + const COMMITMENT_VECTOR_SIZE: usize, + const COMMITMENT_HASH_SIZE: usize, + const ONES_IN_VERIFIER_CHALLENGE: usize, + const MAX_ONES_IN_HINT: usize, + >( + verification_key: &[u8; VERIFICATION_KEY_SIZE], + message: &[u8], + signature: &[u8; SIGNATURE_SIZE], + ) -> Result<(), VerificationError> { + crate::ml_dsa_generic::verify::< + $simdunit, + $shake128x4, + $shake256, + ROWS_IN_A, + COLUMNS_IN_A, + SIGNATURE_SIZE, + VERIFICATION_KEY_SIZE, + GAMMA1_EXPONENT, + GAMMA1_RING_ELEMENT_SIZE, + GAMMA2, + BETA, + COMMITMENT_RING_ELEMENT_SIZE, + COMMITMENT_VECTOR_SIZE, + COMMITMENT_HASH_SIZE, + ONES_IN_VERIFIER_CHALLENGE, + MAX_ONES_IN_HINT, + >(verification_key, message, signature) + } + } + }; +} + +// Portable generic implementations. +instantiate! {portable, + crate::simd::portable::PortableSIMDUnit, + crate::hash_functions::portable::Shake128X4, + crate::hash_functions::portable::Shake256, + crate::hash_functions::portable::Shake256X4 +} + +// AVX2 generic implementation. +#[cfg(feature = "simd256")] +instantiate! {avx2, + crate::simd::portable::PortableSIMDUnit, + crate::hash_functions::simd256::Shake128X4, + crate::hash_functions::simd256::Shake256, + crate::hash_functions::simd256::Shake256X4 +} + +// NEON generic implementation. +#[cfg(feature = "simd128")] +instantiate! {neon, + crate::simd::portable::PortableSIMDUnit, + crate::hash_functions::neon::Shake128x4, + crate::hash_functions::portable::Shake256, + crate::hash_functions::neon::Shake256x4 +} diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index e16ca46e4..4d55bd834 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -410,7 +410,7 @@ pub(crate) fn sample_mask_vector< seed[65] = (*domain_separator >> 8) as u8; *domain_separator += 1; - // TODO: We may want to do another 4. + // TODO: For 87 we may want to do another 4 and discard 1. mask[i] = sample_mask_ring_element::(seed); } diff --git a/libcrux-ml-dsa/tests/nistkats.rs b/libcrux-ml-dsa/tests/nistkats.rs index 98c605495..e8698133a 100644 --- a/libcrux-ml-dsa/tests/nistkats.rs +++ b/libcrux-ml-dsa/tests/nistkats.rs @@ -72,14 +72,36 @@ macro_rules! impl_nist_known_answer_tests { }; } +// 44 + +impl_nist_known_answer_tests!( + nist_known_answer_tests_44_portable, + 44, + libcrux_ml_dsa::ml_dsa_44::portable::generate_key_pair, + libcrux_ml_dsa::ml_dsa_44::portable::sign, + libcrux_ml_dsa::ml_dsa_44::portable::verify +); + +#[cfg(feature = "simd128")] impl_nist_known_answer_tests!( - nist_known_answer_tests_44, + nist_known_answer_tests_44_simd128, 44, - libcrux_ml_dsa::ml_dsa_44::generate_key_pair, - libcrux_ml_dsa::ml_dsa_44::sign, - libcrux_ml_dsa::ml_dsa_44::verify + libcrux_ml_dsa::ml_dsa_44::neon::generate_key_pair, + libcrux_ml_dsa::ml_dsa_44::neon::sign, + libcrux_ml_dsa::ml_dsa_44::neon::verify ); +#[cfg(feature = "simd256")] +impl_nist_known_answer_tests!( + nist_known_answer_tests_44_simd256, + 44, + libcrux_ml_dsa::ml_dsa_44::avx2::generate_key_pair, + libcrux_ml_dsa::ml_dsa_44::avx2::sign, + libcrux_ml_dsa::ml_dsa_44::avx2::verify +); + +// 65 + impl_nist_known_answer_tests!( nist_known_answer_tests_65, 65, @@ -88,6 +110,8 @@ impl_nist_known_answer_tests!( libcrux_ml_dsa::ml_dsa_65::verify ); +// 87 + impl_nist_known_answer_tests!( nist_known_answer_tests_87, 87, diff --git a/libcrux-ml-dsa/tests/self.rs b/libcrux-ml-dsa/tests/self.rs index 64ec5a795..86941fc34 100644 --- a/libcrux-ml-dsa/tests/self.rs +++ b/libcrux-ml-dsa/tests/self.rs @@ -87,32 +87,66 @@ macro_rules! impl_modified_signing_key_test { }; } +// 44 + impl_consistency_test!( - consistency_44, - ml_dsa_44::generate_key_pair, - ml_dsa_44::sign, - ml_dsa_44::verify + consistency_44_portable, + ml_dsa_44::portable::generate_key_pair, + ml_dsa_44::portable::sign, + ml_dsa_44::portable::verify +); + +impl_modified_signing_key_test!( + modified_signing_key_44_portable, + ml_dsa_44::portable::generate_key_pair, + ml_dsa_44::MLDSA44SigningKey::len(), + ml_dsa_44::portable::sign, + ml_dsa_44::portable::verify ); + +#[cfg(feature = "simd128")] impl_consistency_test!( - consistency_65, - ml_dsa_65::generate_key_pair, - ml_dsa_65::sign, - ml_dsa_65::verify + consistency_44_simd128, + ml_dsa_44::neon::generate_key_pair, + ml_dsa_44::neon::sign, + ml_dsa_44::neon::verify ); + +#[cfg(feature = "simd128")] +impl_modified_signing_key_test!( + modified_signing_key_44_simd128, + ml_dsa_44::neon::generate_key_pair, + ml_dsa_44::MLDSA44SigningKey::len(), + ml_dsa_44::neon::sign, + ml_dsa_44::neon::verify +); + +#[cfg(feature = "simd256")] impl_consistency_test!( - consistency_87, - ml_dsa_87::generate_key_pair, - ml_dsa_87::sign, - ml_dsa_87::verify + consistency_44_simd256, + ml_dsa_44::avx2::generate_key_pair, + ml_dsa_44::avx2::sign, + ml_dsa_44::avx2::verify ); +#[cfg(feature = "simd256")] impl_modified_signing_key_test!( - modified_signing_key_44, - ml_dsa_44::generate_key_pair, + modified_signing_key_44_simd256, + ml_dsa_44::avx2::generate_key_pair, ml_dsa_44::MLDSA44SigningKey::len(), - ml_dsa_44::sign, - ml_dsa_44::verify + ml_dsa_44::avx2::sign, + ml_dsa_44::avx2::verify ); + +// 65 + +impl_consistency_test!( + consistency_65, + ml_dsa_65::generate_key_pair, + ml_dsa_65::sign, + ml_dsa_65::verify +); + impl_modified_signing_key_test!( modified_signing_key_65, ml_dsa_65::generate_key_pair, @@ -120,6 +154,16 @@ impl_modified_signing_key_test!( ml_dsa_65::sign, ml_dsa_65::verify ); + +// 87 + +impl_consistency_test!( + consistency_87, + ml_dsa_87::generate_key_pair, + ml_dsa_87::sign, + ml_dsa_87::verify +); + impl_modified_signing_key_test!( modified_signing_key_87, ml_dsa_87::generate_key_pair, diff --git a/libcrux-ml-dsa/tests/wycheproof_sign.rs b/libcrux-ml-dsa/tests/wycheproof_sign.rs index dc83f6058..d6dbca9a5 100644 --- a/libcrux-ml-dsa/tests/wycheproof_sign.rs +++ b/libcrux-ml-dsa/tests/wycheproof_sign.rs @@ -66,6 +66,35 @@ macro_rules! wycheproof_sign_test { }; } -wycheproof_sign_test!(wycheproof_sign_44, 44, MLDSA44SigningKey, ml_dsa_44::sign); +// 44 + +wycheproof_sign_test!( + wycheproof_sign_44_portable, + 44, + MLDSA44SigningKey, + ml_dsa_44::portable::sign +); + +#[cfg(feature = "simd128")] +wycheproof_sign_test!( + wycheproof_sign_44_simd128, + 44, + MLDSA44SigningKey, + ml_dsa_44::neon::sign +); + +#[cfg(feature = "simd256")] +wycheproof_sign_test!( + wycheproof_sign_44_simd256, + 44, + MLDSA44SigningKey, + ml_dsa_44::avx2::sign +); + +// 65 + wycheproof_sign_test!(wycheproof_sign_65, 65, MLDSA65SigningKey, ml_dsa_65::sign); + +// 87 + wycheproof_sign_test!(wycheproof_sign_87, 87, MLDSA87SigningKey, ml_dsa_87::sign); diff --git a/libcrux-ml-dsa/tests/wycheproof_verify.rs b/libcrux-ml-dsa/tests/wycheproof_verify.rs index eb2a1e697..bedf62437 100644 --- a/libcrux-ml-dsa/tests/wycheproof_verify.rs +++ b/libcrux-ml-dsa/tests/wycheproof_verify.rs @@ -66,13 +66,36 @@ macro_rules! wycheproof_sign_test { }; } +// 44 + wycheproof_sign_test!( - wycheproof_sign_44, + wycheproof_sign_44_portable, 44, ml_dsa_44::MLDSA44VerificationKey, ml_dsa_44::MLDSA44Signature, - ml_dsa_44::verify + ml_dsa_44::portable::verify ); + +#[cfg(feature = "simd128")] +wycheproof_sign_test!( + wycheproof_sign_44_simd128, + 44, + ml_dsa_44::MLDSA44VerificationKey, + ml_dsa_44::MLDSA44Signature, + ml_dsa_44::neon::verify +); + +#[cfg(feature = "simd256")] +wycheproof_sign_test!( + wycheproof_sign_44_simd256, + 44, + ml_dsa_44::MLDSA44VerificationKey, + ml_dsa_44::MLDSA44Signature, + ml_dsa_44::avx2::verify +); + +// 65 + wycheproof_sign_test!( wycheproof_sign_65, 65, @@ -80,6 +103,9 @@ wycheproof_sign_test!( ml_dsa_65::MLDSA65Signature, ml_dsa_65::verify ); + +// 87 + wycheproof_sign_test!( wycheproof_sign_87, 87, diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs index 7c04849de..47ed5d6e7 100644 --- a/libcrux-ml-kem/src/hash_functions.rs +++ b/libcrux-ml-kem/src/hash_functions.rs @@ -467,8 +467,8 @@ pub(crate) mod neon { fn shake128_init_absorb(input: [[u8; 34]; K]) -> Simd128Hash { debug_assert!(K == 2 || K == 3 || K == 4); let mut state = [ - x2::incremental::shake128_init(), - x2::incremental::shake128_init(), + x2::incremental::init(), + x2::incremental::init(), ]; match K as u8 { 2 => { diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index e4f7e33bc..f1b4a50a9 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -578,6 +578,7 @@ pub mod neon { absorb_final, squeeze_first_three_blocks, squeeze_next_block, KeccakState as GenericState, }; + use crate::generic_keccak::{squeeze_first_block, squeeze_first_five_blocks}; /// The Keccak state for the incremental API. #[cfg(feature = "simd128")] @@ -597,7 +598,7 @@ pub mod neon { /// Initialise the `KeccakState2`. #[inline(always)] - pub fn shake128_init() -> KeccakState { + pub fn init() -> KeccakState { #[cfg(not(feature = "simd128"))] unimplemented!(); // XXX: These functions could alternatively implement the same with @@ -633,6 +634,26 @@ pub mod neon { ); } + /// Shake256 absorb `data0` and `data1` in the [`KeccakState`] `s`. + #[inline(always)] + #[allow(unused_variables)] + pub fn shake256_absorb_final(s: &mut KeccakState, data0: &[u8], data1: &[u8]) { + #[cfg(not(feature = "simd128"))] + unimplemented!(); + // XXX: These functions could alternatively implement the same with + // the portable implementation + // { + // let [mut s0, mut s1] = s; + // shake128_absorb_final(&mut s0, data0); + // shake128_absorb_final(&mut s1, data1); + // } + #[cfg(feature = "simd128")] + absorb_final::<2, crate::simd::arm64::uint64x2_t, 136, 0x1fu8>( + &mut s.state, + [data0, data1], + ); + } + /// Initialise the state and perform up to 4 absorbs at the same time, /// using two [`KeccakState2`]. /// @@ -641,7 +662,7 @@ pub mod neon { #[inline(always)] fn _shake128_absorb_finalxN(input: [[u8; 34]; N]) -> [KeccakState; 2] { debug_assert!(N == 2 || N == 3 || N == 4); - let mut state = [shake128_init(), shake128_init()]; + let mut state = [init(), init()]; match N { 2 => { @@ -686,6 +707,57 @@ pub mod neon { ) } + /// Squeeze five blocks + #[allow(unused_variables)] + #[inline(always)] + pub fn shake128_squeeze_first_five_blocks( + s: &mut KeccakState, + out0: &mut [u8], + out1: &mut [u8], + ) { + #[cfg(not(feature = "simd128"))] + unimplemented!(); + #[cfg(feature = "simd128")] + squeeze_first_five_blocks::<2, crate::simd::arm64::uint64x2_t, 168>( + &mut s.state, + [out0, out1], + ) + } + + /// Squeeze block + #[inline(always)] + #[allow(unused_variables)] // TODO: decide if we want to fall back here + pub fn shake256_squeeze_first_block( + s: &mut KeccakState, + out0: &mut [u8], + out1: &mut [u8], + ) { + #[cfg(not(feature = "simd128"))] + unimplemented!(); + #[cfg(feature = "simd128")] + squeeze_first_block::<2, crate::simd::arm64::uint64x2_t, 136>( + &mut s.state, + [out0, out1], + ); + } + + /// Squeeze next block + #[inline(always)] + #[allow(unused_variables)] // TODO: decide if we want to fall back here + pub fn shake256_squeeze_next_block( + s: &mut KeccakState, + out0: &mut [u8], + out1: &mut [u8], + ) { + #[cfg(not(feature = "simd128"))] + unimplemented!(); + #[cfg(feature = "simd128")] + squeeze_next_block::<2, crate::simd::arm64::uint64x2_t, 136>( + &mut s.state, + [out0, out1], + ); + } + /// Squeeze up to 3 x 4 (N) blocks in parallel, using two [`KeccakState2`]. /// Each block is of size `LEN`. /// @@ -936,6 +1008,7 @@ pub mod avx2 { absorb_final, squeeze_first_three_blocks, squeeze_next_block, KeccakState as GenericState, }; + #[cfg(feature = "simd256")] use crate::generic_keccak::{squeeze_first_block, squeeze_first_five_blocks}; #[cfg(feature = "simd256")] use libcrux_intrinsics::avx2::*; From dc056fd0ec57637666aa8c06b97e4ac7a3ac3b1c Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 22 Aug 2024 12:04:37 +0200 Subject: [PATCH 085/172] sign 44 example bench --- libcrux-ml-dsa/examples/sign_44.rs | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 libcrux-ml-dsa/examples/sign_44.rs diff --git a/libcrux-ml-dsa/examples/sign_44.rs b/libcrux-ml-dsa/examples/sign_44.rs new file mode 100644 index 000000000..640e4bf28 --- /dev/null +++ b/libcrux-ml-dsa/examples/sign_44.rs @@ -0,0 +1,21 @@ +use libcrux_ml_dsa::ml_dsa_44::*; +use rand::{rngs::OsRng, RngCore}; + +fn random_array() -> [u8; L] { + let mut rng = OsRng; + let mut seed = [0; L]; + rng.try_fill_bytes(&mut seed).unwrap(); + seed +} + +fn main() { + let key_generation_seed = random_array(); + let signing_randomness = random_array(); + let message = random_array::<1023>(); + + let keypair = neon::generate_key_pair(key_generation_seed); + + for _i in 0..100_000 { + let _ = neon::sign(&keypair.signing_key, &message, signing_randomness); + } +} From a39501ea1d43bf3f4b9bceef7a898518291e76a7 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 22 Aug 2024 12:25:15 +0200 Subject: [PATCH 086/172] ml-dsa multiplexing --- Cargo.lock | 1 + libcrux-ml-dsa/Cargo.toml | 1 + libcrux-ml-dsa/build.rs | 2 + libcrux-ml-dsa/src/ml_dsa_44.rs | 90 +++++++- libcrux-ml-dsa/src/ml_dsa_generic.rs | 2 + .../src/ml_dsa_generic/multiplexing.rs | 210 ++++++++++++++++++ libcrux-ml-dsa/tests/nistkats.rs | 8 + libcrux-ml-dsa/tests/self.rs | 15 ++ libcrux-ml-dsa/tests/wycheproof_sign.rs | 2 + libcrux-ml-dsa/tests/wycheproof_verify.rs | 8 + 10 files changed, 337 insertions(+), 2 deletions(-) create mode 100644 libcrux-ml-dsa/src/ml_dsa_generic/multiplexing.rs diff --git a/Cargo.lock b/Cargo.lock index d05b611e1..52cd89a11 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1028,6 +1028,7 @@ dependencies = [ "criterion", "hex", "libcrux-intrinsics", + "libcrux-platform", "libcrux-sha3", "pqcrypto-dilithium", "rand", diff --git a/libcrux-ml-dsa/Cargo.toml b/libcrux-ml-dsa/Cargo.toml index 47a96054a..483d02c82 100644 --- a/libcrux-ml-dsa/Cargo.toml +++ b/libcrux-ml-dsa/Cargo.toml @@ -15,6 +15,7 @@ publish = false [dependencies] libcrux-sha3 = { version = "0.0.2-alpha.3", path = "../libcrux-sha3" } libcrux-intrinsics = { version = "0.0.2-alpha.3", path = "../libcrux-intrinsics" } +libcrux-platform = { version = "0.0.2-alpha.3", path = "../sys/platform" } [dev-dependencies] rand = { version = "0.8" } diff --git a/libcrux-ml-dsa/build.rs b/libcrux-ml-dsa/build.rs index 91a6fae70..8d01428b3 100644 --- a/libcrux-ml-dsa/build.rs +++ b/libcrux-ml-dsa/build.rs @@ -24,6 +24,8 @@ fn main() { // We don't enable this on x86 because it seems to generate invalid code. println!("cargo:rustc-cfg=feature=\"simd256\""); } + + println!("cargo::rustc-check-cfg=cfg(eurydice)"); } fn read_env(key: &str) -> bool { diff --git a/libcrux-ml-dsa/src/ml_dsa_44.rs b/libcrux-ml-dsa/src/ml_dsa_44.rs index b03a1d6b2..b16eef196 100644 --- a/libcrux-ml-dsa/src/ml_dsa_44.rs +++ b/libcrux-ml-dsa/src/ml_dsa_44.rs @@ -1,4 +1,9 @@ -use crate::{constants::*, ml_dsa_generic, types::*, VerificationError}; +use crate::{ + constants::*, + ml_dsa_generic::{self, multiplexing}, + types::*, + VerificationError, +}; // ML-DSA-44-specific parameters @@ -94,7 +99,9 @@ macro_rules! instantiate { use $p as p; /// Generate an ML-DSA-44 Key Pair - pub fn generate_key_pair(randomness: [u8; 32]) -> MLDSA44KeyPair { + pub fn generate_key_pair( + randomness: [u8; KEY_GENERATION_RANDOMNESS_SIZE], + ) -> MLDSA44KeyPair { let (signing_key, verification_key) = p::generate_key_pair::< ROWS_IN_A, COLUMNS_IN_A, @@ -167,3 +174,82 @@ instantiate! {portable, ml_dsa_generic::instantiations::portable, "Portable ML-D instantiate! {avx2, ml_dsa_generic::instantiations::avx2, "AVX2 Optimised ML-DSA 44"} #[cfg(feature = "simd128")] instantiate! {neon, ml_dsa_generic::instantiations::neon, "Neon Optimised ML-DSA 44"} + +/// Generate an ML-DSA 44 Key Pair +/// +/// Generate an ML-DSA key pair. The input is a byte array of size +/// [`KEY_GENERATION_RANDOMNESS_SIZE`]. +/// +/// This function returns an [`MLDSA44KeyPair`]. +#[cfg(not(eurydice))] +pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_RANDOMNESS_SIZE]) -> MLDSA44KeyPair { + let (signing_key, verification_key) = multiplexing::generate_key_pair::< + ROWS_IN_A, + COLUMNS_IN_A, + ETA, + ERROR_RING_ELEMENT_SIZE, + SIGNING_KEY_SIZE, + VERIFICATION_KEY_SIZE, + >(randomness); + + MLDSA44KeyPair { + signing_key: MLDSASigningKey(signing_key), + verification_key: MLDSAVerificationKey(verification_key), + } +} + +/// Sign with ML-DSA 44 +/// +/// Sign a `message` with the ML-DSA `signing_key`. +/// +/// This function returns an [`MLDSA44Signature`]. +#[cfg(not(eurydice))] +pub fn sign( + signing_key: &MLDSA44SigningKey, + message: &[u8], + randomness: [u8; SIGNING_RANDOMNESS_SIZE], +) -> MLDSA44Signature { + multiplexing::sign::< + ROWS_IN_A, + COLUMNS_IN_A, + ETA, + ERROR_RING_ELEMENT_SIZE, + GAMMA1_EXPONENT, + GAMMA2, + COMMITMENT_RING_ELEMENT_SIZE, + COMMITMENT_VECTOR_SIZE, + COMMITMENT_HASH_SIZE, + ONES_IN_VERIFIER_CHALLENGE, + MAX_ONES_IN_HINT, + GAMMA1_RING_ELEMENT_SIZE, + SIGNING_KEY_SIZE, + SIGNATURE_SIZE, + >(&signing_key.0, message, randomness) +} + +/// Verify an ML-DSA-44 Signature +/// +/// Returns `Ok` when the `signature` is valid for the `message` and +/// `verification_key`, and a [`VerificationError`] otherwise. +#[cfg(not(eurydice))] +pub fn verify( + verification_key: &MLDSA44VerificationKey, + message: &[u8], + signature: &MLDSA44Signature, +) -> Result<(), VerificationError> { + multiplexing::verify::< + ROWS_IN_A, + COLUMNS_IN_A, + SIGNATURE_SIZE, + VERIFICATION_KEY_SIZE, + GAMMA1_EXPONENT, + GAMMA1_RING_ELEMENT_SIZE, + GAMMA2, + BETA, + COMMITMENT_RING_ELEMENT_SIZE, + COMMITMENT_VECTOR_SIZE, + COMMITMENT_HASH_SIZE, + ONES_IN_VERIFIER_CHALLENGE, + MAX_ONES_IN_HINT, + >(&verification_key.0, message, &signature.0) +} diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs index 9bd57176a..ce6e0a757 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs @@ -21,6 +21,7 @@ use crate::{ }; pub(crate) mod instantiations; +pub(crate) mod multiplexing; pub(crate) struct Signature< SIMDUnit: Operations, @@ -33,6 +34,7 @@ pub(crate) struct Signature< pub hint: [[i32; COEFFICIENTS_IN_RING_ELEMENT]; ROWS_IN_A], } +/// Generate a key pair. pub(crate) fn generate_key_pair< SIMDUnit: Operations, Shake128X4: shake128::XofX4, diff --git a/libcrux-ml-dsa/src/ml_dsa_generic/multiplexing.rs b/libcrux-ml-dsa/src/ml_dsa_generic/multiplexing.rs new file mode 100644 index 000000000..45519e97c --- /dev/null +++ b/libcrux-ml-dsa/src/ml_dsa_generic/multiplexing.rs @@ -0,0 +1,210 @@ +use super::*; +use libcrux_platform; + +// For the case where we didn't compile with the simd128/simd256 features but +// have a CPU that has it and thus tries to call the simd128/simd256 version, +// we fall back to the portable version in this case. + +#[cfg(feature = "simd256")] +use instantiations::avx2::{ + generate_key_pair as generate_key_pair_avx2, sign as sign_avx2, verify as verify_avx2, +}; + +#[cfg(feature = "simd128")] +use instantiations::neon::{ + generate_key_pair as generate_key_pair_neon, sign as sign_neon, verify as verify_neon, +}; + +#[cfg(not(feature = "simd256"))] +use instantiations::portable::{ + generate_key_pair as generate_key_pair_avx2, sign as sign_avx2, verify as verify_avx2, +}; + +#[cfg(not(feature = "simd128"))] +use instantiations::portable::{ + generate_key_pair as generate_key_pair_neon, sign as sign_neon, verify as verify_neon, +}; + +pub(crate) fn generate_key_pair< + const ROWS_IN_A: usize, + const COLUMNS_IN_A: usize, + const ETA: usize, + const ERROR_RING_ELEMENT_SIZE: usize, + const SIGNING_KEY_SIZE: usize, + const VERIFICATION_KEY_SIZE: usize, +>( + randomness: [u8; KEY_GENERATION_RANDOMNESS_SIZE], +) -> ([u8; SIGNING_KEY_SIZE], [u8; VERIFICATION_KEY_SIZE]) { + if libcrux_platform::simd256_support() { + generate_key_pair_avx2::< + ROWS_IN_A, + COLUMNS_IN_A, + ETA, + ERROR_RING_ELEMENT_SIZE, + SIGNING_KEY_SIZE, + VERIFICATION_KEY_SIZE, + >(randomness) + } else if libcrux_platform::simd128_support() { + generate_key_pair_neon::< + ROWS_IN_A, + COLUMNS_IN_A, + ETA, + ERROR_RING_ELEMENT_SIZE, + SIGNING_KEY_SIZE, + VERIFICATION_KEY_SIZE, + >(randomness) + } else { + instantiations::portable::generate_key_pair::< + ROWS_IN_A, + COLUMNS_IN_A, + ETA, + ERROR_RING_ELEMENT_SIZE, + SIGNING_KEY_SIZE, + VERIFICATION_KEY_SIZE, + >(randomness) + } +} + +pub(crate) fn sign< + const ROWS_IN_A: usize, + const COLUMNS_IN_A: usize, + const ETA: usize, + const ERROR_RING_ELEMENT_SIZE: usize, + const GAMMA1_EXPONENT: usize, + const GAMMA2: i32, + const COMMITMENT_RING_ELEMENT_SIZE: usize, + const COMMITMENT_VECTOR_SIZE: usize, + const COMMITMENT_HASH_SIZE: usize, + const ONES_IN_VERIFIER_CHALLENGE: usize, + const MAX_ONES_IN_HINT: usize, + const GAMMA1_RING_ELEMENT_SIZE: usize, + const SIGNING_KEY_SIZE: usize, + const SIGNATURE_SIZE: usize, +>( + signing_key: &[u8; SIGNING_KEY_SIZE], + message: &[u8], + randomness: [u8; SIGNING_RANDOMNESS_SIZE], +) -> MLDSASignature { + if libcrux_platform::simd256_support() { + sign_avx2::< + ROWS_IN_A, + COLUMNS_IN_A, + ETA, + ERROR_RING_ELEMENT_SIZE, + GAMMA1_EXPONENT, + GAMMA2, + COMMITMENT_RING_ELEMENT_SIZE, + COMMITMENT_VECTOR_SIZE, + COMMITMENT_HASH_SIZE, + ONES_IN_VERIFIER_CHALLENGE, + MAX_ONES_IN_HINT, + GAMMA1_RING_ELEMENT_SIZE, + SIGNING_KEY_SIZE, + SIGNATURE_SIZE, + >(signing_key, message, randomness) + } else if libcrux_platform::simd128_support() { + sign_neon::< + ROWS_IN_A, + COLUMNS_IN_A, + ETA, + ERROR_RING_ELEMENT_SIZE, + GAMMA1_EXPONENT, + GAMMA2, + COMMITMENT_RING_ELEMENT_SIZE, + COMMITMENT_VECTOR_SIZE, + COMMITMENT_HASH_SIZE, + ONES_IN_VERIFIER_CHALLENGE, + MAX_ONES_IN_HINT, + GAMMA1_RING_ELEMENT_SIZE, + SIGNING_KEY_SIZE, + SIGNATURE_SIZE, + >(signing_key, message, randomness) + } else { + instantiations::portable::sign::< + ROWS_IN_A, + COLUMNS_IN_A, + ETA, + ERROR_RING_ELEMENT_SIZE, + GAMMA1_EXPONENT, + GAMMA2, + COMMITMENT_RING_ELEMENT_SIZE, + COMMITMENT_VECTOR_SIZE, + COMMITMENT_HASH_SIZE, + ONES_IN_VERIFIER_CHALLENGE, + MAX_ONES_IN_HINT, + GAMMA1_RING_ELEMENT_SIZE, + SIGNING_KEY_SIZE, + SIGNATURE_SIZE, + >(signing_key, message, randomness) + } +} + +pub(crate) fn verify< + const ROWS_IN_A: usize, + const COLUMNS_IN_A: usize, + const SIGNATURE_SIZE: usize, + const VERIFICATION_KEY_SIZE: usize, + const GAMMA1_EXPONENT: usize, + const GAMMA1_RING_ELEMENT_SIZE: usize, + const GAMMA2: i32, + const BETA: i32, + const COMMITMENT_RING_ELEMENT_SIZE: usize, + const COMMITMENT_VECTOR_SIZE: usize, + const COMMITMENT_HASH_SIZE: usize, + const ONES_IN_VERIFIER_CHALLENGE: usize, + const MAX_ONES_IN_HINT: usize, +>( + verification_key_serialized: &[u8; VERIFICATION_KEY_SIZE], + message: &[u8], + signature_serialized: &[u8; SIGNATURE_SIZE], +) -> Result<(), VerificationError> { + if libcrux_platform::simd256_support() { + verify_avx2::< + ROWS_IN_A, + COLUMNS_IN_A, + SIGNATURE_SIZE, + VERIFICATION_KEY_SIZE, + GAMMA1_EXPONENT, + GAMMA1_RING_ELEMENT_SIZE, + GAMMA2, + BETA, + COMMITMENT_RING_ELEMENT_SIZE, + COMMITMENT_VECTOR_SIZE, + COMMITMENT_HASH_SIZE, + ONES_IN_VERIFIER_CHALLENGE, + MAX_ONES_IN_HINT, + >(verification_key_serialized, message, signature_serialized) + } else if libcrux_platform::simd128_support() { + verify_neon::< + ROWS_IN_A, + COLUMNS_IN_A, + SIGNATURE_SIZE, + VERIFICATION_KEY_SIZE, + GAMMA1_EXPONENT, + GAMMA1_RING_ELEMENT_SIZE, + GAMMA2, + BETA, + COMMITMENT_RING_ELEMENT_SIZE, + COMMITMENT_VECTOR_SIZE, + COMMITMENT_HASH_SIZE, + ONES_IN_VERIFIER_CHALLENGE, + MAX_ONES_IN_HINT, + >(verification_key_serialized, message, signature_serialized) + } else { + instantiations::portable::verify::< + ROWS_IN_A, + COLUMNS_IN_A, + SIGNATURE_SIZE, + VERIFICATION_KEY_SIZE, + GAMMA1_EXPONENT, + GAMMA1_RING_ELEMENT_SIZE, + GAMMA2, + BETA, + COMMITMENT_RING_ELEMENT_SIZE, + COMMITMENT_VECTOR_SIZE, + COMMITMENT_HASH_SIZE, + ONES_IN_VERIFIER_CHALLENGE, + MAX_ONES_IN_HINT, + >(verification_key_serialized, message, signature_serialized) + } +} diff --git a/libcrux-ml-dsa/tests/nistkats.rs b/libcrux-ml-dsa/tests/nistkats.rs index e8698133a..e37749835 100644 --- a/libcrux-ml-dsa/tests/nistkats.rs +++ b/libcrux-ml-dsa/tests/nistkats.rs @@ -74,6 +74,14 @@ macro_rules! impl_nist_known_answer_tests { // 44 +impl_nist_known_answer_tests!( + nist_known_answer_tests_44, + 44, + libcrux_ml_dsa::ml_dsa_44::generate_key_pair, + libcrux_ml_dsa::ml_dsa_44::sign, + libcrux_ml_dsa::ml_dsa_44::verify +); + impl_nist_known_answer_tests!( nist_known_answer_tests_44_portable, 44, diff --git a/libcrux-ml-dsa/tests/self.rs b/libcrux-ml-dsa/tests/self.rs index 86941fc34..8eea70f26 100644 --- a/libcrux-ml-dsa/tests/self.rs +++ b/libcrux-ml-dsa/tests/self.rs @@ -89,6 +89,21 @@ macro_rules! impl_modified_signing_key_test { // 44 +impl_consistency_test!( + consistency_44, + ml_dsa_44::generate_key_pair, + ml_dsa_44::sign, + ml_dsa_44::verify +); + +impl_modified_signing_key_test!( + modified_signing_key_44, + ml_dsa_44::generate_key_pair, + ml_dsa_44::MLDSA44SigningKey::len(), + ml_dsa_44::sign, + ml_dsa_44::verify +); + impl_consistency_test!( consistency_44_portable, ml_dsa_44::portable::generate_key_pair, diff --git a/libcrux-ml-dsa/tests/wycheproof_sign.rs b/libcrux-ml-dsa/tests/wycheproof_sign.rs index d6dbca9a5..53fdc78a0 100644 --- a/libcrux-ml-dsa/tests/wycheproof_sign.rs +++ b/libcrux-ml-dsa/tests/wycheproof_sign.rs @@ -68,6 +68,8 @@ macro_rules! wycheproof_sign_test { // 44 +wycheproof_sign_test!(wycheproof_sign_44, 44, MLDSA44SigningKey, ml_dsa_44::sign); + wycheproof_sign_test!( wycheproof_sign_44_portable, 44, diff --git a/libcrux-ml-dsa/tests/wycheproof_verify.rs b/libcrux-ml-dsa/tests/wycheproof_verify.rs index bedf62437..9c394a0c4 100644 --- a/libcrux-ml-dsa/tests/wycheproof_verify.rs +++ b/libcrux-ml-dsa/tests/wycheproof_verify.rs @@ -68,6 +68,14 @@ macro_rules! wycheproof_sign_test { // 44 +wycheproof_sign_test!( + wycheproof_sign_44, + 44, + ml_dsa_44::MLDSA44VerificationKey, + ml_dsa_44::MLDSA44Signature, + ml_dsa_44::verify +); + wycheproof_sign_test!( wycheproof_sign_44_portable, 44, From 61a77d541ce348eb735d31379641c4c33539a700 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 22 Aug 2024 12:04:48 +0000 Subject: [PATCH 087/172] fixup ml-dsa multiplexing for mldsa --- libcrux-ml-dsa/examples/sign_44.rs | 4 ++-- libcrux-ml-dsa/src/hash_functions.rs | 9 ++++----- libcrux-ml-dsa/src/ml_dsa_65.rs | 4 ++-- libcrux-ml-dsa/src/ml_dsa_87.rs | 4 ++-- libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs | 4 ++-- libcrux-ml-dsa/src/sample.rs | 4 ++-- libcrux-sha3/src/lib.rs | 5 ++--- 7 files changed, 16 insertions(+), 18 deletions(-) diff --git a/libcrux-ml-dsa/examples/sign_44.rs b/libcrux-ml-dsa/examples/sign_44.rs index 640e4bf28..850f14cfa 100644 --- a/libcrux-ml-dsa/examples/sign_44.rs +++ b/libcrux-ml-dsa/examples/sign_44.rs @@ -13,9 +13,9 @@ fn main() { let signing_randomness = random_array(); let message = random_array::<1023>(); - let keypair = neon::generate_key_pair(key_generation_seed); + let keypair = generate_key_pair(key_generation_seed); for _i in 0..100_000 { - let _ = neon::sign(&keypair.signing_key, &message, signing_randomness); + let _ = core::hint::black_box(sign(&keypair.signing_key, &message, signing_randomness)); } } diff --git a/libcrux-ml-dsa/src/hash_functions.rs b/libcrux-ml-dsa/src/hash_functions.rs index 98ef7dc6a..c44a24739 100644 --- a/libcrux-ml-dsa/src/hash_functions.rs +++ b/libcrux-ml-dsa/src/hash_functions.rs @@ -265,7 +265,6 @@ pub(crate) mod portable { } } -// #[cfg(feature = "simd256")] /// A SIMD256 implementation of [`shake128::XofX4`] and [`shake256::Xof`] for AVX2. pub(crate) mod simd256 { @@ -280,11 +279,11 @@ pub(crate) mod simd256 { /// /// This only implements the XofX4 API. For the single Xof, the portable /// version is used. - pub(crate) struct Shake128 { + pub(crate) struct Shake128x4 { state: KeccakState, } - impl shake128::XofX4 for Shake128 { + impl shake128::XofX4 for Shake128x4 { /// Init the state and absorb 4 blocks in parallel. fn init_absorb(input0: &[u8], input1: &[u8], input2: &[u8], input3: &[u8]) -> Self { let mut state = x4::incremental::init(); @@ -365,11 +364,11 @@ pub(crate) mod simd256 { } /// AVX2 SHAKE 256 x4 state. - pub(crate) struct Shake256X4 { + pub(crate) struct Shake256x4 { state: KeccakState, } - impl shake256::XofX4 for Shake256X4 { + impl shake256::XofX4 for Shake256x4 { fn init_absorb(input0: &[u8], input1: &[u8], input2: &[u8], input3: &[u8]) -> Self { let mut state = x4::incremental::init(); x4::incremental::shake256_absorb_final(&mut state, &input0, &input1, &input2, &input3); diff --git a/libcrux-ml-dsa/src/ml_dsa_65.rs b/libcrux-ml-dsa/src/ml_dsa_65.rs index 4adc222eb..e5e2de977 100644 --- a/libcrux-ml-dsa/src/ml_dsa_65.rs +++ b/libcrux-ml-dsa/src/ml_dsa_65.rs @@ -69,12 +69,12 @@ type SIMDUnit = crate::simd::avx2::AVX2SIMDUnit; type SIMDUnit = crate::simd::portable::PortableSIMDUnit; #[cfg(feature = "simd256")] -type Shake128X4 = crate::hash_functions::simd256::Shake128; +type Shake128X4 = crate::hash_functions::simd256::Shake128x4; #[cfg(not(feature = "simd256"))] type Shake128X4 = crate::hash_functions::portable::Shake128X4; #[cfg(feature = "simd256")] -type Shake256X4 = crate::hash_functions::simd256::Shake256X4; +type Shake256X4 = crate::hash_functions::simd256::Shake256x4; #[cfg(not(feature = "simd256"))] type Shake256X4 = crate::hash_functions::portable::Shake256X4; diff --git a/libcrux-ml-dsa/src/ml_dsa_87.rs b/libcrux-ml-dsa/src/ml_dsa_87.rs index 0d9dcdc24..409d6811b 100644 --- a/libcrux-ml-dsa/src/ml_dsa_87.rs +++ b/libcrux-ml-dsa/src/ml_dsa_87.rs @@ -72,12 +72,12 @@ type SIMDUnit = crate::simd::avx2::AVX2SIMDUnit; type SIMDUnit = crate::simd::portable::PortableSIMDUnit; #[cfg(feature = "simd256")] -type Shake128X4 = crate::hash_functions::simd256::Shake128; +type Shake128X4 = crate::hash_functions::simd256::Shake128x4; #[cfg(not(feature = "simd256"))] type Shake128X4 = crate::hash_functions::portable::Shake128X4; #[cfg(feature = "simd256")] -type Shake256X4 = crate::hash_functions::simd256::Shake256X4; +type Shake256X4 = crate::hash_functions::simd256::Shake256x4; #[cfg(not(feature = "simd256"))] type Shake256X4 = crate::hash_functions::portable::Shake256X4; diff --git a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs index 293e6d406..985c6e231 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs @@ -126,9 +126,9 @@ instantiate! {portable, #[cfg(feature = "simd256")] instantiate! {avx2, crate::simd::portable::PortableSIMDUnit, - crate::hash_functions::simd256::Shake128X4, + crate::hash_functions::simd256::Shake128x4, crate::hash_functions::simd256::Shake256, - crate::hash_functions::simd256::Shake256X4 + crate::hash_functions::simd256::Shake256x4 } // NEON generic implementation. diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index 4d55bd834..a2bfcb198 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -773,7 +773,7 @@ mod tests { fn test_sample_ring_element_uniform() { test_sample_ring_element_uniform_generic::< simd::avx2::AVX2SIMDUnit, - crate::hash_functions::simd256::Shake128, + crate::hash_functions::simd256::Shake128x4, >(); } @@ -781,7 +781,7 @@ mod tests { fn test_sample_error_ring_element() { test_sample_error_ring_element_generic::< simd::avx2::AVX2SIMDUnit, - hash_functions::simd256::Shake256X4, + hash_functions::simd256::Shake256x4, >(); } diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index f1b4a50a9..c1395155d 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -575,10 +575,9 @@ pub mod neon { pub mod incremental { #[cfg(feature = "simd128")] use crate::generic_keccak::{ - absorb_final, squeeze_first_three_blocks, squeeze_next_block, - KeccakState as GenericState, + absorb_final, squeeze_first_block, squeeze_first_five_blocks, + squeeze_first_three_blocks, squeeze_next_block, KeccakState as GenericState, }; - use crate::generic_keccak::{squeeze_first_block, squeeze_first_five_blocks}; /// The Keccak state for the incremental API. #[cfg(feature = "simd128")] From 79a8afc797d49f08d95789518f420097cae557d3 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Thu, 22 Aug 2024 18:26:31 +0200 Subject: [PATCH 088/172] prepare merge queues --- .github/workflows/c-bench.yml | 47 +++++++++ .github/workflows/c.yml | 53 ---------- .github/workflows/checks.yml | 1 + .github/workflows/ecdh.yml | 1 + .github/workflows/hax.yml | 1 + .github/workflows/kem.yml | 1 + .github/workflows/mldsa.yml | 1 + .github/workflows/mlkem-bench.yml | 103 ++++++++++++++++++ .github/workflows/mlkem.yml | 94 ----------------- .github/workflows/nix.yml | 1 + .github/workflows/platform.yml | 1 + .github/workflows/rust-bench.yml | 98 +++++++++++++++++ .github/workflows/rust.yml | 86 --------------- .github/workflows/skip-benches-in-prs.yml | 14 +++ .github/workflows/specs.yml | 1 + Cargo.lock | 122 +++++++++++++++++++--- Cargo.toml | 5 + libcrux-ml-kem/Cargo.toml | 3 + 18 files changed, 385 insertions(+), 248 deletions(-) create mode 100644 .github/workflows/c-bench.yml create mode 100644 .github/workflows/mlkem-bench.yml create mode 100644 .github/workflows/rust-bench.yml create mode 100644 .github/workflows/skip-benches-in-prs.yml diff --git a/.github/workflows/c-bench.yml b/.github/workflows/c-bench.yml new file mode 100644 index 000000000..a2628bf2e --- /dev/null +++ b/.github/workflows/c-bench.yml @@ -0,0 +1,47 @@ +name: Benchmark C + +on: + workflow_dispatch: + merge_group: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + benchmark: + strategy: + fail-fast: false + matrix: + os: + - macos-latest + - ubuntu-latest + - windows-latest + + runs-on: ${{ matrix.os }} + defaults: + run: + shell: bash + working-directory: libcrux-ml-kem/c + + steps: + - uses: actions/checkout@v4 + + - name: 🔨 Build Release + run: | + cmake -B build -DCMAKE_BUILD_TYPE=Release + cmake --build build --config Release + + # FIXME: Benchmarks on Windows CI are not working right now. + # - name: 🏃🏻‍♀️ Benchmark + # run: ./build/Release/ml_kem_bench + # if: ${{ matrix.os == 'windows-latest' }} + + - name: 🏃🏻‍♀️ Benchmark (c) + run: ./build/ml_kem_bench + if: ${{ matrix.os != 'windows-latest' && (github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch') }} + + - name: 🏃🏻‍♀️ Benchmark (cg) + working-directory: libcrux-ml-kem/cg + run: ./build/ml_kem_bench + if: ${{ matrix.os != 'windows-latest' && (github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch') }} diff --git a/.github/workflows/c.yml b/.github/workflows/c.yml index c734bf0de..285eac24a 100644 --- a/.github/workflows/c.yml +++ b/.github/workflows/c.yml @@ -14,7 +14,6 @@ concurrency: jobs: extract: - if: ${{ github.event_name != 'merge_group' }} runs-on: ubuntu-latest container: franziskus/libcrux-c:latest defaults: @@ -36,7 +35,6 @@ jobs: if-no-files-found: error extract-header-only: - if: ${{ github.event_name != 'merge_group' }} runs-on: ubuntu-latest container: franziskus/libcrux-c:latest defaults: @@ -59,7 +57,6 @@ jobs: diff: needs: [extract] - if: ${{ github.event_name != 'merge_group' }} runs-on: ubuntu-latest defaults: run: @@ -80,7 +77,6 @@ jobs: diff-header-only: needs: [extract-header-only] - if: ${{ github.event_name != 'merge_group' }} runs-on: ubuntu-latest defaults: run: @@ -101,7 +97,6 @@ jobs: build: needs: [extract] - if: ${{ github.event_name != 'merge_group' }} strategy: fail-fast: false matrix: @@ -141,7 +136,6 @@ jobs: build-header-only: needs: [extract-header-only] - if: ${{ github.event_name != 'merge_group' }} strategy: fail-fast: false matrix: @@ -174,50 +168,3 @@ jobs: - name: 🏃🏻‍♀️ Test run: ./build/ml_kem_test if: ${{ matrix.os != 'windows-latest' }} - - benchmark: - if: ${{ github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' }} - strategy: - fail-fast: false - matrix: - os: - - macos-latest - - ubuntu-latest - - windows-latest - - runs-on: ${{ matrix.os }} - defaults: - run: - shell: bash - working-directory: libcrux-ml-kem/c - - steps: - - uses: actions/checkout@v4 - - - name: 🔨 Build Release - run: | - cmake -B build -DCMAKE_BUILD_TYPE=Release - cmake --build build --config Release - - # FIXME: Benchmarks on Windows CI are not working right now. - # - name: 🏃🏻‍♀️ Benchmark - # run: ./build/Release/ml_kem_bench - # if: ${{ matrix.os == 'windows-latest' }} - - - name: 🏃🏻‍♀️ Benchmark (c) - run: ./build/ml_kem_bench - if: ${{ matrix.os != 'windows-latest' && (github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch') }} - - - name: 🏃🏻‍♀️ Benchmark (cg) - working-directory: libcrux-ml-kem/cg - run: ./build/ml_kem_bench - if: ${{ matrix.os != 'windows-latest' && (github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch') }} - - mq_status: - if: | - always() && - (github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group') - needs: [benchmark] - uses: cryspen/actions/.github/workflows/merge-queue-status.yml@jonas/merge-queue-status - with: - needs_json: "${{toJSON(needs)}}" diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 5fab6fabd..0438fb798 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -6,6 +6,7 @@ on: pull_request: branches: ["main", "dev"] workflow_dispatch: + merge_group: env: CARGO_TERM_COLOR: always diff --git a/.github/workflows/ecdh.yml b/.github/workflows/ecdh.yml index feee99cfa..438386e60 100644 --- a/.github/workflows/ecdh.yml +++ b/.github/workflows/ecdh.yml @@ -6,6 +6,7 @@ on: pull_request: branches: ["main", "dev", "*"] workflow_dispatch: + merge_group: env: CARGO_TERM_COLOR: always diff --git a/.github/workflows/hax.yml b/.github/workflows/hax.yml index bac3854d5..d324bff1c 100644 --- a/.github/workflows/hax.yml +++ b/.github/workflows/hax.yml @@ -11,6 +11,7 @@ on: - cron: "0 0 * * *" workflow_dispatch: + merge_group: env: CARGO_TERM_COLOR: always diff --git a/.github/workflows/kem.yml b/.github/workflows/kem.yml index ca3c7f23f..d4ada3cdf 100644 --- a/.github/workflows/kem.yml +++ b/.github/workflows/kem.yml @@ -6,6 +6,7 @@ on: pull_request: branches: ["main", "dev", "*"] workflow_dispatch: + merge_group: env: CARGO_TERM_COLOR: always diff --git a/.github/workflows/mldsa.yml b/.github/workflows/mldsa.yml index 8c46feafd..a05d1e6c3 100644 --- a/.github/workflows/mldsa.yml +++ b/.github/workflows/mldsa.yml @@ -6,6 +6,7 @@ on: pull_request: branches: ["main", "dev", "*"] workflow_dispatch: + merge_group: env: CARGO_TERM_COLOR: always diff --git a/.github/workflows/mlkem-bench.yml b/.github/workflows/mlkem-bench.yml new file mode 100644 index 000000000..b5c825c09 --- /dev/null +++ b/.github/workflows/mlkem-bench.yml @@ -0,0 +1,103 @@ +name: Benchmark ML-KEM + +on: + workflow_dispatch: + merge_group: + +env: + CARGO_TERM_COLOR: always + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + benchmark: + strategy: + fail-fast: true + matrix: + bits: [32, 64] + os: + - macos-13 + - macos-latest + - ubuntu-latest + - windows-latest + exclude: + # There's no such thing as 32-bit macOS + - bits: 32 + os: "macos-latest" + - bits: 32 + os: "macos-13" + + runs-on: ${{ matrix.os }} + defaults: + run: + shell: bash + working-directory: libcrux-ml-kem + + steps: + - uses: actions/checkout@v4 + + - name: Update dependencies + run: cargo update + + - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV + if: ${{ matrix.bits == 64 }} + + - name: 🛠️ Setup Ubuntu x86 + if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} + run: | + rustup target add i686-unknown-linux-gnu + sudo apt-get update + sudo apt-get install -y gcc-multilib g++-multilib + + - name: 🛠️ Setup Ubuntu x64 + if: ${{ matrix.bits == 64 && matrix.os == 'ubuntu-latest' }} + run: | + rustup target add aarch64-unknown-linux-gnu + + - name: 🛠️ Setup macOS + if: ${{ matrix.os == 'macos-latest' }} + run: | + rustup target add aarch64-apple-darwin + + # Set up 32 bit systems + + - name: 🛠️ Config Windows x86 + run: echo "RUST_TARGET_FLAG=--target=i686-pc-windows-msvc" > $GITHUB_ENV + if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} + + - name: 🛠️ Config Linux x86 + run: | + echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV + if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} + + # - name: 🔨 Build + # run: cargo build --benches + + # - name: ⬆ Upload build + # uses: ./.github/actions/upload_artifacts + # with: + # name: benchmarks_${{ matrix.os }}_${{ matrix.bits }} + + # Benchmarks ... + + - name: 🏃🏻‍♀️ Benchmarks + run: cargo bench --verbose $RUST_TARGET_FLAG -- --output-format bencher | tee bench.txt + + - name: 🏃🏻‍♀️ Benchmarks Portable + run: | + cargo clean + LIBCRUX_DISABLE_SIMD128=1 LIBCRUX_DISABLE_SIMD256=1 cargo bench --verbose $RUST_TARGET_FLAG -- --output-format bencher | sed 's/^test \(.*\) \.\.\. bench/test portable \1 ... bench/' | tee -a bench.txt + - name: Store benchmarks + uses: benchmark-action/github-action-benchmark@v1 + with: + name: ML-KEM Benchmark + tool: 'cargo' + output-file-path: libcrux-ml-kem/bench.txt + benchmark-data-dir-path: dev/bench/mlkem + github-token: ${{ secrets.GITHUB_TOKEN }} + auto-push: true + + + diff --git a/.github/workflows/mlkem.yml b/.github/workflows/mlkem.yml index 6e7c59209..575339c5d 100644 --- a/.github/workflows/mlkem.yml +++ b/.github/workflows/mlkem.yml @@ -17,7 +17,6 @@ concurrency: jobs: build: - if: ${{ github.event_name != 'merge_group' }} strategy: fail-fast: false matrix: @@ -174,96 +173,3 @@ jobs: run: | cargo clean cargo hack test --each-feature $EXCLUDE_FEATURES --verbose $RUST_TARGET_FLAG - - benchmarks: - if: ${{ github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' }} - strategy: - fail-fast: true - matrix: - bits: [32, 64] - os: - - macos-13 - - macos-latest - - ubuntu-latest - - windows-latest - exclude: - # There's no such thing as 32-bit macOS - - bits: 32 - os: "macos-latest" - - bits: 32 - os: "macos-13" - - runs-on: ${{ matrix.os }} - defaults: - run: - shell: bash - working-directory: libcrux-ml-kem - - steps: - - uses: actions/checkout@v4 - - - name: Update dependencies - run: cargo update - - - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV - if: ${{ matrix.bits == 64 }} - - - name: 🛠️ Setup Ubuntu x86 - if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} - run: | - rustup target add i686-unknown-linux-gnu - sudo apt-get update - sudo apt-get install -y gcc-multilib g++-multilib - - - name: 🛠️ Setup Ubuntu x64 - if: ${{ matrix.bits == 64 && matrix.os == 'ubuntu-latest' }} - run: | - rustup target add aarch64-unknown-linux-gnu - - - name: 🛠️ Setup macOS - if: ${{ matrix.os == 'macos-latest' }} - run: | - rustup target add aarch64-apple-darwin - - # Set up 32 bit systems - - - name: 🛠️ Config Windows x86 - run: echo "RUST_TARGET_FLAG=--target=i686-pc-windows-msvc" > $GITHUB_ENV - if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} - - - name: 🛠️ Config Linux x86 - run: | - echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV - if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} - - # - name: 🔨 Build - # run: cargo build --benches - - # - name: ⬆ Upload build - # uses: ./.github/actions/upload_artifacts - # with: - # name: benchmarks_${{ matrix.os }}_${{ matrix.bits }} - - # Benchmarks ... - - - name: 🏃🏻‍♀️ Benchmarks - run: cargo bench --verbose $RUST_TARGET_FLAG - - - name: 🏃🏻‍♀️ Benchmarks Portable - run: | - cargo clean - LIBCRUX_DISABLE_SIMD128=1 LIBCRUX_DISABLE_SIMD256=1 cargo bench --verbose $RUST_TARGET_FLAG - - mq_status: - if: | - always() && - github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group' - needs: [benchmarks] - runs-on: ubuntu-latest - steps: - - name: Successful - if: ${{ !(contains(needs.*.result, 'failure')) }} - run: exit 0 - - name: Failing - if: ${{ contains(needs.*.result, 'failure') }} - run: exit 1 diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index aa893300c..f852b95a3 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -4,6 +4,7 @@ on: push: branches: [main, dev] pull_request: + merge_group: jobs: nix: diff --git a/.github/workflows/platform.yml b/.github/workflows/platform.yml index 3415ee2f3..074dea37d 100644 --- a/.github/workflows/platform.yml +++ b/.github/workflows/platform.yml @@ -6,6 +6,7 @@ on: pull_request: branches: ["main", "dev", "*"] workflow_dispatch: + merge_group: env: CARGO_TERM_COLOR: always diff --git a/.github/workflows/rust-bench.yml b/.github/workflows/rust-bench.yml new file mode 100644 index 000000000..20644290d --- /dev/null +++ b/.github/workflows/rust-bench.yml @@ -0,0 +1,98 @@ +name: Benchmark + +on: + workflow_dispatch: + merge_group: + +env: + CARGO_TERM_COLOR: always + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + benchmark: + strategy: + fail-fast: true + matrix: + bits: [32, 64] + os: + - macos-latest + - ubuntu-latest + - windows-latest + exclude: + # There's no such thing as 32-bit macOS + - bits: 32 + os: "macos-latest" + # FIXME: Linking isn't working here yet for hacl #42 + - bits: 32 + os: "windows-latest" + + runs-on: ${{ matrix.os }} + defaults: + run: + shell: bash + + steps: + - uses: actions/checkout@v4 + + - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV + if: ${{ matrix.bits == 64 }} + + - name: ⚙️ Setup Ubuntu x86 + if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} + run: | + rustup target add i686-unknown-linux-gnu + sudo apt-get update + sudo apt-get install -y gcc-multilib g++-multilib + + - name: ⚙️ Setup Ubuntu x64 + if: ${{ matrix.bits == 64 && matrix.os == 'ubuntu-latest' }} + run: | + rustup target add aarch64-unknown-linux-gnu + + - name: ⚙️ Setup macOS + if: ${{ matrix.os == 'macos-latest' }} + run: | + rustup target add aarch64-apple-darwin + + # Set up 32 bit systems + + - name: 🛠️ Config Windows x86 + run: echo "RUST_TARGET_FLAG=--target=i686-pc-windows-msvc" > $GITHUB_ENV + if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} + + - name: 🛠️ Config Linux x86 + run: | + echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV + if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} + + # Set up windows + + - name: ⚙️ Setup Windows x86 + if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} + shell: pwsh + run: | + echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append + vcpkg install openssl:x86-windows-static-md + + - name: ⚙️ Setup Windows x64 + if: ${{ matrix.bits == 64 && matrix.os == 'windows-latest' }} + shell: pwsh + run: | + echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append + vcpkg install openssl:x64-windows-static-md + + # Benchmarks ... + + - name: 🏃🏻‍♀️ Benchmarks + run: cargo bench --verbose $RUST_TARGET_FLAG -p benchmarks -- --output-format bencher | tee bench.txt + - name: Store Benchmarks + uses: benchmark-action/github-action-benchmark@v1 + with: + name: ML-KEM Benchmark + tool: 'cargo' + output-file-path: bench.txt + github-token: ${{ secrets.GITHUB_TOKEN }} + auto-push: true diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 7b4324a5c..552809ccd 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -141,90 +141,4 @@ jobs: - name: 🏃🏻‍♀️ Test run: CC=emcc AR=emar wasm-pack test --node --features wasm - benchmarks: - if: ${{ github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' }} - strategy: - fail-fast: true - matrix: - bits: [32, 64] - os: - - macos-latest - - ubuntu-latest - - windows-latest - exclude: - # There's no such thing as 32-bit macOS - - bits: 32 - os: "macos-latest" - # FIXME: Linking isn't working here yet for hacl #42 - - bits: 32 - os: "windows-latest" - - runs-on: ${{ matrix.os }} - defaults: - run: - shell: bash - - steps: - - uses: actions/checkout@v4 - - - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV - if: ${{ matrix.bits == 64 }} - - - name: ⚙️ Setup Ubuntu x86 - if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} - run: | - rustup target add i686-unknown-linux-gnu - sudo apt-get update - sudo apt-get install -y gcc-multilib g++-multilib - - - name: ⚙️ Setup Ubuntu x64 - if: ${{ matrix.bits == 64 && matrix.os == 'ubuntu-latest' }} - run: | - rustup target add aarch64-unknown-linux-gnu - - - name: ⚙️ Setup macOS - if: ${{ matrix.os == 'macos-latest' }} - run: | - rustup target add aarch64-apple-darwin - - # Set up 32 bit systems - - - name: 🛠️ Config Windows x86 - run: echo "RUST_TARGET_FLAG=--target=i686-pc-windows-msvc" > $GITHUB_ENV - if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} - - - name: 🛠️ Config Linux x86 - run: | - echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV - if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} - - # Set up windows - - - name: ⚙️ Setup Windows x86 - if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} - shell: pwsh - run: | - echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append - vcpkg install openssl:x86-windows-static-md - - - name: ⚙️ Setup Windows x64 - if: ${{ matrix.bits == 64 && matrix.os == 'windows-latest' }} - shell: pwsh - run: | - echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append - vcpkg install openssl:x64-windows-static-md - - # Benchmarks ... - - - name: 🏃🏻‍♀️ Benchmarks - run: cargo bench --verbose $RUST_TARGET_FLAG -p benchmarks - - mq_status: - if: | - always() && - (github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group') - needs: [benchmarks] - uses: cryspen/actions/.github/workflows/merge-queue-status.yml@jonas/merge-queue-status - with: - needs_json: "${{toJSON(needs)}}" diff --git a/.github/workflows/skip-benches-in-prs.yml b/.github/workflows/skip-benches-in-prs.yml new file mode 100644 index 000000000..fd259b985 --- /dev/null +++ b/.github/workflows/skip-benches-in-prs.yml @@ -0,0 +1,14 @@ +name: Skip Benchmarks in PRs + +on: [ pull_request ] +jobs: + benchmark: + runs-on: ubuntu-latest + steps: + - run: true + benchmarks: + runs-on: ubuntu-latest + steps: + - run: true + + diff --git a/.github/workflows/specs.yml b/.github/workflows/specs.yml index 83a79e802..383d45cdf 100644 --- a/.github/workflows/specs.yml +++ b/.github/workflows/specs.yml @@ -5,6 +5,7 @@ on: branches: [ "main", "dev" ] pull_request: branches: [ "main", "dev" ] + merge_group: env: CARGO_TERM_COLOR: always diff --git a/Cargo.lock b/Cargo.lock index d05b611e1..bf75533ab 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -116,7 +116,7 @@ dependencies = [ "p256", "pqcrypto-kyber", "rand", - "rand_core", + "rand_core 0.6.4", "ring", "sha2", "sha3", @@ -444,7 +444,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" dependencies = [ "generic-array", - "rand_core", + "rand_core 0.6.4", "subtle", "zeroize", ] @@ -456,7 +456,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" dependencies = [ "generic-array", - "rand_core", + "rand_core 0.6.4", "typenum", ] @@ -494,7 +494,7 @@ checksum = "1c359b7249347e46fb28804470d071c921156ad62b3eef5d34e2ba867533dec8" dependencies = [ "byteorder", "digest 0.9.0", - "rand_core", + "rand_core 0.6.4", "subtle-ng", "zeroize", ] @@ -572,7 +572,7 @@ dependencies = [ "hkdf", "pem-rfc7468", "pkcs8", - "rand_core", + "rand_core 0.6.4", "sec1", "subtle", "zeroize", @@ -617,7 +617,7 @@ version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449" dependencies = [ - "rand_core", + "rand_core 0.6.4", "subtle", ] @@ -685,7 +685,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" dependencies = [ "ff", - "rand_core", + "rand_core 0.6.4", "subtle", ] @@ -817,6 +817,48 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "hpke-rs" +version = "0.2.0" +source = "git+https://github.com/cryspen/hpke-rs.git?branch=keks/tests-crate#f3c072720227b8ec8c760aa97fa80c90a5f8272d" +dependencies = [ + "hpke-rs-crypto 0.2.0 (git+https://github.com/cryspen/hpke-rs.git?branch=keks/tests-crate)", + "log", + "serde", + "tls_codec", + "zeroize", +] + +[[package]] +name = "hpke-rs-crypto" +version = "0.2.0" +source = "git+https://github.com/cryspen/hpke-rs.git?branch=keks/tests-crate#f3c072720227b8ec8c760aa97fa80c90a5f8272d" +dependencies = [ + "rand_core 0.6.4", +] + +[[package]] +name = "hpke-rs-crypto" +version = "0.2.0" +source = "git+https://github.com/cryspen/hpke-rs.git#7c486f19188013f2546e185b9759918df6e02901" +dependencies = [ + "rand_core 0.6.4", +] + +[[package]] +name = "hpke-rs-tests" +version = "0.1.0" +source = "git+https://github.com/cryspen/hpke-rs.git?branch=keks/tests-crate#f3c072720227b8ec8c760aa97fa80c90a5f8272d" +dependencies = [ + "hpke-rs", + "hpke-rs-crypto 0.2.0 (git+https://github.com/cryspen/hpke-rs.git?branch=keks/tests-crate)", + "log", + "pretty_env_logger", + "rayon", + "serde", + "serde_json", +] + [[package]] name = "humantime" version = "2.1.0" @@ -937,6 +979,9 @@ dependencies = [ "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "hex", + "hpke-rs", + "hpke-rs-crypto 0.2.0 (git+https://github.com/cryspen/hpke-rs.git)", + "hpke-rs-tests", "libcrux", "libcrux-ecdh", "libcrux-hacl", @@ -950,7 +995,8 @@ dependencies = [ "quickcheck", "quickcheck_macros", "rand", - "rand_core", + "rand_core 0.2.2", + "rand_core 0.6.4", "serde", "serde_json", "wasm-bindgen", @@ -965,7 +1011,7 @@ dependencies = [ "libcrux-hacl", "pretty_env_logger", "rand", - "rand_core", + "rand_core 0.6.4", "serde", "serde_json", ] @@ -1046,7 +1092,7 @@ dependencies = [ "libcrux-platform", "libcrux-sha3", "rand", - "rand_core", + "rand_core 0.6.4", "serde", "serde_json", ] @@ -1490,7 +1536,7 @@ checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" dependencies = [ "libc", "rand_chacha", - "rand_core", + "rand_core 0.6.4", ] [[package]] @@ -1500,9 +1546,33 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" dependencies = [ "ppv-lite86", - "rand_core", + "rand_core 0.6.4", +] + +[[package]] +name = "rand_core" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1961a422c4d189dfb50ffa9320bf1f2a9bd54ecb92792fb9477f99a1045f3372" +dependencies = [ + "rand_core 0.3.1", ] +[[package]] +name = "rand_core" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a6fdeb83b075e8266dcc8762c22776f6877a63111121f5f8c7411e5be7eed4b" +dependencies = [ + "rand_core 0.4.2", +] + +[[package]] +name = "rand_core" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c33a3c44ca05fa6f1807d8e6743f3824e8509beca625669633be0acbdf509dc" + [[package]] name = "rand_core" version = "0.6.4" @@ -1721,7 +1791,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" dependencies = [ "digest 0.10.7", - "rand_core", + "rand_core 0.6.4", ] [[package]] @@ -1799,6 +1869,28 @@ dependencies = [ "serde_json", ] +[[package]] +name = "tls_codec" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e78c9c330f8c85b2bae7c8368f2739157db9991235123aa1b15ef9502bfb6a" +dependencies = [ + "serde", + "tls_codec_derive", + "zeroize", +] + +[[package]] +name = "tls_codec_derive" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d9ef545650e79f30233c0003bcc2504d7efac6dad25fca40744de773fe2049c" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.75", +] + [[package]] name = "typenum" version = "1.17.0" @@ -2083,7 +2175,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277" dependencies = [ "curve25519-dalek", - "rand_core", + "rand_core 0.6.4", "serde", "zeroize", ] @@ -2096,7 +2188,7 @@ checksum = "bf7074de8999662970c3c4c8f7f30925028dd8f4ca31ad4c055efa9cdf2ec326" dependencies = [ "curve25519-dalek-ng", "rand", - "rand_core", + "rand_core 0.6.4", "zeroize", ] diff --git a/Cargo.toml b/Cargo.toml index b2e2765e3..bc12a28d2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -56,6 +56,7 @@ exclude = [ [lib] crate-type = ["staticlib", "cdylib", "lib"] +bench = false # so libtest doesn't eat the arguments for criterion [build-dependencies] libcrux-platform = { version = "=0.0.2-alpha.3", path = "sys/platform" } @@ -72,6 +73,9 @@ rand = { version = "0.8" } log = { version = "0.4", optional = true } # WASM API wasm-bindgen = { version = "0.2.87", optional = true } +hpke-rs = { version = "0.2.0", optional = true, git = "https://github.com/cryspen/hpke-rs.git", branch = "keks/tests-crate", package = "hpke-rs"} +hpke-rs-crypto = { version = "0.2.0", optional = true, git = "https://github.com/cryspen/hpke-rs.git", package = "hpke-rs-crypto"} +rand_core = { version = "0.2.0", optional = true} # When using the hax toolchain, we have more dependencies. # This is only required when doing proofs. @@ -90,6 +94,7 @@ serde_json = { version = "1.0" } serde = { version = "1.0", features = ["derive"] } hex = { version = "0.4.3", features = ["serde"] } clap = { version = "4.5", features = ["derive"] } +hpke-rs-tests = { git = "https://github.com/cryspen/hpke-rs.git", branch = "keks/tests-crate", package = "hpke-rs-tests" } [target.'cfg(target_arch = "wasm32")'.dev-dependencies] wasm-bindgen-test = "0.3" diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index c967a416b..1deaa591c 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -18,6 +18,9 @@ exclude = [ "/hax.py", ] +[lib] +bench = false # so libtest doesn't eat the arguments to criterion + [dependencies] rand_core = { version = "0.6" } libcrux-platform = { version = "0.0.2-alpha.3", path = "../sys/platform" } From 11629c317e751a86278000da5072848c6c89f65d Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Thu, 22 Aug 2024 19:10:58 +0200 Subject: [PATCH 089/172] undo hpke --- Cargo.lock | 122 +++++++---------------------------------------------- Cargo.toml | 4 -- 2 files changed, 15 insertions(+), 111 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index bf75533ab..d05b611e1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -116,7 +116,7 @@ dependencies = [ "p256", "pqcrypto-kyber", "rand", - "rand_core 0.6.4", + "rand_core", "ring", "sha2", "sha3", @@ -444,7 +444,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" dependencies = [ "generic-array", - "rand_core 0.6.4", + "rand_core", "subtle", "zeroize", ] @@ -456,7 +456,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" dependencies = [ "generic-array", - "rand_core 0.6.4", + "rand_core", "typenum", ] @@ -494,7 +494,7 @@ checksum = "1c359b7249347e46fb28804470d071c921156ad62b3eef5d34e2ba867533dec8" dependencies = [ "byteorder", "digest 0.9.0", - "rand_core 0.6.4", + "rand_core", "subtle-ng", "zeroize", ] @@ -572,7 +572,7 @@ dependencies = [ "hkdf", "pem-rfc7468", "pkcs8", - "rand_core 0.6.4", + "rand_core", "sec1", "subtle", "zeroize", @@ -617,7 +617,7 @@ version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449" dependencies = [ - "rand_core 0.6.4", + "rand_core", "subtle", ] @@ -685,7 +685,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" dependencies = [ "ff", - "rand_core 0.6.4", + "rand_core", "subtle", ] @@ -817,48 +817,6 @@ dependencies = [ "windows-sys 0.52.0", ] -[[package]] -name = "hpke-rs" -version = "0.2.0" -source = "git+https://github.com/cryspen/hpke-rs.git?branch=keks/tests-crate#f3c072720227b8ec8c760aa97fa80c90a5f8272d" -dependencies = [ - "hpke-rs-crypto 0.2.0 (git+https://github.com/cryspen/hpke-rs.git?branch=keks/tests-crate)", - "log", - "serde", - "tls_codec", - "zeroize", -] - -[[package]] -name = "hpke-rs-crypto" -version = "0.2.0" -source = "git+https://github.com/cryspen/hpke-rs.git?branch=keks/tests-crate#f3c072720227b8ec8c760aa97fa80c90a5f8272d" -dependencies = [ - "rand_core 0.6.4", -] - -[[package]] -name = "hpke-rs-crypto" -version = "0.2.0" -source = "git+https://github.com/cryspen/hpke-rs.git#7c486f19188013f2546e185b9759918df6e02901" -dependencies = [ - "rand_core 0.6.4", -] - -[[package]] -name = "hpke-rs-tests" -version = "0.1.0" -source = "git+https://github.com/cryspen/hpke-rs.git?branch=keks/tests-crate#f3c072720227b8ec8c760aa97fa80c90a5f8272d" -dependencies = [ - "hpke-rs", - "hpke-rs-crypto 0.2.0 (git+https://github.com/cryspen/hpke-rs.git?branch=keks/tests-crate)", - "log", - "pretty_env_logger", - "rayon", - "serde", - "serde_json", -] - [[package]] name = "humantime" version = "2.1.0" @@ -979,9 +937,6 @@ dependencies = [ "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "hex", - "hpke-rs", - "hpke-rs-crypto 0.2.0 (git+https://github.com/cryspen/hpke-rs.git)", - "hpke-rs-tests", "libcrux", "libcrux-ecdh", "libcrux-hacl", @@ -995,8 +950,7 @@ dependencies = [ "quickcheck", "quickcheck_macros", "rand", - "rand_core 0.2.2", - "rand_core 0.6.4", + "rand_core", "serde", "serde_json", "wasm-bindgen", @@ -1011,7 +965,7 @@ dependencies = [ "libcrux-hacl", "pretty_env_logger", "rand", - "rand_core 0.6.4", + "rand_core", "serde", "serde_json", ] @@ -1092,7 +1046,7 @@ dependencies = [ "libcrux-platform", "libcrux-sha3", "rand", - "rand_core 0.6.4", + "rand_core", "serde", "serde_json", ] @@ -1536,7 +1490,7 @@ checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" dependencies = [ "libc", "rand_chacha", - "rand_core 0.6.4", + "rand_core", ] [[package]] @@ -1546,33 +1500,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" dependencies = [ "ppv-lite86", - "rand_core 0.6.4", -] - -[[package]] -name = "rand_core" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1961a422c4d189dfb50ffa9320bf1f2a9bd54ecb92792fb9477f99a1045f3372" -dependencies = [ - "rand_core 0.3.1", + "rand_core", ] -[[package]] -name = "rand_core" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a6fdeb83b075e8266dcc8762c22776f6877a63111121f5f8c7411e5be7eed4b" -dependencies = [ - "rand_core 0.4.2", -] - -[[package]] -name = "rand_core" -version = "0.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c33a3c44ca05fa6f1807d8e6743f3824e8509beca625669633be0acbdf509dc" - [[package]] name = "rand_core" version = "0.6.4" @@ -1791,7 +1721,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" dependencies = [ "digest 0.10.7", - "rand_core 0.6.4", + "rand_core", ] [[package]] @@ -1869,28 +1799,6 @@ dependencies = [ "serde_json", ] -[[package]] -name = "tls_codec" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5e78c9c330f8c85b2bae7c8368f2739157db9991235123aa1b15ef9502bfb6a" -dependencies = [ - "serde", - "tls_codec_derive", - "zeroize", -] - -[[package]] -name = "tls_codec_derive" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d9ef545650e79f30233c0003bcc2504d7efac6dad25fca40744de773fe2049c" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.75", -] - [[package]] name = "typenum" version = "1.17.0" @@ -2175,7 +2083,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277" dependencies = [ "curve25519-dalek", - "rand_core 0.6.4", + "rand_core", "serde", "zeroize", ] @@ -2188,7 +2096,7 @@ checksum = "bf7074de8999662970c3c4c8f7f30925028dd8f4ca31ad4c055efa9cdf2ec326" dependencies = [ "curve25519-dalek-ng", "rand", - "rand_core 0.6.4", + "rand_core", "zeroize", ] diff --git a/Cargo.toml b/Cargo.toml index bc12a28d2..869a771a7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -73,9 +73,6 @@ rand = { version = "0.8" } log = { version = "0.4", optional = true } # WASM API wasm-bindgen = { version = "0.2.87", optional = true } -hpke-rs = { version = "0.2.0", optional = true, git = "https://github.com/cryspen/hpke-rs.git", branch = "keks/tests-crate", package = "hpke-rs"} -hpke-rs-crypto = { version = "0.2.0", optional = true, git = "https://github.com/cryspen/hpke-rs.git", package = "hpke-rs-crypto"} -rand_core = { version = "0.2.0", optional = true} # When using the hax toolchain, we have more dependencies. # This is only required when doing proofs. @@ -94,7 +91,6 @@ serde_json = { version = "1.0" } serde = { version = "1.0", features = ["derive"] } hex = { version = "0.4.3", features = ["serde"] } clap = { version = "4.5", features = ["derive"] } -hpke-rs-tests = { git = "https://github.com/cryspen/hpke-rs.git", branch = "keks/tests-crate", package = "hpke-rs-tests" } [target.'cfg(target_arch = "wasm32")'.dev-dependencies] wasm-bindgen-test = "0.3" From 9ddfa5e48085ea5d31d8cbf0e29b2868a6d6392c Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Thu, 22 Aug 2024 19:38:33 +0200 Subject: [PATCH 090/172] run tests in merge queue :face_palm: --- .github/workflows/rust.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 552809ccd..e519051ea 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -17,7 +17,6 @@ concurrency: jobs: build: - if: ${{ github.event_name != 'merge_group' }} strategy: fail-fast: false matrix: From 36c6b05c19e2d93b4cda5ea003aeba82a45d208d Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 23 Aug 2024 14:19:23 +0200 Subject: [PATCH 091/172] Create stale.yml --- .github/workflows/stale.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/stale.yml diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 000000000..c7347c48f --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,22 @@ +name: 'Triage stale issues and PRs' +on: + schedule: + - cron: '00 1 * * *' + workflow_dispatch: + +jobs: + stale: + runs-on: ubuntu-latest + steps: + - uses: actions/stale@v9 + with: + stale-issue-message: "This issue has been marked as stale due to a lack of activity for 60 days. If you believe this issue is still relevant, please provide an update or comment to keep it open. Otherwise, it will be closed in 7 days." + stale-pr-message: "This PR has been marked as stale due to a lack of activity for 60 days. If you believe this pull request is still relevant, please provide an update or comment to keep it open. Otherwise, it will be closed in 7 days." + stale-issue-label: 'stale' + exempt-issue-labels: 'keep-open' + stale-pr-label: 'stale' + exempt-pr-labels: 'keep-open' + days-before-stale: 60 + days-before-close: 7 + close-issue-message: "This issue has been closed due to a lack of activity since being marked as stale. If you believe this issue is still relevant, please reopen it with an update or comment." + close-pr-message: "This PR has been closed due to a lack of activity since being marked as stale. If you believe this pull request is still relevant, please reopen it with an update or comment." From 6d6749486c31eb261076b5c0f2084cc56caacafe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Aug 2024 02:28:12 +0000 Subject: [PATCH 092/172] Bump serde from 1.0.208 to 1.0.209 Bumps [serde](https://github.com/serde-rs/serde) from 1.0.208 to 1.0.209. - [Release notes](https://github.com/serde-rs/serde/releases) - [Commits](https://github.com/serde-rs/serde/compare/v1.0.208...v1.0.209) --- updated-dependencies: - dependency-name: serde dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d05b611e1..7ab3ec3e1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1657,18 +1657,18 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.208" +version = "1.0.209" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cff085d2cb684faa248efb494c39b68e522822ac0de72ccf08109abde717cfb2" +checksum = "99fce0ffe7310761ca6bf9faf5115afbc19688edd00171d81b1bb1b116c63e09" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.208" +version = "1.0.209" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24008e81ff7613ed8e5ba0cfaf24e2c2f1e5b8a0495711e44fcd4882fca62bcf" +checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170" dependencies = [ "proc-macro2", "quote", From bb3cd58e229a66eca98c611de50ae69609556976 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Aug 2024 02:28:20 +0000 Subject: [PATCH 093/172] Bump serde_json from 1.0.125 to 1.0.127 Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.125 to 1.0.127. - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](https://github.com/serde-rs/json/compare/1.0.125...1.0.127) --- updated-dependencies: - dependency-name: serde_json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d05b611e1..ce6d0ade7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1677,9 +1677,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.125" +version = "1.0.127" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83c8e735a073ccf5be70aa8066aa984eaf2fa000db6c8d0100ae605b366d31ed" +checksum = "8043c06d9f82bd7271361ed64f415fe5e12a77fdb52e573e7f06a516dea329ad" dependencies = [ "itoa", "memchr", From 190bfd40dcb80fcdecd7d902c791bd4e194095b5 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 26 Aug 2024 10:57:22 +0200 Subject: [PATCH 094/172] build gc before trying to bench it --- .github/workflows/c-bench.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/c-bench.yml b/.github/workflows/c-bench.yml index a2628bf2e..9398a57db 100644 --- a/.github/workflows/c-bench.yml +++ b/.github/workflows/c-bench.yml @@ -22,26 +22,34 @@ jobs: defaults: run: shell: bash - working-directory: libcrux-ml-kem/c steps: - uses: actions/checkout@v4 - - name: 🔨 Build Release + - name: 🔨 Build libcrux-ml-kem/c + working-directory: libcrux-ml-kem/c run: | cmake -B build -DCMAKE_BUILD_TYPE=Release cmake --build build --config Release # FIXME: Benchmarks on Windows CI are not working right now. # - name: 🏃🏻‍♀️ Benchmark + # working-directory: libcrux-ml-kem/c # run: ./build/Release/ml_kem_bench # if: ${{ matrix.os == 'windows-latest' }} - - name: 🏃🏻‍♀️ Benchmark (c) + - name: 🏃🏻‍♀️ Benchmark (libcrux-ml-kem/c) + working-directory: libcrux-ml-kem/c run: ./build/ml_kem_bench if: ${{ matrix.os != 'windows-latest' && (github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch') }} - - name: 🏃🏻‍♀️ Benchmark (cg) + - name: 🔨 Build libcrux-ml-kem/cg + working-directory: libcrux-ml-kem/cg + run: | + cmake -B build -DCMAKE_BUILD_TYPE=Release + cmake --build build --config Release + + - name: 🏃🏻‍♀️ Benchmark libcrux-ml-kem/cg working-directory: libcrux-ml-kem/cg run: ./build/ml_kem_bench if: ${{ matrix.os != 'windows-latest' && (github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch') }} From e995f6a7444ebf0d5168497115cda38aafe0ffb0 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 26 Aug 2024 10:59:19 +0200 Subject: [PATCH 095/172] disable libtest for benches in ./benchmarks/ --- benchmarks/Cargo.toml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/benchmarks/Cargo.toml b/benchmarks/Cargo.toml index 3e9f3b781..21a2c3dc3 100644 --- a/benchmarks/Cargo.toml +++ b/benchmarks/Cargo.toml @@ -9,6 +9,9 @@ repository.workspace = true readme.workspace = true publish = false +[lib] +bench = false # so libtest doesn't eat the arguments for criterion + [dependencies] [dev-dependencies] From 802eccdf88224ceef62c7a02c9c96e394140f940 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 26 Aug 2024 13:33:13 +0200 Subject: [PATCH 096/172] bench = false in the rest of the benchmarked rust packages --- libcrux-ml-dsa/Cargo.toml | 3 +++ libcrux-psq/Cargo.toml | 3 +++ libcrux-sha3/Cargo.toml | 3 +++ 3 files changed, 9 insertions(+) diff --git a/libcrux-ml-dsa/Cargo.toml b/libcrux-ml-dsa/Cargo.toml index 5408a697b..0eb6a57f8 100644 --- a/libcrux-ml-dsa/Cargo.toml +++ b/libcrux-ml-dsa/Cargo.toml @@ -10,6 +10,9 @@ readme.workspace = true description = "Libcrux ML-DSA implementation" publish = false +[lib] +bench = false # so libtest doesn't eat the arguments to criterion + # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] diff --git a/libcrux-psq/Cargo.toml b/libcrux-psq/Cargo.toml index 8f9bb74b1..4e0f7395d 100644 --- a/libcrux-psq/Cargo.toml +++ b/libcrux-psq/Cargo.toml @@ -10,6 +10,9 @@ readme.workspace = true description = "Libcrux Pre-Shared post-Quantum key establishement protocol" publish = false +[lib] +bench = false # so libtest doesn't eat the arguments to criterion + [dependencies] libcrux-kem = { version = "0.0.2-alpha.3", path = "../libcrux-kem", features = [ "pre-verification", diff --git a/libcrux-sha3/Cargo.toml b/libcrux-sha3/Cargo.toml index c93712c4b..ebf3dde70 100644 --- a/libcrux-sha3/Cargo.toml +++ b/libcrux-sha3/Cargo.toml @@ -10,6 +10,9 @@ readme = "README.md" description = "Libcrux SHA-3 implementation" exclude = ["/proofs", "/c.sh", "/c.yaml", "/tests/tv", "tests/cavp.rs"] +[lib] +bench = false # so libtest doesn't eat the arguments to criterion + [dependencies] libcrux-platform = { version = "0.0.2-alpha.3", path = "../sys/platform" } libcrux-intrinsics = { version = "0.0.2-alpha.3", path = "../libcrux-intrinsics" } From b4e38dd90a3fc26ba16d2d0b891d6504d0959611 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 26 Aug 2024 13:34:10 +0200 Subject: [PATCH 097/172] disable c bench for windows --- .github/workflows/c-bench.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/c-bench.yml b/.github/workflows/c-bench.yml index 9398a57db..04d03d819 100644 --- a/.github/workflows/c-bench.yml +++ b/.github/workflows/c-bench.yml @@ -16,7 +16,7 @@ jobs: os: - macos-latest - ubuntu-latest - - windows-latest + # - windows-latest # currently runs forever, needs to be investigated before adding again! runs-on: ${{ matrix.os }} defaults: From 13aa81f0c6012c628171db35c25377444714129a Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 26 Aug 2024 14:10:46 +0200 Subject: [PATCH 098/172] steps towards getting wasm to work, but disable it for now because it still doesn't --- .github/workflows/rust.yml | 2 +- Cargo.toml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index e519051ea..c09f98d06 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -122,7 +122,7 @@ jobs: run: cargo build --verbose $RUST_TARGET_FLAG wasm: - if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group' }} + if: false #${{ github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group' }} runs-on: ubuntu-latest steps: diff --git a/Cargo.toml b/Cargo.toml index 869a771a7..3bd1be7a9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -73,6 +73,7 @@ rand = { version = "0.8" } log = { version = "0.4", optional = true } # WASM API wasm-bindgen = { version = "0.2.87", optional = true } +getrandom = { version = "0.2", features = ["js"], optional = true } # When using the hax toolchain, we have more dependencies. # This is only required when doing proofs. @@ -99,7 +100,7 @@ getrandom = { version = "0.2", features = ["js"] } [features] hacspec = [] # TODO: #7 Use specs instead of efficient implementations rand = [] -wasm = ["wasm-bindgen"] +wasm = ["wasm-bindgen", "getrandom"] log = ["dep:log"] tests = [] # Expose functions for testing. experimental = [] # Expose experimental APIs. From c3e4c58bcc3013501f5282dddfca1d62f914e4b9 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 26 Aug 2024 16:21:07 +0200 Subject: [PATCH 099/172] final touches on benchmarks had to move the utils into the crate, because otherwise it would be picked up by the bechmarks and fail because libtest would again complain about the --output-format argument --- benchmarks/Cargo.toml | 2 +- benchmarks/benches/aead.rs | 3 +-- benchmarks/benches/p256.rs | 1 - benchmarks/benches/sha2.rs | 3 +-- benchmarks/benches/sha3.rs | 3 +-- benchmarks/benches/util.rs | 16 ---------------- benchmarks/benches/x25519.rs | 3 +-- benchmarks/src/lib.rs | 15 +++++++++++++++ 8 files changed, 20 insertions(+), 26 deletions(-) delete mode 100644 benchmarks/benches/util.rs diff --git a/benchmarks/Cargo.toml b/benchmarks/Cargo.toml index 21a2c3dc3..3458bfeda 100644 --- a/benchmarks/Cargo.toml +++ b/benchmarks/Cargo.toml @@ -13,12 +13,12 @@ publish = false bench = false # so libtest doesn't eat the arguments for criterion [dependencies] +rand = { version = "0.8" } [dev-dependencies] libcrux = { path = "../", features = ["rand", "tests"] } libcrux-kem = { path = "../libcrux-kem", features = ["tests"] } libcrux-ml-kem = { path = "../libcrux-ml-kem" } -rand = { version = "0.8" } rand_core = { version = "0.6" } # Benchmarking "RustCrypto" chacha20poly1305 = "0.10" diff --git a/benchmarks/benches/aead.rs b/benchmarks/benches/aead.rs index 94994baf3..bfb74a25a 100644 --- a/benchmarks/benches/aead.rs +++ b/benchmarks/benches/aead.rs @@ -2,10 +2,9 @@ use chacha20poly1305::{AeadCore, AeadInPlace, KeyInit}; use criterion::{criterion_group, criterion_main, BatchSize, BenchmarkId, Criterion, Throughput}; use libcrux::{aead::*, digest, drbg}; -mod util; +use benchmarks::util::*; use rand_core::OsRng; use ring::aead::UnboundKey; -use util::*; // Comparing libcrux performance for different payload sizes and other implementations. fn comparisons_encrypt(c: &mut Criterion) { diff --git a/benchmarks/benches/p256.rs b/benchmarks/benches/p256.rs index a562bebd2..70296411e 100644 --- a/benchmarks/benches/p256.rs +++ b/benchmarks/benches/p256.rs @@ -1,7 +1,6 @@ use criterion::{criterion_group, criterion_main, BatchSize, Criterion}; use libcrux::ecdh; -mod util; use rand_core::OsRng; fn derive(c: &mut Criterion) { diff --git a/benchmarks/benches/sha2.rs b/benchmarks/benches/sha2.rs index d9f82577e..5e3f16b2b 100644 --- a/benchmarks/benches/sha2.rs +++ b/benchmarks/benches/sha2.rs @@ -3,8 +3,7 @@ use criterion::{criterion_group, criterion_main, BatchSize, BenchmarkId, Criteri use libcrux::digest::{self, *}; -mod util; -use util::*; +use benchmarks::util::*; macro_rules! impl_comp { ($fun:ident, $libcrux:expr, $ring:expr, $rust_crypto:ty, $openssl:expr) => { diff --git a/benchmarks/benches/sha3.rs b/benchmarks/benches/sha3.rs index ca9deb998..dbf2494d7 100644 --- a/benchmarks/benches/sha3.rs +++ b/benchmarks/benches/sha3.rs @@ -3,8 +3,7 @@ use criterion::{criterion_group, criterion_main, BatchSize, BenchmarkId, Criteri use libcrux::digest::{self, *}; -mod util; -use util::*; +use benchmarks::util::*; macro_rules! impl_comp { ($fun:ident, $libcrux:expr, $rust_crypto:ty, $openssl:expr) => { diff --git a/benchmarks/benches/util.rs b/benchmarks/benches/util.rs deleted file mode 100644 index 1e7439e8e..000000000 --- a/benchmarks/benches/util.rs +++ /dev/null @@ -1,16 +0,0 @@ -#![allow(dead_code)] - -pub fn randombytes(n: usize) -> Vec { - use rand::rngs::OsRng; - use rand::RngCore; - - let mut bytes = vec![0u8; n]; - OsRng.fill_bytes(&mut bytes); - bytes -} - -pub fn fmt(x: usize) -> String { - let base = (x as f64).log(1024f64).floor() as usize; - let suffix = ["", "KB", "MB", "GB"]; - format!("{} {}", x >> (10 * base), suffix[base]) -} diff --git a/benchmarks/benches/x25519.rs b/benchmarks/benches/x25519.rs index a9d9b793d..af5730814 100644 --- a/benchmarks/benches/x25519.rs +++ b/benchmarks/benches/x25519.rs @@ -1,9 +1,8 @@ use criterion::{criterion_group, criterion_main, BatchSize, Criterion}; use libcrux::ecdh; -mod util; +use benchmarks::util::*; use rand::RngCore; -use util::*; fn derive(c: &mut Criterion) { // Comparing libcrux performance for different payload sizes and other implementations. diff --git a/benchmarks/src/lib.rs b/benchmarks/src/lib.rs index 8b1378917..293e5e4c7 100644 --- a/benchmarks/src/lib.rs +++ b/benchmarks/src/lib.rs @@ -1 +1,16 @@ +pub mod util { + pub fn randombytes(n: usize) -> Vec { + use rand::rngs::OsRng; + use rand::RngCore; + let mut bytes = vec![0u8; n]; + OsRng.fill_bytes(&mut bytes); + bytes + } + + pub fn fmt(x: usize) -> String { + let base = (x as f64).log(1024f64).floor() as usize; + let suffix = ["", "KB", "MB", "GB"]; + format!("{} {}", x >> (10 * base), suffix[base]) + } +} From 30af7dd6a38da3d0b39348e989e8b2fcb84cf198 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 26 Aug 2024 17:40:32 +0200 Subject: [PATCH 100/172] split up benchmarks and fix git issue --- .github/workflows/mlkem-bench.yml | 2 ++ .github/workflows/skip-benches-in-prs.yml | 27 +++++++++++++++++++---- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/.github/workflows/mlkem-bench.yml b/.github/workflows/mlkem-bench.yml index b5c825c09..a6bf66508 100644 --- a/.github/workflows/mlkem-bench.yml +++ b/.github/workflows/mlkem-bench.yml @@ -89,6 +89,8 @@ jobs: run: | cargo clean LIBCRUX_DISABLE_SIMD128=1 LIBCRUX_DISABLE_SIMD256=1 cargo bench --verbose $RUST_TARGET_FLAG -- --output-format bencher | sed 's/^test \(.*\) \.\.\. bench/test portable \1 ... bench/' | tee -a bench.txt + - name: Clear Cargo.toml so it doesn't interfere with git + run: git checkout Cargo.toml - name: Store benchmarks uses: benchmark-action/github-action-benchmark@v1 with: diff --git a/.github/workflows/skip-benches-in-prs.yml b/.github/workflows/skip-benches-in-prs.yml index fd259b985..27d9cb4bc 100644 --- a/.github/workflows/skip-benches-in-prs.yml +++ b/.github/workflows/skip-benches-in-prs.yml @@ -1,14 +1,33 @@ name: Skip Benchmarks in PRs on: [ pull_request ] + jobs: benchmark: - runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + bits: [32, 64] + os: + - macos-13 + - macos-latest + - ubuntu-latest + - windows-latest + runs-on: ${{ matrix.os }} steps: - run: true - benchmarks: - runs-on: ubuntu-latest + + benchmark_without_bits: + strategy: + fail-fast: false + matrix: + os: + - macos-13 + - macos-latest + - ubuntu-latest + - windows-latest + runs-on: ${{ matrix.os }} + name: "benchmark (${{ matrix.os }})" steps: - run: true - From 496c9d3595e6d49497580529adf182db172e1e85 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Tue, 27 Aug 2024 09:57:35 +0200 Subject: [PATCH 101/172] fix more benchmark workflows --- .github/workflows/mlkem-bench.yml | 4 ++-- .github/workflows/rust-bench.yml | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/mlkem-bench.yml b/.github/workflows/mlkem-bench.yml index a6bf66508..5f049aaca 100644 --- a/.github/workflows/mlkem-bench.yml +++ b/.github/workflows/mlkem-bench.yml @@ -89,8 +89,8 @@ jobs: run: | cargo clean LIBCRUX_DISABLE_SIMD128=1 LIBCRUX_DISABLE_SIMD256=1 cargo bench --verbose $RUST_TARGET_FLAG -- --output-format bencher | sed 's/^test \(.*\) \.\.\. bench/test portable \1 ... bench/' | tee -a bench.txt - - name: Clear Cargo.toml so it doesn't interfere with git - run: git checkout Cargo.toml + - name: Clear Cargo.lock so it doesn't interfere with git + run: git checkout Cargo.lock - name: Store benchmarks uses: benchmark-action/github-action-benchmark@v1 with: diff --git a/.github/workflows/rust-bench.yml b/.github/workflows/rust-bench.yml index 20644290d..787026950 100644 --- a/.github/workflows/rust-bench.yml +++ b/.github/workflows/rust-bench.yml @@ -88,10 +88,12 @@ jobs: - name: 🏃🏻‍♀️ Benchmarks run: cargo bench --verbose $RUST_TARGET_FLAG -p benchmarks -- --output-format bencher | tee bench.txt + - name: Clear Cargo.lock so it doesn't interfere with git + run: git checkout Cargo.lock - name: Store Benchmarks uses: benchmark-action/github-action-benchmark@v1 with: - name: ML-KEM Benchmark + name: Rust Benchmark tool: 'cargo' output-file-path: bench.txt github-token: ${{ secrets.GITHUB_TOKEN }} From 6108ada8d720d9195f7a69a17bcb206cbf648c0f Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Tue, 27 Aug 2024 13:30:24 +0200 Subject: [PATCH 102/172] figure out which files need to be reset --- .github/workflows/rust-bench.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/rust-bench.yml b/.github/workflows/rust-bench.yml index 787026950..1ba9971c5 100644 --- a/.github/workflows/rust-bench.yml +++ b/.github/workflows/rust-bench.yml @@ -88,8 +88,10 @@ jobs: - name: 🏃🏻‍♀️ Benchmarks run: cargo bench --verbose $RUST_TARGET_FLAG -p benchmarks -- --output-format bencher | tee bench.txt - - name: Clear Cargo.lock so it doesn't interfere with git - run: git checkout Cargo.lock + - name: Print Git Status + run: git status + - name: Print Git Diff + run: git diff - name: Store Benchmarks uses: benchmark-action/github-action-benchmark@v1 with: From 264dbfd6b8f5c32d1845149d1b4bd9a3d8998ecd Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 27 Aug 2024 12:00:30 +0000 Subject: [PATCH 103/172] Add private key validation function Fixes #536 --- libcrux-ml-kem/benches/ml-kem.rs | 33 ++++++++---- libcrux-ml-kem/src/ind_cca.rs | 28 ++++++++++ libcrux-ml-kem/src/ind_cca/instantiations.rs | 17 ++++++ libcrux-ml-kem/src/ind_cca/multiplexing.rs | 36 ++++++++----- libcrux-ml-kem/src/lib.rs | 3 ++ libcrux-ml-kem/src/mlkem1024.rs | 53 ++++++++++++------- libcrux-ml-kem/src/mlkem512.rs | 50 ++++++++++++------ libcrux-ml-kem/src/mlkem768.rs | 54 +++++++++++++------- libcrux-ml-kem/tests/ml-kem.rs | 19 ++++--- libcrux-ml-kem/tests/nistkats.rs | 50 +++++++----------- 10 files changed, 227 insertions(+), 116 deletions(-) diff --git a/libcrux-ml-kem/benches/ml-kem.rs b/libcrux-ml-kem/benches/ml-kem.rs index 37334be2a..d347c9626 100644 --- a/libcrux-ml-kem/benches/ml-kem.rs +++ b/libcrux-ml-kem/benches/ml-kem.rs @@ -48,7 +48,8 @@ pub fn key_generation(c: &mut Criterion) { #[cfg(all( feature = "mlkem768", feature = "pre-verification", - feature = "simd256" + feature = "simd256", + feature = "unpacked" ))] c.bench_function("libcrux avx2 unpacked (external random)", |b| { let mut seed = [0; 64]; @@ -71,7 +72,11 @@ pub fn key_generation(c: &mut Criterion) { }) }); - #[cfg(all(feature = "mlkem768", feature = "pre-verification"))] + #[cfg(all( + feature = "mlkem768", + feature = "pre-verification", + feature = "unpacked" + ))] c.bench_function("libcrux portable unpacked (external random)", |b| { let mut seed = [0; 64]; rng.fill_bytes(&mut seed); @@ -94,10 +99,10 @@ pub fn pk_validation(c: &mut Criterion) { b.iter_batched( || { let keypair = p::generate_key_pair(seed); - keypair.public_key().as_slice().into() + keypair }, - |public_key| { - let _valid = black_box(p::validate_public_key(public_key)); + |keypair| { + let _valid = black_box(p::validate_public_key(keypair.public_key())); }, BatchSize::SmallInput, ) @@ -135,7 +140,11 @@ pub fn encapsulation(c: &mut Criterion) { init!(mlkem768, "Encapsulation", c); init!(mlkem1024, "Encapsulation", c); - #[cfg(all(feature = "mlkem768", feature = "pre-verification"))] + #[cfg(all( + feature = "mlkem768", + feature = "pre-verification", + feature = "unpacked" + ))] c.bench_function("libcrux unpacked portable (external random)", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); @@ -174,7 +183,8 @@ pub fn encapsulation(c: &mut Criterion) { #[cfg(all( feature = "mlkem768", feature = "pre-verification", - feature = "simd256" + feature = "simd256", + feature = "unpacked" ))] c.bench_function("libcrux unpacked avx2 (external random)", |b| { let mut seed1 = [0; 64]; @@ -222,7 +232,11 @@ pub fn decapsulation(c: &mut Criterion) { init!(mlkem768, "Decapsulation", c); init!(mlkem1024, "Decapsulation", c); - #[cfg(all(feature = "mlkem768", feature = "pre-verification"))] + #[cfg(all( + feature = "mlkem768", + feature = "pre-verification", + feature = "unpacked" + ))] c.bench_function("libcrux unpacked portable", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); @@ -270,7 +284,8 @@ pub fn decapsulation(c: &mut Criterion) { #[cfg(all( feature = "mlkem768", feature = "pre-verification", - feature = "simd256" + feature = "simd256", + feature = "unpacked" ))] c.bench_function("libcrux unpacked avx2", |b| { let mut seed1 = [0; 64]; diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 9b1dc773f..f09b6c7ce 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -86,6 +86,11 @@ fn serialize_kem_secret_key, +>( + private_key: &MlKemPrivateKey, + _ciphertext: &MlKemCiphertext, +) -> bool { + // Eurydice can't access values directly on the types. We need to go to the + // `value` directly. + + let t = Hasher::H(&private_key.value[384 * K..768 * K + 32]); + let expected = &private_key.value[768 * K + 32..768 * K + 64]; + t == expected +} + /// Packed API /// /// Generate a key pair. diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index 582fe79a9..e9d780ab2 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -66,6 +66,7 @@ macro_rules! instantiate { } /// Portable public key validation + #[inline(always)] pub(crate) fn validate_public_key< const K: usize, const RANKED_BYTES_PER_RING_ELEMENT: usize, @@ -81,6 +82,22 @@ macro_rules! instantiate { >(public_key) } + /// Portable private key validation + #[inline(always)] + pub(crate) fn validate_private_key< + const K: usize, + const SECRET_KEY_SIZE: usize, + const CIPHERTEXT_SIZE: usize, + >( + private_key: &MlKemPrivateKey, + ciphertext: &MlKemCiphertext, + ) -> bool { + crate::ind_cca::validate_private_key::( + private_key, + ciphertext, + ) + } + /// Portable encapsulate #[cfg(feature = "kyber")] pub(crate) fn kyber_encapsulate< diff --git a/libcrux-ml-kem/src/ind_cca/multiplexing.rs b/libcrux-ml-kem/src/ind_cca/multiplexing.rs index 77f673a9d..588d551e3 100644 --- a/libcrux-ml-kem/src/ind_cca/multiplexing.rs +++ b/libcrux-ml-kem/src/ind_cca/multiplexing.rs @@ -7,7 +7,7 @@ use super::*; #[cfg(feature = "simd256")] use instantiations::avx2::{ decapsulate as decapsulate_avx2, encapsulate as encapsulate_avx2, - generate_keypair as generate_keypair_avx2, validate_public_key as validate_public_key_avx2, + generate_keypair as generate_keypair_avx2, }; #[cfg(feature = "simd128")] @@ -19,13 +19,13 @@ use instantiations::neon::{ #[cfg(not(feature = "simd256"))] use instantiations::portable::{ decapsulate as decapsulate_avx2, encapsulate as encapsulate_avx2, - generate_keypair as generate_keypair_avx2, validate_public_key as validate_public_key_avx2, + generate_keypair as generate_keypair_avx2, }; #[cfg(not(feature = "simd128"))] use instantiations::portable::{ decapsulate as decapsulate_neon, encapsulate as encapsulate_neon, - generate_keypair as generate_keypair_neon, validate_public_key as validate_public_key_neon, + generate_keypair as generate_keypair_neon, }; #[cfg(all(feature = "simd256", feature = "kyber"))] @@ -52,6 +52,7 @@ use instantiations::portable::{ kyber_generate_keypair as kyber_generate_keypair_neon, }; +#[inline(always)] pub(crate) fn validate_public_key< const K: usize, const RANKED_BYTES_PER_RING_ELEMENT: usize, @@ -59,17 +60,24 @@ pub(crate) fn validate_public_key< >( public_key: &[u8; PUBLIC_KEY_SIZE], ) -> bool { - if libcrux_platform::simd256_support() { - validate_public_key_avx2::(public_key) - } else if libcrux_platform::simd128_support() { - validate_public_key_neon::(public_key) - } else { - instantiations::portable::validate_public_key::< - K, - RANKED_BYTES_PER_RING_ELEMENT, - PUBLIC_KEY_SIZE, - >(public_key) - } + instantiations::portable::validate_public_key::( + public_key, + ) +} + +#[inline(always)] +pub(crate) fn validate_private_key< + const K: usize, + const SECRET_KEY_SIZE: usize, + const CIPHERTEXT_SIZE: usize, +>( + private_key: &MlKemPrivateKey, + ciphertext: &MlKemCiphertext, +) -> bool { + instantiations::portable::validate_private_key::( + private_key, + ciphertext, + ) } #[cfg(feature = "kyber")] diff --git a/libcrux-ml-kem/src/lib.rs b/libcrux-ml-kem/src/lib.rs index 61036042b..a787a5f1d 100644 --- a/libcrux-ml-kem/src/lib.rs +++ b/libcrux-ml-kem/src/lib.rs @@ -146,6 +146,7 @@ cfg_pre_verification! { pub use crate::mlkem512::kyber::decapsulate; pub use crate::mlkem512::kyber::encapsulate; pub use crate::mlkem512::validate_public_key; + pub use crate::mlkem512::validate_private_key; } } @@ -158,6 +159,7 @@ cfg_pre_verification! { pub use crate::mlkem768::kyber::decapsulate; pub use crate::mlkem768::kyber::encapsulate; pub use crate::mlkem768::validate_public_key; + pub use crate::mlkem768::validate_private_key; } } @@ -170,6 +172,7 @@ cfg_pre_verification! { pub use crate::mlkem1024::kyber::decapsulate; pub use crate::mlkem1024::kyber::encapsulate; pub use crate::mlkem1024::validate_public_key; + pub use crate::mlkem1024::validate_private_key; } } } diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 3a7acf194..4d8520881 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -67,20 +67,27 @@ macro_rules! instantiate { /// Validate a public key. /// - /// Returns `Some(public_key)` if valid, and `None` otherwise. - pub fn validate_public_key( - public_key: MlKem1024PublicKey, - ) -> Option { - if p::validate_public_key::< + /// Returns `true` if valid, and `false` otherwise. + pub fn validate_public_key(public_key: &MlKem1024PublicKey) -> bool { + p::validate_public_key::< RANK_1024, RANKED_BYTES_PER_RING_ELEMENT_1024, CPA_PKE_PUBLIC_KEY_SIZE_1024, >(&public_key.value) - { - Some(public_key) - } else { - None - } + } + + /// Validate a private key. + /// + /// Returns `true` if valid, and `false` otherwise. + pub fn validate_private_key( + private_key: &MlKem1024PrivateKey, + ciphertext: &MlKem1024Ciphertext, + ) -> bool { + p::validate_private_key::< + RANK_1024, + SECRET_KEY_SIZE_1024, + CPA_PKE_CIPHERTEXT_SIZE_1024, + >(private_key, ciphertext) } /// Generate Kyber 1024 Key Pair @@ -331,19 +338,29 @@ instantiate! {neon, ind_cca::instantiations::neon, vector::SIMD128Vector, "Neon /// Validate a public key. /// -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. #[cfg(not(eurydice))] -pub fn validate_public_key(public_key: MlKem1024PublicKey) -> Option { - if multiplexing::validate_public_key::< +pub fn validate_public_key(public_key: &MlKem1024PublicKey) -> bool { + multiplexing::validate_public_key::< RANK_1024, RANKED_BYTES_PER_RING_ELEMENT_1024, CPA_PKE_PUBLIC_KEY_SIZE_1024, >(&public_key.value) - { - Some(public_key) - } else { - None - } +} + +/// Validate a private key. +/// +/// Returns `true` if valid, and `false` otherwise. +#[cfg(not(eurydice))] +pub fn validate_private_key( + private_key: &MlKem1024PrivateKey, + ciphertext: &MlKem1024Ciphertext, +) -> bool { + multiplexing::validate_private_key::< + RANK_1024, + SECRET_KEY_SIZE_1024, + CPA_PKE_CIPHERTEXT_SIZE_1024, + >(private_key, ciphertext) } /// Generate ML-KEM 1024 Key Pair diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 53cec6878..7ad225342 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -65,18 +65,27 @@ macro_rules! instantiate { /// Validate a public key. /// - /// Returns `Some(public_key)` if valid, and `None` otherwise. - pub fn validate_public_key(public_key: MlKem512PublicKey) -> Option { - if p::validate_public_key::< + /// Returns `true` if valid, and `false` otherwise. + pub fn validate_public_key(public_key: &MlKem512PublicKey) -> bool { + p::validate_public_key::< RANK_512, RANKED_BYTES_PER_RING_ELEMENT_512, CPA_PKE_PUBLIC_KEY_SIZE_512, >(&public_key.value) - { - Some(public_key) - } else { - None - } + } + + /// Validate a private key. + /// + /// Returns `true` if valid, and `false` otherwise. + pub fn validate_private_key( + private_key: &MlKem512PrivateKey, + ciphertext: &MlKem512Ciphertext, + ) -> bool { + p::validate_private_key::< + RANK_512, + SECRET_KEY_SIZE_512, + CPA_PKE_CIPHERTEXT_SIZE_512, + >(private_key, ciphertext) } /// Generate ML-KEM 512 Key Pair @@ -324,19 +333,28 @@ instantiate! {neon, ind_cca::instantiations::neon, vector::SIMD128Vector, "Neon /// Validate a public key. /// -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. #[cfg(not(eurydice))] -pub fn validate_public_key(public_key: MlKem512PublicKey) -> Option { - if multiplexing::validate_public_key::< +pub fn validate_public_key(public_key: &MlKem512PublicKey) -> bool { + multiplexing::validate_public_key::< RANK_512, RANKED_BYTES_PER_RING_ELEMENT_512, CPA_PKE_PUBLIC_KEY_SIZE_512, >(&public_key.value) - { - Some(public_key) - } else { - None - } +} + +/// Validate a private key. +/// +/// Returns `true` if valid, and `false` otherwise. +#[cfg(not(eurydice))] +pub fn validate_private_key( + private_key: &MlKem512PrivateKey, + ciphertext: &MlKem512Ciphertext, +) -> bool { + multiplexing::validate_private_key::( + private_key, + ciphertext, + ) } /// Generate ML-KEM 512 Key Pair diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 7cc7cff5c..b47a3eb72 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -1,5 +1,5 @@ //! ML-KEM 768 -//! + use super::{constants::*, ind_cca::*, types::*, *}; #[cfg(feature = "unpacked")] use super::{ind_cca::unpacked::*, vector::traits::VectorType}; @@ -67,18 +67,27 @@ macro_rules! instantiate { /// Validate a public key. /// - /// Returns `Some(public_key)` if valid, and `None` otherwise. - pub fn validate_public_key(public_key: MlKem768PublicKey) -> Option { - if p::validate_public_key::< + /// Returns `true` if valid, and `false` otherwise. + pub fn validate_public_key(public_key: &MlKem768PublicKey) -> bool { + p::validate_public_key::< RANK_768, RANKED_BYTES_PER_RING_ELEMENT_768, CPA_PKE_PUBLIC_KEY_SIZE_768, >(&public_key.value) - { - Some(public_key) - } else { - None - } + } + + /// Validate a private key. + /// + /// Returns `true` if valid, and `false` otherwise. + pub fn validate_private_key( + private_key: &MlKem768PrivateKey, + ciphertext: &MlKem768Ciphertext, + ) -> bool { + p::validate_private_key::< + RANK_768, + SECRET_KEY_SIZE_768, + CPA_PKE_CIPHERTEXT_SIZE_768, + >(private_key, ciphertext) } /// Generate ML-KEM 768 Key Pair @@ -327,19 +336,28 @@ instantiate! {neon, ind_cca::instantiations::neon, vector::SIMD128Vector, "Neon /// Validate a public key. /// -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. #[cfg(not(eurydice))] -pub fn validate_public_key(public_key: MlKem768PublicKey) -> Option { - if multiplexing::validate_public_key::< +pub fn validate_public_key(public_key: &MlKem768PublicKey) -> bool { + multiplexing::validate_public_key::< RANK_768, RANKED_BYTES_PER_RING_ELEMENT_768, CPA_PKE_PUBLIC_KEY_SIZE_768, >(&public_key.value) - { - Some(public_key) - } else { - None - } +} + +/// Validate a private key. +/// +/// Returns `true` if valid, and `false` otherwise. +#[cfg(not(eurydice))] +pub fn validate_private_key( + private_key: &MlKem768PrivateKey, + ciphertext: &MlKem768Ciphertext, +) -> bool { + multiplexing::validate_private_key::( + private_key, + ciphertext, + ) } /// Generate ML-KEM 768 Key Pair @@ -508,6 +526,6 @@ mod tests { OsRng.fill_bytes(&mut randomness); let key_pair = generate_key_pair(randomness); - assert!(validate_public_key(key_pair.pk).is_some()); + assert!(validate_public_key(&key_pair.pk)); } } diff --git a/libcrux-ml-kem/tests/ml-kem.rs b/libcrux-ml-kem/tests/ml-kem.rs index 56d89c4f5..784c2fc36 100644 --- a/libcrux-ml-kem/tests/ml-kem.rs +++ b/libcrux-ml-kem/tests/ml-kem.rs @@ -16,18 +16,17 @@ fn test_invalid_modulus(p: &str) { let pk = pk.as_slice(); match p { #[cfg(feature = "mlkem512")] - "512" => assert!( - libcrux_ml_kem::mlkem512::validate_public_key(pk.try_into().unwrap()).is_none() - ), + "512" => assert!(!libcrux_ml_kem::mlkem512::validate_public_key( + &pk.try_into().unwrap() + )), #[cfg(feature = "mlkem768")] - "768" => assert!( - libcrux_ml_kem::mlkem768::validate_public_key(pk.try_into().unwrap()).is_none() - ), + "768" => assert!(!libcrux_ml_kem::mlkem768::validate_public_key( + &pk.try_into().unwrap() + )), #[cfg(feature = "mlkem1024")] - "1024" => assert!(libcrux_ml_kem::mlkem1024::validate_public_key( - pk.try_into().unwrap() - ) - .is_none()), + "1024" => assert!(!libcrux_ml_kem::mlkem1024::validate_public_key( + &pk.try_into().unwrap() + )), _ => unreachable!(), }; } diff --git a/libcrux-ml-kem/tests/nistkats.rs b/libcrux-ml-kem/tests/nistkats.rs index 7617d3768..51385e923 100644 --- a/libcrux-ml-kem/tests/nistkats.rs +++ b/libcrux-ml-kem/tests/nistkats.rs @@ -26,9 +26,11 @@ struct MlKemNISTKAT { } macro_rules! impl_nist_known_answer_tests { - ($name:ident, $variant:literal, $parameter_set: literal, $key_gen_derand:expr, $encapsulate_derand:expr, $decapsulate_derand: expr) => { + ($name:ident, $variant:literal, $parameter_set:literal, $module:path) => { #[test] fn $name() { + use $module::*; + let katfile_path = Path::new("tests") .join("kats") .join(format!("nistkats_{}_{}.json", $variant, $parameter_set)); @@ -39,7 +41,9 @@ macro_rules! impl_nist_known_answer_tests { serde_json::from_reader(reader).expect("Could not deserialize KAT file."); for kat in nist_kats { - let key_pair = $key_gen_derand(kat.key_generation_seed); + let key_pair = generate_key_pair(kat.key_generation_seed); + + assert!(validate_public_key(key_pair.public_key())); let public_key_hash = sha256(key_pair.pk()); eprintln!("pk hash: {}", hex::encode(public_key_hash)); @@ -49,14 +53,16 @@ macro_rules! impl_nist_known_answer_tests { assert_eq!(secret_key_hash, kat.sha3_256_hash_of_secret_key, "lhs: computed secret key hash, rhs: hash from kat"); let (ciphertext, shared_secret) = - $encapsulate_derand(key_pair.public_key(), kat.encapsulation_seed); + encapsulate(key_pair.public_key(), kat.encapsulation_seed); let ciphertext_hash = sha256(ciphertext.as_ref()); assert_eq!(ciphertext_hash, kat.sha3_256_hash_of_ciphertext, "lhs: computed ciphertext hash, rhs: hash from akt"); assert_eq!(shared_secret.as_ref(), kat.shared_secret, "lhs: computed shared secret from encapsulate, rhs: shared secret from kat"); + assert!(validate_private_key(key_pair.private_key(), &ciphertext)); + let shared_secret_from_decapsulate = - $decapsulate_derand(key_pair.private_key(), &ciphertext); + decapsulate(key_pair.private_key(), &ciphertext); assert_eq!(shared_secret_from_decapsulate, shared_secret.as_ref(), "lhs: shared secret computed via decapsulation, rhs: shared secret computed via encapsulation"); } } @@ -67,9 +73,7 @@ impl_nist_known_answer_tests!( mlkem512_nist_known_answer_tests, "mlkem_ipd", 512, - libcrux_ml_kem::mlkem512::generate_key_pair, - libcrux_ml_kem::mlkem512::encapsulate, - libcrux_ml_kem::mlkem512::decapsulate + libcrux_ml_kem::mlkem512 ); #[cfg(all(not(feature = "pre-verification"), feature = "mlkem768"))] @@ -77,9 +81,7 @@ impl_nist_known_answer_tests!( mlkem768_nist_known_answer_tests, "mlkem_ipd", 768, - libcrux_ml_kem::mlkem768::generate_key_pair, - libcrux_ml_kem::mlkem768::encapsulate, - libcrux_ml_kem::mlkem768::decapsulate + libcrux_ml_kem::mlkem768 ); #[cfg(all(not(feature = "pre-verification"), feature = "mlkem1024"))] @@ -87,9 +89,7 @@ impl_nist_known_answer_tests!( mlkem1024_nist_known_answer_tests, "mlkem_ipd", 1024, - libcrux_ml_kem::mlkem1024::generate_key_pair, - libcrux_ml_kem::mlkem1024::encapsulate, - libcrux_ml_kem::mlkem1024::decapsulate + libcrux_ml_kem::mlkem1024 ); #[cfg(all(feature = "mlkem512", feature = "pre-verification"))] @@ -97,9 +97,7 @@ impl_nist_known_answer_tests!( mlkem512_nist_kats_portable, "mlkem", 512, - libcrux_ml_kem::mlkem512::portable::generate_key_pair, - libcrux_ml_kem::mlkem512::portable::encapsulate, - libcrux_ml_kem::mlkem512::portable::decapsulate + libcrux_ml_kem::mlkem512::portable ); #[cfg(all(feature = "mlkem768", feature = "pre-verification"))] @@ -107,9 +105,7 @@ impl_nist_known_answer_tests!( mlkem768_nist_kats_portable, "mlkem", 768, - libcrux_ml_kem::mlkem768::portable::generate_key_pair, - libcrux_ml_kem::mlkem768::portable::encapsulate, - libcrux_ml_kem::mlkem768::portable::decapsulate + libcrux_ml_kem::mlkem768::portable ); #[cfg(all(feature = "mlkem1024", feature = "pre-verification"))] @@ -117,9 +113,7 @@ impl_nist_known_answer_tests!( mlkem1024_nist_kats_portable, "mlkem", 1024, - libcrux_ml_kem::mlkem1024::portable::generate_key_pair, - libcrux_ml_kem::mlkem1024::portable::encapsulate, - libcrux_ml_kem::mlkem1024::portable::decapsulate + libcrux_ml_kem::mlkem1024::portable ); #[cfg(all(feature = "mlkem512", feature = "kyber", feature = "pre-verification"))] @@ -127,9 +121,7 @@ impl_nist_known_answer_tests!( kyber512_nist_kats_portable, "kyber", 512, - libcrux_ml_kem::kyber512::generate_key_pair, - libcrux_ml_kem::kyber512::encapsulate, - libcrux_ml_kem::kyber512::decapsulate + libcrux_ml_kem::kyber512 ); #[cfg(all(feature = "mlkem768", feature = "kyber", feature = "pre-verification"))] @@ -137,9 +129,7 @@ impl_nist_known_answer_tests!( kyber768_nist_kats_portable, "kyber", 768, - libcrux_ml_kem::kyber768::generate_key_pair, - libcrux_ml_kem::kyber768::encapsulate, - libcrux_ml_kem::kyber768::decapsulate + libcrux_ml_kem::kyber768 ); #[cfg(all(feature = "mlkem1024", feature = "kyber", feature = "pre-verification"))] @@ -147,7 +137,5 @@ impl_nist_known_answer_tests!( kyber1024_nist_kats_portable, "kyber", 1024, - libcrux_ml_kem::kyber1024::generate_key_pair, - libcrux_ml_kem::kyber1024::encapsulate, - libcrux_ml_kem::kyber1024::decapsulate + libcrux_ml_kem::kyber1024 ); From 1def0c1d8e4bff654617de6e722bc9ffb17fd1f3 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 27 Aug 2024 12:31:31 +0000 Subject: [PATCH 104/172] Update C extraction --- libcrux-ml-kem/c/code_gen.txt | 8 +- libcrux-ml-kem/c/eurydice_glue.h | 3 + libcrux-ml-kem/c/internal/libcrux_core.h | 26 +- .../c/internal/libcrux_mlkem_avx2.h | 98 ++- .../c/internal/libcrux_mlkem_portable.h | 98 ++- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 8 +- .../c/internal/libcrux_sha3_internal.h | 8 +- libcrux-ml-kem/c/libcrux_core.c | 26 +- libcrux-ml-kem/c/libcrux_core.h | 38 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 70 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 23 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 66 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 23 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 70 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 23 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 66 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 23 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 70 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 23 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 66 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 23 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 649 ++++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 577 +++++++++------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 8 +- libcrux-ml-kem/c/libcrux_sha3.h | 8 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 8 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 8 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 8 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 8 +- libcrux-ml-kem/cg/code_gen.txt | 8 +- libcrux-ml-kem/cg/eurydice_glue.h | 10 +- libcrux-ml-kem/cg/libcrux_core.h | 42 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 8 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 390 ++++++----- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 309 +++++---- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 8 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 8 +- 42 files changed, 1808 insertions(+), 1148 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index c92c5be17..a05120b5f 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 -Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 -Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a +Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 +Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e +Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe +Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index a97683fa6..5138fcdc5 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -95,6 +95,9 @@ typedef struct { #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ sz, a1, a2, t, _, _ret_t) \ Eurydice_array_eq(sz, a1, a2, t, _) +#define core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( \ + sz, a1, a2, t, _, _ret_t) \ + Eurydice_array_eq(sz, a1, a2, t, _) #define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ (CLITERAL(ret_t){ \ diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 3f6e7498f..47916d827 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __internal_libcrux_core_H @@ -110,7 +110,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_a91( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_e91( uint8_t value[1568U]); /** @@ -124,7 +124,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f11( +uint8_t *libcrux_ml_kem_types_as_slice_cb_5c1( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -136,7 +136,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_a61( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f11( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -200,7 +200,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_a90( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_e90( uint8_t value[1088U]); /** @@ -214,7 +214,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f10( +uint8_t *libcrux_ml_kem_types_as_slice_cb_5c0( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -226,7 +226,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_a60( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f10( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -313,7 +313,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_a9( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_e9( uint8_t value[768U]); /** @@ -327,7 +327,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f1( +uint8_t *libcrux_ml_kem_types_as_slice_cb_5c( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -361,7 +361,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_a6( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f1( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 0507dbaaf..4395b781f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -33,6 +33,13 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { __m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2; +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -43,6 +50,25 @@ with const generics */ bool libcrux_ml_kem_ind_cca_validate_public_key_0a1(uint8_t *public_key); +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_1d1( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); + /** Packed API @@ -86,7 +112,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d21( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_961( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -112,10 +138,17 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_421( +void libcrux_ml_kem_ind_cca_decapsulate_141( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -126,6 +159,25 @@ with const generics */ bool libcrux_ml_kem_ind_cca_validate_public_key_0a0(uint8_t *public_key); +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CIPHERTEXT_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_1d0( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext); + /** Packed API @@ -169,7 +221,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_d20( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_960( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -195,10 +247,17 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_420( +void libcrux_ml_kem_ind_cca_decapsulate_140( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -209,6 +268,25 @@ with const generics */ bool libcrux_ml_kem_ind_cca_validate_public_key_0a(uint8_t *public_key); +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CIPHERTEXT_SIZE= 768 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_1d( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); + /** Packed API @@ -252,7 +330,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_d2( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_96( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -278,7 +356,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_42( +void libcrux_ml_kem_ind_cca_decapsulate_14( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index a9b732317..6b9f00302 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -38,6 +38,13 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0; +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -48,6 +55,25 @@ with const generics */ bool libcrux_ml_kem_ind_cca_validate_public_key_3f1(uint8_t *public_key); +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CIPHERTEXT_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_77( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext); + /** Packed API @@ -91,7 +117,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_0b1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -117,10 +143,17 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_fd1( +void libcrux_ml_kem_ind_cca_decapsulate_d61( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -131,6 +164,25 @@ with const generics */ bool libcrux_ml_kem_ind_cca_validate_public_key_3f0(uint8_t *public_key); +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CIPHERTEXT_SIZE= 768 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_09( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); + /** Packed API @@ -174,7 +226,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_0b0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -200,10 +252,17 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_fd0( +void libcrux_ml_kem_ind_cca_decapsulate_d60( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -214,6 +273,25 @@ with const generics */ bool libcrux_ml_kem_ind_cca_validate_public_key_3f(uint8_t *public_key); +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_80( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); + /** Packed API @@ -257,7 +335,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_0b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -283,7 +361,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_fd( +void libcrux_ml_kem_ind_cca_decapsulate_d6( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index e87fcff90..2a0a2f146 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 34d3839a2..d168b015c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index cf2942eaf..e692d991f 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "internal/libcrux_core.h" @@ -149,7 +149,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_a91( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_e91( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -170,7 +170,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f11( +uint8_t *libcrux_ml_kem_types_as_slice_cb_5c1( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -184,7 +184,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_a61( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f11( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -275,7 +275,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_a90( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_e90( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -296,7 +296,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f10( +uint8_t *libcrux_ml_kem_types_as_slice_cb_5c0( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -310,7 +310,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_a60( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f10( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -420,7 +420,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_a9( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_e9( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -441,7 +441,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f1( +uint8_t *libcrux_ml_kem_types_as_slice_cb_5c( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -493,7 +493,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_a6( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f1( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index d284f5255..898336a1f 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_core_H @@ -63,16 +63,6 @@ typedef struct libcrux_ml_kem_types_MlKemPublicKey_1f_s { uint8_t value[1568U]; } libcrux_ml_kem_types_MlKemPublicKey_1f; -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$1568size_t]] - -*/ -typedef struct core_option_Option_99_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_1f f0; -} core_option_Option_99; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey with const generics @@ -111,16 +101,6 @@ typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { uint8_t value[1184U]; } libcrux_ml_kem_types_MlKemPublicKey_15; -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$1184size_t]] - -*/ -typedef struct core_option_Option_92_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_15 f0; -} core_option_Option_92; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey with const generics @@ -159,16 +139,6 @@ typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { uint8_t value[800U]; } libcrux_ml_kem_types_MlKemPublicKey_be; -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] - -*/ -typedef struct core_option_Option_04_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_be f0; -} core_option_Option_04; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey with const generics diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 7a7138a01..b812fa7fa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 6bd395b40..e8924b16a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "libcrux_mlkem1024_avx2.h" @@ -38,11 +38,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_c1( +static void decapsulate_18( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_420(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_140(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_c1(private_key, ciphertext, ret); + decapsulate_18(private_key, ciphertext, ret); } /** @@ -76,14 +76,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_67( +static tuple_21 encapsulate_63( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_d20(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_960(uu____0, copy_of_randomness); } /** @@ -100,7 +100,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_67(uu____0, copy_of_randomness); + return encapsulate_63(uu____0, copy_of_randomness); } /** @@ -117,7 +117,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_7e( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_39( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -133,7 +133,36 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_7e(copy_of_randomness); + return generate_keypair_39(copy_of_randomness); +} + +/** + Portable private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key with const +generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE bool validate_private_key_210( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_1d0(private_key, + ciphertext); +} + +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { + return validate_private_key_210(private_key, ciphertext); } /** @@ -147,23 +176,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_320(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_c00(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_0a0(public_key); } /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { - core_option_Option_99 uu____0; - if (validate_public_key_320(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_None}); - } - return uu____0; +bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { + return validate_public_key_c00(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index c428d45b7..7c9befdda 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem1024_avx2_H @@ -49,13 +49,22 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext); + /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f public_key); +bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 50124a101..a068e4ff5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "libcrux_mlkem1024_portable.h" @@ -38,11 +38,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_b6( +static void decapsulate_58( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_fd1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_d61(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_b6(private_key, ciphertext, ret); + decapsulate_58(private_key, ciphertext, ret); } /** @@ -76,14 +76,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_40( +static tuple_21 encapsulate_f0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_f41(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_0b1(uu____0, copy_of_randomness); } /** @@ -100,7 +100,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_40(uu____0, copy_of_randomness); + return encapsulate_f0(uu____0, copy_of_randomness); } /** @@ -137,6 +137,35 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_12(copy_of_randomness); } +/** + Portable private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const +generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE bool validate_private_key_ba1( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_77(private_key, + ciphertext); +} + +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { + return validate_private_key_ba1(private_key, ciphertext); +} + /** Portable public key validation */ @@ -148,23 +177,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_f71(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_f71(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_3f1(public_key); } /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { - core_option_Option_99 uu____0; - if (validate_public_key_f71(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_None}); - } - return uu____0; +bool libcrux_ml_kem_mlkem1024_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { + return validate_public_key_f71(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 682534bbb..095ac9ec3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem1024_portable_H @@ -49,13 +49,22 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext); + /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f public_key); +bool libcrux_ml_kem_mlkem1024_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 0bd6bf2eb..19648a439 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 9a861af2f..5b247c835 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "libcrux_mlkem512_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_f8(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_d3(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_42(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_14(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_f8(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_f8(private_key, ciphertext, ret); + decapsulate_d3(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_72( +static tuple_ec encapsulate_6d( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_d2(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_96(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_72(uu____0, copy_of_randomness); + return encapsulate_6d(uu____0, copy_of_randomness); } /** @@ -115,7 +115,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_9f( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_04( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -131,7 +131,36 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_9f(copy_of_randomness); + return generate_keypair_04(copy_of_randomness); +} + +/** + Portable private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key with const +generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CIPHERTEXT_SIZE= 768 +*/ +static KRML_MUSTINLINE bool validate_private_key_21( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_1d(private_key, + ciphertext); +} + +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { + return validate_private_key_21(private_key, ciphertext); } /** @@ -145,23 +174,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_32(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_c0(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_0a(public_key); } /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be public_key) { - core_option_Option_04 uu____0; - if (validate_public_key_32(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_None}); - } - return uu____0; +bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { + return validate_public_key_c0(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 51620676c..c3af6203f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem512_avx2_H @@ -49,13 +49,22 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext); + /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be public_key); +bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index da66678c6..2b478f0a7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "libcrux_mlkem512_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_cf(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_f1(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_fd0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_d60(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_cf(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_cf(private_key, ciphertext, ret); + decapsulate_f1(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_2b( +static tuple_ec encapsulate_3e( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_f40(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_0b0(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_2b(uu____0, copy_of_randomness); + return encapsulate_3e(uu____0, copy_of_randomness); } /** @@ -135,6 +135,35 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_48(copy_of_randomness); } +/** + Portable private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const +generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CIPHERTEXT_SIZE= 768 +*/ +static KRML_MUSTINLINE bool validate_private_key_ba0( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_09(private_key, + ciphertext); +} + +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem512_portable_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { + return validate_private_key_ba0(private_key, ciphertext); +} + /** Portable public key validation */ @@ -146,23 +175,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_f70(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_f70(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_3f0(public_key); } /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be public_key) { - core_option_Option_04 uu____0; - if (validate_public_key_f70(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_None}); - } - return uu____0; +bool libcrux_ml_kem_mlkem512_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { + return validate_public_key_f70(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 697c65cd3..102df0f72 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem512_portable_H @@ -49,13 +49,22 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem512_portable_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext); + /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be public_key); +bool libcrux_ml_kem_mlkem512_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index a4aba4d66..9ec71c62d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index ef03c9787..214e6cc6d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "libcrux_mlkem768_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_ba( +static void decapsulate_74( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_421(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_141(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_ba( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_ba(private_key, ciphertext, ret); + decapsulate_74(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_8a( +static tuple_3c encapsulate_0a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_d21(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_961(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_8a(uu____0, copy_of_randomness); + return encapsulate_0a(uu____0, copy_of_randomness); } /** @@ -115,7 +115,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_68( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_cb( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -131,7 +131,36 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_68(copy_of_randomness); + return generate_keypair_cb(copy_of_randomness); +} + +/** + Portable private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE bool validate_private_key_211( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_1d1(private_key, + ciphertext); +} + +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { + return validate_private_key_211(private_key, ciphertext); } /** @@ -145,23 +174,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_321(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_c01(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_0a1(public_key); } /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (validate_public_key_321(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); - } - return uu____0; +bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { + return validate_public_key_c01(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 813dfefb0..2b8e8edc2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem768_avx2_H @@ -49,13 +49,22 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext); + /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key); +bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index eeb4a3abb..d14d8d969 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "libcrux_mlkem768_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_69( +static void decapsulate_22( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_fd(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_d6(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_69( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_69(private_key, ciphertext, ret); + decapsulate_22(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_43( +static tuple_3c encapsulate_cf( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_f4(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_0b(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_43(uu____0, copy_of_randomness); + return encapsulate_cf(uu____0, copy_of_randomness); } /** @@ -135,6 +135,35 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_d5(copy_of_randomness); } +/** + Portable private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE bool validate_private_key_ba( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_80(private_key, + ciphertext); +} + +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem768_portable_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { + return validate_private_key_ba(private_key, ciphertext); +} + /** Portable public key validation */ @@ -146,23 +175,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_f7(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_f7(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_3f(public_key); } /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (validate_public_key_f7(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); - } - return uu____0; +bool libcrux_ml_kem_mlkem768_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { + return validate_public_key_f7(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index ee82d1370..8283abfb1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem768_portable_H @@ -49,13 +49,22 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem768_portable_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext); + /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key); +bool libcrux_ml_kem_mlkem768_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 03a7b6c5c..2b1bf517c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "internal/libcrux_mlkem_avx2.h" @@ -1126,7 +1126,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_38(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_72(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1139,8 +1139,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_ea_4d(__m256i vector) { - return shift_right_38(vector); +static __m256i shift_right_ea_1b(__m256i vector) { + return shift_right_72(vector); } /** @@ -1150,7 +1150,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static __m256i to_unsigned_representative_10(__m256i a) { - __m256i t = shift_right_ea_4d(a); + __m256i t = shift_right_ea_1b(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -1242,6 +1242,13 @@ static KRML_MUSTINLINE void serialize_public_key_591( memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1267,6 +1274,49 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_0a1(uint8_t *public_key) { (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void H_a9_a11(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_1d1( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { + uint8_t t[32U]; + H_a9_a11(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)3U, + (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), + t); + Eurydice_slice expected = Eurydice_array_to_subslice2( + private_key->value, (size_t)768U * (size_t)3U + (size_t)32U, + (size_t)768U * (size_t)3U + (size_t)64U, uint8_t); + return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( + (size_t)32U, t, &expected, uint8_t, uint8_t, bool); +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} @@ -2408,19 +2458,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_fd1( return lit; } -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_a9_a11(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - /** Serialize the secret key. */ @@ -2596,7 +2633,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_d71(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_791(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_e4();); @@ -2664,7 +2701,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_64( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_29( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2688,7 +2725,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_c0( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_80( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2708,7 +2745,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_da( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_c5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2726,7 +2763,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_19(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_b9(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); @@ -2741,7 +2778,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ad( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ce( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2756,7 +2793,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ad( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_19( + inv_ntt_layer_int_vec_step_reduce_b9( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2773,17 +2810,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_781( +static KRML_MUSTINLINE void invert_ntt_montgomery_0d1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_64(&zeta_i, re); - invert_ntt_at_layer_2_c0(&zeta_i, re); - invert_ntt_at_layer_3_da(&zeta_i, re); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_29(&zeta_i, re); + invert_ntt_at_layer_2_80(&zeta_i, re); + invert_ntt_at_layer_3_c5(&zeta_i, re); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_25(re); } @@ -2797,7 +2834,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_da( +static KRML_MUSTINLINE void add_error_reduce_89_46( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2821,7 +2858,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_7c1( +static KRML_MUSTINLINE void compute_vector_u_d21( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -2851,8 +2888,8 @@ static KRML_MUSTINLINE void compute_vector_u_7c1( ntt_multiply_89_91(a_element, &r_as_ntt[j]); add_to_ring_element_89_1c1(&result[i1], &product); } - invert_ntt_montgomery_781(&result[i1]); - add_error_reduce_89_da(&result[i1], &error_1[i1]); + invert_ntt_montgomery_0d1(&result[i1]); + add_error_reduce_89_46(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -2865,7 +2902,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_5d(__m256i v) { +static __m256i decompress_1_53(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -2879,7 +2916,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_53(uint8_t serialized[32U]) { +deserialize_then_decompress_message_71(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; @@ -2888,7 +2925,7 @@ deserialize_then_decompress_message_53(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_5d(coefficient_compressed);); + re.coefficients[i0] = decompress_1_53(coefficient_compressed);); return re; } @@ -2903,7 +2940,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_f9( +add_message_error_reduce_89_57( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2933,7 +2970,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_391( +compute_ring_element_v_3c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -2943,8 +2980,8 @@ compute_ring_element_v_391( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_91(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_1c1(&result, &product);); - invert_ntt_montgomery_781(&result); - result = add_message_error_reduce_89_f9(error_2, message, result); + invert_ntt_montgomery_0d1(&result); + result = add_message_error_reduce_89_57(error_2, message, result); return result; } @@ -2955,7 +2992,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_34(__m256i vector) { +compress_ciphertext_coefficient_0d(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3002,8 +3039,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_ea_77(__m256i vector) { - return compress_ciphertext_coefficient_34(vector); +static __m256i compress_ea_dc(__m256i vector) { + return compress_ciphertext_coefficient_0d(vector); } /** @@ -3012,14 +3049,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_c6( +static KRML_MUSTINLINE void compress_then_serialize_10_75( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_77(to_unsigned_representative_10(re->coefficients[i0])); + compress_ea_dc(to_unsigned_representative_10(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3037,7 +3074,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_340(__m256i vector) { +compress_ciphertext_coefficient_0d0(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3084,8 +3121,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_ea_770(__m256i vector) { - return compress_ciphertext_coefficient_340(vector); +static __m256i compress_ea_dc0(__m256i vector) { + return compress_ciphertext_coefficient_0d0(vector); } /** @@ -3095,10 +3132,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_f8( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_c6(re, uu____0); + compress_then_serialize_10_75(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3114,7 +3151,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_fa1( +static void compress_then_serialize_u_bd1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3130,7 +3167,7 @@ static void compress_then_serialize_u_fa1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_f8(&re, ret); + compress_then_serialize_ring_element_u_1f(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3143,7 +3180,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_341(__m256i vector) { +compress_ciphertext_coefficient_0d1(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3190,8 +3227,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_ea_771(__m256i vector) { - return compress_ciphertext_coefficient_341(vector); +static __m256i compress_ea_dc1(__m256i vector) { + return compress_ciphertext_coefficient_0d1(vector); } /** @@ -3200,14 +3237,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_34( +static KRML_MUSTINLINE void compress_then_serialize_4_78( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_771(to_unsigned_representative_10(re.coefficients[i0])); + compress_ea_dc1(to_unsigned_representative_10(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); Eurydice_slice_copy( @@ -3224,7 +3261,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_342(__m256i vector) { +compress_ciphertext_coefficient_0d2(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3271,8 +3308,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_ea_772(__m256i vector) { - return compress_ciphertext_coefficient_342(vector); +static __m256i compress_ea_dc2(__m256i vector) { + return compress_ciphertext_coefficient_0d2(vector); } /** @@ -3281,14 +3318,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_9d( +static KRML_MUSTINLINE void compress_then_serialize_5_11( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_ea_772(to_unsigned_representative_10(re.coefficients[i0])); + compress_ea_dc2(to_unsigned_representative_10(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); Eurydice_slice_copy( @@ -3305,9 +3342,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_9a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_34(re, out); + compress_then_serialize_4_78(re, out); } /** @@ -3327,7 +3364,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_921(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_bd1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; deserialize_ring_elements_reduced_913( @@ -3354,7 +3391,7 @@ static void encrypt_921(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_d71(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_791(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3368,25 +3405,25 @@ static void encrypt_921(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_5d0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_7c1(A, r_as_ntt, error_1, u); + compute_vector_u_d21(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_53(copy_of_message); + deserialize_then_decompress_message_71(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_391(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_3c1(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_fa1( + compress_then_serialize_u_bd1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_d0( + compress_then_serialize_ring_element_v_9a( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3430,7 +3467,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d21( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_961( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -3444,7 +3481,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d21( size_t); uint8_t ret[32U]; H_a9_a11(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f10(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_5c0(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -3458,17 +3495,17 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d21( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f10(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_5c0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_921(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_bd1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_a90(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e90(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_d8_801(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; @@ -3489,7 +3526,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_a8(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_20(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -3510,7 +3547,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_de1( +static KRML_MUSTINLINE void deserialize_secret_key_a11( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -3527,7 +3564,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_de1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_a8(secret_bytes); + deserialize_to_uncompressed_ring_element_20(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -3552,7 +3589,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_7b(__m256i vector) { +decompress_ciphertext_coefficient_c5(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3596,8 +3633,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_ea_d6(__m256i vector) { - return decompress_ciphertext_coefficient_7b(vector); +static __m256i decompress_ciphertext_coefficient_ea_ff(__m256i vector) { + return decompress_ciphertext_coefficient_c5(vector); } /** @@ -3607,7 +3644,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_5a(Eurydice_slice serialized) { +deserialize_then_decompress_10_4b(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { @@ -3615,7 +3652,7 @@ deserialize_then_decompress_10_5a(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d6(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_ff(coefficient); } return re; } @@ -3627,7 +3664,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_7b0(__m256i vector) { +decompress_ciphertext_coefficient_c50(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3671,8 +3708,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_ea_d60(__m256i vector) { - return decompress_ciphertext_coefficient_7b0(vector); +static __m256i decompress_ciphertext_coefficient_ea_ff0(__m256i vector) { + return decompress_ciphertext_coefficient_c50(vector); } /** @@ -3682,7 +3719,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_14(Eurydice_slice serialized) { +deserialize_then_decompress_11_ec(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { @@ -3690,7 +3727,7 @@ deserialize_then_decompress_11_14(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d60(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_ff0(coefficient); } return re; } @@ -3702,8 +3739,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_a9(Eurydice_slice serialized) { - return deserialize_then_decompress_10_5a(serialized); +deserialize_then_decompress_ring_element_u_df(Eurydice_slice serialized) { + return deserialize_then_decompress_10_4b(serialized); } /** @@ -3712,7 +3749,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_40( +static KRML_MUSTINLINE void ntt_vector_u_51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)7U); @@ -3737,7 +3774,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_c11( +static KRML_MUSTINLINE void deserialize_then_decompress_u_721( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -3760,8 +3797,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_c11( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a9(u_bytes); - ntt_vector_u_40(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_df(u_bytes); + ntt_vector_u_51(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3775,7 +3812,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_7b1(__m256i vector) { +decompress_ciphertext_coefficient_c51(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3819,8 +3856,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_ea_d61(__m256i vector) { - return decompress_ciphertext_coefficient_7b1(vector); +static __m256i decompress_ciphertext_coefficient_ea_ff1(__m256i vector) { + return decompress_ciphertext_coefficient_c51(vector); } /** @@ -3830,7 +3867,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_2d(Eurydice_slice serialized) { +deserialize_then_decompress_4_0e(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { @@ -3838,7 +3875,7 @@ deserialize_then_decompress_4_2d(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d61(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_ff1(coefficient); } return re; } @@ -3850,7 +3887,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_7b2(__m256i vector) { +decompress_ciphertext_coefficient_c52(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3894,8 +3931,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_ea_d62(__m256i vector) { - return decompress_ciphertext_coefficient_7b2(vector); +static __m256i decompress_ciphertext_coefficient_ea_ff2(__m256i vector) { + return decompress_ciphertext_coefficient_c52(vector); } /** @@ -3905,7 +3942,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_6e(Eurydice_slice serialized) { +deserialize_then_decompress_5_a2(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { @@ -3914,7 +3951,7 @@ deserialize_then_decompress_5_6e(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_d62(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_ff2(re.coefficients[i0]); } return re; } @@ -3926,8 +3963,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_25(Eurydice_slice serialized) { - return deserialize_then_decompress_4_2d(serialized); +deserialize_then_decompress_ring_element_v_e8(Eurydice_slice serialized) { + return deserialize_then_decompress_4_0e(serialized); } /** @@ -3941,7 +3978,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_01(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_89_74(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3969,7 +4006,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_0c1( +compute_message_221( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -3978,8 +4015,8 @@ compute_message_0c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_91(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_1c1(&result, &product);); - invert_ntt_montgomery_781(&result); - result = subtract_reduce_89_01(v, result); + invert_ntt_montgomery_0d1(&result); + result = subtract_reduce_89_74(v, result); return result; } @@ -3989,7 +4026,7 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_2d( +static KRML_MUSTINLINE void compress_then_serialize_message_30( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( @@ -4041,18 +4078,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_001(IndCpaPrivateKeyUnpacked_a0 *secret_key, +static void decrypt_unpacked_891(IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_c11(ciphertext, u_as_ntt); + deserialize_then_decompress_u_721(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_25( + deserialize_then_decompress_ring_element_v_e8( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_0c1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_221(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_2d(message, ret0); + compress_then_serialize_message_30(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4066,10 +4103,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_051(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_fc1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_de1(secret_key, secret_as_ntt); + deserialize_secret_key_a11(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4080,7 +4117,7 @@ static void decrypt_051(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_001(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_891(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4132,7 +4169,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_421( +void libcrux_ml_kem_ind_cca_decapsulate_141( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4150,7 +4187,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_421( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_051(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_fc1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -4172,7 +4209,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_421( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a60(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_f10(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_dd3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4182,7 +4219,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_421( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_921(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_bd1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_801(Eurydice_array_to_slice( @@ -4192,7 +4229,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_421( kdf_d8_801(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_a60(ciphertext), + libcrux_ml_kem_types_as_ref_00_f10(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4302,6 +4339,13 @@ static KRML_MUSTINLINE void serialize_public_key_590( memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4327,6 +4371,49 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_0a0(uint8_t *public_key) { (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void H_a9_a10(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CIPHERTEXT_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_1d0( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext) { + uint8_t t[32U]; + H_a9_a10(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)4U, + (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), + t); + Eurydice_slice expected = Eurydice_array_to_subslice2( + private_key->value, (size_t)768U * (size_t)4U + (size_t)32U, + (size_t)768U * (size_t)4U + (size_t)64U, uint8_t); + return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( + (size_t)32U, t, &expected, uint8_t, uint8_t, bool); +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} @@ -5032,19 +5119,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_fd0( return lit; } -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_a9_a10(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - /** Serialize the secret key. */ @@ -5220,7 +5294,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_d70(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_790(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_e4();); @@ -5276,17 +5350,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_780( +static KRML_MUSTINLINE void invert_ntt_montgomery_0d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_64(&zeta_i, re); - invert_ntt_at_layer_2_c0(&zeta_i, re); - invert_ntt_at_layer_3_da(&zeta_i, re); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_29(&zeta_i, re); + invert_ntt_at_layer_2_80(&zeta_i, re); + invert_ntt_at_layer_3_c5(&zeta_i, re); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_25(re); } @@ -5299,7 +5373,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_7c0( +static KRML_MUSTINLINE void compute_vector_u_d20( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -5329,8 +5403,8 @@ static KRML_MUSTINLINE void compute_vector_u_7c0( ntt_multiply_89_91(a_element, &r_as_ntt[j]); add_to_ring_element_89_1c0(&result[i1], &product); } - invert_ntt_montgomery_780(&result[i1]); - add_error_reduce_89_da(&result[i1], &error_1[i1]); + invert_ntt_montgomery_0d0(&result[i1]); + add_error_reduce_89_46(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -5347,7 +5421,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_390( +compute_ring_element_v_3c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -5357,8 +5431,8 @@ compute_ring_element_v_390( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_91(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_1c0(&result, &product);); - invert_ntt_montgomery_780(&result); - result = add_message_error_reduce_89_f9(error_2, message, result); + invert_ntt_montgomery_0d0(&result); + result = add_message_error_reduce_89_57(error_2, message, result); return result; } @@ -5368,14 +5442,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_780( +static KRML_MUSTINLINE void compress_then_serialize_11_0e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_770(to_unsigned_representative_10(re->coefficients[i0])); + compress_ea_dc0(to_unsigned_representative_10(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5393,10 +5467,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_f80( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_1f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_780(re, uu____0); + compress_then_serialize_11_0e0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -5412,7 +5486,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_fa0( +static void compress_then_serialize_u_bd0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -5428,7 +5502,7 @@ static void compress_then_serialize_u_fa0( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_f80(&re, ret); + compress_then_serialize_ring_element_u_1f0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5441,9 +5515,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d00( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_9a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_9d(re, out); + compress_then_serialize_5_11(re, out); } /** @@ -5463,7 +5537,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_920(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_bd0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; deserialize_ring_elements_reduced_911( @@ -5490,7 +5564,7 @@ static void encrypt_920(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_d70(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_790(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -5504,25 +5578,25 @@ static void encrypt_920(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_5d0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_7c0(A, r_as_ntt, error_1, u); + compute_vector_u_d20(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_53(copy_of_message); + deserialize_then_decompress_message_71(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_390(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_3c0(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_fa0( + compress_then_serialize_u_bd0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_d00( + compress_then_serialize_ring_element_v_9a0( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -5566,7 +5640,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_d20( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_960( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -5580,7 +5654,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_d20( size_t); uint8_t ret[32U]; H_a9_a10(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f11(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_5c1(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5594,17 +5668,17 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_d20( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f11(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_5c1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_920(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_bd0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_a91(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e91(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_d8_800(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; @@ -5627,7 +5701,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_de0( +static KRML_MUSTINLINE void deserialize_secret_key_a10( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; @@ -5644,7 +5718,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_de0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_a8(secret_bytes); + deserialize_to_uncompressed_ring_element_20(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5669,8 +5743,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_a90(Eurydice_slice serialized) { - return deserialize_then_decompress_11_14(serialized); +deserialize_then_decompress_ring_element_u_df0(Eurydice_slice serialized) { + return deserialize_then_decompress_11_ec(serialized); } /** @@ -5679,7 +5753,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_400( +static KRML_MUSTINLINE void ntt_vector_u_510( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)7U); @@ -5704,7 +5778,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_c10( +static KRML_MUSTINLINE void deserialize_then_decompress_u_720( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; @@ -5727,8 +5801,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_c10( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a90(u_bytes); - ntt_vector_u_400(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_df0(u_bytes); + ntt_vector_u_510(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5742,8 +5816,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_250(Eurydice_slice serialized) { - return deserialize_then_decompress_5_6e(serialized); +deserialize_then_decompress_ring_element_v_e80(Eurydice_slice serialized) { + return deserialize_then_decompress_5_a2(serialized); } /** @@ -5759,7 +5833,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_0c0( +compute_message_220( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -5768,8 +5842,8 @@ compute_message_0c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_91(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_1c0(&result, &product);); - invert_ntt_montgomery_780(&result); - result = subtract_reduce_89_01(v, result); + invert_ntt_montgomery_0d0(&result); + result = subtract_reduce_89_74(v, result); return result; } @@ -5807,18 +5881,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_000(IndCpaPrivateKeyUnpacked_01 *secret_key, +static void decrypt_unpacked_890(IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_c10(ciphertext, u_as_ntt); + deserialize_then_decompress_u_720(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_250( + deserialize_then_decompress_ring_element_v_e80( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_0c0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_220(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_2d(message, ret0); + compress_then_serialize_message_30(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5832,10 +5906,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_050(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_fc0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_de0(secret_key, secret_as_ntt); + deserialize_secret_key_a10(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -5846,7 +5920,7 @@ static void decrypt_050(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_000(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_890(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5886,7 +5960,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_420( +void libcrux_ml_kem_ind_cca_decapsulate_140( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5905,7 +5979,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_420( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_050(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_fc0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5927,7 +6001,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_420( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a61(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_f11(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_dd1(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5937,7 +6011,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_420( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_920(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_bd0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_800(Eurydice_array_to_slice( @@ -5947,7 +6021,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_420( kdf_d8_800(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_a61(ciphertext), + libcrux_ml_kem_types_as_ref_00_f11(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6057,6 +6131,13 @@ static KRML_MUSTINLINE void serialize_public_key_59( memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6082,6 +6163,49 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_0a(uint8_t *public_key) { (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void H_a9_a1(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CIPHERTEXT_SIZE= 768 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_1d( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { + uint8_t t[32U]; + H_a9_a1(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)2U, + (size_t)768U * (size_t)2U + (size_t)32U, uint8_t), + t); + Eurydice_slice expected = Eurydice_array_to_subslice2( + private_key->value, (size_t)768U * (size_t)2U + (size_t)32U, + (size_t)768U * (size_t)2U + (size_t)64U, uint8_t); + return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( + (size_t)32U, t, &expected, uint8_t, uint8_t, bool); +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} @@ -6780,19 +6904,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_fd( return lit; } -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_a9_a1(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - /** Serialize the secret key. */ @@ -7014,7 +7125,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_d7(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_79(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_e4();); @@ -7070,17 +7181,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_78( +static KRML_MUSTINLINE void invert_ntt_montgomery_0d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_64(&zeta_i, re); - invert_ntt_at_layer_2_c0(&zeta_i, re); - invert_ntt_at_layer_3_da(&zeta_i, re); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_29(&zeta_i, re); + invert_ntt_at_layer_2_80(&zeta_i, re); + invert_ntt_at_layer_3_c5(&zeta_i, re); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_25(re); } @@ -7093,7 +7204,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_7c( +static KRML_MUSTINLINE void compute_vector_u_d2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -7123,8 +7234,8 @@ static KRML_MUSTINLINE void compute_vector_u_7c( ntt_multiply_89_91(a_element, &r_as_ntt[j]); add_to_ring_element_89_1c(&result[i1], &product); } - invert_ntt_montgomery_78(&result[i1]); - add_error_reduce_89_da(&result[i1], &error_1[i1]); + invert_ntt_montgomery_0d(&result[i1]); + add_error_reduce_89_46(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -7141,7 +7252,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_39( +compute_ring_element_v_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -7151,8 +7262,8 @@ compute_ring_element_v_39( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_91(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_1c(&result, &product);); - invert_ntt_montgomery_78(&result); - result = add_message_error_reduce_89_f9(error_2, message, result); + invert_ntt_montgomery_0d(&result); + result = add_message_error_reduce_89_57(error_2, message, result); return result; } @@ -7168,7 +7279,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_fa( +static void compress_then_serialize_u_bd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7184,7 +7295,7 @@ static void compress_then_serialize_u_fa( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_f8(&re, ret); + compress_then_serialize_ring_element_u_1f(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7207,7 +7318,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_92(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_bd(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; deserialize_ring_elements_reduced_91( @@ -7234,7 +7345,7 @@ static void encrypt_92(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_d7(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_79(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7248,25 +7359,25 @@ static void encrypt_92(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_5d0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_7c(A, r_as_ntt, error_1, u); + compute_vector_u_d2(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_53(copy_of_message); + deserialize_then_decompress_message_71(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_39(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_3c(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_fa( + compress_then_serialize_u_bd( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_d0( + compress_then_serialize_ring_element_v_9a( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7310,7 +7421,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_d2( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_96( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -7324,7 +7435,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_d2( size_t); uint8_t ret[32U]; H_a9_a1(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f1(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_5c(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -7338,17 +7449,17 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_d2( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f1(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_5c(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_92(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_bd(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_a9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_d8_80(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; @@ -7371,7 +7482,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_de( +static KRML_MUSTINLINE void deserialize_secret_key_a1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; @@ -7388,7 +7499,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_de( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_a8(secret_bytes); + deserialize_to_uncompressed_ring_element_20(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7418,7 +7529,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_c1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_72( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; @@ -7441,8 +7552,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_c1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a9(u_bytes); - ntt_vector_u_40(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_df(u_bytes); + ntt_vector_u_51(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7462,7 +7573,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_0c( +compute_message_22( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -7471,8 +7582,8 @@ compute_message_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_91(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_1c(&result, &product);); - invert_ntt_montgomery_78(&result); - result = subtract_reduce_89_01(v, result); + invert_ntt_montgomery_0d(&result); + result = subtract_reduce_89_74(v, result); return result; } @@ -7510,18 +7621,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_00(IndCpaPrivateKeyUnpacked_d6 *secret_key, +static void decrypt_unpacked_89(IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_c1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_72(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_25( + deserialize_then_decompress_ring_element_v_e8( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_0c(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_22(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_2d(message, ret0); + compress_then_serialize_message_30(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7535,10 +7646,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_05(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_fc(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_de(secret_key, secret_as_ntt); + deserialize_secret_key_a1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -7549,7 +7660,7 @@ static void decrypt_05(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_00(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_89(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7589,7 +7700,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_42( +void libcrux_ml_kem_ind_cca_decapsulate_14( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7607,7 +7718,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_42( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_05(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_fc(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7629,7 +7740,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_42( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a6(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_f1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_dd(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7639,7 +7750,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_42( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_92(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_bd(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_80(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), @@ -7648,7 +7759,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_42( kdf_d8_80(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_a6(ciphertext), + libcrux_ml_kem_types_as_ref_00_f1(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index de251e8eb..22a8cbb66 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 4c13b8d96..322b96f9b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "internal/libcrux_mlkem_portable.h" @@ -2462,6 +2462,13 @@ static KRML_MUSTINLINE void serialize_public_key_791( memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2487,6 +2494,49 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_3f1(uint8_t *public_key) { (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::portable::PortableHash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void H_f1_1a1(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_portable_H(input, ret); +} + +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CIPHERTEXT_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_77( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext) { + uint8_t t[32U]; + H_f1_1a1(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)4U, + (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), + t); + Eurydice_slice expected = Eurydice_array_to_subslice2( + private_key->value, (size_t)768U * (size_t)4U + (size_t)32U, + (size_t)768U * (size_t)4U + (size_t)64U, uint8_t); + return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( + (size_t)32U, t, &expected, uint8_t, uint8_t, bool); +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash)} @@ -3639,19 +3689,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_fc1( return lit; } -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_f1_1a1(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H(input, ret); -} - /** Serialize the secret key. */ @@ -3828,7 +3865,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_c71(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_6c1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_ea();); @@ -3896,7 +3933,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_d2( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_16( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3920,7 +3957,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_06( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_90( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3940,7 +3977,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_f9( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_6f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3960,7 +3997,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_bb( + inv_ntt_layer_int_vec_step_reduce_2c( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3980,7 +4017,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_1a( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_7f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3995,7 +4032,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_1a( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_bb( + inv_ntt_layer_int_vec_step_reduce_2c( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4012,17 +4049,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_7b1( +static KRML_MUSTINLINE void invert_ntt_montgomery_d11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_d2(&zeta_i, re); - invert_ntt_at_layer_2_06(&zeta_i, re); - invert_ntt_at_layer_3_f9(&zeta_i, re); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_16(&zeta_i, re); + invert_ntt_at_layer_2_90(&zeta_i, re); + invert_ntt_at_layer_3_6f(&zeta_i, re); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_8b(re); } @@ -4036,7 +4073,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_af( +static KRML_MUSTINLINE void add_error_reduce_89_3f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4063,7 +4100,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_891( +static KRML_MUSTINLINE void compute_vector_u_671( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -4093,8 +4130,8 @@ static KRML_MUSTINLINE void compute_vector_u_891( ntt_multiply_89_2a(a_element, &r_as_ntt[j]); add_to_ring_element_89_841(&result[i1], &product); } - invert_ntt_montgomery_7b1(&result[i1]); - add_error_reduce_89_af(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d11(&result[i1]); + add_error_reduce_89_3f(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4108,7 +4145,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_5d0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_cd(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4122,7 +4159,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_cd(uint8_t serialized[32U]) { +deserialize_then_decompress_message_a4(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; @@ -4133,7 +4170,7 @@ deserialize_then_decompress_message_cd(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_5d0(coefficient_compressed); + decompress_1_cd(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4149,7 +4186,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_63( +add_message_error_reduce_89_0d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4182,7 +4219,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_ca1( +compute_ring_element_v_421( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4192,8 +4229,8 @@ compute_ring_element_v_ca1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_2a(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_841(&result, &product);); - invert_ntt_montgomery_7b1(&result); - result = add_message_error_reduce_89_63(error_2, message, result); + invert_ntt_montgomery_d11(&result); + result = add_message_error_reduce_89_0d(error_2, message, result); return result; } @@ -4267,7 +4304,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_880( +static KRML_MUSTINLINE void compress_then_serialize_11_fc0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; @@ -4292,10 +4329,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_890( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_190( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_880(re, uu____0); + compress_then_serialize_11_fc0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4311,7 +4348,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_141( +static void compress_then_serialize_u_841( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4327,7 +4364,7 @@ static void compress_then_serialize_u_141( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_890(&re, ret); + compress_then_serialize_ring_element_u_190(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4371,7 +4408,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_3c( +static KRML_MUSTINLINE void compress_then_serialize_4_bf( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -4426,7 +4463,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_00( +static KRML_MUSTINLINE void compress_then_serialize_5_fa( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -4450,9 +4487,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_870( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_00(re, out); + compress_then_serialize_5_fa(re, out); } /** @@ -4473,7 +4510,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_831(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_5a1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; deserialize_ring_elements_reduced_0c3( @@ -4500,7 +4537,7 @@ static void encrypt_831(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_c71(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_6c1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4514,25 +4551,25 @@ static void encrypt_831(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_c6( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_891(A, r_as_ntt, error_1, u); + compute_vector_u_671(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cd(copy_of_message); + deserialize_then_decompress_message_a4(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_ca1(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_421(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_141( + compress_then_serialize_u_841( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_870( + compress_then_serialize_ring_element_v_7c0( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4576,7 +4613,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_0b1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -4590,7 +4627,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( size_t); uint8_t ret[32U]; H_f1_1a1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f11(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_5c1(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4604,17 +4641,17 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f11(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_5c1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_831(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_5a1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_a91(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e91(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_d8_5f(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; @@ -4635,7 +4672,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_8c(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_f5(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -4658,7 +4695,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_411( +static KRML_MUSTINLINE void deserialize_secret_key_a81( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; @@ -4675,7 +4712,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_411( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_8c(secret_bytes); + deserialize_to_uncompressed_ring_element_f5(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4737,7 +4774,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_0a(Eurydice_slice serialized) { +deserialize_then_decompress_10_ee(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { @@ -4797,7 +4834,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_20(Eurydice_slice serialized) { +deserialize_then_decompress_11_e6(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { @@ -4820,8 +4857,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_120(Eurydice_slice serialized) { - return deserialize_then_decompress_11_20(serialized); +deserialize_then_decompress_ring_element_u_3d0(Eurydice_slice serialized) { + return deserialize_then_decompress_11_e6(serialized); } /** @@ -4830,7 +4867,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_540( +static KRML_MUSTINLINE void ntt_vector_u_8a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U); @@ -4855,7 +4892,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_a31( +static KRML_MUSTINLINE void deserialize_then_decompress_u_0e1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; @@ -4878,8 +4915,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a31( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_120(u_bytes); - ntt_vector_u_540(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_3d0(u_bytes); + ntt_vector_u_8a0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4930,7 +4967,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_37(Eurydice_slice serialized) { +deserialize_then_decompress_4_22(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { @@ -4990,7 +5027,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_60(Eurydice_slice serialized) { +deserialize_then_decompress_5_6c(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { @@ -5013,8 +5050,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_010(Eurydice_slice serialized) { - return deserialize_then_decompress_5_60(serialized); +deserialize_then_decompress_ring_element_v_2b0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_6c(serialized); } /** @@ -5028,7 +5065,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_a2(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_6b(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5059,7 +5096,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_e71( +compute_message_951( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -5068,8 +5105,8 @@ compute_message_e71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_2a(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_841(&result, &product);); - invert_ntt_montgomery_7b1(&result); - result = subtract_reduce_89_a2(v, result); + invert_ntt_montgomery_d11(&result); + result = subtract_reduce_89_6b(v, result); return result; } @@ -5079,7 +5116,7 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_1b( +static KRML_MUSTINLINE void compress_then_serialize_message_22( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( @@ -5133,18 +5170,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_a01(IndCpaPrivateKeyUnpacked_42 *secret_key, +static void decrypt_unpacked_691(IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_a31(ciphertext, u_as_ntt); + deserialize_then_decompress_u_0e1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_010( + deserialize_then_decompress_ring_element_v_2b0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_e71(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_951(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_1b(message, ret0); + compress_then_serialize_message_22(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5158,10 +5195,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_941(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_691(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_411(secret_key, secret_as_ntt); + deserialize_secret_key_a81(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5172,7 +5209,7 @@ static void decrypt_941(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_a01(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_691(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5224,7 +5261,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_fd1( +void libcrux_ml_kem_ind_cca_decapsulate_d61( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5243,7 +5280,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_941(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_691(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5265,7 +5302,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd1( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a61(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_f11(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_ee3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5275,7 +5312,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_831(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_5a1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_5f(Eurydice_array_to_slice((size_t)32U, @@ -5285,7 +5322,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd1( kdf_d8_5f(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_a61(ciphertext), + libcrux_ml_kem_types_as_ref_00_f11(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5395,6 +5432,13 @@ static KRML_MUSTINLINE void serialize_public_key_790( memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5420,6 +5464,49 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_3f0(uint8_t *public_key) { (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::portable::PortableHash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void H_f1_1a0(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_portable_H(input, ret); +} + +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CIPHERTEXT_SIZE= 768 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_09( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { + uint8_t t[32U]; + H_f1_1a0(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)2U, + (size_t)768U * (size_t)2U + (size_t)32U, uint8_t), + t); + Eurydice_slice expected = Eurydice_array_to_subslice2( + private_key->value, (size_t)768U * (size_t)2U + (size_t)32U, + (size_t)768U * (size_t)2U + (size_t)64U, uint8_t); + return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( + (size_t)32U, t, &expected, uint8_t, uint8_t, bool); +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash)} @@ -6113,19 +6200,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_fc0( return lit; } -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_f1_1a0(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H(input, ret); -} - /** Serialize the secret key. */ @@ -6334,7 +6408,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_c70(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_6c0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_ea();); @@ -6390,17 +6464,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_7b0( +static KRML_MUSTINLINE void invert_ntt_montgomery_d10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_d2(&zeta_i, re); - invert_ntt_at_layer_2_06(&zeta_i, re); - invert_ntt_at_layer_3_f9(&zeta_i, re); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_16(&zeta_i, re); + invert_ntt_at_layer_2_90(&zeta_i, re); + invert_ntt_at_layer_3_6f(&zeta_i, re); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_8b(re); } @@ -6413,7 +6487,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_890( +static KRML_MUSTINLINE void compute_vector_u_670( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -6443,8 +6517,8 @@ static KRML_MUSTINLINE void compute_vector_u_890( ntt_multiply_89_2a(a_element, &r_as_ntt[j]); add_to_ring_element_89_840(&result[i1], &product); } - invert_ntt_montgomery_7b0(&result[i1]); - add_error_reduce_89_af(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d10(&result[i1]); + add_error_reduce_89_3f(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -6461,7 +6535,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_ca0( +compute_ring_element_v_420( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -6471,8 +6545,8 @@ compute_ring_element_v_ca0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_2a(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_840(&result, &product);); - invert_ntt_montgomery_7b0(&result); - result = add_message_error_reduce_89_63(error_2, message, result); + invert_ntt_montgomery_d10(&result); + result = add_message_error_reduce_89_0d(error_2, message, result); return result; } @@ -6482,7 +6556,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_5b( +static KRML_MUSTINLINE void compress_then_serialize_10_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -6507,10 +6581,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_89( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_19( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_5b(re, uu____0); + compress_then_serialize_10_a1(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6526,7 +6600,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_140( +static void compress_then_serialize_u_840( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6542,7 +6616,7 @@ static void compress_then_serialize_u_140( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_89(&re, ret); + compress_then_serialize_ring_element_u_19(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -6555,9 +6629,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_87( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_3c(re, out); + compress_then_serialize_4_bf(re, out); } /** @@ -6578,7 +6652,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_830(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_5a0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; deserialize_ring_elements_reduced_0c1( @@ -6605,7 +6679,7 @@ static void encrypt_830(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_c70(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_6c0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6619,25 +6693,25 @@ static void encrypt_830(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_c6( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_890(A, r_as_ntt, error_1, u); + compute_vector_u_670(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cd(copy_of_message); + deserialize_then_decompress_message_a4(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_ca0(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_420(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_140( + compress_then_serialize_u_840( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_87( + compress_then_serialize_ring_element_v_7c( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -6681,7 +6755,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_0b0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -6695,7 +6769,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( size_t); uint8_t ret[32U]; H_f1_1a0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f1(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_5c(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6709,17 +6783,17 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f1(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_5c(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_830(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_5a0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_a9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_d8_14(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; @@ -6742,7 +6816,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_410( +static KRML_MUSTINLINE void deserialize_secret_key_a80( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; @@ -6759,7 +6833,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_410( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_8c(secret_bytes); + deserialize_to_uncompressed_ring_element_f5(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6784,8 +6858,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_12(Eurydice_slice serialized) { - return deserialize_then_decompress_10_0a(serialized); +deserialize_then_decompress_ring_element_u_3d(Eurydice_slice serialized) { + return deserialize_then_decompress_10_ee(serialized); } /** @@ -6794,7 +6868,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_54( +static KRML_MUSTINLINE void ntt_vector_u_8a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U); @@ -6819,7 +6893,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_a30( +static KRML_MUSTINLINE void deserialize_then_decompress_u_0e0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; @@ -6842,8 +6916,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a30( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_12(u_bytes); - ntt_vector_u_54(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_3d(u_bytes); + ntt_vector_u_8a(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6857,8 +6931,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_01(Eurydice_slice serialized) { - return deserialize_then_decompress_4_37(serialized); +deserialize_then_decompress_ring_element_v_2b(Eurydice_slice serialized) { + return deserialize_then_decompress_4_22(serialized); } /** @@ -6874,7 +6948,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_e70( +compute_message_950( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -6883,8 +6957,8 @@ compute_message_e70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_2a(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_840(&result, &product);); - invert_ntt_montgomery_7b0(&result); - result = subtract_reduce_89_a2(v, result); + invert_ntt_montgomery_d10(&result); + result = subtract_reduce_89_6b(v, result); return result; } @@ -6922,18 +6996,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_a00(IndCpaPrivateKeyUnpacked_ae *secret_key, +static void decrypt_unpacked_690(IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_a30(ciphertext, u_as_ntt); + deserialize_then_decompress_u_0e0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_01( + deserialize_then_decompress_ring_element_v_2b( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_e70(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_950(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_1b(message, ret0); + compress_then_serialize_message_22(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6947,10 +7021,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_940(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_690(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_410(secret_key, secret_as_ntt); + deserialize_secret_key_a80(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -6961,7 +7035,7 @@ static void decrypt_940(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_a00(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_690(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7001,7 +7075,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_fd0( +void libcrux_ml_kem_ind_cca_decapsulate_d60( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7019,7 +7093,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_940(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_690(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7041,7 +7115,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a6(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_f1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_ee1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7051,7 +7125,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_830(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_5a0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_14(Eurydice_array_to_slice((size_t)32U, @@ -7061,7 +7135,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd0( kdf_d8_14(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_a6(ciphertext), + libcrux_ml_kem_types_as_ref_00_f1(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7171,6 +7245,13 @@ static KRML_MUSTINLINE void serialize_public_key_79( memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7196,6 +7277,49 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_3f(uint8_t *public_key) { (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::portable::PortableHash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void H_f1_1a(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_portable_H(input, ret); +} + +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_80( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { + uint8_t t[32U]; + H_f1_1a(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)3U, + (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), + t); + Eurydice_slice expected = Eurydice_array_to_subslice2( + private_key->value, (size_t)768U * (size_t)3U + (size_t)32U, + (size_t)768U * (size_t)3U + (size_t)64U, uint8_t); + return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( + (size_t)32U, t, &expected, uint8_t, uint8_t, bool); +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash)} @@ -7878,19 +8002,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_fc( return lit; } -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_f1_1a(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H(input, ret); -} - /** Serialize the secret key. */ @@ -8067,7 +8178,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_c7(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_6c(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_ea();); @@ -8123,17 +8234,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_7b( +static KRML_MUSTINLINE void invert_ntt_montgomery_d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_d2(&zeta_i, re); - invert_ntt_at_layer_2_06(&zeta_i, re); - invert_ntt_at_layer_3_f9(&zeta_i, re); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_16(&zeta_i, re); + invert_ntt_at_layer_2_90(&zeta_i, re); + invert_ntt_at_layer_3_6f(&zeta_i, re); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_8b(re); } @@ -8146,7 +8257,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_89( +static KRML_MUSTINLINE void compute_vector_u_67( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -8176,8 +8287,8 @@ static KRML_MUSTINLINE void compute_vector_u_89( ntt_multiply_89_2a(a_element, &r_as_ntt[j]); add_to_ring_element_89_84(&result[i1], &product); } - invert_ntt_montgomery_7b(&result[i1]); - add_error_reduce_89_af(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d1(&result[i1]); + add_error_reduce_89_3f(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -8194,7 +8305,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_ca( +compute_ring_element_v_42( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -8204,8 +8315,8 @@ compute_ring_element_v_ca( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_2a(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_84(&result, &product);); - invert_ntt_montgomery_7b(&result); - result = add_message_error_reduce_89_63(error_2, message, result); + invert_ntt_montgomery_d1(&result); + result = add_message_error_reduce_89_0d(error_2, message, result); return result; } @@ -8221,7 +8332,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_14( +static void compress_then_serialize_u_84( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8237,7 +8348,7 @@ static void compress_then_serialize_u_14( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_89(&re, ret); + compress_then_serialize_ring_element_u_19(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8261,7 +8372,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_83(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_5a(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; deserialize_ring_elements_reduced_0c( @@ -8288,7 +8399,7 @@ static void encrypt_83(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_c7(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_6c(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8302,25 +8413,25 @@ static void encrypt_83(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_c6( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_89(A, r_as_ntt, error_1, u); + compute_vector_u_67(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cd(copy_of_message); + deserialize_then_decompress_message_a4(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_ca(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_42(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_14( + compress_then_serialize_u_84( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_87( + compress_then_serialize_ring_element_v_7c( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -8364,7 +8475,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_0b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -8378,7 +8489,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( size_t); uint8_t ret[32U]; H_f1_1a(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f10(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_5c0(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -8392,17 +8503,17 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f10(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_5c0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_83(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_5a(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_a90(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e90(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_d8_41(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; @@ -8425,7 +8536,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_41( +static KRML_MUSTINLINE void deserialize_secret_key_a8( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -8442,7 +8553,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_41( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_8c(secret_bytes); + deserialize_to_uncompressed_ring_element_f5(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8472,7 +8583,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_a3( +static KRML_MUSTINLINE void deserialize_then_decompress_u_0e( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -8495,8 +8606,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a3( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_12(u_bytes); - ntt_vector_u_54(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_3d(u_bytes); + ntt_vector_u_8a(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8516,7 +8627,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_e7( +compute_message_95( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -8525,8 +8636,8 @@ compute_message_e7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_2a(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_84(&result, &product);); - invert_ntt_montgomery_7b(&result); - result = subtract_reduce_89_a2(v, result); + invert_ntt_montgomery_d1(&result); + result = subtract_reduce_89_6b(v, result); return result; } @@ -8564,18 +8675,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_a0(IndCpaPrivateKeyUnpacked_f8 *secret_key, +static void decrypt_unpacked_69(IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_a3(ciphertext, u_as_ntt); + deserialize_then_decompress_u_0e(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_01( + deserialize_then_decompress_ring_element_v_2b( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_e7(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_95(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_1b(message, ret0); + compress_then_serialize_message_22(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8589,10 +8700,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_94(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_69(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_41(secret_key, secret_as_ntt); + deserialize_secret_key_a8(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -8603,7 +8714,7 @@ static void decrypt_94(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_a0(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_69(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8643,7 +8754,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_fd( +void libcrux_ml_kem_ind_cca_decapsulate_d6( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8661,7 +8772,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_94(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_69(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -8683,7 +8794,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a60(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_f10(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_ee(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -8693,7 +8804,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_83(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_5a(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_41(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), @@ -8702,7 +8813,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd( kdf_d8_41(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_a60(ciphertext), + libcrux_ml_kem_types_as_ref_00_f10(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 842002efe..536112a56 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 413cb8cfa..fb5e5ce48 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 0faa15823..98b7b6f33 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 1b23ca31d..40d622080 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 1630106cf..e45c61660 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index aed8b3ad4..1ce890195 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index f2144bb1f..1e59d1a80 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index a38d0a5db..a05120b5f 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 -Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 -Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a +Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 +Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e +Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 +Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 4b994a998..366d716f0 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -95,10 +95,14 @@ typedef struct { (memcpy(dst, src, len * sizeof(elem_type))) #define TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _a, _b) \ +#define Eurydice_array_eq(sz, a1, a2, t, _) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ - Eurydice_array_eq +#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ + sz, a1, a2, t, _, _ret_t) \ + Eurydice_array_eq(sz, a1, a2, t, _) +#define core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( \ + sz, a1, a2, t, _, _ret_t) \ + Eurydice_array_eq(sz, a1, a2, t, _) #define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ (CLITERAL(ret_t){ \ diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 73953b59a..da42a20b4 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_core_H @@ -187,25 +187,6 @@ typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { Eurydice_slice snd[4U]; } Eurydice_slice_uint8_t_4size_t__x2; -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $1184size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { - uint8_t value[1184U]; -} libcrux_ml_kem_types_MlKemPublicKey_15; - -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$1184size_t]] - -*/ -typedef struct Option_92_s { - Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_15 f0; -} Option_92; - typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { uint8_t value[1088U]; } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; @@ -226,6 +207,15 @@ static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_1d( return self->value; } +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $1184size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { + uint8_t value[1184U]; +} libcrux_ml_kem_types_MlKemPublicKey_15; + /** This function found in impl {(core::convert::From<@Array> for libcrux_ml_kem::types::MlKemPublicKey)#14} @@ -352,7 +342,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_31(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_9f(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -372,7 +362,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_26( +static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_50( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -424,7 +414,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_24( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index dc53c7231..cf84953dc 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index bf0c5a47d..5a6bd84e2 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem768_avx2_H @@ -1240,7 +1240,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_cc(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_2a(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_e4(); } @@ -1276,7 +1276,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_3d( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -1323,7 +1323,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_0b(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_1a(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_e4(); } @@ -1335,7 +1335,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_27( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f2( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1387,9 +1387,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_15( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e3( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_27( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f2( vector); } @@ -1401,7 +1401,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_4a( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_73( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_e4(); @@ -1412,7 +1412,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_4a( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_15( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e3( coefficient); } return re; @@ -1426,7 +1426,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_270( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f20( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1478,9 +1478,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_150( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e30( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_270( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f20( vector); } @@ -1492,7 +1492,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_30( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_db( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_e4(); @@ -1503,7 +1503,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_30( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_150( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e30( coefficient); } return re; @@ -1517,9 +1517,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5b( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_41( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_4a(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_73(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1682,7 +1682,7 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_9d( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)7U, @@ -1713,7 +1713,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8c( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_c4( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -1738,9 +1738,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8c( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5b( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_41( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_9d(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_0f(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1755,7 +1755,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_271( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f21( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1807,9 +1807,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_151( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e31( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_271( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f21( vector); } @@ -1821,7 +1821,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_96( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_52( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_e4(); @@ -1832,7 +1832,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_96( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_151( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e31( coefficient); } return re; @@ -1846,7 +1846,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_272( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f22( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1898,9 +1898,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_152( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e32( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_272( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f22( vector); } @@ -1912,7 +1912,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_72( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_b5( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_e4(); @@ -1923,7 +1923,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_72( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_152( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e32( re.coefficients[i0]); } return re; @@ -1937,9 +1937,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_19( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c0( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_96(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_52(serialized); } /** @@ -2042,7 +2042,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_31( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_3a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2069,7 +2069,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_0a( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2092,7 +2092,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_7c( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_d3( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2113,7 +2113,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_92(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_7e(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); @@ -2132,7 +2132,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a6( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2147,7 +2147,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a6( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_92( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_7e( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2165,20 +2165,20 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f8( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_31(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_0a(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_7c(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a6(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_3a(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a5(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_d3(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a6(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a6(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a6(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, (size_t)7U); libcrux_ml_kem_polynomial_poly_barrett_reduce_89_25(re); } @@ -2195,7 +2195,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_89_3e( +libcrux_ml_kem_polynomial_subtract_reduce_89_76( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2225,7 +2225,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_bf( +libcrux_ml_kem_matrix_compute_message_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -2238,8 +2238,8 @@ libcrux_ml_kem_matrix_compute_message_bf( &u_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_1c(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f8(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_3e(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cd(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_76(v, result); return result; } @@ -2250,7 +2250,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_ac(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_86(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2264,9 +2264,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_94( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_8e( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_ac(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_86(vector); } /** @@ -2278,7 +2278,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i libcrux_ml_kem_vector_traits_to_unsigned_representative_10(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_94(a); + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_8e(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2292,7 +2292,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_0c( +libcrux_ml_kem_serialize_compress_then_serialize_message_99( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2347,20 +2347,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_ea( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_65( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8c(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_c4(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_19( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c0( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_bf(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_2f(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_0c(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_99(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2375,11 +2375,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_56(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_51(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_3d(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_29(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2391,7 +2391,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_56(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ea(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_65(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3350,7 +3350,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_97(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_1a(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_e4(); } @@ -3367,7 +3367,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_96(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_24(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3445,7 +3445,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_ce(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_f2(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_e4(); } @@ -3460,7 +3460,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_8a( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_07( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3485,7 +3485,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_5c( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_cd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -3517,8 +3517,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_5c( libcrux_ml_kem_polynomial_add_to_ring_element_89_1c(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f8(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_8a(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cd(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_07(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3532,7 +3532,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_ed(__m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_f9(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3547,7 +3547,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_f9( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_57( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_e4(); @@ -3558,7 +3558,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f9( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_ed(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_f9(coefficient_compressed); } return re; } @@ -3575,7 +3575,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_80( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_f9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3606,7 +3606,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_d2( +libcrux_ml_kem_matrix_compute_ring_element_v_bb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -3620,8 +3620,8 @@ libcrux_ml_kem_matrix_compute_ring_element_v_d2( &r_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_1c(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f8(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_80( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cd(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_f9( error_2, message, result); return result; } @@ -3634,7 +3634,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_21( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3689,9 +3689,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_73( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_63( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_21( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e( vector); } @@ -3703,13 +3703,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_eb( +libcrux_ml_kem_serialize_compress_then_serialize_10_69( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_73( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_63( libcrux_ml_kem_vector_traits_to_unsigned_representative_10( re->coefficients[i0])); uint8_t bytes[20U]; @@ -3730,7 +3730,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_210( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e0( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3785,9 +3785,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_730( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_630( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_210( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e0( vector); } @@ -3799,13 +3799,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_01( +libcrux_ml_kem_serialize_compress_then_serialize_11_39( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_730( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_630( libcrux_ml_kem_vector_traits_to_unsigned_representative_10( re->coefficients[i0])); uint8_t bytes[22U]; @@ -3827,10 +3827,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_f1( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_eb(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_69(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3847,7 +3847,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_61( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_33( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3863,7 +3863,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_61( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_f1(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2e(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3878,7 +3878,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_211( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e1( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3933,9 +3933,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_731( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_631( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_211( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e1( vector); } @@ -3947,13 +3947,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_f0( +libcrux_ml_kem_serialize_compress_then_serialize_4_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_731( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_631( libcrux_ml_kem_vector_traits_to_unsigned_representative_10( re.coefficients[i0])); uint8_t bytes[8U]; @@ -3973,7 +3973,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_212( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e2( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4028,9 +4028,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_732( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_632( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_212( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e2( vector); } @@ -4042,13 +4042,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_ed( +libcrux_ml_kem_serialize_compress_then_serialize_5_32( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_732( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_632( libcrux_ml_kem_vector_traits_to_unsigned_representative_10( re.coefficients[i0])); uint8_t bytes[10U]; @@ -4069,9 +4069,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_9e( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_de( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_f0(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_e8(re, out); } /** @@ -4092,7 +4092,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_cb(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_9b(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { @@ -4121,7 +4121,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_cb(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_96( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_24( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4136,26 +4136,26 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_cb(Eurydice_slice public_key, libcrux_ml_kem_sampling_sample_from_binomial_distribution_5d( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_5c(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_cd(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_f9( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_57( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_d2( + libcrux_ml_kem_matrix_compute_ring_element_v_bb( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_61( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_33( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_9e( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_de( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4205,7 +4205,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_e5( +static inline void libcrux_ml_kem_ind_cca_decapsulate_701( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4223,7 +4223,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e5( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_56(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_51(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -4247,7 +4247,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e5( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_24(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( @@ -4258,7 +4258,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e5( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_cb(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_9b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_variant_kdf_d8_80( @@ -4269,7 +4269,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e5( libcrux_ml_kem_variant_kdf_d8_80(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + libcrux_ml_kem_types_as_ref_00_24(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4302,10 +4302,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_14( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_32( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_e5(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_701(private_key, ciphertext, ret); } /** @@ -4319,7 +4319,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_14(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_32(private_key, ciphertext, ret); } @@ -4377,7 +4377,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_51( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -4392,7 +4392,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_51( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_26(public_key), + libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4407,18 +4407,18 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_51( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_26(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_cb(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_9b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_31(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9f(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_variant_kdf_d8_80(shared_secret, &ciphertext0, shared_secret_array); @@ -4452,14 +4452,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_41( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_61( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_51(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8b(uu____0, copy_of_randomness); } /** @@ -4477,7 +4477,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_41( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_61( uu____0, copy_of_randomness); } @@ -4908,7 +4908,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_c6( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_ff( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -4925,7 +4925,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_c6( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_ff( copy_of_randomness); } @@ -4986,7 +4986,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_e50( +static inline void libcrux_ml_kem_ind_cca_decapsulate_702( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5004,7 +5004,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e50( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_56(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_51(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5028,7 +5028,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e50( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_24(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( @@ -5039,7 +5039,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e50( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_cb(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_9b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_variant_kdf_33_62( @@ -5050,7 +5050,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e50( libcrux_ml_kem_variant_kdf_33_62(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + libcrux_ml_kem_types_as_ref_00_24(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5084,10 +5084,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_f4( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_84( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_e50(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_702(private_key, ciphertext, ret); } /** @@ -5101,7 +5101,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_f4( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_84( private_key, ciphertext, ret); } @@ -5141,7 +5141,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_510( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8b0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -5156,7 +5156,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_510( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_26(public_key), + libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5171,18 +5171,18 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_510( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_26(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_cb(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_9b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_31(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9f(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_variant_kdf_33_62(shared_secret, &ciphertext0, shared_secret_array); @@ -5219,14 +5219,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_9d( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_7b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_510(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8b0(uu____0, copy_of_randomness); } /** @@ -5244,7 +5244,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_9d( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_7b( uu____0, copy_of_randomness); } @@ -5414,7 +5414,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_e9( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_d1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -5431,10 +5431,75 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_e9( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_d1( copy_of_randomness); } +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_46( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { + uint8_t t[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_a1( + Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U, + (size_t)768U * (size_t)3U + (size_t)32U, + uint8_t), + t); + Eurydice_slice expected = Eurydice_array_to_subslice2( + private_key->value, (size_t)768U * (size_t)3U + (size_t)32U, + (size_t)768U * (size_t)3U + (size_t)64U, uint8_t); + return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( + (size_t)32U, t, &expected, uint8_t, uint8_t, bool); +} + +/** + Portable private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE bool +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_2c( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_46(private_key, + ciphertext); +} + +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_2c( + private_key, ciphertext); +} + /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types @@ -5491,6 +5556,13 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f40( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5530,8 +5602,8 @@ generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_4d( +static KRML_MUSTINLINE bool +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_96( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_52(public_key); } @@ -5539,19 +5611,13 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_4d( /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ KRML_ATTRIBUTE_TARGET("avx2") -static inline Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_4d( - public_key.value)) { - uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); - } else { - uu____0 = (CLITERAL(Option_92){.tag = None}); - } - return uu____0; +static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_96( + public_key->value); } /** diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 4e5fff02c..4c72badfc 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem768_portable_H @@ -2454,7 +2454,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_36(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_6b(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_ea(); } @@ -2465,7 +2465,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8b( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_af( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_ea(); @@ -2490,7 +2490,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_e7( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_24( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -2508,7 +2508,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_e7( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8b( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_af( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2536,7 +2536,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_58(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_7c(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_ea(); } @@ -2585,7 +2585,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_07( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_2c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_ea(); @@ -2649,7 +2649,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_8b( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_8d( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_ea(); @@ -2675,9 +2675,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ab( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_34( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_07(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_2c(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2845,7 +2845,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_55( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_9f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U, @@ -2875,7 +2875,7 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_2a( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f4( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -2900,9 +2900,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_2a( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ab( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_34( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_55(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_9f(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2954,7 +2954,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_57( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_41( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_ea(); @@ -3018,7 +3018,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_65( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_4e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_ea(); @@ -3044,9 +3044,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b6( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_56( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_57(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_41(serialized); } /** @@ -3152,7 +3152,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_28( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_83( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3178,7 +3178,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_f7( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c3( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3200,7 +3200,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_44( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_68( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3222,7 +3222,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_de( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_65( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3243,7 +3243,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_33( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3258,7 +3258,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_33( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_de( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_65( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3275,20 +3275,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cb( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_28(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_f7(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_44(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_33(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_83(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c3(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_68(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_33(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_33(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_33(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)7U); libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(re); } @@ -3304,7 +3304,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_97( +libcrux_ml_kem_polynomial_subtract_reduce_89_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3336,7 +3336,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_97( +libcrux_ml_kem_matrix_compute_message_b3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -3349,8 +3349,8 @@ libcrux_ml_kem_matrix_compute_message_97( &u_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cb(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_97(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_d4(v, result); return result; } @@ -3409,7 +3409,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_25( +libcrux_ml_kem_serialize_compress_then_serialize_message_aa( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3465,20 +3465,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b5( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_2a(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f4(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b6( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_56( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_97(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_b3(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_25(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_aa(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3492,11 +3492,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_49(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_43(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_e7(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_24(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3508,7 +3508,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_49(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_b5(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4434,7 +4434,7 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_f4(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_77(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_ea(); } @@ -4451,7 +4451,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_d5(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_ac(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4526,7 +4526,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_23(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_d6(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_ea(); } @@ -4540,7 +4540,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_97( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_38( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4567,7 +4567,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_59( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -4599,8 +4599,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_3a( libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cb(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_97(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_38(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4614,7 +4614,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_3b( +libcrux_ml_kem_vector_traits_decompress_1_63( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4629,7 +4629,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_63( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_0d( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_ea(); @@ -4642,7 +4642,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_63( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_3b(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_63(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4659,7 +4659,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_7b( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4692,7 +4692,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_24( +libcrux_ml_kem_matrix_compute_ring_element_v_54( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4706,8 +4706,8 @@ libcrux_ml_kem_matrix_compute_ring_element_v_24( &r_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cb(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_7b( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_ea( error_2, message, result); return result; } @@ -4753,7 +4753,7 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_8b( +libcrux_ml_kem_serialize_compress_then_serialize_10_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -4814,7 +4814,7 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_55( +libcrux_ml_kem_serialize_compress_then_serialize_11_e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -4842,10 +4842,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_60( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_5f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_8b(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_fc(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4861,7 +4861,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c3( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4877,7 +4877,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c3( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_60(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_5f(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4925,7 +4925,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_e5( +libcrux_ml_kem_serialize_compress_then_serialize_4_9a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -4985,7 +4985,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_73( +libcrux_ml_kem_serialize_compress_then_serialize_5_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -5012,9 +5012,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_5b( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_e5(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_9a(re, out); } /** @@ -5035,7 +5035,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_ff(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_60(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { @@ -5064,7 +5064,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_ff(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_d5( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_ac( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5079,26 +5079,26 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_ff(Eurydice_slice public_key, libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_3a(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_59(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_63( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_0d( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_24( + libcrux_ml_kem_matrix_compute_ring_element_v_54( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c3( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a7( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_5b( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4e( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5146,7 +5146,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_da( +static inline void libcrux_ml_kem_ind_cca_decapsulate_70( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5164,7 +5164,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_da( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_49(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_43(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5188,7 +5188,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_da( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_24(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( @@ -5199,7 +5199,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_da( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_ff(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_60(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_variant_kdf_d8_41( @@ -5210,7 +5210,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_da( libcrux_ml_kem_variant_kdf_d8_41(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + libcrux_ml_kem_types_as_ref_00_24(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5243,10 +5243,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_62( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_2e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_da(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_70(private_key, ciphertext, ret); } /** @@ -5259,7 +5259,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_62( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_62( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_2e( private_key, ciphertext, ret); } @@ -5314,7 +5314,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b5( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cd( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -5329,7 +5329,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b5( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_26(public_key), + libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5344,18 +5344,18 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b5( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_26(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_ff(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_60(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_31(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9f(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_variant_kdf_d8_41(shared_secret, &ciphertext0, shared_secret_array); @@ -5388,14 +5388,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_9c( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_c6( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_b5(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_cd(uu____0, copy_of_randomness); } /** @@ -5412,7 +5412,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_9c( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_c6( uu____0, copy_of_randomness); } @@ -5911,7 +5911,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_da0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_700( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5929,7 +5929,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_da0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_49(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_43(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5953,7 +5953,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_da0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_24(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( @@ -5964,7 +5964,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_da0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_ff(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_60(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_variant_kdf_33_f0( @@ -5975,7 +5975,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_da0( libcrux_ml_kem_variant_kdf_33_f0(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + libcrux_ml_kem_types_as_ref_00_24(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6009,10 +6009,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_10( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fc( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_da0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_700(private_key, ciphertext, ret); } /** @@ -6025,7 +6025,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_10( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_10( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fc( private_key, ciphertext, ret); } @@ -6063,7 +6063,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b50( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cd0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -6078,7 +6078,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b50( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_26(public_key), + libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6093,18 +6093,18 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b50( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_26(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_ff(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_60(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_31(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9f(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_variant_kdf_33_f0(shared_secret, &ciphertext0, shared_secret_array); @@ -6141,14 +6141,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_48( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_b50(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_cd0(uu____0, copy_of_randomness); } /** @@ -6165,7 +6165,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_48( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7a( uu____0, copy_of_randomness); } @@ -6352,6 +6352,68 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair( copy_of_randomness); } +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_e7( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { + uint8_t t[32U]; + libcrux_ml_kem_hash_functions_portable_H_f1_1a( + Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U, + (size_t)768U * (size_t)3U + (size_t)32U, + uint8_t), + t); + Eurydice_slice expected = Eurydice_array_to_subslice2( + private_key->value, (size_t)768U * (size_t)3U + (size_t)32U, + (size_t)768U * (size_t)3U + (size_t)64U, uint8_t); + return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( + (size_t)32U, t, &expected, uint8_t, uint8_t, bool); +} + +/** + Portable private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE bool +libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_9c( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_e7(private_key, + ciphertext); +} + +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_9c( + private_key, ciphertext); +} + /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types @@ -6406,6 +6468,13 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_330( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6443,7 +6512,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static inline bool +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_19(public_key); @@ -6452,18 +6521,12 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b( /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -static inline Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b( - public_key.value)) { - uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); - } else { - uu____0 = (CLITERAL(Option_92){.tag = None}); - } - return uu____0; +static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b( + public_key->value); } /** diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 1dc4635ed..6ed704984 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 3e8e953d8..12650f0f8 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_sha3_portable_H From 3388672dc91521254372f1fb7b278c83b40728be Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 27 Aug 2024 14:12:36 +0000 Subject: [PATCH 105/172] fix ml-kem.rs test for old implementation --- libcrux-ml-kem/tests/ml-kem.rs | 13 +++++++------ libcrux-ml-kem/tests/nistkats.rs | 2 ++ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/libcrux-ml-kem/tests/ml-kem.rs b/libcrux-ml-kem/tests/ml-kem.rs index 784c2fc36..56ca7594f 100644 --- a/libcrux-ml-kem/tests/ml-kem.rs +++ b/libcrux-ml-kem/tests/ml-kem.rs @@ -1,6 +1,7 @@ //! Tests for ML-KEM /// These tests are from https://github.com/C2SP/CCTV/ +#[allow(dead_code)] fn test_invalid_modulus(p: &str) { use std::{ fs::File, @@ -15,15 +16,15 @@ fn test_invalid_modulus(p: &str) { let pk = hex::decode(line).unwrap(); let pk = pk.as_slice(); match p { - #[cfg(feature = "mlkem512")] + #[cfg(all(feature = "mlkem512", feature = "pre-verification"))] "512" => assert!(!libcrux_ml_kem::mlkem512::validate_public_key( &pk.try_into().unwrap() )), - #[cfg(feature = "mlkem768")] + #[cfg(all(feature = "mlkem768", feature = "pre-verification"))] "768" => assert!(!libcrux_ml_kem::mlkem768::validate_public_key( &pk.try_into().unwrap() )), - #[cfg(feature = "mlkem1024")] + #[cfg(all(feature = "mlkem1024", feature = "pre-verification"))] "1024" => assert!(!libcrux_ml_kem::mlkem1024::validate_public_key( &pk.try_into().unwrap() )), @@ -33,19 +34,19 @@ fn test_invalid_modulus(p: &str) { } #[test] -#[cfg(feature = "mlkem512")] +#[cfg(all(feature = "mlkem512", feature = "pre-verification"))] fn invalid_modulus_512() { test_invalid_modulus("512"); } #[test] -#[cfg(feature = "mlkem768")] +#[cfg(all(feature = "mlkem768", feature = "pre-verification"))] fn invalid_modulus_768() { test_invalid_modulus("768"); } #[test] -#[cfg(feature = "mlkem1024")] +#[cfg(all(feature = "mlkem1024", feature = "pre-verification"))] fn invalid_modulus_1024() { test_invalid_modulus("1024"); } diff --git a/libcrux-ml-kem/tests/nistkats.rs b/libcrux-ml-kem/tests/nistkats.rs index 51385e923..76abc4316 100644 --- a/libcrux-ml-kem/tests/nistkats.rs +++ b/libcrux-ml-kem/tests/nistkats.rs @@ -43,6 +43,7 @@ macro_rules! impl_nist_known_answer_tests { for kat in nist_kats { let key_pair = generate_key_pair(kat.key_generation_seed); + #[cfg(feature = "pre-verification")] assert!(validate_public_key(key_pair.public_key())); let public_key_hash = sha256(key_pair.pk()); @@ -59,6 +60,7 @@ macro_rules! impl_nist_known_answer_tests { assert_eq!(ciphertext_hash, kat.sha3_256_hash_of_ciphertext, "lhs: computed ciphertext hash, rhs: hash from akt"); assert_eq!(shared_secret.as_ref(), kat.shared_secret, "lhs: computed shared secret from encapsulate, rhs: shared secret from kat"); + #[cfg(feature = "pre-verification")] assert!(validate_private_key(key_pair.private_key(), &ciphertext)); let shared_secret_from_decapsulate = From f90dff2e3c7728427723350a2a9e7e100f39e598 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Ignacio=20Escribano?= Date: Wed, 28 Aug 2024 14:05:30 +0200 Subject: [PATCH 106/172] Update README.md --- formal_verification/vale-crypto/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/formal_verification/vale-crypto/README.md b/formal_verification/vale-crypto/README.md index 84ec4f295..c11ed629f 100644 --- a/formal_verification/vale-crypto/README.md +++ b/formal_verification/vale-crypto/README.md @@ -1,6 +1,6 @@ # Vale Crypto in libcrux -##Vale: Verified Assembly Language for Everest +## Vale: Verified Assembly Language for Everest Vale is a tool for constructing formally verified high-performance assembly language code, with an emphasis on cryptographic code. It uses existing verification frameworks, such as Dafny and F*, for formal verification. It supports multiple architectures, such as x86, x64, and ARM, and multiple platforms, such as Windows, Mac, and Linux. Additional architectures and platforms can be supported with no changes to the Vale tool. Each assembly implementation in Vale is verified for: From 4ad532b206174114dd4140b718e7794a28fc59ee Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 28 Aug 2024 18:34:16 +0000 Subject: [PATCH 107/172] add a single kat for dk validation --- .../tests/kats/invalid_dk/ML-KEM-1024.txt | 2 + .../tests/kats/invalid_dk/ML-KEM-512.txt | 2 + .../tests/kats/invalid_dk/ML-KEM-768.txt | 2 + libcrux-ml-kem/tests/ml-kem.rs | 63 +++++++++++++++++++ 4 files changed, 69 insertions(+) create mode 100644 libcrux-ml-kem/tests/kats/invalid_dk/ML-KEM-1024.txt create mode 100644 libcrux-ml-kem/tests/kats/invalid_dk/ML-KEM-512.txt create mode 100644 libcrux-ml-kem/tests/kats/invalid_dk/ML-KEM-768.txt diff --git a/libcrux-ml-kem/tests/kats/invalid_dk/ML-KEM-1024.txt b/libcrux-ml-kem/tests/kats/invalid_dk/ML-KEM-1024.txt new file mode 100644 index 000000000..849db1ca0 --- /dev/null +++ b/libcrux-ml-kem/tests/kats/invalid_dk/ML-KEM-1024.txt @@ -0,0 +1,2 @@ +1216c65e032450fa8d89d4ce52f7607ccca65316b22c013d74553419f7c0aa4c791f6ac739973aebd94ff711468d40cb33b070687b2a38a15a56f0be1d71c36f235d24f629e0429f56e934a12c2d37998b38f4ab0867b31f6a3ed0a3173c43ab167608cd28a181a4103fe3ac09082a1e36c726645fe23c4eab88b1f232678b170482f81528da83ffb511b8baa309729d2049c82df5c98a676735c969c9dc9b1368b84013698e0cb889b04000bd63e0f5678e39a35534bbb0a22e7656752c3982bdba7136ecc7c3b155750aa6589240e9542b904a80fb4573e7d663102901e9626a6afc0e9a8664437805115c55da9baa6eb47d3f2298448b1fcebb8ed1c1bc1b84702bc68916f123756526a8421c0b2a58708896eaa112eadb3f5d542cedc8aabbe94d3cd39bdada1d8550c07db49f047ca2f6d4810e1328eb4119651111b1f9cc925b313a624755c964d42879f4d6a990b3257d1395d65755f6a908f8a970b777360c48261778cbaf7017ac1a2136a358e13b47a554c657da1e5f864c3cb3223be55711148145a8b8f8e5c433c369912744b5d4c1ba821db82b70a3ea9096d1b3ef4982678b258058cea8324b7716820c4175a42702d1649b02811c8ffbcf58d410d18408ae44b2d5c5c13b7a06a2f344e4fa5773d100d5076783dc90fc5ba3669510db8b0822556a078b339ed06da68b1291e689fdec4255711aeb5baf8c930d97b266b0602c496909136846c12a205984341a30a1b7d3987ba19326f8b38f289d5f16b9b94319bb2904352755762561dbdabcb7c57a50242273c3391ce468b77135977b29553561998644aa2b86dc90440384b274057f8716858e017fb8967b0f7310fb2560bc295e9e13c7ddda8cc95c865141c52c60192ca1bac89336b86a46260b382bab65e787731f83c5c448c8cc4a0d6b71cb076205f8ab90ed103420e682b701cfcab429cb8898b5d8aafad35185f02eb3146814662bda361c265818e47a0965e21ce0b889f8497390db35a1360f7e070eb7176209b241d5d6cd51b08696a3859dd1c8ae1b60616770f158c1aac474ff39af1cf1bc428691536c8876242ecd2c9dcfc44a4f2020ae02436b062844d88f94891bf84b6ddb93b7e84ba3f0a19e6091581803c8b659b9b6b4b95f55798325697873b93d19425a954d13dcab1a34092c14133c649284c23e66599a46c8b64f40cfd53487f6fac5b5575950db75c55a4a8fd387f47797953802382a523932809210070465956ce25164139d7104567402687fcc3248b6392c5715d1a076cee7ceb4d623a4ba923ee8615bd0630ac5bf74d214d101aa2454603ba9018c7069c2aa79c1572567883506c102440b3f238b502772ca70ba9913e5551d8c19e90a45e4463a191762cf05955f6c55a2f237de542793a4c6126c30caf0b9669006b33084306c3f2a002f59405ca04977b658caa3965109c4772dbc4a910c76db953f73d1aafc04d0e9e60a596b31daf5ad2e79960ea42940662c8f6b9c9373b938f49cee3a3d71b30a7a475e6939b9ebb2ae69f4614273876c4a730b83160f7a6d66797910383a1bb148e3f97fbd94817decc799eb82948878653c8caa52b795a3061f01b042a05490e2bafb5803d45832ba564cf822b2a485823e465193844f9773a20fc35297b741b98c7fec7bb7dff6c03c77c8c119ab1b7224ebb136fe3964fdd782550829a3d93a4f107237b01cb4d2592b846989885f7d1941e2112fa826b5bad4154a3b7991e1068a117a529769e652855bb26cd2a9a9f71714324c116b3b0dc9cb99787708bae707cbf7010e768e5fe44bdf877df840950a00b0e5e66254cba97e394f0638b396925ce7d8a8a0939b3412609e611ba5217977217b7fdb66a8529b768aa2fa1a5d8bf110c8445477684cf4e9c97091b5099168055c44daa6a4e9266aa0db15ff7747fe1040f0c632eac26a838989e4b326aff42278451a2cb3add1242c60d34f5f212117780db656b6d8267a5019c612404b54851244f284e4fc5f8300b47562285de41afcd23a8d5a5319322a7b31cd3a6151c71989140824ed418df7629f98878341789865d052fec761a229c0c2966eb3025ef3c894f7241d6be63ce51cc112c4aa8dd54e63bb5a27e25304a75de4024d903b06736bad3c567c05128858339f211c420317a7c0a9055538460cd3063df0728c65783bb5156bec7082710d77e9b4ff2465b0221762bbb35c6258b61462036c0b6316782cc8c836a739ae48509f43a71b961e05e7564dd5789e87522908379cdc11b8b848df11b2e27609907ac0fe44a9aea89a03059c1b6bc224a70a0af0a3d39b0599393607dc17a926b0eb577742c835dc3baaa3929c0ba71186fbaeccf526e37a1f84aabba2223efe04a8e24573cf2512eff8af8eeabac03c0eaf685152b1915ab51457f14476dcbb834961c7225563292124546401592e69c437cef2c59039225cec84efc741d34a2713e005f785569bb37de8654b4d48b713a9647ee2126138bc5288b64aac36e64b0c04d862ebdc17f4d6157d8521309a69db91411a19a4ed47060d32be4f0274ad1685fb36068beb7aa4c93a69809dabc61761f7c3942ba484a65a4bc7a8a470747eb8893b3ccc0f30ae1f516b95761659ca07da555e2759c8a94279804b6d19444686236b57859e1a93bef6e1a27e45b3c8c831d5dca9d6868f1e1bbc2a0cc50bf76fbe4090da32be1df9452e3986c8157ca7bc123887636bfb59d0c21e2a6b26b977190e58a1d71445c9a68ca11791f979928875604d900f3b894631921070c4218613b1a8b671b9ca353fe6c635c39cd8d72b5a625659ea4d63c63282ab062c592f759b8386392e77c09218ca7ec675c6f49433bf564c3bc7999ffba97ca12888f6605e78c8074b40906ca660c07a54b2acaeb67b8190804d02a21b5266092a548300c744154fd1b61927dc98294480183093085a052548ce8be75a76e8958f2063d423368e69af60fab3eb3b9a0ec7c66d05097f863f52264439dc83f6d144425a9285ec59a75a54f2e4b5ef8822191b812892a309b63cd986684c569fc5aa071b0a51c8da3fa73a7e64e0196e641212f802bf1c35a7abb18deab586e643a7d82863905850f517e97b5e4d727362558c239604f9d51598b85937382f9cc06a761758bb1277c4889d18860c6958641b6012fee190d9ea8ba46a0061e92655651db131180f388693acafda69b4590b0861e95d07f840e4190728b113ff5565cdb5470b5009aa2b297573a2a2f9691196b034190b64b3bff043b31cc09a4f3b0450663280b6c9feb1ad78e64fa8aa5a26dbc6ee3a8793fb71bff20e3c3754da6c9a3e882a6dd32a2a07d0fe3b1708a0332aaca9fea6239de07356d9b843d080c73a05f6e48505869dd9cc9e3db47bd2d9b15ab297577914c397ae9acc514ef6779cf577ae3366cab5a9c2a25335a454b1460f525666ff61087ee99714eb05ff66a79d86b0fd6b75877b832078861212c07d0c239c49cfd07638ee49b4a8d9bc213a7b6273028b2cc8b562039df25739d9ca591cb3a9221eaae66cc6a585d4e54c854181859281ee83ce23305552ba7825009b4a3aa855d66c1f1bbdb72333941226f1d9c09be5be61077f749a1e897254a104bc6e93bc0913166afc1fa422b30bea3af2eb3bfee7b3a453507e6716b20722ee735246f915d50269468b0210136555ea7c50645452e56cb89266b11246f2a33e558618af0542a367c7409a8f20dca180a06b6d1cb25630c0e5c89fcad43c3e9c8eeea048c1d7a531f67e6850c51419539ef40e22fa97d101a2b3581d1fa6bf8967afff589d0fd98e3fdb7fe22c07519625a51a65759606d4d23231d620435c17e617381b36c23851342828bce7e2260f95bc1c0882449861f54966e12663539838e09c15bc41ca4da1cfeaebab33036ec8067444951b8f62b483e7252698c326f562fb85470b35bb83497ef2a75f8b6ba5501ac1294b01c96c78a4e35aa8ea0ea5599b0e75652fb22031a9b44f9b830a188cba7848d86ab5e68a74feb0b7139516fbab7b3a8b60f97427fbaa5c7fb16a16f84e80616ba8d76d5a06532fbcab694572a3b213d185bca01988c5e73f183c5c825035a74c58b4083d14236243c25587536348135d50db127c04aaca635aef582beb5b3f55766e0d7b2f51d56ae690926f6cbdc17a0738f946c15537c7b7402db0a5c5d1926082b8afda2019f5c11adbb8583108cfc20ee9212f8b4cb40a79399f007d59e5ca74317d145bb7fd61836ca0c3d0057459b7166a15bca73c7aa2823b558109d4b6b0c7d39b854896e918a5ec70acc11443b5fab9b6343228a23ddc331909d8c24cfa358be07ab397ad5dbc0b5f5a99f9df07ed71a4b00154040c12afb8af1b456d908c673fee92eec3137e49f04fae8410a3a5e7e1635154b66eb1986d11a24ed1663923d89a79b87ac2d2939c3b9f3b5c829df15c9c83bcb5532629f3 +707f59e57a441a7d2d26ee11d13fbf4fc7d8938c5d7b1dcc5c8f08c4fb36fa140dfd932f315d68ddc46f835807fff8e862573326f29fc039b961bdae891f83386fedebbf803a83892465fe7f9a7fb3da7928954b6b7a475db430ecab210c3adb763119b53a41a3fb6469f1bb56cfc9c7971e66e53a0366b7b80eedce0df22f51b344c4c20389be3385814b1c4f3a055f208bed7e91d4c906ce44cd533c01da8d9d5ba186def1d9ef5e8f4785523e9cd8026b1e0d843569f9dd7fabc19d7179c98fc34bd056017575ea5a993a6e7db5ca9654e632234036cd8cb23f5efb051f5ccff50f612c30f97dd6e5ed1605fbfeb9ee0cdb10306e767481810fdb895e1de09cb169c51a1e0d2422db58426650d69c5f673cc29929446562ab54c294b7447db703b0440c42f2d3219cdc208637797ffba8cdaf5e6dc6a52fc0f16ac1daaf5cce923c6cc07d3d5531bd3da67c0a491cfcfefe4db3c8f3682004a11e6974f0886ab84f0dc6152c66ef7be3ca4ec0e3a5b5da84b2f473dfbbbf0ffe8429f51a89c245b8c0383d28a615f4ad3cd0f2df48d67e020a3319708d4c078734c8048fc1aaf97faa70c86d3e1022972e3df2caca63126131d18c80150beb81f2f7bb47d3a9be05cc669fac22443f4d5ba947e7ab76619c4269cfd9c27764cbaf25feb46f5a989df9a2b170a891e47afd25da64cbb3b1ea41542d0d1670837885101e96bb96fb33eee637eaae85bd26ade132016c92c4d86ab5a7ba7fbbf329cf817aaa69ab1c61309a4c6e9cefce6cf905f26fd00331f1fd169b4721601fcc22e3231908d3e8a7e2fe1e2a36a483ab7148ead23d88c4b6d92d4f3f95e9528e91faa59138aee766fe542153cea501d68079eec1293b36636a59efac65f037a8f118c674aa23211e6ee44e342f4bc39839d028072c17d530a0c68ad2ddbfe9710ef8487160284f44ad9a158f634f7019b86b28498ed8dcde8a4448288b160e58623767ea61c7f7df4bea4b168890a686f997da5e532b2b9b4f025f3741f1b21b16540f84d3fa2d8babf2381b4a76be711d9a304a3ed1b6315b2b096170654a4c005a71a0029c3e29d5cc2136d7433d4695c86809c248c3ff9f926886962d7bb47be06950d799e2acfc60297007e87f59effc5971195a6ddcc51d26ba9876864c6c1620500e734cfe384f9ac06868b05e0f923e92a1181ed694d69cf92b6beddea94ba19c64e49232aef6d298349c13200f32841acd2d8b6b75d6e298299ab63ad8e75086c37d04a7735b4ba0a4caa0085cb9f63dcabf979ea5d5ba0d73dc40188794c0d7363139362e6722086197f95d3f2dab184795e00738f693860533a33c860f7218e1492e5ab9b8ddbe4a88015b43e9568f0a124d8615cc947f917386c08805ff7918362b529061551afde8159e516b6564f4bf9a5396d7495a43ea73c5798e6d060b7b4d3a4950a607b69540d6b17f5cfe3204a642ed53ecc16cd03b2e39da551ebbb3c332b569b45c23b8d5a52e4463377d2d02325f3383c423f6372c0b3c413cc83057b232ba31013cf419f72539bf960ee4affe74a2fb6135ddaa6fd527be8db7a17c8e8d29ec680f47c5e86d673e9e737cfb514232734945f877fa1f22dfcb0af28101fd5b2364b444189baf13bcc7ba4a4f98104eed06ba7fd7d2eb1291079fe38cb8f8587cb0229e1d145a9fbe7374088397245d8c547e015b6ffc343bef1162318332d63d43a28e70c23771a9b68b80dd32cafe70b65b5815c3e550cdc46993b444ca482ab9205d5fa6f09fdecc97de2272e014eab7523b4aebfd18c25a957381c5694e650d1b220a9397a50482236afea3d6b10f4570dd8d901ca4b7608edae6e5d317444d6447813794ef9dbddffed8bf0dd991096f7a6e2811ff68b38b642cbc59968fb15d7be09ca3f28f616b5ab7152be4d20cd10d9c0affabfa571eb5df3854eccbcf05a0761ada327ad71c002ebde21f1b9405bb40d57f5ec3b30cc53ab945e2c12bdff9fff0e68a6f6ebec531f785a67171e90e76093e96fb90ea10f3330de42db5c44666b2f3c5abf3d93f06f9162cd086ce9fff30774e2f7c17c2ecbf86eb21bd25ab6fb70a6995564d0af6f5c3c2ce4eb2f185779fe0b6e273ae9daa99a93713a23b96829cef8153f878e5a9ff4813996b2c7efd754035a5c75a16358433b13758718a20346b93a10258f8d1ad58c142e74cf5e132f2d8c8e3 diff --git a/libcrux-ml-kem/tests/kats/invalid_dk/ML-KEM-512.txt b/libcrux-ml-kem/tests/kats/invalid_dk/ML-KEM-512.txt new file mode 100644 index 000000000..8916fd858 --- /dev/null +++ b/libcrux-ml-kem/tests/kats/invalid_dk/ML-KEM-512.txt @@ -0,0 +1,2 @@ +5df22333b3a1d6759fcf19a90a1a4f88967537b92291bb671d3991f53453c8ec43e1ac0f34921f17153615713e018530e5d5587378290eda0a1dd3603a3bc7ca42a3f4093748c767ad297596487002a36ade6c904c602e3d7c54e7f386782a780860904d479437306061499b2205ca36377ca63907a76c886e493533b443928a9057d22a715418bab4c6fe51bffd090b70093fdf58c4309c96cd081e72c73645c3b119fa79a0f7a1fb93994a789a0a69c890a03c91180093ba80e6c419c3fa1f9cdb2a98b52d6e2b3c469a0762d13d66086af23c1c80e06cf0c5ad373ab1ab00193135118ccaa293fa3a7a4b124c94a16733a3f7377a14269cc13a67ad113ed2b97c418abe0cf7460413104ed56f2ae4bd524217e3a143e8a8cc330a783cb2b678dc8083e61e0dd3181eb22ea74943a637b8cbb42aa5cc8dcfb0c401f050531a8ce531bb4ae31d479708d59b6464352b32e88b9df064b843542028c84afcc941d246a41b5eae06b44fdcbfce599ef5ccb6644c7176a9c7e65c944fb025b7b29389f5131f990dab6957c93baefa9308839abb0c6827fec644ce941a58643c7d182f526b305fca03c976547f3396b6739dfb928917f51b18932d7da86137344e32db2c360bbb1f8758d9093a8e2643e8cbc241d41b3557512746a68dc3c73cac9056c06eeb7834b8972538545b9fc7609d963088e4971c418df20c8191c9c3d828705e99baa52587a4e033cd68a7792125ae310fb1fa3fe7e9290a06cd1d4491ae851444a0b7dbdb631ae849a366b02413104a362039d08cb119beea961adf18c36f661aeba72ed092b02b2b2ad342596ec851021046bcac36f721c894c98b82134022f1b6aed6500347669d97c6209944b464505351bee6aa9c6592ce76dc1ea524034d823319abc47e9b7e4d2072bb8a356b8b3069cb93f410153328290e8578d18c8370b96a7871cd86f4353b3a6e203019c7290143698e2bac1ea8208f6bf6304c5a13e5a42a0d545b6f61bb1926039df908f751ba13a78f2c30ab50442cb4429e12418ac32537dce1238dfb398f224b670a7fe1b3bbb13b0e5c205c4b8023f3a96ac80a020082cac4f89943017504871ae89c931a7c6b80f50f4ec9c6b980c1a38264dd00446f8a72b82a6561820723c9705487b72175681bc95e06d54a07615f6acb781f1b8c6aea188dbbb53567564924064b179df9891f8ef31fff9035aa613776978baa82a831d15ebc804d56f901d8cbcd26736e59109661390a94d25301b29ebde9af3194938e438f90eb2531932badcab74ab52f431b06c0a59d2a8b5c00cbc59416604ef07ea8c2225d725a0b84153a5b8adf809e008a07dd5cc5191b42392b5e618ca07dc1a070116a1fdb433b459d2c656159076a51c85210f2b263bbb1980899b663c8a5e5656688c399d48aee377d05234c28e65675f8bbf1928ac5f4a5d2ab0915c50648a0adf0d66d757371add481d0617a3f5a7f36cb9163e68e18c133f86c992bb02e92743b946ba34d72a81bc76d34611ebd9467ce925c4c01a28fd4369c93551d455097f0253006844782295e4c7e79cccde825ab9caa99f21c1fcb566f91f7487a5aafc58a4926c0a157e0a28ed56a9b640e75504eab8053c4731b4da1bd8366c475f2800d1b67b8089ef83852af7a9ca167cdc97b8ef81b7f8790cd8173b25e57146dc84574d1a128fa12264c6253b7635ff5672aeb84bb77c33bf46fde9b4e33e1a5402126d6fb40d338316c30b3e2d96f5cb9b25236b353c7af2f7c1a7c380d89e715092750ccc64de10aa16f985ead192afbd3571ccb668bf9aba0d3cbf48703a38c2d712cb368aa9995c1cc843339629a7bc74b56595b37e4716e429a29509a591c13a53e69451ec302983b705839af2f300ed78875163990bc037bec1a2657c4ac73d61a1859045f18c1184c55aa871eb30b1b6f9405b93759a7f1996a893c16ec2b1c62cf20e93924e2aff2322d342b5ed149c7b0212bf2a2906265915a475025599f2b7063166b9261364c0e90b3609b1f3062a44c98b3d6734ad6849c98a3648ce06e75004842fc7b12a074e0fb3b5160b4001299ffd517e4fc8667bcad8ff16770b269330351138772c4b31689e8ca860942f8364afd2a9574fb8bba281bb32846a6303c31d0cefaa16bc17b8fd75b8f931c1589efe5dd05b15286c94d2da39159b19d05622e259a9e73e2ca67d3160938e41d0c47cc7f46c5c4e08c0fb42c218b78ee23d2f8445eada49edbe2cab13b0c831061fd530bda2ee884d94916e31be94603d5565678a12a9a56f980c451aa +0f2cef7e20d9d29005548c2110f58c70c73523e4cd85249bd9703260f4257aa2afa2bb585599af7e82f1e888e176268272d02fb11378da0e63d77e22f2cfb0ad2e26803108f0000e71b2cd875b0b20184d9b8f264c93a9f23ec8fd374044f9531ffa890cec96afbd4c91900c5235db9abfb2c387b7e63e903223a33c9cc4c7f7c1b07b70d8c065ce765977cae2fc5cf58cd815a80da769643fbcac0a955e870b46599bf6902c69596f49390f2278f2f7acd208c839db87c47c2813bd2ff35620a546525fb3c1ccf157e267b97c1d84d27e5743b1e81285bb676c80fdd4b41b92db19ee1c81af3ca393dbb128f4fe8c6efa6b9ee2b5c7d9d268979b8b85ffc6ca154662d975e6b3cfbf98384190b7bed683ea8bc14d7e81718b555424657f40d7eaca88312b42fcf24f677d581826536b463bf65fa00430160aef993f309f4a0345fa188c6ee56b5f2f14524548c5a37d022141ae964ee04346617e42489ff5a5d5cf444c6b4988b493c4904c042d310d5a694418e24a7a089b66c427f2b09150fcbbccd40802a3d3bba6349d0acf6506d7baf68564a614538514fc28a4b245ce83b28182064eb9ef329fd58a79b2cf0279586e6c494073395c0b0ec3e06e9d392a68a6f3bc3a3d85a2c4a0b04410d6c3eab8dd4840327d06e03d10b6b8fd1e29c66f98d7907aac88e9245e3ec998f3d1463fff3a537e4762e37364ae851302a990f2604c8524134aef9d541bebf9e516dbfb0943477c34eb3bed4a28a544a9ecafd2003bec9207ee065a51971bd0abbc43982fd18299fd3a5c19497ff04e379e25efdab57e6d7f13e3d1e719df943c23d04e3b8d249197fb2ae84ef1320b94e255ac8b0ca038df2da4fc17d4b1be8a2f8b726bc1bce82acc93b4f2245eeeff331c4ad0c4fdf3d23a10e500df09bee775d4036a28d946f48d4360eda273d997a54b1d940dbb4a8c070703aa1f99d7997bbb684d1fefc245821b9e871fa899fe60f517e50849f4d2e3ef095fa1d6001b7d3f918e299f83f10734d523dc5d8a6ffd54a57a7adca8d879e4d6180943e02779f0e789364eacff8e1f55af630010f263 diff --git a/libcrux-ml-kem/tests/kats/invalid_dk/ML-KEM-768.txt b/libcrux-ml-kem/tests/kats/invalid_dk/ML-KEM-768.txt new file mode 100644 index 000000000..027be5247 --- /dev/null +++ b/libcrux-ml-kem/tests/kats/invalid_dk/ML-KEM-768.txt @@ -0,0 +1,2 @@ +6581405a2424d89b08d9e30c2e1c562b75b1baf358fa46213b39163dd188d98050e0d7032820aa2bc8631e646cf6a243fd9aad69d40a2af8912cac44fb06bfd12cabec0343f7705b22504d0dac61faa54e05cbb74aa977b714a5af23b0c3039530831b8178602b0c93164499728154a935a7b09310b6e4ca4842432aeb34c6c7b9cb6a5c7440873f72367ce8c68e5656a1894814f431cab243fb36718f39a2e9ca01f622a257f843626875818217e7c370e0e10aadd945dd9501b57b436252a304f68392b188c8761b8fc38f3b3c57634ba89d710c77619573b5a81803a000fd291d677e62344384517c6ae66c41b9c97a24912e45b4dacb40dce92417aa6f3649170baa9fc32c00a1eb908095b8914a6386409f7dd276132a26a94671969c3e3d75bc2ac64f0757b113f8b523924ee67507990c311f8b1479f1b977a1b903c39a0293c98cf56b72b09e4e804782e744e8415e94dc1c6b209481961baee529f5b11bd6699b1505309b61af3ffc410f30b704c3b792c16e1441653cb6b1bc3a8e5ea48025e7a22b394b0e10b823eb4f2a831d14e818941105a0806ecca46535f042a00252c4268737d799a8fb172fa495f9903b39a105dc88142a446057852e55fccbeca65569740c2a310e84887e51e335ba082796e345e0981f4be56167d791830856b6584c56435037684640aac9f42197b00cc60724730c76586ea5616e7902c76b381a2196357aa08101008e8a5527b4690da6a46b17b78bf94435175ce52c45222825242bcda4f9c2cfc7647ab78e75f1b6be2a2fb0271146312985ec5cd7179ca459c16cdc6185415c6b1c7e00f9312764696d22384fc78759699fd5b4601779643300910f00a6daa91f343525bcba6728c668b9b65f42580d359b325bb53fa815378774cc8bb5463b6504f0560315b5850aa0cc97ac00eca803bb47bd1ff33f3c175dd58c3bb3e042119726ed42a6ae297487b7188fb024c9b10b93e09d9ce76c4956c7f349aa07f8993aa31a98ca11f0cb9b24330b2773917ad992b415021569bec174824855800ccb3cc8547d8d79298bd5c64d671413a38b7ab91c517b7f1b85b1b7180e8b86039040869070a1ad20a265f22309f615dfac59038394dd01a6fa191628b54de4a8c6f13a386ce894e2f3cbd02b0884e641d81739c96972f5804e2512a4b9bb7c96db9d8c046fb0d6bd9b27b240d70cc5c04cfa5b2a69322d21d1ad1ccb39464791c250800dac56df5b0d6f994b71b9898978bbd699b642d6b727020ba4a203cee79cc0b113de841230585d2e08919ef8ccef1caa3750a355d39fcc255b30b32db332692fb8a6423c4f62095c712a3fa4db36c1c345beb66ad45351114b96bc388504e857d6f7ab74472c5b8bad3dca412694c7c6a35ed0274b1b983be29cc9c5f8ba76a7511896774aa92ff6c06cded81804ebad582a2afd955bd243412c3b6da55c78ca5250397730f389c737691db39b525f034a9571c4ca12ac3005b99ab9b688da68dd453b4ffc4be381c8b5f87d375044b33b767066af9958207026810c06a31702547705317b198e4d6aad87d27d165b72efe4507018aec017559295643397b406fa3453430b6b629521b1bf47f160f0619a05779183acb84c9c1ad149ab89a47d772a3afa82400b0a873ecc3fe7734732e6351afb26d026616ef9750ceb16a719237d481546547afd227e566ac807f38a30838b30586fae2496e7d7588a655e7d1b216789322a860b2d342bb62801fd82767e6c4a30cc3d83b5803c29aa8058a756348e9fb48dd8d2c75b8695ef18010b037e8cbc452a160b168283e7292f3a3c39a4a66963250a63b4a002a5374b673f17eb26e6372a35370100fbceecc96fe887524af16619846406c6005a0a59da36c097c3604895434d537d803804aaea5ae9008b9c5a8c08f69535c22fa76b7852960a74d31b8de1cdf3d05199d2c4d130a5b75a1ea8ccb5dbf24a9ce314ccaab027d456479701b1340b5bc04a35acc6953411e1c2a88bc6176d923c86491840e8b92a327f57f6532d23260344b0bfbaaa96199cc987a838c3b3b1a81a6ebb3d9e8256646a72c03b140ed266da9ba967492ccfa279e7e829b38b686fd2c0a5b37c1c4669ab718a910c9ea737a34e317cad59385af7b32b047988065bba0563641922b0c7cef6b6ae39f833273731ed34436c61007d61cf44e1210af48da9d6b0dd49a9044173dbe400b3102a84e01e04c517a3c98e53b1375bd9261940006186a5c8120430cc8d192034df661234daa900352a5ff50611992db8054ac77b6e4cdc88759617bd109cbc4c1bf2dbb384d145c7cb53cef88d646511b7d563218c5fcc18883f549b0d539a0285c6a0aa5dc3e6a388ca4f79dcb99c8286203cb80845b26e63c952a8b8fee791fc4a94da2226a1971e4e9c1f26625ef84c9f28b70adf78331461bf872273d91002e78a7ea0a02b7da335125005bc45a99520779eb80c02b4399be90ca8663c40803728406ed44a7d30759890a8b0e8974fff085887d7c4cf9936e0e30242021eb83191f47b324992b8f4392868984a61571c968734b0c006904c4dd0ca3914c15710352859732bd0a7a92da165801c58b2065b5db8b78047c5c99ba82b349245142bcf418b4251580a2052d7a1321e5bb2a7fa0f29d4b66d06c87ce68f50402a4d8bad0e283fab37c066855f5131be52003b5bebc0ed0cc1f8927ebce120a45894716713fa576f44e3748f853ee4658be95bb204d9cb73535f77483e8164a17b05442b4737f6c5ace9da9730a90dcc160975157becd99559dc2599d09270b8abe4a402d2bb2659fb67344629e3450bb08bccf399afbd4035e1415578205354b63aa583470adaa9912ac5fda36687731d64363302d1348779c474a97388634621321f5bdc53666a54c4c788be5c721a913d236942cfd11cb46835eb447096314d6398a1c0776f1c899704e98f62049126134f87f1b16e517cc06cccb138939c91b2d1475e9fcb85a97c1acc14088f2302e57840362ca008b76515d20ba66b9ee01352df31068cea3f877cb938852d01a45f3567346c8a04dcc7ab7cd48320c73a7a53ac1ba22afbd64b60798a7fd4cf3b927c48a3c1a7ca5ff2a06674584ff9035ace27ccd748a06cf53c2977922274265369780242176d583a682b1fa4ea4dedcb7cb86610c500446b7719c8737fc85055ebb84a68380ea3f0c389b50af95643af349448abc63e32120bd66dc819bbefa422b4e5252b8c1fb0dcc7d10a62709681a80313710f3d9c31af73073dd08126b9addda76663cb978d42eec1bb1ff0a2621e6ef6dc51af5792e31de11ae46db25ba285967664eaaf9ef896d8f3e31bf791193897ad2c6f2400f33bdaad465715e2b1140208ce145f +11454c95a5f1a3eef1272ee28554b8a80b85f087f526e69d2f6d34d68f80f0057871274ee788ffcfd1d783f36a20e378af125ec834a0bfda2210ea5bf8e38640c187965d4027fd714db6456f4b302956cd1c5604916c3e642b114d9f17fa1a9c9fd7420ebff7b358f35d0f87c5377b7b8b24845b86a8dd35a4c0e1fefa6608f0d749324d7f523615c9322ade8ac81020022bdb3da2afa0a3a22e38d39b3f7c8ddc383c4b126906074d2f5ffdb3bbd3c0817cbac8e01d9d62f5b11c781a6f20594fcb74472cb63a84fd852d81ed8d36f26579260358801b591a0a4a5b603636e48df8d83553247dd6796e35ed78025e28296980387d11d8d105616bf72df3bee5ea11c6cf0cc3c6c38a0ff370344a741e54a62fbcfcb88a65607129d1e7c8b9c41a617832772020737995c0aa499b720ea2e5cd5590913c8d37fce63d1a0721053e81f88a2077415f35edf81ed5db2c71540b2a64a23ae3a12b88af23243b0d5624e9bacbe58387893272b1d5a236e72c604a077ff184df40074e8bc9bcade19aa172169c838e701258bcf76ca7b2ba88a337e71471dfa6465d5b51e0ea4be779ca09d4d1ebd571c8b88f7699ba8f4c2a46717063017a51d2096abfc5afe2841f02fabf808b39a09cfede197d5ce9f05e20130bb7a2e4112364dde97e2a180466534e8c9b6e1e53cac56b701189cd15e0e433341328537a8d2e064862ffc1854b8ae483e9a4403d1648f536008cf2f8da2265843dd2004de245ff29b8cbf5f0d1cbf0a444415944172c7ee02650e0b751aa539d515b84fdada3cc1dc0ea3d65c39cc878814f06f864104e78d87b26b6c0fe31169d55fc1e38ba1c92a817f4a6650aac9ac5e1c969b940d62e01016f5e546444f1ed2abe7c14e7e9f12a85013ea858f08b18c7ff6a404a7e7c628b599cf57eadf0a773c57cf7acd4e2c1c6da05ad53c7c7ce24c7c11563a59538fbdca77f373a8dc4d317fb6bded6eeba70ff0d09e700f1919fc5343975610f912c2c1c60292bbef4db60f5544b64bc809b6e26f45524aabeaa0468545242624316742944da38debc7107c185b92ceb963185d6ed8530af4e3078559591ff9297a73ab081218d346b5f7c78acb7fa386d38e116c049bb017831cf2782762e059cfa3fbdf6104ddc246c76935fd2e45e945fcd2526e24e6aab824c76d42e9806936e7d33191acf491c11d292e1948070757e0b1c2c1b88b49479154d15e0a92d8d9d90c812950f43bba288342c6a1ce149449855cea5e4a17f313043f594bd20d0057e42ccfdd780dd9f61e6f64a318a91a8312c3eeb7e8352dc6f158972ed5b14f29c56f304960d2b35832bb8338ab21df19efa838e7e3fdca2d59f1e898445cda415cfc20beeed88fe0072a59b35c374894677c9f61dd90a4eb1da1755c1dbf6528456460dea8d75345bcc333fb20226d72731a5a4e21d074d811648473b57843013a3eae2f6d0ee3e1d01af0d1827cf24da9d80dc2ec7499df33d417d5311b02fbcbf5d41a23dcdabdcacaeb59da5df4cc05aab diff --git a/libcrux-ml-kem/tests/ml-kem.rs b/libcrux-ml-kem/tests/ml-kem.rs index 56ca7594f..bb2c69a29 100644 --- a/libcrux-ml-kem/tests/ml-kem.rs +++ b/libcrux-ml-kem/tests/ml-kem.rs @@ -14,6 +14,7 @@ fn test_invalid_modulus(p: &str) { for line in reader.lines() { let line = line.unwrap(); let pk = hex::decode(line).unwrap(); + #[allow(dead_code)] let pk = pk.as_slice(); match p { #[cfg(all(feature = "mlkem512", feature = "pre-verification"))] @@ -57,3 +58,65 @@ fn file_name(p: &str) -> std::path::PathBuf { .join("invalid_modulus") .join(format!("ML-KEM-{}.txt", p)) } + +#[allow(dead_code)] +fn test_invalid_dk(p: &str) { + use std::{ + fs::File, + io::{BufRead, BufReader}, + }; + + fn dk_file(p: &str) -> std::path::PathBuf { + std::path::Path::new("tests") + .join("kats") + .join("invalid_dk") + .join(format!("ML-KEM-{}.txt", p)) + } + + let kat_file_path = dk_file(p); + let kat_file = File::open(kat_file_path).unwrap(); + let reader = BufReader::new(kat_file); + let mut lines = reader.lines(); + while let (Some(dk_string), Some(ct_string)) = (lines.next(), lines.next()) { + let dk = hex::decode(dk_string.unwrap()).unwrap(); + let dk = dk.as_slice(); + let ct = hex::decode(ct_string.unwrap()).unwrap(); + let ct = ct.as_slice(); + match p { + #[cfg(all(feature = "mlkem512", feature = "pre-verification"))] + "512" => assert!(!libcrux_ml_kem::mlkem512::validate_private_key( + &dk.try_into().unwrap(), + &ct.try_into().unwrap(), + )), + #[cfg(all(feature = "mlkem768", feature = "pre-verification"))] + "768" => assert!(!libcrux_ml_kem::mlkem768::validate_private_key( + &dk.try_into().unwrap(), + &ct.try_into().unwrap(), + )), + #[cfg(all(feature = "mlkem1024", feature = "pre-verification"))] + "1024" => assert!(!libcrux_ml_kem::mlkem1024::validate_private_key( + &dk.try_into().unwrap(), + &ct.try_into().unwrap(), + )), + _ => unreachable!(), + }; + } +} + +#[test] +#[cfg(all(feature = "mlkem512", feature = "pre-verification"))] +fn invalid_dk_512() { + test_invalid_dk("512"); +} + +#[test] +#[cfg(all(feature = "mlkem768", feature = "pre-verification"))] +fn invalid_dk_768() { + test_invalid_dk("768"); +} + +#[test] +#[cfg(all(feature = "mlkem1024", feature = "pre-verification"))] +fn invalid_dk_1024() { + test_invalid_dk("1024"); +} From 62e1ec380aa77c2332debb597ee78f5e748b59cf Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 29 Aug 2024 08:02:23 +0000 Subject: [PATCH 108/172] update tools and licenses --- .docker/c/install.sh | 12 ++++++------ libcrux-ml-kem/c/code_gen.txt | 8 ++++---- libcrux-ml-kem/c/eurydice_glue.h | 4 ++-- libcrux-ml-kem/c/internal/libcrux_core.h | 8 ++++---- libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h | 8 ++++---- libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h | 8 ++++---- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 8 ++++---- libcrux-ml-kem/c/internal/libcrux_sha3_internal.h | 8 ++++---- libcrux-ml-kem/c/karamel/include/krml/c_endianness.h | 2 +- .../c/karamel/include/krml/internal/builtin.h | 2 +- .../c/karamel/include/krml/internal/callconv.h | 2 +- .../c/karamel/include/krml/internal/compat.h | 2 +- .../c/karamel/include/krml/internal/debug.h | 2 +- .../c/karamel/include/krml/internal/target.h | 2 +- .../c/karamel/include/krml/internal/types.h | 2 +- .../c/karamel/include/krml/internal/wasmsupport.h | 2 +- .../c/karamel/include/krml/lowstar_endianness.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 8 ++++---- libcrux-ml-kem/c/libcrux_core.h | 8 ++++---- libcrux-ml-kem/c/libcrux_mlkem1024.h | 8 ++++---- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 8 ++++---- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 8 ++++---- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 8 ++++---- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 8 ++++---- libcrux-ml-kem/c/libcrux_mlkem512.h | 8 ++++---- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 8 ++++---- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 8 ++++---- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 8 ++++---- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 8 ++++---- libcrux-ml-kem/c/libcrux_mlkem768.h | 8 ++++---- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 8 ++++---- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 8 ++++---- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 8 ++++---- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 8 ++++---- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 8 ++++---- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 8 ++++---- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 8 ++++---- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 8 ++++---- libcrux-ml-kem/c/libcrux_sha3.h | 8 ++++---- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 8 ++++---- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 8 ++++---- libcrux-ml-kem/c/libcrux_sha3_internal.h | 8 ++++---- libcrux-ml-kem/c/libcrux_sha3_neon.c | 8 ++++---- libcrux-ml-kem/c/libcrux_sha3_neon.h | 8 ++++---- libcrux-ml-kem/cg/code_gen.txt | 8 ++++---- libcrux-ml-kem/cg/eurydice_glue.h | 6 +++--- libcrux-ml-kem/cg/karamel/target.h | 4 ++-- libcrux-ml-kem/cg/libcrux_core.h | 8 ++++---- libcrux-ml-kem/cg/libcrux_ct_ops.h | 8 ++++---- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 8 ++++---- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 8 ++++---- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 8 ++++---- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 8 ++++---- 53 files changed, 182 insertions(+), 182 deletions(-) diff --git a/.docker/c/install.sh b/.docker/c/install.sh index 86bbb3f9f..16026b797 100644 --- a/.docker/c/install.sh +++ b/.docker/c/install.sh @@ -25,24 +25,24 @@ unzip hacl-star.zip rm -rf hacl-star.zip mv hacl-star-2a8b61343a1a7232611cb763b0dc3e4dff84d656/ hacl-star -curl -L https://github.com/AeneasVerif/charon/archive/962f26311ccdf09a6a3cfeacbccafba22bf3d405.zip \ +curl -L https://github.com/AeneasVerif/charon/archive/6b5e110342a771a3e1c739b10294b1778e4be8b4.zip \ --output charon.zip unzip charon.zip rm -rf charon.zip -mv charon-962f26311ccdf09a6a3cfeacbccafba22bf3d405/ charon +mv charon-6b5e110342a771a3e1c739b10294b1778e4be8b4/ charon -curl -L https://github.com/FStarLang/karamel/archive/7862fdc3899b718d39ec98568f78ec40592a622a.zip \ +curl -L https://github.com/FStarLang/karamel/archive/3205d3365ea2790b02368f79fcee38e38d0b5908.zip \ --output karamel.zip unzip karamel.zip rm -rf karamel.zip -mv karamel-7862fdc3899b718d39ec98568f78ec40592a622a/ karamel +mv karamel-3205d3365ea2790b02368f79fcee38e38d0b5908/ karamel -curl -L https://github.com/AeneasVerif/eurydice/archive/e66abbc2119485abfafa17c1911bdbdada5b04f3.zip \ +curl -L https://github.com/AeneasVerif/eurydice/archive/31be7d65ca5d6acdacfb33652e478d24dd85c1cb.zip \ --output eurydice.zip unzip eurydice.zip rm -rf eurydice.zip -mv eurydice-e66abbc2119485abfafa17c1911bdbdada5b04f3/ eurydice +mv eurydice-31be7d65ca5d6acdacfb33652e478d24dd85c1cb/ eurydice echo "export FSTAR_HOME=$HOME/fstar" >>$HOME/.profile echo "export HACL_HOME=$HOME/hacl-star" >>$HOME/.profile diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index a05120b5f..9272a8113 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 -Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e -Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 +Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 +Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb +Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 +Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 5138fcdc5..660918c54 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -96,8 +96,8 @@ typedef struct { sz, a1, a2, t, _, _ret_t) \ Eurydice_array_eq(sz, a1, a2, t, _) #define core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( \ - sz, a1, a2, t, _, _ret_t) \ - Eurydice_array_eq(sz, a1, a2, t, _) + sz, a1, a2, t, _, _ret_t) \ + Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _) #define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ (CLITERAL(ret_t){ \ diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 47916d827..75e5e9eab 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 4395b781f..5e3dc3773 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 6b9f00302..153e3514a 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 2a0a2f146..48e88710f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index d168b015c..adf1c8f2a 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/c_endianness.h b/libcrux-ml-kem/c/karamel/include/krml/c_endianness.h index 21d7e1b4f..937d8d109 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/c_endianness.h +++ b/libcrux-ml-kem/c/karamel/include/krml/c_endianness.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef __KRML_ENDIAN_H #define __KRML_ENDIAN_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/builtin.h b/libcrux-ml-kem/c/karamel/include/krml/internal/builtin.h index 07ff15678..b8d2bdfec 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/builtin.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/builtin.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef __KRML_BUILTIN_H #define __KRML_BUILTIN_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/callconv.h b/libcrux-ml-kem/c/karamel/include/krml/internal/callconv.h index aeca0ba71..4bc0f878d 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/callconv.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/callconv.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef __KRML_CALLCONV_H #define __KRML_CALLCONV_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/compat.h b/libcrux-ml-kem/c/karamel/include/krml/internal/compat.h index 98b5d117a..94c6f948f 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/compat.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/compat.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef KRML_COMPAT_H #define KRML_COMPAT_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/debug.h b/libcrux-ml-kem/c/karamel/include/krml/internal/debug.h index 6c209d947..74588fa95 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/debug.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/debug.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef __KRML_DEBUG_H #define __KRML_DEBUG_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h index e5d59d9f8..dbe3aec09 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef __KRML_TARGET_H #define __KRML_TARGET_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/types.h b/libcrux-ml-kem/c/karamel/include/krml/internal/types.h index a41c64bc0..37ceb2bd8 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/types.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/types.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef KRML_TYPES_H #define KRML_TYPES_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/wasmsupport.h b/libcrux-ml-kem/c/karamel/include/krml/internal/wasmsupport.h index b44fa3f75..5aba97565 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/wasmsupport.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/wasmsupport.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ /* This file is automatically included when compiling with -wasm -d force-c */ #define WasmSupport_check_buffer_size(X) diff --git a/libcrux-ml-kem/c/karamel/include/krml/lowstar_endianness.h b/libcrux-ml-kem/c/karamel/include/krml/lowstar_endianness.h index 3e92cdc8a..d59d9854d 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/lowstar_endianness.h +++ b/libcrux-ml-kem/c/karamel/include/krml/lowstar_endianness.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef __LOWSTAR_ENDIANNESS_H #define __LOWSTAR_ENDIANNESS_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index e692d991f..b03dccbf3 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 898336a1f..3b970efca 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index b812fa7fa..dd2ffee9d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index e8924b16a..3f25a4779 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 7c9befdda..1e2d3d71d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index a068e4ff5..679496600 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 095ac9ec3..d8dccd867 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 19648a439..396b6eb92 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 5b247c835..e5d5735de 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index c3af6203f..b6ca5e8f9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 2b478f0a7..c2f20ba82 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 102df0f72..1504149b7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 9ec71c62d..866494595 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 214e6cc6d..e062bf201 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 2b8e8edc2..5f00d8887 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index d14d8d969..984cca213 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 8283abfb1..a85cf8242 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 2b1bf517c..4812ac6a5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #include "internal/libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 22a8cbb66..217830287 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 322b96f9b..bc96c9231 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 536112a56..1bb290f74 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index fb5e5ce48..141cbe746 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 98b7b6f33..87005de71 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 40d622080..d1fdebd50 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index e45c61660..522f25026 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 1ce890195..1eaf24d1a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 1e59d1a80..73390c848 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index a05120b5f..9272a8113 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 -Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e -Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 +Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 +Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb +Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 +Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 366d716f0..8ead868e5 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -2,7 +2,7 @@ * SPDX-FileCopyrightText: 2024 Eurydice Contributors * SPDX-FileCopyrightText: 2024 Cryspen Sarl * - * SPDX-License-Identifier: Apache-2.0 + * SPDX-License-Identifier: MIT or Apache-2.0 */ #pragma once @@ -95,14 +95,14 @@ typedef struct { (memcpy(dst, src, len * sizeof(elem_type))) #define TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _) \ +#define Eurydice_array_eq(sz, a1, a2, t, _) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ sz, a1, a2, t, _, _ret_t) \ Eurydice_array_eq(sz, a1, a2, t, _) #define core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( \ sz, a1, a2, t, _, _ret_t) \ - Eurydice_array_eq(sz, a1, a2, t, _) + Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _) #define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ (CLITERAL(ret_t){ \ diff --git a/libcrux-ml-kem/cg/karamel/target.h b/libcrux-ml-kem/cg/karamel/target.h index b8ed3fd02..f34539303 100644 --- a/libcrux-ml-kem/cg/karamel/target.h +++ b/libcrux-ml-kem/cg/karamel/target.h @@ -1,10 +1,10 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - * Licensed under the Apache 2.0 License. + * Licensed under the Apache 2.0 and MIT Licenses. * * SPDX-FileCopyrightText: 2024 INRIA and Microsoft Corporation * SPDX-FileCopyrightText: 2024 Cryspen Sarl * - * SPDX-License-Identifier: Apache-2.0 + * SPDX-License-Identifier: MIT or Apache-2.0 */ #ifndef __KRML_TARGET_H diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index da42a20b4..9eb6c227c 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index cf84953dc..f6045ffc4 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 5a6bd84e2..d0e4d0d19 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 4c72badfc..057714d5a 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 6ed704984..5f57e0fb3 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 12650f0f8..748cfd2fe 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 - * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e - * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 + * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee */ #ifndef __libcrux_sha3_portable_H From 0c50e0d95d90bc9d7eb10a30bef050a7591f0f5d Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Thu, 29 Aug 2024 11:04:59 +0200 Subject: [PATCH 109/172] disable benchmarks on CI :( --- .github/workflows/{c-bench.yml => c-bench.yml.disabled} | 0 .../workflows/{mlkem-bench.yml => mlkem-bench.yml.disabled} | 0 .github/workflows/{rust-bench.yml => rust-bench.yml.disabled} | 4 ---- ...ip-benches-in-prs.yml => skip-benches-in-prs.yml.disabled} | 0 4 files changed, 4 deletions(-) rename .github/workflows/{c-bench.yml => c-bench.yml.disabled} (100%) rename .github/workflows/{mlkem-bench.yml => mlkem-bench.yml.disabled} (100%) rename .github/workflows/{rust-bench.yml => rust-bench.yml.disabled} (96%) rename .github/workflows/{skip-benches-in-prs.yml => skip-benches-in-prs.yml.disabled} (100%) diff --git a/.github/workflows/c-bench.yml b/.github/workflows/c-bench.yml.disabled similarity index 100% rename from .github/workflows/c-bench.yml rename to .github/workflows/c-bench.yml.disabled diff --git a/.github/workflows/mlkem-bench.yml b/.github/workflows/mlkem-bench.yml.disabled similarity index 100% rename from .github/workflows/mlkem-bench.yml rename to .github/workflows/mlkem-bench.yml.disabled diff --git a/.github/workflows/rust-bench.yml b/.github/workflows/rust-bench.yml.disabled similarity index 96% rename from .github/workflows/rust-bench.yml rename to .github/workflows/rust-bench.yml.disabled index 1ba9971c5..3258ab0c3 100644 --- a/.github/workflows/rust-bench.yml +++ b/.github/workflows/rust-bench.yml.disabled @@ -88,10 +88,6 @@ jobs: - name: 🏃🏻‍♀️ Benchmarks run: cargo bench --verbose $RUST_TARGET_FLAG -p benchmarks -- --output-format bencher | tee bench.txt - - name: Print Git Status - run: git status - - name: Print Git Diff - run: git diff - name: Store Benchmarks uses: benchmark-action/github-action-benchmark@v1 with: diff --git a/.github/workflows/skip-benches-in-prs.yml b/.github/workflows/skip-benches-in-prs.yml.disabled similarity index 100% rename from .github/workflows/skip-benches-in-prs.yml rename to .github/workflows/skip-benches-in-prs.yml.disabled From b0786ec7dbf1945f335ea990bb157d9ee03b3b0e Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 29 Aug 2024 15:25:31 +0000 Subject: [PATCH 110/172] add randomized APIs to ml-kem --- Cargo.lock | 1 - libcrux-ecdh/Cargo.toml | 3 + libcrux-kem/src/kem.rs | 63 +++++++++++++------- libcrux-kem/tests/ml_kem_wycheproof_early.rs | 2 +- libcrux-ml-kem/Cargo.toml | 8 ++- libcrux-ml-kem/benches/ml-kem.rs | 3 +- libcrux-ml-kem/src/kem/kyber/kyber1024.rs | 9 +-- libcrux-ml-kem/src/kem/kyber/kyber512.rs | 9 +-- libcrux-ml-kem/src/kem/kyber/kyber768.rs | 13 ++-- libcrux-ml-kem/src/mlkem1024.rs | 45 ++++++++++++++ libcrux-ml-kem/src/mlkem512.rs | 45 ++++++++++++++ libcrux-ml-kem/src/mlkem768.rs | 45 ++++++++++++++ libcrux-ml-kem/tests/ml-kem.rs | 4 +- 13 files changed, 197 insertions(+), 53 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d05b611e1..8e635e880 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1046,7 +1046,6 @@ dependencies = [ "libcrux-platform", "libcrux-sha3", "rand", - "rand_core", "serde", "serde_json", ] diff --git a/libcrux-ecdh/Cargo.toml b/libcrux-ecdh/Cargo.toml index a94d69e58..9c9816686 100644 --- a/libcrux-ecdh/Cargo.toml +++ b/libcrux-ecdh/Cargo.toml @@ -22,3 +22,6 @@ hex = { version = "0.4.3", features = ["serde"] } serde_json = { version = "1.0" } serde = { version = "1.0", features = ["derive"] } pretty_env_logger = "0.5" + +[lints.rust] +unexpected_cfgs = { level = "warn", check-cfg = ['cfg(adx)', 'cfg(bmi2)'] } diff --git a/libcrux-kem/src/kem.rs b/libcrux-kem/src/kem.rs index defb77d0a..b8874ffba 100644 --- a/libcrux-kem/src/kem.rs +++ b/libcrux-kem/src/kem.rs @@ -215,10 +215,14 @@ pub struct X25519MlKem768Draft00PublicKey { impl X25519MlKem768Draft00PublicKey { pub fn decode(bytes: &[u8]) -> Result { Ok(Self { - mlkem: MlKem768PublicKey::try_from(&bytes[32..]) - .ok() - .and_then(mlkem768::validate_public_key) - .ok_or(Error::InvalidPublicKey)?, + mlkem: { + let key = MlKem768PublicKey::try_from(&bytes[32..]) + .map_err(|_| Error::InvalidPublicKey)?; + if !mlkem768::validate_public_key(&key) { + return Err(Error::InvalidPublicKey); + } + key + }, x25519: bytes[0..32] .try_into() .map_err(|_| Error::InvalidPublicKey)?, @@ -241,10 +245,14 @@ pub struct XWingKemDraft02PublicKey { impl XWingKemDraft02PublicKey { pub fn decode(bytes: &[u8]) -> Result { Ok(Self { - pk_m: MlKem768PublicKey::try_from(&bytes[0..1184]) - .ok() - .and_then(mlkem768::validate_public_key) - .ok_or(Error::InvalidPublicKey)?, + pk_m: { + let key = MlKem768PublicKey::try_from(&bytes[0..1184]) + .map_err(|_| Error::InvalidPublicKey)?; + if !mlkem768::validate_public_key(&key) { + return Err(Error::InvalidPublicKey); + } + key + }, pk_x: bytes[1184..] .try_into() .map_err(|_| Error::InvalidPublicKey)?, @@ -654,16 +662,22 @@ impl PublicKey { .try_into() .map(Self::P256) .map_err(|_| Error::InvalidPublicKey), - Algorithm::MlKem512 => MlKem512PublicKey::try_from(bytes) - .ok() - .and_then(mlkem512::validate_public_key) - .map(Self::MlKem512) - .ok_or(Error::InvalidPublicKey), - Algorithm::MlKem768 => MlKem768PublicKey::try_from(bytes) - .ok() - .and_then(mlkem768::validate_public_key) - .map(Self::MlKem768) - .ok_or(Error::InvalidPublicKey), + Algorithm::MlKem512 => { + let key = + MlKem512PublicKey::try_from(bytes).map_err(|_| Error::InvalidPublicKey)?; + if !mlkem512::validate_public_key(&key) { + return Err(Error::InvalidPublicKey); + } + Ok(Self::MlKem512(key)) + } + Algorithm::MlKem768 => { + let key = + MlKem768PublicKey::try_from(bytes).map_err(|_| Error::InvalidPublicKey)?; + if !mlkem768::validate_public_key(&key) { + return Err(Error::InvalidPublicKey); + } + Ok(Self::MlKem768(key)) + } Algorithm::X25519MlKem768Draft00 => { X25519MlKem768Draft00PublicKey::decode(bytes).map(Self::X25519MlKem768Draft00) } @@ -678,11 +692,14 @@ impl PublicKey { Algorithm::XWingKyberDraft02 => { XWingKemDraft02PublicKey::decode(bytes).map(Self::XWingKyberDraft02) } - Algorithm::MlKem1024 => MlKem1024PublicKey::try_from(bytes) - .ok() - .and_then(mlkem1024::validate_public_key) - .map(Self::MlKem1024) - .ok_or(Error::InvalidPublicKey), + Algorithm::MlKem1024 => { + let key = + MlKem1024PublicKey::try_from(bytes).map_err(|_| Error::InvalidPublicKey)?; + if !mlkem1024::validate_public_key(&key) { + return Err(Error::InvalidPublicKey); + } + Ok(Self::MlKem1024(key)) + } _ => Err(Error::UnsupportedAlgorithm), } } diff --git a/libcrux-kem/tests/ml_kem_wycheproof_early.rs b/libcrux-kem/tests/ml_kem_wycheproof_early.rs index 506816c4c..1bceeae72 100644 --- a/libcrux-kem/tests/ml_kem_wycheproof_early.rs +++ b/libcrux-kem/tests/ml_kem_wycheproof_early.rs @@ -91,7 +91,7 @@ macro_rules! impl_known_answer_test { assert_eq!(my_shared_secret.as_ref(), expected_shared_secret); } else { if comment == "Public key not reduced" { - assert!($validate_pk(<$pk>::from(pk)).is_none()); + assert!(!$validate_pk(&<$pk>::from(pk))); } } } diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index 1deaa591c..a0f82ec4e 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -22,7 +22,7 @@ exclude = [ bench = false # so libtest doesn't eat the arguments to criterion [dependencies] -rand_core = { version = "0.6" } +rand = { version = "0.8", optional = true } libcrux-platform = { version = "0.0.2-alpha.3", path = "../sys/platform" } libcrux-sha3 = { version = "0.0.2-alpha.3", path = "../libcrux-sha3" } libcrux-intrinsics = { version = "0.0.2-alpha.3", path = "../libcrux-intrinsics" } @@ -34,7 +34,7 @@ hax-lib = { version = "0.1.0-alpha.1", git = "https://github.com/hacspec/hax/" } [features] # By default all variants and std are enabled. -default = ["std", "mlkem512", "mlkem768", "mlkem1024"] +default = ["std", "mlkem512", "mlkem768", "mlkem1024", "rand"] # Hardware features can be force enabled. # It is not recommended to use these. This crate performs CPU feature detection @@ -56,6 +56,10 @@ kyber = [] # Code that is not yet verified pre-verification = [] +# APIs that sample their own randomness +rand = ["dep:rand"] + +# std support std = [] [dev-dependencies] diff --git a/libcrux-ml-kem/benches/ml-kem.rs b/libcrux-ml-kem/benches/ml-kem.rs index d347c9626..5e004aaf1 100644 --- a/libcrux-ml-kem/benches/ml-kem.rs +++ b/libcrux-ml-kem/benches/ml-kem.rs @@ -2,8 +2,7 @@ use std::hint::black_box; use std::time::Duration; use criterion::{criterion_group, criterion_main, BatchSize, Criterion}; -use rand_core::OsRng; -use rand_core::RngCore; +use rand::{rngs::OsRng, RngCore}; use libcrux_ml_kem::{mlkem1024, mlkem512, mlkem768}; diff --git a/libcrux-ml-kem/src/kem/kyber/kyber1024.rs b/libcrux-ml-kem/src/kem/kyber/kyber1024.rs index 35faf4b4a..f3fa12a5c 100644 --- a/libcrux-ml-kem/src/kem/kyber/kyber1024.rs +++ b/libcrux-ml-kem/src/kem/kyber/kyber1024.rs @@ -44,17 +44,12 @@ pub type MlKem1024PublicKey = MlKemPublicKey; /// Validate a public key. /// /// Returns `Some(public_key)` if valid, and `None` otherwise. -pub fn validate_public_key(public_key: MlKem1024PublicKey) -> Option { - if super::validate_public_key::< +pub fn validate_public_key(public_key: &MlKem1024PublicKey) -> bool { + super::validate_public_key::< RANK_1024, RANKED_BYTES_PER_RING_ELEMENT_1024, CPA_PKE_PUBLIC_KEY_SIZE_1024, >(&public_key.value) - { - Some(public_key) - } else { - None - } } /// Generate ML-KEM 1024 Key Pair diff --git a/libcrux-ml-kem/src/kem/kyber/kyber512.rs b/libcrux-ml-kem/src/kem/kyber/kyber512.rs index 0e9ece26e..728e59092 100644 --- a/libcrux-ml-kem/src/kem/kyber/kyber512.rs +++ b/libcrux-ml-kem/src/kem/kyber/kyber512.rs @@ -42,17 +42,12 @@ pub type MlKem512PublicKey = MlKemPublicKey; /// Validate a public key. /// /// Returns `Some(public_key)` if valid, and `None` otherwise. -pub fn validate_public_key(public_key: MlKem512PublicKey) -> Option { - if super::validate_public_key::< +pub fn validate_public_key(public_key: &MlKem512PublicKey) -> bool { + super::validate_public_key::< RANK_512, RANKED_BYTES_PER_RING_ELEMENT_512, CPA_PKE_PUBLIC_KEY_SIZE_512, >(&public_key.value) - { - Some(public_key) - } else { - None - } } /// Generate ML-KEM 512 Key Pair diff --git a/libcrux-ml-kem/src/kem/kyber/kyber768.rs b/libcrux-ml-kem/src/kem/kyber/kyber768.rs index a1bfb4c19..b1f586f92 100644 --- a/libcrux-ml-kem/src/kem/kyber/kyber768.rs +++ b/libcrux-ml-kem/src/kem/kyber/kyber768.rs @@ -43,17 +43,12 @@ pub type MlKem768PublicKey = MlKemPublicKey; /// Validate a public key. /// /// Returns `Some(public_key)` if valid, and `None` otherwise. -pub fn validate_public_key(public_key: MlKem768PublicKey) -> Option { - if super::validate_public_key::< +pub fn validate_public_key(public_key: &MlKem768PublicKey) -> bool { + super::validate_public_key::< RANK_768, RANKED_BYTES_PER_RING_ELEMENT_768, CPA_PKE_PUBLIC_KEY_SIZE_768, >(&public_key.value) - { - Some(public_key) - } else { - None - } } /// Generate ML-KEM 768 Key Pair @@ -176,7 +171,7 @@ pub(crate) fn decapsulate_unpacked( #[cfg(test)] mod tests { - use rand_core::{OsRng, RngCore}; + use rand::{rngs::OsRng, RngCore}; use super::{ kyber768::{generate_key_pair, validate_public_key}, @@ -189,6 +184,6 @@ mod tests { OsRng.fill_bytes(&mut randomness); let key_pair = generate_key_pair(randomness); - assert!(validate_public_key(key_pair.pk).is_some()); + assert!(validate_public_key(&key_pair.pk)); } } diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 4d8520881..7a96f45b2 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -440,6 +440,51 @@ pub fn decapsulate( >(private_key, ciphertext) } +/// Randomized APIs +/// +/// The functions in this module are equivalent to the one in the main module, +/// but sample their own randomness, provided a random number generator that +/// implements `RngCore` and `CryptoRng`. +/// +/// Decapsulation is not provided in this module as it does not require randomness. +#[cfg(not(eurydice))] +pub mod rand { + use super::{ + MlKem1024Ciphertext, MlKem1024KeyPair, MlKem1024PublicKey, MlKemSharedSecret, + KEY_GENERATION_SEED_SIZE, SHARED_SECRET_SIZE, + }; + use ::rand::{CryptoRng, RngCore}; + + /// Generate ML-KEM 1024 Key Pair + /// + /// The random number generator `rng` needs to implement `RngCore` and + /// `CryptoRng` to sample the required randomness internally. + /// + /// This function returns an [`MlKem1024KeyPair`]. + pub fn generate_key_pair(rng: &mut (impl RngCore + CryptoRng)) -> MlKem1024KeyPair { + let mut randomness = [0u8; KEY_GENERATION_SEED_SIZE]; + rng.fill_bytes(&mut randomness); + + super::generate_key_pair(randomness) + } + + /// Encapsulate ML-KEM 1024 + /// + /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + /// The input is a reference to an [`MlKem1024PublicKey`]. + /// The random number generator `rng` needs to implement `RngCore` and + /// `CryptoRng` to sample the required randomness internally. + pub fn encapsulate( + public_key: &MlKem1024PublicKey, + rng: &mut (impl RngCore + CryptoRng), + ) -> (MlKem1024Ciphertext, MlKemSharedSecret) { + let mut randomness = [0u8; SHARED_SECRET_SIZE]; + rng.fill_bytes(&mut randomness); + + super::encapsulate(public_key, randomness) + } +} + #[cfg(all(not(eurydice), feature = "kyber"))] pub(crate) mod kyber { use super::*; diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 7ad225342..f26bc1018 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -432,6 +432,51 @@ pub fn decapsulate( >(private_key, ciphertext) } +/// Randomized APIs +/// +/// The functions in this module are equivalent to the one in the main module, +/// but sample their own randomness, provided a random number generator that +/// implements `RngCore` and `CryptoRng`. +/// +/// Decapsulation is not provided in this module as it does not require randomness. +#[cfg(not(eurydice))] +pub mod rand { + use super::{ + MlKem512Ciphertext, MlKem512KeyPair, MlKem512PublicKey, MlKemSharedSecret, + KEY_GENERATION_SEED_SIZE, SHARED_SECRET_SIZE, + }; + use ::rand::{CryptoRng, RngCore}; + + /// Generate ML-KEM 512 Key Pair + /// + /// The random number generator `rng` needs to implement `RngCore` and + /// `CryptoRng` to sample the required randomness internally. + /// + /// This function returns an [`MlKem512KeyPair`]. + pub fn generate_key_pair(rng: &mut (impl RngCore + CryptoRng)) -> MlKem512KeyPair { + let mut randomness = [0u8; KEY_GENERATION_SEED_SIZE]; + rng.fill_bytes(&mut randomness); + + super::generate_key_pair(randomness) + } + + /// Encapsulate ML-KEM 512 + /// + /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + /// The input is a reference to an [`MlKem512PublicKey`]. + /// The random number generator `rng` needs to implement `RngCore` and + /// `CryptoRng` to sample the required randomness internally. + pub fn encapsulate( + public_key: &MlKem512PublicKey, + rng: &mut (impl RngCore + CryptoRng), + ) -> (MlKem512Ciphertext, MlKemSharedSecret) { + let mut randomness = [0u8; SHARED_SECRET_SIZE]; + rng.fill_bytes(&mut randomness); + + super::encapsulate(public_key, randomness) + } +} + #[cfg(all(not(eurydice), feature = "kyber"))] pub(crate) mod kyber { use super::*; diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index b47a3eb72..5d629d6c6 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -435,6 +435,51 @@ pub fn decapsulate( >(private_key, ciphertext) } +/// Randomized APIs +/// +/// The functions in this module are equivalent to the one in the main module, +/// but sample their own randomness, provided a random number generator that +/// implements `RngCore` and `CryptoRng`. +/// +/// Decapsulation is not provided in this module as it does not require randomness. +#[cfg(not(eurydice))] +pub mod rand { + use super::{ + MlKem768Ciphertext, MlKem768KeyPair, MlKem768PublicKey, MlKemSharedSecret, + KEY_GENERATION_SEED_SIZE, SHARED_SECRET_SIZE, + }; + use ::rand::{CryptoRng, RngCore}; + + /// Generate ML-KEM 768 Key Pair + /// + /// The random number generator `rng` needs to implement `RngCore` and + /// `CryptoRng` to sample the required randomness internally. + /// + /// This function returns an [`MlKem768KeyPair`]. + pub fn generate_key_pair(rng: &mut (impl RngCore + CryptoRng)) -> MlKem768KeyPair { + let mut randomness = [0u8; KEY_GENERATION_SEED_SIZE]; + rng.fill_bytes(&mut randomness); + + super::generate_key_pair(randomness) + } + + /// Encapsulate ML-KEM 768 + /// + /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + /// The input is a reference to an [`MlKem768PublicKey`]. + /// The random number generator `rng` needs to implement `RngCore` and + /// `CryptoRng` to sample the required randomness internally. + pub fn encapsulate( + public_key: &MlKem768PublicKey, + rng: &mut (impl RngCore + CryptoRng), + ) -> (MlKem768Ciphertext, MlKemSharedSecret) { + let mut randomness = [0u8; SHARED_SECRET_SIZE]; + rng.fill_bytes(&mut randomness); + + super::encapsulate(public_key, randomness) + } +} + #[cfg(all(not(eurydice), feature = "kyber"))] pub(crate) mod kyber { use super::*; diff --git a/libcrux-ml-kem/tests/ml-kem.rs b/libcrux-ml-kem/tests/ml-kem.rs index bb2c69a29..ca568eb6a 100644 --- a/libcrux-ml-kem/tests/ml-kem.rs +++ b/libcrux-ml-kem/tests/ml-kem.rs @@ -14,7 +14,7 @@ fn test_invalid_modulus(p: &str) { for line in reader.lines() { let line = line.unwrap(); let pk = hex::decode(line).unwrap(); - #[allow(dead_code)] + #[allow(unused_variables)] let pk = pk.as_slice(); match p { #[cfg(all(feature = "mlkem512", feature = "pre-verification"))] @@ -79,8 +79,10 @@ fn test_invalid_dk(p: &str) { let mut lines = reader.lines(); while let (Some(dk_string), Some(ct_string)) = (lines.next(), lines.next()) { let dk = hex::decode(dk_string.unwrap()).unwrap(); + #[allow(unused_variables)] let dk = dk.as_slice(); let ct = hex::decode(ct_string.unwrap()).unwrap(); + #[allow(unused_variables)] let ct = ct.as_slice(); match p { #[cfg(all(feature = "mlkem512", feature = "pre-verification"))] From ebf3e092abe14e252aa94557ceb224884d3a0c16 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 30 Aug 2024 07:32:08 +0000 Subject: [PATCH 111/172] drop commented code --- libcrux-ml-dsa/src/ml_dsa_44.rs | 25 ------------------------- 1 file changed, 25 deletions(-) diff --git a/libcrux-ml-dsa/src/ml_dsa_44.rs b/libcrux-ml-dsa/src/ml_dsa_44.rs index b16eef196..2286d163f 100644 --- a/libcrux-ml-dsa/src/ml_dsa_44.rs +++ b/libcrux-ml-dsa/src/ml_dsa_44.rs @@ -65,31 +65,6 @@ pub type MLDSA44VerificationKey = MLDSAVerificationKey; pub type MLDSA44KeyPair = MLDSAKeyPair; pub type MLDSA44Signature = MLDSASignature; -// // TODO: Multiplex more intelligently. -// #[cfg(feature = "simd256")] -// type SIMDUnit = crate::simd::avx2::AVX2SIMDUnit; -// #[cfg(not(feature = "simd256"))] -// type SIMDUnit = crate::simd::portable::PortableSIMDUnit; - -// // For regular shake128 we only use portable. -// type Shake128 = crate::hash_functions::portable::Shake128; - -// #[cfg(feature = "simd256")] -// type Shake128X4 = crate::hash_functions::simd256::Shake128; -// #[cfg(not(feature = "simd256"))] -// type Shake128X4 = crate::hash_functions::portable::Shake128X4; - -// #[cfg(feature = "simd256")] -// type Shake256X4 = crate::hash_functions::simd256::Shake256X4; -// #[cfg(not(feature = "simd256"))] -// type Shake256X4 = crate::hash_functions::portable::Shake256X4; - -// // TODO: This is all portable for now. -// #[cfg(feature = "simd256")] -// type Shake256 = crate::hash_functions::portable::Shake256; -// #[cfg(not(feature = "simd256"))] -// type Shake256 = crate::hash_functions::portable::Shake256; - // Instantiate the different functions. macro_rules! instantiate { ($modp:ident, $p:path, $doc:expr) => { From 2c597d9d0be5dd81c5b72450baa193d7c3c3d50c Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 30 Aug 2024 07:39:27 +0000 Subject: [PATCH 112/172] update cargo.lock --- Cargo.lock | 62 +++++++++++++++++++++++++++--------------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 3d3991651..3c3ab2a92 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -143,7 +143,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.75", + "syn 2.0.76", "which", ] @@ -191,9 +191,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.13" +version = "1.1.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72db2f7947ecee9b03b510377e8bb9077afa27176fdbff55c51027e976fdcc48" +checksum = "57b6a275aa2903740dc87da01c62040406b8812552e97129a63ea8850a17c6e6" dependencies = [ "jobserver", "libc", @@ -319,7 +319,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] @@ -483,7 +483,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" +source = "git+https://github.com/hacspec/hax/?branch=main#503591c020c485c283f7a40d0c139029ac7ceca5" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "num-bigint", @@ -712,7 +712,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" +source = "git+https://github.com/hacspec/hax/#503591c020c485c283f7a40d0c139029ac7ceca5" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "num-bigint", @@ -722,33 +722,33 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" +source = "git+https://github.com/hacspec/hax/?branch=main#503591c020c485c283f7a40d0c139029ac7ceca5" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "paste", "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" +source = "git+https://github.com/hacspec/hax/#503591c020c485c283f7a40d0c139029ac7ceca5" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "paste", "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" +source = "git+https://github.com/hacspec/hax/?branch=main#503591c020c485c283f7a40d0c139029ac7ceca5" dependencies = [ "proc-macro2", "quote", @@ -760,7 +760,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" +source = "git+https://github.com/hacspec/hax/#503591c020c485c283f7a40d0c139029ac7ceca5" dependencies = [ "proc-macro2", "quote", @@ -1238,7 +1238,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] @@ -1400,12 +1400,12 @@ dependencies = [ [[package]] name = "prettyplease" -version = "0.2.20" +version = "0.2.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" +checksum = "479cf940fbbb3426c32c5d5176f62ad57549a0bb84773423ba8be9d089f5faba" dependencies = [ "proc-macro2", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] @@ -1474,9 +1474,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.36" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] @@ -1593,18 +1593,18 @@ checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" [[package]] name = "rustc_version" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" dependencies = [ "semver", ] [[package]] name = "rustix" -version = "0.38.34" +version = "0.38.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" +checksum = "a85d50532239da68e9addb745ba38ff4612a242c1c7ceea689c4bc7c2f43c36f" dependencies = [ "bitflags", "errno", @@ -1671,7 +1671,7 @@ checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] @@ -1770,9 +1770,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.75" +version = "2.0.76" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6af063034fc1935ede7be0122941bafa9bacb949334d090b77ca98b5817c7d9" +checksum = "578e081a14e0cefc3279b0472138c513f37b41a08d5a3cca9b6e4e8ceb6cd525" dependencies = [ "proc-macro2", "quote", @@ -1891,7 +1891,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", "wasm-bindgen-shared", ] @@ -1925,7 +1925,7 @@ checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -1959,7 +1959,7 @@ checksum = "4b8220be1fa9e4c889b30fd207d4906657e7e90b12e0e6b0c8b8d8709f5de021" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] @@ -2117,7 +2117,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] @@ -2137,5 +2137,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] From 28d0e150647beeedf537cb308ba8d03afdf82e56 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 30 Aug 2024 13:50:45 +0200 Subject: [PATCH 113/172] fix non-rand build --- libcrux-ml-kem/src/mlkem1024.rs | 2 +- libcrux-sha3/src/lib.rs | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 7a96f45b2..26718e625 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -447,7 +447,7 @@ pub fn decapsulate( /// implements `RngCore` and `CryptoRng`. /// /// Decapsulation is not provided in this module as it does not require randomness. -#[cfg(not(eurydice))] +#[cfg(all(not(eurydice), feature = "rand"))] pub mod rand { use super::{ MlKem1024Ciphertext, MlKem1024KeyPair, MlKem1024PublicKey, MlKemSharedSecret, diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index e4f7e33bc..d112e05e0 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -936,6 +936,7 @@ pub mod avx2 { absorb_final, squeeze_first_three_blocks, squeeze_next_block, KeccakState as GenericState, }; + #[cfg(feature = "simd256")] use crate::generic_keccak::{squeeze_first_block, squeeze_first_five_blocks}; #[cfg(feature = "simd256")] use libcrux_intrinsics::avx2::*; From 056e28a0d1679e94517294ab9e47a4abe71bcb93 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Fri, 30 Aug 2024 08:38:14 -0700 Subject: [PATCH 114/172] Refresh C --- libcrux-ml-kem/c.yaml | 4 +- libcrux-ml-kem/c/benches/sha3.cc | 12 +- libcrux-ml-kem/c/code_gen.txt | 10 +- libcrux-ml-kem/c/eurydice_glue.h | 3 + libcrux-ml-kem/c/internal/libcrux_core.h | 68 +- .../c/internal/libcrux_mlkem_avx2.h | 34 +- .../c/internal/libcrux_mlkem_portable.h | 34 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 14 +- .../c/internal/libcrux_sha3_internal.h | 164 +-- .../c/karamel/include/krml/c_endianness.h | 2 +- .../c/karamel/include/krml/internal/builtin.h | 2 +- .../karamel/include/krml/internal/callconv.h | 2 +- .../c/karamel/include/krml/internal/compat.h | 2 +- .../c/karamel/include/krml/internal/debug.h | 2 +- .../c/karamel/include/krml/internal/target.h | 2 +- .../c/karamel/include/krml/internal/types.h | 2 +- .../include/krml/internal/wasmsupport.h | 2 +- .../karamel/include/krml/lowstar_endianness.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 70 +- libcrux-ml-kem/c/libcrux_core.h | 12 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 38 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 1268 ++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 1286 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 10 +- libcrux-ml-kem/c/libcrux_sha3.h | 22 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 466 +++--- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 756 +++++----- libcrux-ml-kem/c/libcrux_sha3_neon.c | 10 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 10 +- 45 files changed, 2296 insertions(+), 2293 deletions(-) diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 2af7c36be..d4398bbc2 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -43,8 +43,8 @@ files: # the behavior applies. internal: monomorphizations_exact: - - [libcrux_sha3, generic_keccak, absorb_final_d9 ] - - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_2a ] + - [libcrux_sha3, generic_keccak, absorb_final_7f ] + - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_ed ] api: - [libcrux_sha3, avx2, "*"] private: diff --git a/libcrux-ml-kem/c/benches/sha3.cc b/libcrux-ml-kem/c/benches/sha3.cc index 97cc7a57b..a2bfadfce 100644 --- a/libcrux-ml-kem/c/benches/sha3.cc +++ b/libcrux-ml-kem/c/benches/sha3.cc @@ -70,15 +70,15 @@ shake128_34_504(benchmark::State &state) Eurydice_slice last[4] = {EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34)}; Eurydice_slice out[4] = {EURYDICE_SLICE(digest0, 0, 504), EURYDICE_SLICE(digest1, 0, 504), EURYDICE_SLICE(digest2, 0, 504), EURYDICE_SLICE(digest3, 0, 504)}; - libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_d9(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(&st, out); + auto st = libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_generic_keccak_absorb_final_7f(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(&st, out); for (auto _ : state) { - libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_d9(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(&st, out); + auto st = libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_generic_keccak_absorb_final_7f(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(&st, out); } } diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index c92c5be17..2ec290f69 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 -Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 -Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a -F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe +Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d +Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 +Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 +F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 +Libcrux: 6a879b951d169019291839d9badb170d28e5246b diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index a97683fa6..660918c54 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -95,6 +95,9 @@ typedef struct { #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ sz, a1, a2, t, _, _ret_t) \ Eurydice_array_eq(sz, a1, a2, t, _) +#define core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( \ + sz, a1, a2, t, _, _ret_t) \ + Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _) #define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ (CLITERAL(ret_t){ \ diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 3f6e7498f..91ed8c91b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __internal_libcrux_core_H @@ -69,7 +69,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_da1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_961( uint8_t value[1568U]); /** @@ -85,7 +85,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_351( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_821( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -98,7 +98,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_f21( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_891( uint8_t value[3168U]); /** @@ -110,7 +110,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_a91( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_191( uint8_t value[1568U]); /** @@ -124,7 +124,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f11( +uint8_t *libcrux_ml_kem_types_as_slice_cb_7a1( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -136,7 +136,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_a61( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_c61( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -147,7 +147,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_ea4(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_6d4(Eurydice_slice slice, uint8_t ret[1600U]); /** @@ -159,7 +159,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_da0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_960( uint8_t value[1184U]); /** @@ -175,7 +175,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_350( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_820( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -188,7 +188,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_f20( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_890( uint8_t value[2400U]); /** @@ -200,7 +200,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_a90( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_190( uint8_t value[1088U]); /** @@ -214,7 +214,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f10( +uint8_t *libcrux_ml_kem_types_as_slice_cb_7a0( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -226,7 +226,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_a60( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_c60( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -237,7 +237,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_ea3(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_6d3(Eurydice_slice slice, uint8_t ret[1120U]); /** @@ -249,7 +249,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_da( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_96( uint8_t value[800U]); /** @@ -265,7 +265,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_35( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_82( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -278,7 +278,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_f2( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_89( uint8_t value[1632U]); /** @@ -302,7 +302,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); +void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]); /** This function found in impl {(core::convert::From<@Array> for @@ -313,7 +313,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_a9( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_19( uint8_t value[768U]); /** @@ -327,7 +327,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f1( +uint8_t *libcrux_ml_kem_types_as_slice_cb_7a( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -338,7 +338,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_ea2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_6d2(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -349,7 +349,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_ea1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_6d1(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -361,7 +361,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_a6( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_c6( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** @@ -372,7 +372,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_ea0(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_6d0(Eurydice_slice slice, uint8_t ret[800U]); /** @@ -383,7 +383,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_ea(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_6d(Eurydice_slice slice, uint8_t ret[64U]); /** @@ -407,7 +407,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]); +void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]); /** A monomorphic instance of core.result.Result @@ -430,7 +430,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]); +void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]); /** A monomorphic instance of core.result.Result @@ -453,7 +453,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]); +void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result @@ -476,7 +476,7 @@ A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]); +void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]); typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { Eurydice_slice fst[4U]; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 0507dbaaf..bc44180d8 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -41,7 +41,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_0a1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_311(uint8_t *public_key); /** Packed API @@ -65,7 +65,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_191(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_5d1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -86,7 +86,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d21( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_541( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -112,7 +112,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_421( +void libcrux_ml_kem_ind_cca_decapsulate_b11( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -124,7 +124,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_0a0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_310(uint8_t *public_key); /** Packed API @@ -148,7 +148,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_190(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_5d0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -169,7 +169,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_d20( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_540( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -195,7 +195,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_420( +void libcrux_ml_kem_ind_cca_decapsulate_b10( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -207,7 +207,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_0a(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_31(uint8_t *public_key); /** Packed API @@ -230,7 +230,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_19( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_5d( uint8_t randomness[64U]); /** @@ -252,7 +252,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_d2( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_54( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -278,7 +278,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_42( +void libcrux_ml_kem_ind_cca_decapsulate_b1( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index a9b732317..3c302314c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __internal_libcrux_mlkem_portable_H @@ -46,7 +46,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3f1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_b71(uint8_t *public_key); /** Packed API @@ -70,7 +70,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_8c1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f61(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -91,7 +91,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_371( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -117,7 +117,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_fd1( +void libcrux_ml_kem_ind_cca_decapsulate_e51( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -129,7 +129,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3f0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_b70(uint8_t *public_key); /** Packed API @@ -153,7 +153,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_8c0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f60(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -174,7 +174,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_370( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -200,7 +200,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_fd0( +void libcrux_ml_kem_ind_cca_decapsulate_e50( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -212,7 +212,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3f(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_b7(uint8_t *public_key); /** Packed API @@ -236,7 +236,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_8c(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f6(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -257,7 +257,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_37( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -283,7 +283,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_fd( +void libcrux_ml_kem_ind_cca_decapsulate_e5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index e87fcff90..1360a48b6 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __internal_libcrux_sha3_avx2_H @@ -31,7 +31,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -void libcrux_sha3_generic_keccak_absorb_final_d9( +void libcrux_sha3_generic_keccak_absorb_final_7f( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]); typedef libcrux_sha3_generic_keccak_KeccakState_29 @@ -44,7 +44,7 @@ with const generics - N= 4 - RATE= 168 */ -void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a( +void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 34d3839a2..ddc4fc094 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __internal_libcrux_sha3_internal_H @@ -29,7 +29,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f4(); + return libcrux_sha3_generic_keccak_new_1e_cf(); } /** @@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_c7(s, buf); + libcrux_sha3_generic_keccak_absorb_final_40(s, buf); } /** @@ -49,7 +49,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, buf); } /** @@ -60,7 +60,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -68,15 +68,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_84(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_7b(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o2); } /** @@ -86,7 +86,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c(s, buf); } #define libcrux_sha3_Sha224 0 @@ -149,7 +149,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -157,29 +157,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_84(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_7b(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o4); } /** @@ -189,7 +189,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e(s, buf); } /** @@ -199,7 +199,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_c70(s, buf); + libcrux_sha3_generic_keccak_absorb_final_400(s, buf); } /** @@ -207,7 +207,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f4(); + return libcrux_sha3_generic_keccak_new_1e_cf(); } /** @@ -217,7 +217,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_840(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_7b0(s, buf); } /** @@ -227,7 +227,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_fc0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c20(s, buf); } /** @@ -267,7 +267,7 @@ with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b0( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -301,7 +301,7 @@ with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -309,7 +309,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_b0(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_9d_15(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -325,8 +325,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( uint64_t(*uu____2)[5U] = self->inner.st; Eurydice_slice uu____3[1U]; memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b8(uu____2, uu____3); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_load_block_5a_35(uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); self->buf_len = (size_t)0U; } size_t input_to_consume = @@ -342,8 +342,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_inputs, input_consumed + i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_portable_keccak_load_block_5a_b8(uu____4, ret); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_load_block_5a_35(uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); } return remainder; } @@ -371,7 +371,7 @@ with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -379,7 +379,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { @@ -408,7 +408,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} static inline void libcrux_sha3_portable_incremental_absorb_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_7b(self, buf); + libcrux_sha3_generic_keccak_absorb_9d_45(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_4f @@ -432,7 +432,7 @@ with const generics - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_25( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -440,7 +440,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_25( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -471,8 +471,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_25( uint64_t(*uu____6)[5U] = self->inner.st; uint8_t uu____7[1U][200U]; memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____6, uu____7); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); } /** @@ -487,7 +487,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_absorb_final_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_25(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_9d_b6(&self, buf); return self; } @@ -505,7 +505,7 @@ with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_e6( +static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -660,11 +660,11 @@ with const generics - RATE= 136 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_9d_7e(void) { +libcrux_sha3_generic_keccak_new_9d_47(void) { libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_f4(); + lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_9d_e6(ret); + libcrux_sha3_generic_keccak_zero_block_9d_5e(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -681,7 +681,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_9d_7e(); + return libcrux_sha3_generic_keccak_new_9d_47(); } /** @@ -721,7 +721,7 @@ with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b00( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -755,7 +755,7 @@ with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -763,7 +763,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_b00(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_9d_150(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -779,8 +779,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( uint64_t(*uu____2)[5U] = self->inner.st; Eurydice_slice uu____3[1U]; memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b80(uu____2, uu____3); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_load_block_5a_350(uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); self->buf_len = (size_t)0U; } size_t input_to_consume = @@ -796,8 +796,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_inputs, input_consumed + i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_portable_keccak_load_block_5a_b80(uu____4, ret); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_load_block_5a_350(uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); } return remainder; } @@ -825,7 +825,7 @@ with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -833,7 +833,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b0( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { @@ -859,7 +859,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} static inline void libcrux_sha3_portable_incremental_absorb_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_7b0(self, buf); + libcrux_sha3_generic_keccak_absorb_9d_450(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_78 @@ -883,7 +883,7 @@ with const generics - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_250( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -891,7 +891,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_250( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -922,8 +922,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_250( uint64_t(*uu____6)[5U] = self->inner.st; uint8_t uu____7[1U][200U]; memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d2(uu____6, uu____7); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_load_block_full_5a_05(uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); } /** @@ -935,7 +935,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_absorb_final_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_250(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_9d_b60(&self, buf); return self; } @@ -953,7 +953,7 @@ with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_e60( +static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -1140,11 +1140,11 @@ with const generics - RATE= 168 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_9d_7e0(void) { +libcrux_sha3_generic_keccak_new_9d_470(void) { libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_f4(); + lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_9d_e60(ret); + libcrux_sha3_generic_keccak_zero_block_9d_5e0(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -1158,7 +1158,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_9d_7e0(); + return libcrux_sha3_generic_keccak_new_9d_470(); } /** @@ -1173,7 +1173,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_5a with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81( uint64_t (*state)[5U], Eurydice_slice out[1U]) { size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U; size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U; @@ -1214,11 +1214,11 @@ with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_96( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out[1U]) { if (self->sponge) { - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); } size_t out_len = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = out_len / (size_t)136U; @@ -1235,7 +1235,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_96( memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice out_rest[1U]; memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out00); + libcrux_sha3_portable_keccak_store_5a_81(self->inner.st, out00); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1254,14 +1254,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_96( memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice tmp[1U]; memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); - libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out0); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); + libcrux_sha3_portable_keccak_store_5a_81(self->inner.st, out0); memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < out_len) { - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); - libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out_rest); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); + libcrux_sha3_portable_keccak_store_5a_81(self->inner.st, out_rest); } self->sponge = true; } @@ -1277,7 +1277,7 @@ libcrux_sha3::portable::incremental::Shake256Squeeze)#3} static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_96(self, buf); + libcrux_sha3_generic_keccak_squeeze_9d_ba(self, buf); } /** @@ -1292,7 +1292,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_5a with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810( uint64_t (*state)[5U], Eurydice_slice out[1U]) { size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U; size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U; @@ -1333,11 +1333,11 @@ with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_960( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out[1U]) { if (self->sponge) { - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); } size_t out_len = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = out_len / (size_t)168U; @@ -1354,7 +1354,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_960( memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice out_rest[1U]; memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out00); + libcrux_sha3_portable_keccak_store_5a_810(self->inner.st, out00); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1373,14 +1373,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_960( memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice tmp[1U]; memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); - libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out0); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); + libcrux_sha3_portable_keccak_store_5a_810(self->inner.st, out0); memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < out_len) { - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); - libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out_rest); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); + libcrux_sha3_portable_keccak_store_5a_810(self->inner.st, out_rest); } self->sponge = true; } @@ -1396,7 +1396,7 @@ libcrux_sha3::portable::incremental::Shake128Squeeze)#1} static inline void libcrux_sha3_portable_incremental_squeeze_10( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_960(self, buf); + libcrux_sha3_generic_keccak_squeeze_9d_ba0(self, buf); } /** diff --git a/libcrux-ml-kem/c/karamel/include/krml/c_endianness.h b/libcrux-ml-kem/c/karamel/include/krml/c_endianness.h index 21d7e1b4f..937d8d109 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/c_endianness.h +++ b/libcrux-ml-kem/c/karamel/include/krml/c_endianness.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef __KRML_ENDIAN_H #define __KRML_ENDIAN_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/builtin.h b/libcrux-ml-kem/c/karamel/include/krml/internal/builtin.h index 07ff15678..b8d2bdfec 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/builtin.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/builtin.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef __KRML_BUILTIN_H #define __KRML_BUILTIN_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/callconv.h b/libcrux-ml-kem/c/karamel/include/krml/internal/callconv.h index aeca0ba71..4bc0f878d 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/callconv.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/callconv.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef __KRML_CALLCONV_H #define __KRML_CALLCONV_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/compat.h b/libcrux-ml-kem/c/karamel/include/krml/internal/compat.h index 98b5d117a..94c6f948f 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/compat.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/compat.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef KRML_COMPAT_H #define KRML_COMPAT_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/debug.h b/libcrux-ml-kem/c/karamel/include/krml/internal/debug.h index 6c209d947..74588fa95 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/debug.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/debug.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef __KRML_DEBUG_H #define __KRML_DEBUG_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h index e5d59d9f8..dbe3aec09 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef __KRML_TARGET_H #define __KRML_TARGET_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/types.h b/libcrux-ml-kem/c/karamel/include/krml/internal/types.h index a41c64bc0..37ceb2bd8 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/types.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/types.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef KRML_TYPES_H #define KRML_TYPES_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/wasmsupport.h b/libcrux-ml-kem/c/karamel/include/krml/internal/wasmsupport.h index b44fa3f75..5aba97565 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/wasmsupport.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/wasmsupport.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ /* This file is automatically included when compiling with -wasm -d force-c */ #define WasmSupport_check_buffer_size(X) diff --git a/libcrux-ml-kem/c/karamel/include/krml/lowstar_endianness.h b/libcrux-ml-kem/c/karamel/include/krml/lowstar_endianness.h index 3e92cdc8a..d59d9854d 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/lowstar_endianness.h +++ b/libcrux-ml-kem/c/karamel/include/krml/lowstar_endianness.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef __LOWSTAR_ENDIANNESS_H #define __LOWSTAR_ENDIANNESS_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index cf2942eaf..b167c2e7b 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #include "internal/libcrux_core.h" @@ -91,7 +91,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_da1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_961( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -114,7 +114,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_351( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_821( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -130,7 +130,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_f21( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_891( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -149,7 +149,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_a91( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_191( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -170,7 +170,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f11( +uint8_t *libcrux_ml_kem_types_as_slice_cb_7a1( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -184,7 +184,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_a61( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_c61( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -197,7 +197,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_ea4(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_6d4(Eurydice_slice slice, uint8_t ret[1600U]) { uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; @@ -217,7 +217,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_da0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_960( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -240,7 +240,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_350( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_820( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -256,7 +256,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_f20( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_890( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -275,7 +275,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_a90( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_190( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -296,7 +296,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f10( +uint8_t *libcrux_ml_kem_types_as_slice_cb_7a0( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -310,7 +310,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_a60( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_c60( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -323,7 +323,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_ea3(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_6d3(Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -343,7 +343,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_da( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_96( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -366,7 +366,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_35( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_82( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -381,7 +381,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_f2( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_89( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -399,7 +399,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { +void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]) { if (self.tag == core_result_Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -420,7 +420,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_a9( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_19( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -441,7 +441,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f1( +uint8_t *libcrux_ml_kem_types_as_slice_cb_7a( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -454,7 +454,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_ea2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_6d2(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -473,7 +473,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_ea1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_6d1(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -493,7 +493,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_a6( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_c6( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } @@ -506,7 +506,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_ea0(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_6d0(Eurydice_slice slice, uint8_t ret[800U]) { uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; @@ -525,7 +525,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_ea(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_6d(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -544,7 +544,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]) { +void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]) { if (self.tag == core_result_Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -564,7 +564,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]) { +void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]) { if (self.tag == core_result_Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -584,7 +584,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]) { +void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]) { if (self.tag == core_result_Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -604,7 +604,7 @@ A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]) { +void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]) { if (self.tag == core_result_Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -624,7 +624,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ac(core_result_Result_56 self, uint8_t ret[8U]) { +void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]) { if (self.tag == core_result_Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index d284f5255..3a3f51067 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __libcrux_core_H @@ -229,7 +229,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ac(core_result_Result_56 self, uint8_t ret[8U]); +void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]); typedef struct Eurydice_slice_uint8_t_x2_s { Eurydice_slice fst; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 7a7138a01..900051ef3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 6bd395b40..67e9f14d7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #include "libcrux_mlkem1024_avx2.h" @@ -38,11 +38,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_c1( +static void decapsulate_650( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_420(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b10(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_c1(private_key, ciphertext, ret); + decapsulate_650(private_key, ciphertext, ret); } /** @@ -76,14 +76,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_67( +static tuple_21 encapsulate_be0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_d20(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_540(uu____0, copy_of_randomness); } /** @@ -100,7 +100,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_67(uu____0, copy_of_randomness); + return encapsulate_be0(uu____0, copy_of_randomness); } /** @@ -117,12 +117,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_7e( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_ed0( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_190(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_5d0(copy_of_randomness); } /** @@ -133,7 +133,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_7e(copy_of_randomness); + return generate_keypair_ed0(copy_of_randomness); } /** @@ -147,8 +147,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_320(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_0a0(public_key); +static bool validate_public_key_7c0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_310(public_key); } /** @@ -159,7 +159,7 @@ static bool validate_public_key_320(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_320(public_key.value)) { + if (validate_public_key_7c0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index c428d45b7..7191c8b03 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 50124a101..238cab98e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #include "libcrux_mlkem1024_portable.h" @@ -38,11 +38,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_b6( +static void decapsulate_441( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_fd1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e51(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_b6(private_key, ciphertext, ret); + decapsulate_441(private_key, ciphertext, ret); } /** @@ -76,14 +76,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_40( +static tuple_21 encapsulate_221( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_f41(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_371(uu____0, copy_of_randomness); } /** @@ -100,7 +100,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_40(uu____0, copy_of_randomness); + return encapsulate_221(uu____0, copy_of_randomness); } /** @@ -118,12 +118,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_12( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_871( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_8c1(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f61(copy_of_randomness); } /** @@ -134,7 +134,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_12(copy_of_randomness); + return generate_keypair_871(copy_of_randomness); } /** @@ -148,8 +148,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_f71(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_3f1(public_key); +static bool validate_public_key_7d1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_b71(public_key); } /** @@ -160,7 +160,7 @@ static bool validate_public_key_f71(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_f71(public_key.value)) { + if (validate_public_key_7d1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 682534bbb..022636082 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 0bd6bf2eb..ea1d81e76 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 9a861af2f..296514a58 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #include "libcrux_mlkem512_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_f8(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_65(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_42(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b1(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_f8(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_f8(private_key, ciphertext, ret); + decapsulate_65(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_72( +static tuple_ec encapsulate_be( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_d2(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_54(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_72(uu____0, copy_of_randomness); + return encapsulate_be(uu____0, copy_of_randomness); } /** @@ -115,12 +115,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_9f( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_ed( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_19(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_5d(copy_of_randomness); } /** @@ -131,7 +131,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_9f(copy_of_randomness); + return generate_keypair_ed(copy_of_randomness); } /** @@ -145,8 +145,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_32(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_0a(public_key); +static bool validate_public_key_7c(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_31(public_key); } /** @@ -157,7 +157,7 @@ static bool validate_public_key_32(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_32(public_key.value)) { + if (validate_public_key_7c(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 51620676c..f88cdf549 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index da66678c6..425542dd0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #include "libcrux_mlkem512_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_cf(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_fd0(private_key, ciphertext, ret); +static void decapsulate_440( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_e50(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_cf(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_cf(private_key, ciphertext, ret); + decapsulate_440(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_2b( +static tuple_ec encapsulate_220( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_f40(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_370(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_2b(uu____0, copy_of_randomness); + return encapsulate_220(uu____0, copy_of_randomness); } /** @@ -116,12 +116,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_48( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_870( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_8c0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f60(copy_of_randomness); } /** @@ -132,7 +132,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_48(copy_of_randomness); + return generate_keypair_870(copy_of_randomness); } /** @@ -146,8 +146,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_f70(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_3f0(public_key); +static bool validate_public_key_7d0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_b70(public_key); } /** @@ -158,7 +158,7 @@ static bool validate_public_key_f70(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_f70(public_key.value)) { + if (validate_public_key_7d0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 697c65cd3..86c0f74be 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index a4aba4d66..b035553f4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index ef03c9787..cf0b1d6cd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #include "libcrux_mlkem768_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_ba( +static void decapsulate_651( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_421(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b11(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_ba( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_ba(private_key, ciphertext, ret); + decapsulate_651(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_8a( +static tuple_3c encapsulate_be1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_d21(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_541(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_8a(uu____0, copy_of_randomness); + return encapsulate_be1(uu____0, copy_of_randomness); } /** @@ -115,12 +115,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_68( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ed1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_191(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_5d1(copy_of_randomness); } /** @@ -131,7 +131,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_68(copy_of_randomness); + return generate_keypair_ed1(copy_of_randomness); } /** @@ -145,8 +145,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_321(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_0a1(public_key); +static bool validate_public_key_7c1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_311(public_key); } /** @@ -157,7 +157,7 @@ static bool validate_public_key_321(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_321(public_key.value)) { + if (validate_public_key_7c1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 813dfefb0..34b77d68c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index eeb4a3abb..2a3a55b84 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #include "libcrux_mlkem768_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_69( +static void decapsulate_44( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_fd(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e5(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_69( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_69(private_key, ciphertext, ret); + decapsulate_44(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_43( +static tuple_3c encapsulate_22( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_f4(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_37(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_43(uu____0, copy_of_randomness); + return encapsulate_22(uu____0, copy_of_randomness); } /** @@ -116,12 +116,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_d5( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_87( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_8c(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f6(copy_of_randomness); } /** @@ -132,7 +132,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_d5(copy_of_randomness); + return generate_keypair_87(copy_of_randomness); } /** @@ -146,8 +146,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_f7(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_3f(public_key); +static bool validate_public_key_7d(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_b7(public_key); } /** @@ -158,7 +158,7 @@ static bool validate_public_key_f7(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_f7(public_key.value)) { + if (validate_public_key_7d(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index ee82d1370..e4489930e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 03a7b6c5c..bcea33f35 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #include "internal/libcrux_mlkem_avx2.h" @@ -599,7 +599,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, ret0); + core_result_unwrap_41_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -690,7 +690,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - core_result_unwrap_41_e8(dst, ret0); + core_result_unwrap_41_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -793,7 +793,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - core_result_unwrap_41_34(dst, ret0); + core_result_unwrap_41_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -920,7 +920,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - core_result_unwrap_41_1c(dst, ret0); + core_result_unwrap_41_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1035,7 +1035,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_e4(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_9f(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); @@ -1069,8 +1069,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_65(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); +deserialize_to_reduced_ring_element_4d(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1096,12 +1096,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_914( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_414( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_e4();); + deserialized_pk[i] = ZERO_89_9f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1113,7 +1113,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_914( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_65(ring_element); + deserialize_to_reduced_ring_element_4d(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1126,7 +1126,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_38(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_2b(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1139,8 +1139,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_ea_4d(__m256i vector) { - return shift_right_38(vector); +static __m256i shift_right_ea_76(__m256i vector) { + return shift_right_2b(vector); } /** @@ -1149,8 +1149,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_unsigned_representative_10(__m256i a) { - __m256i t = shift_right_ea_4d(a); +static __m256i to_unsigned_representative_9b(__m256i a) { + __m256i t = shift_right_ea_76(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -1162,13 +1162,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_30( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_b6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = to_unsigned_representative_10(re->coefficients[i0]); + __m256i coefficient = to_unsigned_representative_9b(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1189,7 +1189,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_911( +static KRML_MUSTINLINE void serialize_secret_key_6d1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1207,7 +1207,7 @@ static KRML_MUSTINLINE void serialize_secret_key_911( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_30(&re, ret0); + serialize_uncompressed_ring_element_b6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -1225,14 +1225,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_591( +static KRML_MUSTINLINE void serialize_public_key_d01( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_911(t_as_ntt, ret0); + serialize_secret_key_6d1(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -1250,15 +1250,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_0a1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_311(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_914( + deserialize_ring_elements_reduced_414( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_591( + serialize_public_key_d01( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1276,7 +1276,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_a9_e11(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_5a1(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -1290,7 +1290,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_1c1( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_7c1( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -1301,7 +1301,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_1c1( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)3U; uint8_t ret0[64U]; - G_a9_e11(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_a9_5a1(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -1311,10 +1311,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static void closure_341( +static void closure_d01( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_e4();); + ret[i] = ZERO_89_9f();); } /** @@ -1323,7 +1323,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_b41(uint8_t input[3U][34U]) { +shake128_init_absorb_e51(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -1344,11 +1344,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_cf1(uint8_t input[3U][34U]) { +shake128_init_absorb_a9_301(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_b41(copy_of_input); + return shake128_init_absorb_e51(copy_of_input); } /** @@ -1357,7 +1357,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_981( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_621( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -1391,9 +1391,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_c01( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_a11( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_981(self, ret); + shake128_squeeze_three_blocks_621(self, ret); } /** @@ -1444,7 +1444,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_013( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9a3( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1481,7 +1481,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_aa1( +static KRML_MUSTINLINE void shake128_squeeze_block_581( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -1514,9 +1514,9 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_a31( +static KRML_MUSTINLINE void shake128_squeeze_block_a9_931( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_aa1(self, ret); + shake128_squeeze_block_581(self, ret); } /** @@ -1567,7 +1567,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_014( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9a4( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1610,8 +1610,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_89_b6(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_e4(); +from_i16_array_89_94(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1628,9 +1628,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_fb1( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_a51( int16_t s[272U]) { - return from_i16_array_89_b6( + return from_i16_array_89_94( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1640,7 +1640,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_5b1( +static KRML_MUSTINLINE void sample_from_xof_161( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -1649,25 +1649,25 @@ static KRML_MUSTINLINE void sample_from_xof_5b1( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_cf1(copy_of_seeds); + shake128_init_absorb_a9_301(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_a9_c01(&xof_state, randomness0); + shake128_squeeze_three_blocks_a9_a11(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_013( + bool done = sample_from_uniform_distribution_next_9a3( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_block_a9_a31(&xof_state, randomness); + shake128_squeeze_block_a9_931(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_014( + done = sample_from_uniform_distribution_next_9a4( copy_of_randomness, sampled_coefficients, out); } } @@ -1676,7 +1676,7 @@ static KRML_MUSTINLINE void sample_from_xof_5b1( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_fb1(copy_of_out[i]);); + ret0[i] = closure_a51(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1688,12 +1688,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_041( +static KRML_MUSTINLINE void sample_matrix_A_b81( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_341(A_transpose[i]);); + closure_d01(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -1708,7 +1708,7 @@ static KRML_MUSTINLINE void sample_matrix_A_041( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_5b1(copy_of_seeds, sampled); + sample_from_xof_161(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -1748,7 +1748,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_662(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_e12(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -1786,9 +1786,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_a12(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_9b2(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_662(input, ret); + PRFxN_e12(input, ret); } /** @@ -1847,7 +1847,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_bd(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_13(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -1881,7 +1881,7 @@ sample_from_binomial_distribution_2_bd(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_b6( + return from_i16_array_89_94( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1892,7 +1892,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_6f(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_12(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -1925,7 +1925,7 @@ sample_from_binomial_distribution_3_6f(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_b6( + return from_i16_array_89_94( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1936,8 +1936,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_5d0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_bd(randomness); +sample_from_binomial_distribution_5f0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_13(randomness); } /** @@ -1946,7 +1946,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_b2( +static KRML_MUSTINLINE void ntt_at_layer_7_34( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -1971,7 +1971,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i montgomery_multiply_fe_60(__m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_e8(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -1982,8 +1982,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_2b(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_60(b, zeta_r); +ntt_layer_int_vec_step_6c(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_e8(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1996,7 +1996,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_27( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_46( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2009,7 +2009,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_27( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_2b( + ntt_layer_int_vec_step_6c( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2026,7 +2026,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_9e( +static KRML_MUSTINLINE void ntt_at_layer_3_3d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2042,7 +2042,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_41( +static KRML_MUSTINLINE void ntt_at_layer_2_16( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2061,7 +2061,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_4f( +static KRML_MUSTINLINE void ntt_at_layer_1_8f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2088,7 +2088,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_25( +static KRML_MUSTINLINE void poly_barrett_reduce_89_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2104,17 +2104,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_7c( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_58( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_b2(re); + ntt_at_layer_7_34(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_9e(&zeta_i, re); - ntt_at_layer_2_41(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_25(re); + ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_3d(&zeta_i, re); + ntt_at_layer_2_16(&zeta_i, re); + ntt_at_layer_1_8f(&zeta_i, re); + poly_barrett_reduce_89_ef(re); } /** @@ -2133,7 +2133,7 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_881( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_e4();); + re_as_ntt[i] = ZERO_89_9f();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2145,12 +2145,12 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_881( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_a12(prf_inputs, prf_outputs); + PRFxN_a9_9b2(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_5d0( + re_as_ntt[i0] = sample_from_binomial_distribution_5f0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_7c(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_58(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -2202,9 +2202,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_89_91(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_89_ce(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_e4(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_9f(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2239,7 +2239,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_1c1( +static KRML_MUSTINLINE void add_to_ring_element_89_7e1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2259,7 +2259,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_standard_domain_b0(__m256i v) { +static __m256i to_standard_domain_bf(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -2274,14 +2274,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_5b( +static KRML_MUSTINLINE void add_standard_error_reduce_89_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - to_standard_domain_b0(self->coefficients[j]); + to_standard_domain_bf(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &error->coefficients[j])); @@ -2297,14 +2297,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_401( +static KRML_MUSTINLINE void compute_As_plus_e_2d1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_e4();); + result[i] = ZERO_89_9f();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2325,10 +2325,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_401( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_91(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_1c1(&result[i1], &product); + ntt_multiply_89_ce(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_7e1(&result[i1], &product); } - add_standard_error_reduce_89_5b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_67(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -2347,10 +2347,10 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_fd1( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_9d1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_1c1(key_generation_seed, hashed); + cpa_keygen_seed_d8_7c1(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -2358,10 +2358,10 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_fd1( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - sample_matrix_A_041(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); + sample_matrix_A_b81(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; @@ -2381,17 +2381,17 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_fd1( sample_vector_cbd_then_ntt_881(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_401(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_2d1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - serialize_public_key_591( + serialize_public_key_d01( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_911(secret_as_ntt, secret_key_serialized); + serialize_secret_key_6d1(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2417,7 +2417,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_a9_a11(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_381(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -2431,7 +2431,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_9c1( +static KRML_MUSTINLINE void serialize_kem_secret_key_d41( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2457,7 +2457,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_9c1( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_a11(public_key, ret0); + H_a9_381(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -2495,7 +2495,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_191(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_5d1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2504,13 +2504,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_191(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_fd1(ind_cpa_keypair_randomness); + generate_keypair_9d1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_9c1( + serialize_kem_secret_key_d41( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2519,13 +2519,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_191(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_f20(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_890(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_350( - uu____2, libcrux_ml_kem_types_from_b6_da0(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_820( + uu____2, libcrux_ml_kem_types_from_b6_960(copy_of_public_key)); } /** @@ -2538,7 +2538,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_6d1(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_c61(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -2559,12 +2559,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_913( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_413( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_e4();); + deserialized_pk[i] = ZERO_89_9f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2576,7 +2576,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_913( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_65(ring_element); + deserialize_to_reduced_ring_element_4d(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2596,10 +2596,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_d71(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_221(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_e4();); + error_1[i] = ZERO_89_9f();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2611,11 +2611,11 @@ sample_ring_element_cbd_d71(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_a12(prf_inputs, prf_outputs); + PRFxN_a9_9b2(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_5d0( + sample_from_binomial_distribution_5f0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -2636,7 +2636,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_450(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_ba0(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -2653,9 +2653,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_dd4(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_b04(Eurydice_slice input, uint8_t ret[128U]) { - PRF_450(input, ret); + PRF_ba0(input, ret); } /** @@ -2664,7 +2664,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_64( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_a6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2688,7 +2688,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_c0( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_51( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2708,7 +2708,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_da( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_fd( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2726,11 +2726,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_19(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_20(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = montgomery_multiply_fe_60(a_minus_b, zeta_r); + b = montgomery_multiply_fe_e8(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2741,7 +2741,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ad( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b3( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2756,7 +2756,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ad( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_19( + inv_ntt_layer_int_vec_step_reduce_20( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2773,18 +2773,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_781( +static KRML_MUSTINLINE void invert_ntt_montgomery_501( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_64(&zeta_i, re); - invert_ntt_at_layer_2_c0(&zeta_i, re); - invert_ntt_at_layer_3_da(&zeta_i, re); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_25(re); + invert_ntt_at_layer_1_a6(&zeta_i, re); + invert_ntt_at_layer_2_51(&zeta_i, re); + invert_ntt_at_layer_3_fd(&zeta_i, re); + invert_ntt_at_layer_4_plus_b3(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b3(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b3(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b3(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_ef(re); } /** @@ -2797,7 +2797,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_da( +static KRML_MUSTINLINE void add_error_reduce_89_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2821,14 +2821,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_7c1( +static KRML_MUSTINLINE void compute_vector_u_4d1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_e4();); + result[i] = ZERO_89_9f();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2848,11 +2848,11 @@ static KRML_MUSTINLINE void compute_vector_u_7c1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_91(a_element, &r_as_ntt[j]); - add_to_ring_element_89_1c1(&result[i1], &product); + ntt_multiply_89_ce(a_element, &r_as_ntt[j]); + add_to_ring_element_89_7e1(&result[i1], &product); } - invert_ntt_montgomery_781(&result[i1]); - add_error_reduce_89_da(&result[i1], &error_1[i1]); + invert_ntt_montgomery_501(&result[i1]); + add_error_reduce_89_2b(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -2865,7 +2865,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_5d(__m256i v) { +static __m256i decompress_1_9c(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -2879,8 +2879,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_53(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); +deserialize_then_decompress_message_ed(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -2888,7 +2888,7 @@ deserialize_then_decompress_message_53(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_5d(coefficient_compressed);); + re.coefficients[i0] = decompress_1_9c(coefficient_compressed);); return re; } @@ -2903,7 +2903,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_f9( +add_message_error_reduce_89_56( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2933,18 +2933,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_391( +compute_ring_element_v_a41( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_e4(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_91(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_1c1(&result, &product);); - invert_ntt_montgomery_781(&result); - result = add_message_error_reduce_89_f9(error_2, message, result); + ntt_multiply_89_ce(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_7e1(&result, &product);); + invert_ntt_montgomery_501(&result); + result = add_message_error_reduce_89_56(error_2, message, result); return result; } @@ -2955,7 +2955,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_34(__m256i vector) { +compress_ciphertext_coefficient_d0(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3002,8 +3002,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_ea_77(__m256i vector) { - return compress_ciphertext_coefficient_34(vector); +static __m256i compress_ea_a1(__m256i vector) { + return compress_ciphertext_coefficient_d0(vector); } /** @@ -3012,14 +3012,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_c6( +static KRML_MUSTINLINE void compress_then_serialize_10_be( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_77(to_unsigned_representative_10(re->coefficients[i0])); + compress_ea_a1(to_unsigned_representative_9b(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3037,7 +3037,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_340(__m256i vector) { +compress_ciphertext_coefficient_d00(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3084,8 +3084,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_ea_770(__m256i vector) { - return compress_ciphertext_coefficient_340(vector); +static __m256i compress_ea_a10(__m256i vector) { + return compress_ciphertext_coefficient_d00(vector); } /** @@ -3095,10 +3095,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_f8( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_e5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_c6(re, uu____0); + compress_then_serialize_10_be(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3114,7 +3114,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_fa1( +static void compress_then_serialize_u_541( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3130,7 +3130,7 @@ static void compress_then_serialize_u_fa1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_f8(&re, ret); + compress_then_serialize_ring_element_u_e5(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3143,7 +3143,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_341(__m256i vector) { +compress_ciphertext_coefficient_d01(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3190,8 +3190,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_ea_771(__m256i vector) { - return compress_ciphertext_coefficient_341(vector); +static __m256i compress_ea_a11(__m256i vector) { + return compress_ciphertext_coefficient_d01(vector); } /** @@ -3200,14 +3200,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_34( +static KRML_MUSTINLINE void compress_then_serialize_4_33( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_771(to_unsigned_representative_10(re.coefficients[i0])); + compress_ea_a11(to_unsigned_representative_9b(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); Eurydice_slice_copy( @@ -3224,7 +3224,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_342(__m256i vector) { +compress_ciphertext_coefficient_d02(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3271,8 +3271,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_ea_772(__m256i vector) { - return compress_ciphertext_coefficient_342(vector); +static __m256i compress_ea_a12(__m256i vector) { + return compress_ciphertext_coefficient_d02(vector); } /** @@ -3281,14 +3281,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_9d( +static KRML_MUSTINLINE void compress_then_serialize_5_be( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_ea_772(to_unsigned_representative_10(re.coefficients[i0])); + compress_ea_a12(to_unsigned_representative_9b(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); Eurydice_slice_copy( @@ -3305,9 +3305,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_c4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_34(re, out); + compress_then_serialize_4_33(re, out); } /** @@ -3327,20 +3327,20 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_921(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_421(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_913( + deserialize_ring_elements_reduced_413( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - sample_matrix_A_041(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_6d1(seed, ret0); + sample_matrix_A_b81(ret0, false, A); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_6d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3354,7 +3354,7 @@ static void encrypt_921(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_d71(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_221(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3362,31 +3362,31 @@ static void encrypt_921(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_dd4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_b04(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_5d0( + sample_from_binomial_distribution_5f0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_7c1(A, r_as_ntt, error_1, u); + compute_vector_u_4d1(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_53(copy_of_message); + deserialize_then_decompress_message_ed(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_391(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_a41(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_fa1( + compress_then_serialize_u_541( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_d0( + compress_then_serialize_ring_element_v_c4( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3403,7 +3403,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_801(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_421(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3430,27 +3430,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d21( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_541( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_6d1( + entropy_preprocess_d8_c61( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_a11(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f10(public_key), + H_a9_381(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_7a0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_e11(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_5a1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -3458,19 +3458,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d21( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f10(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_7a0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_921(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_421(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_a90(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_190(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_801(shared_secret, shared_secret_array); + kdf_d8_421(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3489,8 +3489,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_a8(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); +deserialize_to_uncompressed_ring_element_72(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3510,12 +3510,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_de1( +static KRML_MUSTINLINE void deserialize_secret_key_a01( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_e4();); + secret_as_ntt[i] = ZERO_89_9f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3527,7 +3527,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_de1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_a8(secret_bytes); + deserialize_to_uncompressed_ring_element_72(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -3552,7 +3552,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_7b(__m256i vector) { +decompress_ciphertext_coefficient_50(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3596,8 +3596,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_ea_d6(__m256i vector) { - return decompress_ciphertext_coefficient_7b(vector); +static __m256i decompress_ciphertext_coefficient_ea_1e(__m256i vector) { + return decompress_ciphertext_coefficient_50(vector); } /** @@ -3607,15 +3607,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_5a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); +deserialize_then_decompress_10_94(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d6(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1e(coefficient); } return re; } @@ -3627,7 +3627,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_7b0(__m256i vector) { +decompress_ciphertext_coefficient_500(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3671,8 +3671,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_ea_d60(__m256i vector) { - return decompress_ciphertext_coefficient_7b0(vector); +static __m256i decompress_ciphertext_coefficient_ea_1e0(__m256i vector) { + return decompress_ciphertext_coefficient_500(vector); } /** @@ -3682,15 +3682,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_14(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); +deserialize_then_decompress_11_fb(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d60(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1e0(coefficient); } return re; } @@ -3702,8 +3702,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_a9(Eurydice_slice serialized) { - return deserialize_then_decompress_10_5a(serialized); +deserialize_then_decompress_ring_element_u_8d(Eurydice_slice serialized) { + return deserialize_then_decompress_10_94(serialized); } /** @@ -3712,17 +3712,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_40( +static KRML_MUSTINLINE void ntt_vector_u_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_9e(&zeta_i, re); - ntt_at_layer_2_41(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_25(re); + ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_3d(&zeta_i, re); + ntt_at_layer_2_16(&zeta_i, re); + ntt_at_layer_1_8f(&zeta_i, re); + poly_barrett_reduce_89_ef(re); } /** @@ -3737,12 +3737,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_c11( +static KRML_MUSTINLINE void deserialize_then_decompress_u_c51( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_e4();); + u_as_ntt[i] = ZERO_89_9f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -3760,8 +3760,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_c11( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a9(u_bytes); - ntt_vector_u_40(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_8d(u_bytes); + ntt_vector_u_7e(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3775,7 +3775,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_7b1(__m256i vector) { +decompress_ciphertext_coefficient_501(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3819,8 +3819,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_ea_d61(__m256i vector) { - return decompress_ciphertext_coefficient_7b1(vector); +static __m256i decompress_ciphertext_coefficient_ea_1e1(__m256i vector) { + return decompress_ciphertext_coefficient_501(vector); } /** @@ -3830,15 +3830,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_2d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); +deserialize_then_decompress_4_d6(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d61(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1e1(coefficient); } return re; } @@ -3850,7 +3850,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_7b2(__m256i vector) { +decompress_ciphertext_coefficient_502(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3894,8 +3894,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_ea_d62(__m256i vector) { - return decompress_ciphertext_coefficient_7b2(vector); +static __m256i decompress_ciphertext_coefficient_ea_1e2(__m256i vector) { + return decompress_ciphertext_coefficient_502(vector); } /** @@ -3905,8 +3905,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_6e(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); +deserialize_then_decompress_5_d2(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3914,7 +3914,7 @@ deserialize_then_decompress_5_6e(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_d62(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_1e2(re.coefficients[i0]); } return re; } @@ -3926,8 +3926,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_25(Eurydice_slice serialized) { - return deserialize_then_decompress_4_2d(serialized); +deserialize_then_decompress_ring_element_v_da(Eurydice_slice serialized) { + return deserialize_then_decompress_4_d6(serialized); } /** @@ -3941,7 +3941,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_01(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_89_65(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3969,17 +3969,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_0c1( +compute_message_a61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_e4(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_91(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_1c1(&result, &product);); - invert_ntt_montgomery_781(&result); - result = subtract_reduce_89_01(v, result); + ntt_multiply_89_ce(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_7e1(&result, &product);); + invert_ntt_montgomery_501(&result); + result = subtract_reduce_89_65(v, result); return result; } @@ -3989,12 +3989,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_2d( +static KRML_MUSTINLINE void compress_then_serialize_message_23( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_representative_10(re.coefficients[i0]); + __m256i coefficient = to_unsigned_representative_9b(re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); uint8_t bytes[2U]; @@ -4041,18 +4041,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_001(IndCpaPrivateKeyUnpacked_a0 *secret_key, +static void decrypt_unpacked_e11(IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_c11(ciphertext, u_as_ntt); + deserialize_then_decompress_u_c51(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_25( + deserialize_then_decompress_ring_element_v_da( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_0c1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_a61(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_2d(message, ret0); + compress_then_serialize_message_23(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4066,10 +4066,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_051(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_eb1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_de1(secret_key, secret_as_ntt); + deserialize_secret_key_a01(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4080,7 +4080,7 @@ static void decrypt_051(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_001(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e11(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4089,7 +4089,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_45(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_ba(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -4106,8 +4106,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_dd3(Eurydice_slice input, uint8_t ret[32U]) { - PRF_45(input, ret); +static KRML_MUSTINLINE void PRF_a9_b03(Eurydice_slice input, uint8_t ret[32U]) { + PRF_ba(input, ret); } /** @@ -4132,7 +4132,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_421( +void libcrux_ml_kem_ind_cca_decapsulate_b11( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4150,9 +4150,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_421( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_051(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_eb1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -4160,7 +4160,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_421( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_e11(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_5a1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4168,31 +4168,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_421( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_ea3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_6d3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a60(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_c60(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_dd3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_a9_b03(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_921(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_421(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_801(Eurydice_array_to_slice( + kdf_d8_421(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_801(shared_secret0, shared_secret); + kdf_d8_421(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_a60(ciphertext), + libcrux_ml_kem_types_as_ref_00_c60(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4214,12 +4214,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_912( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_412( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_e4();); + deserialized_pk[i] = ZERO_89_9f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4231,7 +4231,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_912( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_65(ring_element); + deserialize_to_reduced_ring_element_4d(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4249,7 +4249,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_910( +static KRML_MUSTINLINE void serialize_secret_key_6d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -4267,7 +4267,7 @@ static KRML_MUSTINLINE void serialize_secret_key_910( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_30(&re, ret0); + serialize_uncompressed_ring_element_b6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4285,14 +4285,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_590( +static KRML_MUSTINLINE void serialize_public_key_d00( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_910(t_as_ntt, ret0); + serialize_secret_key_6d0(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4310,15 +4310,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_0a0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_310(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_912( + deserialize_ring_elements_reduced_412( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_590( + serialize_public_key_d00( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -4336,7 +4336,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_a9_e10(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_5a0(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -4350,7 +4350,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_1c0( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_7c0( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4361,7 +4361,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_1c0( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)4U; uint8_t ret0[64U]; - G_a9_e10(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_a9_5a0(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -4371,10 +4371,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static void closure_340( +static void closure_d00( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_e4();); + ret[i] = ZERO_89_9f();); } /** @@ -4383,7 +4383,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_b40(uint8_t input[4U][34U]) { +shake128_init_absorb_e50(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -4404,11 +4404,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_cf0(uint8_t input[4U][34U]) { +shake128_init_absorb_a9_300(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_b40(copy_of_input); + return shake128_init_absorb_e50(copy_of_input); } /** @@ -4417,7 +4417,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_980( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_620( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -4454,9 +4454,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_c00( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_a10( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_980(self, ret); + shake128_squeeze_three_blocks_620(self, ret); } /** @@ -4507,7 +4507,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_011( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9a1( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4544,7 +4544,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_aa0( +static KRML_MUSTINLINE void shake128_squeeze_block_580( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -4580,9 +4580,9 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_a30( +static KRML_MUSTINLINE void shake128_squeeze_block_a9_930( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_aa0(self, ret); + shake128_squeeze_block_580(self, ret); } /** @@ -4633,7 +4633,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_012( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9a2( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4671,9 +4671,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_fb0( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_a50( int16_t s[272U]) { - return from_i16_array_89_b6( + return from_i16_array_89_94( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4683,7 +4683,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_5b0( +static KRML_MUSTINLINE void sample_from_xof_160( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -4692,25 +4692,25 @@ static KRML_MUSTINLINE void sample_from_xof_5b0( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_cf0(copy_of_seeds); + shake128_init_absorb_a9_300(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_a9_c00(&xof_state, randomness0); + shake128_squeeze_three_blocks_a9_a10(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_011( + bool done = sample_from_uniform_distribution_next_9a1( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_block_a9_a30(&xof_state, randomness); + shake128_squeeze_block_a9_930(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_012( + done = sample_from_uniform_distribution_next_9a2( copy_of_randomness, sampled_coefficients, out); } } @@ -4719,7 +4719,7 @@ static KRML_MUSTINLINE void sample_from_xof_5b0( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_fb0(copy_of_out[i]);); + ret0[i] = closure_a50(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -4731,12 +4731,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_040( +static KRML_MUSTINLINE void sample_matrix_A_b80( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_340(A_transpose[i]);); + closure_d00(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4751,7 +4751,7 @@ static KRML_MUSTINLINE void sample_matrix_A_040( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_5b0(copy_of_seeds, sampled); + sample_from_xof_160(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4791,7 +4791,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_661(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_e11(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -4832,9 +4832,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_a11(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_9b1(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_661(input, ret); + PRFxN_e11(input, ret); } /** @@ -4853,7 +4853,7 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_880( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_e4();); + re_as_ntt[i] = ZERO_89_9f();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4865,12 +4865,12 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_880( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_a11(prf_inputs, prf_outputs); + PRFxN_a9_9b1(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_5d0( + re_as_ntt[i0] = sample_from_binomial_distribution_5f0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_7c(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_58(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -4898,7 +4898,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_1c0( +static KRML_MUSTINLINE void add_to_ring_element_89_7e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -4921,14 +4921,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_400( +static KRML_MUSTINLINE void compute_As_plus_e_2d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_e4();); + result[i] = ZERO_89_9f();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4949,10 +4949,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_400( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_91(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_1c0(&result[i1], &product); + ntt_multiply_89_ce(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_7e0(&result[i1], &product); } - add_standard_error_reduce_89_5b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_67(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -4971,10 +4971,10 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_fd0( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_9d0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_1c0(key_generation_seed, hashed); + cpa_keygen_seed_d8_7c0(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4982,10 +4982,10 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_fd0( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - sample_matrix_A_040(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); + sample_matrix_A_b80(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; @@ -5005,17 +5005,17 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_fd0( sample_vector_cbd_then_ntt_880(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_400(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_2d0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[1568U]; - serialize_public_key_590( + serialize_public_key_d00( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_910(secret_as_ntt, secret_key_serialized); + serialize_secret_key_6d0(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -5041,7 +5041,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_a9_a10(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_380(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -5055,7 +5055,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_9c0( +static KRML_MUSTINLINE void serialize_kem_secret_key_d40( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5081,7 +5081,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_9c0( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_a10(public_key, ret0); + H_a9_380(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -5119,7 +5119,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_190(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_5d0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5128,13 +5128,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_190(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_fd0(ind_cpa_keypair_randomness); + generate_keypair_9d0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_9c0( + serialize_kem_secret_key_d40( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5143,13 +5143,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_190(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_f21(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_891(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_351( - uu____2, libcrux_ml_kem_types_from_b6_da1(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_821( + uu____2, libcrux_ml_kem_types_from_b6_961(copy_of_public_key)); } /** @@ -5162,7 +5162,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_6d0(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_c60(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5183,12 +5183,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_911( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_411( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_e4();); + deserialized_pk[i] = ZERO_89_9f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5200,7 +5200,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_911( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_65(ring_element); + deserialize_to_reduced_ring_element_4d(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5220,10 +5220,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_d70(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_220(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_e4();); + error_1[i] = ZERO_89_9f();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5235,11 +5235,11 @@ sample_ring_element_cbd_d70(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_a11(prf_inputs, prf_outputs); + PRFxN_a9_9b1(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_5d0( + sample_from_binomial_distribution_5f0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -5265,9 +5265,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_dd2(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_b02(Eurydice_slice input, uint8_t ret[128U]) { - PRF_450(input, ret); + PRF_ba0(input, ret); } /** @@ -5276,18 +5276,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_780( +static KRML_MUSTINLINE void invert_ntt_montgomery_500( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_64(&zeta_i, re); - invert_ntt_at_layer_2_c0(&zeta_i, re); - invert_ntt_at_layer_3_da(&zeta_i, re); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_25(re); + invert_ntt_at_layer_1_a6(&zeta_i, re); + invert_ntt_at_layer_2_51(&zeta_i, re); + invert_ntt_at_layer_3_fd(&zeta_i, re); + invert_ntt_at_layer_4_plus_b3(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b3(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b3(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b3(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_ef(re); } /** @@ -5299,14 +5299,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_7c0( +static KRML_MUSTINLINE void compute_vector_u_4d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_e4();); + result[i] = ZERO_89_9f();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5326,11 +5326,11 @@ static KRML_MUSTINLINE void compute_vector_u_7c0( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_91(a_element, &r_as_ntt[j]); - add_to_ring_element_89_1c0(&result[i1], &product); + ntt_multiply_89_ce(a_element, &r_as_ntt[j]); + add_to_ring_element_89_7e0(&result[i1], &product); } - invert_ntt_montgomery_780(&result[i1]); - add_error_reduce_89_da(&result[i1], &error_1[i1]); + invert_ntt_montgomery_500(&result[i1]); + add_error_reduce_89_2b(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -5347,18 +5347,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_390( +compute_ring_element_v_a40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_e4(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_91(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_1c0(&result, &product);); - invert_ntt_montgomery_780(&result); - result = add_message_error_reduce_89_f9(error_2, message, result); + ntt_multiply_89_ce(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_7e0(&result, &product);); + invert_ntt_montgomery_500(&result); + result = add_message_error_reduce_89_56(error_2, message, result); return result; } @@ -5368,14 +5368,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_780( +static KRML_MUSTINLINE void compress_then_serialize_11_0c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_770(to_unsigned_representative_10(re->coefficients[i0])); + compress_ea_a10(to_unsigned_representative_9b(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5393,10 +5393,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_f80( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_e50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_780(re, uu____0); + compress_then_serialize_11_0c0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -5412,7 +5412,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_fa0( +static void compress_then_serialize_u_540( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -5428,7 +5428,7 @@ static void compress_then_serialize_u_fa0( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_f80(&re, ret); + compress_then_serialize_ring_element_u_e50(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5441,9 +5441,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d00( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_c40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_9d(re, out); + compress_then_serialize_5_be(re, out); } /** @@ -5463,20 +5463,20 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_920(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_420(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_911( + deserialize_ring_elements_reduced_411( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - sample_matrix_A_040(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_6d1(seed, ret0); + sample_matrix_A_b80(ret0, false, A); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_6d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5490,7 +5490,7 @@ static void encrypt_920(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_d70(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_220(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -5498,31 +5498,31 @@ static void encrypt_920(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_dd2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_b02(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_5d0( + sample_from_binomial_distribution_5f0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_7c0(A, r_as_ntt, error_1, u); + compute_vector_u_4d0(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_53(copy_of_message); + deserialize_then_decompress_message_ed(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_390(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_a40(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_fa0( + compress_then_serialize_u_540( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_d00( + compress_then_serialize_ring_element_v_c40( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -5539,7 +5539,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_800(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_420(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5566,27 +5566,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_d20( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_540( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_6d0( + entropy_preprocess_d8_c60( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_a10(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f11(public_key), + H_a9_380(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_7a1(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_e10(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_5a0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5594,19 +5594,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_d20( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f11(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_7a1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_920(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_420(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_a91(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_191(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_800(shared_secret, shared_secret_array); + kdf_d8_420(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -5627,12 +5627,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_de0( +static KRML_MUSTINLINE void deserialize_secret_key_a00( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_e4();); + secret_as_ntt[i] = ZERO_89_9f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5644,7 +5644,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_de0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_a8(secret_bytes); + deserialize_to_uncompressed_ring_element_72(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5669,8 +5669,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_a90(Eurydice_slice serialized) { - return deserialize_then_decompress_11_14(serialized); +deserialize_then_decompress_ring_element_u_8d0(Eurydice_slice serialized) { + return deserialize_then_decompress_11_fb(serialized); } /** @@ -5679,17 +5679,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_400( +static KRML_MUSTINLINE void ntt_vector_u_7e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_9e(&zeta_i, re); - ntt_at_layer_2_41(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_25(re); + ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_3d(&zeta_i, re); + ntt_at_layer_2_16(&zeta_i, re); + ntt_at_layer_1_8f(&zeta_i, re); + poly_barrett_reduce_89_ef(re); } /** @@ -5704,12 +5704,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_c10( +static KRML_MUSTINLINE void deserialize_then_decompress_u_c50( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_e4();); + u_as_ntt[i] = ZERO_89_9f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -5727,8 +5727,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_c10( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a90(u_bytes); - ntt_vector_u_400(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_8d0(u_bytes); + ntt_vector_u_7e0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5742,8 +5742,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_250(Eurydice_slice serialized) { - return deserialize_then_decompress_5_6e(serialized); +deserialize_then_decompress_ring_element_v_da0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_d2(serialized); } /** @@ -5759,17 +5759,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_0c0( +compute_message_a60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_e4(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_91(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_1c0(&result, &product);); - invert_ntt_montgomery_780(&result); - result = subtract_reduce_89_01(v, result); + ntt_multiply_89_ce(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_7e0(&result, &product);); + invert_ntt_montgomery_500(&result); + result = subtract_reduce_89_65(v, result); return result; } @@ -5807,18 +5807,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_000(IndCpaPrivateKeyUnpacked_01 *secret_key, +static void decrypt_unpacked_e10(IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_c10(ciphertext, u_as_ntt); + deserialize_then_decompress_u_c50(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_250( + deserialize_then_decompress_ring_element_v_da0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_0c0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_a60(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_2d(message, ret0); + compress_then_serialize_message_23(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5832,10 +5832,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_050(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_eb0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_de0(secret_key, secret_as_ntt); + deserialize_secret_key_a00(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -5846,7 +5846,7 @@ static void decrypt_050(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_000(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e10(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5860,8 +5860,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_dd1(Eurydice_slice input, uint8_t ret[32U]) { - PRF_45(input, ret); +static KRML_MUSTINLINE void PRF_a9_b01(Eurydice_slice input, uint8_t ret[32U]) { + PRF_ba(input, ret); } /** @@ -5886,7 +5886,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_420( +void libcrux_ml_kem_ind_cca_decapsulate_b10( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5905,9 +5905,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_420( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_050(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_eb0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5915,7 +5915,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_420( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_e10(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_5a0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5923,31 +5923,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_420( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_ea4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_6d4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a61(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_c61(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_dd1(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_a9_b01(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_920(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_420(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_800(Eurydice_array_to_slice( + kdf_d8_420(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_800(shared_secret0, shared_secret); + kdf_d8_420(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_a61(ciphertext), + libcrux_ml_kem_types_as_ref_00_c61(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5969,12 +5969,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_910( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_410( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_e4();); + deserialized_pk[i] = ZERO_89_9f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5986,7 +5986,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_910( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_65(ring_element); + deserialize_to_reduced_ring_element_4d(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6004,7 +6004,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_91( +static KRML_MUSTINLINE void serialize_secret_key_6d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6022,7 +6022,7 @@ static KRML_MUSTINLINE void serialize_secret_key_91( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_30(&re, ret0); + serialize_uncompressed_ring_element_b6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -6040,14 +6040,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_59( +static KRML_MUSTINLINE void serialize_public_key_d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_91(t_as_ntt, ret0); + serialize_secret_key_6d(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6065,15 +6065,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_0a(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_31(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_910( + deserialize_ring_elements_reduced_410( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_59( + serialize_public_key_d0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -6091,7 +6091,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_a9_e1(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_5a(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -6105,7 +6105,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_1c( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_7c( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -6116,7 +6116,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_1c( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)2U; uint8_t ret0[64U]; - G_a9_e1(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_a9_5a(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -6126,10 +6126,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static void closure_34( +static void closure_d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_e4();); + ret[i] = ZERO_89_9f();); } /** @@ -6138,7 +6138,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_b4(uint8_t input[2U][34U]) { +shake128_init_absorb_e5(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -6159,11 +6159,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_cf(uint8_t input[2U][34U]) { +shake128_init_absorb_a9_30(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_b4(copy_of_input); + return shake128_init_absorb_e5(copy_of_input); } /** @@ -6172,7 +6172,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_98( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_62( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -6203,9 +6203,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_c0( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_a1( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_98(self, ret); + shake128_squeeze_three_blocks_62(self, ret); } /** @@ -6256,7 +6256,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_01( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9a( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6293,7 +6293,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_aa( +static KRML_MUSTINLINE void shake128_squeeze_block_58( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -6323,9 +6323,9 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_a3( +static KRML_MUSTINLINE void shake128_squeeze_block_a9_93( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_aa(self, ret); + shake128_squeeze_block_58(self, ret); } /** @@ -6376,7 +6376,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_010( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9a0( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6414,9 +6414,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_fb( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_a5( int16_t s[272U]) { - return from_i16_array_89_b6( + return from_i16_array_89_94( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6426,7 +6426,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_5b( +static KRML_MUSTINLINE void sample_from_xof_16( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -6435,25 +6435,25 @@ static KRML_MUSTINLINE void sample_from_xof_5b( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_cf(copy_of_seeds); + shake128_init_absorb_a9_30(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_a9_c0(&xof_state, randomness0); + shake128_squeeze_three_blocks_a9_a1(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_01( + bool done = sample_from_uniform_distribution_next_9a( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_block_a9_a3(&xof_state, randomness); + shake128_squeeze_block_a9_93(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_010( + done = sample_from_uniform_distribution_next_9a0( copy_of_randomness, sampled_coefficients, out); } } @@ -6462,7 +6462,7 @@ static KRML_MUSTINLINE void sample_from_xof_5b( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_fb(copy_of_out[i]);); + ret0[i] = closure_a5(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -6474,12 +6474,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_04( +static KRML_MUSTINLINE void sample_matrix_A_b8( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_34(A_transpose[i]);); + closure_d0(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6494,7 +6494,7 @@ static KRML_MUSTINLINE void sample_matrix_A_04( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_5b(copy_of_seeds, sampled); + sample_from_xof_16(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6534,7 +6534,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_66(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_e1(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; uint8_t out0[192U] = {0U}; @@ -6569,9 +6569,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_a9_a1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_9b(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_66(input, ret); + PRFxN_e1(input, ret); } /** @@ -6581,8 +6581,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_5d(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_6f(randomness); +sample_from_binomial_distribution_5f(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_12(randomness); } /** @@ -6601,7 +6601,7 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_88( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_e4();); + re_as_ntt[i] = ZERO_89_9f();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6613,12 +6613,12 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_88( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_a9_a1(prf_inputs, prf_outputs); + PRFxN_a9_9b(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_5d( + re_as_ntt[i0] = sample_from_binomial_distribution_5f( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_7c(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_58(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -6646,7 +6646,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_1c( +static KRML_MUSTINLINE void add_to_ring_element_89_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -6669,14 +6669,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_40( +static KRML_MUSTINLINE void compute_As_plus_e_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_e4();); + result[i] = ZERO_89_9f();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6697,10 +6697,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_91(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_1c(&result[i1], &product); + ntt_multiply_89_ce(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_7e(&result[i1], &product); } - add_standard_error_reduce_89_5b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_67(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -6719,10 +6719,10 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_fd( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_9d( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_1c(key_generation_seed, hashed); + cpa_keygen_seed_d8_7c(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6730,10 +6730,10 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_fd( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - sample_matrix_A_04(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); + sample_matrix_A_b8(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; @@ -6753,17 +6753,17 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_fd( sample_vector_cbd_then_ntt_88(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_40(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_2d(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[800U]; - serialize_public_key_59( + serialize_public_key_d0( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_91(secret_as_ntt, secret_key_serialized); + serialize_secret_key_6d(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6789,7 +6789,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_a9_a1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_38(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -6803,7 +6803,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_9c( +static KRML_MUSTINLINE void serialize_kem_secret_key_d4( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6829,7 +6829,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_9c( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_a1(public_key, ret0); + H_a9_38(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -6866,7 +6866,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_19( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_5d( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6876,13 +6876,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_19( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_fd(ind_cpa_keypair_randomness); + generate_keypair_9d(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_9c( + serialize_kem_secret_key_d4( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6891,13 +6891,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_19( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_f2(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_89(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_35( - uu____2, libcrux_ml_kem_types_from_b6_da(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_82( + uu____2, libcrux_ml_kem_types_from_b6_96(copy_of_public_key)); } /** @@ -6910,7 +6910,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_6d(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_c6(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6931,12 +6931,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_91( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_41( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_e4();); + deserialized_pk[i] = ZERO_89_9f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6948,7 +6948,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_91( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_65(ring_element); + deserialize_to_reduced_ring_element_4d(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6962,7 +6962,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_660(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_e10(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -6997,9 +6997,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_a10(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_9b0(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_660(input, ret); + PRFxN_e10(input, ret); } /** @@ -7014,10 +7014,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_d7(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_22(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_e4();); + error_1[i] = ZERO_89_9f();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7029,11 +7029,11 @@ sample_ring_element_cbd_d7(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_a9_a10(prf_inputs, prf_outputs); + PRFxN_a9_9b0(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_5d0( + sample_from_binomial_distribution_5f0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -7059,9 +7059,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_dd0(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_b00(Eurydice_slice input, uint8_t ret[128U]) { - PRF_450(input, ret); + PRF_ba0(input, ret); } /** @@ -7070,18 +7070,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_78( +static KRML_MUSTINLINE void invert_ntt_montgomery_50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_64(&zeta_i, re); - invert_ntt_at_layer_2_c0(&zeta_i, re); - invert_ntt_at_layer_3_da(&zeta_i, re); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_25(re); + invert_ntt_at_layer_1_a6(&zeta_i, re); + invert_ntt_at_layer_2_51(&zeta_i, re); + invert_ntt_at_layer_3_fd(&zeta_i, re); + invert_ntt_at_layer_4_plus_b3(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b3(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b3(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b3(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_ef(re); } /** @@ -7093,14 +7093,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_7c( +static KRML_MUSTINLINE void compute_vector_u_4d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_e4();); + result[i] = ZERO_89_9f();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7120,11 +7120,11 @@ static KRML_MUSTINLINE void compute_vector_u_7c( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_91(a_element, &r_as_ntt[j]); - add_to_ring_element_89_1c(&result[i1], &product); + ntt_multiply_89_ce(a_element, &r_as_ntt[j]); + add_to_ring_element_89_7e(&result[i1], &product); } - invert_ntt_montgomery_78(&result[i1]); - add_error_reduce_89_da(&result[i1], &error_1[i1]); + invert_ntt_montgomery_50(&result[i1]); + add_error_reduce_89_2b(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -7141,18 +7141,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_39( +compute_ring_element_v_a4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_e4(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_91(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_1c(&result, &product);); - invert_ntt_montgomery_78(&result); - result = add_message_error_reduce_89_f9(error_2, message, result); + ntt_multiply_89_ce(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_7e(&result, &product);); + invert_ntt_montgomery_50(&result); + result = add_message_error_reduce_89_56(error_2, message, result); return result; } @@ -7168,7 +7168,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_fa( +static void compress_then_serialize_u_54( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7184,7 +7184,7 @@ static void compress_then_serialize_u_fa( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_f8(&re, ret); + compress_then_serialize_ring_element_u_e5(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7207,20 +7207,20 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_92(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_42(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_91( + deserialize_ring_elements_reduced_41( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - sample_matrix_A_04(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_6d1(seed, ret0); + sample_matrix_A_b8(ret0, false, A); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_6d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7234,7 +7234,7 @@ static void encrypt_92(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_d7(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_22(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7242,31 +7242,31 @@ static void encrypt_92(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_dd0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_b00(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_5d0( + sample_from_binomial_distribution_5f0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_7c(A, r_as_ntt, error_1, u); + compute_vector_u_4d(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_53(copy_of_message); + deserialize_then_decompress_message_ed(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_39(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_a4(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_fa( + compress_then_serialize_u_54( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_d0( + compress_then_serialize_ring_element_v_c4( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7283,7 +7283,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_80(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_42(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7310,27 +7310,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_d2( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_54( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_6d( + entropy_preprocess_d8_c6( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_a1(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f1(public_key), + H_a9_38(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_7a(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_e1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_5a(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7338,19 +7338,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_d2( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f1(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_7a(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_92(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_42(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_a9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_19(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_80(shared_secret, shared_secret_array); + kdf_d8_42(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7371,12 +7371,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_de( +static KRML_MUSTINLINE void deserialize_secret_key_a0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_e4();); + secret_as_ntt[i] = ZERO_89_9f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7388,7 +7388,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_de( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_a8(secret_bytes); + deserialize_to_uncompressed_ring_element_72(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7418,12 +7418,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_c1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_c5( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_e4();); + u_as_ntt[i] = ZERO_89_9f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7441,8 +7441,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_c1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a9(u_bytes); - ntt_vector_u_40(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_8d(u_bytes); + ntt_vector_u_7e(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7462,17 +7462,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_0c( +compute_message_a6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_e4(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_91(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_1c(&result, &product);); - invert_ntt_montgomery_78(&result); - result = subtract_reduce_89_01(v, result); + ntt_multiply_89_ce(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_7e(&result, &product);); + invert_ntt_montgomery_50(&result); + result = subtract_reduce_89_65(v, result); return result; } @@ -7510,18 +7510,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_00(IndCpaPrivateKeyUnpacked_d6 *secret_key, +static void decrypt_unpacked_e1(IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_c1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_c5(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_25( + deserialize_then_decompress_ring_element_v_da( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_0c(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_a6(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_2d(message, ret0); + compress_then_serialize_message_23(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7535,10 +7535,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_05(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_eb(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_de(secret_key, secret_as_ntt); + deserialize_secret_key_a0(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -7549,7 +7549,7 @@ static void decrypt_05(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_00(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e1(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7563,8 +7563,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_dd(Eurydice_slice input, uint8_t ret[32U]) { - PRF_45(input, ret); +static KRML_MUSTINLINE void PRF_a9_b0(Eurydice_slice input, uint8_t ret[32U]) { + PRF_ba(input, ret); } /** @@ -7589,7 +7589,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_42( +void libcrux_ml_kem_ind_cca_decapsulate_b1( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7607,9 +7607,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_42( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_05(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_eb(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -7617,7 +7617,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_42( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_e1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_5a(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7625,30 +7625,30 @@ void libcrux_ml_kem_ind_cca_decapsulate_42( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_6d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a6(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_c6(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_dd(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_a9_b0(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_92(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_42(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_80(Eurydice_array_to_slice((size_t)32U, + kdf_d8_42(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_80(shared_secret0, shared_secret); + kdf_d8_42(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_a6(ciphertext), + libcrux_ml_kem_types_as_ref_00_c6(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index de251e8eb..f65a4e3d1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 4c13b8d96..f467c74be 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #include "internal/libcrux_mlkem_portable.h" @@ -75,7 +75,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - core_result_unwrap_41_f9(dst, ret); + core_result_unwrap_41_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -2241,7 +2241,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_ea(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_c3(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2275,8 +2275,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_6d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); +deserialize_to_reduced_ring_element_45(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2304,12 +2304,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0c4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_4f4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_ea();); + deserialized_pk[i] = ZERO_89_c3();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2321,7 +2321,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0c4( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_6d(ring_element); + deserialize_to_reduced_ring_element_45(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2335,7 +2335,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_94(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_b0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2354,8 +2354,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_19(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_94(v); +shift_right_0d_01(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_b0(v); } /** @@ -2365,10 +2365,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_db( +to_unsigned_representative_84( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_19(a); + shift_right_0d_01(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2381,14 +2381,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_5b( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_db(re->coefficients[i0]); + to_unsigned_representative_84(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2409,7 +2409,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_b51( +static KRML_MUSTINLINE void serialize_secret_key_a31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2427,7 +2427,7 @@ static KRML_MUSTINLINE void serialize_secret_key_b51( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_5b(&re, ret0); + serialize_uncompressed_ring_element_3c(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -2445,14 +2445,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_791( +static KRML_MUSTINLINE void serialize_public_key_671( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_b51(t_as_ntt, ret0); + serialize_secret_key_a31(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -2470,15 +2470,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3f1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_b71(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_0c4( + deserialize_ring_elements_reduced_4f4( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_791( + serialize_public_key_671( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2496,7 +2496,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_e41(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_381(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2510,7 +2510,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_06( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_72( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -2521,7 +2521,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_06( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)4U; uint8_t ret0[64U]; - G_f1_e41(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_f1_381(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -2532,10 +2532,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_4b1( +static void closure_fc1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_ea();); + ret[i] = ZERO_89_c3();); } /** @@ -2553,7 +2553,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_b71(uint8_t input[4U][34U]) { +shake128_init_absorb_791(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2584,11 +2584,11 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_f1_8c1(uint8_t input[4U][34U]) { +shake128_init_absorb_f1_771(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_b71(copy_of_input); + return shake128_init_absorb_791(copy_of_input); } /** @@ -2597,7 +2597,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_ca1( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_eb1( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2618,9 +2618,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_691( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_841( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_ca1(self, ret); + shake128_squeeze_three_blocks_eb1(self, ret); } /** @@ -2671,7 +2671,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_db3( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_173( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2709,7 +2709,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_dd1(PortableHash_d1 *st, +static KRML_MUSTINLINE void shake128_squeeze_block_3b1(PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2730,9 +2730,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_601( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_8e1( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_dd1(self, ret); + shake128_squeeze_block_3b1(self, ret); } /** @@ -2783,7 +2783,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_db4( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_174( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2826,8 +2826,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_89_c1(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_ea(); +from_i16_array_89_33(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2847,9 +2847,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_041( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_e41( int16_t s[272U]) { - return from_i16_array_89_c1( + return from_i16_array_89_33( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2860,7 +2860,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_3f1( +static KRML_MUSTINLINE void sample_from_xof_461( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -2868,25 +2868,25 @@ static KRML_MUSTINLINE void sample_from_xof_3f1( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_f1_8c1(copy_of_seeds); + PortableHash_d1 xof_state = shake128_init_absorb_f1_771(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_f1_691(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_841(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_db3( + bool done = sample_from_uniform_distribution_next_173( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_block_f1_601(&xof_state, randomness); + shake128_squeeze_block_f1_8e1(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_db4( + done = sample_from_uniform_distribution_next_174( copy_of_randomness, sampled_coefficients, out); } } @@ -2895,7 +2895,7 @@ static KRML_MUSTINLINE void sample_from_xof_3f1( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_041(copy_of_out[i]);); + ret0[i] = closure_e41(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2908,12 +2908,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_381( +static KRML_MUSTINLINE void sample_matrix_A_e71( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_4b1(A_transpose[i]);); + closure_fc1(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -2928,7 +2928,7 @@ static KRML_MUSTINLINE void sample_matrix_A_381( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_3f1(copy_of_seeds, sampled); + sample_from_xof_461(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2968,7 +2968,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_c52(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2989,9 +2989,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_932(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_d52(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_c52(input, ret); + PRFxN_1c2(input, ret); } /** @@ -3050,7 +3050,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_85(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_7b(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -3084,7 +3084,7 @@ sample_from_binomial_distribution_2_85(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_c1( + return from_i16_array_89_33( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3095,7 +3095,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_eb(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_14(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -3128,7 +3128,7 @@ sample_from_binomial_distribution_3_eb(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_c1( + return from_i16_array_89_33( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3139,8 +3139,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_c6(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_85(randomness); +sample_from_binomial_distribution_ca(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_7b(randomness); } /** @@ -3149,7 +3149,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_f4( +static KRML_MUSTINLINE void ntt_at_layer_7_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3177,7 +3177,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_67( +montgomery_multiply_fe_05( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3191,12 +3191,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_0c( + ntt_layer_int_vec_step_88( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_67(b, zeta_r); + montgomery_multiply_fe_05(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3210,7 +3210,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_51( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_8c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3223,7 +3223,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_51( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_0c( + ntt_layer_int_vec_step_88( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3240,7 +3240,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_fd( +static KRML_MUSTINLINE void ntt_at_layer_3_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3258,7 +3258,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_ad( +static KRML_MUSTINLINE void ntt_at_layer_2_26( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3278,7 +3278,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_a2( +static KRML_MUSTINLINE void ntt_at_layer_1_3c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3306,7 +3306,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_8b( +static KRML_MUSTINLINE void poly_barrett_reduce_89_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3324,17 +3324,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_0f( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_63( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_f4(re); + ntt_at_layer_7_60(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_fd(&zeta_i, re); - ntt_at_layer_2_ad(&zeta_i, re); - ntt_at_layer_1_a2(&zeta_i, re); - poly_barrett_reduce_89_8b(re); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_26(&zeta_i, re); + ntt_at_layer_1_3c(&zeta_i, re); + poly_barrett_reduce_89_d8(re); } /** @@ -3350,11 +3350,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_fc1( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_781( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_ea();); + re_as_ntt[i] = ZERO_89_c3();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3366,12 +3366,12 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_fc1( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_932(prf_inputs, prf_outputs); + PRFxN_f1_d52(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_c6( + re_as_ntt[i0] = sample_from_binomial_distribution_ca( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_0f(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_63(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -3423,9 +3423,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_89_2a(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_89_3b(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_ea(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_c3(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3462,7 +3462,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_841( +static KRML_MUSTINLINE void add_to_ring_element_89_1e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3487,7 +3487,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_59( +to_standard_domain_21( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3503,14 +3503,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_03( +static KRML_MUSTINLINE void add_standard_error_reduce_89_64( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_59(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_21(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3528,14 +3528,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_601( +static KRML_MUSTINLINE void compute_As_plus_e_c71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_ea();); + result[i] = ZERO_89_c3();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3556,10 +3556,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_601( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_2a(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_841(&result[i1], &product); + ntt_multiply_89_3b(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_1e1(&result[i1], &product); } - add_standard_error_reduce_89_03(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_64(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -3578,10 +3578,10 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_fc1( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_a21( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_06(key_generation_seed, hashed); + cpa_keygen_seed_d8_72(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3589,15 +3589,15 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_fc1( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - sample_matrix_A_381(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); + sample_matrix_A_e71(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_fc1(copy_of_prf_input0, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_781(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -3609,20 +3609,20 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_fc1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_fc1(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_781(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_601(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_c71(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[1568U]; - serialize_public_key_791( + serialize_public_key_671( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_b51(secret_as_ntt, secret_key_serialized); + serialize_secret_key_a31(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3648,7 +3648,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_1a1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_191(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3662,7 +3662,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_6e( +static KRML_MUSTINLINE void serialize_kem_secret_key_7d( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3688,7 +3688,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_6e( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_1a1(public_key, ret0); + H_f1_191(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -3726,7 +3726,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_8c1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f61(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3735,13 +3735,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_8c1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_fc1(ind_cpa_keypair_randomness); + generate_keypair_a21(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_6e( + serialize_kem_secret_key_7d( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3750,13 +3750,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_8c1(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_f21(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_891(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_351( - uu____2, libcrux_ml_kem_types_from_b6_da1(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_821( + uu____2, libcrux_ml_kem_types_from_b6_961(copy_of_public_key)); } /** @@ -3769,7 +3769,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_77(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_d1(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3790,12 +3790,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0c3( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_4f3( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_ea();); + deserialized_pk[i] = ZERO_89_c3();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3807,7 +3807,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0c3( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_6d(ring_element); + deserialize_to_reduced_ring_element_45(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -3828,10 +3828,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_c71(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_c01(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_ea();); + error_1[i] = ZERO_89_c3();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3843,11 +3843,11 @@ sample_ring_element_cbd_c71(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_932(prf_inputs, prf_outputs); + PRFxN_f1_d52(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_c6( + sample_from_binomial_distribution_ca( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -3868,7 +3868,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_2b0(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_7c0(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -3885,9 +3885,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_ee4(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_2e4(Eurydice_slice input, uint8_t ret[128U]) { - PRF_2b0(input, ret); + PRF_7c0(input, ret); } /** @@ -3896,7 +3896,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_d2( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_13( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3920,7 +3920,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_06( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_8f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3940,7 +3940,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_f9( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_a7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3960,7 +3960,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_bb( + inv_ntt_layer_int_vec_step_reduce_9e( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3968,7 +3968,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_67(a_minus_b, zeta_r); + b = montgomery_multiply_fe_05(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3980,7 +3980,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_1a( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3995,7 +3995,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_1a( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_bb( + inv_ntt_layer_int_vec_step_reduce_9e( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4012,18 +4012,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_7b1( +static KRML_MUSTINLINE void invert_ntt_montgomery_a31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_d2(&zeta_i, re); - invert_ntt_at_layer_2_06(&zeta_i, re); - invert_ntt_at_layer_3_f9(&zeta_i, re); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_8b(re); + invert_ntt_at_layer_1_13(&zeta_i, re); + invert_ntt_at_layer_2_8f(&zeta_i, re); + invert_ntt_at_layer_3_a7(&zeta_i, re); + invert_ntt_at_layer_4_plus_34(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_34(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_34(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_34(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_d8(re); } /** @@ -4036,7 +4036,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_af( +static KRML_MUSTINLINE void add_error_reduce_89_2a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4063,14 +4063,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_891( +static KRML_MUSTINLINE void compute_vector_u_001( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_ea();); + result[i] = ZERO_89_c3();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4090,11 +4090,11 @@ static KRML_MUSTINLINE void compute_vector_u_891( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_2a(a_element, &r_as_ntt[j]); - add_to_ring_element_89_841(&result[i1], &product); + ntt_multiply_89_3b(a_element, &r_as_ntt[j]); + add_to_ring_element_89_1e1(&result[i1], &product); } - invert_ntt_montgomery_7b1(&result[i1]); - add_error_reduce_89_af(&result[i1], &error_1[i1]); + invert_ntt_montgomery_a31(&result[i1]); + add_error_reduce_89_2a(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4108,7 +4108,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_5d0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_d7(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4122,8 +4122,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_cd(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); +deserialize_then_decompress_message_3e(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4133,7 +4133,7 @@ deserialize_then_decompress_message_cd(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_5d0(coefficient_compressed); + decompress_1_d7(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4149,7 +4149,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_63( +add_message_error_reduce_89_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4182,18 +4182,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_ca1( +compute_ring_element_v_d71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_ea(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_2a(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_841(&result, &product);); - invert_ntt_montgomery_7b1(&result); - result = add_message_error_reduce_89_63(error_2, message, result); + ntt_multiply_89_3b(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_1e1(&result, &product);); + invert_ntt_montgomery_a31(&result); + result = add_message_error_reduce_89_0c(error_2, message, result); return result; } @@ -4203,7 +4203,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_02(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_dc(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4224,9 +4224,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_28( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_96( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_02(v); + return compress_dc(v); } /** @@ -4235,7 +4235,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_020(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_dc0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4257,8 +4257,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_280(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_020(v); +compress_0d_960(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_dc0(v); } /** @@ -4267,14 +4267,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_880( +static KRML_MUSTINLINE void compress_then_serialize_11_b10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_280(to_unsigned_representative_db(re->coefficients[i0])); + compress_0d_960(to_unsigned_representative_84(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4292,10 +4292,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_890( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_880(re, uu____0); + compress_then_serialize_11_b10(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4311,7 +4311,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_141( +static void compress_then_serialize_u_731( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4327,7 +4327,7 @@ static void compress_then_serialize_u_141( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_890(&re, ret); + compress_then_serialize_ring_element_u_d10(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4339,7 +4339,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_021(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_dc1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4361,8 +4361,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_281(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_021(v); +compress_0d_961(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_dc1(v); } /** @@ -4371,14 +4371,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_3c( +static KRML_MUSTINLINE void compress_then_serialize_4_eb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_281(to_unsigned_representative_db(re.coefficients[i0])); + compress_0d_961(to_unsigned_representative_84(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4394,7 +4394,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_022(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_dc2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4416,8 +4416,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_282(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_022(v); +compress_0d_962(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_dc2(v); } /** @@ -4426,14 +4426,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_00( +static KRML_MUSTINLINE void compress_then_serialize_5_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_282(to_unsigned_representative_db(re.coefficients[i0])); + compress_0d_962(to_unsigned_representative_84(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4450,9 +4450,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_870( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_640( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_00(re, out); + compress_then_serialize_5_ba(re, out); } /** @@ -4473,24 +4473,24 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_831(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_d51(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_0c3( + deserialize_ring_elements_reduced_4f3( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - sample_matrix_A_381(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_6d1(seed, ret0); + sample_matrix_A_e71(ret0, false, A); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_6d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_fc1(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_781(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4500,7 +4500,7 @@ static void encrypt_831(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_c71(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_c01(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4508,31 +4508,31 @@ static void encrypt_831(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_ee4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_2e4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_c6( + sample_from_binomial_distribution_ca( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_891(A, r_as_ntt, error_1, u); + compute_vector_u_001(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cd(copy_of_message); + deserialize_then_decompress_message_3e(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_ca1(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_d71(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_141( + compress_then_serialize_u_731( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_870( + compress_then_serialize_ring_element_v_640( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4549,7 +4549,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_5f(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_93(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4576,27 +4576,27 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_371( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_77( + entropy_preprocess_d8_d1( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_1a1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f11(public_key), + H_f1_191(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_7a1(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_e41(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_381(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4604,19 +4604,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f11(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_7a1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_831(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_d51(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_a91(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_191(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_5f(shared_secret, shared_secret_array); + kdf_d8_93(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -4635,8 +4635,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_8c(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); +deserialize_to_uncompressed_ring_element_da(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4658,12 +4658,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_411( +static KRML_MUSTINLINE void deserialize_secret_key_6b1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_ea();); + secret_as_ntt[i] = ZERO_89_c3();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4675,7 +4675,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_411( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_8c(secret_bytes); + deserialize_to_uncompressed_ring_element_da(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4700,7 +4700,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_6b( +decompress_ciphertext_coefficient_84( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4725,9 +4725,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_5a( +decompress_ciphertext_coefficient_0d_b3( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_6b(v); + return decompress_ciphertext_coefficient_84(v); } /** @@ -4737,8 +4737,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_0a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); +deserialize_then_decompress_10_0d(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -4747,7 +4747,7 @@ deserialize_then_decompress_10_0a(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_5a(coefficient); + decompress_ciphertext_coefficient_0d_b3(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4760,7 +4760,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_6b0( +decompress_ciphertext_coefficient_840( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4785,9 +4785,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_5a0( +decompress_ciphertext_coefficient_0d_b30( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_6b0(v); + return decompress_ciphertext_coefficient_840(v); } /** @@ -4797,8 +4797,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_20(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); +deserialize_then_decompress_11_47(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4807,7 +4807,7 @@ deserialize_then_decompress_11_20(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_5a0(coefficient); + decompress_ciphertext_coefficient_0d_b30(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4820,8 +4820,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_120(Eurydice_slice serialized) { - return deserialize_then_decompress_11_20(serialized); +deserialize_then_decompress_ring_element_u_230(Eurydice_slice serialized) { + return deserialize_then_decompress_11_47(serialized); } /** @@ -4830,17 +4830,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_540( +static KRML_MUSTINLINE void ntt_vector_u_f80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_fd(&zeta_i, re); - ntt_at_layer_2_ad(&zeta_i, re); - ntt_at_layer_1_a2(&zeta_i, re); - poly_barrett_reduce_89_8b(re); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_26(&zeta_i, re); + ntt_at_layer_1_3c(&zeta_i, re); + poly_barrett_reduce_89_d8(re); } /** @@ -4855,12 +4855,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_a31( +static KRML_MUSTINLINE void deserialize_then_decompress_u_771( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_ea();); + u_as_ntt[i] = ZERO_89_c3();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -4878,8 +4878,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a31( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_120(u_bytes); - ntt_vector_u_540(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_230(u_bytes); + ntt_vector_u_f80(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4893,7 +4893,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_6b1( +decompress_ciphertext_coefficient_841( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4918,9 +4918,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_5a1( +decompress_ciphertext_coefficient_0d_b31( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_6b1(v); + return decompress_ciphertext_coefficient_841(v); } /** @@ -4930,8 +4930,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_37(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); +deserialize_then_decompress_4_e8(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -4940,7 +4940,7 @@ deserialize_then_decompress_4_37(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_5a1(coefficient); + decompress_ciphertext_coefficient_0d_b31(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4953,7 +4953,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_6b2( +decompress_ciphertext_coefficient_842( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4978,9 +4978,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_5a2( +decompress_ciphertext_coefficient_0d_b32( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_6b2(v); + return decompress_ciphertext_coefficient_842(v); } /** @@ -4990,8 +4990,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_60(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); +deserialize_then_decompress_5_b6(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5000,7 +5000,7 @@ deserialize_then_decompress_5_60(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_5a2(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_b32(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5013,8 +5013,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_010(Eurydice_slice serialized) { - return deserialize_then_decompress_5_60(serialized); +deserialize_then_decompress_ring_element_v_020(Eurydice_slice serialized) { + return deserialize_then_decompress_5_b6(serialized); } /** @@ -5028,7 +5028,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_a2(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_27(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5059,17 +5059,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_e71( +compute_message_171( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_ea(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_2a(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_841(&result, &product);); - invert_ntt_montgomery_7b1(&result); - result = subtract_reduce_89_a2(v, result); + ntt_multiply_89_3b(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_1e1(&result, &product);); + invert_ntt_montgomery_a31(&result); + result = subtract_reduce_89_27(v, result); return result; } @@ -5079,13 +5079,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_1b( +static KRML_MUSTINLINE void compress_then_serialize_message_07( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_db(re.coefficients[i0]); + to_unsigned_representative_84(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5133,18 +5133,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_a01(IndCpaPrivateKeyUnpacked_42 *secret_key, +static void decrypt_unpacked_951(IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_a31(ciphertext, u_as_ntt); + deserialize_then_decompress_u_771(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_010( + deserialize_then_decompress_ring_element_v_020( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_e71(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_171(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_1b(message, ret0); + compress_then_serialize_message_07(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5158,10 +5158,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_941(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_d71(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_411(secret_key, secret_as_ntt); + deserialize_secret_key_6b1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5172,7 +5172,7 @@ static void decrypt_941(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_a01(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_951(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5181,7 +5181,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_2b(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_7c(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -5198,8 +5198,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_ee3(Eurydice_slice input, uint8_t ret[32U]) { - PRF_2b(input, ret); +static KRML_MUSTINLINE void PRF_f1_2e3(Eurydice_slice input, uint8_t ret[32U]) { + PRF_7c(input, ret); } /** @@ -5224,7 +5224,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_fd1( +void libcrux_ml_kem_ind_cca_decapsulate_e51( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5243,9 +5243,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_941(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_d71(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5253,7 +5253,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd1( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_e41(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_381(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5261,31 +5261,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd1( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_ea4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_6d4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a61(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_c61(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_ee3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_f1_2e3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_831(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_d51(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_5f(Eurydice_array_to_slice((size_t)32U, + kdf_d8_93(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_5f(shared_secret0, shared_secret); + kdf_d8_93(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_a61(ciphertext), + libcrux_ml_kem_types_as_ref_00_c61(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5307,12 +5307,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0c2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_4f2( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_ea();); + deserialized_pk[i] = ZERO_89_c3();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5324,7 +5324,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0c2( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_6d(ring_element); + deserialize_to_reduced_ring_element_45(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5342,7 +5342,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_b50( +static KRML_MUSTINLINE void serialize_secret_key_a30( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5360,7 +5360,7 @@ static KRML_MUSTINLINE void serialize_secret_key_b50( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_5b(&re, ret0); + serialize_uncompressed_ring_element_3c(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5378,14 +5378,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_790( +static KRML_MUSTINLINE void serialize_public_key_670( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_b50(t_as_ntt, ret0); + serialize_secret_key_a30(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5403,15 +5403,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3f0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_b70(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_0c2( + deserialize_ring_elements_reduced_4f2( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_790( + serialize_public_key_670( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5429,7 +5429,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_e40(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_380(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5443,7 +5443,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_c0( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_4d( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -5454,7 +5454,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_c0( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)2U; uint8_t ret0[64U]; - G_f1_e40(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_f1_380(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -5465,10 +5465,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_4b0( +static void closure_fc0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_ea();); + ret[i] = ZERO_89_c3();); } /** @@ -5486,7 +5486,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_b70(uint8_t input[2U][34U]) { +shake128_init_absorb_790(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -5517,11 +5517,11 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_f1_8c0(uint8_t input[2U][34U]) { +shake128_init_absorb_f1_770(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_b70(copy_of_input); + return shake128_init_absorb_790(copy_of_input); } /** @@ -5530,7 +5530,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_ca0( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_eb0( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5551,9 +5551,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_690( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_840( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_ca0(self, ret); + shake128_squeeze_three_blocks_eb0(self, ret); } /** @@ -5604,7 +5604,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_db1( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_171( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5642,7 +5642,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_dd0(PortableHash_8b *st, +static KRML_MUSTINLINE void shake128_squeeze_block_3b0(PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5663,9 +5663,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_600( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_8e0( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_dd0(self, ret); + shake128_squeeze_block_3b0(self, ret); } /** @@ -5716,7 +5716,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_db2( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_172( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5755,9 +5755,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_040( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_e40( int16_t s[272U]) { - return from_i16_array_89_c1( + return from_i16_array_89_33( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5768,7 +5768,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_3f0( +static KRML_MUSTINLINE void sample_from_xof_460( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -5776,25 +5776,25 @@ static KRML_MUSTINLINE void sample_from_xof_3f0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_f1_8c0(copy_of_seeds); + PortableHash_8b xof_state = shake128_init_absorb_f1_770(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_f1_690(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_840(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_db1( + bool done = sample_from_uniform_distribution_next_171( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_block_f1_600(&xof_state, randomness); + shake128_squeeze_block_f1_8e0(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_db2( + done = sample_from_uniform_distribution_next_172( copy_of_randomness, sampled_coefficients, out); } } @@ -5803,7 +5803,7 @@ static KRML_MUSTINLINE void sample_from_xof_3f0( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_040(copy_of_out[i]);); + ret0[i] = closure_e40(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5816,12 +5816,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_380( +static KRML_MUSTINLINE void sample_matrix_A_e70( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_4b0(A_transpose[i]);); + closure_fc0(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5836,7 +5836,7 @@ static KRML_MUSTINLINE void sample_matrix_A_380( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_3f0(copy_of_seeds, sampled); + sample_from_xof_460(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5876,7 +5876,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_c50(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5897,9 +5897,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_930(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_d50(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_c50(input, ret); + PRFxN_1c0(input, ret); } /** @@ -5909,8 +5909,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_c60(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_eb(randomness); +sample_from_binomial_distribution_ca0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_14(randomness); } /** @@ -5926,11 +5926,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_fc0( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_780( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_ea();); + re_as_ntt[i] = ZERO_89_c3();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5942,12 +5942,12 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_fc0( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_930(prf_inputs, prf_outputs); + PRFxN_f1_d50(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_c60( + re_as_ntt[i0] = sample_from_binomial_distribution_ca0( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_0f(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_63(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -5975,7 +5975,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_840( +static KRML_MUSTINLINE void add_to_ring_element_89_1e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6002,14 +6002,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_600( +static KRML_MUSTINLINE void compute_As_plus_e_c70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_ea();); + result[i] = ZERO_89_c3();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6030,10 +6030,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_600( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_2a(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_840(&result[i1], &product); + ntt_multiply_89_3b(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_1e0(&result[i1], &product); } - add_standard_error_reduce_89_03(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_64(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -6052,10 +6052,10 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_fc0( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_a20( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_c0(key_generation_seed, hashed); + cpa_keygen_seed_d8_4d(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6063,15 +6063,15 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_fc0( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - sample_matrix_A_380(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); + sample_matrix_A_e70(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_fc0(copy_of_prf_input0, 0U); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_780(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6083,20 +6083,20 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_fc0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_fc0(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_780(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_600(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_c70(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[800U]; - serialize_public_key_790( + serialize_public_key_670( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_b50(secret_as_ntt, secret_key_serialized); + serialize_secret_key_a30(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6122,7 +6122,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_1a0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_190(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -6136,7 +6136,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_20( +static KRML_MUSTINLINE void serialize_kem_secret_key_19( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6162,7 +6162,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_20( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_1a0(public_key, ret0); + H_f1_190(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -6200,7 +6200,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_8c0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f60(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6209,13 +6209,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_8c0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_fc0(ind_cpa_keypair_randomness); + generate_keypair_a20(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_20( + serialize_kem_secret_key_19( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6224,13 +6224,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_8c0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_f2(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_89(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_35( - uu____2, libcrux_ml_kem_types_from_b6_da(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_82( + uu____2, libcrux_ml_kem_types_from_b6_96(copy_of_public_key)); } /** @@ -6243,7 +6243,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_3a(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_6c(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6264,12 +6264,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0c1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_4f1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_ea();); + deserialized_pk[i] = ZERO_89_c3();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6281,7 +6281,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0c1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_6d(ring_element); + deserialize_to_reduced_ring_element_45(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6295,7 +6295,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_c51(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2( @@ -6316,9 +6316,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_931(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_d51(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_c51(input, ret); + PRFxN_1c1(input, ret); } /** @@ -6334,10 +6334,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_c70(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_c00(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_ea();); + error_1[i] = ZERO_89_c3();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6349,11 +6349,11 @@ sample_ring_element_cbd_c70(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_931(prf_inputs, prf_outputs); + PRFxN_f1_d51(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_c6( + sample_from_binomial_distribution_ca( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -6379,9 +6379,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_ee2(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_2e2(Eurydice_slice input, uint8_t ret[128U]) { - PRF_2b0(input, ret); + PRF_7c0(input, ret); } /** @@ -6390,18 +6390,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_7b0( +static KRML_MUSTINLINE void invert_ntt_montgomery_a30( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_d2(&zeta_i, re); - invert_ntt_at_layer_2_06(&zeta_i, re); - invert_ntt_at_layer_3_f9(&zeta_i, re); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_8b(re); + invert_ntt_at_layer_1_13(&zeta_i, re); + invert_ntt_at_layer_2_8f(&zeta_i, re); + invert_ntt_at_layer_3_a7(&zeta_i, re); + invert_ntt_at_layer_4_plus_34(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_34(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_34(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_34(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_d8(re); } /** @@ -6413,14 +6413,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_890( +static KRML_MUSTINLINE void compute_vector_u_000( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_ea();); + result[i] = ZERO_89_c3();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6440,11 +6440,11 @@ static KRML_MUSTINLINE void compute_vector_u_890( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_2a(a_element, &r_as_ntt[j]); - add_to_ring_element_89_840(&result[i1], &product); + ntt_multiply_89_3b(a_element, &r_as_ntt[j]); + add_to_ring_element_89_1e0(&result[i1], &product); } - invert_ntt_montgomery_7b0(&result[i1]); - add_error_reduce_89_af(&result[i1], &error_1[i1]); + invert_ntt_montgomery_a30(&result[i1]); + add_error_reduce_89_2a(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -6461,18 +6461,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_ca0( +compute_ring_element_v_d70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_ea(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_2a(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_840(&result, &product);); - invert_ntt_montgomery_7b0(&result); - result = add_message_error_reduce_89_63(error_2, message, result); + ntt_multiply_89_3b(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_1e0(&result, &product);); + invert_ntt_montgomery_a30(&result); + result = add_message_error_reduce_89_0c(error_2, message, result); return result; } @@ -6482,14 +6482,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_5b( +static KRML_MUSTINLINE void compress_then_serialize_10_d6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_28(to_unsigned_representative_db(re->coefficients[i0])); + compress_0d_96(to_unsigned_representative_84(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6507,10 +6507,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_89( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_5b(re, uu____0); + compress_then_serialize_10_d6(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6526,7 +6526,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_140( +static void compress_then_serialize_u_730( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6542,7 +6542,7 @@ static void compress_then_serialize_u_140( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_89(&re, ret); + compress_then_serialize_ring_element_u_d1(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -6555,9 +6555,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_87( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_64( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_3c(re, out); + compress_then_serialize_4_eb(re, out); } /** @@ -6578,24 +6578,24 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_830(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_d50(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_0c1( + deserialize_ring_elements_reduced_4f1( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - sample_matrix_A_380(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_6d1(seed, ret0); + sample_matrix_A_e70(ret0, false, A); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_6d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_fc0(copy_of_prf_input0, 0U); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_780(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6605,7 +6605,7 @@ static void encrypt_830(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_c70(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_c00(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6613,31 +6613,31 @@ static void encrypt_830(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_ee2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_2e2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_c6( + sample_from_binomial_distribution_ca( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_890(A, r_as_ntt, error_1, u); + compute_vector_u_000(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cd(copy_of_message); + deserialize_then_decompress_message_3e(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_ca0(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_d70(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_140( + compress_then_serialize_u_730( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_87( + compress_then_serialize_ring_element_v_64( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -6654,7 +6654,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_14(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_32(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6681,27 +6681,27 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_370( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_3a( + entropy_preprocess_d8_6c( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_1a0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f1(public_key), + H_f1_190(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_7a(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_e40(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_380(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6709,19 +6709,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f1(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_7a(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_830(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_d50(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_a9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_19(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_14(shared_secret, shared_secret_array); + kdf_d8_32(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6742,12 +6742,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_410( +static KRML_MUSTINLINE void deserialize_secret_key_6b0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_ea();); + secret_as_ntt[i] = ZERO_89_c3();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6759,7 +6759,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_410( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_8c(secret_bytes); + deserialize_to_uncompressed_ring_element_da(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6784,8 +6784,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_12(Eurydice_slice serialized) { - return deserialize_then_decompress_10_0a(serialized); +deserialize_then_decompress_ring_element_u_23(Eurydice_slice serialized) { + return deserialize_then_decompress_10_0d(serialized); } /** @@ -6794,17 +6794,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_54( +static KRML_MUSTINLINE void ntt_vector_u_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_fd(&zeta_i, re); - ntt_at_layer_2_ad(&zeta_i, re); - ntt_at_layer_1_a2(&zeta_i, re); - poly_barrett_reduce_89_8b(re); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_26(&zeta_i, re); + ntt_at_layer_1_3c(&zeta_i, re); + poly_barrett_reduce_89_d8(re); } /** @@ -6819,12 +6819,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_a30( +static KRML_MUSTINLINE void deserialize_then_decompress_u_770( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_ea();); + u_as_ntt[i] = ZERO_89_c3();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -6842,8 +6842,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a30( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_12(u_bytes); - ntt_vector_u_54(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_23(u_bytes); + ntt_vector_u_f8(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6857,8 +6857,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_01(Eurydice_slice serialized) { - return deserialize_then_decompress_4_37(serialized); +deserialize_then_decompress_ring_element_v_02(Eurydice_slice serialized) { + return deserialize_then_decompress_4_e8(serialized); } /** @@ -6874,17 +6874,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_e70( +compute_message_170( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_ea(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_2a(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_840(&result, &product);); - invert_ntt_montgomery_7b0(&result); - result = subtract_reduce_89_a2(v, result); + ntt_multiply_89_3b(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_1e0(&result, &product);); + invert_ntt_montgomery_a30(&result); + result = subtract_reduce_89_27(v, result); return result; } @@ -6922,18 +6922,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_a00(IndCpaPrivateKeyUnpacked_ae *secret_key, +static void decrypt_unpacked_950(IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_a30(ciphertext, u_as_ntt); + deserialize_then_decompress_u_770(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_01( + deserialize_then_decompress_ring_element_v_02( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_e70(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_170(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_1b(message, ret0); + compress_then_serialize_message_07(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6947,10 +6947,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_940(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_d70(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_410(secret_key, secret_as_ntt); + deserialize_secret_key_6b0(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -6961,7 +6961,7 @@ static void decrypt_940(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_a00(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_950(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6975,8 +6975,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_ee1(Eurydice_slice input, uint8_t ret[32U]) { - PRF_2b(input, ret); +static KRML_MUSTINLINE void PRF_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { + PRF_7c(input, ret); } /** @@ -7001,7 +7001,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_fd0( +void libcrux_ml_kem_ind_cca_decapsulate_e50( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7019,9 +7019,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_940(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_d70(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -7029,7 +7029,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd0( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_e40(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_380(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7037,31 +7037,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_6d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a6(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_c6(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_ee1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_f1_2e1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_830(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_d50(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_14(Eurydice_array_to_slice((size_t)32U, + kdf_d8_32(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_14(shared_secret0, shared_secret); + kdf_d8_32(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_a6(ciphertext), + libcrux_ml_kem_types_as_ref_00_c6(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7083,12 +7083,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0c0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_4f0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_ea();); + deserialized_pk[i] = ZERO_89_c3();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7100,7 +7100,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0c0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_6d(ring_element); + deserialize_to_reduced_ring_element_45(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7118,7 +7118,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_b5( +static KRML_MUSTINLINE void serialize_secret_key_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7136,7 +7136,7 @@ static KRML_MUSTINLINE void serialize_secret_key_b5( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_5b(&re, ret0); + serialize_uncompressed_ring_element_3c(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -7154,14 +7154,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_79( +static KRML_MUSTINLINE void serialize_public_key_67( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_b5(t_as_ntt, ret0); + serialize_secret_key_a3(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7179,15 +7179,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3f(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_b7(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_0c0( + deserialize_ring_elements_reduced_4f0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_79( + serialize_public_key_67( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -7205,7 +7205,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_e4(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_38(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7219,7 +7219,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_0e( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_b0( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -7230,7 +7230,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_0e( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)3U; uint8_t ret0[64U]; - G_f1_e4(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_f1_38(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -7241,10 +7241,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_4b( +static void closure_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_ea();); + ret[i] = ZERO_89_c3();); } /** @@ -7262,7 +7262,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_b7(uint8_t input[3U][34U]) { +shake128_init_absorb_79(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7293,11 +7293,11 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_f1_8c(uint8_t input[3U][34U]) { +shake128_init_absorb_f1_77(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_b7(copy_of_input); + return shake128_init_absorb_79(copy_of_input); } /** @@ -7306,7 +7306,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_ca( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_eb( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7327,9 +7327,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_69( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_84( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_ca(self, ret); + shake128_squeeze_three_blocks_eb(self, ret); } /** @@ -7380,7 +7380,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_db( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_17( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7418,7 +7418,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_dd(PortableHash_58 *st, +static KRML_MUSTINLINE void shake128_squeeze_block_3b(PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7439,9 +7439,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_60( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_8e( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_dd(self, ret); + shake128_squeeze_block_3b(self, ret); } /** @@ -7492,7 +7492,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_db0( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_170( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7531,9 +7531,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_04( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_e4( int16_t s[272U]) { - return from_i16_array_89_c1( + return from_i16_array_89_33( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7544,7 +7544,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_3f( +static KRML_MUSTINLINE void sample_from_xof_46( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -7552,25 +7552,25 @@ static KRML_MUSTINLINE void sample_from_xof_3f( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_f1_8c(copy_of_seeds); + PortableHash_58 xof_state = shake128_init_absorb_f1_77(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_f1_69(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_84(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_db( + bool done = sample_from_uniform_distribution_next_17( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_block_f1_60(&xof_state, randomness); + shake128_squeeze_block_f1_8e(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_db0( + done = sample_from_uniform_distribution_next_170( copy_of_randomness, sampled_coefficients, out); } } @@ -7579,7 +7579,7 @@ static KRML_MUSTINLINE void sample_from_xof_3f( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_04(copy_of_out[i]);); + ret0[i] = closure_e4(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7592,12 +7592,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_38( +static KRML_MUSTINLINE void sample_matrix_A_e7( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_4b(A_transpose[i]);); + closure_fc(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -7612,7 +7612,7 @@ static KRML_MUSTINLINE void sample_matrix_A_38( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_3f(copy_of_seeds, sampled); + sample_from_xof_46(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7652,7 +7652,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_c5(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7673,9 +7673,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_93(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_d5(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_c5(input, ret); + PRFxN_1c(input, ret); } /** @@ -7691,11 +7691,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_fc( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_78( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_ea();); + re_as_ntt[i] = ZERO_89_c3();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7707,12 +7707,12 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_fc( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_93(prf_inputs, prf_outputs); + PRFxN_f1_d5(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_c6( + re_as_ntt[i0] = sample_from_binomial_distribution_ca( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_0f(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_63(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -7740,7 +7740,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_84( +static KRML_MUSTINLINE void add_to_ring_element_89_1e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -7767,14 +7767,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_60( +static KRML_MUSTINLINE void compute_As_plus_e_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_ea();); + result[i] = ZERO_89_c3();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7795,10 +7795,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_2a(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_84(&result[i1], &product); + ntt_multiply_89_3b(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_1e(&result[i1], &product); } - add_standard_error_reduce_89_03(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_64(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -7817,10 +7817,10 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_fc( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_a2( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_0e(key_generation_seed, hashed); + cpa_keygen_seed_d8_b0(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7828,15 +7828,15 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_fc( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - sample_matrix_A_38(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); + sample_matrix_A_e7(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_fc(copy_of_prf_input0, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_78(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -7848,20 +7848,20 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_fc(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_78(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_60(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_c7(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - serialize_public_key_79( + serialize_public_key_67( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_b5(secret_as_ntt, secret_key_serialized); + serialize_secret_key_a3(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -7887,7 +7887,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_1a(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_19(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -7901,7 +7901,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_48( +static KRML_MUSTINLINE void serialize_kem_secret_key_5d( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -7927,7 +7927,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_48( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_1a(public_key, ret0); + H_f1_19(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -7965,7 +7965,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_8c(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f6(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -7974,13 +7974,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_8c(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_fc(ind_cpa_keypair_randomness); + generate_keypair_a2(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_48( + serialize_kem_secret_key_5d( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7989,13 +7989,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_8c(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_f20(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_890(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_350( - uu____2, libcrux_ml_kem_types_from_b6_da0(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_820( + uu____2, libcrux_ml_kem_types_from_b6_960(copy_of_public_key)); } /** @@ -8008,7 +8008,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_63(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_9f(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8029,12 +8029,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0c( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_4f( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_ea();); + deserialized_pk[i] = ZERO_89_c3();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8046,7 +8046,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0c( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_6d(ring_element); + deserialize_to_reduced_ring_element_45(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8067,10 +8067,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_c7(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_c0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_ea();); + error_1[i] = ZERO_89_c3();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8082,11 +8082,11 @@ sample_ring_element_cbd_c7(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_93(prf_inputs, prf_outputs); + PRFxN_f1_d5(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_c6( + sample_from_binomial_distribution_ca( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8112,9 +8112,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_ee0(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_2e0(Eurydice_slice input, uint8_t ret[128U]) { - PRF_2b0(input, ret); + PRF_7c0(input, ret); } /** @@ -8123,18 +8123,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_7b( +static KRML_MUSTINLINE void invert_ntt_montgomery_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_d2(&zeta_i, re); - invert_ntt_at_layer_2_06(&zeta_i, re); - invert_ntt_at_layer_3_f9(&zeta_i, re); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_8b(re); + invert_ntt_at_layer_1_13(&zeta_i, re); + invert_ntt_at_layer_2_8f(&zeta_i, re); + invert_ntt_at_layer_3_a7(&zeta_i, re); + invert_ntt_at_layer_4_plus_34(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_34(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_34(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_34(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_d8(re); } /** @@ -8146,14 +8146,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_89( +static KRML_MUSTINLINE void compute_vector_u_00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_ea();); + result[i] = ZERO_89_c3();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8173,11 +8173,11 @@ static KRML_MUSTINLINE void compute_vector_u_89( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_2a(a_element, &r_as_ntt[j]); - add_to_ring_element_89_84(&result[i1], &product); + ntt_multiply_89_3b(a_element, &r_as_ntt[j]); + add_to_ring_element_89_1e(&result[i1], &product); } - invert_ntt_montgomery_7b(&result[i1]); - add_error_reduce_89_af(&result[i1], &error_1[i1]); + invert_ntt_montgomery_a3(&result[i1]); + add_error_reduce_89_2a(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -8194,18 +8194,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_ca( +compute_ring_element_v_d7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_ea(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_2a(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_84(&result, &product);); - invert_ntt_montgomery_7b(&result); - result = add_message_error_reduce_89_63(error_2, message, result); + ntt_multiply_89_3b(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_1e(&result, &product);); + invert_ntt_montgomery_a3(&result); + result = add_message_error_reduce_89_0c(error_2, message, result); return result; } @@ -8221,7 +8221,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_14( +static void compress_then_serialize_u_73( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8237,7 +8237,7 @@ static void compress_then_serialize_u_14( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_89(&re, ret); + compress_then_serialize_ring_element_u_d1(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8261,24 +8261,24 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_83(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_d5(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_0c( + deserialize_ring_elements_reduced_4f( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - sample_matrix_A_38(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_6d1(seed, ret0); + sample_matrix_A_e7(ret0, false, A); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_6d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_fc(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_78(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8288,7 +8288,7 @@ static void encrypt_83(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_c7(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_c0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8296,31 +8296,31 @@ static void encrypt_83(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_ee0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_2e0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_c6( + sample_from_binomial_distribution_ca( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_89(A, r_as_ntt, error_1, u); + compute_vector_u_00(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cd(copy_of_message); + deserialize_then_decompress_message_3e(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_ca(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_d7(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_14( + compress_then_serialize_u_73( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_87( + compress_then_serialize_ring_element_v_64( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -8337,7 +8337,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_41(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_c5(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8364,27 +8364,27 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_37( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_63( + entropy_preprocess_d8_9f( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_1a(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f10(public_key), + H_f1_19(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_7a0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_e4(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_38(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8392,19 +8392,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f10(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_7a0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_83(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_d5(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_a90(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_190(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_41(shared_secret, shared_secret_array); + kdf_d8_c5(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8425,12 +8425,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_41( +static KRML_MUSTINLINE void deserialize_secret_key_6b( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_ea();); + secret_as_ntt[i] = ZERO_89_c3();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8442,7 +8442,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_41( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_8c(secret_bytes); + deserialize_to_uncompressed_ring_element_da(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8472,12 +8472,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_a3( +static KRML_MUSTINLINE void deserialize_then_decompress_u_77( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_ea();); + u_as_ntt[i] = ZERO_89_c3();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -8495,8 +8495,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a3( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_12(u_bytes); - ntt_vector_u_54(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_23(u_bytes); + ntt_vector_u_f8(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8516,17 +8516,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_e7( +compute_message_17( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_ea(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_2a(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_84(&result, &product);); - invert_ntt_montgomery_7b(&result); - result = subtract_reduce_89_a2(v, result); + ntt_multiply_89_3b(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_1e(&result, &product);); + invert_ntt_montgomery_a3(&result); + result = subtract_reduce_89_27(v, result); return result; } @@ -8564,18 +8564,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_a0(IndCpaPrivateKeyUnpacked_f8 *secret_key, +static void decrypt_unpacked_95(IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_a3(ciphertext, u_as_ntt); + deserialize_then_decompress_u_77(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_01( + deserialize_then_decompress_ring_element_v_02( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_e7(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_17(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_1b(message, ret0); + compress_then_serialize_message_07(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8589,10 +8589,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_94(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_d7(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_41(secret_key, secret_as_ntt); + deserialize_secret_key_6b(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -8603,7 +8603,7 @@ static void decrypt_94(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_a0(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_95(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8617,8 +8617,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_ee(Eurydice_slice input, uint8_t ret[32U]) { - PRF_2b(input, ret); +static KRML_MUSTINLINE void PRF_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { + PRF_7c(input, ret); } /** @@ -8643,7 +8643,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_fd( +void libcrux_ml_kem_ind_cca_decapsulate_e5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8661,9 +8661,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_94(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_d7(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -8671,7 +8671,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_e4(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_38(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8679,30 +8679,30 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_ea3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_6d3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a60(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_c60(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_ee(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_f1_2e(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_83(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_d5(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_41(Eurydice_array_to_slice((size_t)32U, + kdf_d8_c5(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_41(shared_secret0, shared_secret); + kdf_d8_c5(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_a60(ciphertext), + libcrux_ml_kem_types_as_ref_00_c60(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 842002efe..1c18ebadd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 413cb8cfa..ff3ada72a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __libcrux_sha3_H @@ -29,7 +29,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_ce(buf0, buf); + libcrux_sha3_portable_keccakx1_e4(buf0, buf); } /** @@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_ce0(buf0, buf); + libcrux_sha3_portable_keccakx1_e40(buf0, buf); } /** @@ -49,7 +49,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_ce1(buf0, buf); + libcrux_sha3_portable_keccakx1_e41(buf0, buf); } /** @@ -59,7 +59,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_ce2(buf0, buf); + libcrux_sha3_portable_keccakx1_e42(buf0, buf); } /** @@ -69,7 +69,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_ce3(buf0, buf); + libcrux_sha3_portable_keccakx1_e43(buf0, buf); } /** @@ -158,7 +158,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_ce4(buf0, buf); + libcrux_sha3_portable_keccakx1_e44(buf0, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 0faa15823..4bf693350 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #include "internal/libcrux_sha3_avx2.h" @@ -46,14 +46,14 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE __m256i rotate_left_58(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_21(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)1, x, __m256i), mm256_srli_epi64((int32_t)63, x, __m256i)); } static KRML_MUSTINLINE __m256i _vrax1q_u64(__m256i a, __m256i b) { __m256i uu____0 = a; - return mm256_xor_si256(uu____0, rotate_left_58(b)); + return mm256_xor_si256(uu____0, rotate_left_21(b)); } /** @@ -176,7 +176,7 @@ with const generics - N= 4 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_1e_bf(void) { +new_1e_71(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = zero_ef(); lit.st[0U][1U] = zero_ef(); @@ -211,7 +211,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_fe(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; @@ -331,13 +331,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_ef_65(__m256i (*a)[5U], +static KRML_MUSTINLINE void load_block_ef_d4(__m256i (*a)[5U], Eurydice_slice b[4U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[4U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block_c7(uu____0, copy_of_b); + load_block_fe(uu____0, copy_of_b); } /** @@ -346,7 +346,7 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE __m256i rotate_left_580(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_210(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)36, x, __m256i), mm256_srli_epi64((int32_t)28, x, __m256i)); } @@ -357,9 +357,9 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c1(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_13(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_580(ab); + return rotate_left_210(ab); } /** @@ -372,8 +372,8 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_17(__m256i a, __m256i b) { - return _vxarq_u64_c1(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c(__m256i a, __m256i b) { + return _vxarq_u64_13(a, b); } /** @@ -382,7 +382,7 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE __m256i rotate_left_581(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_211(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)3, x, __m256i), mm256_srli_epi64((int32_t)61, x, __m256i)); } @@ -393,9 +393,9 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c10(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_130(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_581(ab); + return rotate_left_211(ab); } /** @@ -408,8 +408,8 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_170(__m256i a, __m256i b) { - return _vxarq_u64_c10(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c0(__m256i a, __m256i b) { + return _vxarq_u64_130(a, b); } /** @@ -418,7 +418,7 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE __m256i rotate_left_582(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_212(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)41, x, __m256i), mm256_srli_epi64((int32_t)23, x, __m256i)); } @@ -429,9 +429,9 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c11(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_131(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_582(ab); + return rotate_left_212(ab); } /** @@ -444,8 +444,8 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_171(__m256i a, __m256i b) { - return _vxarq_u64_c11(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c1(__m256i a, __m256i b) { + return _vxarq_u64_131(a, b); } /** @@ -454,7 +454,7 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE __m256i rotate_left_583(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_213(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)18, x, __m256i), mm256_srli_epi64((int32_t)46, x, __m256i)); } @@ -465,9 +465,9 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c12(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_132(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_583(ab); + return rotate_left_213(ab); } /** @@ -480,8 +480,8 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_172(__m256i a, __m256i b) { - return _vxarq_u64_c12(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c2(__m256i a, __m256i b) { + return _vxarq_u64_132(a, b); } /** @@ -490,9 +490,9 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c13(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_133(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_58(ab); + return rotate_left_21(ab); } /** @@ -505,8 +505,8 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_173(__m256i a, __m256i b) { - return _vxarq_u64_c13(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c3(__m256i a, __m256i b) { + return _vxarq_u64_133(a, b); } /** @@ -515,7 +515,7 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE __m256i rotate_left_584(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_214(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)44, x, __m256i), mm256_srli_epi64((int32_t)20, x, __m256i)); } @@ -526,9 +526,9 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c14(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_134(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_584(ab); + return rotate_left_214(ab); } /** @@ -541,8 +541,8 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_174(__m256i a, __m256i b) { - return _vxarq_u64_c14(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c4(__m256i a, __m256i b) { + return _vxarq_u64_134(a, b); } /** @@ -551,7 +551,7 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE __m256i rotate_left_585(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_215(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)10, x, __m256i), mm256_srli_epi64((int32_t)54, x, __m256i)); } @@ -562,9 +562,9 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c15(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_135(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_585(ab); + return rotate_left_215(ab); } /** @@ -577,8 +577,8 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_175(__m256i a, __m256i b) { - return _vxarq_u64_c15(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c5(__m256i a, __m256i b) { + return _vxarq_u64_135(a, b); } /** @@ -587,7 +587,7 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE __m256i rotate_left_586(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_216(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)45, x, __m256i), mm256_srli_epi64((int32_t)19, x, __m256i)); } @@ -598,9 +598,9 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c16(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_136(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_586(ab); + return rotate_left_216(ab); } /** @@ -613,8 +613,8 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_176(__m256i a, __m256i b) { - return _vxarq_u64_c16(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c6(__m256i a, __m256i b) { + return _vxarq_u64_136(a, b); } /** @@ -623,7 +623,7 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE __m256i rotate_left_587(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_217(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)2, x, __m256i), mm256_srli_epi64((int32_t)62, x, __m256i)); } @@ -634,9 +634,9 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c17(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_137(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_587(ab); + return rotate_left_217(ab); } /** @@ -649,8 +649,8 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_177(__m256i a, __m256i b) { - return _vxarq_u64_c17(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c7(__m256i a, __m256i b) { + return _vxarq_u64_137(a, b); } /** @@ -659,7 +659,7 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE __m256i rotate_left_588(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_218(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)62, x, __m256i), mm256_srli_epi64((int32_t)2, x, __m256i)); } @@ -670,9 +670,9 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c18(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_138(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_588(ab); + return rotate_left_218(ab); } /** @@ -685,8 +685,8 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_178(__m256i a, __m256i b) { - return _vxarq_u64_c18(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c8(__m256i a, __m256i b) { + return _vxarq_u64_138(a, b); } /** @@ -695,7 +695,7 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE __m256i rotate_left_589(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_219(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)6, x, __m256i), mm256_srli_epi64((int32_t)58, x, __m256i)); } @@ -706,9 +706,9 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c19(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_139(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_589(ab); + return rotate_left_219(ab); } /** @@ -721,8 +721,8 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_179(__m256i a, __m256i b) { - return _vxarq_u64_c19(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c9(__m256i a, __m256i b) { + return _vxarq_u64_139(a, b); } /** @@ -731,7 +731,7 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE __m256i rotate_left_5810(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2110(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)43, x, __m256i), mm256_srli_epi64((int32_t)21, x, __m256i)); } @@ -742,9 +742,9 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c110(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1310(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5810(ab); + return rotate_left_2110(ab); } /** @@ -757,8 +757,8 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1710(__m256i a, __m256i b) { - return _vxarq_u64_c110(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c10(__m256i a, __m256i b) { + return _vxarq_u64_1310(a, b); } /** @@ -767,7 +767,7 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE __m256i rotate_left_5811(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2111(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)15, x, __m256i), mm256_srli_epi64((int32_t)49, x, __m256i)); } @@ -778,9 +778,9 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c111(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1311(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5811(ab); + return rotate_left_2111(ab); } /** @@ -793,8 +793,8 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1711(__m256i a, __m256i b) { - return _vxarq_u64_c111(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c11(__m256i a, __m256i b) { + return _vxarq_u64_1311(a, b); } /** @@ -803,7 +803,7 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE __m256i rotate_left_5812(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2112(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)61, x, __m256i), mm256_srli_epi64((int32_t)3, x, __m256i)); } @@ -814,9 +814,9 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c112(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1312(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5812(ab); + return rotate_left_2112(ab); } /** @@ -829,8 +829,8 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1712(__m256i a, __m256i b) { - return _vxarq_u64_c112(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c12(__m256i a, __m256i b) { + return _vxarq_u64_1312(a, b); } /** @@ -839,7 +839,7 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE __m256i rotate_left_5813(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2113(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)28, x, __m256i), mm256_srli_epi64((int32_t)36, x, __m256i)); } @@ -850,9 +850,9 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c113(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1313(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5813(ab); + return rotate_left_2113(ab); } /** @@ -865,8 +865,8 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1713(__m256i a, __m256i b) { - return _vxarq_u64_c113(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c13(__m256i a, __m256i b) { + return _vxarq_u64_1313(a, b); } /** @@ -875,7 +875,7 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE __m256i rotate_left_5814(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2114(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)55, x, __m256i), mm256_srli_epi64((int32_t)9, x, __m256i)); } @@ -886,9 +886,9 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c114(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1314(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5814(ab); + return rotate_left_2114(ab); } /** @@ -901,8 +901,8 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1714(__m256i a, __m256i b) { - return _vxarq_u64_c114(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c14(__m256i a, __m256i b) { + return _vxarq_u64_1314(a, b); } /** @@ -911,7 +911,7 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE __m256i rotate_left_5815(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2115(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)25, x, __m256i), mm256_srli_epi64((int32_t)39, x, __m256i)); } @@ -922,9 +922,9 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c115(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1315(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5815(ab); + return rotate_left_2115(ab); } /** @@ -937,8 +937,8 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1715(__m256i a, __m256i b) { - return _vxarq_u64_c115(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c15(__m256i a, __m256i b) { + return _vxarq_u64_1315(a, b); } /** @@ -947,7 +947,7 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE __m256i rotate_left_5816(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2116(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)21, x, __m256i), mm256_srli_epi64((int32_t)43, x, __m256i)); } @@ -958,9 +958,9 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c116(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1316(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5816(ab); + return rotate_left_2116(ab); } /** @@ -973,8 +973,8 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1716(__m256i a, __m256i b) { - return _vxarq_u64_c116(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c16(__m256i a, __m256i b) { + return _vxarq_u64_1316(a, b); } /** @@ -983,7 +983,7 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE __m256i rotate_left_5817(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2117(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)56, x, __m256i), mm256_srli_epi64((int32_t)8, x, __m256i)); } @@ -994,9 +994,9 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c117(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1317(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5817(ab); + return rotate_left_2117(ab); } /** @@ -1009,8 +1009,8 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1717(__m256i a, __m256i b) { - return _vxarq_u64_c117(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c17(__m256i a, __m256i b) { + return _vxarq_u64_1317(a, b); } /** @@ -1019,7 +1019,7 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE __m256i rotate_left_5818(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2118(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)27, x, __m256i), mm256_srli_epi64((int32_t)37, x, __m256i)); } @@ -1030,9 +1030,9 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c118(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1318(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5818(ab); + return rotate_left_2118(ab); } /** @@ -1045,8 +1045,8 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1718(__m256i a, __m256i b) { - return _vxarq_u64_c118(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c18(__m256i a, __m256i b) { + return _vxarq_u64_1318(a, b); } /** @@ -1055,7 +1055,7 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE __m256i rotate_left_5819(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2119(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)20, x, __m256i), mm256_srli_epi64((int32_t)44, x, __m256i)); } @@ -1066,9 +1066,9 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c119(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1319(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5819(ab); + return rotate_left_2119(ab); } /** @@ -1081,8 +1081,8 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1719(__m256i a, __m256i b) { - return _vxarq_u64_c119(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c19(__m256i a, __m256i b) { + return _vxarq_u64_1319(a, b); } /** @@ -1091,7 +1091,7 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE __m256i rotate_left_5820(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2120(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)39, x, __m256i), mm256_srli_epi64((int32_t)25, x, __m256i)); } @@ -1102,9 +1102,9 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c120(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1320(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5820(ab); + return rotate_left_2120(ab); } /** @@ -1117,8 +1117,8 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1720(__m256i a, __m256i b) { - return _vxarq_u64_c120(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c20(__m256i a, __m256i b) { + return _vxarq_u64_1320(a, b); } /** @@ -1127,7 +1127,7 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE __m256i rotate_left_5821(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2121(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)8, x, __m256i), mm256_srli_epi64((int32_t)56, x, __m256i)); } @@ -1138,9 +1138,9 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c121(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1321(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5821(ab); + return rotate_left_2121(ab); } /** @@ -1153,8 +1153,8 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1721(__m256i a, __m256i b) { - return _vxarq_u64_c121(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c21(__m256i a, __m256i b) { + return _vxarq_u64_1321(a, b); } /** @@ -1163,7 +1163,7 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE __m256i rotate_left_5822(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2122(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)14, x, __m256i), mm256_srli_epi64((int32_t)50, x, __m256i)); } @@ -1174,9 +1174,9 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c122(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1322(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5822(ab); + return rotate_left_2122(ab); } /** @@ -1189,8 +1189,8 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1722(__m256i a, __m256i b) { - return _vxarq_u64_c122(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c22(__m256i a, __m256i b) { + return _vxarq_u64_1322(a, b); } /** @@ -1199,7 +1199,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void theta_rho_74( +static KRML_MUSTINLINE void theta_rho_1b( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i c[5U] = {xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]), @@ -1228,30 +1228,30 @@ static KRML_MUSTINLINE void theta_rho_74( rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - s->st[1U][0U] = xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[2U][0U] = xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[3U][0U] = xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[4U][0U] = xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[0U][1U] = xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[1U][1U] = xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[2U][1U] = xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[3U][1U] = xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[4U][1U] = xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[0U][2U] = xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[1U][2U] = xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[2U][2U] = xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[3U][2U] = xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[4U][2U] = xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[0U][3U] = xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[1U][3U] = xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[2U][3U] = xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[3U][3U] = xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[4U][3U] = xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[0U][4U] = xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[1U][4U] = xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[2U][4U] = xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[3U][4U] = xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - __m256i uu____27 = xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + s->st[1U][0U] = xor_and_rotate_ef_5c(s->st[1U][0U], t[0U]); + s->st[2U][0U] = xor_and_rotate_ef_5c0(s->st[2U][0U], t[0U]); + s->st[3U][0U] = xor_and_rotate_ef_5c1(s->st[3U][0U], t[0U]); + s->st[4U][0U] = xor_and_rotate_ef_5c2(s->st[4U][0U], t[0U]); + s->st[0U][1U] = xor_and_rotate_ef_5c3(s->st[0U][1U], t[1U]); + s->st[1U][1U] = xor_and_rotate_ef_5c4(s->st[1U][1U], t[1U]); + s->st[2U][1U] = xor_and_rotate_ef_5c5(s->st[2U][1U], t[1U]); + s->st[3U][1U] = xor_and_rotate_ef_5c6(s->st[3U][1U], t[1U]); + s->st[4U][1U] = xor_and_rotate_ef_5c7(s->st[4U][1U], t[1U]); + s->st[0U][2U] = xor_and_rotate_ef_5c8(s->st[0U][2U], t[2U]); + s->st[1U][2U] = xor_and_rotate_ef_5c9(s->st[1U][2U], t[2U]); + s->st[2U][2U] = xor_and_rotate_ef_5c10(s->st[2U][2U], t[2U]); + s->st[3U][2U] = xor_and_rotate_ef_5c11(s->st[3U][2U], t[2U]); + s->st[4U][2U] = xor_and_rotate_ef_5c12(s->st[4U][2U], t[2U]); + s->st[0U][3U] = xor_and_rotate_ef_5c13(s->st[0U][3U], t[3U]); + s->st[1U][3U] = xor_and_rotate_ef_5c14(s->st[1U][3U], t[3U]); + s->st[2U][3U] = xor_and_rotate_ef_5c15(s->st[2U][3U], t[3U]); + s->st[3U][3U] = xor_and_rotate_ef_5c16(s->st[3U][3U], t[3U]); + s->st[4U][3U] = xor_and_rotate_ef_5c17(s->st[4U][3U], t[3U]); + s->st[0U][4U] = xor_and_rotate_ef_5c18(s->st[0U][4U], t[4U]); + s->st[1U][4U] = xor_and_rotate_ef_5c19(s->st[1U][4U], t[4U]); + s->st[2U][4U] = xor_and_rotate_ef_5c20(s->st[2U][4U], t[4U]); + s->st[3U][4U] = xor_and_rotate_ef_5c21(s->st[3U][4U], t[4U]); + __m256i uu____27 = xor_and_rotate_ef_5c22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1261,7 +1261,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void pi_35( +static KRML_MUSTINLINE void pi_70( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1297,7 +1297,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void chi_09( +static KRML_MUSTINLINE void chi_12( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1315,7 +1315,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void iota_5b( +static KRML_MUSTINLINE void iota_fe( libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { s->st[0U][0U] = xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1327,14 +1327,14 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void keccakf1600_f8( +static KRML_MUSTINLINE void keccakf1600_cd( libcrux_sha3_generic_keccak_KeccakState_29 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - theta_rho_74(s); - pi_35(s); - chi_09(s); - iota_5b(s, i0); + theta_rho_1b(s); + pi_70(s); + chi_12(s); + iota_fe(s, i0); } } @@ -1345,13 +1345,13 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void absorb_block_1d( +static KRML_MUSTINLINE void absorb_block_32( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - load_block_ef_65(uu____0, uu____1); - keccakf1600_f8(s); + load_block_ef_d4(uu____0, uu____1); + keccakf1600_cd(s); } /** @@ -1359,14 +1359,14 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_full_91(__m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_full_1d(__m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - load_block_c7(s, buf); + load_block_fe(s, buf); } /** @@ -1378,13 +1378,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_full_ef_e9(__m256i (*a)[5U], +static KRML_MUSTINLINE void load_block_full_ef_e6(__m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_91(uu____0, copy_of_b); + load_block_full_1d(uu____0, copy_of_b); } /** @@ -1395,7 +1395,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_d9( +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1411,8 +1411,8 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_d9( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_e9(uu____3, uu____4); - keccakf1600_f8(s); + load_block_full_ef_e6(uu____3, uu____4); + keccakf1600_cd(s); } /** @@ -1420,7 +1420,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_78(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; @@ -1542,7 +1542,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_full_0b(__m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_full_61(__m256i (*s)[5U], uint8_t ret[4U][200U]) { uint8_t out0[200U] = {0U}; uint8_t out1[200U] = {0U}; @@ -1553,7 +1553,7 @@ static KRML_MUSTINLINE void store_block_full_0b(__m256i (*s)[5U], Eurydice_array_to_slice((size_t)200U, out1, uint8_t), Eurydice_array_to_slice((size_t)200U, out2, uint8_t), Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; - store_block_e9(s, buf); + store_block_78(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); @@ -1580,9 +1580,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_full_ef_43(__m256i (*a)[5U], +static KRML_MUSTINLINE void store_block_full_ef_d1(__m256i (*a)[5U], uint8_t ret[4U][200U]) { - store_block_full_0b(a, ret); + store_block_full_61(a, ret); } /** @@ -1592,10 +1592,10 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_first_and_last_c5( +static KRML_MUSTINLINE void squeeze_first_and_last_a8( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; - store_block_full_ef_43(s->st, b); + store_block_full_ef_d1(s->st, b); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -1616,9 +1616,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_ef_58(__m256i (*a)[5U], +static KRML_MUSTINLINE void store_block_ef_e3(__m256i (*a)[5U], Eurydice_slice b[4U]) { - store_block_e9(a, b); + store_block_78(a, b); } /** @@ -1628,9 +1628,9 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_first_block_9b( +static KRML_MUSTINLINE void squeeze_first_block_ca( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_58(s->st, out); + store_block_ef_e3(s->st, out); } /** @@ -1640,10 +1640,10 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_next_block_b4( +static KRML_MUSTINLINE void squeeze_next_block_66( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_f8(s); - store_block_ef_58(s->st, out); + keccakf1600_cd(s); + store_block_ef_e3(s->st, out); } /** @@ -1653,11 +1653,11 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_last_74( +static KRML_MUSTINLINE void squeeze_last_fe( libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - keccakf1600_f8(&s); + keccakf1600_cd(&s); uint8_t b[4U][200U]; - store_block_full_ef_43(s.st, b); + store_block_full_ef_d1(s.st, b); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -1677,9 +1677,9 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void keccak_4f(Eurydice_slice data[4U], +static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_bf(); + libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_71(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1689,7 +1689,7 @@ static KRML_MUSTINLINE void keccak_4f(Eurydice_slice data[4U], memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_1d(uu____0, ret); + absorb_block_32(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; @@ -1699,12 +1699,12 @@ static KRML_MUSTINLINE void keccak_4f(Eurydice_slice data[4U], Eurydice_slice ret[4U]; slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_d9(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_7f(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - squeeze_first_and_last_c5(&s, out); + squeeze_first_and_last_a8(&s, out); } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = split_at_mut_n_ef(out, (size_t)136U); @@ -1712,7 +1712,7 @@ static KRML_MUSTINLINE void keccak_4f(Eurydice_slice data[4U], memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_9b(&s, o0); + squeeze_first_block_ca(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1730,12 +1730,12 @@ static KRML_MUSTINLINE void keccak_4f(Eurydice_slice data[4U], memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_b4(&s, o); + squeeze_next_block_66(&s, o); memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { - squeeze_last_74(s, o1); + squeeze_last_fe(s, o1); } } } @@ -1749,7 +1749,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - keccak_4f(buf0, buf); + keccak_b9(buf0, buf); } /** @@ -1757,7 +1757,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, */ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return new_1e_bf(); + return new_1e_71(); } /** @@ -1765,7 +1765,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_fe0(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; @@ -1881,14 +1881,14 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_full_910(__m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_full_1d0(__m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - load_block_c70(s, buf); + load_block_fe0(s, buf); } /** @@ -1900,13 +1900,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_full_ef_e90(__m256i (*a)[5U], +static KRML_MUSTINLINE void load_block_full_ef_e60(__m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_910(uu____0, copy_of_b); + load_block_full_1d0(uu____0, copy_of_b); } /** @@ -1917,7 +1917,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void absorb_final_d90( +static KRML_MUSTINLINE void absorb_final_7f0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1933,8 +1933,8 @@ static KRML_MUSTINLINE void absorb_final_d90( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_e90(uu____3, uu____4); - keccakf1600_f8(s); + load_block_full_ef_e60(uu____3, uu____4); + keccakf1600_cd(s); } /** @@ -1944,7 +1944,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - absorb_final_d90(s, buf); + absorb_final_7f0(s, buf); } /** @@ -1952,7 +1952,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_780(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; @@ -2078,9 +2078,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - RATE= 168 */ -static KRML_MUSTINLINE void store_block_ef_580(__m256i (*a)[5U], +static KRML_MUSTINLINE void store_block_ef_e30(__m256i (*a)[5U], Eurydice_slice b[4U]) { - store_block_e90(a, b); + store_block_780(a, b); } /** @@ -2090,10 +2090,10 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_next_block_b40( +static KRML_MUSTINLINE void squeeze_next_block_660( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_f8(s); - store_block_ef_580(s->st, out); + keccakf1600_cd(s); + store_block_ef_e30(s->st, out); } /** @@ -2103,7 +2103,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_b40(s, buf); + squeeze_next_block_660(s, buf); } /** @@ -2113,9 +2113,9 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_block_9b0( +static KRML_MUSTINLINE void squeeze_first_block_ca0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_580(s->st, out); + store_block_ef_e30(s->st, out); } /** @@ -2125,7 +2125,7 @@ with const generics - N= 4 - RATE= 168 */ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a( +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2133,15 +2133,15 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_9b0(s, o0); + squeeze_first_block_ca0(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_b40(s, o1); - squeeze_next_block_b40(s, o2); + squeeze_next_block_660(s, o1); + squeeze_next_block_660(s, o2); } /** @@ -2151,7 +2151,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(s, buf); } /** @@ -2161,7 +2161,7 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_five_blocks_69( +static KRML_MUSTINLINE void squeeze_first_five_blocks_0b( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2169,29 +2169,29 @@ static KRML_MUSTINLINE void squeeze_first_five_blocks_69( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_9b0(s, o0); + squeeze_first_block_ca0(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_b40(s, o1); + squeeze_next_block_660(s, o1); Eurydice_slice_uint8_t_4size_t__x2 uu____2 = split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_b40(s, o2); + squeeze_next_block_660(s, o2); Eurydice_slice_uint8_t_4size_t__x2 uu____3 = split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_b40(s, o3); - squeeze_next_block_b40(s, o4); + squeeze_next_block_660(s, o3); + squeeze_next_block_660(s, o4); } /** @@ -2202,7 +2202,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_five_blocks_69(s, buf); + squeeze_first_five_blocks_0b(s, buf); } /** @@ -2212,7 +2212,7 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_d9(s, buf); + libcrux_sha3_generic_keccak_absorb_final_7f(s, buf); } /** @@ -2223,7 +2223,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_block_9b(s, buf); + squeeze_first_block_ca(s, buf); } /** @@ -2234,5 +2234,5 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_b4(s, buf); + squeeze_next_block_66(s, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 1b23ca31d..0f6affe96 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 1630106cf..830f74ba8 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d6(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_cb(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_d6(b); } /** @@ -201,7 +201,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f4(void) { +libcrux_sha3_generic_keccak_new_1e_cf(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -236,7 +236,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -260,11 +260,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d4( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_2c(s, buf); + libcrux_sha3_portable_keccak_load_block_65(s, buf); } /** @@ -276,13 +276,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_05( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_d4(uu____0, copy_of_b); } /** @@ -292,7 +292,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d60(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -303,9 +303,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_42(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_74(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb0(ab); + return libcrux_sha3_portable_keccak_rotate_left_d60(ab); } /** @@ -319,8 +319,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_42(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_03(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_74(a, b); } /** @@ -330,7 +330,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d61(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -341,9 +341,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_420(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_740(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb1(ab); + return libcrux_sha3_portable_keccak_rotate_left_d61(ab); } /** @@ -357,8 +357,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_420(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_030(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_740(a, b); } /** @@ -368,7 +368,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d62(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -379,9 +379,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_421(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_741(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb2(ab); + return libcrux_sha3_portable_keccak_rotate_left_d62(ab); } /** @@ -395,8 +395,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_421(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_031(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_741(a, b); } /** @@ -406,7 +406,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d63(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -417,9 +417,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_422(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_742(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb3(ab); + return libcrux_sha3_portable_keccak_rotate_left_d63(ab); } /** @@ -433,8 +433,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_422(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_032(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_742(a, b); } /** @@ -444,9 +444,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_423(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_743(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb(ab); + return libcrux_sha3_portable_keccak_rotate_left_d6(ab); } /** @@ -460,8 +460,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_423(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_033(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_743(a, b); } /** @@ -471,7 +471,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d64(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -482,9 +482,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_424(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_744(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb4(ab); + return libcrux_sha3_portable_keccak_rotate_left_d64(ab); } /** @@ -498,8 +498,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_424(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_034(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_744(a, b); } /** @@ -509,7 +509,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d65(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -520,9 +520,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_425(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_745(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb5(ab); + return libcrux_sha3_portable_keccak_rotate_left_d65(ab); } /** @@ -536,8 +536,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_425(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_035(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_745(a, b); } /** @@ -547,7 +547,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d66(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -558,9 +558,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_426(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_746(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb6(ab); + return libcrux_sha3_portable_keccak_rotate_left_d66(ab); } /** @@ -574,8 +574,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_426(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_036(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_746(a, b); } /** @@ -585,7 +585,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d67(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -596,9 +596,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_427(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_747(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb7(ab); + return libcrux_sha3_portable_keccak_rotate_left_d67(ab); } /** @@ -612,8 +612,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_427(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_037(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_747(a, b); } /** @@ -623,7 +623,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d68(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -634,9 +634,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_428(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_748(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb8(ab); + return libcrux_sha3_portable_keccak_rotate_left_d68(ab); } /** @@ -650,8 +650,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_428(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_038(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_748(a, b); } /** @@ -661,7 +661,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d69(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -672,9 +672,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_429(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_749(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb9(ab); + return libcrux_sha3_portable_keccak_rotate_left_d69(ab); } /** @@ -688,8 +688,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_429(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_039(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_749(a, b); } /** @@ -699,7 +699,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d610(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -710,9 +710,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4210(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7410(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb10(ab); + return libcrux_sha3_portable_keccak_rotate_left_d610(ab); } /** @@ -726,8 +726,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4210(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0310(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7410(a, b); } /** @@ -737,7 +737,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d611(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -748,9 +748,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4211(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7411(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb11(ab); + return libcrux_sha3_portable_keccak_rotate_left_d611(ab); } /** @@ -764,8 +764,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4211(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0311(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7411(a, b); } /** @@ -775,7 +775,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d612(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -786,9 +786,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4212(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7412(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb12(ab); + return libcrux_sha3_portable_keccak_rotate_left_d612(ab); } /** @@ -802,8 +802,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4212(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0312(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7412(a, b); } /** @@ -813,7 +813,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d613(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -824,9 +824,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4213(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7413(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb13(ab); + return libcrux_sha3_portable_keccak_rotate_left_d613(ab); } /** @@ -840,8 +840,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4213(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0313(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7413(a, b); } /** @@ -851,7 +851,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d614(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -862,9 +862,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4214(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7414(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb14(ab); + return libcrux_sha3_portable_keccak_rotate_left_d614(ab); } /** @@ -878,8 +878,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4214(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0314(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7414(a, b); } /** @@ -889,7 +889,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d615(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -900,9 +900,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4215(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7415(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb15(ab); + return libcrux_sha3_portable_keccak_rotate_left_d615(ab); } /** @@ -916,8 +916,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4215(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0315(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7415(a, b); } /** @@ -927,7 +927,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d616(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -938,9 +938,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4216(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7416(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb16(ab); + return libcrux_sha3_portable_keccak_rotate_left_d616(ab); } /** @@ -954,8 +954,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4216(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0316(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7416(a, b); } /** @@ -965,7 +965,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d617(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -976,9 +976,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4217(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7417(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb17(ab); + return libcrux_sha3_portable_keccak_rotate_left_d617(ab); } /** @@ -992,8 +992,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4217(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0317(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7417(a, b); } /** @@ -1003,7 +1003,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d618(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1014,9 +1014,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4218(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7418(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb18(ab); + return libcrux_sha3_portable_keccak_rotate_left_d618(ab); } /** @@ -1030,8 +1030,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4218(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0318(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7418(a, b); } /** @@ -1041,7 +1041,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d619(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1052,9 +1052,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4219(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7419(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb19(ab); + return libcrux_sha3_portable_keccak_rotate_left_d619(ab); } /** @@ -1068,8 +1068,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4219(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0319(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7419(a, b); } /** @@ -1079,7 +1079,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d620(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1090,9 +1090,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4220(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7420(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb20(ab); + return libcrux_sha3_portable_keccak_rotate_left_d620(ab); } /** @@ -1106,8 +1106,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4220(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0320(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7420(a, b); } /** @@ -1117,7 +1117,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d621(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1128,9 +1128,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4221(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7421(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb21(ab); + return libcrux_sha3_portable_keccak_rotate_left_d621(ab); } /** @@ -1144,8 +1144,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4221(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0321(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7421(a, b); } /** @@ -1155,7 +1155,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d622(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1166,9 +1166,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4222(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7422(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb22(ab); + return libcrux_sha3_portable_keccak_rotate_left_d622(ab); } /** @@ -1182,8 +1182,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4222(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0322(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7422(a, b); } /** @@ -1192,7 +1192,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_16( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1228,53 +1228,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_16( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_03(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_030(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_031(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_032(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_033(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_034(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_035(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_036(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_037(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_038(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_039(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0310(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0311(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0312(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0313(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0314(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0315(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0316(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0317(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0318(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0319(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0320(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0321(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0322(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1284,7 +1284,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_1d( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_d5( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1320,7 +1320,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_12( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_3e( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1338,7 +1338,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_62( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_00( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1350,14 +1350,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_21( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_b8( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_16(s); - libcrux_sha3_generic_keccak_pi_1d(s); - libcrux_sha3_generic_keccak_chi_12(s); - libcrux_sha3_generic_keccak_iota_62(s, i0); + libcrux_sha3_generic_keccak_theta_rho_a7(s); + libcrux_sha3_generic_keccak_pi_d5(s); + libcrux_sha3_generic_keccak_chi_3e(s); + libcrux_sha3_generic_keccak_iota_00(s, i0); } } @@ -1369,7 +1369,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c7( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_40( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1388,8 +1388,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c7( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_full_5a_05(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -1397,7 +1397,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -1419,9 +1419,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_59( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_49( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_58(a, b); + libcrux_sha3_portable_keccak_store_block_9b(a, b); } /** @@ -1431,10 +1431,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(s); - libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out); } /** @@ -1444,9 +1444,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_84( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out); } /** @@ -1454,7 +1454,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1465,7 +1465,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c0( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1478,11 +1478,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d40( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_2c0(s, buf); + libcrux_sha3_portable_keccak_load_block_650(s, buf); } /** @@ -1494,13 +1494,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d20( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_050( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df0(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_d40(uu____0, copy_of_b); } /** @@ -1511,7 +1511,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c70( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_400( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1530,8 +1530,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c70( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -1539,7 +1539,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b0( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1561,9 +1561,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_590( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_490( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_580(a, b); + libcrux_sha3_portable_keccak_store_block_9b0(a, b); } /** @@ -1573,9 +1573,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_840( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_490(s->st, out); } /** @@ -1585,10 +1585,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c20( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(s); - libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_store_block_5a_490(s->st, out); } /** @@ -1600,13 +1600,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b8( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_35( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c0(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_650(uu____0, copy_of_b); } /** @@ -1618,13 +1618,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b80( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_350( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_65(uu____0, copy_of_b); } /** @@ -1634,13 +1634,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_403( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b80(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_5a_350(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -1648,12 +1648,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_58(s, buf); + libcrux_sha3_portable_keccak_store_block_9b(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1670,9 +1670,9 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_293(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_273(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_2d3(a, ret); + libcrux_sha3_portable_keccak_store_block_full_7e3(a, ret); } /** @@ -1683,10 +1683,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_c54( +libcrux_sha3_generic_keccak_squeeze_first_and_last_883( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_293(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_273(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1709,11 +1709,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca3( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(&s); + libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_293(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_273(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1737,10 +1737,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f4(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -1751,7 +1751,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_df3(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_403(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -1761,12 +1761,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_c7(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_40(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_c54(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_883(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1774,7 +1774,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_84(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_7b(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1792,12 +1792,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_cf3(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_ca3(s, o1); } } } @@ -1808,12 +1808,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e44( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e94(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_064(copy_of_data, out); } /** @@ -1821,7 +1821,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1832,7 +1832,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c3( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1849,13 +1849,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b83( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_353( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_653(uu____0, copy_of_b); } /** @@ -1865,13 +1865,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_402( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b83(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_5a_353(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -1879,11 +1879,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d43( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_2c3(s, buf); + libcrux_sha3_portable_keccak_load_block_653(s, buf); } /** @@ -1895,13 +1895,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d23( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_053( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_d43(uu____0, copy_of_b); } /** @@ -1912,7 +1912,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c74( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_404( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1931,8 +1931,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c74( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d23(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_full_5a_053(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -1940,7 +1940,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b3( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1958,12 +1958,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_583(s, buf); + libcrux_sha3_portable_keccak_store_block_9b3(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1980,9 +1980,9 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_292(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_272(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_2d2(a, ret); + libcrux_sha3_portable_keccak_store_block_full_7e2(a, ret); } /** @@ -1993,10 +1993,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_c53( +libcrux_sha3_generic_keccak_squeeze_first_and_last_882( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_292(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_272(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2021,9 +2021,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_593( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_493( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_583(a, b); + libcrux_sha3_portable_keccak_store_block_9b3(a, b); } /** @@ -2033,9 +2033,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_843( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_493(s->st, out); } /** @@ -2045,10 +2045,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c23( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(s); - libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_store_block_5a_493(s->st, out); } /** @@ -2058,11 +2058,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca2( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(&s); + libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_292(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_272(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2086,10 +2086,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f4(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -2100,7 +2100,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_df2(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_402(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2110,12 +2110,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_c74(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_404(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_c53(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_882(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2123,7 +2123,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_843(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_7b3(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2141,12 +2141,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc3(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c23(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_cf2(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_ca2(s, o1); } } } @@ -2157,12 +2157,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e43( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e93(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_063(copy_of_data, out); } /** @@ -2170,7 +2170,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2181,7 +2181,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c2( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2198,13 +2198,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b82( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_352( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c2(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_652(uu____0, copy_of_b); } /** @@ -2214,13 +2214,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_401( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b82(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_5a_352(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -2228,11 +2228,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d42( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_2c2(s, buf); + libcrux_sha3_portable_keccak_load_block_652(s, buf); } /** @@ -2244,13 +2244,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d22( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_052( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df2(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_d42(uu____0, copy_of_b); } /** @@ -2261,7 +2261,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c73( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_403( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2280,8 +2280,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c73( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d22(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_full_5a_052(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -2289,7 +2289,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b2( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2307,12 +2307,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_582(s, buf); + libcrux_sha3_portable_keccak_store_block_9b2(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2329,9 +2329,9 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_291(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_271(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_2d1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_7e1(a, ret); } /** @@ -2342,10 +2342,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_c52( +libcrux_sha3_generic_keccak_squeeze_first_and_last_881( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_291(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_271(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2370,9 +2370,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_592( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_492( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_582(a, b); + libcrux_sha3_portable_keccak_store_block_9b2(a, b); } /** @@ -2382,9 +2382,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_842( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_492(s->st, out); } /** @@ -2394,10 +2394,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c22( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(s); - libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_store_block_5a_492(s->st, out); } /** @@ -2407,11 +2407,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca1( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(&s); + libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_291(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_271(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2435,10 +2435,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f4(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2449,7 +2449,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_df1(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_401(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2459,12 +2459,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_c73(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_403(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_c52(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_881(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2472,7 +2472,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_842(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_7b2(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2490,12 +2490,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c22(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_cf1(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_ca1(s, o1); } } } @@ -2506,12 +2506,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e42( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e92(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_062(copy_of_data, out); } /** @@ -2521,13 +2521,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_400( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b8(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_5a_35(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -2535,12 +2535,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_580(s, buf); + libcrux_sha3_portable_keccak_store_block_9b0(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2557,9 +2557,9 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_290(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_270(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_2d0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_7e0(a, ret); } /** @@ -2570,10 +2570,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_c51( +libcrux_sha3_generic_keccak_squeeze_first_and_last_880( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_290(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_270(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2596,11 +2596,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca0( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(&s); + libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_290(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_270(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2624,10 +2624,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f4(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2638,7 +2638,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_400(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2648,12 +2648,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_c70(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_400(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_c51(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_880(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2661,7 +2661,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_7b0(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2679,12 +2679,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c20(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_ca0(s, o1); } } } @@ -2695,12 +2695,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e41( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e91(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_061(copy_of_data, out); } /** @@ -2711,7 +2711,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_402( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2730,8 +2730,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -2742,10 +2742,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f4(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2756,7 +2756,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_400(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2766,12 +2766,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_c72(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_402(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_c51(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_880(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2779,7 +2779,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_7b0(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2797,12 +2797,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c20(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_ca0(s, o1); } } } @@ -2813,12 +2813,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e40( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e90(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_060(copy_of_data, out); } /** @@ -2826,7 +2826,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2837,7 +2837,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c1( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2854,13 +2854,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b81( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_351( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c1(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_651(uu____0, copy_of_b); } /** @@ -2870,13 +2870,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_40( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b81(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_5a_351(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -2884,11 +2884,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d41( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_2c1(s, buf); + libcrux_sha3_portable_keccak_load_block_651(s, buf); } /** @@ -2900,13 +2900,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d21( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_051( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df1(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_d41(uu____0, copy_of_b); } /** @@ -2917,7 +2917,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c71( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_401( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2936,8 +2936,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c71( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d21(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_full_5a_051(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -2945,7 +2945,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b1( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2963,12 +2963,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_581(s, buf); + libcrux_sha3_portable_keccak_store_block_9b1(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2984,9 +2984,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_29( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_27( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_2d(a, ret); + libcrux_sha3_portable_keccak_store_block_full_7e(a, ret); } /** @@ -2997,10 +2997,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_c50( +libcrux_sha3_generic_keccak_squeeze_first_and_last_88( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_29(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_27(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3025,9 +3025,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_591( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_491( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_581(a, b); + libcrux_sha3_portable_keccak_store_block_9b1(a, b); } /** @@ -3037,9 +3037,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_841( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out); } /** @@ -3049,10 +3049,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c21( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(s); - libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out); } /** @@ -3062,11 +3062,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(&s); + libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_29(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_27(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3090,10 +3090,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f4(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -3104,7 +3104,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_df(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_40(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3114,12 +3114,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_c71(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_401(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_88(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3127,7 +3127,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_841(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_7b1(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3145,12 +3145,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc1(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c21(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_cf(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_ca(s, o1); } } } @@ -3161,12 +3161,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e9(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_06(copy_of_data, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index aed8b3ad4..124a6b80c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index f2144bb1f..e0e7f41a3 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6a879b951d169019291839d9badb170d28e5246b */ #ifndef __libcrux_sha3_neon_H From 3676fd514a5df7dc5dd8382e2c18dfffa42488dd Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Fri, 30 Aug 2024 08:42:25 -0700 Subject: [PATCH 115/172] Refresh C --- libcrux-ml-kem/c/code_gen.txt | 10 +- libcrux-ml-kem/c/internal/libcrux_core.h | 28 +- .../c/internal/libcrux_mlkem_avx2.h | 28 +- .../c/internal/libcrux_mlkem_portable.h | 28 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 10 +- .../c/internal/libcrux_sha3_internal.h | 10 +- libcrux-ml-kem/c/libcrux_core.c | 28 +- libcrux-ml-kem/c/libcrux_core.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 38 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 38 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 38 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 38 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 530 +++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 456 +++++++-------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 10 +- libcrux-ml-kem/c/libcrux_sha3.h | 10 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 10 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 10 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 10 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 10 +- 33 files changed, 764 insertions(+), 764 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 9272a8113..2bcf79a2e 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 -Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb -Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 -F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee +Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d +Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 +Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 +F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 +Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index b79246d1e..8bb342a00 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __internal_libcrux_core_H @@ -110,7 +110,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_e91( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_331( uint8_t value[1568U]); /** @@ -124,7 +124,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_5c1( +uint8_t *libcrux_ml_kem_types_as_slice_cb_3d1( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -136,7 +136,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f11( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_d81( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -200,7 +200,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_e90( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_330( uint8_t value[1088U]); /** @@ -214,7 +214,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_5c0( +uint8_t *libcrux_ml_kem_types_as_slice_cb_3d0( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -226,7 +226,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f10( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_d80( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -313,7 +313,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_e9( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_33( uint8_t value[768U]); /** @@ -327,7 +327,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_5c( +uint8_t *libcrux_ml_kem_types_as_slice_cb_3d( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -361,7 +361,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f1( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_d8( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index dd18ac900..7564a96ad 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -65,7 +65,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_1d1( +bool libcrux_ml_kem_ind_cca_validate_private_key_4e1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); @@ -112,7 +112,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_961( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cf1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -138,7 +138,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_141( +void libcrux_ml_kem_ind_cca_decapsulate_a41( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -174,7 +174,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_1d0( +bool libcrux_ml_kem_ind_cca_validate_private_key_4e0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext); @@ -221,7 +221,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_960( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_cf0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -247,7 +247,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_140( +void libcrux_ml_kem_ind_cca_decapsulate_a40( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -283,7 +283,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_1d( +bool libcrux_ml_kem_ind_cca_validate_private_key_4e( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); @@ -330,7 +330,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_96( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_cf( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -356,7 +356,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_14( +void libcrux_ml_kem_ind_cca_decapsulate_a4( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 967896711..9da52548f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __internal_libcrux_mlkem_portable_H @@ -70,7 +70,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_77( +bool libcrux_ml_kem_ind_cca_validate_private_key_dc( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext); @@ -117,7 +117,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_0b1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_eb1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -143,7 +143,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_d61( +void libcrux_ml_kem_ind_cca_decapsulate_1f1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -179,7 +179,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_09( +bool libcrux_ml_kem_ind_cca_validate_private_key_03( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); @@ -226,7 +226,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_0b0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_eb0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -252,7 +252,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_d60( +void libcrux_ml_kem_ind_cca_decapsulate_1f0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -288,7 +288,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_80( +bool libcrux_ml_kem_ind_cca_validate_private_key_05( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); @@ -335,7 +335,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_0b( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_eb( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -361,7 +361,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_d6( +void libcrux_ml_kem_ind_cca_decapsulate_1f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 96f54bce5..cc0379248 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 2013faf0b..4c2df7a39 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 5cba9238c..2aaca7fae 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #include "internal/libcrux_core.h" @@ -149,7 +149,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_e91( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_331( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -170,7 +170,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_5c1( +uint8_t *libcrux_ml_kem_types_as_slice_cb_3d1( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -184,7 +184,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f11( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_d81( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -275,7 +275,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_e90( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_330( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -296,7 +296,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_5c0( +uint8_t *libcrux_ml_kem_types_as_slice_cb_3d0( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -310,7 +310,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f10( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_d80( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -420,7 +420,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_e9( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_33( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -441,7 +441,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_5c( +uint8_t *libcrux_ml_kem_types_as_slice_cb_3d( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -493,7 +493,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f1( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_d8( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 1e129e51c..834cae0c2 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index dd2ffee9d..841c51e9e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index bcd9e2306..a4d0a04de 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #include "libcrux_mlkem1024_avx2.h" @@ -38,11 +38,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_18( +static void decapsulate_8a0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_140(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a40(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_18(private_key, ciphertext, ret); + decapsulate_8a0(private_key, ciphertext, ret); } /** @@ -76,14 +76,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_63( +static tuple_21 encapsulate_1e0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_960(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_cf0(uu____0, copy_of_randomness); } /** @@ -100,7 +100,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_63(uu____0, copy_of_randomness); + return encapsulate_1e0(uu____0, copy_of_randomness); } /** @@ -117,7 +117,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_39( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_e50( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -133,7 +133,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_39(copy_of_randomness); + return generate_keypair_e50(copy_of_randomness); } /** @@ -147,10 +147,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_210( +static KRML_MUSTINLINE bool validate_private_key_250( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_1d0(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_4e0(private_key, ciphertext); } @@ -162,7 +162,7 @@ static KRML_MUSTINLINE bool validate_private_key_210( bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { - return validate_private_key_210(private_key, ciphertext); + return validate_private_key_250(private_key, ciphertext); } /** @@ -176,8 +176,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_c00(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_0a0(public_key); +static KRML_MUSTINLINE bool validate_public_key_910(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_310(public_key); } /** @@ -187,5 +187,5 @@ static KRML_MUSTINLINE bool validate_public_key_c00(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_c00(public_key->value); + return validate_public_key_910(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 1e2d3d71d..3e6d607aa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 26ec82538..567d45bb5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #include "libcrux_mlkem1024_portable.h" @@ -38,11 +38,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_58( +static void decapsulate_671( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_d61(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_1f1(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_58(private_key, ciphertext, ret); + decapsulate_671(private_key, ciphertext, ret); } /** @@ -76,14 +76,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_f0( +static tuple_21 encapsulate_021( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_0b1(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_eb1(uu____0, copy_of_randomness); } /** @@ -100,7 +100,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_f0(uu____0, copy_of_randomness); + return encapsulate_021(uu____0, copy_of_randomness); } /** @@ -148,10 +148,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_ba1( +static KRML_MUSTINLINE bool validate_private_key_e81( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_77(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_dc(private_key, ciphertext); } @@ -163,7 +163,7 @@ static KRML_MUSTINLINE bool validate_private_key_ba1( bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { - return validate_private_key_ba1(private_key, ciphertext); + return validate_private_key_e81(private_key, ciphertext); } /** @@ -177,8 +177,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_f71(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_3f1(public_key); +static KRML_MUSTINLINE bool validate_public_key_7d1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_b71(public_key); } /** @@ -188,5 +188,5 @@ static KRML_MUSTINLINE bool validate_public_key_f71(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_f71(public_key->value); + return validate_public_key_7d1(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index d8dccd867..23ab356ea 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 396b6eb92..02ea52467 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index aa172d441..bed940812 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #include "libcrux_mlkem512_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_d3(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_8a(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_14(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a4(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_d3(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_d3(private_key, ciphertext, ret); + decapsulate_8a(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_6d( +static tuple_ec encapsulate_1e( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_96(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_cf(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6d(uu____0, copy_of_randomness); + return encapsulate_1e(uu____0, copy_of_randomness); } /** @@ -115,7 +115,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_04( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_e5( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -131,7 +131,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_04(copy_of_randomness); + return generate_keypair_e5(copy_of_randomness); } /** @@ -145,10 +145,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_21( +static KRML_MUSTINLINE bool validate_private_key_25( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_1d(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_4e(private_key, ciphertext); } @@ -160,7 +160,7 @@ static KRML_MUSTINLINE bool validate_private_key_21( bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_21(private_key, ciphertext); + return validate_private_key_25(private_key, ciphertext); } /** @@ -174,8 +174,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_c0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_0a(public_key); +static KRML_MUSTINLINE bool validate_public_key_91(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_31(public_key); } /** @@ -185,5 +185,5 @@ static KRML_MUSTINLINE bool validate_public_key_c0(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_c0(public_key->value); + return validate_public_key_91(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index b6ca5e8f9..2aab23be0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 425f9282b..d03204616 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #include "libcrux_mlkem512_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_f1(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_d60(private_key, ciphertext, ret); +static void decapsulate_670( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_1f0(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_f1(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_f1(private_key, ciphertext, ret); + decapsulate_670(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_3e( +static tuple_ec encapsulate_020( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_0b0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_eb0(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_3e(uu____0, copy_of_randomness); + return encapsulate_020(uu____0, copy_of_randomness); } /** @@ -146,10 +146,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_ba0( +static KRML_MUSTINLINE bool validate_private_key_e80( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_09(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_03(private_key, ciphertext); } @@ -161,7 +161,7 @@ static KRML_MUSTINLINE bool validate_private_key_ba0( bool libcrux_ml_kem_mlkem512_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_ba0(private_key, ciphertext); + return validate_private_key_e80(private_key, ciphertext); } /** @@ -175,8 +175,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_f70(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_3f0(public_key); +static KRML_MUSTINLINE bool validate_public_key_7d0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_b70(public_key); } /** @@ -186,5 +186,5 @@ static KRML_MUSTINLINE bool validate_public_key_f70(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_f70(public_key->value); + return validate_public_key_7d0(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 1504149b7..5a413af62 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 866494595..02ccf2b06 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 4c828687e..c3ba6c4e9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #include "libcrux_mlkem768_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_74( +static void decapsulate_8a1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_141(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a41(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_74( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_74(private_key, ciphertext, ret); + decapsulate_8a1(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_0a( +static tuple_3c encapsulate_1e1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_961(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_cf1(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_0a(uu____0, copy_of_randomness); + return encapsulate_1e1(uu____0, copy_of_randomness); } /** @@ -115,7 +115,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_cb( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_e51( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -131,7 +131,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_cb(copy_of_randomness); + return generate_keypair_e51(copy_of_randomness); } /** @@ -145,10 +145,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_211( +static KRML_MUSTINLINE bool validate_private_key_251( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_1d1(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_4e1(private_key, ciphertext); } @@ -160,7 +160,7 @@ static KRML_MUSTINLINE bool validate_private_key_211( bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_211(private_key, ciphertext); + return validate_private_key_251(private_key, ciphertext); } /** @@ -174,8 +174,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_c01(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_0a1(public_key); +static KRML_MUSTINLINE bool validate_public_key_911(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_311(public_key); } /** @@ -185,5 +185,5 @@ static KRML_MUSTINLINE bool validate_public_key_c01(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_c01(public_key->value); + return validate_public_key_911(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 5f00d8887..6d98df841 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 6d3f374ad..c677d78d5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #include "libcrux_mlkem768_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_22( +static void decapsulate_67( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_d6(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_1f(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_22( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_22(private_key, ciphertext, ret); + decapsulate_67(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_cf( +static tuple_3c encapsulate_02( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_0b(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_eb(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_cf(uu____0, copy_of_randomness); + return encapsulate_02(uu____0, copy_of_randomness); } /** @@ -146,10 +146,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_ba( +static KRML_MUSTINLINE bool validate_private_key_e8( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_80(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_05(private_key, ciphertext); } @@ -161,7 +161,7 @@ static KRML_MUSTINLINE bool validate_private_key_ba( bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_ba(private_key, ciphertext); + return validate_private_key_e8(private_key, ciphertext); } /** @@ -175,8 +175,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_f7(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_3f(public_key); +static KRML_MUSTINLINE bool validate_public_key_7d(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_b7(public_key); } /** @@ -186,5 +186,5 @@ static KRML_MUSTINLINE bool validate_public_key_f7(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_f7(public_key->value); + return validate_public_key_7d(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index a85cf8242..1a6be3e82 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index a6a58c822..934de1b6b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #include "internal/libcrux_mlkem_avx2.h" @@ -1126,7 +1126,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_72(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_1d(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1139,8 +1139,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_ea_1b(__m256i vector) { - return shift_right_72(vector); +static __m256i shift_right_ea_89(__m256i vector) { + return shift_right_1d(vector); } /** @@ -1149,8 +1149,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_unsigned_representative_10(__m256i a) { - __m256i t = shift_right_ea_1b(a); +static __m256i to_unsigned_representative_9b(__m256i a) { + __m256i t = shift_right_ea_89(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -1283,7 +1283,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_a9_a11(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_381(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -1302,11 +1302,11 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_1d1( +bool libcrux_ml_kem_ind_cca_validate_private_key_4e1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; - H_a9_a11(Eurydice_array_to_subslice2( + H_a9_381(Eurydice_array_to_subslice2( private_key->value, (size_t)384U * (size_t)3U, (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), t); @@ -2633,7 +2633,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_791(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_ec1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_9f();); @@ -2701,7 +2701,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_29( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_23( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2725,7 +2725,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_80( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_83( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2745,7 +2745,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_c5( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_38( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2763,7 +2763,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_b9(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_49(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); @@ -2778,7 +2778,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ce( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_1a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2793,7 +2793,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ce( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_b9( + inv_ntt_layer_int_vec_step_reduce_49( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2810,18 +2810,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_0d1( +static KRML_MUSTINLINE void invert_ntt_montgomery_771( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_29(&zeta_i, re); - invert_ntt_at_layer_2_80(&zeta_i, re); - invert_ntt_at_layer_3_c5(&zeta_i, re); - invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_25(re); + invert_ntt_at_layer_1_23(&zeta_i, re); + invert_ntt_at_layer_2_83(&zeta_i, re); + invert_ntt_at_layer_3_38(&zeta_i, re); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_ef(re); } /** @@ -2834,7 +2834,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_46( +static KRML_MUSTINLINE void add_error_reduce_89_82( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2858,7 +2858,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_d21( +static KRML_MUSTINLINE void compute_vector_u_621( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -2888,8 +2888,8 @@ static KRML_MUSTINLINE void compute_vector_u_d21( ntt_multiply_89_ce(a_element, &r_as_ntt[j]); add_to_ring_element_89_7e1(&result[i1], &product); } - invert_ntt_montgomery_0d1(&result[i1]); - add_error_reduce_89_46(&result[i1], &error_1[i1]); + invert_ntt_montgomery_771(&result[i1]); + add_error_reduce_89_82(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -2902,7 +2902,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_53(__m256i v) { +static __m256i decompress_1_ed(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -2916,8 +2916,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_71(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); +deserialize_then_decompress_message_f5(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -2925,7 +2925,7 @@ deserialize_then_decompress_message_71(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_53(coefficient_compressed);); + re.coefficients[i0] = decompress_1_ed(coefficient_compressed);); return re; } @@ -2940,7 +2940,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_57( +add_message_error_reduce_89_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2970,7 +2970,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_3c1( +compute_ring_element_v_961( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -2978,10 +2978,10 @@ compute_ring_element_v_3c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_91(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_1c1(&result, &product);); - invert_ntt_montgomery_0d1(&result); - result = add_message_error_reduce_89_57(error_2, message, result); + ntt_multiply_89_ce(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_7e1(&result, &product);); + invert_ntt_montgomery_771(&result); + result = add_message_error_reduce_89_ef(error_2, message, result); return result; } @@ -2992,7 +2992,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_0d(__m256i vector) { +compress_ciphertext_coefficient_3b(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3039,8 +3039,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_ea_dc(__m256i vector) { - return compress_ciphertext_coefficient_0d(vector); +static __m256i compress_ea_8c(__m256i vector) { + return compress_ciphertext_coefficient_3b(vector); } /** @@ -3049,14 +3049,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_75( +static KRML_MUSTINLINE void compress_then_serialize_10_b2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_dc(to_unsigned_representative_10(re->coefficients[i0])); + compress_ea_8c(to_unsigned_representative_9b(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3074,7 +3074,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_0d0(__m256i vector) { +compress_ciphertext_coefficient_3b0(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3121,8 +3121,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_ea_dc0(__m256i vector) { - return compress_ciphertext_coefficient_0d0(vector); +static __m256i compress_ea_8c0(__m256i vector) { + return compress_ciphertext_coefficient_3b0(vector); } /** @@ -3132,10 +3132,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_1f( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_21( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_75(re, uu____0); + compress_then_serialize_10_b2(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3151,7 +3151,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_bd1( +static void compress_then_serialize_u_271( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3167,7 +3167,7 @@ static void compress_then_serialize_u_bd1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_1f(&re, ret); + compress_then_serialize_ring_element_u_21(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3180,7 +3180,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_0d1(__m256i vector) { +compress_ciphertext_coefficient_3b1(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3227,8 +3227,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_ea_dc1(__m256i vector) { - return compress_ciphertext_coefficient_0d1(vector); +static __m256i compress_ea_8c1(__m256i vector) { + return compress_ciphertext_coefficient_3b1(vector); } /** @@ -3237,14 +3237,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_78( +static KRML_MUSTINLINE void compress_then_serialize_4_9e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_dc1(to_unsigned_representative_10(re.coefficients[i0])); + compress_ea_8c1(to_unsigned_representative_9b(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); Eurydice_slice_copy( @@ -3261,7 +3261,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_0d2(__m256i vector) { +compress_ciphertext_coefficient_3b2(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3308,8 +3308,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_ea_dc2(__m256i vector) { - return compress_ciphertext_coefficient_0d2(vector); +static __m256i compress_ea_8c2(__m256i vector) { + return compress_ciphertext_coefficient_3b2(vector); } /** @@ -3318,14 +3318,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_11( +static KRML_MUSTINLINE void compress_then_serialize_5_cb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_ea_dc2(to_unsigned_representative_10(re.coefficients[i0])); + compress_ea_8c2(to_unsigned_representative_9b(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); Eurydice_slice_copy( @@ -3342,9 +3342,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_9a( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_15( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_78(re, out); + compress_then_serialize_4_9e(re, out); } /** @@ -3364,7 +3364,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_bd1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_901(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; deserialize_ring_elements_reduced_413( @@ -3391,7 +3391,7 @@ static void encrypt_bd1(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_791(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_ec1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3405,25 +3405,25 @@ static void encrypt_bd1(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_5f0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_d21(A, r_as_ntt, error_1, u); + compute_vector_u_621(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_71(copy_of_message); + deserialize_then_decompress_message_f5(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_3c1(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_961(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_bd1( + compress_then_serialize_u_271( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_9a( + compress_then_serialize_ring_element_v_15( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3467,7 +3467,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_961( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cf1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -3480,8 +3480,8 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_961( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_a11(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_5c0(public_key), + H_a9_381(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3d0(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -3495,17 +3495,17 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_961( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_5c0(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3d0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_bd1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_901(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_e90(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_330(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_d8_421(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; @@ -3526,8 +3526,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_20(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); +deserialize_to_uncompressed_ring_element_cb(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3547,7 +3547,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_a11( +static KRML_MUSTINLINE void deserialize_secret_key_651( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -3564,7 +3564,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a11( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_20(secret_bytes); + deserialize_to_uncompressed_ring_element_cb(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -3589,7 +3589,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_c5(__m256i vector) { +decompress_ciphertext_coefficient_7f(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3633,8 +3633,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_ea_ff(__m256i vector) { - return decompress_ciphertext_coefficient_c5(vector); +static __m256i decompress_ciphertext_coefficient_ea_b3(__m256i vector) { + return decompress_ciphertext_coefficient_7f(vector); } /** @@ -3644,15 +3644,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_4b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); +deserialize_then_decompress_10_d3(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_ff(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_b3(coefficient); } return re; } @@ -3664,7 +3664,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_c50(__m256i vector) { +decompress_ciphertext_coefficient_7f0(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3708,8 +3708,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_ea_ff0(__m256i vector) { - return decompress_ciphertext_coefficient_c50(vector); +static __m256i decompress_ciphertext_coefficient_ea_b30(__m256i vector) { + return decompress_ciphertext_coefficient_7f0(vector); } /** @@ -3719,15 +3719,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_ec(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); +deserialize_then_decompress_11_29(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_ff0(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_b30(coefficient); } return re; } @@ -3739,8 +3739,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_df(Eurydice_slice serialized) { - return deserialize_then_decompress_10_4b(serialized); +deserialize_then_decompress_ring_element_u_36(Eurydice_slice serialized) { + return deserialize_then_decompress_10_d3(serialized); } /** @@ -3749,7 +3749,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_51( +static KRML_MUSTINLINE void ntt_vector_u_08( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)7U); @@ -3774,7 +3774,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_721( +static KRML_MUSTINLINE void deserialize_then_decompress_u_221( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -3797,8 +3797,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_721( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_df(u_bytes); - ntt_vector_u_51(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_36(u_bytes); + ntt_vector_u_08(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3812,7 +3812,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_c51(__m256i vector) { +decompress_ciphertext_coefficient_7f1(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3856,8 +3856,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_ea_ff1(__m256i vector) { - return decompress_ciphertext_coefficient_c51(vector); +static __m256i decompress_ciphertext_coefficient_ea_b31(__m256i vector) { + return decompress_ciphertext_coefficient_7f1(vector); } /** @@ -3867,15 +3867,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_0e(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); +deserialize_then_decompress_4_c8(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_ff1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_b31(coefficient); } return re; } @@ -3887,7 +3887,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_c52(__m256i vector) { +decompress_ciphertext_coefficient_7f2(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3931,8 +3931,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_ea_ff2(__m256i vector) { - return decompress_ciphertext_coefficient_c52(vector); +static __m256i decompress_ciphertext_coefficient_ea_b32(__m256i vector) { + return decompress_ciphertext_coefficient_7f2(vector); } /** @@ -3942,8 +3942,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_a2(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); +deserialize_then_decompress_5_10(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3951,7 +3951,7 @@ deserialize_then_decompress_5_a2(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_ff2(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_b32(re.coefficients[i0]); } return re; } @@ -3963,8 +3963,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_e8(Eurydice_slice serialized) { - return deserialize_then_decompress_4_0e(serialized); +deserialize_then_decompress_ring_element_v_e4(Eurydice_slice serialized) { + return deserialize_then_decompress_4_c8(serialized); } /** @@ -3978,7 +3978,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_74(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_89_12(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4006,17 +4006,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_221( +compute_message_141( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_91(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_1c1(&result, &product);); - invert_ntt_montgomery_0d1(&result); - result = subtract_reduce_89_74(v, result); + ntt_multiply_89_ce(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_7e1(&result, &product);); + invert_ntt_montgomery_771(&result); + result = subtract_reduce_89_12(v, result); return result; } @@ -4026,7 +4026,7 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_30( +static KRML_MUSTINLINE void compress_then_serialize_message_45( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( @@ -4078,18 +4078,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_891(IndCpaPrivateKeyUnpacked_a0 *secret_key, +static void decrypt_unpacked_531(IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_721(ciphertext, u_as_ntt); + deserialize_then_decompress_u_221(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_e8( + deserialize_then_decompress_ring_element_v_e4( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_221(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_141(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_30(message, ret0); + compress_then_serialize_message_45(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4103,10 +4103,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_fc1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_ec1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_a11(secret_key, secret_as_ntt); + deserialize_secret_key_651(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4117,7 +4117,7 @@ static void decrypt_fc1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_891(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_531(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4169,7 +4169,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_141( +void libcrux_ml_kem_ind_cca_decapsulate_a41( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4187,7 +4187,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_141( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_fc1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_ec1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -4209,7 +4209,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_141( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_f10(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d80(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_b03(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4219,7 +4219,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_141( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_bd1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_901(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_421(Eurydice_array_to_slice( @@ -4229,7 +4229,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_141( kdf_d8_421(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f10(ciphertext), + libcrux_ml_kem_types_as_ref_00_d80(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4380,7 +4380,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_a9_a10(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_380(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -4399,11 +4399,11 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_1d0( +bool libcrux_ml_kem_ind_cca_validate_private_key_4e0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext) { uint8_t t[32U]; - H_a9_a10(Eurydice_array_to_subslice2( + H_a9_380(Eurydice_array_to_subslice2( private_key->value, (size_t)384U * (size_t)4U, (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), t); @@ -5294,7 +5294,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_790(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_ec0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_9f();); @@ -5350,18 +5350,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_0d0( +static KRML_MUSTINLINE void invert_ntt_montgomery_770( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_29(&zeta_i, re); - invert_ntt_at_layer_2_80(&zeta_i, re); - invert_ntt_at_layer_3_c5(&zeta_i, re); - invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_25(re); + invert_ntt_at_layer_1_23(&zeta_i, re); + invert_ntt_at_layer_2_83(&zeta_i, re); + invert_ntt_at_layer_3_38(&zeta_i, re); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_ef(re); } /** @@ -5373,7 +5373,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_d20( +static KRML_MUSTINLINE void compute_vector_u_620( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -5403,8 +5403,8 @@ static KRML_MUSTINLINE void compute_vector_u_d20( ntt_multiply_89_ce(a_element, &r_as_ntt[j]); add_to_ring_element_89_7e0(&result[i1], &product); } - invert_ntt_montgomery_0d0(&result[i1]); - add_error_reduce_89_46(&result[i1], &error_1[i1]); + invert_ntt_montgomery_770(&result[i1]); + add_error_reduce_89_82(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -5421,7 +5421,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_3c0( +compute_ring_element_v_960( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -5429,10 +5429,10 @@ compute_ring_element_v_3c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_91(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_1c0(&result, &product);); - invert_ntt_montgomery_0d0(&result); - result = add_message_error_reduce_89_57(error_2, message, result); + ntt_multiply_89_ce(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_7e0(&result, &product);); + invert_ntt_montgomery_770(&result); + result = add_message_error_reduce_89_ef(error_2, message, result); return result; } @@ -5442,14 +5442,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_0e0( +static KRML_MUSTINLINE void compress_then_serialize_11_ac0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_dc0(to_unsigned_representative_10(re->coefficients[i0])); + compress_ea_8c0(to_unsigned_representative_9b(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5467,10 +5467,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_1f0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_210( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_0e0(re, uu____0); + compress_then_serialize_11_ac0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -5486,7 +5486,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_bd0( +static void compress_then_serialize_u_270( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -5502,7 +5502,7 @@ static void compress_then_serialize_u_bd0( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_1f0(&re, ret); + compress_then_serialize_ring_element_u_210(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5515,9 +5515,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_9a0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_150( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_11(re, out); + compress_then_serialize_5_cb(re, out); } /** @@ -5537,7 +5537,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_bd0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_900(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; deserialize_ring_elements_reduced_411( @@ -5564,7 +5564,7 @@ static void encrypt_bd0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_790(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_ec0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -5578,25 +5578,25 @@ static void encrypt_bd0(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_5f0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_d20(A, r_as_ntt, error_1, u); + compute_vector_u_620(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_71(copy_of_message); + deserialize_then_decompress_message_f5(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_3c0(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_960(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_bd0( + compress_then_serialize_u_270( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_9a0( + compress_then_serialize_ring_element_v_150( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -5640,7 +5640,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_960( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_cf0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -5653,8 +5653,8 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_960( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_a10(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_5c1(public_key), + H_a9_380(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3d1(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5668,17 +5668,17 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_960( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_5c1(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3d1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_bd0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_900(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_e91(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_331(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_d8_420(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; @@ -5701,7 +5701,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_a10( +static KRML_MUSTINLINE void deserialize_secret_key_650( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; @@ -5718,7 +5718,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a10( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_20(secret_bytes); + deserialize_to_uncompressed_ring_element_cb(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5743,8 +5743,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_df0(Eurydice_slice serialized) { - return deserialize_then_decompress_11_ec(serialized); +deserialize_then_decompress_ring_element_u_360(Eurydice_slice serialized) { + return deserialize_then_decompress_11_29(serialized); } /** @@ -5753,7 +5753,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_510( +static KRML_MUSTINLINE void ntt_vector_u_080( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)7U); @@ -5778,7 +5778,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_720( +static KRML_MUSTINLINE void deserialize_then_decompress_u_220( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; @@ -5801,8 +5801,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_720( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_df0(u_bytes); - ntt_vector_u_510(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_360(u_bytes); + ntt_vector_u_080(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5816,8 +5816,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_e80(Eurydice_slice serialized) { - return deserialize_then_decompress_5_a2(serialized); +deserialize_then_decompress_ring_element_v_e40(Eurydice_slice serialized) { + return deserialize_then_decompress_5_10(serialized); } /** @@ -5833,17 +5833,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_220( +compute_message_140( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_91(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_1c0(&result, &product);); - invert_ntt_montgomery_0d0(&result); - result = subtract_reduce_89_74(v, result); + ntt_multiply_89_ce(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_7e0(&result, &product);); + invert_ntt_montgomery_770(&result); + result = subtract_reduce_89_12(v, result); return result; } @@ -5881,18 +5881,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_890(IndCpaPrivateKeyUnpacked_01 *secret_key, +static void decrypt_unpacked_530(IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_720(ciphertext, u_as_ntt); + deserialize_then_decompress_u_220(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_e80( + deserialize_then_decompress_ring_element_v_e40( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_220(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_140(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_30(message, ret0); + compress_then_serialize_message_45(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5906,10 +5906,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_fc0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_ec0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_a10(secret_key, secret_as_ntt); + deserialize_secret_key_650(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -5920,7 +5920,7 @@ static void decrypt_fc0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_890(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_530(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5960,7 +5960,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_140( +void libcrux_ml_kem_ind_cca_decapsulate_a40( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5979,7 +5979,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_140( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_fc0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_ec0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -6001,7 +6001,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_140( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_f11(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d81(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_b01(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -6011,7 +6011,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_140( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_bd0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_900(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_420(Eurydice_array_to_slice( @@ -6021,7 +6021,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_140( kdf_d8_420(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f11(ciphertext), + libcrux_ml_kem_types_as_ref_00_d81(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6172,7 +6172,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_a9_a1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_38(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -6191,11 +6191,11 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_1d( +bool libcrux_ml_kem_ind_cca_validate_private_key_4e( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; - H_a9_a1(Eurydice_array_to_subslice2( + H_a9_38(Eurydice_array_to_subslice2( private_key->value, (size_t)384U * (size_t)2U, (size_t)768U * (size_t)2U + (size_t)32U, uint8_t), t); @@ -7125,7 +7125,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_79(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_ec(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_9f();); @@ -7181,18 +7181,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_0d( +static KRML_MUSTINLINE void invert_ntt_montgomery_77( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_29(&zeta_i, re); - invert_ntt_at_layer_2_80(&zeta_i, re); - invert_ntt_at_layer_3_c5(&zeta_i, re); - invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_25(re); + invert_ntt_at_layer_1_23(&zeta_i, re); + invert_ntt_at_layer_2_83(&zeta_i, re); + invert_ntt_at_layer_3_38(&zeta_i, re); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_ef(re); } /** @@ -7204,7 +7204,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_d2( +static KRML_MUSTINLINE void compute_vector_u_62( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -7234,8 +7234,8 @@ static KRML_MUSTINLINE void compute_vector_u_d2( ntt_multiply_89_ce(a_element, &r_as_ntt[j]); add_to_ring_element_89_7e(&result[i1], &product); } - invert_ntt_montgomery_0d(&result[i1]); - add_error_reduce_89_46(&result[i1], &error_1[i1]); + invert_ntt_montgomery_77(&result[i1]); + add_error_reduce_89_82(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -7252,7 +7252,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_3c( +compute_ring_element_v_96( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -7260,10 +7260,10 @@ compute_ring_element_v_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_91(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_1c(&result, &product);); - invert_ntt_montgomery_0d(&result); - result = add_message_error_reduce_89_57(error_2, message, result); + ntt_multiply_89_ce(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_7e(&result, &product);); + invert_ntt_montgomery_77(&result); + result = add_message_error_reduce_89_ef(error_2, message, result); return result; } @@ -7279,7 +7279,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_bd( +static void compress_then_serialize_u_27( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7295,7 +7295,7 @@ static void compress_then_serialize_u_bd( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_1f(&re, ret); + compress_then_serialize_ring_element_u_21(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7318,7 +7318,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_bd(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_90(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; deserialize_ring_elements_reduced_41( @@ -7345,7 +7345,7 @@ static void encrypt_bd(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_79(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_ec(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7359,25 +7359,25 @@ static void encrypt_bd(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_5f0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_d2(A, r_as_ntt, error_1, u); + compute_vector_u_62(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_71(copy_of_message); + deserialize_then_decompress_message_f5(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_3c(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_96(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_bd( + compress_then_serialize_u_27( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_9a( + compress_then_serialize_ring_element_v_15( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7421,7 +7421,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_96( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_cf( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -7434,8 +7434,8 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_96( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_a1(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_5c(public_key), + H_a9_38(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3d(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -7449,17 +7449,17 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_96( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_5c(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3d(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_bd(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_90(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_e9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_33(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_d8_42(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; @@ -7482,7 +7482,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_a1( +static KRML_MUSTINLINE void deserialize_secret_key_65( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; @@ -7499,7 +7499,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_20(secret_bytes); + deserialize_to_uncompressed_ring_element_cb(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7529,7 +7529,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_72( +static KRML_MUSTINLINE void deserialize_then_decompress_u_22( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; @@ -7552,8 +7552,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_72( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_df(u_bytes); - ntt_vector_u_51(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_36(u_bytes); + ntt_vector_u_08(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7573,17 +7573,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_22( +compute_message_14( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_91(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_1c(&result, &product);); - invert_ntt_montgomery_0d(&result); - result = subtract_reduce_89_74(v, result); + ntt_multiply_89_ce(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_7e(&result, &product);); + invert_ntt_montgomery_77(&result); + result = subtract_reduce_89_12(v, result); return result; } @@ -7621,18 +7621,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_89(IndCpaPrivateKeyUnpacked_d6 *secret_key, +static void decrypt_unpacked_53(IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_72(ciphertext, u_as_ntt); + deserialize_then_decompress_u_22(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_e8( + deserialize_then_decompress_ring_element_v_e4( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_22(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_14(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_30(message, ret0); + compress_then_serialize_message_45(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7646,10 +7646,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_fc(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_ec(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_a1(secret_key, secret_as_ntt); + deserialize_secret_key_65(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -7660,7 +7660,7 @@ static void decrypt_fc(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_89(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_53(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7700,7 +7700,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_14( +void libcrux_ml_kem_ind_cca_decapsulate_a4( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7718,7 +7718,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_14( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_fc(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_ec(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7740,7 +7740,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_14( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_f1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d8(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_b0(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7750,7 +7750,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_14( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_bd(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_90(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_42(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), @@ -7759,7 +7759,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_14( kdf_d8_42(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f1(ciphertext), + libcrux_ml_kem_types_as_ref_00_d8(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 217830287..7ec08a99f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 2c3826f57..faa720af9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #include "internal/libcrux_mlkem_portable.h" @@ -2503,7 +2503,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_1a1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_191(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -2522,11 +2522,11 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_77( +bool libcrux_ml_kem_ind_cca_validate_private_key_dc( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext) { uint8_t t[32U]; - H_f1_1a1(Eurydice_array_to_subslice2( + H_f1_191(Eurydice_array_to_subslice2( private_key->value, (size_t)384U * (size_t)4U, (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), t); @@ -3865,7 +3865,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_6c1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_a81(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_c3();); @@ -3933,7 +3933,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_16( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_4b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3957,7 +3957,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_90( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_2b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3977,7 +3977,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_6f( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_97( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3997,7 +3997,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_2c( + inv_ntt_layer_int_vec_step_reduce_aa( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4017,7 +4017,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_7f( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_04( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4032,7 +4032,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_7f( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_2c( + inv_ntt_layer_int_vec_step_reduce_aa( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4049,18 +4049,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d11( +static KRML_MUSTINLINE void invert_ntt_montgomery_c91( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_16(&zeta_i, re); - invert_ntt_at_layer_2_90(&zeta_i, re); - invert_ntt_at_layer_3_6f(&zeta_i, re); - invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_8b(re); + invert_ntt_at_layer_1_4b(&zeta_i, re); + invert_ntt_at_layer_2_2b(&zeta_i, re); + invert_ntt_at_layer_3_97(&zeta_i, re); + invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_d8(re); } /** @@ -4073,7 +4073,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_3f( +static KRML_MUSTINLINE void add_error_reduce_89_5d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4100,7 +4100,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_671( +static KRML_MUSTINLINE void compute_vector_u_931( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -4130,8 +4130,8 @@ static KRML_MUSTINLINE void compute_vector_u_671( ntt_multiply_89_3b(a_element, &r_as_ntt[j]); add_to_ring_element_89_1e1(&result[i1], &product); } - invert_ntt_montgomery_d11(&result[i1]); - add_error_reduce_89_3f(&result[i1], &error_1[i1]); + invert_ntt_montgomery_c91(&result[i1]); + add_error_reduce_89_5d(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4145,7 +4145,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_cd(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_3e(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4159,8 +4159,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_a4(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); +deserialize_then_decompress_message_f7(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4170,7 +4170,7 @@ deserialize_then_decompress_message_a4(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_cd(coefficient_compressed); + decompress_1_3e(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4186,7 +4186,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_0d( +add_message_error_reduce_89_c4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4219,7 +4219,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_421( +compute_ring_element_v_541( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4227,10 +4227,10 @@ compute_ring_element_v_421( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_2a(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_841(&result, &product);); - invert_ntt_montgomery_d11(&result); - result = add_message_error_reduce_89_0d(error_2, message, result); + ntt_multiply_89_3b(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_1e1(&result, &product);); + invert_ntt_montgomery_c91(&result); + result = add_message_error_reduce_89_c4(error_2, message, result); return result; } @@ -4304,7 +4304,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_fc0( +static KRML_MUSTINLINE void compress_then_serialize_11_ef0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; @@ -4329,10 +4329,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_190( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_fc0(re, uu____0); + compress_then_serialize_11_ef0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4348,7 +4348,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_841( +static void compress_then_serialize_u_281( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4364,7 +4364,7 @@ static void compress_then_serialize_u_841( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_190(&re, ret); + compress_then_serialize_ring_element_u_2e0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4408,7 +4408,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_bf( +static KRML_MUSTINLINE void compress_then_serialize_4_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -4463,7 +4463,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_fa( +static KRML_MUSTINLINE void compress_then_serialize_5_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -4487,9 +4487,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7c0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_650( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_fa(re, out); + compress_then_serialize_5_3c(re, out); } /** @@ -4510,7 +4510,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_5a1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_7b1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; deserialize_ring_elements_reduced_4f3( @@ -4537,7 +4537,7 @@ static void encrypt_5a1(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_6c1(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_a81(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4551,25 +4551,25 @@ static void encrypt_5a1(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_ca( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_671(A, r_as_ntt, error_1, u); + compute_vector_u_931(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_a4(copy_of_message); + deserialize_then_decompress_message_f7(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_421(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_541(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_841( + compress_then_serialize_u_281( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_7c0( + compress_then_serialize_ring_element_v_650( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4613,7 +4613,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_0b1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_eb1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -4626,8 +4626,8 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_0b1( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_1a1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_5c1(public_key), + H_f1_191(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3d1(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4641,17 +4641,17 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_0b1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_5c1(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3d1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_5a1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_7b1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_e91(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_331(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_d8_93(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; @@ -4672,8 +4672,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_f5(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); +deserialize_to_uncompressed_ring_element_27(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4695,7 +4695,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_a81( +static KRML_MUSTINLINE void deserialize_secret_key_7b1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; @@ -4712,7 +4712,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a81( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_f5(secret_bytes); + deserialize_to_uncompressed_ring_element_27(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4774,8 +4774,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_ee(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); +deserialize_then_decompress_10_50(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -4834,8 +4834,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_e6(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); +deserialize_then_decompress_11_1f(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4857,8 +4857,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_3d0(Eurydice_slice serialized) { - return deserialize_then_decompress_11_e6(serialized); +deserialize_then_decompress_ring_element_u_c20(Eurydice_slice serialized) { + return deserialize_then_decompress_11_1f(serialized); } /** @@ -4867,7 +4867,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_8a0( +static KRML_MUSTINLINE void ntt_vector_u_6f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); @@ -4892,7 +4892,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_0e1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_1a1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; @@ -4915,8 +4915,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_0e1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_3d0(u_bytes); - ntt_vector_u_8a0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_c20(u_bytes); + ntt_vector_u_6f0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4967,8 +4967,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_22(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); +deserialize_then_decompress_4_94(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -5027,8 +5027,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_6c(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); +deserialize_then_decompress_5_100(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5050,8 +5050,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_2b0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_6c(serialized); +deserialize_then_decompress_ring_element_v_930(Eurydice_slice serialized) { + return deserialize_then_decompress_5_100(serialized); } /** @@ -5065,7 +5065,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_6b(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5096,17 +5096,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_951( +compute_message_c91( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_2a(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_841(&result, &product);); - invert_ntt_montgomery_d11(&result); - result = subtract_reduce_89_6b(v, result); + ntt_multiply_89_3b(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_1e1(&result, &product);); + invert_ntt_montgomery_c91(&result); + result = subtract_reduce_89_61(v, result); return result; } @@ -5116,7 +5116,7 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_22( +static KRML_MUSTINLINE void compress_then_serialize_message_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( @@ -5170,18 +5170,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_691(IndCpaPrivateKeyUnpacked_42 *secret_key, +static void decrypt_unpacked_6b1(IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_0e1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_1a1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_2b0( + deserialize_then_decompress_ring_element_v_930( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_951(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c91(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_22(message, ret0); + compress_then_serialize_message_d4(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5195,10 +5195,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_691(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_121(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_a81(secret_key, secret_as_ntt); + deserialize_secret_key_7b1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5209,7 +5209,7 @@ static void decrypt_691(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_691(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_6b1(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5261,7 +5261,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_d61( +void libcrux_ml_kem_ind_cca_decapsulate_1f1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5280,7 +5280,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_d61( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_691(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_121(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5302,7 +5302,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_d61( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_f11(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d81(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_2e3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5312,7 +5312,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_d61( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_5a1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_7b1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_93(Eurydice_array_to_slice((size_t)32U, @@ -5322,7 +5322,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_d61( kdf_d8_93(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f11(ciphertext), + libcrux_ml_kem_types_as_ref_00_d81(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5473,7 +5473,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_1a0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_190(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5492,11 +5492,11 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_09( +bool libcrux_ml_kem_ind_cca_validate_private_key_03( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; - H_f1_1a0(Eurydice_array_to_subslice2( + H_f1_190(Eurydice_array_to_subslice2( private_key->value, (size_t)384U * (size_t)2U, (size_t)768U * (size_t)2U + (size_t)32U, uint8_t), t); @@ -6408,7 +6408,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_6c0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_a80(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_c3();); @@ -6464,18 +6464,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d10( +static KRML_MUSTINLINE void invert_ntt_montgomery_c90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_16(&zeta_i, re); - invert_ntt_at_layer_2_90(&zeta_i, re); - invert_ntt_at_layer_3_6f(&zeta_i, re); - invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_8b(re); + invert_ntt_at_layer_1_4b(&zeta_i, re); + invert_ntt_at_layer_2_2b(&zeta_i, re); + invert_ntt_at_layer_3_97(&zeta_i, re); + invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_d8(re); } /** @@ -6487,7 +6487,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_670( +static KRML_MUSTINLINE void compute_vector_u_930( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -6517,8 +6517,8 @@ static KRML_MUSTINLINE void compute_vector_u_670( ntt_multiply_89_3b(a_element, &r_as_ntt[j]); add_to_ring_element_89_1e0(&result[i1], &product); } - invert_ntt_montgomery_d10(&result[i1]); - add_error_reduce_89_3f(&result[i1], &error_1[i1]); + invert_ntt_montgomery_c90(&result[i1]); + add_error_reduce_89_5d(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -6535,7 +6535,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_420( +compute_ring_element_v_540( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -6543,10 +6543,10 @@ compute_ring_element_v_420( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_2a(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_840(&result, &product);); - invert_ntt_montgomery_d10(&result); - result = add_message_error_reduce_89_0d(error_2, message, result); + ntt_multiply_89_3b(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_1e0(&result, &product);); + invert_ntt_montgomery_c90(&result); + result = add_message_error_reduce_89_c4(error_2, message, result); return result; } @@ -6556,7 +6556,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_a1( +static KRML_MUSTINLINE void compress_then_serialize_10_88( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -6581,10 +6581,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_19( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_a1(re, uu____0); + compress_then_serialize_10_88(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6600,7 +6600,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_840( +static void compress_then_serialize_u_280( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6616,7 +6616,7 @@ static void compress_then_serialize_u_840( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_19(&re, ret); + compress_then_serialize_ring_element_u_2e(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -6629,9 +6629,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7c( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_65( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_bf(re, out); + compress_then_serialize_4_80(re, out); } /** @@ -6652,7 +6652,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_5a0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_7b0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; deserialize_ring_elements_reduced_4f1( @@ -6679,7 +6679,7 @@ static void encrypt_5a0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_6c0(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_a80(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6693,25 +6693,25 @@ static void encrypt_5a0(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_ca( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_670(A, r_as_ntt, error_1, u); + compute_vector_u_930(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_a4(copy_of_message); + deserialize_then_decompress_message_f7(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_420(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_540(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_840( + compress_then_serialize_u_280( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_7c( + compress_then_serialize_ring_element_v_65( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -6755,7 +6755,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_0b0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_eb0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -6768,8 +6768,8 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_0b0( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_1a0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_5c(public_key), + H_f1_190(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3d(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6783,17 +6783,17 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_0b0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_5c(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3d(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_5a0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_7b0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_e9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_33(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_d8_32(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; @@ -6816,7 +6816,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_a80( +static KRML_MUSTINLINE void deserialize_secret_key_7b0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; @@ -6833,7 +6833,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a80( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_f5(secret_bytes); + deserialize_to_uncompressed_ring_element_27(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6858,8 +6858,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_3d(Eurydice_slice serialized) { - return deserialize_then_decompress_10_ee(serialized); +deserialize_then_decompress_ring_element_u_c2(Eurydice_slice serialized) { + return deserialize_then_decompress_10_50(serialized); } /** @@ -6868,7 +6868,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_8a( +static KRML_MUSTINLINE void ntt_vector_u_6f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); @@ -6893,7 +6893,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_0e0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_1a0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; @@ -6916,8 +6916,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_0e0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_3d(u_bytes); - ntt_vector_u_8a(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_c2(u_bytes); + ntt_vector_u_6f(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6931,8 +6931,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_2b(Eurydice_slice serialized) { - return deserialize_then_decompress_4_22(serialized); +deserialize_then_decompress_ring_element_v_93(Eurydice_slice serialized) { + return deserialize_then_decompress_4_94(serialized); } /** @@ -6948,17 +6948,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_950( +compute_message_c90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_2a(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_840(&result, &product);); - invert_ntt_montgomery_d10(&result); - result = subtract_reduce_89_6b(v, result); + ntt_multiply_89_3b(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_1e0(&result, &product);); + invert_ntt_montgomery_c90(&result); + result = subtract_reduce_89_61(v, result); return result; } @@ -6996,18 +6996,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_690(IndCpaPrivateKeyUnpacked_ae *secret_key, +static void decrypt_unpacked_6b0(IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_0e0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_1a0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_2b( + deserialize_then_decompress_ring_element_v_93( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_950(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c90(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_22(message, ret0); + compress_then_serialize_message_d4(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7021,10 +7021,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_690(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_120(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_a80(secret_key, secret_as_ntt); + deserialize_secret_key_7b0(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7035,7 +7035,7 @@ static void decrypt_690(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_690(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_6b0(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7075,7 +7075,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_d60( +void libcrux_ml_kem_ind_cca_decapsulate_1f0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7093,7 +7093,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_d60( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_690(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_120(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7115,7 +7115,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_d60( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_f1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d8(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_2e1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7125,7 +7125,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_d60( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_5a0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_7b0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_32(Eurydice_array_to_slice((size_t)32U, @@ -7135,7 +7135,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_d60( kdf_d8_32(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f1(ciphertext), + libcrux_ml_kem_types_as_ref_00_d8(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7286,7 +7286,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_1a(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_19(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -7305,11 +7305,11 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_80( +bool libcrux_ml_kem_ind_cca_validate_private_key_05( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; - H_f1_1a(Eurydice_array_to_subslice2( + H_f1_19(Eurydice_array_to_subslice2( private_key->value, (size_t)384U * (size_t)3U, (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), t); @@ -8178,7 +8178,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_6c(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_a8(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_c3();); @@ -8234,18 +8234,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d1( +static KRML_MUSTINLINE void invert_ntt_montgomery_c9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_16(&zeta_i, re); - invert_ntt_at_layer_2_90(&zeta_i, re); - invert_ntt_at_layer_3_6f(&zeta_i, re); - invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_8b(re); + invert_ntt_at_layer_1_4b(&zeta_i, re); + invert_ntt_at_layer_2_2b(&zeta_i, re); + invert_ntt_at_layer_3_97(&zeta_i, re); + invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_d8(re); } /** @@ -8257,7 +8257,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_67( +static KRML_MUSTINLINE void compute_vector_u_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -8287,8 +8287,8 @@ static KRML_MUSTINLINE void compute_vector_u_67( ntt_multiply_89_3b(a_element, &r_as_ntt[j]); add_to_ring_element_89_1e(&result[i1], &product); } - invert_ntt_montgomery_d1(&result[i1]); - add_error_reduce_89_3f(&result[i1], &error_1[i1]); + invert_ntt_montgomery_c9(&result[i1]); + add_error_reduce_89_5d(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -8305,7 +8305,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_42( +compute_ring_element_v_54( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -8313,10 +8313,10 @@ compute_ring_element_v_42( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_2a(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_84(&result, &product);); - invert_ntt_montgomery_d1(&result); - result = add_message_error_reduce_89_0d(error_2, message, result); + ntt_multiply_89_3b(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_1e(&result, &product);); + invert_ntt_montgomery_c9(&result); + result = add_message_error_reduce_89_c4(error_2, message, result); return result; } @@ -8332,7 +8332,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_84( +static void compress_then_serialize_u_28( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8348,7 +8348,7 @@ static void compress_then_serialize_u_84( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_19(&re, ret); + compress_then_serialize_ring_element_u_2e(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8372,7 +8372,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_5a(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_7b(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; deserialize_ring_elements_reduced_4f( @@ -8399,7 +8399,7 @@ static void encrypt_5a(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_6c(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_a8(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8413,25 +8413,25 @@ static void encrypt_5a(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_ca( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_67(A, r_as_ntt, error_1, u); + compute_vector_u_93(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_a4(copy_of_message); + deserialize_then_decompress_message_f7(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_42(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_54(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_84( + compress_then_serialize_u_28( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_7c( + compress_then_serialize_ring_element_v_65( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -8475,7 +8475,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_0b( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_eb( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -8488,8 +8488,8 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_0b( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_1a(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_5c0(public_key), + H_f1_19(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3d0(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -8503,17 +8503,17 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_0b( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_5c0(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3d0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_5a(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_7b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_e90(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_330(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_d8_c5(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; @@ -8536,7 +8536,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_a8( +static KRML_MUSTINLINE void deserialize_secret_key_7b( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -8553,7 +8553,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a8( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_f5(secret_bytes); + deserialize_to_uncompressed_ring_element_27(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8583,7 +8583,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_0e( +static KRML_MUSTINLINE void deserialize_then_decompress_u_1a( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -8606,8 +8606,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_0e( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_3d(u_bytes); - ntt_vector_u_8a(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_c2(u_bytes); + ntt_vector_u_6f(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8627,17 +8627,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_95( +compute_message_c9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_2a(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_84(&result, &product);); - invert_ntt_montgomery_d1(&result); - result = subtract_reduce_89_6b(v, result); + ntt_multiply_89_3b(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_1e(&result, &product);); + invert_ntt_montgomery_c9(&result); + result = subtract_reduce_89_61(v, result); return result; } @@ -8675,18 +8675,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_69(IndCpaPrivateKeyUnpacked_f8 *secret_key, +static void decrypt_unpacked_6b(IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_0e(ciphertext, u_as_ntt); + deserialize_then_decompress_u_1a(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_2b( + deserialize_then_decompress_ring_element_v_93( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_95(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c9(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_22(message, ret0); + compress_then_serialize_message_d4(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8700,10 +8700,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_69(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_12(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_a8(secret_key, secret_as_ntt); + deserialize_secret_key_7b(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -8714,7 +8714,7 @@ static void decrypt_69(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_69(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_6b(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8754,7 +8754,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_d6( +void libcrux_ml_kem_ind_cca_decapsulate_1f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8772,7 +8772,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_d6( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_69(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_12(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -8794,7 +8794,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_d6( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_f10(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d80(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_2e(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -8804,7 +8804,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_d6( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_5a(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_7b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_c5(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), @@ -8813,7 +8813,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_d6( kdf_d8_c5(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f10(ciphertext), + libcrux_ml_kem_types_as_ref_00_d80(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 1bb290f74..b4c959005 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index a82d2fee4..4bcceb017 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index fd44b4ac6..cfd2105cc 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index d1fdebd50..c93360697 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 60a49b7c2..1ccedc9f5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 1eaf24d1a..131e8cf4a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 73390c848..8d2bd1f90 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb */ #ifndef __libcrux_sha3_neon_H From 6196b7a2e139f93bca14be3d960613ebd8a09a20 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 30 Aug 2024 16:41:37 +0000 Subject: [PATCH 116/172] update cg and docker --- .docker/c/install.sh | 12 +- libcrux-ml-kem/cg.yaml | 4 +- libcrux-ml-kem/cg/benches/sha3.cc | 8 +- libcrux-ml-kem/cg/code_gen.txt | 8 +- libcrux-ml-kem/cg/libcrux_core.h | 42 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 8 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 768 +++++++-------- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 770 +++++++-------- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 464 ++++----- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 920 +++++++++--------- 10 files changed, 1502 insertions(+), 1502 deletions(-) diff --git a/.docker/c/install.sh b/.docker/c/install.sh index 16026b797..5ca42d3bf 100644 --- a/.docker/c/install.sh +++ b/.docker/c/install.sh @@ -25,24 +25,24 @@ unzip hacl-star.zip rm -rf hacl-star.zip mv hacl-star-2a8b61343a1a7232611cb763b0dc3e4dff84d656/ hacl-star -curl -L https://github.com/AeneasVerif/charon/archive/6b5e110342a771a3e1c739b10294b1778e4be8b4.zip \ +curl -L https://github.com/AeneasVerif/charon/archive/b351338f6a84c7a1afc27433eb0ffdc668b3581d.zip \ --output charon.zip unzip charon.zip rm -rf charon.zip -mv charon-6b5e110342a771a3e1c739b10294b1778e4be8b4/ charon +mv charon-b351338f6a84c7a1afc27433eb0ffdc668b3581d/ charon -curl -L https://github.com/FStarLang/karamel/archive/3205d3365ea2790b02368f79fcee38e38d0b5908.zip \ +curl -L https://github.com/FStarLang/karamel/archive/c96fb69d15693284644d6aecaa90afa37e4de8f0.zip \ --output karamel.zip unzip karamel.zip rm -rf karamel.zip -mv karamel-3205d3365ea2790b02368f79fcee38e38d0b5908/ karamel +mv karamel-c96fb69d15693284644d6aecaa90afa37e4de8f0/ karamel -curl -L https://github.com/AeneasVerif/eurydice/archive/31be7d65ca5d6acdacfb33652e478d24dd85c1cb.zip \ +curl -L https://github.com/AeneasVerif/eurydice/archive/7efec1624422fd5e94388ef06b9c76dfe7a48d46.zip \ --output eurydice.zip unzip eurydice.zip rm -rf eurydice.zip -mv eurydice-31be7d65ca5d6acdacfb33652e478d24dd85c1cb/ eurydice +mv eurydice-7efec1624422fd5e94388ef06b9c76dfe7a48d46/ eurydice echo "export FSTAR_HOME=$HOME/fstar" >>$HOME/.profile echo "export HACL_HOME=$HOME/hacl-star" >>$HOME/.profile diff --git a/libcrux-ml-kem/cg.yaml b/libcrux-ml-kem/cg.yaml index 5d57f7855..58908b2b7 100644 --- a/libcrux-ml-kem/cg.yaml +++ b/libcrux-ml-kem/cg.yaml @@ -27,8 +27,8 @@ files: - [libcrux_sha3, simd, avx2, "*"] monomorphizations_exact: - [libcrux_sha3, generic_keccak, KeccakState_29] - - [libcrux_sha3, generic_keccak, absorb_final_d9 ] - - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_2a ] + - [libcrux_sha3, generic_keccak, absorb_final_7f ] + - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_ed ] monomorphizations_of: - [libcrux_sha3, avx2, "*"] - [libcrux_sha3, simd, avx2, "*"] diff --git a/libcrux-ml-kem/cg/benches/sha3.cc b/libcrux-ml-kem/cg/benches/sha3.cc index b9a8fc540..7212fc4ed 100644 --- a/libcrux-ml-kem/cg/benches/sha3.cc +++ b/libcrux-ml-kem/cg/benches/sha3.cc @@ -69,14 +69,14 @@ shake128_34_504(benchmark::State &state) Eurydice_slice last[4] = {EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34)}; Eurydice_slice out[4] = {EURYDICE_SLICE(digest0, 0, 504), EURYDICE_SLICE(digest1, 0, 504), EURYDICE_SLICE(digest2, 0, 504), EURYDICE_SLICE(digest3, 0, 504)}; libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_d9(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(&st, out); + libcrux_sha3_generic_keccak_absorb_final_7f(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(&st, out); for (auto _ : state) { libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_d9(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(&st, out); + libcrux_sha3_generic_keccak_absorb_final_7f(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(&st, out); } } diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 9272a8113..8d7869cc3 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 -Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb -Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 +Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d +Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 +Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee +Libcrux: 3676fd514a5df7dc5dd8382e2c18dfffa42488dd diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 9eb6c227c..358fd5d9e 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Libcrux: 3676fd514a5df7dc5dd8382e2c18dfffa42488dd */ #ifndef __libcrux_core_H @@ -104,7 +104,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_1c(Result_6f self, uint8_t ret[24U]) { +static inline void unwrap_41_76(Result_6f self, uint8_t ret[24U]) { if (self.tag == Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -137,7 +137,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_34(Result_7a self, uint8_t ret[20U]) { +static inline void unwrap_41_ea(Result_7a self, uint8_t ret[20U]) { if (self.tag == Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -170,7 +170,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_e8(Result_cd self, uint8_t ret[10U]) { +static inline void unwrap_41_07(Result_cd self, uint8_t ret[10U]) { if (self.tag == Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -202,7 +202,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_1d( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_b2( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -226,7 +226,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_b6_da(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_b6_96(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -263,7 +263,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_35(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_17_82(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -279,7 +279,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_05_f2(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_05_89(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -309,7 +309,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_83(Result_00 self, uint8_t ret[32U]) { +static inline void unwrap_41_33(Result_00 self, uint8_t ret[32U]) { if (self.tag == Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -342,7 +342,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_9f(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_e9(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -362,7 +362,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_50( +static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_07( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -375,7 +375,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea2( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_6d2( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -394,7 +394,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea1( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_6d1( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -414,7 +414,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_24( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_d6( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -427,7 +427,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea0( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_6d0( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -446,7 +446,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -478,7 +478,7 @@ A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_f9(Result_c0 self, int16_t ret[16U]) { +static inline void unwrap_41_30(Result_c0 self, int16_t ret[16U]) { if (self.tag == Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -511,7 +511,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_ac(Result_56 self, uint8_t ret[8U]) { +static inline void unwrap_41_0e(Result_56 self, uint8_t ret[8U]) { if (self.tag == Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index f6045ffc4..689fdc58c 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Libcrux: 3676fd514a5df7dc5dd8382e2c18dfffa42488dd */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index d0e4d0d19..d85b1d40c 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Libcrux: 3676fd514a5df7dc5dd8382e2c18dfffa42488dd */ #ifndef __libcrux_mlkem768_avx2_H @@ -719,7 +719,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, ret0); + unwrap_41_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -819,7 +819,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - unwrap_41_e8(dst, ret0); + unwrap_41_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -932,7 +932,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - unwrap_41_34(dst, ret0); + unwrap_41_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1077,7 +1077,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - unwrap_41_1c(dst, ret0); + unwrap_41_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1211,7 +1211,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_89_e4(void) { +libcrux_ml_kem_polynomial_ZERO_89_9f(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); @@ -1240,8 +1240,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_2a(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_e4(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_24(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_9f(); } /** @@ -1252,10 +1252,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2f( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a9( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_e4(); + libcrux_ml_kem_polynomial_ZERO_89_9f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1276,12 +1276,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_40( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_e4(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_9f(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1294,7 +1294,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2f( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a9( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1323,8 +1323,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_1a(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_e4(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_4f(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_9f(); } /** @@ -1335,7 +1335,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f2( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2b( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1387,9 +1387,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e3( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4c( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f2( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2b( vector); } @@ -1401,10 +1401,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_73( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_26( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_e4(); + libcrux_ml_kem_polynomial_ZERO_89_9f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -1412,7 +1412,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_73( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e3( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4c( coefficient); } return re; @@ -1426,7 +1426,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f20( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2b0( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1478,9 +1478,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e30( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4c0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f20( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2b0( vector); } @@ -1492,10 +1492,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_db( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_e6( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_e4(); + libcrux_ml_kem_polynomial_ZERO_89_9f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -1503,7 +1503,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_db( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e30( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4c0( coefficient); } return re; @@ -1517,9 +1517,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_41( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_68( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_73(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_26(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1534,7 +1534,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_60( +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_e8( __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -1547,9 +1547,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_2b(__m256i a, __m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_6c(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_60(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_e8(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1563,7 +1563,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_27( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_46( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1576,7 +1576,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_27( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_2b( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_6c( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -1594,7 +1594,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_9e( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_3d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1613,7 +1613,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_41( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_16( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1635,7 +1635,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_8f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1665,7 +1665,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_25( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1682,21 +1682,21 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_0f( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_9e(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_41(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_25(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_3d(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_16(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_8f(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_ef(re); } /** @@ -1713,12 +1713,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_c4( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_e2( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_e4(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_9f(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1738,9 +1738,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_c4( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_41( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_68( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_0f(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_b8(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1755,7 +1755,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f21( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2b1( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1807,9 +1807,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e31( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4c1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f21( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2b1( vector); } @@ -1821,10 +1821,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_52( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_61( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_e4(); + libcrux_ml_kem_polynomial_ZERO_89_9f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -1832,7 +1832,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_52( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e31( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4c1( coefficient); } return re; @@ -1846,7 +1846,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f22( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2b2( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1898,9 +1898,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e32( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4c2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f22( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2b2( vector); } @@ -1912,10 +1912,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_b5( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_d4( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_e4(); + libcrux_ml_kem_polynomial_ZERO_89_9f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -1923,7 +1923,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_b5( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e32( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4c2( re.coefficients[i0]); } return re; @@ -1937,9 +1937,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c0( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f2( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_52(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_61(serialized); } /** @@ -1981,11 +1981,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_89_91( +libcrux_ml_kem_polynomial_ntt_multiply_89_ce( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_89_e4(); + libcrux_ml_kem_polynomial_ZERO_89_9f(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2021,7 +2021,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_1c( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2042,7 +2042,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_56( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2069,7 +2069,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a5( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_db( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2092,7 +2092,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_d3( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_db( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2113,13 +2113,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_7e(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_d9(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_60(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_e8(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2132,7 +2132,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_32( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2147,7 +2147,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_7e( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_d9( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2165,22 +2165,22 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cd( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_3a(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a5(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_d3(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_56(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_db(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_db(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_32(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_32(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_32(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_32(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_25(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_ef(re); } /** @@ -2195,7 +2195,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_89_76( +libcrux_ml_kem_polynomial_subtract_reduce_89_22( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2225,21 +2225,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_2f( +libcrux_ml_kem_matrix_compute_message_fd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_e4(); + libcrux_ml_kem_polynomial_ZERO_89_9f(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_91(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_ce(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_1c(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_7e(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cd(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_76(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d2(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_22(v, result); return result; } @@ -2250,7 +2250,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_86(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_b1(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2264,9 +2264,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_8e( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_47( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_86(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_b1(vector); } /** @@ -2277,8 +2277,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_10(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_8e(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_9b(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_47(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2292,13 +2292,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_99( +libcrux_ml_kem_serialize_compress_then_serialize_message_77( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_10( + libcrux_ml_kem_vector_traits_to_unsigned_representative_9b( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); @@ -2347,20 +2347,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_65( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_70( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_c4(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_e2(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c0( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f2( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_2f(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_fd(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_99(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_77(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2375,11 +2375,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_51(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_df(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_29(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_40(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2391,7 +2391,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_51(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_65(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_70(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2406,7 +2406,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_e1( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_5a( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -2417,7 +2417,7 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_45( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_ba( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -2436,9 +2436,9 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_b0( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_45(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_ba(input, ret); } /** @@ -2450,9 +2450,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_46( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_1c( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_e4(); + return libcrux_ml_kem_polynomial_ZERO_89_9f(); } /** @@ -2469,10 +2469,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d4( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_e4(); + libcrux_ml_kem_polynomial_ZERO_89_9f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2500,12 +2500,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f4( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ef( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_e4(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_9f(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -2518,7 +2518,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f4( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d4( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8e( ring_element); deserialized_pk[i0] = uu____0; } @@ -2535,8 +2535,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_05(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_e4(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_65(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_9f(); } /** @@ -2546,10 +2546,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_34( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_d0( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_e4(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_9f(); } } @@ -2563,7 +2563,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_b4( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_e5( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); @@ -2586,12 +2586,12 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_cf( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_30( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_b4( + return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_e5( copy_of_input); } @@ -2603,7 +2603,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_98( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_62( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -2639,9 +2639,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_c0( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_a1( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_98(self, + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_62(self, ret); } @@ -2695,7 +2695,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_01( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9a( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2737,7 +2737,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_aa( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_58( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -2772,9 +2772,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_a3( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_93( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_aa(self, ret); + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_58(self, ret); } /** @@ -2827,7 +2827,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_010( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9a0( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2874,9 +2874,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_89_b6(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_89_94(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_e4(); + libcrux_ml_kem_polynomial_ZERO_89_9f(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2895,8 +2895,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_fb(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_b6( +libcrux_ml_kem_sampling_sample_from_xof_closure_a5(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_94( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2907,7 +2907,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_5b( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_16( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -2916,28 +2916,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_5b( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_cf( + libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_30( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_c0( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_a1( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_01( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9a( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_a3( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_93( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_010( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9a0( copy_of_randomness, sampled_coefficients, out); } } @@ -2947,7 +2947,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_5b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_fb(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_a5(copy_of_out[i]); } memcpy( ret, ret0, @@ -2961,12 +2961,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_04( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_b8( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_34(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_d0(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -2986,7 +2986,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_04( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_5b(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_16(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3030,8 +3030,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_69(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_e4(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_68(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_9f(); } /** @@ -3041,7 +3041,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_66( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_e1( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -3080,9 +3080,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_a1( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_9b( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_avx2_PRFxN_66(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRFxN_e1(input, ret); } /** @@ -3142,7 +3142,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_bd( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_13( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3177,7 +3177,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_bd( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_b6( + return libcrux_ml_kem_polynomial_from_i16_array_89_94( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3189,7 +3189,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_6f( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_12( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3223,7 +3223,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_6f( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_b6( + return libcrux_ml_kem_polynomial_from_i16_array_89_94( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3235,9 +3235,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_5d( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_5f( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_bd( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_13( randomness); } @@ -3248,7 +3248,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_b2( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_34( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3270,20 +3270,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_7c( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_58( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_b2(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_34(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_9e(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_41(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_25(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_3d(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_16(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_8f(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_ef(re); } /** @@ -3304,7 +3304,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_88(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_e4(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_9f(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3319,13 +3319,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_88(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_a1(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_9b(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_5d( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_5f( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_7c(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_58(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; @@ -3350,8 +3350,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_1a(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_e4(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_9c(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_9f(); } /** @@ -3367,11 +3367,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_24(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e4(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_e4(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_9f(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3386,11 +3386,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_24(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_a1(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_9b(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_5d( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_5f( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -3413,7 +3413,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_450( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_ba0( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -3432,9 +3432,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_b00( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_450(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_ba0(input, ret); } /** @@ -3445,8 +3445,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_f2(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_e4(); +libcrux_ml_kem_matrix_compute_vector_u_closure_5d(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_9f(); } /** @@ -3460,7 +3460,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_07( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_8f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3485,14 +3485,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_cd( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_12( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_e4(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_9f(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3513,12 +3513,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_cd( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_91(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_1c(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_89_ce(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_7e(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cd(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_07(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d2(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_8f(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3532,7 +3532,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_f9(__m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_56(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3547,10 +3547,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_57( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_ef( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_e4(); + libcrux_ml_kem_polynomial_ZERO_89_9f(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = @@ -3558,7 +3558,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_57( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_f9(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_56(coefficient_compressed); } return re; } @@ -3575,7 +3575,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_f9( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_d9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3606,22 +3606,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_bb( +libcrux_ml_kem_matrix_compute_ring_element_v_fb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_e4(); + libcrux_ml_kem_polynomial_ZERO_89_9f(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_91(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_ce(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_1c(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_7e(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cd(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_f9( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d2(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_d9( error_2, message, result); return result; } @@ -3634,7 +3634,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_08( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3689,9 +3689,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_63( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_97( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_08( vector); } @@ -3703,14 +3703,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_69( +libcrux_ml_kem_serialize_compress_then_serialize_10_9c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_63( - libcrux_ml_kem_vector_traits_to_unsigned_representative_10( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_97( + libcrux_ml_kem_vector_traits_to_unsigned_representative_9b( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); @@ -3730,7 +3730,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e0( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_080( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3785,9 +3785,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_630( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_970( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e0( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_080( vector); } @@ -3799,14 +3799,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_39( +libcrux_ml_kem_serialize_compress_then_serialize_11_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_630( - libcrux_ml_kem_vector_traits_to_unsigned_representative_10( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_970( + libcrux_ml_kem_vector_traits_to_unsigned_representative_9b( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); @@ -3827,10 +3827,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2e( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_36( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_69(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_9c(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3847,7 +3847,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_33( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_ff( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3863,7 +3863,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_33( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2e(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_36(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3878,7 +3878,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e1( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_081( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3933,9 +3933,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_631( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_971( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e1( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_081( vector); } @@ -3947,14 +3947,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_e8( +libcrux_ml_kem_serialize_compress_then_serialize_4_dd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_631( - libcrux_ml_kem_vector_traits_to_unsigned_representative_10( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_971( + libcrux_ml_kem_vector_traits_to_unsigned_representative_9b( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); @@ -3973,7 +3973,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e2( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_082( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4028,9 +4028,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_632( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_972( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e2( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_082( vector); } @@ -4042,14 +4042,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_32( +libcrux_ml_kem_serialize_compress_then_serialize_5_22( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_632( - libcrux_ml_kem_vector_traits_to_unsigned_representative_10( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_972( + libcrux_ml_kem_vector_traits_to_unsigned_representative_9b( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); @@ -4069,9 +4069,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_de( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_76( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_e8(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_dd(re, out); } /** @@ -4092,22 +4092,22 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_9b(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_a4(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f4( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ef( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_04(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_6d1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_b8(ret0, false, A); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_6d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4121,7 +4121,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_9b(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_24( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e4( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4130,32 +4130,32 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_9b(Eurydice_slice public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd0( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_b00( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_5d( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_5f( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_cd(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_12(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_57( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_ef( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_bb( + libcrux_ml_kem_matrix_compute_ring_element_v_fb( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_33( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_ff( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_de( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_76( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4173,7 +4173,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_80( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_42( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -4205,7 +4205,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_701( +static inline void libcrux_ml_kem_ind_cca_decapsulate_98( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4223,10 +4223,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_701( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_51(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_df(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -4234,7 +4234,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_701( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_e1( + libcrux_ml_kem_hash_functions_avx2_G_a9_5a( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4243,14 +4243,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_701( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_6d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_24(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d6(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_b0( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -4258,18 +4258,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_701( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_9b(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_a4(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_80( + libcrux_ml_kem_variant_kdf_d8_42( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_80(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_d8_42(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_24(ciphertext), + libcrux_ml_kem_types_as_ref_00_d6(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4302,10 +4302,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_32( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_7e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_701(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_98(private_key, ciphertext, ret); } /** @@ -4319,7 +4319,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_32(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_7e(private_key, ciphertext, ret); } @@ -4334,7 +4334,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_6d( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_c6( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4352,7 +4352,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_a1( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_38( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -4377,28 +4377,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8b( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_54( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_6d( + libcrux_ml_kem_variant_entropy_preprocess_d8_c6( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_a1( + libcrux_ml_kem_hash_functions_avx2_H_a9_38( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_50(public_key), + libcrux_ml_kem_types_as_slice_cb_07(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_e1( + libcrux_ml_kem_hash_functions_avx2_G_a9_5a( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4407,20 +4407,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8b( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_07(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_9b(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_a4(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9f(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_80(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_42(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4452,14 +4452,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_61( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_f0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_8b(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_54(uu____0, copy_of_randomness); } /** @@ -4477,7 +4477,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_61( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_f0( uu____0, copy_of_randomness); } @@ -4492,7 +4492,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_1c( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_7c( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4503,7 +4503,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_1c( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)3U; uint8_t ret0[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_e1( + libcrux_ml_kem_hash_functions_avx2_G_a9_5a( Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -4516,8 +4516,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_e0(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_e4(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_c4(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_9f(); } /** @@ -4527,7 +4527,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_b0( +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_bf( __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -4545,14 +4545,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_5b( +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_b0( + libcrux_ml_kem_vector_traits_to_standard_domain_bf( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, @@ -4570,14 +4570,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_40( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_e4(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_9f(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4599,12 +4599,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_91(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_89_ce(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_1c(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_89_7e(&result[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_5b( + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_67( &result[i1], &error_as_ntt[i1]); } memcpy( @@ -4620,14 +4620,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_30( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_b6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_10( + libcrux_ml_kem_vector_traits_to_unsigned_representative_9b( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); @@ -4650,7 +4650,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_91( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_6d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -4668,7 +4668,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_91( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_30(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_b6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4687,14 +4687,14 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_59( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_91(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_6d(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4718,9 +4718,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_fd(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_9d(Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_1c(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_7c(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4728,10 +4728,10 @@ libcrux_ml_kem_ind_cpa_generate_keypair_fd(Eurydice_slice key_generation_seed) { Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_04(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_b8(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; @@ -4754,18 +4754,18 @@ libcrux_ml_kem_ind_cpa_generate_keypair_fd(Eurydice_slice key_generation_seed) { .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_40(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_2d(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); + unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_59( + libcrux_ml_kem_ind_cpa_serialize_public_key_d0( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_91(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_6d(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -4794,7 +4794,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_9c( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d4( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -4820,7 +4820,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_9c( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_a1(public_key, ret0); + libcrux_ml_kem_hash_functions_avx2_H_a9_38(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -4859,7 +4859,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_19(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_5d(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -4868,13 +4868,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_19(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_fd(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_9d(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_9c( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d4( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -4883,13 +4883,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_19(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_f2(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_89(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_35( - uu____2, libcrux_ml_kem_types_from_b6_da(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_82( + uu____2, libcrux_ml_kem_types_from_b6_96(copy_of_public_key)); } /** @@ -4908,12 +4908,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_ff( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_2a( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_19(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_5d(copy_of_randomness); } /** @@ -4925,7 +4925,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_ff( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_2a( copy_of_randomness); } @@ -4941,24 +4941,24 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_62( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_fb( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_ea(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_6d(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_a1( + libcrux_ml_kem_hash_functions_avx2_H_a9_38( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_1d(ciphertext), + libcrux_ml_kem_types_as_slice_d4_b2(ciphertext), uint8_t), ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_b0( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -4986,7 +4986,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_702( +static inline void libcrux_ml_kem_ind_cca_decapsulate_980( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5004,10 +5004,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_702( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_51(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_df(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5015,7 +5015,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_702( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_e1( + libcrux_ml_kem_hash_functions_avx2_G_a9_5a( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5024,14 +5024,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_702( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_6d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_24(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d6(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_b0( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5039,18 +5039,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_702( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_9b(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_a4(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_62( + libcrux_ml_kem_variant_kdf_33_fb( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_62(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_33_fb(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_24(ciphertext), + libcrux_ml_kem_types_as_ref_00_d6(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5084,10 +5084,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_84( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_33( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_702(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_980(private_key, ciphertext, ret); } /** @@ -5101,7 +5101,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_84( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_33( private_key, ciphertext, ret); } @@ -5116,9 +5116,9 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_91( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_89( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H_a9_a1(randomness, ret); + libcrux_ml_kem_hash_functions_avx2_H_a9_38(randomness, ret); } /** @@ -5141,28 +5141,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8b0( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_540( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_91( + libcrux_ml_kem_variant_entropy_preprocess_33_89( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_a1( + libcrux_ml_kem_hash_functions_avx2_H_a9_38( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_50(public_key), + libcrux_ml_kem_types_as_slice_cb_07(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_e1( + libcrux_ml_kem_hash_functions_avx2_G_a9_5a( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5171,20 +5171,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8b0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_07(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_9b(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_a4(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9f(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_62(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_fb(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5219,14 +5219,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_7b( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_2c( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_8b0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_540(uu____0, copy_of_randomness); } /** @@ -5244,7 +5244,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_7b( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_2c( uu____0, copy_of_randomness); } @@ -5259,9 +5259,9 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_30( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_70( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G_a9_e1(key_generation_seed, ret); + libcrux_ml_kem_hash_functions_avx2_G_a9_5a(key_generation_seed, ret); } /** @@ -5278,10 +5278,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_fd0( +libcrux_ml_kem_ind_cpa_generate_keypair_9d0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_30(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_70(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5289,10 +5289,10 @@ libcrux_ml_kem_ind_cpa_generate_keypair_fd0( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_04(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_b8(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; @@ -5315,18 +5315,18 @@ libcrux_ml_kem_ind_cpa_generate_keypair_fd0( .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_40(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_2d(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); + unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_59( + libcrux_ml_kem_ind_cpa_serialize_public_key_d0( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_91(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_6d(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5367,7 +5367,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_190(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_5d0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5376,13 +5376,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_190(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_fd0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_9d0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_9c( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d4( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5391,13 +5391,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_190(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_f2(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_89(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_35( - uu____2, libcrux_ml_kem_types_from_b6_da(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_82( + uu____2, libcrux_ml_kem_types_from_b6_96(copy_of_public_key)); } /** @@ -5414,12 +5414,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_d1( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_7e( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_190(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_5d0(copy_of_randomness); } /** @@ -5431,7 +5431,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_d1( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_7e( copy_of_randomness); } @@ -5451,11 +5451,11 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_46( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_58( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_a1( + libcrux_ml_kem_hash_functions_avx2_H_a9_38( Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U, (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), @@ -5480,10 +5480,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_2c( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_f4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_46(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_58(private_key, ciphertext); } @@ -5496,7 +5496,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_2c( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_f4( private_key, ciphertext); } @@ -5509,9 +5509,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_460( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_1c0( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_e4(); + return libcrux_ml_kem_polynomial_ZERO_89_9f(); } /** @@ -5529,12 +5529,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f40( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ef0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_e4(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_9f(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -5547,7 +5547,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f40( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d4( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8e( ring_element); deserialized_pk[i0] = uu____0; } @@ -5572,16 +5572,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_52( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_32( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f40( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ef0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_59( + libcrux_ml_kem_ind_cpa_serialize_public_key_d0( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -5603,9 +5603,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_96( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_c2( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_52(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_32(public_key); } /** @@ -5616,7 +5616,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_96( KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_96( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_c2( public_key->value); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 057714d5a..180d9ae3f 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Libcrux: 3676fd514a5df7dc5dd8382e2c18dfffa42488dd */ #ifndef __libcrux_mlkem768_portable_H @@ -114,7 +114,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - unwrap_41_f9(dst, ret); + unwrap_41_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -2426,7 +2426,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_89_ea(void) { +libcrux_ml_kem_polynomial_ZERO_89_c3(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2454,8 +2454,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_6b(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_ea(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_cd(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_c3(); } /** @@ -2465,10 +2465,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_af( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_85( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_ea(); + libcrux_ml_kem_polynomial_ZERO_89_c3(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2490,12 +2490,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_24( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_d7( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_c3(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2508,7 +2508,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_24( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_af( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_85( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2536,8 +2536,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_7c(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_ea(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_6e(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_c3(); } /** @@ -2547,7 +2547,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_84( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2572,9 +2572,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_b3( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_84( v); } @@ -2585,10 +2585,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_2c( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_7d( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_ea(); + libcrux_ml_kem_polynomial_ZERO_89_c3(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -2597,7 +2597,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_2c( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_b3( coefficient); re.coefficients[i0] = uu____0; } @@ -2611,7 +2611,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b0( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_840( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2636,9 +2636,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a0( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_b30( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b0( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_840( v); } @@ -2649,10 +2649,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_8d( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_0d( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_ea(); + libcrux_ml_kem_polynomial_ZERO_89_c3(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2661,7 +2661,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_8d( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a0( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_b30( coefficient); re.coefficients[i0] = uu____0; } @@ -2675,9 +2675,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_34( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_45( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_2c(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_7d(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2692,7 +2692,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_67( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_05( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2706,12 +2706,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0c( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_88( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_67(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_05(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2725,7 +2725,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2738,7 +2738,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0c( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_88( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2755,7 +2755,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_fd( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2775,7 +2775,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_ad( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_26( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2797,7 +2797,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_a2( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_3c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2827,7 +2827,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2845,21 +2845,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_9f( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_fd(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_ad(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_a2(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_26(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_3c(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_d8(re); } /** @@ -2875,12 +2875,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f4( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_dc( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_c3(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2900,9 +2900,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f4( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_34( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_45( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_9f(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_1c(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2916,7 +2916,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b1( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_841( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2941,9 +2941,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a1( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_b31( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b1( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_841( v); } @@ -2954,10 +2954,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_41( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_9c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_ea(); + libcrux_ml_kem_polynomial_ZERO_89_c3(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -2966,7 +2966,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_41( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a1( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_b31( coefficient); re.coefficients[i0] = uu____0; } @@ -2980,7 +2980,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b2( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_842( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3005,9 +3005,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a2( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_b32( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b2( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_842( v); } @@ -3018,10 +3018,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_4e( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_62( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_ea(); + libcrux_ml_kem_polynomial_ZERO_89_c3(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3030,7 +3030,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_4e( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a2( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_b32( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3044,9 +3044,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_56( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_91( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_41(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_9c(serialized); } /** @@ -3087,11 +3087,11 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_89_2a( +libcrux_ml_kem_polynomial_ntt_multiply_89_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_89_ea(); + libcrux_ml_kem_polynomial_ZERO_89_c3(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3128,7 +3128,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_84( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_1e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3152,7 +3152,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_83( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_38( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3178,7 +3178,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c3( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c4( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3200,7 +3200,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_68( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_69( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3222,7 +3222,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_65( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ea( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3230,7 +3230,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_67(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_05(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3243,7 +3243,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3258,7 +3258,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_65( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ea( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3275,22 +3275,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ca( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_83(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c3(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_68(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_38(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c4(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_69(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7b(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7b(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7b(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7b(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_d8(re); } /** @@ -3304,7 +3304,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_d4( +libcrux_ml_kem_polynomial_subtract_reduce_89_ac( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3336,21 +3336,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_b3( +libcrux_ml_kem_matrix_compute_message_83( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_ea(); + libcrux_ml_kem_polynomial_ZERO_89_c3(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_2a(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_3b(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_1e(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_d4(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ca(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_ac(v, result); return result; } @@ -3360,7 +3360,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_94( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_b0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3380,9 +3380,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_19( +libcrux_ml_kem_vector_portable_shift_right_0d_01( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_94(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_b0(v); } /** @@ -3392,10 +3392,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_db( +libcrux_ml_kem_vector_traits_to_unsigned_representative_84( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_19(a); + libcrux_ml_kem_vector_portable_shift_right_0d_01(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3409,13 +3409,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_aa( +libcrux_ml_kem_serialize_compress_then_serialize_message_53( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_db( + libcrux_ml_kem_vector_traits_to_unsigned_representative_84( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3465,20 +3465,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_68( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f4(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_dc(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_56( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_91( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_b3(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_83(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_aa(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_53(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3492,11 +3492,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_43(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_0e(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_24(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_d7(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3508,7 +3508,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_43(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_68(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3522,7 +3522,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_e4( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_38( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -3532,7 +3532,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_2b( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_7c( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -3550,9 +3550,9 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_2e( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_2b(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_7c(input, ret); } /** @@ -3563,9 +3563,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cd( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_05( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_ea(); + return libcrux_ml_kem_polynomial_ZERO_89_c3(); } /** @@ -3581,10 +3581,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_4c( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_47( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_ea(); + libcrux_ml_kem_polynomial_ZERO_89_c3(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3613,12 +3613,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_33( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_20( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_c3(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -3631,7 +3631,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_33( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_4c( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_47( ring_element); deserialized_pk[i0] = uu____0; } @@ -3648,8 +3648,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_78(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_ea(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_81(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_c3(); } /** @@ -3659,10 +3659,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_4b( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_fc( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_c3(); } } @@ -3681,7 +3681,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_b7( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_79( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3714,12 +3714,12 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_8c( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_77( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_b7( + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_79( copy_of_input); } @@ -3730,7 +3730,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_ca( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_eb( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; @@ -3754,10 +3754,10 @@ const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_69( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_84( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_ca(self, + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_eb(self, ret); } @@ -3810,7 +3810,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_17( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3852,7 +3852,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_dd( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_3b( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; @@ -3876,10 +3876,10 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_60( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_8e( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_dd(self, ret); + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_3b(self, ret); } /** @@ -3931,7 +3931,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db0( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_170( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3977,9 +3977,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_89_c1(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_89_33(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_ea(); + libcrux_ml_kem_polynomial_ZERO_89_c3(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -4000,8 +4000,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_04(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_c1( +libcrux_ml_kem_sampling_sample_from_xof_closure_e4(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_33( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4012,7 +4012,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_3f( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_46( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -4021,28 +4021,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_3f( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_8c( + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_77( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_69( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_84( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_17( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_60( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_8e( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db0( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_170( copy_of_randomness, sampled_coefficients, out); } } @@ -4052,7 +4052,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_3f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_04(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_e4(copy_of_out[i]); } memcpy( ret, ret0, @@ -4066,12 +4066,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_38( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_e7( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_4b(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_fc(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -4091,7 +4091,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_38( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_3f(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_46(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4135,8 +4135,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_f7(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_ea(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_99(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_c3(); } /** @@ -4145,7 +4145,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_c5( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_1c( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4167,9 +4167,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_d5( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_c5(input, ret); + libcrux_ml_kem_hash_functions_portable_PRFxN_1c(input, ret); } /** @@ -4228,7 +4228,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_85( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_7b( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4263,7 +4263,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_85( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_c1( + return libcrux_ml_kem_polynomial_from_i16_array_89_33( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4274,7 +4274,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_eb( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_14( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4308,7 +4308,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_eb( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_c1( + return libcrux_ml_kem_polynomial_from_i16_array_89_33( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4319,9 +4319,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_ca( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_85( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_7b( randomness); } @@ -4331,7 +4331,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_f4( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4354,20 +4354,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0f( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_63( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_f4(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_60(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_fd(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_ad(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_a2(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_26(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_3c(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_d8(re); } /** @@ -4384,11 +4384,11 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_78(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_c3(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4403,13 +4403,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_d5(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_ca( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0f(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_63(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; @@ -4434,8 +4434,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_77(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_ea(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_f5(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_c3(); } /** @@ -4451,11 +4451,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_ac(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_6d(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_c3(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4470,11 +4470,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_ac(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_d5(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_ca( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -4496,7 +4496,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_2b0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_7c0( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -4514,9 +4514,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_2e0( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_2b0(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_7c0(input, ret); } /** @@ -4526,8 +4526,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_d6(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_ea(); +libcrux_ml_kem_matrix_compute_vector_u_closure_57(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_c3(); } /** @@ -4540,7 +4540,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_38( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_27( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4574,7 +4574,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_59( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_c3(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4595,12 +4595,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_59( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_2a(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_89_3b(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_1e(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_38(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ca(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_27(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4614,7 +4614,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_63( +libcrux_ml_kem_vector_traits_decompress_1_0c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4629,10 +4629,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_0d( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_c4( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_ea(); + libcrux_ml_kem_polynomial_ZERO_89_c3(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4642,7 +4642,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_0d( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_63(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_0c(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4659,7 +4659,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_ea( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_d3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4692,22 +4692,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_54( +libcrux_ml_kem_matrix_compute_ring_element_v_db( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_ea(); + libcrux_ml_kem_polynomial_ZERO_89_c3(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_2a(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_3b(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_1e(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_ea( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ca(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_d3( error_2, message, result); return result; } @@ -4718,7 +4718,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_02( +libcrux_ml_kem_vector_portable_compress_compress_dc( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4741,9 +4741,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_28( +libcrux_ml_kem_vector_portable_compress_0d_96( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_02(v); + return libcrux_ml_kem_vector_portable_compress_compress_dc(v); } /** @@ -4753,15 +4753,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_fc( +libcrux_ml_kem_serialize_compress_then_serialize_10_18( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_28( - libcrux_ml_kem_vector_traits_to_unsigned_representative_db( + libcrux_ml_kem_vector_portable_compress_0d_96( + libcrux_ml_kem_vector_traits_to_unsigned_representative_84( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4779,7 +4779,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_020( +libcrux_ml_kem_vector_portable_compress_compress_dc0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4802,9 +4802,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_280( +libcrux_ml_kem_vector_portable_compress_0d_960( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_020(v); + return libcrux_ml_kem_vector_portable_compress_compress_dc0(v); } /** @@ -4814,15 +4814,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_e1( +libcrux_ml_kem_serialize_compress_then_serialize_11_82( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_280( - libcrux_ml_kem_vector_traits_to_unsigned_representative_db( + libcrux_ml_kem_vector_portable_compress_0d_960( + libcrux_ml_kem_vector_traits_to_unsigned_representative_84( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4842,10 +4842,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_5f( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_24( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_fc(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_18(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4861,7 +4861,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a7( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4877,7 +4877,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a7( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_5f(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_24(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4890,7 +4890,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_021( +libcrux_ml_kem_vector_portable_compress_compress_dc1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4913,9 +4913,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_281( +libcrux_ml_kem_vector_portable_compress_0d_961( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_021(v); + return libcrux_ml_kem_vector_portable_compress_compress_dc1(v); } /** @@ -4925,15 +4925,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_9a( +libcrux_ml_kem_serialize_compress_then_serialize_4_19( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_281( - libcrux_ml_kem_vector_traits_to_unsigned_representative_db( + libcrux_ml_kem_vector_portable_compress_0d_961( + libcrux_ml_kem_vector_traits_to_unsigned_representative_84( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4950,7 +4950,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_022( +libcrux_ml_kem_vector_portable_compress_compress_dc2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4973,9 +4973,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_282( +libcrux_ml_kem_vector_portable_compress_0d_962( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_022(v); + return libcrux_ml_kem_vector_portable_compress_compress_dc2(v); } /** @@ -4985,15 +4985,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_1f( +libcrux_ml_kem_serialize_compress_then_serialize_5_02( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_282( - libcrux_ml_kem_vector_traits_to_unsigned_representative_db( + libcrux_ml_kem_vector_portable_compress_0d_962( + libcrux_ml_kem_vector_traits_to_unsigned_representative_84( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -5012,9 +5012,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4e( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_47( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_9a(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_19(re, out); } /** @@ -5035,26 +5035,26 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_60(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_b4(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_33( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_20( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_38(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_6d1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_e7(ret0, false, A); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_6d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_78( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -5064,7 +5064,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_60(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_ac( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_6d( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5073,10 +5073,10 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_60(Eurydice_slice public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0( + libcrux_ml_kem_hash_functions_portable_PRF_f1_2e0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_ca( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; libcrux_ml_kem_matrix_compute_vector_u_59(A, r_as_ntt, error_1, u); @@ -5084,21 +5084,21 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_60(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_0d( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_c4( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_54( + libcrux_ml_kem_matrix_compute_ring_element_v_db( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a7( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e6( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4e( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_47( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5115,7 +5115,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_41( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_c5( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -5146,7 +5146,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_70( +static inline void libcrux_ml_kem_ind_cca_decapsulate_d3( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5164,10 +5164,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_70( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_43(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_0e(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5175,7 +5175,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_70( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_e4( + libcrux_ml_kem_hash_functions_portable_G_f1_38( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5184,14 +5184,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_70( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_6d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_24(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d6(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( + libcrux_ml_kem_hash_functions_portable_PRF_f1_2e( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5199,18 +5199,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_70( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_60(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_b4(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_41( + libcrux_ml_kem_variant_kdf_d8_c5( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_41(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_d8_c5(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_24(ciphertext), + libcrux_ml_kem_types_as_ref_00_d6(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5243,10 +5243,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_2e( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_c7( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_70(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_d3(private_key, ciphertext, ret); } /** @@ -5259,7 +5259,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_2e( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_2e( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_c7( private_key, ciphertext, ret); } @@ -5273,7 +5273,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_63( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_9f( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5290,7 +5290,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_1a( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_19( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5314,28 +5314,28 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cd( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c4( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_63( + libcrux_ml_kem_variant_entropy_preprocess_d8_9f( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_1a( + libcrux_ml_kem_hash_functions_portable_H_f1_19( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_50(public_key), + libcrux_ml_kem_types_as_slice_cb_07(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_e4( + libcrux_ml_kem_hash_functions_portable_G_f1_38( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5344,20 +5344,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cd( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_07(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_60(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_b4(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9f(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_41(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_c5(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5388,14 +5388,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_c6( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_66( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_cd(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_c4(uu____0, copy_of_randomness); } /** @@ -5412,7 +5412,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_c6( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_66( uu____0, copy_of_randomness); } @@ -5426,7 +5426,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_0e( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_b0( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -5437,7 +5437,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_0e( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)3U; uint8_t ret0[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_e4( + libcrux_ml_kem_hash_functions_portable_G_f1_38( Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -5449,8 +5449,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_87(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_ea(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_06(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_c3(); } /** @@ -5460,7 +5460,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_59( +libcrux_ml_kem_vector_traits_to_standard_domain_21( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5477,7 +5477,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_03( +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_64( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5485,7 +5485,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_03( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_59( + libcrux_ml_kem_vector_traits_to_standard_domain_21( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5504,14 +5504,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_60( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_c3(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5533,12 +5533,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_2a(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_89_3b(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_89_1e(&result[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_03( + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_64( &result[i1], &error_as_ntt[i1]); } memcpy( @@ -5553,14 +5553,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5b( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_db( + libcrux_ml_kem_vector_traits_to_unsigned_representative_84( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5582,7 +5582,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_b5( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5600,7 +5600,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_b5( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5b(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_3c(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5618,14 +5618,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_79( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_67( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_b5(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_a3(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5648,9 +5648,9 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_fc(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_a2(Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_0e(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_b0(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5658,15 +5658,15 @@ libcrux_ml_kem_ind_cpa_generate_keypair_fc(Eurydice_slice key_generation_seed) { Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_38(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_e7(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc( + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_78( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( @@ -5679,23 +5679,23 @@ libcrux_ml_kem_ind_cpa_generate_keypair_fc(Eurydice_slice key_generation_seed) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_78(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_60(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_c7(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); + unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_79( + libcrux_ml_kem_ind_cpa_serialize_public_key_67( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_b5(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_a3(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5723,7 +5723,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_48( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5d( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5749,7 +5749,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_48( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_1a(public_key, ret0); + libcrux_ml_kem_hash_functions_portable_H_f1_19(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -5787,7 +5787,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_8c(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f6(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5796,13 +5796,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_8c(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_fc(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_a2(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_48( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5d( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5811,13 +5811,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_8c(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_f2(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_89(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_35( - uu____2, libcrux_ml_kem_types_from_b6_da(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_82( + uu____2, libcrux_ml_kem_types_from_b6_96(copy_of_public_key)); } /** @@ -5836,12 +5836,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d5( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_87( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_8c(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f6(copy_of_randomness); } /** @@ -5852,7 +5852,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d5( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_87( copy_of_randomness); } @@ -5867,24 +5867,24 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_25( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_ea(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_6d(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_1a( + libcrux_ml_kem_hash_functions_portable_H_f1_19( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_1d(ciphertext), + libcrux_ml_kem_types_as_slice_d4_b2(ciphertext), uint8_t), ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( + libcrux_ml_kem_hash_functions_portable_PRF_f1_2e( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -5911,7 +5911,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_700( +static inline void libcrux_ml_kem_ind_cca_decapsulate_d30( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5929,10 +5929,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_700( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_43(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_0e(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5940,7 +5940,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_700( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_e4( + libcrux_ml_kem_hash_functions_portable_G_f1_38( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5949,14 +5949,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_700( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_6d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_24(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d6(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( + libcrux_ml_kem_hash_functions_portable_PRF_f1_2e( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5964,18 +5964,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_700( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_60(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_b4(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_f0( + libcrux_ml_kem_variant_kdf_33_25( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_f0(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_33_25(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_24(ciphertext), + libcrux_ml_kem_types_as_ref_00_d6(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6009,10 +6009,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fc( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_f1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_700(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_d30(private_key, ciphertext, ret); } /** @@ -6025,7 +6025,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fc( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fc( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_f1( private_key, ciphertext, ret); } @@ -6039,9 +6039,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_8a( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_d5( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_1a(randomness, ret); + libcrux_ml_kem_hash_functions_portable_H_f1_19(randomness, ret); } /** @@ -6063,28 +6063,28 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cd0( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c40( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_8a( + libcrux_ml_kem_variant_entropy_preprocess_33_d5( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_6d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_1a( + libcrux_ml_kem_hash_functions_portable_H_f1_19( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_50(public_key), + libcrux_ml_kem_types_as_slice_cb_07(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_e4( + libcrux_ml_kem_hash_functions_portable_G_f1_38( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -6093,20 +6093,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cd0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_07(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_60(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_b4(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9f(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_f0(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_25(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6141,14 +6141,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7a( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_8e( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_cd0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_c40(uu____0, copy_of_randomness); } /** @@ -6165,7 +6165,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7a( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_8e( uu____0, copy_of_randomness); } @@ -6179,9 +6179,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_b6( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_ea( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_portable_G_f1_e4(key_generation_seed, ret); + libcrux_ml_kem_hash_functions_portable_G_f1_38(key_generation_seed, ret); } /** @@ -6197,10 +6197,10 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_fc0( +libcrux_ml_kem_ind_cpa_generate_keypair_a20( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_b6(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_ea(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6208,15 +6208,15 @@ libcrux_ml_kem_ind_cpa_generate_keypair_fc0( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_38(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_e7(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc( + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_78( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( @@ -6229,23 +6229,23 @@ libcrux_ml_kem_ind_cpa_generate_keypair_fc0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_78(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_60(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_c7(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); + unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_79( + libcrux_ml_kem_ind_cpa_serialize_public_key_67( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_b5(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_a3(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6285,7 +6285,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_8c0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f60(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6294,13 +6294,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_8c0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_fc0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_a20(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_48( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5d( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6309,13 +6309,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_8c0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_f2(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_89(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_35( - uu____2, libcrux_ml_kem_types_from_b6_da(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_82( + uu____2, libcrux_ml_kem_types_from_b6_96(copy_of_public_key)); } /** @@ -6331,12 +6331,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_9b( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_e7( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_8c0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f60(copy_of_randomness); } /** @@ -6348,7 +6348,7 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_9b( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_e7( copy_of_randomness); } @@ -6367,11 +6367,11 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_e7( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_4f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_1a( + libcrux_ml_kem_hash_functions_portable_H_f1_19( Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U, (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), @@ -6395,10 +6395,10 @@ generics - CIPHERTEXT_SIZE= 1088 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_9c( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_40( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_e7(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_4f(private_key, ciphertext); } @@ -6410,7 +6410,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_9c( static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_9c( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_40( private_key, ciphertext); } @@ -6422,9 +6422,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cd0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_050( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_ea(); + return libcrux_ml_kem_polynomial_ZERO_89_c3(); } /** @@ -6441,12 +6441,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_330( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_200( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_c3(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -6459,7 +6459,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_330( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_4c( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_47( ring_element); deserialized_pk[i0] = uu____0; } @@ -6483,16 +6483,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_19( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_c1( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_330( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_200( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_79( + libcrux_ml_kem_ind_cpa_serialize_public_key_67( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6513,9 +6513,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_d3( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_19(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_c1(public_key); } /** @@ -6525,7 +6525,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b( */ static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_d3( public_key->value); } diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 5f57e0fb3..cd32aec32 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Libcrux: 3676fd514a5df7dc5dd8382e2c18dfffa42488dd */ #ifndef __libcrux_sha3_avx2_H @@ -59,7 +59,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_58(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_21(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, __m256i)); @@ -70,7 +70,7 @@ static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vrax1q_u64(__m256i a, __m256i b) { __m256i uu____0 = a; return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_sha3_simd_avx2_rotate_left_58(b)); + uu____0, libcrux_sha3_simd_avx2_rotate_left_21(b)); } /** @@ -222,7 +222,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -libcrux_sha3_generic_keccak_new_1e_bf(void) { +libcrux_sha3_generic_keccak_new_1e_71(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); @@ -258,7 +258,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_fe( __m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; @@ -388,13 +388,13 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_65( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_d4( __m256i (*a)[5U], Eurydice_slice b[4U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[4U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_c7(uu____0, copy_of_b); + libcrux_sha3_simd_avx2_load_block_fe(uu____0, copy_of_b); } /** @@ -405,7 +405,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_580(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_210(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, __m256i)); @@ -418,10 +418,10 @@ with const generics - RIGHT= 28 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_c1(__m256i a, +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_13(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_580(ab); + return libcrux_sha3_simd_avx2_rotate_left_210(ab); } /** @@ -436,8 +436,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c1(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_13(a, b); } /** @@ -448,7 +448,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_581(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_211(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, __m256i)); @@ -462,9 +462,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c10(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_130(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_581(ab); + return libcrux_sha3_simd_avx2_rotate_left_211(ab); } /** @@ -479,8 +479,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c10(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c0(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_130(a, b); } /** @@ -491,7 +491,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_582(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_212(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, __m256i)); @@ -505,9 +505,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c11(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_131(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_582(ab); + return libcrux_sha3_simd_avx2_rotate_left_212(ab); } /** @@ -522,8 +522,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c11(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c1(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_131(a, b); } /** @@ -534,7 +534,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_583(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_213(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, __m256i)); @@ -548,9 +548,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c12(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_132(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_583(ab); + return libcrux_sha3_simd_avx2_rotate_left_213(ab); } /** @@ -565,8 +565,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c12(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c2(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_132(a, b); } /** @@ -577,9 +577,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c13(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_133(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_58(ab); + return libcrux_sha3_simd_avx2_rotate_left_21(ab); } /** @@ -594,8 +594,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c13(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c3(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_133(a, b); } /** @@ -606,7 +606,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_584(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_214(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, __m256i)); @@ -620,9 +620,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c14(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_134(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_584(ab); + return libcrux_sha3_simd_avx2_rotate_left_214(ab); } /** @@ -637,8 +637,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c14(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c4(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_134(a, b); } /** @@ -649,7 +649,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_585(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_215(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, __m256i)); @@ -663,9 +663,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c15(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_135(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_585(ab); + return libcrux_sha3_simd_avx2_rotate_left_215(ab); } /** @@ -680,8 +680,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c15(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c5(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_135(a, b); } /** @@ -692,7 +692,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_586(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_216(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, __m256i)); @@ -706,9 +706,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c16(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_136(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_586(ab); + return libcrux_sha3_simd_avx2_rotate_left_216(ab); } /** @@ -723,8 +723,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c16(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c6(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_136(a, b); } /** @@ -735,7 +735,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_587(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_217(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, __m256i)); @@ -749,9 +749,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c17(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_137(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_587(ab); + return libcrux_sha3_simd_avx2_rotate_left_217(ab); } /** @@ -766,8 +766,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c17(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c7(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_137(a, b); } /** @@ -778,7 +778,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_588(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_218(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, __m256i)); @@ -792,9 +792,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c18(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_138(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_588(ab); + return libcrux_sha3_simd_avx2_rotate_left_218(ab); } /** @@ -809,8 +809,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c18(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c8(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_138(a, b); } /** @@ -821,7 +821,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_589(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_219(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, __m256i)); @@ -835,9 +835,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c19(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_139(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_589(ab); + return libcrux_sha3_simd_avx2_rotate_left_219(ab); } /** @@ -852,8 +852,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c19(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c9(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_139(a, b); } /** @@ -864,7 +864,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5810(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2110(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, __m256i)); @@ -878,9 +878,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c110(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1310(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5810(ab); + return libcrux_sha3_simd_avx2_rotate_left_2110(ab); } /** @@ -895,8 +895,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c110(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c10(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1310(a, b); } /** @@ -907,7 +907,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5811(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2111(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, __m256i)); @@ -921,9 +921,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c111(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1311(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5811(ab); + return libcrux_sha3_simd_avx2_rotate_left_2111(ab); } /** @@ -938,8 +938,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c111(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c11(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1311(a, b); } /** @@ -950,7 +950,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5812(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2112(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, __m256i)); @@ -964,9 +964,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c112(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1312(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5812(ab); + return libcrux_sha3_simd_avx2_rotate_left_2112(ab); } /** @@ -981,8 +981,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c112(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c12(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1312(a, b); } /** @@ -993,7 +993,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5813(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2113(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, __m256i)); @@ -1007,9 +1007,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c113(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1313(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5813(ab); + return libcrux_sha3_simd_avx2_rotate_left_2113(ab); } /** @@ -1024,8 +1024,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c113(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c13(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1313(a, b); } /** @@ -1036,7 +1036,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5814(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2114(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, __m256i)); @@ -1050,9 +1050,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c114(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1314(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5814(ab); + return libcrux_sha3_simd_avx2_rotate_left_2114(ab); } /** @@ -1067,8 +1067,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c114(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c14(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1314(a, b); } /** @@ -1079,7 +1079,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5815(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2115(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, __m256i)); @@ -1093,9 +1093,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c115(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1315(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5815(ab); + return libcrux_sha3_simd_avx2_rotate_left_2115(ab); } /** @@ -1110,8 +1110,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c115(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c15(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1315(a, b); } /** @@ -1122,7 +1122,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5816(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2116(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, __m256i)); @@ -1136,9 +1136,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c116(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1316(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5816(ab); + return libcrux_sha3_simd_avx2_rotate_left_2116(ab); } /** @@ -1153,8 +1153,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c116(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c16(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1316(a, b); } /** @@ -1165,7 +1165,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5817(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2117(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, __m256i)); @@ -1179,9 +1179,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c117(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1317(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5817(ab); + return libcrux_sha3_simd_avx2_rotate_left_2117(ab); } /** @@ -1196,8 +1196,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c117(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c17(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1317(a, b); } /** @@ -1208,7 +1208,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5818(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2118(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, __m256i)); @@ -1222,9 +1222,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c118(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1318(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5818(ab); + return libcrux_sha3_simd_avx2_rotate_left_2118(ab); } /** @@ -1239,8 +1239,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c118(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c18(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1318(a, b); } /** @@ -1251,7 +1251,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5819(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2119(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, __m256i)); @@ -1265,9 +1265,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c119(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1319(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5819(ab); + return libcrux_sha3_simd_avx2_rotate_left_2119(ab); } /** @@ -1282,8 +1282,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c119(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c19(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1319(a, b); } /** @@ -1294,7 +1294,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5820(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2120(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, __m256i)); @@ -1308,9 +1308,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c120(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1320(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5820(ab); + return libcrux_sha3_simd_avx2_rotate_left_2120(ab); } /** @@ -1325,8 +1325,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c120(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c20(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1320(a, b); } /** @@ -1337,7 +1337,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5821(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2121(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, __m256i)); @@ -1351,9 +1351,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c121(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1321(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5821(ab); + return libcrux_sha3_simd_avx2_rotate_left_2121(ab); } /** @@ -1368,8 +1368,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c121(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c21(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1321(a, b); } /** @@ -1380,7 +1380,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5822(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2122(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, __m256i)); @@ -1394,9 +1394,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c122(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1322(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5822(ab); + return libcrux_sha3_simd_avx2_rotate_left_2122(ab); } /** @@ -1411,8 +1411,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c122(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c22(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1322(a, b); } /** @@ -1422,7 +1422,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_74( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_1b( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i c[5U] = {libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], @@ -1457,53 +1457,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_74( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_ef(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c0(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c1(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c2(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c3(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c4(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c5(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c6(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c7(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c8(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c9(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c10(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c11(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c12(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c13(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c14(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c15(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c16(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c17(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c18(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c19(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c20(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c21(s->st[3U][4U], t[4U]); __m256i uu____27 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1514,7 +1514,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_35( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_70( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1551,7 +1551,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_12( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1573,7 +1573,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_5b( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_fe( libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1586,14 +1586,14 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_f8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_cd( libcrux_sha3_generic_keccak_KeccakState_29 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_74(s); - libcrux_sha3_generic_keccak_pi_35(s); - libcrux_sha3_generic_keccak_chi_09(s); - libcrux_sha3_generic_keccak_iota_5b(s, i0); + libcrux_sha3_generic_keccak_theta_rho_1b(s); + libcrux_sha3_generic_keccak_pi_70(s); + libcrux_sha3_generic_keccak_chi_12(s); + libcrux_sha3_generic_keccak_iota_fe(s, i0); } } @@ -1605,13 +1605,13 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_1d( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_32( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_ef_65(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_f8(s); + libcrux_sha3_simd_avx2_load_block_ef_d4(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_cd(s); } /** @@ -1620,14 +1620,14 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_91( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_1d( __m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - libcrux_sha3_simd_avx2_load_block_c7(s, buf); + libcrux_sha3_simd_avx2_load_block_fe(s, buf); } /** @@ -1640,13 +1640,13 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_e9( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_e6( __m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_91(uu____0, copy_of_b); + libcrux_sha3_simd_avx2_load_block_full_1d(uu____0, copy_of_b); } /** @@ -1658,7 +1658,7 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_d9( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1677,8 +1677,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_d9( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_e9(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_f8(s); + libcrux_sha3_simd_avx2_load_block_full_ef_e6(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_cd(s); } /** @@ -1687,7 +1687,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_78( __m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; @@ -1810,7 +1810,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_61( __m256i (*s)[5U], uint8_t ret[4U][200U]) { uint8_t out0[200U] = {0U}; uint8_t out1[200U] = {0U}; @@ -1821,7 +1821,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( Eurydice_array_to_slice((size_t)200U, out1, uint8_t), Eurydice_array_to_slice((size_t)200U, out2, uint8_t), Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; - libcrux_sha3_simd_avx2_store_block_e9(s, buf); + libcrux_sha3_simd_avx2_store_block_78(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); @@ -1849,9 +1849,9 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_43( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_d1( __m256i (*a)[5U], uint8_t ret[4U][200U]) { - libcrux_sha3_simd_avx2_store_block_full_0b(a, ret); + libcrux_sha3_simd_avx2_store_block_full_61(a, ret); } /** @@ -1863,10 +1863,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_c54( +libcrux_sha3_generic_keccak_squeeze_first_and_last_a8( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_43(s->st, b); + libcrux_sha3_simd_avx2_store_block_full_ef_d1(s->st, b); for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1892,9 +1892,9 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_58( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_e3( __m256i (*a)[5U], Eurydice_slice b[4U]) { - libcrux_sha3_simd_avx2_store_block_e9(a, b); + libcrux_sha3_simd_avx2_store_block_78(a, b); } /** @@ -1905,9 +1905,9 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_9b( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_ca( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_58(s->st, out); + libcrux_sha3_simd_avx2_store_block_ef_e3(s->st, out); } /** @@ -1918,10 +1918,10 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_b4( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_66( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_f8(s); - libcrux_sha3_simd_avx2_store_block_ef_58(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_cd(s); + libcrux_sha3_simd_avx2_store_block_ef_e3(s->st, out); } /** @@ -1932,11 +1932,11 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_74( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_fe( libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_f8(&s); + libcrux_sha3_generic_keccak_keccakf1600_cd(&s); uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_43(s.st, b); + libcrux_sha3_simd_avx2_store_block_full_ef_d1(s.st, b); for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1961,10 +1961,10 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_4f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_1e_bf(); + libcrux_sha3_generic_keccak_new_1e_71(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1975,7 +1975,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_4f( Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_1d(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_32(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; @@ -1985,12 +1985,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_4f( Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_d9(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_7f(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_c54(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_a8(&s, out); } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)136U); @@ -1998,7 +1998,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_4f( memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_9b(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_ca(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2016,12 +2016,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_4f( memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_b4(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_66(&s, o); memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_74(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_fe(s, o1); } } } @@ -2036,7 +2036,7 @@ static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_keccak_4f(buf0, buf); + libcrux_sha3_generic_keccak_keccak_b9(buf0, buf); } typedef libcrux_sha3_generic_keccak_KeccakState_29 @@ -2048,7 +2048,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_29 KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return libcrux_sha3_generic_keccak_new_1e_bf(); + return libcrux_sha3_generic_keccak_new_1e_71(); } /** @@ -2057,7 +2057,7 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_fe0( __m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; @@ -2183,14 +2183,14 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_910( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_1d0( __m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - libcrux_sha3_simd_avx2_load_block_c70(s, buf); + libcrux_sha3_simd_avx2_load_block_fe0(s, buf); } /** @@ -2203,13 +2203,13 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_e90( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_e60( __m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_910(uu____0, copy_of_b); + libcrux_sha3_simd_avx2_load_block_full_1d0(uu____0, copy_of_b); } /** @@ -2221,7 +2221,7 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_d90( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -2240,8 +2240,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_d90( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_e90(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_f8(s); + libcrux_sha3_simd_avx2_load_block_full_ef_e60(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_cd(s); } /** @@ -2253,7 +2253,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_d90(s, buf); + libcrux_sha3_generic_keccak_absorb_final_7f0(s, buf); } /** @@ -2262,7 +2262,7 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_780( __m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; @@ -2389,9 +2389,9 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_580( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_e30( __m256i (*a)[5U], Eurydice_slice b[4U]) { - libcrux_sha3_simd_avx2_store_block_e90(a, b); + libcrux_sha3_simd_avx2_store_block_780(a, b); } /** @@ -2402,10 +2402,10 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_b40( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_660( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_f8(s); - libcrux_sha3_simd_avx2_store_block_ef_580(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_cd(s); + libcrux_sha3_simd_avx2_store_block_ef_e30(s->st, out); } /** @@ -2417,7 +2417,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_660(s, buf); } /** @@ -2428,9 +2428,9 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_9b0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_ca0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_580(s->st, out); + libcrux_sha3_simd_avx2_store_block_ef_e30(s->st, out); } /** @@ -2442,7 +2442,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2450,15 +2450,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_9b0(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_ca0(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o2); } /** @@ -2470,7 +2470,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(s, buf); } /** @@ -2482,7 +2482,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_69( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_0b( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2490,29 +2490,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_69( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_9b0(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_ca0(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o1); Eurydice_slice_uint8_t_4size_t__x2 uu____2 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o2); Eurydice_slice_uint8_t_4size_t__x2 uu____3 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o4); } /** @@ -2524,7 +2524,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_69(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_0b(s, buf); } /** @@ -2536,7 +2536,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_d9(s, buf); + libcrux_sha3_generic_keccak_absorb_final_7f(s, buf); } /** @@ -2548,7 +2548,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_block_9b(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_ca(s, buf); } /** @@ -2560,7 +2560,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_b4(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_66(s, buf); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 748cfd2fe..60e8874ef 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Libcrux: 3676fd514a5df7dc5dd8382e2c18dfffa42488dd */ #ifndef __libcrux_sha3_portable_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d6(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_cb(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_d6(b); } /** @@ -201,7 +201,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f4(void) { +libcrux_sha3_generic_keccak_new_1e_cf(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -236,7 +236,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -264,13 +264,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b8( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_35( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_65(uu____0, copy_of_b); } /** @@ -280,7 +280,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d60(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -291,9 +291,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_42(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_74(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb0(ab); + return libcrux_sha3_portable_keccak_rotate_left_d60(ab); } /** @@ -307,8 +307,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_42(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_03(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_74(a, b); } /** @@ -318,7 +318,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d61(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -329,9 +329,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_420(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_740(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb1(ab); + return libcrux_sha3_portable_keccak_rotate_left_d61(ab); } /** @@ -345,8 +345,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_420(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_030(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_740(a, b); } /** @@ -356,7 +356,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d62(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -367,9 +367,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_421(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_741(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb2(ab); + return libcrux_sha3_portable_keccak_rotate_left_d62(ab); } /** @@ -383,8 +383,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_421(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_031(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_741(a, b); } /** @@ -394,7 +394,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d63(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -405,9 +405,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_422(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_742(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb3(ab); + return libcrux_sha3_portable_keccak_rotate_left_d63(ab); } /** @@ -421,8 +421,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_422(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_032(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_742(a, b); } /** @@ -432,9 +432,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_423(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_743(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb(ab); + return libcrux_sha3_portable_keccak_rotate_left_d6(ab); } /** @@ -448,8 +448,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_423(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_033(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_743(a, b); } /** @@ -459,7 +459,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d64(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -470,9 +470,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_424(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_744(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb4(ab); + return libcrux_sha3_portable_keccak_rotate_left_d64(ab); } /** @@ -486,8 +486,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_424(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_034(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_744(a, b); } /** @@ -497,7 +497,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d65(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -508,9 +508,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_425(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_745(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb5(ab); + return libcrux_sha3_portable_keccak_rotate_left_d65(ab); } /** @@ -524,8 +524,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_425(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_035(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_745(a, b); } /** @@ -535,7 +535,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d66(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -546,9 +546,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_426(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_746(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb6(ab); + return libcrux_sha3_portable_keccak_rotate_left_d66(ab); } /** @@ -562,8 +562,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_426(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_036(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_746(a, b); } /** @@ -573,7 +573,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d67(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -584,9 +584,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_427(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_747(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb7(ab); + return libcrux_sha3_portable_keccak_rotate_left_d67(ab); } /** @@ -600,8 +600,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_427(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_037(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_747(a, b); } /** @@ -611,7 +611,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d68(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -622,9 +622,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_428(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_748(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb8(ab); + return libcrux_sha3_portable_keccak_rotate_left_d68(ab); } /** @@ -638,8 +638,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_428(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_038(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_748(a, b); } /** @@ -649,7 +649,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d69(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -660,9 +660,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_429(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_749(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb9(ab); + return libcrux_sha3_portable_keccak_rotate_left_d69(ab); } /** @@ -676,8 +676,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_429(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_039(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_749(a, b); } /** @@ -687,7 +687,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d610(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -698,9 +698,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4210(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7410(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb10(ab); + return libcrux_sha3_portable_keccak_rotate_left_d610(ab); } /** @@ -714,8 +714,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4210(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0310(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7410(a, b); } /** @@ -725,7 +725,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d611(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -736,9 +736,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4211(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7411(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb11(ab); + return libcrux_sha3_portable_keccak_rotate_left_d611(ab); } /** @@ -752,8 +752,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4211(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0311(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7411(a, b); } /** @@ -763,7 +763,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d612(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -774,9 +774,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4212(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7412(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb12(ab); + return libcrux_sha3_portable_keccak_rotate_left_d612(ab); } /** @@ -790,8 +790,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4212(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0312(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7412(a, b); } /** @@ -801,7 +801,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d613(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -812,9 +812,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4213(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7413(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb13(ab); + return libcrux_sha3_portable_keccak_rotate_left_d613(ab); } /** @@ -828,8 +828,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4213(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0313(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7413(a, b); } /** @@ -839,7 +839,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d614(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -850,9 +850,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4214(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7414(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb14(ab); + return libcrux_sha3_portable_keccak_rotate_left_d614(ab); } /** @@ -866,8 +866,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4214(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0314(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7414(a, b); } /** @@ -877,7 +877,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d615(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -888,9 +888,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4215(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7415(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb15(ab); + return libcrux_sha3_portable_keccak_rotate_left_d615(ab); } /** @@ -904,8 +904,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4215(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0315(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7415(a, b); } /** @@ -915,7 +915,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d616(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -926,9 +926,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4216(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7416(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb16(ab); + return libcrux_sha3_portable_keccak_rotate_left_d616(ab); } /** @@ -942,8 +942,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4216(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0316(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7416(a, b); } /** @@ -953,7 +953,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d617(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -964,9 +964,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4217(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7417(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb17(ab); + return libcrux_sha3_portable_keccak_rotate_left_d617(ab); } /** @@ -980,8 +980,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4217(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0317(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7417(a, b); } /** @@ -991,7 +991,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d618(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1002,9 +1002,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4218(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7418(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb18(ab); + return libcrux_sha3_portable_keccak_rotate_left_d618(ab); } /** @@ -1018,8 +1018,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4218(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0318(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7418(a, b); } /** @@ -1029,7 +1029,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d619(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1040,9 +1040,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4219(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7419(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb19(ab); + return libcrux_sha3_portable_keccak_rotate_left_d619(ab); } /** @@ -1056,8 +1056,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4219(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0319(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7419(a, b); } /** @@ -1067,7 +1067,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d620(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1078,9 +1078,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4220(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7420(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb20(ab); + return libcrux_sha3_portable_keccak_rotate_left_d620(ab); } /** @@ -1094,8 +1094,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4220(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0320(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7420(a, b); } /** @@ -1105,7 +1105,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d621(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1116,9 +1116,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4221(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7421(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb21(ab); + return libcrux_sha3_portable_keccak_rotate_left_d621(ab); } /** @@ -1132,8 +1132,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4221(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0321(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7421(a, b); } /** @@ -1143,7 +1143,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_d622(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1154,9 +1154,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4222(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_7422(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb22(ab); + return libcrux_sha3_portable_keccak_rotate_left_d622(ab); } /** @@ -1170,8 +1170,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4222(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_0322(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_7422(a, b); } /** @@ -1180,7 +1180,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_16( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1216,53 +1216,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_16( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_03(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_030(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_031(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_032(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_033(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_034(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_035(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_036(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_037(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_038(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_039(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0310(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0311(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0312(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0313(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0314(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0315(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0316(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0317(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0318(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0319(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0320(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0321(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_0322(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1272,7 +1272,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_1d( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_d5( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1308,7 +1308,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_12( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_3e( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1329,7 +1329,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_62( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_00( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1341,14 +1341,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_21( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_b8( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_16(s); - libcrux_sha3_generic_keccak_pi_1d(s); - libcrux_sha3_generic_keccak_chi_12(s); - libcrux_sha3_generic_keccak_iota_62(s, i0); + libcrux_sha3_generic_keccak_theta_rho_a7(s); + libcrux_sha3_generic_keccak_pi_d5(s); + libcrux_sha3_generic_keccak_chi_3e(s); + libcrux_sha3_generic_keccak_iota_00(s, i0); } } @@ -1359,13 +1359,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_40( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b8(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_5a_35(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -1373,11 +1373,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d4( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_2c(s, buf); + libcrux_sha3_portable_keccak_load_block_65(s, buf); } /** @@ -1389,13 +1389,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_05( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_d4(uu____0, copy_of_b); } /** @@ -1406,7 +1406,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c7( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_40( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1425,8 +1425,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c7( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_full_5a_05(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -1434,7 +1434,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -1452,12 +1452,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_58(s, buf); + libcrux_sha3_portable_keccak_store_block_9b(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1473,9 +1473,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_29( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_27( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_2d(a, ret); + libcrux_sha3_portable_keccak_store_block_full_7e(a, ret); } /** @@ -1486,10 +1486,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_c5( +libcrux_sha3_generic_keccak_squeeze_first_and_last_88( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_29(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_27(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1514,9 +1514,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_59( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_49( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_58(a, b); + libcrux_sha3_portable_keccak_store_block_9b(a, b); } /** @@ -1526,9 +1526,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_84( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out); } /** @@ -1538,10 +1538,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(s); - libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out); } /** @@ -1551,11 +1551,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(&s); + libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_29(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_27(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1579,10 +1579,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f4(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -1593,7 +1593,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_df(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_40(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -1603,12 +1603,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_c7(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_40(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_c5(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_88(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -1616,7 +1616,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_84(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_7b(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1634,12 +1634,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_cf(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_ca(s, o1); } } } @@ -1650,12 +1650,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e9(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_06(copy_of_data, out); } /** @@ -1665,7 +1665,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_ce(buf0, buf); + libcrux_sha3_portable_keccakx1_e4(buf0, buf); } /** @@ -1673,7 +1673,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1684,7 +1684,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c0( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1701,13 +1701,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b80( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_350( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c0(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_650(uu____0, copy_of_b); } /** @@ -1717,13 +1717,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_400( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b80(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_5a_350(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -1731,11 +1731,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d40( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_2c0(s, buf); + libcrux_sha3_portable_keccak_load_block_650(s, buf); } /** @@ -1747,13 +1747,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d20( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_050( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df0(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_d40(uu____0, copy_of_b); } /** @@ -1764,7 +1764,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c70( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_400( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1783,8 +1783,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c70( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -1792,7 +1792,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b0( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1810,12 +1810,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_580(s, buf); + libcrux_sha3_portable_keccak_store_block_9b0(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1832,9 +1832,9 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_290(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_270(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_2d0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_7e0(a, ret); } /** @@ -1845,10 +1845,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_c50( +libcrux_sha3_generic_keccak_squeeze_first_and_last_880( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_290(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_270(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1873,9 +1873,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_590( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_490( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_580(a, b); + libcrux_sha3_portable_keccak_store_block_9b0(a, b); } /** @@ -1885,9 +1885,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_840( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_490(s->st, out); } /** @@ -1897,10 +1897,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c20( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(s); - libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_store_block_5a_490(s->st, out); } /** @@ -1910,11 +1910,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca0( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(&s); + libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_290(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_270(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1938,10 +1938,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f4(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1952,7 +1952,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_400(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -1962,12 +1962,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_c70(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_400(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_880(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -1975,7 +1975,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_7b0(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1993,12 +1993,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c20(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_ca0(s, o1); } } } @@ -2009,12 +2009,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e40( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e90(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_060(copy_of_data, out); } /** @@ -2024,7 +2024,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_ce0(buf0, buf); + libcrux_sha3_portable_keccakx1_e40(buf0, buf); } /** @@ -2035,7 +2035,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c71( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_401( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2054,8 +2054,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c71( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -2066,10 +2066,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f4(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2080,7 +2080,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_400(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2090,12 +2090,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_c71(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_401(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_880(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2103,7 +2103,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_7b0(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2121,12 +2121,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c20(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_ca0(s, o1); } } } @@ -2137,12 +2137,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e41( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e91(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_061(copy_of_data, out); } /** @@ -2152,7 +2152,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_ce1(buf0, buf); + libcrux_sha3_portable_keccakx1_e41(buf0, buf); } typedef libcrux_sha3_generic_keccak_KeccakState_48 @@ -2163,7 +2163,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f4(); + return libcrux_sha3_generic_keccak_new_1e_cf(); } /** @@ -2171,7 +2171,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -2182,7 +2182,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c1( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2195,11 +2195,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d41( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_2c1(s, buf); + libcrux_sha3_portable_keccak_load_block_651(s, buf); } /** @@ -2211,13 +2211,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d21( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_051( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df1(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_d41(uu____0, copy_of_b); } /** @@ -2228,7 +2228,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_402( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2247,8 +2247,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d21(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_full_5a_051(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -2258,7 +2258,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_c72(s, buf); + libcrux_sha3_generic_keccak_absorb_final_402(s, buf); } /** @@ -2266,7 +2266,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b1( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -2288,9 +2288,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_591( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_491( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_581(a, b); + libcrux_sha3_portable_keccak_store_block_9b1(a, b); } /** @@ -2300,10 +2300,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c21( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(s); - libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out); } /** @@ -2313,7 +2313,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, buf); } /** @@ -2323,9 +2323,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_841( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out); } /** @@ -2336,7 +2336,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -2344,15 +2344,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_841(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_7b1(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o2); } /** @@ -2362,7 +2362,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c(s, buf); } #define libcrux_sha3_Sha224 0 @@ -2408,7 +2408,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2419,7 +2419,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c2( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2436,13 +2436,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b81( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_351( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c2(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_652(uu____0, copy_of_b); } /** @@ -2452,13 +2452,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_401( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b81(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_5a_351(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -2466,11 +2466,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d42( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_2c2(s, buf); + libcrux_sha3_portable_keccak_load_block_652(s, buf); } /** @@ -2482,13 +2482,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d22( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_052( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df2(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_d42(uu____0, copy_of_b); } /** @@ -2499,7 +2499,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c73( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_403( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2518,8 +2518,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c73( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d22(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_full_5a_052(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -2527,7 +2527,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b2( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2545,12 +2545,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_582(s, buf); + libcrux_sha3_portable_keccak_store_block_9b2(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2567,9 +2567,9 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_291(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_271(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_2d1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_7e1(a, ret); } /** @@ -2580,10 +2580,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_c51( +libcrux_sha3_generic_keccak_squeeze_first_and_last_881( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_291(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_271(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2608,9 +2608,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_592( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_492( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_582(a, b); + libcrux_sha3_portable_keccak_store_block_9b2(a, b); } /** @@ -2620,9 +2620,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_842( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_492(s->st, out); } /** @@ -2632,10 +2632,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c22( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(s); - libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_store_block_5a_492(s->st, out); } /** @@ -2645,11 +2645,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca1( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(&s); + libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_291(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_271(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2673,10 +2673,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f4(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2687,7 +2687,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_df1(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_401(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2697,12 +2697,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_c73(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_403(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_c51(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_881(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2710,7 +2710,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_842(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_7b2(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2728,12 +2728,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c22(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_cf1(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_ca1(s, o1); } } } @@ -2744,12 +2744,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e42( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e92(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_062(copy_of_data, out); } /** @@ -2759,7 +2759,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_ce2(buf0, buf); + libcrux_sha3_portable_keccakx1_e42(buf0, buf); } /** @@ -2767,7 +2767,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -2778,7 +2778,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c3( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2795,13 +2795,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b82( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_352( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_653(uu____0, copy_of_b); } /** @@ -2811,13 +2811,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_402( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b82(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_5a_352(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -2825,11 +2825,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d43( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_2c3(s, buf); + libcrux_sha3_portable_keccak_load_block_653(s, buf); } /** @@ -2841,13 +2841,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d23( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_053( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_d43(uu____0, copy_of_b); } /** @@ -2858,7 +2858,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c74( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_404( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2877,8 +2877,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c74( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d23(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_full_5a_053(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -2886,7 +2886,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b3( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -2904,12 +2904,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_583(s, buf); + libcrux_sha3_portable_keccak_store_block_9b3(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2926,9 +2926,9 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_292(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_272(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_2d2(a, ret); + libcrux_sha3_portable_keccak_store_block_full_7e2(a, ret); } /** @@ -2939,10 +2939,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_c52( +libcrux_sha3_generic_keccak_squeeze_first_and_last_882( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_292(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_272(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2967,9 +2967,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_593( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_493( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_583(a, b); + libcrux_sha3_portable_keccak_store_block_9b3(a, b); } /** @@ -2979,9 +2979,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_843( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_493(s->st, out); } /** @@ -2991,10 +2991,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c23( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(s); - libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_store_block_5a_493(s->st, out); } /** @@ -3004,11 +3004,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca2( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(&s); + libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_292(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_272(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3032,10 +3032,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f4(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -3046,7 +3046,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_df2(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_402(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3056,12 +3056,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_c74(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_404(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_c52(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_882(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -3069,7 +3069,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_843(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_7b3(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3087,12 +3087,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc3(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c23(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_cf2(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_ca2(s, o1); } } } @@ -3103,12 +3103,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e43( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e93(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_063(copy_of_data, out); } /** @@ -3118,7 +3118,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_ce3(buf0, buf); + libcrux_sha3_portable_keccakx1_e43(buf0, buf); } /** @@ -3209,13 +3209,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b83( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_353( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c1(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_651(uu____0, copy_of_b); } /** @@ -3225,13 +3225,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_403( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b83(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_load_block_5a_353(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_b8(s); } /** @@ -3239,12 +3239,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_581(s, buf); + libcrux_sha3_portable_keccak_store_block_9b1(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -3261,9 +3261,9 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_293(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_273(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_2d3(a, ret); + libcrux_sha3_portable_keccak_store_block_full_7e3(a, ret); } /** @@ -3274,10 +3274,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_c53( +libcrux_sha3_generic_keccak_squeeze_first_and_last_883( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_293(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_273(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3300,11 +3300,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca3( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(&s); + libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_293(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_273(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3328,10 +3328,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f4(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -3342,7 +3342,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_df3(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_403(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3352,12 +3352,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_c72(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_402(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_c53(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_883(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3365,7 +3365,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_841(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_7b1(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3383,12 +3383,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc1(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c21(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_cf3(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_ca3(s, o1); } } } @@ -3399,12 +3399,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e44( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e94(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_064(copy_of_data, out); } /** @@ -3414,7 +3414,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_ce4(buf0, buf); + libcrux_sha3_portable_keccakx1_e44(buf0, buf); } /** @@ -3565,7 +3565,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3573,29 +3573,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_841(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_7b1(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o4); } /** @@ -3605,7 +3605,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e(s, buf); } /** @@ -3615,7 +3615,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_c71(s, buf); + libcrux_sha3_generic_keccak_absorb_final_401(s, buf); } /** @@ -3623,7 +3623,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f4(); + return libcrux_sha3_generic_keccak_new_1e_cf(); } /** @@ -3633,7 +3633,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_840(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_7b0(s, buf); } /** @@ -3643,7 +3643,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_fc0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c20(s, buf); } /** @@ -3683,7 +3683,7 @@ with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b0( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -3717,7 +3717,7 @@ with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3725,7 +3725,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_b0(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_9d_15(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3741,8 +3741,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( uint64_t(*uu____2)[5U] = self->inner.st; Eurydice_slice uu____3[1U]; memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b80(uu____2, uu____3); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_load_block_5a_350(uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); self->buf_len = (size_t)0U; } size_t input_to_consume = @@ -3758,8 +3758,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_inputs, input_consumed + i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_portable_keccak_load_block_5a_b80(uu____4, ret); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_load_block_5a_350(uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); } return remainder; } @@ -3787,7 +3787,7 @@ with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3795,7 +3795,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3824,7 +3824,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} static inline void libcrux_sha3_portable_incremental_absorb_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_7b(self, buf); + libcrux_sha3_generic_keccak_absorb_9d_45(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_4f @@ -3848,7 +3848,7 @@ with const generics - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_25( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3856,7 +3856,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_25( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3887,8 +3887,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_25( uint64_t(*uu____6)[5U] = self->inner.st; uint8_t uu____7[1U][200U]; memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____6, uu____7); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); } /** @@ -3903,7 +3903,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_absorb_final_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_25(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_9d_b6(&self, buf); return self; } @@ -3921,7 +3921,7 @@ with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_e6( +static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -4076,11 +4076,11 @@ with const generics - RATE= 136 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_9d_7e(void) { +libcrux_sha3_generic_keccak_new_9d_47(void) { libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_f4(); + lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_9d_e6(ret); + libcrux_sha3_generic_keccak_zero_block_9d_5e(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -4097,7 +4097,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_9d_7e(); + return libcrux_sha3_generic_keccak_new_9d_47(); } /** @@ -4137,7 +4137,7 @@ with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b00( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -4171,7 +4171,7 @@ with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4179,7 +4179,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_b00(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_9d_150(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4195,8 +4195,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( uint64_t(*uu____2)[5U] = self->inner.st; Eurydice_slice uu____3[1U]; memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b83(uu____2, uu____3); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_load_block_5a_353(uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); self->buf_len = (size_t)0U; } size_t input_to_consume = @@ -4212,8 +4212,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_inputs, input_consumed + i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_portable_keccak_load_block_5a_b83(uu____4, ret); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_load_block_5a_353(uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); } return remainder; } @@ -4241,7 +4241,7 @@ with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4249,7 +4249,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b0( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4275,7 +4275,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} static inline void libcrux_sha3_portable_incremental_absorb_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_7b0(self, buf); + libcrux_sha3_generic_keccak_absorb_9d_450(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_78 @@ -4299,7 +4299,7 @@ with const generics - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_250( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4307,7 +4307,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_250( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4338,8 +4338,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_250( uint64_t(*uu____6)[5U] = self->inner.st; uint8_t uu____7[1U][200U]; memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d21(uu____6, uu____7); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_load_block_full_5a_051(uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); } /** @@ -4351,7 +4351,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_absorb_final_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_250(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_9d_b60(&self, buf); return self; } @@ -4369,7 +4369,7 @@ with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_e60( +static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -4556,11 +4556,11 @@ with const generics - RATE= 168 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_9d_7e0(void) { +libcrux_sha3_generic_keccak_new_9d_470(void) { libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_f4(); + lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_9d_e60(ret); + libcrux_sha3_generic_keccak_zero_block_9d_5e0(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -4574,7 +4574,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_9d_7e0(); + return libcrux_sha3_generic_keccak_new_9d_470(); } /** @@ -4589,7 +4589,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_5a with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81( uint64_t (*state)[5U], Eurydice_slice out[1U]) { size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U; size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U; @@ -4630,11 +4630,11 @@ with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_96( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out[1U]) { if (self->sponge) { - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); } size_t out_len = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = out_len / (size_t)136U; @@ -4651,7 +4651,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_96( memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice out_rest[1U]; memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out00); + libcrux_sha3_portable_keccak_store_5a_81(self->inner.st, out00); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -4670,14 +4670,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_96( memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice tmp[1U]; memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); - libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out0); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); + libcrux_sha3_portable_keccak_store_5a_81(self->inner.st, out0); memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < out_len) { - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); - libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out_rest); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); + libcrux_sha3_portable_keccak_store_5a_81(self->inner.st, out_rest); } self->sponge = true; } @@ -4693,7 +4693,7 @@ libcrux_sha3::portable::incremental::Shake256Squeeze)#3} static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_96(self, buf); + libcrux_sha3_generic_keccak_squeeze_9d_ba(self, buf); } /** @@ -4708,7 +4708,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_5a with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810( uint64_t (*state)[5U], Eurydice_slice out[1U]) { size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U; size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U; @@ -4749,11 +4749,11 @@ with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_960( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out[1U]) { if (self->sponge) { - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); } size_t out_len = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = out_len / (size_t)168U; @@ -4770,7 +4770,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_960( memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice out_rest[1U]; memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out00); + libcrux_sha3_portable_keccak_store_5a_810(self->inner.st, out00); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -4789,14 +4789,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_960( memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice tmp[1U]; memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); - libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out0); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); + libcrux_sha3_portable_keccak_store_5a_810(self->inner.st, out0); memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < out_len) { - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); - libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out_rest); + libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); + libcrux_sha3_portable_keccak_store_5a_810(self->inner.st, out_rest); } self->sponge = true; } @@ -4812,7 +4812,7 @@ libcrux_sha3::portable::incremental::Shake128Squeeze)#1} static inline void libcrux_sha3_portable_incremental_squeeze_10( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_960(self, buf); + libcrux_sha3_generic_keccak_squeeze_9d_ba0(self, buf); } /** From 963301740b9299c37bba4a3ffd890fe944312361 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 30 Aug 2024 19:22:43 +0200 Subject: [PATCH 117/172] more feature guards --- libcrux-ml-kem/src/hash_functions.rs | 1 + libcrux-ml-kem/src/ind_cca/multiplexing.rs | 2 +- libcrux-ml-kem/src/mlkem512.rs | 2 +- libcrux-ml-kem/src/mlkem768.rs | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs index 6aa8c9133..a2e2728e0 100644 --- a/libcrux-ml-kem/src/hash_functions.rs +++ b/libcrux-ml-kem/src/hash_functions.rs @@ -173,6 +173,7 @@ pub(crate) mod portable { } /// A SIMD256 implementation of [`Hash`] for AVX2 +#[cfg(feature = "simd256")] pub(crate) mod avx2 { use super::*; use libcrux_sha3::{ diff --git a/libcrux-ml-kem/src/ind_cca/multiplexing.rs b/libcrux-ml-kem/src/ind_cca/multiplexing.rs index 588d551e3..88098f375 100644 --- a/libcrux-ml-kem/src/ind_cca/multiplexing.rs +++ b/libcrux-ml-kem/src/ind_cca/multiplexing.rs @@ -13,7 +13,7 @@ use instantiations::avx2::{ #[cfg(feature = "simd128")] use instantiations::neon::{ decapsulate as decapsulate_neon, encapsulate as encapsulate_neon, - generate_keypair as generate_keypair_neon, validate_public_key as validate_public_key_neon, + generate_keypair as generate_keypair_neon, }; #[cfg(not(feature = "simd256"))] diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index f26bc1018..eb5a37ddf 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -439,7 +439,7 @@ pub fn decapsulate( /// implements `RngCore` and `CryptoRng`. /// /// Decapsulation is not provided in this module as it does not require randomness. -#[cfg(not(eurydice))] +#[cfg(all(not(eurydice), feature = "rand"))] pub mod rand { use super::{ MlKem512Ciphertext, MlKem512KeyPair, MlKem512PublicKey, MlKemSharedSecret, diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 5d629d6c6..88c328801 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -442,7 +442,7 @@ pub fn decapsulate( /// implements `RngCore` and `CryptoRng`. /// /// Decapsulation is not provided in this module as it does not require randomness. -#[cfg(not(eurydice))] +#[cfg(all(not(eurydice), feature = "rand"))] pub mod rand { use super::{ MlKem768Ciphertext, MlKem768KeyPair, MlKem768PublicKey, MlKemSharedSecret, From 75ca451a323d4ed369a5e0caaab461666ace9eb6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 2 Sep 2024 17:05:57 +1000 Subject: [PATCH 118/172] basic fuzzing for C extraction of ML-KEM768 --- libcrux-ml-kem/cg/fuzz/Makefile | 35 +++++++++++++++ libcrux-ml-kem/cg/fuzz/dec_fuzz.cc | 49 +++++++++++++++++++++ libcrux-ml-kem/cg/fuzz/enc_fuzz.cc | 32 ++++++++++++++ libcrux-ml-kem/cg/fuzz/mkcorpus.c | 66 ++++++++++++++++++++++++++++ libcrux-ml-kem/cg/fuzz/valid_fuzz.cc | 30 +++++++++++++ 5 files changed, 212 insertions(+) create mode 100644 libcrux-ml-kem/cg/fuzz/Makefile create mode 100644 libcrux-ml-kem/cg/fuzz/dec_fuzz.cc create mode 100644 libcrux-ml-kem/cg/fuzz/enc_fuzz.cc create mode 100644 libcrux-ml-kem/cg/fuzz/mkcorpus.c create mode 100644 libcrux-ml-kem/cg/fuzz/valid_fuzz.cc diff --git a/libcrux-ml-kem/cg/fuzz/Makefile b/libcrux-ml-kem/cg/fuzz/Makefile new file mode 100644 index 000000000..aa6434598 --- /dev/null +++ b/libcrux-ml-kem/cg/fuzz/Makefile @@ -0,0 +1,35 @@ +CC=clang-16 +CXX=clang++-16 +FUZZ_FLAGS=-fsanitize=address,undefined,fuzzer -fno-omit-frame-pointer +FUZZ_LIBS=-L/usr/lib/llvm-16/lib -lFuzzer + +CXXFLAGS=-O2 -g -Wall -Wextra -Wno-unused-parameter -Wno-exceptions -I.. +CFLAGS=$(CXXFLAGS) +LDFLAGS=-g +LIBS= +COMMON_DEPS= + +TARGETS=enc_fuzz valid_fuzz dec_fuzz mkcorpus + +all: $(TARGETS) + +.cc.o: + $(CXX) $(CXXFLAGS) $(FUZZ_FLAGS) -c $< -o $@ + +.c.o: + $(CC) $(CFLAGS) -c $< -o $@ + +enc_fuzz: enc_fuzz.o $(COMMON_DEPS) + $(CXX) -o $@ enc_fuzz.o $(LDFLAGS) $(LIBS) $(FUZZ_FLAGS) $(FUZZ_LIBS) + +dec_fuzz: dec_fuzz.o $(COMMON_DEPS) + $(CXX) -o $@ dec_fuzz.o $(LDFLAGS) $(LIBS) $(FUZZ_FLAGS) $(FUZZ_LIBS) + +valid_fuzz: valid_fuzz.o $(COMMON_DEPS) + $(CXX) -o $@ valid_fuzz.o $(LDFLAGS) $(LIBS) $(FUZZ_FLAGS) $(FUZZ_LIBS) + +mkcorpus: mkcorpus.o + $(CC) -o $@ mkcorpus.o + +clean: + -rm -f *.o $(TARGETS) diff --git a/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc b/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc new file mode 100644 index 000000000..9720aa8fa --- /dev/null +++ b/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc @@ -0,0 +1,49 @@ +// Basic fuzz test for depcapsulate operation, + +#include +#include +#include +#include +#include +#include + +#include "libcrux_mlkem768_portable.h" + +extern "C" { + +void privkeys(libcrux_ml_kem_types_MlKemPrivateKey_55 *zero_sk, + libcrux_ml_kem_types_MlKemPrivateKey_55 *rnd_sk) +{ + uint8_t rnd[64]; + memset(rnd, 0, sizeof(rnd)); + auto kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd); + *zero_sk = kp.sk; + (void)getentropy(rnd, sizeof(rnd)); + kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd); + *rnd_sk = kp.sk; +} + +int LLVMFuzzerTestOneInput(const uint8_t* input, size_t len) +{ + static bool once; + uint8_t ret[32]; + libcrux_ml_kem_types_MlKemPrivateKey_55 zero_sk, rnd_sk; + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ct; + + if (!once) { + privkeys(&zero_sk, &rnd_sk); + once = true; + } + + memset(&ct, 0, sizeof(ct)); + if (len > sizeof(ct.value)) { + len = sizeof(ct.value); + } + memcpy(ct.value, input, len); + + libcrux_ml_kem_mlkem768_portable_decapsulate(&zero_sk, &ct, ret); + libcrux_ml_kem_mlkem768_portable_decapsulate(&rnd_sk, &ct, ret); + return 0; +} + +} // extern diff --git a/libcrux-ml-kem/cg/fuzz/enc_fuzz.cc b/libcrux-ml-kem/cg/fuzz/enc_fuzz.cc new file mode 100644 index 000000000..9a2637cc9 --- /dev/null +++ b/libcrux-ml-kem/cg/fuzz/enc_fuzz.cc @@ -0,0 +1,32 @@ +// Basic fuzz test for encapsulate operation. + +#include +#include +#include +#include +#include +#include + +#include "libcrux_mlkem768_portable.h" + +extern "C" { + +int LLVMFuzzerTestOneInput(const uint8_t* input, size_t len) +{ + uint8_t rnd[32]; + libcrux_ml_kem_mlkem768_MlKem768PublicKey pk; + + memset(rnd, 0, sizeof(rnd)); + memset(&pk, 0, sizeof(pk)); + if (len > sizeof(pk.value)) { + len = sizeof(pk.value); + } + memcpy(pk.value, input, len); + + (void)libcrux_ml_kem_mlkem768_portable_encapsulate(&pk, rnd); + (void)getentropy(rnd, sizeof(rnd)); + (void)libcrux_ml_kem_mlkem768_portable_encapsulate(&pk, rnd); + return 0; +} + +} // extern diff --git a/libcrux-ml-kem/cg/fuzz/mkcorpus.c b/libcrux-ml-kem/cg/fuzz/mkcorpus.c new file mode 100644 index 000000000..5d488d429 --- /dev/null +++ b/libcrux-ml-kem/cg/fuzz/mkcorpus.c @@ -0,0 +1,66 @@ +// Makes basic seed corpora for other fuzzers +// +// Will write to ./pubkey_corpus (for valid_fuzz and enc_fuzz) and +// to ./ciphertext_corpus (for dec_fuzz) + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "libcrux_mlkem768_portable.h" + +#define NSEEDS 1000 + +void write_blob(const char *path, int n, const char *suffix, + const void *p, size_t l) +{ + char name[256]; + FILE *f; + + snprintf(name, sizeof(name), "%s/%06d.%s", path, n, suffix); + if ((f = fopen(name, "wb+")) == NULL) + err(1, "fopen %s", name); + if (fwrite(p, l, 1, f) != 1) + err(1, "write %s", name); + fclose(f); +} + +int main(void) +{ + int i; + uint8_t rnd[64]; + libcrux_ml_kem_mlkem768_MlKem768KeyPair kp; + tuple_3c enc; + + if (mkdir("pubkey_corpus", 0777) != 0 && errno != EEXIST) + err(1, "mkdir pubkey_corpus"); + if (mkdir("ciphertext_corpus", 0777) != 0 && errno != EEXIST) + err(1, "mkdir ciphertext_corpus"); + + for (i = 0; i < NSEEDS; i++) { + if (i == 0) { + memset(rnd, 0, sizeof(rnd)); + } else { + (void)getentropy(rnd, sizeof(rnd)); + } + kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd); + write_blob("pubkey_corpus", i, "pk", + kp.pk.value, sizeof(kp.pk.value)); + + if (i == 0) { + memset(rnd, 0, sizeof(rnd)); + } else { + (void)getentropy(rnd, sizeof(rnd)); + } + enc = libcrux_ml_kem_mlkem768_portable_encapsulate(&kp.pk, rnd); + write_blob("ciphertext_corpus", i, "ct", + enc.fst.value, sizeof(enc.fst.value)); + } + return 0; +} diff --git a/libcrux-ml-kem/cg/fuzz/valid_fuzz.cc b/libcrux-ml-kem/cg/fuzz/valid_fuzz.cc new file mode 100644 index 000000000..ca9cf2a5a --- /dev/null +++ b/libcrux-ml-kem/cg/fuzz/valid_fuzz.cc @@ -0,0 +1,30 @@ +// Basic fuzz test for pubkey validation. + +#include +#include +#include +#include +#include +#include + +#include "libcrux_mlkem768_portable.h" + +extern "C" { + +int LLVMFuzzerTestOneInput(const uint8_t* input, size_t len) +{ + uint8_t rnd[32]; + libcrux_ml_kem_mlkem768_MlKem768PublicKey pk; + + memset(rnd, 0, sizeof(rnd)); + memset(&pk, 0, sizeof(pk)); + if (len > sizeof(pk.value)) { + len = sizeof(pk.value); + } + memcpy(pk.value, input, len); + + (void)libcrux_ml_kem_mlkem768_portable_validate_public_key(&pk); + return 0; +} + +} // extern From a39bda0ca1b44ecc1c88156a375e760db9c37aaf Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 2 Sep 2024 10:03:30 +0000 Subject: [PATCH 119/172] update docker --- .docker/c/Dockerfile | 2 ++ .docker/c/ext-tools.sh | 45 ++++++++++++++++++++++++++++++++++++++++++ .docker/c/install.sh | 40 ------------------------------------- 3 files changed, 47 insertions(+), 40 deletions(-) create mode 100644 .docker/c/ext-tools.sh diff --git a/.docker/c/Dockerfile b/.docker/c/Dockerfile index f90b1512b..ffaed4cb7 100644 --- a/.docker/c/Dockerfile +++ b/.docker/c/Dockerfile @@ -23,6 +23,8 @@ COPY --chown=$USER:$USER . $HOME/$USER # Setup & install. ADD install.sh /tmp/install.sh RUN bash /tmp/install.sh +ADD ext-tools.sh /tmp/ext-tools.sh +RUN bash /tmp/ext-tools.sh ENV FSTAR_HOME=$HOME/fstar ENV HACL_HOME=$HOME/hacl-star diff --git a/.docker/c/ext-tools.sh b/.docker/c/ext-tools.sh new file mode 100644 index 000000000..946dc9137 --- /dev/null +++ b/.docker/c/ext-tools.sh @@ -0,0 +1,45 @@ +#!/usr/bin/env bash + +set -v -e -x + +source $HOME/.profile + +curl -L https://github.com/AeneasVerif/charon/archive/b351338f6a84c7a1afc27433eb0ffdc668b3581d.zip \ + --output charon.zip +unzip charon.zip +rm -rf charon.zip +mv charon-b351338f6a84c7a1afc27433eb0ffdc668b3581d/ charon + +curl -L https://github.com/FStarLang/karamel/archive/c96fb69d15693284644d6aecaa90afa37e4de8f0.zip \ + --output karamel.zip +unzip karamel.zip +rm -rf karamel.zip +mv karamel-c96fb69d15693284644d6aecaa90afa37e4de8f0/ karamel + +curl -L https://github.com/AeneasVerif/eurydice/archive/7efec1624422fd5e94388ef06b9c76dfe7a48d46.zip \ + --output eurydice.zip +unzip eurydice.zip +rm -rf eurydice.zip +mv eurydice-7efec1624422fd5e94388ef06b9c76dfe7a48d46/ eurydice + +echo "export KRML_HOME=$HOME/karamel" >>$HOME/.profile +echo "export EURYDICE_HOME=$HOME/eurydice" >>$HOME/.profile +echo "export CHARON_HOME=$HOME/charon" >>$HOME/.profile + +# Build everything +cd karamel +make -j +cd - + +cd charon +make -j +cd - + +cd eurydice/lib +rm -f charon +ln -s $CHARON_HOME/charon-ml charon +rm -f krml +ln -s $KRML_HOME/lib krml +cd ../ +make -j +cd ../ diff --git a/.docker/c/install.sh b/.docker/c/install.sh index 5ca42d3bf..82d2e78a0 100644 --- a/.docker/c/install.sh +++ b/.docker/c/install.sh @@ -25,30 +25,8 @@ unzip hacl-star.zip rm -rf hacl-star.zip mv hacl-star-2a8b61343a1a7232611cb763b0dc3e4dff84d656/ hacl-star -curl -L https://github.com/AeneasVerif/charon/archive/b351338f6a84c7a1afc27433eb0ffdc668b3581d.zip \ - --output charon.zip -unzip charon.zip -rm -rf charon.zip -mv charon-b351338f6a84c7a1afc27433eb0ffdc668b3581d/ charon - - -curl -L https://github.com/FStarLang/karamel/archive/c96fb69d15693284644d6aecaa90afa37e4de8f0.zip \ - --output karamel.zip -unzip karamel.zip -rm -rf karamel.zip -mv karamel-c96fb69d15693284644d6aecaa90afa37e4de8f0/ karamel - -curl -L https://github.com/AeneasVerif/eurydice/archive/7efec1624422fd5e94388ef06b9c76dfe7a48d46.zip \ - --output eurydice.zip -unzip eurydice.zip -rm -rf eurydice.zip -mv eurydice-7efec1624422fd5e94388ef06b9c76dfe7a48d46/ eurydice - echo "export FSTAR_HOME=$HOME/fstar" >>$HOME/.profile echo "export HACL_HOME=$HOME/hacl-star" >>$HOME/.profile -echo "export KRML_HOME=$HOME/karamel" >>$HOME/.profile -echo "export EURYDICE_HOME=$HOME/eurydice" >>$HOME/.profile -echo "export CHARON_HOME=$HOME/charon" >>$HOME/.profile echo "export HAX_HOME=$HOME/hax" >>$HOME/.profile echo "export PATH=\"${PATH}:$HOME/fstar/bin:$HOME/z3/bin\"" >>$HOME/.profile echo "[[ ! -r /home/$USER/.opam/opam-init/init.sh ]] || source /home/$USER/.opam/opam-init/init.sh > /dev/null 2> /dev/null" >>$HOME/.profile @@ -56,21 +34,3 @@ echo "[[ ! -r /home/$USER/.opam/opam-init/init.sh ]] || source /home/$USER/.opam source $HOME/.profile opam install --yes ocamlfind visitors menhir ppx_deriving_yojson core_unix sedlex wasm fix process pprint zarith yaml easy_logging terminal eval $(opam env) - -# Build everything -cd karamel -make -j -cd - - -cd charon -make -j -cd - - -cd eurydice/lib -rm -f charon -ln -s $CHARON_HOME/charon-ml charon -rm -f krml -ln -s $KRML_HOME/lib krml -cd ../ -make -j -cd ../ From 3fc1eab0d59a13d74875b9af6bb47af8b7bdf618 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 2 Sep 2024 17:12:42 +0200 Subject: [PATCH 120/172] Apply suggestions from code review Co-authored-by: Jonas Schneider-Bensch <124457079+jschneider-bensch@users.noreply.github.com> --- libcrux-ml-kem/src/kem/kyber/kyber1024.rs | 2 +- libcrux-ml-kem/src/kem/kyber/kyber512.rs | 2 +- libcrux-ml-kem/src/kem/kyber/kyber768.rs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/libcrux-ml-kem/src/kem/kyber/kyber1024.rs b/libcrux-ml-kem/src/kem/kyber/kyber1024.rs index f3fa12a5c..41bfff6ed 100644 --- a/libcrux-ml-kem/src/kem/kyber/kyber1024.rs +++ b/libcrux-ml-kem/src/kem/kyber/kyber1024.rs @@ -43,7 +43,7 @@ pub type MlKem1024PublicKey = MlKemPublicKey; /// Validate a public key. /// -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. pub fn validate_public_key(public_key: &MlKem1024PublicKey) -> bool { super::validate_public_key::< RANK_1024, diff --git a/libcrux-ml-kem/src/kem/kyber/kyber512.rs b/libcrux-ml-kem/src/kem/kyber/kyber512.rs index 728e59092..01968b5f2 100644 --- a/libcrux-ml-kem/src/kem/kyber/kyber512.rs +++ b/libcrux-ml-kem/src/kem/kyber/kyber512.rs @@ -41,7 +41,7 @@ pub type MlKem512PublicKey = MlKemPublicKey; /// Validate a public key. /// -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. pub fn validate_public_key(public_key: &MlKem512PublicKey) -> bool { super::validate_public_key::< RANK_512, diff --git a/libcrux-ml-kem/src/kem/kyber/kyber768.rs b/libcrux-ml-kem/src/kem/kyber/kyber768.rs index b1f586f92..261582f59 100644 --- a/libcrux-ml-kem/src/kem/kyber/kyber768.rs +++ b/libcrux-ml-kem/src/kem/kyber/kyber768.rs @@ -42,7 +42,7 @@ pub type MlKem768PublicKey = MlKemPublicKey; /// Validate a public key. /// -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. pub fn validate_public_key(public_key: &MlKem768PublicKey) -> bool { super::validate_public_key::< RANK_768, From ea41a3862b52303316dd1927c537cedb653e7303 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 3 Sep 2024 08:37:57 +0200 Subject: [PATCH 121/172] Include hidden files in extraction upload --- .github/workflows/c.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/c.yml b/.github/workflows/c.yml index 285eac24a..c3535185b 100644 --- a/.github/workflows/c.yml +++ b/.github/workflows/c.yml @@ -32,6 +32,7 @@ jobs: with: name: c-extraction path: libcrux-ml-kem/c + include-hidden-files: true if-no-files-found: error extract-header-only: @@ -53,6 +54,7 @@ jobs: with: name: header-only-c-extraction path: libcrux-ml-kem/cg/ + include-hidden-files: true if-no-files-found: error diff: From 6d74c9de9713141c13f37fe188b6331c27481119 Mon Sep 17 00:00:00 2001 From: Maxime Buyse Date: Tue, 3 Sep 2024 10:05:15 +0200 Subject: [PATCH 122/172] Remove unsafe code from include to avoid being rejected by hax. --- libcrux-ml-kem/hax.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/hax.py b/libcrux-ml-kem/hax.py index 534d921cc..b95b864ab 100755 --- a/libcrux-ml-kem/hax.py +++ b/libcrux-ml-kem/hax.py @@ -31,7 +31,7 @@ class extractAction(argparse.Action): def __call__(self, parser, args, values, option_string=None) -> None: # Extract platform interfaces - include_str = "+:**" + include_str = "+:** -**::x86::init::cpuid -**::x86::init::cpuid_count" interface_include = "+**" cargo_hax_into = [ "cargo", From 643ca60cb37b088ed6d996cd0b8452820e4b7d0a Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 3 Sep 2024 15:06:54 +0200 Subject: [PATCH 123/172] hax-compatibility: Cast match scrutinees --- libcrux-ml-dsa/src/encoding/commitment.rs | 2 +- libcrux-ml-dsa/src/encoding/error.rs | 4 ++-- libcrux-ml-dsa/src/encoding/gamma1.rs | 4 ++-- libcrux-ml-dsa/src/sample.rs | 6 +++--- libcrux-ml-dsa/src/samplex4.rs | 4 ++-- libcrux-ml-dsa/src/simd/portable/encoding/commitment.rs | 2 +- libcrux-ml-dsa/src/simd/portable/encoding/error.rs | 4 ++-- libcrux-ml-dsa/src/simd/portable/encoding/gamma1.rs | 4 ++-- 8 files changed, 15 insertions(+), 15 deletions(-) diff --git a/libcrux-ml-dsa/src/encoding/commitment.rs b/libcrux-ml-dsa/src/encoding/commitment.rs index 4c6c75990..f5a12e789 100644 --- a/libcrux-ml-dsa/src/encoding/commitment.rs +++ b/libcrux-ml-dsa/src/encoding/commitment.rs @@ -6,7 +6,7 @@ fn serialize( ) -> [u8; OUTPUT_SIZE] { let mut serialized = [0u8; OUTPUT_SIZE]; - match OUTPUT_SIZE { + match OUTPUT_SIZE as u8 { 128 => { // The commitment has coefficients in [0,15] => each coefficient occupies // 4 bits. Each SIMD unit contains 8 elements, which means each diff --git a/libcrux-ml-dsa/src/encoding/error.rs b/libcrux-ml-dsa/src/encoding/error.rs index 8a393d0a9..80080945c 100644 --- a/libcrux-ml-dsa/src/encoding/error.rs +++ b/libcrux-ml-dsa/src/encoding/error.rs @@ -8,7 +8,7 @@ pub(crate) fn serialize [u8; OUTPUT_SIZE] { let mut serialized = [0u8; OUTPUT_SIZE]; - match ETA { + match ETA as u8 { 2 => { const OUTPUT_BYTES_PER_SIMD_UNIT: usize = 3; @@ -41,7 +41,7 @@ pub(crate) fn serialize( serialized: &[u8], ) -> PolynomialRingElement { - let mut serialized_chunks = match ETA { + let mut serialized_chunks = match ETA as u8 { 2 => serialized.chunks(3), 4 => serialized.chunks(4), _ => unreachable!(), diff --git a/libcrux-ml-dsa/src/encoding/gamma1.rs b/libcrux-ml-dsa/src/encoding/gamma1.rs index cd35c3488..09e93f725 100644 --- a/libcrux-ml-dsa/src/encoding/gamma1.rs +++ b/libcrux-ml-dsa/src/encoding/gamma1.rs @@ -10,7 +10,7 @@ pub(crate) fn serialize< ) -> [u8; OUTPUT_BYTES] { let mut serialized = [0u8; OUTPUT_BYTES]; - match GAMMA1_EXPONENT { + match GAMMA1_EXPONENT as u8 { 17 => { const OUTPUT_BYTES_PER_SIMD_UNIT: usize = 18; @@ -43,7 +43,7 @@ pub(crate) fn serialize< pub(crate) fn deserialize( serialized: &[u8], ) -> PolynomialRingElement { - let mut serialized_chunks = match GAMMA1_EXPONENT { + let mut serialized_chunks = match GAMMA1_EXPONENT as u8 { 17 => serialized.chunks(18), 19 => serialized.chunks(20), _ => unreachable!(), diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index e16ca46e4..43183e438 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -210,7 +210,7 @@ pub(crate) fn rejection_sample_less_than_eta bool { - match ETA { + match ETA as u8 { 2 => rejection_sample_less_than_eta_equals_2::(randomness, sampled, out), 4 => rejection_sample_less_than_eta_equals_4::(randomness, sampled, out), _ => unreachable!(), @@ -337,7 +337,7 @@ fn sample_mask_ring_element< >( seed: [u8; 66], ) -> PolynomialRingElement { - match GAMMA1_EXPONENT { + match GAMMA1_EXPONENT as u8 { 17 => { let mut out = [0u8; 576]; Shake256::shake256::<576>(&seed, &mut out); @@ -374,7 +374,7 @@ pub(crate) fn sample_mask_vector< let seed2 = update_seed(seed, domain_separator); let seed3 = update_seed(seed, domain_separator); - match GAMMA1_EXPONENT { + match GAMMA1_EXPONENT as u8 { 17 => { let mut out0 = [0; 576]; let mut out1 = [0; 576]; diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs index b8bfd5535..1173c0abf 100644 --- a/libcrux-ml-dsa/src/samplex4.rs +++ b/libcrux-ml-dsa/src/samplex4.rs @@ -374,7 +374,7 @@ pub(crate) fn matrix_A< >( seed: [u8; 34], ) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { - match (ROWS_IN_A, COLUMNS_IN_A) { + match (ROWS_IN_A as u8, COLUMNS_IN_A as u8) { (4, 4) => matrix_A_4_by_4::(seed), (6, 5) => matrix_A_6_by_5::(seed), (8, 7) => matrix_A_8_by_7::(seed), @@ -504,7 +504,7 @@ pub(crate) fn sample_s1_and_s2< [PolynomialRingElement; S1_DIMENSION], [PolynomialRingElement; S2_DIMENSION], ) { - match (S1_DIMENSION, S2_DIMENSION) { + match (S1_DIMENSION as u8, S2_DIMENSION as u8) { (4, 4) => { sample_s1_and_s2_4_by_4::(seed) } diff --git a/libcrux-ml-dsa/src/simd/portable/encoding/commitment.rs b/libcrux-ml-dsa/src/simd/portable/encoding/commitment.rs index 3c6462c20..c6886ba50 100644 --- a/libcrux-ml-dsa/src/simd/portable/encoding/commitment.rs +++ b/libcrux-ml-dsa/src/simd/portable/encoding/commitment.rs @@ -4,7 +4,7 @@ use crate::simd::portable::PortableSIMDUnit; pub fn serialize(simd_unit: PortableSIMDUnit) -> [u8; OUTPUT_SIZE] { let mut serialized = [0u8; OUTPUT_SIZE]; - match OUTPUT_SIZE { + match OUTPUT_SIZE as u8 { 4 => { // The commitment has coefficients in [0,15] => each coefficient occupies // 4 bits. diff --git a/libcrux-ml-dsa/src/simd/portable/encoding/error.rs b/libcrux-ml-dsa/src/simd/portable/encoding/error.rs index f9d1ae7fb..d7878fbc8 100644 --- a/libcrux-ml-dsa/src/simd/portable/encoding/error.rs +++ b/libcrux-ml-dsa/src/simd/portable/encoding/error.rs @@ -43,7 +43,7 @@ fn serialize_when_eta_is_4( pub(crate) fn serialize( simd_unit: PortableSIMDUnit, ) -> [u8; OUTPUT_SIZE] { - match OUTPUT_SIZE { + match OUTPUT_SIZE as u8 { 3 => serialize_when_eta_is_2::(simd_unit), 4 => serialize_when_eta_is_4::(simd_unit), _ => unreachable!(), @@ -88,7 +88,7 @@ fn deserialize_when_eta_is_4(serialized: &[u8]) -> PortableSIMDUnit { } #[inline(always)] pub(crate) fn deserialize(serialized: &[u8]) -> PortableSIMDUnit { - match ETA { + match ETA as u8 { 2 => deserialize_when_eta_is_2(serialized), 4 => deserialize_when_eta_is_4(serialized), _ => unreachable!(), diff --git a/libcrux-ml-dsa/src/simd/portable/encoding/gamma1.rs b/libcrux-ml-dsa/src/simd/portable/encoding/gamma1.rs index 67899ae72..eabb2fd81 100644 --- a/libcrux-ml-dsa/src/simd/portable/encoding/gamma1.rs +++ b/libcrux-ml-dsa/src/simd/portable/encoding/gamma1.rs @@ -65,7 +65,7 @@ fn serialize_when_gamma1_is_2_pow_19( pub(crate) fn serialize( simd_unit: PortableSIMDUnit, ) -> [u8; OUTPUT_SIZE] { - match OUTPUT_SIZE { + match OUTPUT_SIZE as u8 { 18 => serialize_when_gamma1_is_2_pow_17::(simd_unit), 20 => serialize_when_gamma1_is_2_pow_19::(simd_unit), _ => unreachable!(), @@ -141,7 +141,7 @@ fn deserialize_when_gamma1_is_2_pow_19(serialized: &[u8]) -> PortableSIMDUnit { } #[inline(always)] pub(crate) fn deserialize(serialized: &[u8]) -> PortableSIMDUnit { - match GAMMA1_EXPONENT { + match GAMMA1_EXPONENT as u8 { 17 => deserialize_when_gamma1_is_2_pow_17(serialized), 19 => deserialize_when_gamma1_is_2_pow_19(serialized), _ => unreachable!(), From 7e674c6d82f120eb174ea98314e356613a85c980 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 3 Sep 2024 16:03:41 +0200 Subject: [PATCH 124/172] hax-compatibility: Change `loop` to a bounded iteration --- libcrux-ml-dsa/examples/sign_65.rs | 3 +- libcrux-ml-dsa/examples/verify_65.rs | 3 +- libcrux-ml-dsa/src/lib.rs | 5 +- libcrux-ml-dsa/src/ml_dsa_44.rs | 4 +- libcrux-ml-dsa/src/ml_dsa_65.rs | 4 +- libcrux-ml-dsa/src/ml_dsa_87.rs | 4 +- libcrux-ml-dsa/src/ml_dsa_generic.rs | 111 ++++++++++++++---------- libcrux-ml-dsa/tests/nistkats.rs | 3 +- libcrux-ml-dsa/tests/self.rs | 6 +- libcrux-ml-dsa/tests/wycheproof_sign.rs | 3 +- 10 files changed, 89 insertions(+), 57 deletions(-) diff --git a/libcrux-ml-dsa/examples/sign_65.rs b/libcrux-ml-dsa/examples/sign_65.rs index 162d3fc11..0981da400 100644 --- a/libcrux-ml-dsa/examples/sign_65.rs +++ b/libcrux-ml-dsa/examples/sign_65.rs @@ -16,6 +16,7 @@ fn main() { let keypair = ml_dsa_65::generate_key_pair(key_generation_seed); for _i in 0..100_000 { - let _ = ml_dsa_65::sign(&keypair.signing_key, &message, signing_randomness); + let _ = ml_dsa_65::sign(&keypair.signing_key, &message, signing_randomness) + .expect("Rejection sampling failure probability is < 2⁻¹²⁸"); } } diff --git a/libcrux-ml-dsa/examples/verify_65.rs b/libcrux-ml-dsa/examples/verify_65.rs index 3ebbd7245..854288d03 100644 --- a/libcrux-ml-dsa/examples/verify_65.rs +++ b/libcrux-ml-dsa/examples/verify_65.rs @@ -14,7 +14,8 @@ fn main() { let message = random_array::<1023>(); let keypair = ml_dsa_65::generate_key_pair(key_generation_seed); - let signature = ml_dsa_65::sign(&keypair.signing_key, &message, signing_randomness); + let signature = ml_dsa_65::sign(&keypair.signing_key, &message, signing_randomness) + .expect("Rejection sampling failure probability is < 2⁻¹²⁸"); for _i in 0..100_000 { ml_dsa_65::verify(&keypair.verification_key, &message, &signature).unwrap(); diff --git a/libcrux-ml-dsa/src/lib.rs b/libcrux-ml-dsa/src/lib.rs index 084c097b5..6bd0a6510 100644 --- a/libcrux-ml-dsa/src/lib.rs +++ b/libcrux-ml-dsa/src/lib.rs @@ -17,7 +17,10 @@ mod utils; // Public interface -pub use {ml_dsa_generic::VerificationError, types::*}; +pub use { + ml_dsa_generic::{SigningError, VerificationError}, + types::*, +}; pub use crate::constants::KEY_GENERATION_RANDOMNESS_SIZE; pub use crate::constants::SIGNING_RANDOMNESS_SIZE; diff --git a/libcrux-ml-dsa/src/ml_dsa_44.rs b/libcrux-ml-dsa/src/ml_dsa_44.rs index b2b1338c0..0b476a2a5 100644 --- a/libcrux-ml-dsa/src/ml_dsa_44.rs +++ b/libcrux-ml-dsa/src/ml_dsa_44.rs @@ -1,4 +1,4 @@ -use crate::{constants::*, ml_dsa_generic, types::*, VerificationError}; +use crate::{constants::*, ml_dsa_generic, types::*, SigningError, VerificationError}; // ML-DSA-44-specific parameters @@ -112,7 +112,7 @@ pub fn sign( signing_key: &MLDSA44SigningKey, message: &[u8], randomness: [u8; SIGNING_RANDOMNESS_SIZE], -) -> MLDSA44Signature { +) -> Result { ml_dsa_generic::sign::< SIMDUnit, // TODO: Multiplex this based on platform detection. Shake128, diff --git a/libcrux-ml-dsa/src/ml_dsa_65.rs b/libcrux-ml-dsa/src/ml_dsa_65.rs index 285b89d0d..7ad31133b 100644 --- a/libcrux-ml-dsa/src/ml_dsa_65.rs +++ b/libcrux-ml-dsa/src/ml_dsa_65.rs @@ -1,4 +1,4 @@ -use crate::{constants::*, types::*, VerificationError}; +use crate::{constants::*, types::*, SigningError, VerificationError}; // ML-DSA-65-specific parameters @@ -114,7 +114,7 @@ pub fn sign( signing_key: &MLDSA65SigningKey, message: &[u8], randomness: [u8; SIGNING_RANDOMNESS_SIZE], -) -> MLDSA65Signature { +) -> Result { crate::ml_dsa_generic::sign::< SIMDUnit, Shake128, diff --git a/libcrux-ml-dsa/src/ml_dsa_87.rs b/libcrux-ml-dsa/src/ml_dsa_87.rs index 47840d027..9380a5379 100644 --- a/libcrux-ml-dsa/src/ml_dsa_87.rs +++ b/libcrux-ml-dsa/src/ml_dsa_87.rs @@ -1,4 +1,4 @@ -use crate::{constants::*, types::*, VerificationError}; +use crate::{constants::*, types::*, SigningError, VerificationError}; // ML-DSA-87 parameters @@ -117,7 +117,7 @@ pub fn sign( signing_key: &MLDSA87SigningKey, message: &[u8], randomness: [u8; SIGNING_RANDOMNESS_SIZE], -) -> MLDSA87Signature { +) -> Result { crate::ml_dsa_generic::sign::< SIMDUnit, Shake128, diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs index 7f90a1b3b..a6e6c618b 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs @@ -5,7 +5,7 @@ use crate::{ decompose_vector, make_hint, power2round_vector, use_hint, vector_infinity_norm_exceeds, }, constants::*, - encoding, + encoding::{self, commitment}, hash_functions::{shake128, shake256}, matrix::{ add_vectors, compute_A_times_mask, compute_As1_plus_s2, compute_w_approx, subtract_vectors, @@ -100,6 +100,11 @@ pub enum VerificationError { CommitmentHashesDontMatchError, } +#[derive(Debug)] +pub enum SigningError { + RejectionSamplingError, +} + #[allow(non_snake_case)] pub(crate) fn sign< SIMDUnit: Operations, @@ -125,7 +130,7 @@ pub(crate) fn sign< signing_key: &[u8; SIGNING_KEY_SIZE], message: &[u8], randomness: [u8; SIGNING_RANDOMNESS_SIZE], -) -> MLDSASignature { +) -> Result, SigningError> { let (seed_for_A, seed_for_signing, verification_key_hash, s1_as_ntt, s2_as_ntt, t0_as_ntt) = encoding::signing_key::deserialize_then_ntt::< SIMDUnit, @@ -165,18 +170,17 @@ pub(crate) fn sign< let mut attempt = 0; - // TODO: This style of rejection sampling, with the break and the continues, - // won't pass through hax; it'll need to be rewritten. - // See https://github.com/cryspen/libcrux/issues/341 - let (commitment_hash, signer_response, hint) = loop { - attempt += 1; + let mut commitment_hash = None; + let mut signer_response = None; + let mut hint = None; - // Depending on the mode, one try has a chance between 1/7 and 1/4 - // of succeeding. Thus it is safe to say that 576 iterations - // are enough as (6/7)⁵⁷⁶ < 2⁻¹²⁸[1]. - // - // [1]: https://github.com/cloudflare/circl/blob/main/sign/dilithium/mode2/internal/dilithium.go#L341 - debug_assert!(attempt < 576); + // Depending on the mode, one try has a chance between 1/7 and 1/4 + // of succeeding. Thus it is safe to say that 576 iterations + // are enough as (6/7)⁵⁷⁶ < 2⁻¹²⁸[1]. + // + // [1]: https://github.com/cloudflare/circl/blob/main/sign/dilithium/mode2/internal/dilithium.go#L341 + while attempt < 576 { + attempt += 1; let mask = sample_mask_vector::( @@ -189,7 +193,7 @@ pub(crate) fn sign< let (w0, commitment) = decompose_vector::(A_times_mask); - let mut commitment_hash = [0; COMMITMENT_HASH_SIZE]; + let mut commitment_hash_candidate = [0; COMMITMENT_HASH_SIZE]; { let commitment_serialized = encoding::commitment::serialize_vector::< SIMDUnit, @@ -202,7 +206,7 @@ pub(crate) fn sign< shake.absorb(&message_representative); let mut shake = shake.absorb_final(&commitment_serialized); - shake.squeeze(&mut commitment_hash); + shake.squeeze(&mut commitment_hash_candidate); } let verifier_challenge_as_ntt = ntt(sample_challenge_ring_element::< @@ -210,7 +214,7 @@ pub(crate) fn sign< Shake256, ONES_IN_VERIFIER_CHALLENGE, >( - commitment_hash[0..VERIFIER_CHALLENGE_SEED_SIZE] + commitment_hash_candidate[0..VERIFIER_CHALLENGE_SEED_SIZE] .try_into() .unwrap(), )); @@ -224,44 +228,63 @@ pub(crate) fn sign< &verifier_challenge_as_ntt, ); - let signer_response = add_vectors::(&mask, &challenge_times_s1); + let signer_response_candidate = + add_vectors::(&mask, &challenge_times_s1); let w0_minus_challenge_times_s2 = subtract_vectors::(&w0, &challenge_times_s2); if vector_infinity_norm_exceeds::( - signer_response, + signer_response_candidate, (1 << GAMMA1_EXPONENT) - BETA, ) { - continue; - } - if vector_infinity_norm_exceeds::( - w0_minus_challenge_times_s2, - GAMMA2 - BETA, - ) { - continue; + } else { + if vector_infinity_norm_exceeds::( + w0_minus_challenge_times_s2, + GAMMA2 - BETA, + ) { + } else { + let challenge_times_t0 = vector_times_ring_element::( + &t0_as_ntt, + &verifier_challenge_as_ntt, + ); + if vector_infinity_norm_exceeds::(challenge_times_t0, GAMMA2) { + } else { + let w0_minus_c_times_s2_plus_c_times_t0 = add_vectors::( + &w0_minus_challenge_times_s2, + &challenge_times_t0, + ); + let (hint_candidate, ones_in_hint) = make_hint::( + w0_minus_c_times_s2_plus_c_times_t0, + commitment, + ); + + if ones_in_hint > MAX_ONES_IN_HINT { + } else { + attempt = 576; // exit loop now + commitment_hash = Some(commitment_hash_candidate); + signer_response = Some(signer_response_candidate); + hint = Some(hint_candidate); + } + } + } } + } - let challenge_times_t0 = vector_times_ring_element::( - &t0_as_ntt, - &verifier_challenge_as_ntt, - ); - if vector_infinity_norm_exceeds::(challenge_times_t0, GAMMA2) { - continue; - } + let commitment_hash = match commitment_hash { + Some(commitment_hash) => Ok(commitment_hash), + None => Err(SigningError::RejectionSamplingError), + }?; - let w0_minus_c_times_s2_plus_c_times_t0 = - add_vectors::(&w0_minus_challenge_times_s2, &challenge_times_t0); - let (hint, ones_in_hint) = make_hint::( - w0_minus_c_times_s2_plus_c_times_t0, - commitment, - ); - if ones_in_hint > MAX_ONES_IN_HINT { - continue; - } + let signer_response = match signer_response { + Some(signer_response) => Ok(signer_response), + None => Err(SigningError::RejectionSamplingError), + }?; - break (commitment_hash, signer_response, hint); - }; + let hint = match hint { + Some(hint) => Ok(hint), + None => Err(SigningError::RejectionSamplingError), + }?; let signature = Signature:: { commitment_hash, @@ -270,7 +293,7 @@ pub(crate) fn sign< } .serialize::(); - MLDSASignature(signature) + Ok(MLDSASignature(signature)) } #[allow(non_snake_case)] diff --git a/libcrux-ml-dsa/tests/nistkats.rs b/libcrux-ml-dsa/tests/nistkats.rs index 98c605495..ec6a98bf8 100644 --- a/libcrux-ml-dsa/tests/nistkats.rs +++ b/libcrux-ml-dsa/tests/nistkats.rs @@ -57,7 +57,8 @@ macro_rules! impl_nist_known_answer_tests { let message = hex::decode(kat.message).expect("Hex-decoding the message failed."); - let signature = $sign(&key_pair.signing_key, &message, kat.signing_randomness); + let signature = $sign(&key_pair.signing_key, &message, kat.signing_randomness) + .expect("Rejection sampling failure probability is < 2⁻¹²⁸"); let signature_hash = libcrux_sha3::sha256(&signature.0); assert_eq!( diff --git a/libcrux-ml-dsa/tests/self.rs b/libcrux-ml-dsa/tests/self.rs index 64ec5a795..760a3050b 100644 --- a/libcrux-ml-dsa/tests/self.rs +++ b/libcrux-ml-dsa/tests/self.rs @@ -59,7 +59,8 @@ macro_rules! impl_consistency_test { let key_pair = $key_gen(key_generation_seed); - let signature = $sign(&key_pair.signing_key, &message, signing_randomness); + let signature = $sign(&key_pair.signing_key, &message, signing_randomness) + .expect("Rejection sampling failure probability is < 2⁻¹²⁸"); $verify(&key_pair.verification_key, &message, &signature) .expect("Verification should pass since the signature was honestly generated"); @@ -80,7 +81,8 @@ macro_rules! impl_modified_signing_key_test { modify_signing_key::<{ $signing_key_size }>(&mut key_pair.signing_key.0); - let signature = $sign(&key_pair.signing_key, &message, signing_randomness); + let signature = $sign(&key_pair.signing_key, &message, signing_randomness) + .expect("Rejection sampling failure probability is < 2⁻¹²⁸"); assert!($verify(&key_pair.verification_key, &message, &signature).is_err()); } diff --git a/libcrux-ml-dsa/tests/wycheproof_sign.rs b/libcrux-ml-dsa/tests/wycheproof_sign.rs index dc83f6058..d25b2ecc1 100644 --- a/libcrux-ml-dsa/tests/wycheproof_sign.rs +++ b/libcrux-ml-dsa/tests/wycheproof_sign.rs @@ -48,7 +48,8 @@ macro_rules! wycheproof_sign_test { for test in test_group.tests { let message = hex::decode(test.msg).unwrap(); - let signature = $sign(&signing_key, &message, signing_randomness); + let signature = $sign(&signing_key, &message, signing_randomness) + .expect("Rejection sampling failure probability is < 2⁻¹²⁸"); if test.result == Result::Valid { assert_eq!( From dbfe23f6070d03adc3b3c95d2e696f5305f11412 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 4 Sep 2024 08:33:48 +0200 Subject: [PATCH 125/172] Remove comment --- libcrux-psq/src/psk_registration.rs | 63 ----------------------------- 1 file changed, 63 deletions(-) diff --git a/libcrux-psq/src/psk_registration.rs b/libcrux-psq/src/psk_registration.rs index 989a95384..a9b825c1f 100644 --- a/libcrux-psq/src/psk_registration.rs +++ b/libcrux-psq/src/psk_registration.rs @@ -316,66 +316,3 @@ mod tests { assert_eq!(handled_psk_initiator.psk, handled_psk_responder.psk); } } - -// #[test] -// #[should_panic] -// fn zero_ttl() { -// let mut rng = rand::thread_rng(); -// let (receiver_pqsk, receiver_pqpk) = -// crate::psq::generate_key_pair(crate::psq::Algorithm::X25519, &mut rng).unwrap(); -// let (receiver_dh_sk, receiver_dh_pk) = libcrux_ecdh::x25519_key_gen(&mut rng).unwrap(); -// let (initiator_dh_sk, _initiator_dh_pk) = libcrux_ecdh::x25519_key_gen(&mut rng).unwrap(); - -// let sctx = b"test context"; -// let (_psk_initiator, ecdh_psk_message) = send_ecdh_bound_psq( -// &receiver_pqpk, -// &receiver_dh_pk, -// &initiator_dh_sk, -// Duration::from_secs(0), -// sctx, -// &mut rng, -// ) -// .unwrap(); - -// let _psk_receiver = receive_ecdh_bound_psq( -// &receiver_pqsk, -// &receiver_pqpk, -// &receiver_dh_sk, -// &ecdh_psk_message, -// sctx, -// ) -// .unwrap(); -// } - -// #[test] -// #[should_panic] -// fn expired_timestamp() { -// let mut rng = rand::thread_rng(); -// let (receiver_pqsk, receiver_pqpk) = -// crate::psq::generate_key_pair(crate::psq::Algorithm::X25519, &mut rng).unwrap(); -// let (receiver_dh_sk, receiver_dh_pk) = libcrux_ecdh::x25519_key_gen(&mut rng).unwrap(); -// let (initiator_dh_sk, _initiator_dh_pk) = libcrux_ecdh::x25519_key_gen(&mut rng).unwrap(); - -// let sctx = b"test context"; -// let (_psk_initiator, ecdh_psk_message) = send_ecdh_bound_psq( -// &receiver_pqpk, -// &receiver_dh_pk, -// &initiator_dh_sk, -// Duration::from_secs(1), -// sctx, -// &mut rng, -// ) -// .unwrap(); - -// std::thread::sleep(Duration::from_secs(2)); - -// let _psk_receiver = receive_ecdh_bound_psq( -// &receiver_pqsk, -// &receiver_pqpk, -// &receiver_dh_sk, -// &ecdh_psk_message, -// sctx, -// ) -// .unwrap(); -// } -// } From 43e55c4d03650a7e91cc16bfa17ea9952c3f6204 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Thu, 5 Sep 2024 15:29:16 +0200 Subject: [PATCH 126/172] hax-compatibility: `RefMut` workaround --- libcrux-ml-dsa/src/encoding/signature.rs | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/libcrux-ml-dsa/src/encoding/signature.rs b/libcrux-ml-dsa/src/encoding/signature.rs index 9930430c3..1549750e3 100644 --- a/libcrux-ml-dsa/src/encoding/signature.rs +++ b/libcrux-ml-dsa/src/encoding/signature.rs @@ -36,16 +36,20 @@ impl< } let mut true_hints_seen = 0; - let hint_serialized = &mut signature[offset..]; + // Unfortunately the following does not go through hax: + // + // let hint_serialized = &mut signature[offset..]; + // + // Instead, we have to mutate signature[offset + ..] directly. for i in 0..ROWS_IN_A { for (j, hint) in self.hint[i].into_iter().enumerate() { if hint == 1 { - hint_serialized[true_hints_seen] = j as u8; + signature[offset + true_hints_seen] = j as u8; true_hints_seen += 1; } } - hint_serialized[MAX_ONES_IN_HINT + i] = true_hints_seen as u8; + signature[offset + MAX_ONES_IN_HINT + i] = true_hints_seen as u8; } signature From bcb6e0971d8ab3b044f39ab321e40040082bf13d Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Thu, 5 Sep 2024 15:57:30 +0200 Subject: [PATCH 127/172] hax-compatibility: Rewrite early returns --- libcrux-ml-dsa/src/encoding/signature.rs | 55 +++++++++++++----------- 1 file changed, 30 insertions(+), 25 deletions(-) diff --git a/libcrux-ml-dsa/src/encoding/signature.rs b/libcrux-ml-dsa/src/encoding/signature.rs index 1549750e3..233f3e224 100644 --- a/libcrux-ml-dsa/src/encoding/signature.rs +++ b/libcrux-ml-dsa/src/encoding/signature.rs @@ -84,50 +84,55 @@ impl< let mut previous_true_hints_seen = 0usize; - for i in 0..ROWS_IN_A { + let mut i = 0; + let mut malformed_hint = false; + + while i < ROWS_IN_A && !malformed_hint { let current_true_hints_seen = hint_serialized[MAX_ONES_IN_HINT + i] as usize; if (current_true_hints_seen < previous_true_hints_seen) || (previous_true_hints_seen > MAX_ONES_IN_HINT) { // the true hints seen should be increasing - // - // TODO: This return won't pass through hax; it'll need - // to be rewritten. See https://github.com/cryspen/libcrux/issues/341 - return Err(VerificationError::MalformedHintError); + malformed_hint = true; } - for j in previous_true_hints_seen..current_true_hints_seen { + let mut j = previous_true_hints_seen; + while !malformed_hint && j < current_true_hints_seen { if j > previous_true_hints_seen && hint_serialized[j] <= hint_serialized[j - 1] { // indices of true hints for a specific polynomial should be // increasing - // TODO: This return won't pass through hax; it'll need - // to be rewritten. See https://github.com/cryspen/libcrux/issues/341 - return Err(VerificationError::MalformedHintError); + malformed_hint = true; + } + if !malformed_hint { + hint[i][hint_serialized[j] as usize] = 1; + j += 1; } + } - hint[i][hint_serialized[j] as usize] = 1; + if !malformed_hint { + previous_true_hints_seen = current_true_hints_seen; + i += 1; } - previous_true_hints_seen = current_true_hints_seen; } - for bit in hint_serialized - .iter() - .take(MAX_ONES_IN_HINT) - .skip(previous_true_hints_seen) - { - if *bit != 0 { + i = previous_true_hints_seen; + while i < MAX_ONES_IN_HINT && !malformed_hint { + if hint_serialized[i] != 0 { // ensures padding indices are zero - // TODO: This return won't pass through hax; it'll need - // to be rewritten. See https://github.com/cryspen/libcrux/issues/341 - return Err(VerificationError::MalformedHintError); + malformed_hint = true; } + i += 1; } - Ok(Signature { - commitment_hash: commitment_hash.try_into().unwrap(), - signer_response: signer_response, - hint, - }) + if malformed_hint { + Err(VerificationError::MalformedHintError) + } else { + Ok(Signature { + commitment_hash: commitment_hash.try_into().unwrap(), + signer_response, + hint, + }) + } } } From c18a8c1e26ec09cc81b00aa41fddb23d77f9498a Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Thu, 5 Sep 2024 15:59:26 +0200 Subject: [PATCH 128/172] Remove unused import --- libcrux-ml-dsa/src/ml_dsa_generic.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs index a6e6c618b..009f44be4 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs @@ -5,7 +5,7 @@ use crate::{ decompose_vector, make_hint, power2round_vector, use_hint, vector_infinity_norm_exceeds, }, constants::*, - encoding::{self, commitment}, + encoding::self, hash_functions::{shake128, shake256}, matrix::{ add_vectors, compute_A_times_mask, compute_As1_plus_s2, compute_w_approx, subtract_vectors, From 5e67fa77d6837537a6803b16c77327e0a100ecc2 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Thu, 5 Sep 2024 16:02:39 +0200 Subject: [PATCH 129/172] Add ML-DSA extraction to hax CI workflow --- .github/workflows/hax.yml | 4 ++++ libcrux-ml-dsa/src/ml_dsa_generic.rs | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/hax.yml b/.github/workflows/hax.yml index d324bff1c..b2a75b7b9 100644 --- a/.github/workflows/hax.yml +++ b/.github/workflows/hax.yml @@ -65,3 +65,7 @@ jobs: HAX_HOME=${{ github.workspace }}/hax \ PATH="${PATH}:${{ github.workspace }}/fstar/bin" \ ./hax.py prove --admit + + - name: 🏃 Extract ML-DSA crate + working-directory: libcrux-ml-dsa + run: cargo hax into fstar diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs index 009f44be4..01dee47ef 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs @@ -5,7 +5,7 @@ use crate::{ decompose_vector, make_hint, power2round_vector, use_hint, vector_infinity_norm_exceeds, }, constants::*, - encoding::self, + encoding, hash_functions::{shake128, shake256}, matrix::{ add_vectors, compute_A_times_mask, compute_As1_plus_s2, compute_w_approx, subtract_vectors, From b45c9e8364cb200ab516306a1771cc93d1bf3b6f Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 6 Sep 2024 04:49:04 +0000 Subject: [PATCH 130/172] update F* --- .docker/c/ext-tools.sh | 2 ++ .docker/c/install.sh | 2 +- .github/workflows/hax.yml | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.docker/c/ext-tools.sh b/.docker/c/ext-tools.sh index 946dc9137..c6222c913 100644 --- a/.docker/c/ext-tools.sh +++ b/.docker/c/ext-tools.sh @@ -26,6 +26,8 @@ echo "export KRML_HOME=$HOME/karamel" >>$HOME/.profile echo "export EURYDICE_HOME=$HOME/eurydice" >>$HOME/.profile echo "export CHARON_HOME=$HOME/charon" >>$HOME/.profile +source $HOME/.profile + # Build everything cd karamel make -j diff --git a/.docker/c/install.sh b/.docker/c/install.sh index 82d2e78a0..a29a0ba77 100644 --- a/.docker/c/install.sh +++ b/.docker/c/install.sh @@ -9,7 +9,7 @@ opam init --bare --disable-sandboxing --shell-setup --yes opam switch create 4.14.1 # Get F*, HACL*, Charon, Karamel, Eurydice for running proofs and extraction -curl -L https://github.com/FStarLang/FStar/releases/download/v2024.01.13/fstar_2024.01.13_Linux_x86_64.tar.gz \ +curl -L https://github.com/FStarLang/FStar/releases/download/v2024.09.05/fstar_2024.09.05_Linux_x86_64.tar.gz \ --output Fstar.tar.gz tar --extract --file Fstar.tar.gz rm -f Fstar.tar.gz diff --git a/.github/workflows/hax.yml b/.github/workflows/hax.yml index d324bff1c..94932d553 100644 --- a/.github/workflows/hax.yml +++ b/.github/workflows/hax.yml @@ -30,7 +30,7 @@ jobs: - uses: DeterminateSystems/magic-nix-cache-action@main - name: ⤵ Install FStar - run: nix profile install github:FStarLang/FStar/v2024.01.13 + run: nix profile install github:FStarLang/FStar/v2024.09.05 - name: ⤵ Clone HACL-star repository uses: actions/checkout@v4 From 99498eed461fa03566e0382b445c77bd2af5b59d Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 9 Sep 2024 12:05:22 +0200 Subject: [PATCH 131/172] Apply suggestions from code review Co-authored-by: Jonas Schneider-Bensch <124457079+jschneider-bensch@users.noreply.github.com> --- libcrux-ml-dsa/build.rs | 4 ++-- libcrux-ml-dsa/src/hash_functions.rs | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/libcrux-ml-dsa/build.rs b/libcrux-ml-dsa/build.rs index 8d01428b3..dce0fe33d 100644 --- a/libcrux-ml-dsa/build.rs +++ b/libcrux-ml-dsa/build.rs @@ -14,8 +14,8 @@ fn main() { // We enable simd128 on all aarch64 builds. println!("cargo:rustc-cfg=feature=\"simd128\""); } - let simd126_possible = target_arch == "x86_64"; - if (simd126_possible || enable_simd256) && !disable_simd256 { + let simd256_possible = target_arch == "x86_64"; + if (simd256_possible || enable_simd256) && !disable_simd256 { // We enable simd256 on all x86_64 builds. // Note that this doesn't mean the required CPU features are available. // But the compiler will support them and the runtime checks ensure that diff --git a/libcrux-ml-dsa/src/hash_functions.rs b/libcrux-ml-dsa/src/hash_functions.rs index c44a24739..cac3002b3 100644 --- a/libcrux-ml-dsa/src/hash_functions.rs +++ b/libcrux-ml-dsa/src/hash_functions.rs @@ -438,7 +438,6 @@ pub(crate) mod simd256 { /// A SIMD256 implementation of [`shake128::Xof`] and [`shake256::Xof`] for Neon. pub(crate) mod neon { - // FIXME: This is only a portable implementation for now. use libcrux_sha3::neon::x2::{self, incremental::KeccakState}; From 717b165517a4a4a9f984c5ec7de5d83468584158 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 9 Sep 2024 10:51:30 +0000 Subject: [PATCH 132/172] update extracted C code --- libcrux-ml-kem/c/code_gen.txt | 4 +- libcrux-ml-kem/c/internal/libcrux_core.h | 52 +- .../c/internal/libcrux_mlkem_avx2.h | 34 +- .../c/internal/libcrux_mlkem_portable.h | 34 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 4 +- .../c/internal/libcrux_sha3_internal.h | 4 +- libcrux-ml-kem/c/libcrux_core.c | 52 +- libcrux-ml-kem/c/libcrux_core.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 1284 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 1284 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 4 +- libcrux-ml-kem/c/libcrux_sha3.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 53 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 34 +- libcrux-ml-kem/cg/code_gen.txt | 4 +- libcrux-ml-kem/cg/libcrux_core.h | 26 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 4 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 764 +++++----- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 764 +++++----- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 4 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 54 +- 40 files changed, 2425 insertions(+), 2302 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 2bcf79a2e..dde362958 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 -F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb +F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty +Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 8bb342a00..fac523ae0 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __internal_libcrux_core_H @@ -69,7 +69,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_961( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_8c1( uint8_t value[1568U]); /** @@ -85,7 +85,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_821( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_f61( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -98,7 +98,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_891( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_9d1( uint8_t value[3168U]); /** @@ -110,7 +110,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_331( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_131( uint8_t value[1568U]); /** @@ -124,7 +124,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_3d1( +uint8_t *libcrux_ml_kem_types_as_slice_cb_a91( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -136,7 +136,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_d81( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_df1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -147,7 +147,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_6d4(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_424(Eurydice_slice slice, uint8_t ret[1600U]); /** @@ -159,7 +159,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_960( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_8c0( uint8_t value[1184U]); /** @@ -175,7 +175,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_820( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_f60( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -188,7 +188,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_890( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_9d0( uint8_t value[2400U]); /** @@ -200,7 +200,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_330( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_130( uint8_t value[1088U]); /** @@ -214,7 +214,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_3d0( +uint8_t *libcrux_ml_kem_types_as_slice_cb_a90( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -226,7 +226,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_d80( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_df0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -237,7 +237,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_6d3(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_423(Eurydice_slice slice, uint8_t ret[1120U]); /** @@ -249,7 +249,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_96( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_8c( uint8_t value[800U]); /** @@ -265,7 +265,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_82( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_f6( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -278,7 +278,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_89( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_9d( uint8_t value[1632U]); /** @@ -313,7 +313,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_33( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_13( uint8_t value[768U]); /** @@ -327,7 +327,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_3d( +uint8_t *libcrux_ml_kem_types_as_slice_cb_a9( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -338,7 +338,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_6d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -349,7 +349,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_6d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_421(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -361,7 +361,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_d8( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_df( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** @@ -372,7 +372,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_6d0(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_420(Eurydice_slice slice, uint8_t ret[800U]); /** @@ -383,7 +383,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_6d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_42(Eurydice_slice slice, uint8_t ret[64U]); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 7564a96ad..7b2cba596 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -48,7 +48,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_311(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_6e1(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -65,7 +65,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4e1( +bool libcrux_ml_kem_ind_cca_validate_private_key_fd1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); @@ -91,7 +91,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_5d1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_611(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -112,7 +112,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cf1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_ae1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -138,7 +138,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_a41( +void libcrux_ml_kem_ind_cca_decapsulate_bb1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -157,7 +157,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_310(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_6e0(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -174,7 +174,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4e0( +bool libcrux_ml_kem_ind_cca_validate_private_key_fd0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext); @@ -200,7 +200,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_5d0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_610(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -221,7 +221,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_cf0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_ae0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -247,7 +247,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_a40( +void libcrux_ml_kem_ind_cca_decapsulate_bb0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -266,7 +266,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_31(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_6e(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -283,7 +283,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4e( +bool libcrux_ml_kem_ind_cca_validate_private_key_fd( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); @@ -308,7 +308,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_5d( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_61( uint8_t randomness[64U]); /** @@ -330,7 +330,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_cf( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_ae( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -356,7 +356,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_a4( +void libcrux_ml_kem_ind_cca_decapsulate_bb( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 9da52548f..0353b2721 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __internal_libcrux_mlkem_portable_H @@ -53,7 +53,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_b71(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_7b1(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -70,7 +70,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_dc( +bool libcrux_ml_kem_ind_cca_validate_private_key_be( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext); @@ -96,7 +96,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f61(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_d41(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -117,7 +117,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_eb1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -143,7 +143,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_1f1( +void libcrux_ml_kem_ind_cca_decapsulate_641( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -162,7 +162,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_b70(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_7b0(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -179,7 +179,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_03( +bool libcrux_ml_kem_ind_cca_validate_private_key_db( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); @@ -205,7 +205,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_f60(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_d40(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -226,7 +226,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_eb0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -252,7 +252,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_1f0( +void libcrux_ml_kem_ind_cca_decapsulate_640( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -271,7 +271,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_b7(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_7b(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -288,7 +288,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_05( +bool libcrux_ml_kem_ind_cca_validate_private_key_c7( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); @@ -314,7 +314,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f6(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_d4(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -335,7 +335,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_eb( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -361,7 +361,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_1f( +void libcrux_ml_kem_ind_cca_decapsulate_64( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index cc0379248..f39f4c3b2 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 4c2df7a39..a71b1d5fe 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 2aaca7fae..4713a24f9 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #include "internal/libcrux_core.h" @@ -91,7 +91,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_961( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_8c1( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -114,7 +114,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_821( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_f61( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -130,7 +130,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_891( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_9d1( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -149,7 +149,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_331( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_131( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -170,7 +170,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_3d1( +uint8_t *libcrux_ml_kem_types_as_slice_cb_a91( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -184,7 +184,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_d81( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_df1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -197,7 +197,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_6d4(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_424(Eurydice_slice slice, uint8_t ret[1600U]) { uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; @@ -217,7 +217,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_960( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_8c0( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -240,7 +240,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_820( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_f60( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -256,7 +256,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_890( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_9d0( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -275,7 +275,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_330( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_130( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -296,7 +296,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_3d0( +uint8_t *libcrux_ml_kem_types_as_slice_cb_a90( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -310,7 +310,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_d80( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_df0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -323,7 +323,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_6d3(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_423(Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -343,7 +343,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_96( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_8c( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -366,7 +366,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_82( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_f6( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -381,7 +381,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_89( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_9d( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -420,7 +420,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_33( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_13( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -441,7 +441,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_3d( +uint8_t *libcrux_ml_kem_types_as_slice_cb_a9( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -454,7 +454,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_6d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -473,7 +473,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_6d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_421(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -493,7 +493,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_d8( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_df( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } @@ -506,7 +506,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_6d0(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_420(Eurydice_slice slice, uint8_t ret[800U]) { uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; @@ -525,7 +525,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_6d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_42(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 834cae0c2..e0a6152f9 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 841c51e9e..15fe78611 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index a4d0a04de..ec89cbbb1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #include "libcrux_mlkem1024_avx2.h" @@ -38,11 +38,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_8a0( +static void decapsulate_470( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a40(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_bb0(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_8a0(private_key, ciphertext, ret); + decapsulate_470(private_key, ciphertext, ret); } /** @@ -76,14 +76,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_1e0( +static tuple_21 encapsulate_030( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_cf0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_ae0(uu____0, copy_of_randomness); } /** @@ -100,7 +100,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_1e0(uu____0, copy_of_randomness); + return encapsulate_030(uu____0, copy_of_randomness); } /** @@ -117,12 +117,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_e50( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_990( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_5d0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_610(copy_of_randomness); } /** @@ -133,7 +133,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_e50(copy_of_randomness); + return generate_keypair_990(copy_of_randomness); } /** @@ -147,10 +147,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_250( +static KRML_MUSTINLINE bool validate_private_key_900( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_4e0(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_fd0(private_key, ciphertext); } @@ -162,7 +162,7 @@ static KRML_MUSTINLINE bool validate_private_key_250( bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { - return validate_private_key_250(private_key, ciphertext); + return validate_private_key_900(private_key, ciphertext); } /** @@ -176,8 +176,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_910(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_310(public_key); +static KRML_MUSTINLINE bool validate_public_key_670(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_6e0(public_key); } /** @@ -187,5 +187,5 @@ static KRML_MUSTINLINE bool validate_public_key_910(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_910(public_key->value); + return validate_public_key_670(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 3e6d607aa..07c10744f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 567d45bb5..54ba411c7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #include "libcrux_mlkem1024_portable.h" @@ -38,11 +38,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_671( +static void decapsulate_ce1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_1f1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_641(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_671(private_key, ciphertext, ret); + decapsulate_ce1(private_key, ciphertext, ret); } /** @@ -76,14 +76,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_021( +static tuple_21 encapsulate_371( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_eb1(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_f41(uu____0, copy_of_randomness); } /** @@ -100,7 +100,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_021(uu____0, copy_of_randomness); + return encapsulate_371(uu____0, copy_of_randomness); } /** @@ -118,12 +118,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_871( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_631( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_f61(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d41(copy_of_randomness); } /** @@ -134,7 +134,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_871(copy_of_randomness); + return generate_keypair_631(copy_of_randomness); } /** @@ -148,10 +148,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_e81( +static KRML_MUSTINLINE bool validate_private_key_f21( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_dc(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_be(private_key, ciphertext); } @@ -163,7 +163,7 @@ static KRML_MUSTINLINE bool validate_private_key_e81( bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { - return validate_private_key_e81(private_key, ciphertext); + return validate_private_key_f21(private_key, ciphertext); } /** @@ -177,8 +177,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_7d1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_b71(public_key); +static KRML_MUSTINLINE bool validate_public_key_d61(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_7b1(public_key); } /** @@ -188,5 +188,5 @@ static KRML_MUSTINLINE bool validate_public_key_7d1(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_7d1(public_key->value); + return validate_public_key_d61(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 23ab356ea..2207e0f1e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 02ea52467..e955cc307 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index bed940812..217a6dcf3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #include "libcrux_mlkem512_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_8a(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_47(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a4(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_bb(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_8a(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_8a(private_key, ciphertext, ret); + decapsulate_47(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_1e( +static tuple_ec encapsulate_03( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_cf(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_ae(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_1e(uu____0, copy_of_randomness); + return encapsulate_03(uu____0, copy_of_randomness); } /** @@ -115,12 +115,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_e5( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_99( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_5d(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_61(copy_of_randomness); } /** @@ -131,7 +131,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_e5(copy_of_randomness); + return generate_keypair_99(copy_of_randomness); } /** @@ -145,10 +145,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_25( +static KRML_MUSTINLINE bool validate_private_key_90( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_4e(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_fd(private_key, ciphertext); } @@ -160,7 +160,7 @@ static KRML_MUSTINLINE bool validate_private_key_25( bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_25(private_key, ciphertext); + return validate_private_key_90(private_key, ciphertext); } /** @@ -174,8 +174,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_91(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_31(public_key); +static KRML_MUSTINLINE bool validate_public_key_67(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_6e(public_key); } /** @@ -185,5 +185,5 @@ static KRML_MUSTINLINE bool validate_public_key_91(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_91(public_key->value); + return validate_public_key_67(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 2aab23be0..1a7f83ca6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index d03204616..b77e15702 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #include "libcrux_mlkem512_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_670( +static void decapsulate_ce0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_1f0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_640(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_670( void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_670(private_key, ciphertext, ret); + decapsulate_ce0(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_020( +static tuple_ec encapsulate_370( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_eb0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_f40(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_020(uu____0, copy_of_randomness); + return encapsulate_370(uu____0, copy_of_randomness); } /** @@ -116,12 +116,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_870( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_630( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_f60(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d40(copy_of_randomness); } /** @@ -132,7 +132,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_870(copy_of_randomness); + return generate_keypair_630(copy_of_randomness); } /** @@ -146,10 +146,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_e80( +static KRML_MUSTINLINE bool validate_private_key_f20( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_03(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_db(private_key, ciphertext); } @@ -161,7 +161,7 @@ static KRML_MUSTINLINE bool validate_private_key_e80( bool libcrux_ml_kem_mlkem512_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_e80(private_key, ciphertext); + return validate_private_key_f20(private_key, ciphertext); } /** @@ -175,8 +175,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_7d0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_b70(public_key); +static KRML_MUSTINLINE bool validate_public_key_d60(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_7b0(public_key); } /** @@ -186,5 +186,5 @@ static KRML_MUSTINLINE bool validate_public_key_7d0(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_7d0(public_key->value); + return validate_public_key_d60(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 5a413af62..e0e40f336 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 02ccf2b06..c18af1445 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index c3ba6c4e9..0f50bb03b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #include "libcrux_mlkem768_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_8a1( +static void decapsulate_471( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a41(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_bb1(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_8a1( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_8a1(private_key, ciphertext, ret); + decapsulate_471(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_1e1( +static tuple_3c encapsulate_031( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_cf1(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_ae1(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_1e1(uu____0, copy_of_randomness); + return encapsulate_031(uu____0, copy_of_randomness); } /** @@ -115,12 +115,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_e51( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_991( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_5d1(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_611(copy_of_randomness); } /** @@ -131,7 +131,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_e51(copy_of_randomness); + return generate_keypair_991(copy_of_randomness); } /** @@ -145,10 +145,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_251( +static KRML_MUSTINLINE bool validate_private_key_901( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_4e1(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_fd1(private_key, ciphertext); } @@ -160,7 +160,7 @@ static KRML_MUSTINLINE bool validate_private_key_251( bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_251(private_key, ciphertext); + return validate_private_key_901(private_key, ciphertext); } /** @@ -174,8 +174,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_911(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_311(public_key); +static KRML_MUSTINLINE bool validate_public_key_671(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_6e1(public_key); } /** @@ -185,5 +185,5 @@ static KRML_MUSTINLINE bool validate_public_key_911(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_911(public_key->value); + return validate_public_key_671(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 6d98df841..aeb4d0450 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index c677d78d5..4c862d52c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #include "libcrux_mlkem768_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_67( +static void decapsulate_ce( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_1f(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_64(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_67( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_67(private_key, ciphertext, ret); + decapsulate_ce(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_02( +static tuple_3c encapsulate_37( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_eb(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_f4(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_02(uu____0, copy_of_randomness); + return encapsulate_37(uu____0, copy_of_randomness); } /** @@ -116,12 +116,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_87( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_63( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_f6(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d4(copy_of_randomness); } /** @@ -132,7 +132,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_87(copy_of_randomness); + return generate_keypair_63(copy_of_randomness); } /** @@ -146,10 +146,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_e8( +static KRML_MUSTINLINE bool validate_private_key_f2( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_05(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_c7(private_key, ciphertext); } @@ -161,7 +161,7 @@ static KRML_MUSTINLINE bool validate_private_key_e8( bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_e8(private_key, ciphertext); + return validate_private_key_f2(private_key, ciphertext); } /** @@ -175,8 +175,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_7d(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_b7(public_key); +static KRML_MUSTINLINE bool validate_public_key_d6(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_7b(public_key); } /** @@ -186,5 +186,5 @@ static KRML_MUSTINLINE bool validate_public_key_7d(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_7d(public_key->value); + return validate_public_key_d6(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 1a6be3e82..15f45f131 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 934de1b6b..e7386e0d0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #include "internal/libcrux_mlkem_avx2.h" @@ -1035,7 +1035,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_9f(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_7d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); @@ -1069,8 +1069,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_4d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); +deserialize_to_reduced_ring_element_d0(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1096,12 +1096,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_414( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b64( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_9f();); + deserialized_pk[i] = ZERO_89_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1113,7 +1113,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_414( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_4d(ring_element); + deserialize_to_reduced_ring_element_d0(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1126,7 +1126,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_1d(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_9a(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1139,8 +1139,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_ea_89(__m256i vector) { - return shift_right_1d(vector); +static __m256i shift_right_ea_07(__m256i vector) { + return shift_right_9a(vector); } /** @@ -1149,8 +1149,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_unsigned_representative_9b(__m256i a) { - __m256i t = shift_right_ea_89(a); +static __m256i to_unsigned_representative_38(__m256i a) { + __m256i t = shift_right_ea_07(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -1162,13 +1162,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_b6( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_16( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = to_unsigned_representative_9b(re->coefficients[i0]); + __m256i coefficient = to_unsigned_representative_38(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1189,7 +1189,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_6d1( +static KRML_MUSTINLINE void serialize_secret_key_fd1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1207,7 +1207,7 @@ static KRML_MUSTINLINE void serialize_secret_key_6d1( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_b6(&re, ret0); + serialize_uncompressed_ring_element_16(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -1225,14 +1225,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_d01( +static KRML_MUSTINLINE void serialize_public_key_771( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_6d1(t_as_ntt, ret0); + serialize_secret_key_fd1(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -1257,15 +1257,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_311(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_6e1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_414( + deserialize_ring_elements_reduced_b64( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_d01( + serialize_public_key_771( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1283,7 +1283,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_a9_381(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_161(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -1302,11 +1302,11 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4e1( +bool libcrux_ml_kem_ind_cca_validate_private_key_fd1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; - H_a9_381(Eurydice_array_to_subslice2( + H_a9_161(Eurydice_array_to_subslice2( private_key->value, (size_t)384U * (size_t)3U, (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), t); @@ -1326,7 +1326,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_a9_5a1(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_671(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -1340,7 +1340,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_7c1( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_511( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -1351,7 +1351,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_7c1( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)3U; uint8_t ret0[64U]; - G_a9_5a1(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_a9_671(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -1361,10 +1361,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static void closure_d01( +static void closure_641( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_9f();); + ret[i] = ZERO_89_7d();); } /** @@ -1373,7 +1373,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_e51(uint8_t input[3U][34U]) { +shake128_init_absorb_2a1(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -1394,11 +1394,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_301(uint8_t input[3U][34U]) { +shake128_init_absorb_a9_1c1(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_e51(copy_of_input); + return shake128_init_absorb_2a1(copy_of_input); } /** @@ -1407,7 +1407,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_621( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c1( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -1441,9 +1441,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_a11( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e1( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_621(self, ret); + shake128_squeeze_three_blocks_0c1(self, ret); } /** @@ -1494,7 +1494,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9a3( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b3( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1531,7 +1531,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_581( +static KRML_MUSTINLINE void shake128_squeeze_block_4a1( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -1564,9 +1564,9 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_931( +static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d1( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_581(self, ret); + shake128_squeeze_block_4a1(self, ret); } /** @@ -1617,7 +1617,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9a4( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b4( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1660,8 +1660,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_89_94(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); +from_i16_array_89_82(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1678,9 +1678,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_a51( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_861( int16_t s[272U]) { - return from_i16_array_89_94( + return from_i16_array_89_82( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1690,7 +1690,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_161( +static KRML_MUSTINLINE void sample_from_xof_6c1( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -1699,25 +1699,25 @@ static KRML_MUSTINLINE void sample_from_xof_161( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_301(copy_of_seeds); + shake128_init_absorb_a9_1c1(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_a9_a11(&xof_state, randomness0); + shake128_squeeze_three_blocks_a9_2e1(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_9a3( + bool done = sample_from_uniform_distribution_next_6b3( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_block_a9_931(&xof_state, randomness); + shake128_squeeze_block_a9_1d1(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_9a4( + done = sample_from_uniform_distribution_next_6b4( copy_of_randomness, sampled_coefficients, out); } } @@ -1726,7 +1726,7 @@ static KRML_MUSTINLINE void sample_from_xof_161( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_a51(copy_of_out[i]);); + ret0[i] = closure_861(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1738,12 +1738,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_b81( +static KRML_MUSTINLINE void sample_matrix_A_291( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_d01(A_transpose[i]);); + closure_641(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -1758,7 +1758,7 @@ static KRML_MUSTINLINE void sample_matrix_A_b81( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_161(copy_of_seeds, sampled); + sample_from_xof_6c1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -1798,7 +1798,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_e12(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_082(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -1836,9 +1836,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_9b2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_162(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_e12(input, ret); + PRFxN_082(input, ret); } /** @@ -1897,7 +1897,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_13(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_f2(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -1931,7 +1931,7 @@ sample_from_binomial_distribution_2_13(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_94( + return from_i16_array_89_82( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1942,7 +1942,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_12(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_75(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -1975,7 +1975,7 @@ sample_from_binomial_distribution_3_12(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_94( + return from_i16_array_89_82( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1986,8 +1986,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_5f0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_13(randomness); +sample_from_binomial_distribution_910(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_f2(randomness); } /** @@ -1996,7 +1996,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_34( +static KRML_MUSTINLINE void ntt_at_layer_7_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -2021,7 +2021,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i montgomery_multiply_fe_e8(__m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_a6(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -2032,8 +2032,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_6c(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_e8(b, zeta_r); +ntt_layer_int_vec_step_0d(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_a6(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -2046,7 +2046,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_46( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_a5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2059,7 +2059,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_46( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_6c( + ntt_layer_int_vec_step_0d( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2076,7 +2076,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_3d( +static KRML_MUSTINLINE void ntt_at_layer_3_46( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2092,7 +2092,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_16( +static KRML_MUSTINLINE void ntt_at_layer_2_53( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2111,7 +2111,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_8f( +static KRML_MUSTINLINE void ntt_at_layer_1_f7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2138,7 +2138,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_ef( +static KRML_MUSTINLINE void poly_barrett_reduce_89_f5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2154,17 +2154,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_58( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_e1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_34(re); + ntt_at_layer_7_2f(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_3d(&zeta_i, re); - ntt_at_layer_2_16(&zeta_i, re); - ntt_at_layer_1_8f(&zeta_i, re); - poly_barrett_reduce_89_ef(re); + ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_46(&zeta_i, re); + ntt_at_layer_2_53(&zeta_i, re); + ntt_at_layer_1_f7(&zeta_i, re); + poly_barrett_reduce_89_f5(re); } /** @@ -2179,11 +2179,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_881( +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_6e1( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_9f();); + re_as_ntt[i] = ZERO_89_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2195,12 +2195,12 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_881( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_9b2(prf_inputs, prf_outputs); + PRFxN_a9_162(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_5f0( + re_as_ntt[i0] = sample_from_binomial_distribution_910( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_58(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_e1(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -2252,9 +2252,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_89_ce(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_89_04(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_9f(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2289,7 +2289,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_7e1( +static KRML_MUSTINLINE void add_to_ring_element_89_981( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2309,7 +2309,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_standard_domain_bf(__m256i v) { +static __m256i to_standard_domain_8a(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -2324,14 +2324,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_67( +static KRML_MUSTINLINE void add_standard_error_reduce_89_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - to_standard_domain_bf(self->coefficients[j]); + to_standard_domain_8a(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &error->coefficients[j])); @@ -2347,14 +2347,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_2d1( +static KRML_MUSTINLINE void compute_As_plus_e_6a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_9f();); + result[i] = ZERO_89_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2375,10 +2375,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_2d1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_ce(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_7e1(&result[i1], &product); + ntt_multiply_89_04(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_981(&result[i1], &product); } - add_standard_error_reduce_89_67(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_c1(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -2397,10 +2397,10 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_9d1( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_511( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_7c1(key_generation_seed, hashed); + cpa_keygen_seed_d8_511(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -2408,15 +2408,15 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_9d1( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); - sample_matrix_A_b81(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); + sample_matrix_A_291(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_881(copy_of_prf_input0, 0U); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_6e1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -2428,20 +2428,20 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_9d1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_881(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_6e1(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_2d1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_6a1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - serialize_public_key_d01( + serialize_public_key_771( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_6d1(secret_as_ntt, secret_key_serialized); + serialize_secret_key_fd1(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2468,7 +2468,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_d41( +static KRML_MUSTINLINE void serialize_kem_secret_key_f51( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2494,7 +2494,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_d41( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_381(public_key, ret0); + H_a9_161(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -2532,7 +2532,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_5d1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_611(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2541,13 +2541,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_5d1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_9d1(ind_cpa_keypair_randomness); + generate_keypair_511(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_d41( + serialize_kem_secret_key_f51( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2556,13 +2556,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_5d1(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_890(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_9d0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_820( - uu____2, libcrux_ml_kem_types_from_b6_960(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_f60( + uu____2, libcrux_ml_kem_types_from_b6_8c0(copy_of_public_key)); } /** @@ -2575,7 +2575,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_c61(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_e11(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -2596,12 +2596,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_413( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b63( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_9f();); + deserialized_pk[i] = ZERO_89_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2613,7 +2613,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_413( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_4d(ring_element); + deserialize_to_reduced_ring_element_d0(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2633,10 +2633,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_ec1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_851(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_9f();); + error_1[i] = ZERO_89_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2648,11 +2648,11 @@ sample_ring_element_cbd_ec1(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_9b2(prf_inputs, prf_outputs); + PRFxN_a9_162(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_5f0( + sample_from_binomial_distribution_910( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -2673,7 +2673,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_ba0(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_d10(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -2690,9 +2690,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_b04(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_424(Eurydice_slice input, uint8_t ret[128U]) { - PRF_ba0(input, ret); + PRF_d10(input, ret); } /** @@ -2701,7 +2701,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_23( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_a5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2725,7 +2725,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_83( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_0a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2745,7 +2745,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_38( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_2b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2763,11 +2763,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_49(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_d6(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = montgomery_multiply_fe_e8(a_minus_b, zeta_r); + b = montgomery_multiply_fe_a6(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2778,7 +2778,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_1a( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_dd( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2793,7 +2793,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_1a( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_49( + inv_ntt_layer_int_vec_step_reduce_d6( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2810,18 +2810,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_771( +static KRML_MUSTINLINE void invert_ntt_montgomery_3e1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_23(&zeta_i, re); - invert_ntt_at_layer_2_83(&zeta_i, re); - invert_ntt_at_layer_3_38(&zeta_i, re); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_ef(re); + invert_ntt_at_layer_1_a5(&zeta_i, re); + invert_ntt_at_layer_2_0a(&zeta_i, re); + invert_ntt_at_layer_3_2b(&zeta_i, re); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_f5(re); } /** @@ -2834,7 +2834,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_82( +static KRML_MUSTINLINE void add_error_reduce_89_69( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2858,14 +2858,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_621( +static KRML_MUSTINLINE void compute_vector_u_731( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_9f();); + result[i] = ZERO_89_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2885,11 +2885,11 @@ static KRML_MUSTINLINE void compute_vector_u_621( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_ce(a_element, &r_as_ntt[j]); - add_to_ring_element_89_7e1(&result[i1], &product); + ntt_multiply_89_04(a_element, &r_as_ntt[j]); + add_to_ring_element_89_981(&result[i1], &product); } - invert_ntt_montgomery_771(&result[i1]); - add_error_reduce_89_82(&result[i1], &error_1[i1]); + invert_ntt_montgomery_3e1(&result[i1]); + add_error_reduce_89_69(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -2902,7 +2902,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_ed(__m256i v) { +static __m256i decompress_1_0b(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -2916,8 +2916,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_f5(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); +deserialize_then_decompress_message_4d(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -2925,7 +2925,7 @@ deserialize_then_decompress_message_f5(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_ed(coefficient_compressed);); + re.coefficients[i0] = decompress_1_0b(coefficient_compressed);); return re; } @@ -2940,7 +2940,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_ef( +add_message_error_reduce_89_c3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2970,18 +2970,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_961( +compute_ring_element_v_881( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_ce(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_7e1(&result, &product);); - invert_ntt_montgomery_771(&result); - result = add_message_error_reduce_89_ef(error_2, message, result); + ntt_multiply_89_04(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_981(&result, &product);); + invert_ntt_montgomery_3e1(&result); + result = add_message_error_reduce_89_c3(error_2, message, result); return result; } @@ -2992,7 +2992,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_3b(__m256i vector) { +compress_ciphertext_coefficient_de(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3039,8 +3039,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_ea_8c(__m256i vector) { - return compress_ciphertext_coefficient_3b(vector); +static __m256i compress_ea_39(__m256i vector) { + return compress_ciphertext_coefficient_de(vector); } /** @@ -3049,14 +3049,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_b2( +static KRML_MUSTINLINE void compress_then_serialize_10_3e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_8c(to_unsigned_representative_9b(re->coefficients[i0])); + compress_ea_39(to_unsigned_representative_38(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3074,7 +3074,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_3b0(__m256i vector) { +compress_ciphertext_coefficient_de0(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3121,8 +3121,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_ea_8c0(__m256i vector) { - return compress_ciphertext_coefficient_3b0(vector); +static __m256i compress_ea_390(__m256i vector) { + return compress_ciphertext_coefficient_de0(vector); } /** @@ -3132,10 +3132,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_21( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_5b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_b2(re, uu____0); + compress_then_serialize_10_3e(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3151,7 +3151,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_271( +static void compress_then_serialize_u_4b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3167,7 +3167,7 @@ static void compress_then_serialize_u_271( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_21(&re, ret); + compress_then_serialize_ring_element_u_5b(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3180,7 +3180,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_3b1(__m256i vector) { +compress_ciphertext_coefficient_de1(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3227,8 +3227,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_ea_8c1(__m256i vector) { - return compress_ciphertext_coefficient_3b1(vector); +static __m256i compress_ea_391(__m256i vector) { + return compress_ciphertext_coefficient_de1(vector); } /** @@ -3237,14 +3237,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_9e( +static KRML_MUSTINLINE void compress_then_serialize_4_93( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_8c1(to_unsigned_representative_9b(re.coefficients[i0])); + compress_ea_391(to_unsigned_representative_38(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); Eurydice_slice_copy( @@ -3261,7 +3261,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_3b2(__m256i vector) { +compress_ciphertext_coefficient_de2(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3308,8 +3308,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_ea_8c2(__m256i vector) { - return compress_ciphertext_coefficient_3b2(vector); +static __m256i compress_ea_392(__m256i vector) { + return compress_ciphertext_coefficient_de2(vector); } /** @@ -3318,14 +3318,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_cb( +static KRML_MUSTINLINE void compress_then_serialize_5_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_ea_8c2(to_unsigned_representative_9b(re.coefficients[i0])); + compress_ea_392(to_unsigned_representative_38(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); Eurydice_slice_copy( @@ -3342,9 +3342,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_15( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_e4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_9e(re, out); + compress_then_serialize_4_93(re, out); } /** @@ -3364,24 +3364,24 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_901(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_041(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_413( + deserialize_ring_elements_reduced_b63( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_6d1(seed, ret0); - sample_matrix_A_b81(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); + sample_matrix_A_291(ret0, false, A); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_6d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_881(copy_of_prf_input0, 0U); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_6e1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -3391,7 +3391,7 @@ static void encrypt_901(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_ec1(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_851(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3399,31 +3399,31 @@ static void encrypt_901(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_b04(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_424(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_5f0( + sample_from_binomial_distribution_910( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_621(A, r_as_ntt, error_1, u); + compute_vector_u_731(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_f5(copy_of_message); + deserialize_then_decompress_message_4d(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_961(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_881(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_271( + compress_then_serialize_u_4b1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_15( + compress_then_serialize_ring_element_v_e4( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3440,7 +3440,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_421(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_d21(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3467,27 +3467,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cf1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_ae1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_c61( + entropy_preprocess_d8_e11( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_381(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3d0(public_key), + H_a9_161(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_a90(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_5a1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_671(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -3495,19 +3495,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cf1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3d0(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_a90(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_901(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_041(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_330(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_130(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_421(shared_secret, shared_secret_array); + kdf_d8_d21(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3526,8 +3526,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_cb(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); +deserialize_to_uncompressed_ring_element_4f(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3547,12 +3547,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_651( +static KRML_MUSTINLINE void deserialize_secret_key_f11( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_9f();); + secret_as_ntt[i] = ZERO_89_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3564,7 +3564,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_651( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_cb(secret_bytes); + deserialize_to_uncompressed_ring_element_4f(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -3589,7 +3589,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_7f(__m256i vector) { +decompress_ciphertext_coefficient_45(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3633,8 +3633,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_ea_b3(__m256i vector) { - return decompress_ciphertext_coefficient_7f(vector); +static __m256i decompress_ciphertext_coefficient_ea_5b(__m256i vector) { + return decompress_ciphertext_coefficient_45(vector); } /** @@ -3644,15 +3644,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_d3(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); +deserialize_then_decompress_10_58(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_b3(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5b(coefficient); } return re; } @@ -3664,7 +3664,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_7f0(__m256i vector) { +decompress_ciphertext_coefficient_450(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3708,8 +3708,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_ea_b30(__m256i vector) { - return decompress_ciphertext_coefficient_7f0(vector); +static __m256i decompress_ciphertext_coefficient_ea_5b0(__m256i vector) { + return decompress_ciphertext_coefficient_450(vector); } /** @@ -3719,15 +3719,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_29(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); +deserialize_then_decompress_11_99(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_b30(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5b0(coefficient); } return re; } @@ -3739,8 +3739,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_36(Eurydice_slice serialized) { - return deserialize_then_decompress_10_d3(serialized); +deserialize_then_decompress_ring_element_u_69(Eurydice_slice serialized) { + return deserialize_then_decompress_10_58(serialized); } /** @@ -3749,17 +3749,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_08( +static KRML_MUSTINLINE void ntt_vector_u_26( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_3d(&zeta_i, re); - ntt_at_layer_2_16(&zeta_i, re); - ntt_at_layer_1_8f(&zeta_i, re); - poly_barrett_reduce_89_ef(re); + ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_46(&zeta_i, re); + ntt_at_layer_2_53(&zeta_i, re); + ntt_at_layer_1_f7(&zeta_i, re); + poly_barrett_reduce_89_f5(re); } /** @@ -3774,12 +3774,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_221( +static KRML_MUSTINLINE void deserialize_then_decompress_u_831( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_9f();); + u_as_ntt[i] = ZERO_89_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -3797,8 +3797,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_221( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_36(u_bytes); - ntt_vector_u_08(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_69(u_bytes); + ntt_vector_u_26(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3812,7 +3812,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_7f1(__m256i vector) { +decompress_ciphertext_coefficient_451(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3856,8 +3856,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_ea_b31(__m256i vector) { - return decompress_ciphertext_coefficient_7f1(vector); +static __m256i decompress_ciphertext_coefficient_ea_5b1(__m256i vector) { + return decompress_ciphertext_coefficient_451(vector); } /** @@ -3867,15 +3867,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_c8(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); +deserialize_then_decompress_4_37(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_b31(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5b1(coefficient); } return re; } @@ -3887,7 +3887,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_7f2(__m256i vector) { +decompress_ciphertext_coefficient_452(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3931,8 +3931,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_ea_b32(__m256i vector) { - return decompress_ciphertext_coefficient_7f2(vector); +static __m256i decompress_ciphertext_coefficient_ea_5b2(__m256i vector) { + return decompress_ciphertext_coefficient_452(vector); } /** @@ -3942,8 +3942,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_10(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9f(); +deserialize_then_decompress_5_a1(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3951,7 +3951,7 @@ deserialize_then_decompress_5_10(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_b32(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_5b2(re.coefficients[i0]); } return re; } @@ -3963,8 +3963,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_e4(Eurydice_slice serialized) { - return deserialize_then_decompress_4_c8(serialized); +deserialize_then_decompress_ring_element_v_86(Eurydice_slice serialized) { + return deserialize_then_decompress_4_37(serialized); } /** @@ -3978,7 +3978,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_12(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_89_ed(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4006,17 +4006,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_141( +compute_message_7d1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_ce(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_7e1(&result, &product);); - invert_ntt_montgomery_771(&result); - result = subtract_reduce_89_12(v, result); + ntt_multiply_89_04(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_981(&result, &product);); + invert_ntt_montgomery_3e1(&result); + result = subtract_reduce_89_ed(v, result); return result; } @@ -4026,12 +4026,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_45( +static KRML_MUSTINLINE void compress_then_serialize_message_70( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_representative_9b(re.coefficients[i0]); + __m256i coefficient = to_unsigned_representative_38(re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); uint8_t bytes[2U]; @@ -4078,18 +4078,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_531(IndCpaPrivateKeyUnpacked_a0 *secret_key, +static void decrypt_unpacked_c31(IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_221(ciphertext, u_as_ntt); + deserialize_then_decompress_u_831(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_e4( + deserialize_then_decompress_ring_element_v_86( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_141(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7d1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_45(message, ret0); + compress_then_serialize_message_70(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4103,10 +4103,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_ec1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_fd1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_651(secret_key, secret_as_ntt); + deserialize_secret_key_f11(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4117,7 +4117,7 @@ static void decrypt_ec1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_531(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_c31(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4126,7 +4126,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_ba(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_d1(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -4143,8 +4143,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_b03(Eurydice_slice input, uint8_t ret[32U]) { - PRF_ba(input, ret); +static KRML_MUSTINLINE void PRF_a9_423(Eurydice_slice input, uint8_t ret[32U]) { + PRF_d1(input, ret); } /** @@ -4169,7 +4169,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_a41( +void libcrux_ml_kem_ind_cca_decapsulate_bb1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4187,9 +4187,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_a41( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_ec1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_fd1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -4197,7 +4197,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_a41( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_5a1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_671(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4205,31 +4205,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_a41( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_6d3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_423(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d80(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_df0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_b03(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_a9_423(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_901(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_041(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_421(Eurydice_array_to_slice( + kdf_d8_d21(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_421(shared_secret0, shared_secret); + kdf_d8_d21(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_d80(ciphertext), + libcrux_ml_kem_types_as_ref_00_df0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4251,12 +4251,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_412( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b62( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_9f();); + deserialized_pk[i] = ZERO_89_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4268,7 +4268,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_412( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_4d(ring_element); + deserialize_to_reduced_ring_element_d0(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4286,7 +4286,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_6d0( +static KRML_MUSTINLINE void serialize_secret_key_fd0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -4304,7 +4304,7 @@ static KRML_MUSTINLINE void serialize_secret_key_6d0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_b6(&re, ret0); + serialize_uncompressed_ring_element_16(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4322,14 +4322,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_d00( +static KRML_MUSTINLINE void serialize_public_key_770( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_6d0(t_as_ntt, ret0); + serialize_secret_key_fd0(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4354,15 +4354,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_310(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_6e0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_412( + deserialize_ring_elements_reduced_b62( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_d00( + serialize_public_key_770( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -4380,7 +4380,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_a9_380(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_160(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -4399,11 +4399,11 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4e0( +bool libcrux_ml_kem_ind_cca_validate_private_key_fd0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext) { uint8_t t[32U]; - H_a9_380(Eurydice_array_to_subslice2( + H_a9_160(Eurydice_array_to_subslice2( private_key->value, (size_t)384U * (size_t)4U, (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), t); @@ -4423,7 +4423,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_a9_5a0(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_670(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -4437,7 +4437,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_7c0( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_510( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4448,7 +4448,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_7c0( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)4U; uint8_t ret0[64U]; - G_a9_5a0(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_a9_670(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -4458,10 +4458,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static void closure_d00( +static void closure_640( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_9f();); + ret[i] = ZERO_89_7d();); } /** @@ -4470,7 +4470,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_e50(uint8_t input[4U][34U]) { +shake128_init_absorb_2a0(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -4491,11 +4491,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_300(uint8_t input[4U][34U]) { +shake128_init_absorb_a9_1c0(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_e50(copy_of_input); + return shake128_init_absorb_2a0(copy_of_input); } /** @@ -4504,7 +4504,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_620( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c0( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -4541,9 +4541,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_a10( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_620(self, ret); + shake128_squeeze_three_blocks_0c0(self, ret); } /** @@ -4594,7 +4594,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9a1( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b1( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4631,7 +4631,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_580( +static KRML_MUSTINLINE void shake128_squeeze_block_4a0( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -4667,9 +4667,9 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_930( +static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_580(self, ret); + shake128_squeeze_block_4a0(self, ret); } /** @@ -4720,7 +4720,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9a2( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b2( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4758,9 +4758,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_a50( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_860( int16_t s[272U]) { - return from_i16_array_89_94( + return from_i16_array_89_82( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4770,7 +4770,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_160( +static KRML_MUSTINLINE void sample_from_xof_6c0( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -4779,25 +4779,25 @@ static KRML_MUSTINLINE void sample_from_xof_160( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_300(copy_of_seeds); + shake128_init_absorb_a9_1c0(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_a9_a10(&xof_state, randomness0); + shake128_squeeze_three_blocks_a9_2e0(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_9a1( + bool done = sample_from_uniform_distribution_next_6b1( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_block_a9_930(&xof_state, randomness); + shake128_squeeze_block_a9_1d0(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_9a2( + done = sample_from_uniform_distribution_next_6b2( copy_of_randomness, sampled_coefficients, out); } } @@ -4806,7 +4806,7 @@ static KRML_MUSTINLINE void sample_from_xof_160( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_a50(copy_of_out[i]);); + ret0[i] = closure_860(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -4818,12 +4818,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_b80( +static KRML_MUSTINLINE void sample_matrix_A_290( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_d00(A_transpose[i]);); + closure_640(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4838,7 +4838,7 @@ static KRML_MUSTINLINE void sample_matrix_A_b80( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_160(copy_of_seeds, sampled); + sample_from_xof_6c0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4878,7 +4878,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_e11(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_081(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -4919,9 +4919,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_9b1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_161(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_e11(input, ret); + PRFxN_081(input, ret); } /** @@ -4936,11 +4936,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_880( +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_6e0( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_9f();); + re_as_ntt[i] = ZERO_89_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4952,12 +4952,12 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_880( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_9b1(prf_inputs, prf_outputs); + PRFxN_a9_161(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_5f0( + re_as_ntt[i0] = sample_from_binomial_distribution_910( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_58(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_e1(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -4985,7 +4985,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_7e0( +static KRML_MUSTINLINE void add_to_ring_element_89_980( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5008,14 +5008,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_2d0( +static KRML_MUSTINLINE void compute_As_plus_e_6a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_9f();); + result[i] = ZERO_89_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5036,10 +5036,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_2d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_ce(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_7e0(&result[i1], &product); + ntt_multiply_89_04(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_980(&result[i1], &product); } - add_standard_error_reduce_89_67(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_c1(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -5058,10 +5058,10 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_9d0( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_510( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_7c0(key_generation_seed, hashed); + cpa_keygen_seed_d8_510(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5069,15 +5069,15 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_9d0( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); - sample_matrix_A_b80(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); + sample_matrix_A_290(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_880(copy_of_prf_input0, 0U); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_6e0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5089,20 +5089,20 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_9d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_880(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_6e0(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_2d0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_6a0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[1568U]; - serialize_public_key_d00( + serialize_public_key_770( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_6d0(secret_as_ntt, secret_key_serialized); + serialize_secret_key_fd0(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -5129,7 +5129,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_d40( +static KRML_MUSTINLINE void serialize_kem_secret_key_f50( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5155,7 +5155,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_d40( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_380(public_key, ret0); + H_a9_160(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -5193,7 +5193,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_5d0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_610(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5202,13 +5202,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_5d0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_9d0(ind_cpa_keypair_randomness); + generate_keypair_510(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_d40( + serialize_kem_secret_key_f50( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5217,13 +5217,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_5d0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_891(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_9d1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_821( - uu____2, libcrux_ml_kem_types_from_b6_961(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_f61( + uu____2, libcrux_ml_kem_types_from_b6_8c1(copy_of_public_key)); } /** @@ -5236,7 +5236,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_c60(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_e10(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5257,12 +5257,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_411( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b61( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_9f();); + deserialized_pk[i] = ZERO_89_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5274,7 +5274,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_411( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_4d(ring_element); + deserialize_to_reduced_ring_element_d0(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5294,10 +5294,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_ec0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_850(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_9f();); + error_1[i] = ZERO_89_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5309,11 +5309,11 @@ sample_ring_element_cbd_ec0(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_9b1(prf_inputs, prf_outputs); + PRFxN_a9_161(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_5f0( + sample_from_binomial_distribution_910( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -5339,9 +5339,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_b02(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_422(Eurydice_slice input, uint8_t ret[128U]) { - PRF_ba0(input, ret); + PRF_d10(input, ret); } /** @@ -5350,18 +5350,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_770( +static KRML_MUSTINLINE void invert_ntt_montgomery_3e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_23(&zeta_i, re); - invert_ntt_at_layer_2_83(&zeta_i, re); - invert_ntt_at_layer_3_38(&zeta_i, re); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_ef(re); + invert_ntt_at_layer_1_a5(&zeta_i, re); + invert_ntt_at_layer_2_0a(&zeta_i, re); + invert_ntt_at_layer_3_2b(&zeta_i, re); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_f5(re); } /** @@ -5373,14 +5373,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_620( +static KRML_MUSTINLINE void compute_vector_u_730( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_9f();); + result[i] = ZERO_89_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5400,11 +5400,11 @@ static KRML_MUSTINLINE void compute_vector_u_620( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_ce(a_element, &r_as_ntt[j]); - add_to_ring_element_89_7e0(&result[i1], &product); + ntt_multiply_89_04(a_element, &r_as_ntt[j]); + add_to_ring_element_89_980(&result[i1], &product); } - invert_ntt_montgomery_770(&result[i1]); - add_error_reduce_89_82(&result[i1], &error_1[i1]); + invert_ntt_montgomery_3e0(&result[i1]); + add_error_reduce_89_69(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -5421,18 +5421,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_960( +compute_ring_element_v_880( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_ce(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_7e0(&result, &product);); - invert_ntt_montgomery_770(&result); - result = add_message_error_reduce_89_ef(error_2, message, result); + ntt_multiply_89_04(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_980(&result, &product);); + invert_ntt_montgomery_3e0(&result); + result = add_message_error_reduce_89_c3(error_2, message, result); return result; } @@ -5442,14 +5442,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_ac0( +static KRML_MUSTINLINE void compress_then_serialize_11_c70( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_8c0(to_unsigned_representative_9b(re->coefficients[i0])); + compress_ea_390(to_unsigned_representative_38(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5467,10 +5467,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_210( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_5b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_ac0(re, uu____0); + compress_then_serialize_11_c70(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -5486,7 +5486,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_270( +static void compress_then_serialize_u_4b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -5502,7 +5502,7 @@ static void compress_then_serialize_u_270( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_210(&re, ret); + compress_then_serialize_ring_element_u_5b0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5515,9 +5515,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_150( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_e40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_cb(re, out); + compress_then_serialize_5_8c(re, out); } /** @@ -5537,24 +5537,24 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_900(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_040(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_411( + deserialize_ring_elements_reduced_b61( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_6d1(seed, ret0); - sample_matrix_A_b80(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); + sample_matrix_A_290(ret0, false, A); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_6d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_880(copy_of_prf_input0, 0U); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_6e0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -5564,7 +5564,7 @@ static void encrypt_900(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_ec0(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_850(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -5572,31 +5572,31 @@ static void encrypt_900(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_b02(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_422(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_5f0( + sample_from_binomial_distribution_910( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_620(A, r_as_ntt, error_1, u); + compute_vector_u_730(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_f5(copy_of_message); + deserialize_then_decompress_message_4d(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_960(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_880(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_270( + compress_then_serialize_u_4b0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_150( + compress_then_serialize_ring_element_v_e40( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -5613,7 +5613,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_420(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_d20(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5640,27 +5640,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_cf0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_ae0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_c60( + entropy_preprocess_d8_e10( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_380(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3d1(public_key), + H_a9_160(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_a91(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_5a0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_670(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5668,19 +5668,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_cf0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3d1(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_a91(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_900(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_040(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_331(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_131(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_420(shared_secret, shared_secret_array); + kdf_d8_d20(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -5701,12 +5701,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_650( +static KRML_MUSTINLINE void deserialize_secret_key_f10( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_9f();); + secret_as_ntt[i] = ZERO_89_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5718,7 +5718,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_650( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_cb(secret_bytes); + deserialize_to_uncompressed_ring_element_4f(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5743,8 +5743,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_360(Eurydice_slice serialized) { - return deserialize_then_decompress_11_29(serialized); +deserialize_then_decompress_ring_element_u_690(Eurydice_slice serialized) { + return deserialize_then_decompress_11_99(serialized); } /** @@ -5753,17 +5753,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_080( +static KRML_MUSTINLINE void ntt_vector_u_260( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_3d(&zeta_i, re); - ntt_at_layer_2_16(&zeta_i, re); - ntt_at_layer_1_8f(&zeta_i, re); - poly_barrett_reduce_89_ef(re); + ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_46(&zeta_i, re); + ntt_at_layer_2_53(&zeta_i, re); + ntt_at_layer_1_f7(&zeta_i, re); + poly_barrett_reduce_89_f5(re); } /** @@ -5778,12 +5778,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_220( +static KRML_MUSTINLINE void deserialize_then_decompress_u_830( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_9f();); + u_as_ntt[i] = ZERO_89_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -5801,8 +5801,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_220( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_360(u_bytes); - ntt_vector_u_080(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_690(u_bytes); + ntt_vector_u_260(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5816,8 +5816,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_e40(Eurydice_slice serialized) { - return deserialize_then_decompress_5_10(serialized); +deserialize_then_decompress_ring_element_v_860(Eurydice_slice serialized) { + return deserialize_then_decompress_5_a1(serialized); } /** @@ -5833,17 +5833,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_140( +compute_message_7d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_ce(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_7e0(&result, &product);); - invert_ntt_montgomery_770(&result); - result = subtract_reduce_89_12(v, result); + ntt_multiply_89_04(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_980(&result, &product);); + invert_ntt_montgomery_3e0(&result); + result = subtract_reduce_89_ed(v, result); return result; } @@ -5881,18 +5881,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_530(IndCpaPrivateKeyUnpacked_01 *secret_key, +static void decrypt_unpacked_c30(IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_220(ciphertext, u_as_ntt); + deserialize_then_decompress_u_830(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_e40( + deserialize_then_decompress_ring_element_v_860( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_140(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7d0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_45(message, ret0); + compress_then_serialize_message_70(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5906,10 +5906,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_ec0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_fd0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_650(secret_key, secret_as_ntt); + deserialize_secret_key_f10(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -5920,7 +5920,7 @@ static void decrypt_ec0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_530(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_c30(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5934,8 +5934,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_b01(Eurydice_slice input, uint8_t ret[32U]) { - PRF_ba(input, ret); +static KRML_MUSTINLINE void PRF_a9_421(Eurydice_slice input, uint8_t ret[32U]) { + PRF_d1(input, ret); } /** @@ -5960,7 +5960,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_a40( +void libcrux_ml_kem_ind_cca_decapsulate_bb0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5979,9 +5979,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_a40( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_ec0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_fd0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5989,7 +5989,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_a40( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_5a0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_670(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5997,31 +5997,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_a40( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_6d4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_424(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d81(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_df1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_b01(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_a9_421(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_900(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_040(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_420(Eurydice_array_to_slice( + kdf_d8_d20(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_420(shared_secret0, shared_secret); + kdf_d8_d20(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_d81(ciphertext), + libcrux_ml_kem_types_as_ref_00_df1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6043,12 +6043,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_410( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b60( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_9f();); + deserialized_pk[i] = ZERO_89_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6060,7 +6060,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_410( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_4d(ring_element); + deserialize_to_reduced_ring_element_d0(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6078,7 +6078,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_6d( +static KRML_MUSTINLINE void serialize_secret_key_fd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6096,7 +6096,7 @@ static KRML_MUSTINLINE void serialize_secret_key_6d( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_b6(&re, ret0); + serialize_uncompressed_ring_element_16(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -6114,14 +6114,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_d0( +static KRML_MUSTINLINE void serialize_public_key_77( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_6d(t_as_ntt, ret0); + serialize_secret_key_fd(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6146,15 +6146,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_31(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_6e(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_410( + deserialize_ring_elements_reduced_b60( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_d0( + serialize_public_key_77( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -6172,7 +6172,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_a9_38(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_16(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -6191,11 +6191,11 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4e( +bool libcrux_ml_kem_ind_cca_validate_private_key_fd( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; - H_a9_38(Eurydice_array_to_subslice2( + H_a9_16(Eurydice_array_to_subslice2( private_key->value, (size_t)384U * (size_t)2U, (size_t)768U * (size_t)2U + (size_t)32U, uint8_t), t); @@ -6215,7 +6215,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_a9_5a(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_67(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -6229,7 +6229,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_7c( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_51( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -6240,7 +6240,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_7c( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)2U; uint8_t ret0[64U]; - G_a9_5a(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_a9_67(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -6250,10 +6250,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static void closure_d0( +static void closure_64( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_9f();); + ret[i] = ZERO_89_7d();); } /** @@ -6262,7 +6262,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_e5(uint8_t input[2U][34U]) { +shake128_init_absorb_2a(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -6283,11 +6283,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_30(uint8_t input[2U][34U]) { +shake128_init_absorb_a9_1c(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_e5(copy_of_input); + return shake128_init_absorb_2a(copy_of_input); } /** @@ -6296,7 +6296,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_62( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -6327,9 +6327,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_a1( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_62(self, ret); + shake128_squeeze_three_blocks_0c(self, ret); } /** @@ -6380,7 +6380,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9a( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6417,7 +6417,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_58( +static KRML_MUSTINLINE void shake128_squeeze_block_4a( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -6447,9 +6447,9 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_93( +static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_58(self, ret); + shake128_squeeze_block_4a(self, ret); } /** @@ -6500,7 +6500,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9a0( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b0( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6538,9 +6538,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_a5( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_86( int16_t s[272U]) { - return from_i16_array_89_94( + return from_i16_array_89_82( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6550,7 +6550,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_16( +static KRML_MUSTINLINE void sample_from_xof_6c( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -6559,25 +6559,25 @@ static KRML_MUSTINLINE void sample_from_xof_16( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_30(copy_of_seeds); + shake128_init_absorb_a9_1c(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_a9_a1(&xof_state, randomness0); + shake128_squeeze_three_blocks_a9_2e(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_9a( + bool done = sample_from_uniform_distribution_next_6b( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_block_a9_93(&xof_state, randomness); + shake128_squeeze_block_a9_1d(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_9a0( + done = sample_from_uniform_distribution_next_6b0( copy_of_randomness, sampled_coefficients, out); } } @@ -6586,7 +6586,7 @@ static KRML_MUSTINLINE void sample_from_xof_16( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_a5(copy_of_out[i]);); + ret0[i] = closure_86(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -6598,12 +6598,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_b8( +static KRML_MUSTINLINE void sample_matrix_A_29( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_d0(A_transpose[i]);); + closure_64(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6618,7 +6618,7 @@ static KRML_MUSTINLINE void sample_matrix_A_b8( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_16(copy_of_seeds, sampled); + sample_from_xof_6c(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6658,7 +6658,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_e1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_08(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; uint8_t out0[192U] = {0U}; @@ -6693,9 +6693,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_a9_9b(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_16(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_e1(input, ret); + PRFxN_08(input, ret); } /** @@ -6705,8 +6705,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_5f(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_12(randomness); +sample_from_binomial_distribution_91(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_75(randomness); } /** @@ -6721,11 +6721,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_88( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_6e( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_9f();); + re_as_ntt[i] = ZERO_89_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6737,12 +6737,12 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_88( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_a9_9b(prf_inputs, prf_outputs); + PRFxN_a9_16(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_5f( + re_as_ntt[i0] = sample_from_binomial_distribution_91( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_58(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_e1(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -6770,7 +6770,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_7e( +static KRML_MUSTINLINE void add_to_ring_element_89_98( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -6793,14 +6793,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_2d( +static KRML_MUSTINLINE void compute_As_plus_e_6a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_9f();); + result[i] = ZERO_89_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6821,10 +6821,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_ce(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_7e(&result[i1], &product); + ntt_multiply_89_04(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_98(&result[i1], &product); } - add_standard_error_reduce_89_67(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_c1(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -6843,10 +6843,10 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_9d( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_51( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_7c(key_generation_seed, hashed); + cpa_keygen_seed_d8_51(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6854,15 +6854,15 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_9d( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); - sample_matrix_A_b8(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); + sample_matrix_A_29(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_88(copy_of_prf_input0, 0U); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_6e(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6874,20 +6874,20 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_9d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_88(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_6e(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_2d(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_6a(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[800U]; - serialize_public_key_d0( + serialize_public_key_77( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_6d(secret_as_ntt, secret_key_serialized); + serialize_secret_key_fd(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6914,7 +6914,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_d4( +static KRML_MUSTINLINE void serialize_kem_secret_key_f5( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6940,7 +6940,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_d4( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_38(public_key, ret0); + H_a9_16(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -6977,7 +6977,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_5d( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_61( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6987,13 +6987,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_5d( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_9d(ind_cpa_keypair_randomness); + generate_keypair_51(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_d4( + serialize_kem_secret_key_f5( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7002,13 +7002,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_5d( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_89(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_9d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_82( - uu____2, libcrux_ml_kem_types_from_b6_96(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_f6( + uu____2, libcrux_ml_kem_types_from_b6_8c(copy_of_public_key)); } /** @@ -7021,7 +7021,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_c6(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_e1(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7042,12 +7042,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_41( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b6( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_9f();); + deserialized_pk[i] = ZERO_89_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7059,7 +7059,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_41( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_4d(ring_element); + deserialize_to_reduced_ring_element_d0(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7073,7 +7073,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_e10(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_080(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -7108,9 +7108,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_9b0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_160(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_e10(input, ret); + PRFxN_080(input, ret); } /** @@ -7125,10 +7125,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_ec(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_85(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_9f();); + error_1[i] = ZERO_89_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7140,11 +7140,11 @@ sample_ring_element_cbd_ec(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_a9_9b0(prf_inputs, prf_outputs); + PRFxN_a9_160(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_5f0( + sample_from_binomial_distribution_910( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -7170,9 +7170,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_b00(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_420(Eurydice_slice input, uint8_t ret[128U]) { - PRF_ba0(input, ret); + PRF_d10(input, ret); } /** @@ -7181,18 +7181,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_77( +static KRML_MUSTINLINE void invert_ntt_montgomery_3e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_23(&zeta_i, re); - invert_ntt_at_layer_2_83(&zeta_i, re); - invert_ntt_at_layer_3_38(&zeta_i, re); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_ef(re); + invert_ntt_at_layer_1_a5(&zeta_i, re); + invert_ntt_at_layer_2_0a(&zeta_i, re); + invert_ntt_at_layer_3_2b(&zeta_i, re); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_f5(re); } /** @@ -7204,14 +7204,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_62( +static KRML_MUSTINLINE void compute_vector_u_73( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_9f();); + result[i] = ZERO_89_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7231,11 +7231,11 @@ static KRML_MUSTINLINE void compute_vector_u_62( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_ce(a_element, &r_as_ntt[j]); - add_to_ring_element_89_7e(&result[i1], &product); + ntt_multiply_89_04(a_element, &r_as_ntt[j]); + add_to_ring_element_89_98(&result[i1], &product); } - invert_ntt_montgomery_77(&result[i1]); - add_error_reduce_89_82(&result[i1], &error_1[i1]); + invert_ntt_montgomery_3e(&result[i1]); + add_error_reduce_89_69(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -7252,18 +7252,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_96( +compute_ring_element_v_88( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_ce(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_7e(&result, &product);); - invert_ntt_montgomery_77(&result); - result = add_message_error_reduce_89_ef(error_2, message, result); + ntt_multiply_89_04(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_98(&result, &product);); + invert_ntt_montgomery_3e(&result); + result = add_message_error_reduce_89_c3(error_2, message, result); return result; } @@ -7279,7 +7279,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_27( +static void compress_then_serialize_u_4b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7295,7 +7295,7 @@ static void compress_then_serialize_u_27( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_21(&re, ret); + compress_then_serialize_ring_element_u_5b(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7318,24 +7318,24 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_90(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_04(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_41( + deserialize_ring_elements_reduced_b6( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_6d1(seed, ret0); - sample_matrix_A_b8(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); + sample_matrix_A_29(ret0, false, A); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_6d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_88(copy_of_prf_input0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_6e(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -7345,7 +7345,7 @@ static void encrypt_90(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_ec(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_85(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7353,31 +7353,31 @@ static void encrypt_90(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_b00(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_420(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_5f0( + sample_from_binomial_distribution_910( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_62(A, r_as_ntt, error_1, u); + compute_vector_u_73(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_f5(copy_of_message); + deserialize_then_decompress_message_4d(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_96(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_88(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_27( + compress_then_serialize_u_4b( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_15( + compress_then_serialize_ring_element_v_e4( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7394,7 +7394,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_42(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_d2(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7421,27 +7421,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_cf( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_ae( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_c6( + entropy_preprocess_d8_e1( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_38(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3d(public_key), + H_a9_16(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_a9(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_5a(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_67(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7449,19 +7449,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_cf( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3d(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_a9(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_90(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_04(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_33(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_13(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_42(shared_secret, shared_secret_array); + kdf_d8_d2(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7482,12 +7482,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_65( +static KRML_MUSTINLINE void deserialize_secret_key_f1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_9f();); + secret_as_ntt[i] = ZERO_89_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7499,7 +7499,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_65( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_cb(secret_bytes); + deserialize_to_uncompressed_ring_element_4f(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7529,12 +7529,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_22( +static KRML_MUSTINLINE void deserialize_then_decompress_u_83( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_9f();); + u_as_ntt[i] = ZERO_89_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7552,8 +7552,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_22( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_36(u_bytes); - ntt_vector_u_08(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_69(u_bytes); + ntt_vector_u_26(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7573,17 +7573,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_14( +compute_message_7d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9f(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_ce(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_7e(&result, &product);); - invert_ntt_montgomery_77(&result); - result = subtract_reduce_89_12(v, result); + ntt_multiply_89_04(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_98(&result, &product);); + invert_ntt_montgomery_3e(&result); + result = subtract_reduce_89_ed(v, result); return result; } @@ -7621,18 +7621,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_53(IndCpaPrivateKeyUnpacked_d6 *secret_key, +static void decrypt_unpacked_c3(IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_22(ciphertext, u_as_ntt); + deserialize_then_decompress_u_83(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_e4( + deserialize_then_decompress_ring_element_v_86( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_14(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7d(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_45(message, ret0); + compress_then_serialize_message_70(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7646,10 +7646,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_ec(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_fd(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_65(secret_key, secret_as_ntt); + deserialize_secret_key_f1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -7660,7 +7660,7 @@ static void decrypt_ec(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_53(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_c3(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7674,8 +7674,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_b0(Eurydice_slice input, uint8_t ret[32U]) { - PRF_ba(input, ret); +static KRML_MUSTINLINE void PRF_a9_42(Eurydice_slice input, uint8_t ret[32U]) { + PRF_d1(input, ret); } /** @@ -7700,7 +7700,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_a4( +void libcrux_ml_kem_ind_cca_decapsulate_bb( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7718,9 +7718,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_a4( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_ec(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_fd(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -7728,7 +7728,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_a4( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_5a(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_67(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7736,30 +7736,30 @@ void libcrux_ml_kem_ind_cca_decapsulate_a4( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_6d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d8(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_df(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_b0(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_a9_42(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_90(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_04(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_42(Eurydice_array_to_slice((size_t)32U, + kdf_d8_d2(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_42(shared_secret0, shared_secret); + kdf_d8_d2(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_d8(ciphertext), + libcrux_ml_kem_types_as_ref_00_df(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 7ec08a99f..ff2b51df5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index faa720af9..3cb9f2f65 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #include "internal/libcrux_mlkem_portable.h" @@ -2241,7 +2241,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_c3(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_19(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2275,8 +2275,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_45(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); +deserialize_to_reduced_ring_element_3f(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2304,12 +2304,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_4f4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_c3();); + deserialized_pk[i] = ZERO_89_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2321,7 +2321,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_4f4( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_45(ring_element); + deserialize_to_reduced_ring_element_3f(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2335,7 +2335,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_b0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_0f(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2354,8 +2354,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_01(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_b0(v); +shift_right_0d_1e(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_0f(v); } /** @@ -2365,10 +2365,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_84( +to_unsigned_representative_5d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_01(a); + shift_right_0d_1e(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2381,14 +2381,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_3c( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_47( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_84(re->coefficients[i0]); + to_unsigned_representative_5d(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2409,7 +2409,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_a31( +static KRML_MUSTINLINE void serialize_secret_key_6c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2427,7 +2427,7 @@ static KRML_MUSTINLINE void serialize_secret_key_a31( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_3c(&re, ret0); + serialize_uncompressed_ring_element_47(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -2445,14 +2445,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_671( +static KRML_MUSTINLINE void serialize_public_key_5d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_a31(t_as_ntt, ret0); + serialize_secret_key_6c1(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -2477,15 +2477,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_b71(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_7b1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_4f4( + deserialize_ring_elements_reduced_7e4( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_671( + serialize_public_key_5d1( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2503,7 +2503,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_191(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_c61(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -2522,11 +2522,11 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_dc( +bool libcrux_ml_kem_ind_cca_validate_private_key_be( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext) { uint8_t t[32U]; - H_f1_191(Eurydice_array_to_subslice2( + H_f1_c61(Eurydice_array_to_subslice2( private_key->value, (size_t)384U * (size_t)4U, (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), t); @@ -2546,7 +2546,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_381(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_071(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2560,7 +2560,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_72( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_e0( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -2571,7 +2571,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_72( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)4U; uint8_t ret0[64U]; - G_f1_381(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_f1_071(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -2582,10 +2582,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_fc1( +static void closure_8e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_c3();); + ret[i] = ZERO_89_19();); } /** @@ -2603,7 +2603,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_791(uint8_t input[4U][34U]) { +shake128_init_absorb_371(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2634,11 +2634,11 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_f1_771(uint8_t input[4U][34U]) { +shake128_init_absorb_f1_171(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_791(copy_of_input); + return shake128_init_absorb_371(copy_of_input); } /** @@ -2647,7 +2647,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_eb1( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_721( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2668,9 +2668,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_841( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_751( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_eb1(self, ret); + shake128_squeeze_three_blocks_721(self, ret); } /** @@ -2721,7 +2721,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_173( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b3( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2759,7 +2759,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_3b1(PortableHash_d1 *st, +static KRML_MUSTINLINE void shake128_squeeze_block_e61(PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2780,9 +2780,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_8e1( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_481( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_3b1(self, ret); + shake128_squeeze_block_e61(self, ret); } /** @@ -2833,7 +2833,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_174( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b4( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2876,8 +2876,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_89_33(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); +from_i16_array_89_4e(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2897,9 +2897,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_e41( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_971( int16_t s[272U]) { - return from_i16_array_89_33( + return from_i16_array_89_4e( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2910,7 +2910,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_461( +static KRML_MUSTINLINE void sample_from_xof_2f1( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -2918,25 +2918,25 @@ static KRML_MUSTINLINE void sample_from_xof_461( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_f1_771(copy_of_seeds); + PortableHash_d1 xof_state = shake128_init_absorb_f1_171(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_f1_841(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_751(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_173( + bool done = sample_from_uniform_distribution_next_9b3( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_block_f1_8e1(&xof_state, randomness); + shake128_squeeze_block_f1_481(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_174( + done = sample_from_uniform_distribution_next_9b4( copy_of_randomness, sampled_coefficients, out); } } @@ -2945,7 +2945,7 @@ static KRML_MUSTINLINE void sample_from_xof_461( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_e41(copy_of_out[i]);); + ret0[i] = closure_971(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2958,12 +2958,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_e71( +static KRML_MUSTINLINE void sample_matrix_A_3c1( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_fc1(A_transpose[i]);); + closure_8e1(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -2978,7 +2978,7 @@ static KRML_MUSTINLINE void sample_matrix_A_e71( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_461(copy_of_seeds, sampled); + sample_from_xof_2f1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3018,7 +3018,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_d52(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4( @@ -3039,9 +3039,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_d52(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_9f2(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_1c2(input, ret); + PRFxN_d52(input, ret); } /** @@ -3100,7 +3100,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_7b(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_f0(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -3134,7 +3134,7 @@ sample_from_binomial_distribution_2_7b(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_33( + return from_i16_array_89_4e( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3145,7 +3145,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_14(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_77(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -3178,7 +3178,7 @@ sample_from_binomial_distribution_3_14(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_33( + return from_i16_array_89_4e( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3189,8 +3189,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_ca(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_7b(randomness); +sample_from_binomial_distribution_63(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_f0(randomness); } /** @@ -3199,7 +3199,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_60( +static KRML_MUSTINLINE void ntt_at_layer_7_ca( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3227,7 +3227,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_05( +montgomery_multiply_fe_b1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3241,12 +3241,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_88( + ntt_layer_int_vec_step_96( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_05(b, zeta_r); + montgomery_multiply_fe_b1(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3260,7 +3260,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_8c( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_05( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3273,7 +3273,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_8c( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_88( + ntt_layer_int_vec_step_96( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3290,7 +3290,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_34( +static KRML_MUSTINLINE void ntt_at_layer_3_38( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3308,7 +3308,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_26( +static KRML_MUSTINLINE void ntt_at_layer_2_6d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3328,7 +3328,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_3c( +static KRML_MUSTINLINE void ntt_at_layer_1_0b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3356,7 +3356,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_d8( +static KRML_MUSTINLINE void poly_barrett_reduce_89_62( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3374,17 +3374,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_63( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_c4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_60(re); + ntt_at_layer_7_ca(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_26(&zeta_i, re); - ntt_at_layer_1_3c(&zeta_i, re); - poly_barrett_reduce_89_d8(re); + ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_38(&zeta_i, re); + ntt_at_layer_2_6d(&zeta_i, re); + ntt_at_layer_1_0b(&zeta_i, re); + poly_barrett_reduce_89_62(re); } /** @@ -3400,11 +3400,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_781( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_ce1( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_c3();); + re_as_ntt[i] = ZERO_89_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3416,12 +3416,12 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_781( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_d52(prf_inputs, prf_outputs); + PRFxN_f1_9f2(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_ca( + re_as_ntt[i0] = sample_from_binomial_distribution_63( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_63(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_c4(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -3473,9 +3473,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_89_3b(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_89_58(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_c3(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3512,7 +3512,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_1e1( +static KRML_MUSTINLINE void add_to_ring_element_89_881( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3537,7 +3537,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_21( +to_standard_domain_97( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3553,14 +3553,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_64( +static KRML_MUSTINLINE void add_standard_error_reduce_89_82( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_21(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_97(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3578,14 +3578,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_c71( +static KRML_MUSTINLINE void compute_As_plus_e_c81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_c3();); + result[i] = ZERO_89_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3606,10 +3606,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_c71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_3b(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_1e1(&result[i1], &product); + ntt_multiply_89_58(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_881(&result[i1], &product); } - add_standard_error_reduce_89_64(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_82(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -3628,10 +3628,10 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_a21( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_021( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_72(key_generation_seed, hashed); + cpa_keygen_seed_d8_e0(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3639,15 +3639,15 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_a21( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); - sample_matrix_A_e71(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); + sample_matrix_A_3c1(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_781(copy_of_prf_input0, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_ce1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -3659,20 +3659,20 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_a21( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_781(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_ce1(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_c71(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_c81(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[1568U]; - serialize_public_key_671( + serialize_public_key_5d1( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_a31(secret_as_ntt, secret_key_serialized); + serialize_secret_key_6c1(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3699,7 +3699,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_7d( +static KRML_MUSTINLINE void serialize_kem_secret_key_b2( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3725,7 +3725,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_7d( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_191(public_key, ret0); + H_f1_c61(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -3763,7 +3763,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f61(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d41(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3772,13 +3772,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f61(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_a21(ind_cpa_keypair_randomness); + generate_keypair_021(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_7d( + serialize_kem_secret_key_b2( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3787,13 +3787,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f61(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_891(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_9d1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_821( - uu____2, libcrux_ml_kem_types_from_b6_961(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_f61( + uu____2, libcrux_ml_kem_types_from_b6_8c1(copy_of_public_key)); } /** @@ -3806,7 +3806,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_d1(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_1b(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3827,12 +3827,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_4f3( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e3( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_c3();); + deserialized_pk[i] = ZERO_89_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3844,7 +3844,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_4f3( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_45(ring_element); + deserialize_to_reduced_ring_element_3f(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -3865,10 +3865,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_a81(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_3a1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_c3();); + error_1[i] = ZERO_89_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3880,11 +3880,11 @@ sample_ring_element_cbd_a81(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_d52(prf_inputs, prf_outputs); + PRFxN_f1_9f2(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_ca( + sample_from_binomial_distribution_63( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -3905,7 +3905,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_7c0(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_440(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -3922,9 +3922,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_2e4(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_9d4(Eurydice_slice input, uint8_t ret[128U]) { - PRF_7c0(input, ret); + PRF_440(input, ret); } /** @@ -3933,7 +3933,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_4b( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_ca( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3957,7 +3957,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_2b( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_06( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3977,7 +3977,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_97( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_0d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3997,7 +3997,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_aa( + inv_ntt_layer_int_vec_step_reduce_df( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4005,7 +4005,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_05(a_minus_b, zeta_r); + b = montgomery_multiply_fe_b1(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4017,7 +4017,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_04( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_07( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4032,7 +4032,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_04( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_aa( + inv_ntt_layer_int_vec_step_reduce_df( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4049,18 +4049,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_c91( +static KRML_MUSTINLINE void invert_ntt_montgomery_471( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_4b(&zeta_i, re); - invert_ntt_at_layer_2_2b(&zeta_i, re); - invert_ntt_at_layer_3_97(&zeta_i, re); - invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_d8(re); + invert_ntt_at_layer_1_ca(&zeta_i, re); + invert_ntt_at_layer_2_06(&zeta_i, re); + invert_ntt_at_layer_3_0d(&zeta_i, re); + invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_62(re); } /** @@ -4073,7 +4073,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_5d( +static KRML_MUSTINLINE void add_error_reduce_89_20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4100,14 +4100,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_931( +static KRML_MUSTINLINE void compute_vector_u_771( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_c3();); + result[i] = ZERO_89_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4127,11 +4127,11 @@ static KRML_MUSTINLINE void compute_vector_u_931( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_3b(a_element, &r_as_ntt[j]); - add_to_ring_element_89_1e1(&result[i1], &product); + ntt_multiply_89_58(a_element, &r_as_ntt[j]); + add_to_ring_element_89_881(&result[i1], &product); } - invert_ntt_montgomery_c91(&result[i1]); - add_error_reduce_89_5d(&result[i1], &error_1[i1]); + invert_ntt_montgomery_471(&result[i1]); + add_error_reduce_89_20(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4145,7 +4145,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_3e(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_75(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4159,8 +4159,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_f7(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); +deserialize_then_decompress_message_94(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4170,7 +4170,7 @@ deserialize_then_decompress_message_f7(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_3e(coefficient_compressed); + decompress_1_75(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4186,7 +4186,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_c4( +add_message_error_reduce_89_57( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4219,18 +4219,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_541( +compute_ring_element_v_fe1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_3b(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_1e1(&result, &product);); - invert_ntt_montgomery_c91(&result); - result = add_message_error_reduce_89_c4(error_2, message, result); + ntt_multiply_89_58(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_881(&result, &product);); + invert_ntt_montgomery_471(&result); + result = add_message_error_reduce_89_57(error_2, message, result); return result; } @@ -4240,7 +4240,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_dc(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_53(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4261,9 +4261,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_96( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_fd( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_dc(v); + return compress_53(v); } /** @@ -4272,7 +4272,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_dc0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_530(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4294,8 +4294,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_960(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_dc0(v); +compress_0d_fd0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_530(v); } /** @@ -4304,14 +4304,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_ef0( +static KRML_MUSTINLINE void compress_then_serialize_11_6f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_960(to_unsigned_representative_84(re->coefficients[i0])); + compress_0d_fd0(to_unsigned_representative_5d(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4329,10 +4329,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2e0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_ef0(re, uu____0); + compress_then_serialize_11_6f0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4348,7 +4348,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_281( +static void compress_then_serialize_u_861( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4364,7 +4364,7 @@ static void compress_then_serialize_u_281( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_2e0(&re, ret); + compress_then_serialize_ring_element_u_4e0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4376,7 +4376,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_dc1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_531(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4398,8 +4398,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_961(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_dc1(v); +compress_0d_fd1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_531(v); } /** @@ -4408,14 +4408,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_80( +static KRML_MUSTINLINE void compress_then_serialize_4_97( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_961(to_unsigned_representative_84(re.coefficients[i0])); + compress_0d_fd1(to_unsigned_representative_5d(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4431,7 +4431,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_dc2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_532(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4453,8 +4453,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_962(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_dc2(v); +compress_0d_fd2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_532(v); } /** @@ -4463,14 +4463,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_3c( +static KRML_MUSTINLINE void compress_then_serialize_5_0a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_962(to_unsigned_representative_84(re.coefficients[i0])); + compress_0d_fd2(to_unsigned_representative_5d(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4487,9 +4487,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_650( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_800( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_3c(re, out); + compress_then_serialize_5_0a(re, out); } /** @@ -4510,24 +4510,24 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_7b1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_8c1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_4f3( + deserialize_ring_elements_reduced_7e3( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_6d1(seed, ret0); - sample_matrix_A_e71(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); + sample_matrix_A_3c1(ret0, false, A); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_6d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_781(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_ce1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4537,7 +4537,7 @@ static void encrypt_7b1(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_a81(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_3a1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4545,31 +4545,31 @@ static void encrypt_7b1(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_2e4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_9d4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_ca( + sample_from_binomial_distribution_63( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_931(A, r_as_ntt, error_1, u); + compute_vector_u_771(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f7(copy_of_message); + deserialize_then_decompress_message_94(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_541(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_fe1(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_281( + compress_then_serialize_u_861( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_650( + compress_then_serialize_ring_element_v_800( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4586,7 +4586,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_93(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_d9(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4613,27 +4613,27 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_eb1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_d1( + entropy_preprocess_d8_1b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_191(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3d1(public_key), + H_f1_c61(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_a91(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_381(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_071(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4641,19 +4641,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_eb1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3d1(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_a91(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_7b1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_8c1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_331(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_131(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_93(shared_secret, shared_secret_array); + kdf_d8_d9(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -4672,8 +4672,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_27(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); +deserialize_to_uncompressed_ring_element_79(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4695,12 +4695,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_7b1( +static KRML_MUSTINLINE void deserialize_secret_key_301( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_c3();); + secret_as_ntt[i] = ZERO_89_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4712,7 +4712,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_7b1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_27(secret_bytes); + deserialize_to_uncompressed_ring_element_79(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4737,7 +4737,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_84( +decompress_ciphertext_coefficient_86( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4762,9 +4762,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_b3( +decompress_ciphertext_coefficient_0d_4c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_84(v); + return decompress_ciphertext_coefficient_86(v); } /** @@ -4774,8 +4774,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_50(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); +deserialize_then_decompress_10_4c(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -4784,7 +4784,7 @@ deserialize_then_decompress_10_50(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_b3(coefficient); + decompress_ciphertext_coefficient_0d_4c(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4797,7 +4797,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_840( +decompress_ciphertext_coefficient_860( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4822,9 +4822,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_b30( +decompress_ciphertext_coefficient_0d_4c0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_840(v); + return decompress_ciphertext_coefficient_860(v); } /** @@ -4834,8 +4834,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_1f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); +deserialize_then_decompress_11_c3(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4844,7 +4844,7 @@ deserialize_then_decompress_11_1f(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_b30(coefficient); + decompress_ciphertext_coefficient_0d_4c0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4857,8 +4857,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_c20(Eurydice_slice serialized) { - return deserialize_then_decompress_11_1f(serialized); +deserialize_then_decompress_ring_element_u_770(Eurydice_slice serialized) { + return deserialize_then_decompress_11_c3(serialized); } /** @@ -4867,17 +4867,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_6f0( +static KRML_MUSTINLINE void ntt_vector_u_340( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_26(&zeta_i, re); - ntt_at_layer_1_3c(&zeta_i, re); - poly_barrett_reduce_89_d8(re); + ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_38(&zeta_i, re); + ntt_at_layer_2_6d(&zeta_i, re); + ntt_at_layer_1_0b(&zeta_i, re); + poly_barrett_reduce_89_62(re); } /** @@ -4892,12 +4892,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_1a1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_321( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_c3();); + u_as_ntt[i] = ZERO_89_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -4915,8 +4915,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1a1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_c20(u_bytes); - ntt_vector_u_6f0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_770(u_bytes); + ntt_vector_u_340(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4930,7 +4930,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_841( +decompress_ciphertext_coefficient_861( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4955,9 +4955,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_b31( +decompress_ciphertext_coefficient_0d_4c1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_841(v); + return decompress_ciphertext_coefficient_861(v); } /** @@ -4967,8 +4967,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_94(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); +deserialize_then_decompress_4_ad(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -4977,7 +4977,7 @@ deserialize_then_decompress_4_94(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_b31(coefficient); + decompress_ciphertext_coefficient_0d_4c1(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4990,7 +4990,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_842( +decompress_ciphertext_coefficient_862( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5015,9 +5015,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_b32( +decompress_ciphertext_coefficient_0d_4c2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_842(v); + return decompress_ciphertext_coefficient_862(v); } /** @@ -5027,8 +5027,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_100(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_c3(); +deserialize_then_decompress_5_3f(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5037,7 +5037,7 @@ deserialize_then_decompress_5_100(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_b32(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_4c2(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5050,8 +5050,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_930(Eurydice_slice serialized) { - return deserialize_then_decompress_5_100(serialized); +deserialize_then_decompress_ring_element_v_0d0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_3f(serialized); } /** @@ -5065,7 +5065,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_ee(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5096,17 +5096,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_c91( +compute_message_291( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_3b(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_1e1(&result, &product);); - invert_ntt_montgomery_c91(&result); - result = subtract_reduce_89_61(v, result); + ntt_multiply_89_58(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_881(&result, &product);); + invert_ntt_montgomery_471(&result); + result = subtract_reduce_89_ee(v, result); return result; } @@ -5116,13 +5116,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_d4( +static KRML_MUSTINLINE void compress_then_serialize_message_62( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_84(re.coefficients[i0]); + to_unsigned_representative_5d(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5170,18 +5170,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_6b1(IndCpaPrivateKeyUnpacked_42 *secret_key, +static void decrypt_unpacked_3c1(IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_1a1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_321(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_930( + deserialize_then_decompress_ring_element_v_0d0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_c91(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_291(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_d4(message, ret0); + compress_then_serialize_message_62(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5195,10 +5195,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_121(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_d31(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_7b1(secret_key, secret_as_ntt); + deserialize_secret_key_301(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5209,7 +5209,7 @@ static void decrypt_121(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_6b1(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_3c1(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5218,7 +5218,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_7c(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_44(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -5235,8 +5235,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_2e3(Eurydice_slice input, uint8_t ret[32U]) { - PRF_7c(input, ret); +static KRML_MUSTINLINE void PRF_f1_9d3(Eurydice_slice input, uint8_t ret[32U]) { + PRF_44(input, ret); } /** @@ -5261,7 +5261,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_1f1( +void libcrux_ml_kem_ind_cca_decapsulate_641( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5280,9 +5280,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_1f1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_121(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_d31(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5290,7 +5290,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_1f1( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_381(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_071(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5298,31 +5298,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_1f1( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_6d4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_424(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d81(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_df1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_2e3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_f1_9d3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_7b1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_8c1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_93(Eurydice_array_to_slice((size_t)32U, + kdf_d8_d9(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_93(shared_secret0, shared_secret); + kdf_d8_d9(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_d81(ciphertext), + libcrux_ml_kem_types_as_ref_00_df1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5344,12 +5344,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_4f2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e2( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_c3();); + deserialized_pk[i] = ZERO_89_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5361,7 +5361,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_4f2( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_45(ring_element); + deserialize_to_reduced_ring_element_3f(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5379,7 +5379,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_a30( +static KRML_MUSTINLINE void serialize_secret_key_6c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5397,7 +5397,7 @@ static KRML_MUSTINLINE void serialize_secret_key_a30( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_3c(&re, ret0); + serialize_uncompressed_ring_element_47(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5415,14 +5415,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_670( +static KRML_MUSTINLINE void serialize_public_key_5d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_a30(t_as_ntt, ret0); + serialize_secret_key_6c0(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5447,15 +5447,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_b70(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_7b0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_4f2( + deserialize_ring_elements_reduced_7e2( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_670( + serialize_public_key_5d0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5473,7 +5473,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_190(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_c60(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5492,11 +5492,11 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_03( +bool libcrux_ml_kem_ind_cca_validate_private_key_db( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; - H_f1_190(Eurydice_array_to_subslice2( + H_f1_c60(Eurydice_array_to_subslice2( private_key->value, (size_t)384U * (size_t)2U, (size_t)768U * (size_t)2U + (size_t)32U, uint8_t), t); @@ -5516,7 +5516,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_380(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_070(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5530,7 +5530,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_4d( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_e8( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -5541,7 +5541,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_4d( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)2U; uint8_t ret0[64U]; - G_f1_380(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_f1_070(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -5552,10 +5552,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_fc0( +static void closure_8e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_c3();); + ret[i] = ZERO_89_19();); } /** @@ -5573,7 +5573,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_790(uint8_t input[2U][34U]) { +shake128_init_absorb_370(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -5604,11 +5604,11 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_f1_770(uint8_t input[2U][34U]) { +shake128_init_absorb_f1_170(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_790(copy_of_input); + return shake128_init_absorb_370(copy_of_input); } /** @@ -5617,7 +5617,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_eb0( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_720( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5638,9 +5638,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_840( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_750( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_eb0(self, ret); + shake128_squeeze_three_blocks_720(self, ret); } /** @@ -5691,7 +5691,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_171( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b1( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5729,7 +5729,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_3b0(PortableHash_8b *st, +static KRML_MUSTINLINE void shake128_squeeze_block_e60(PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5750,9 +5750,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_8e0( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_480( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_3b0(self, ret); + shake128_squeeze_block_e60(self, ret); } /** @@ -5803,7 +5803,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_172( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b2( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5842,9 +5842,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_e40( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_970( int16_t s[272U]) { - return from_i16_array_89_33( + return from_i16_array_89_4e( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5855,7 +5855,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_460( +static KRML_MUSTINLINE void sample_from_xof_2f0( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -5863,25 +5863,25 @@ static KRML_MUSTINLINE void sample_from_xof_460( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_f1_770(copy_of_seeds); + PortableHash_8b xof_state = shake128_init_absorb_f1_170(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_f1_840(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_750(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_171( + bool done = sample_from_uniform_distribution_next_9b1( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_block_f1_8e0(&xof_state, randomness); + shake128_squeeze_block_f1_480(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_172( + done = sample_from_uniform_distribution_next_9b2( copy_of_randomness, sampled_coefficients, out); } } @@ -5890,7 +5890,7 @@ static KRML_MUSTINLINE void sample_from_xof_460( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_e40(copy_of_out[i]);); + ret0[i] = closure_970(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5903,12 +5903,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_e70( +static KRML_MUSTINLINE void sample_matrix_A_3c0( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_fc0(A_transpose[i]);); + closure_8e0(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5923,7 +5923,7 @@ static KRML_MUSTINLINE void sample_matrix_A_e70( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_460(copy_of_seeds, sampled); + sample_from_xof_2f0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5963,7 +5963,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_d50(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5984,9 +5984,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_d50(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_9f0(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_1c0(input, ret); + PRFxN_d50(input, ret); } /** @@ -5996,8 +5996,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_ca0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_14(randomness); +sample_from_binomial_distribution_630(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_77(randomness); } /** @@ -6013,11 +6013,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_780( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_ce0( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_c3();); + re_as_ntt[i] = ZERO_89_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6029,12 +6029,12 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_780( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_d50(prf_inputs, prf_outputs); + PRFxN_f1_9f0(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_ca0( + re_as_ntt[i0] = sample_from_binomial_distribution_630( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_63(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_c4(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -6062,7 +6062,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_1e0( +static KRML_MUSTINLINE void add_to_ring_element_89_880( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6089,14 +6089,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_c70( +static KRML_MUSTINLINE void compute_As_plus_e_c80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_c3();); + result[i] = ZERO_89_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6117,10 +6117,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_c70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_3b(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_1e0(&result[i1], &product); + ntt_multiply_89_58(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_880(&result[i1], &product); } - add_standard_error_reduce_89_64(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_82(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -6139,10 +6139,10 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_a20( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_020( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_4d(key_generation_seed, hashed); + cpa_keygen_seed_d8_e8(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6150,15 +6150,15 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_a20( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); - sample_matrix_A_e70(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); + sample_matrix_A_3c0(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_780(copy_of_prf_input0, 0U); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_ce0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6170,20 +6170,20 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_a20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_780(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_ce0(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_c70(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_c80(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[800U]; - serialize_public_key_670( + serialize_public_key_5d0( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_a30(secret_as_ntt, secret_key_serialized); + serialize_secret_key_6c0(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6210,7 +6210,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_19( +static KRML_MUSTINLINE void serialize_kem_secret_key_a8( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6236,7 +6236,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_19( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_190(public_key, ret0); + H_f1_c60(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -6274,7 +6274,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_f60(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d40(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6283,13 +6283,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f60(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_a20(ind_cpa_keypair_randomness); + generate_keypair_020(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_19( + serialize_kem_secret_key_a8( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6298,13 +6298,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f60(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_89(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_9d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_82( - uu____2, libcrux_ml_kem_types_from_b6_96(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_f6( + uu____2, libcrux_ml_kem_types_from_b6_8c(copy_of_public_key)); } /** @@ -6317,7 +6317,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_6c(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_3c(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6338,12 +6338,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_4f1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_c3();); + deserialized_pk[i] = ZERO_89_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6355,7 +6355,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_4f1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_45(ring_element); + deserialize_to_reduced_ring_element_3f(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6369,7 +6369,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_d51(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2( @@ -6390,9 +6390,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_d51(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_9f1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_1c1(input, ret); + PRFxN_d51(input, ret); } /** @@ -6408,10 +6408,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_a80(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_3a0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_c3();); + error_1[i] = ZERO_89_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6423,11 +6423,11 @@ sample_ring_element_cbd_a80(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_d51(prf_inputs, prf_outputs); + PRFxN_f1_9f1(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_ca( + sample_from_binomial_distribution_63( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -6453,9 +6453,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_2e2(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_9d2(Eurydice_slice input, uint8_t ret[128U]) { - PRF_7c0(input, ret); + PRF_440(input, ret); } /** @@ -6464,18 +6464,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_c90( +static KRML_MUSTINLINE void invert_ntt_montgomery_470( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_4b(&zeta_i, re); - invert_ntt_at_layer_2_2b(&zeta_i, re); - invert_ntt_at_layer_3_97(&zeta_i, re); - invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_d8(re); + invert_ntt_at_layer_1_ca(&zeta_i, re); + invert_ntt_at_layer_2_06(&zeta_i, re); + invert_ntt_at_layer_3_0d(&zeta_i, re); + invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_62(re); } /** @@ -6487,14 +6487,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_930( +static KRML_MUSTINLINE void compute_vector_u_770( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_c3();); + result[i] = ZERO_89_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6514,11 +6514,11 @@ static KRML_MUSTINLINE void compute_vector_u_930( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_3b(a_element, &r_as_ntt[j]); - add_to_ring_element_89_1e0(&result[i1], &product); + ntt_multiply_89_58(a_element, &r_as_ntt[j]); + add_to_ring_element_89_880(&result[i1], &product); } - invert_ntt_montgomery_c90(&result[i1]); - add_error_reduce_89_5d(&result[i1], &error_1[i1]); + invert_ntt_montgomery_470(&result[i1]); + add_error_reduce_89_20(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -6535,18 +6535,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_540( +compute_ring_element_v_fe0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_3b(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_1e0(&result, &product);); - invert_ntt_montgomery_c90(&result); - result = add_message_error_reduce_89_c4(error_2, message, result); + ntt_multiply_89_58(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_880(&result, &product);); + invert_ntt_montgomery_470(&result); + result = add_message_error_reduce_89_57(error_2, message, result); return result; } @@ -6556,14 +6556,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_88( +static KRML_MUSTINLINE void compress_then_serialize_10_f3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_96(to_unsigned_representative_84(re->coefficients[i0])); + compress_0d_fd(to_unsigned_representative_5d(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6581,10 +6581,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2e( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_88(re, uu____0); + compress_then_serialize_10_f3(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6600,7 +6600,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_280( +static void compress_then_serialize_u_860( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6616,7 +6616,7 @@ static void compress_then_serialize_u_280( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_2e(&re, ret); + compress_then_serialize_ring_element_u_4e(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -6629,9 +6629,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_65( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_80(re, out); + compress_then_serialize_4_97(re, out); } /** @@ -6652,24 +6652,24 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_7b0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_8c0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_4f1( + deserialize_ring_elements_reduced_7e1( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_6d1(seed, ret0); - sample_matrix_A_e70(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); + sample_matrix_A_3c0(ret0, false, A); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_6d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_780(copy_of_prf_input0, 0U); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_ce0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6679,7 +6679,7 @@ static void encrypt_7b0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_a80(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_3a0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6687,31 +6687,31 @@ static void encrypt_7b0(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_2e2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_9d2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_ca( + sample_from_binomial_distribution_63( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_930(A, r_as_ntt, error_1, u); + compute_vector_u_770(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f7(copy_of_message); + deserialize_then_decompress_message_94(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_540(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_fe0(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_280( + compress_then_serialize_u_860( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_65( + compress_then_serialize_ring_element_v_80( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -6728,7 +6728,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_32(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_44(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6755,27 +6755,27 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_eb0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_6c( + entropy_preprocess_d8_3c( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_190(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3d(public_key), + H_f1_c60(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_a9(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_380(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_070(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6783,19 +6783,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_eb0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3d(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_a9(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_7b0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_8c0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_33(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_13(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_32(shared_secret, shared_secret_array); + kdf_d8_44(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6816,12 +6816,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_7b0( +static KRML_MUSTINLINE void deserialize_secret_key_300( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_c3();); + secret_as_ntt[i] = ZERO_89_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6833,7 +6833,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_7b0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_27(secret_bytes); + deserialize_to_uncompressed_ring_element_79(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6858,8 +6858,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_c2(Eurydice_slice serialized) { - return deserialize_then_decompress_10_50(serialized); +deserialize_then_decompress_ring_element_u_77(Eurydice_slice serialized) { + return deserialize_then_decompress_10_4c(serialized); } /** @@ -6868,17 +6868,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_6f( +static KRML_MUSTINLINE void ntt_vector_u_34( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_26(&zeta_i, re); - ntt_at_layer_1_3c(&zeta_i, re); - poly_barrett_reduce_89_d8(re); + ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_38(&zeta_i, re); + ntt_at_layer_2_6d(&zeta_i, re); + ntt_at_layer_1_0b(&zeta_i, re); + poly_barrett_reduce_89_62(re); } /** @@ -6893,12 +6893,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_1a0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_320( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_c3();); + u_as_ntt[i] = ZERO_89_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -6916,8 +6916,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1a0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_c2(u_bytes); - ntt_vector_u_6f(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_77(u_bytes); + ntt_vector_u_34(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6931,8 +6931,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_93(Eurydice_slice serialized) { - return deserialize_then_decompress_4_94(serialized); +deserialize_then_decompress_ring_element_v_0d(Eurydice_slice serialized) { + return deserialize_then_decompress_4_ad(serialized); } /** @@ -6948,17 +6948,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_c90( +compute_message_290( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_3b(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_1e0(&result, &product);); - invert_ntt_montgomery_c90(&result); - result = subtract_reduce_89_61(v, result); + ntt_multiply_89_58(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_880(&result, &product);); + invert_ntt_montgomery_470(&result); + result = subtract_reduce_89_ee(v, result); return result; } @@ -6996,18 +6996,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_6b0(IndCpaPrivateKeyUnpacked_ae *secret_key, +static void decrypt_unpacked_3c0(IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_1a0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_320(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_93( + deserialize_then_decompress_ring_element_v_0d( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_c90(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_290(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_d4(message, ret0); + compress_then_serialize_message_62(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7021,10 +7021,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_120(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_d30(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_7b0(secret_key, secret_as_ntt); + deserialize_secret_key_300(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7035,7 +7035,7 @@ static void decrypt_120(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_6b0(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_3c0(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7049,8 +7049,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { - PRF_7c(input, ret); +static KRML_MUSTINLINE void PRF_f1_9d1(Eurydice_slice input, uint8_t ret[32U]) { + PRF_44(input, ret); } /** @@ -7075,7 +7075,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_1f0( +void libcrux_ml_kem_ind_cca_decapsulate_640( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7093,9 +7093,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_1f0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_120(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_d30(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -7103,7 +7103,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_1f0( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_380(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_070(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7111,31 +7111,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_1f0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_6d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d8(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_df(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_2e1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_f1_9d1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_7b0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_8c0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_32(Eurydice_array_to_slice((size_t)32U, + kdf_d8_44(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_32(shared_secret0, shared_secret); + kdf_d8_44(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_d8(ciphertext), + libcrux_ml_kem_types_as_ref_00_df(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7157,12 +7157,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_4f0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_c3();); + deserialized_pk[i] = ZERO_89_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7174,7 +7174,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_4f0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_45(ring_element); + deserialize_to_reduced_ring_element_3f(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7192,7 +7192,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_a3( +static KRML_MUSTINLINE void serialize_secret_key_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7210,7 +7210,7 @@ static KRML_MUSTINLINE void serialize_secret_key_a3( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_3c(&re, ret0); + serialize_uncompressed_ring_element_47(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -7228,14 +7228,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_67( +static KRML_MUSTINLINE void serialize_public_key_5d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_a3(t_as_ntt, ret0); + serialize_secret_key_6c(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7260,15 +7260,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_b7(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_7b(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_4f0( + deserialize_ring_elements_reduced_7e0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_67( + serialize_public_key_5d( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -7286,7 +7286,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_19(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_c6(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -7305,11 +7305,11 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_05( +bool libcrux_ml_kem_ind_cca_validate_private_key_c7( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; - H_f1_19(Eurydice_array_to_subslice2( + H_f1_c6(Eurydice_array_to_subslice2( private_key->value, (size_t)384U * (size_t)3U, (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), t); @@ -7329,7 +7329,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_38(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_07(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7343,7 +7343,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_b0( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_0a( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -7354,7 +7354,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_b0( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)3U; uint8_t ret0[64U]; - G_f1_38(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_f1_07(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -7365,10 +7365,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_fc( +static void closure_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_c3();); + ret[i] = ZERO_89_19();); } /** @@ -7386,7 +7386,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_79(uint8_t input[3U][34U]) { +shake128_init_absorb_37(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7417,11 +7417,11 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_f1_77(uint8_t input[3U][34U]) { +shake128_init_absorb_f1_17(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_79(copy_of_input); + return shake128_init_absorb_37(copy_of_input); } /** @@ -7430,7 +7430,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_eb( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_72( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7451,9 +7451,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_84( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_75( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_eb(self, ret); + shake128_squeeze_three_blocks_72(self, ret); } /** @@ -7504,7 +7504,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_17( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7542,7 +7542,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_3b(PortableHash_58 *st, +static KRML_MUSTINLINE void shake128_squeeze_block_e6(PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7563,9 +7563,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_8e( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_48( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_3b(self, ret); + shake128_squeeze_block_e6(self, ret); } /** @@ -7616,7 +7616,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_170( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b0( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7655,9 +7655,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_e4( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_97( int16_t s[272U]) { - return from_i16_array_89_33( + return from_i16_array_89_4e( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7668,7 +7668,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_46( +static KRML_MUSTINLINE void sample_from_xof_2f( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -7676,25 +7676,25 @@ static KRML_MUSTINLINE void sample_from_xof_46( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_f1_77(copy_of_seeds); + PortableHash_58 xof_state = shake128_init_absorb_f1_17(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_f1_84(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_75(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_17( + bool done = sample_from_uniform_distribution_next_9b( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_block_f1_8e(&xof_state, randomness); + shake128_squeeze_block_f1_48(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_170( + done = sample_from_uniform_distribution_next_9b0( copy_of_randomness, sampled_coefficients, out); } } @@ -7703,7 +7703,7 @@ static KRML_MUSTINLINE void sample_from_xof_46( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_e4(copy_of_out[i]);); + ret0[i] = closure_97(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7716,12 +7716,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_e7( +static KRML_MUSTINLINE void sample_matrix_A_3c( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_fc(A_transpose[i]);); + closure_8e(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -7736,7 +7736,7 @@ static KRML_MUSTINLINE void sample_matrix_A_e7( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_46(copy_of_seeds, sampled); + sample_from_xof_2f(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7776,7 +7776,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_d5(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7797,9 +7797,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_d5(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_9f(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_1c(input, ret); + PRFxN_d5(input, ret); } /** @@ -7815,11 +7815,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_78( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_ce( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_c3();); + re_as_ntt[i] = ZERO_89_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7831,12 +7831,12 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_78( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_d5(prf_inputs, prf_outputs); + PRFxN_f1_9f(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_ca( + re_as_ntt[i0] = sample_from_binomial_distribution_63( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_63(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_c4(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -7864,7 +7864,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_1e( +static KRML_MUSTINLINE void add_to_ring_element_89_88( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -7891,14 +7891,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_c7( +static KRML_MUSTINLINE void compute_As_plus_e_c8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_c3();); + result[i] = ZERO_89_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7919,10 +7919,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_3b(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_1e(&result[i1], &product); + ntt_multiply_89_58(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_88(&result[i1], &product); } - add_standard_error_reduce_89_64(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_82(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -7941,10 +7941,10 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_a2( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_02( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_b0(key_generation_seed, hashed); + cpa_keygen_seed_d8_0a(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7952,15 +7952,15 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_a2( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); - sample_matrix_A_e7(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); + sample_matrix_A_3c(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_78(copy_of_prf_input0, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_ce(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -7972,20 +7972,20 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_78(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_ce(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_c7(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_c8(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - serialize_public_key_67( + serialize_public_key_5d( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_a3(secret_as_ntt, secret_key_serialized); + serialize_secret_key_6c(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8012,7 +8012,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_5d( +static KRML_MUSTINLINE void serialize_kem_secret_key_5a( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8038,7 +8038,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_5d( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_19(public_key, ret0); + H_f1_c6(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -8076,7 +8076,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f6(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d4(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8085,13 +8085,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f6(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_a2(ind_cpa_keypair_randomness); + generate_keypair_02(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_5d( + serialize_kem_secret_key_5a( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8100,13 +8100,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f6(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_890(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_9d0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_820( - uu____2, libcrux_ml_kem_types_from_b6_960(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_f60( + uu____2, libcrux_ml_kem_types_from_b6_8c0(copy_of_public_key)); } /** @@ -8119,7 +8119,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_9f(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_2b(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8140,12 +8140,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_4f( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_c3();); + deserialized_pk[i] = ZERO_89_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8157,7 +8157,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_4f( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_45(ring_element); + deserialize_to_reduced_ring_element_3f(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8178,10 +8178,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_a8(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_3a(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_c3();); + error_1[i] = ZERO_89_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8193,11 +8193,11 @@ sample_ring_element_cbd_a8(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_d5(prf_inputs, prf_outputs); + PRFxN_f1_9f(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_ca( + sample_from_binomial_distribution_63( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8223,9 +8223,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_2e0(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_9d0(Eurydice_slice input, uint8_t ret[128U]) { - PRF_7c0(input, ret); + PRF_440(input, ret); } /** @@ -8234,18 +8234,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_c9( +static KRML_MUSTINLINE void invert_ntt_montgomery_47( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_4b(&zeta_i, re); - invert_ntt_at_layer_2_2b(&zeta_i, re); - invert_ntt_at_layer_3_97(&zeta_i, re); - invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_d8(re); + invert_ntt_at_layer_1_ca(&zeta_i, re); + invert_ntt_at_layer_2_06(&zeta_i, re); + invert_ntt_at_layer_3_0d(&zeta_i, re); + invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_62(re); } /** @@ -8257,14 +8257,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_93( +static KRML_MUSTINLINE void compute_vector_u_77( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_c3();); + result[i] = ZERO_89_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8284,11 +8284,11 @@ static KRML_MUSTINLINE void compute_vector_u_93( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_3b(a_element, &r_as_ntt[j]); - add_to_ring_element_89_1e(&result[i1], &product); + ntt_multiply_89_58(a_element, &r_as_ntt[j]); + add_to_ring_element_89_88(&result[i1], &product); } - invert_ntt_montgomery_c9(&result[i1]); - add_error_reduce_89_5d(&result[i1], &error_1[i1]); + invert_ntt_montgomery_47(&result[i1]); + add_error_reduce_89_20(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -8305,18 +8305,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_54( +compute_ring_element_v_fe( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_3b(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_1e(&result, &product);); - invert_ntt_montgomery_c9(&result); - result = add_message_error_reduce_89_c4(error_2, message, result); + ntt_multiply_89_58(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_88(&result, &product);); + invert_ntt_montgomery_47(&result); + result = add_message_error_reduce_89_57(error_2, message, result); return result; } @@ -8332,7 +8332,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_28( +static void compress_then_serialize_u_86( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8348,7 +8348,7 @@ static void compress_then_serialize_u_28( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_2e(&re, ret); + compress_then_serialize_ring_element_u_4e(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8372,24 +8372,24 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_7b(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_8c(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_4f( + deserialize_ring_elements_reduced_7e( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_6d1(seed, ret0); - sample_matrix_A_e7(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); + sample_matrix_A_3c(ret0, false, A); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_6d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_78(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_ce(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8399,7 +8399,7 @@ static void encrypt_7b(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_a8(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_3a(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8407,31 +8407,31 @@ static void encrypt_7b(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_2e0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_9d0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_ca( + sample_from_binomial_distribution_63( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_93(A, r_as_ntt, error_1, u); + compute_vector_u_77(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f7(copy_of_message); + deserialize_then_decompress_message_94(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_54(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_fe(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_28( + compress_then_serialize_u_86( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_65( + compress_then_serialize_ring_element_v_80( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -8448,7 +8448,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_c5(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_97(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8475,27 +8475,27 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_eb( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_9f( + entropy_preprocess_d8_2b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_19(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3d0(public_key), + H_f1_c6(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_a90(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_38(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8503,19 +8503,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_eb( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3d0(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_a90(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_7b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_8c(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_330(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_130(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_c5(shared_secret, shared_secret_array); + kdf_d8_97(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8536,12 +8536,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_7b( +static KRML_MUSTINLINE void deserialize_secret_key_30( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_c3();); + secret_as_ntt[i] = ZERO_89_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8553,7 +8553,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_7b( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_27(secret_bytes); + deserialize_to_uncompressed_ring_element_79(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8583,12 +8583,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_1a( +static KRML_MUSTINLINE void deserialize_then_decompress_u_32( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_c3();); + u_as_ntt[i] = ZERO_89_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -8606,8 +8606,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1a( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_c2(u_bytes); - ntt_vector_u_6f(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_77(u_bytes); + ntt_vector_u_34(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8627,17 +8627,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_c9( +compute_message_29( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_c3(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_3b(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_1e(&result, &product);); - invert_ntt_montgomery_c9(&result); - result = subtract_reduce_89_61(v, result); + ntt_multiply_89_58(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_88(&result, &product);); + invert_ntt_montgomery_47(&result); + result = subtract_reduce_89_ee(v, result); return result; } @@ -8675,18 +8675,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_6b(IndCpaPrivateKeyUnpacked_f8 *secret_key, +static void decrypt_unpacked_3c(IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_1a(ciphertext, u_as_ntt); + deserialize_then_decompress_u_32(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_93( + deserialize_then_decompress_ring_element_v_0d( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_c9(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_29(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_d4(message, ret0); + compress_then_serialize_message_62(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8700,10 +8700,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_12(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_d3(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_7b(secret_key, secret_as_ntt); + deserialize_secret_key_30(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -8714,7 +8714,7 @@ static void decrypt_12(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_6b(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_3c(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8728,8 +8728,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { - PRF_7c(input, ret); +static KRML_MUSTINLINE void PRF_f1_9d(Eurydice_slice input, uint8_t ret[32U]) { + PRF_44(input, ret); } /** @@ -8754,7 +8754,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_1f( +void libcrux_ml_kem_ind_cca_decapsulate_64( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8772,9 +8772,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_1f( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_12(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_d3(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -8782,7 +8782,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_1f( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_38(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8790,30 +8790,30 @@ void libcrux_ml_kem_ind_cca_decapsulate_1f( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_6d3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_423(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d80(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_df0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_2e(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_f1_9d(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_7b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_8c(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_c5(Eurydice_array_to_slice((size_t)32U, + kdf_d8_97(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_c5(shared_secret0, shared_secret); + kdf_d8_97(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_d80(ciphertext), + libcrux_ml_kem_types_as_ref_00_df0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index b4c959005..4d36ef4e3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 4bcceb017..cf6b129b4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index cfd2105cc..dcdb81b02 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index c93360697..d028ae5d8 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 1ccedc9f5..49a02e9f6 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 131e8cf4a..2d2e97511 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #include "libcrux_sha3_neon.h" @@ -71,7 +71,7 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Initialise the `KeccakState2`. */ KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState -libcrux_sha3_neon_x2_incremental_shake128_init(void) { +libcrux_sha3_neon_x2_incremental_init(void) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -113,3 +113,50 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( "panic!"); KRML_HOST_EXIT(255U); } + +/** + Squeeze five blocks +*/ +KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_five_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +/** + Shake256 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ +KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake256_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, + Eurydice_slice data1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +/** + Squeeze block +*/ +KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake256_squeeze_first_block( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +/** + Squeeze next block +*/ +KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake256_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 8d2bd1f90..b5d8fcc13 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 6ff01fb3c57ff29ecb59bc62d9dc7fd231060cfb + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_sha3_neon_H @@ -58,7 +58,7 @@ typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { Initialise the `KeccakState2`. */ libcrux_sha3_neon_x2_incremental_KeccakState -libcrux_sha3_neon_x2_incremental_shake128_init(void); +libcrux_sha3_neon_x2_incremental_init(void); /** Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. @@ -83,6 +83,34 @@ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); +/** + Squeeze five blocks +*/ +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_five_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1); + +/** + Shake256 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ +void libcrux_sha3_neon_x2_incremental_shake256_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, + Eurydice_slice data1); + +/** + Squeeze block +*/ +void libcrux_sha3_neon_x2_incremental_shake256_squeeze_first_block( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1); + +/** + Squeeze next block +*/ +void libcrux_sha3_neon_x2_incremental_shake256_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1); + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 8d7869cc3..dde362958 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 -F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 3676fd514a5df7dc5dd8382e2c18dfffa42488dd +F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty +Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 358fd5d9e..be9bbe04a 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 3676fd514a5df7dc5dd8382e2c18dfffa42488dd + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_core_H @@ -202,7 +202,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_b2( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_aa( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -226,7 +226,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_b6_96(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_b6_8c(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -263,7 +263,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_82(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_17_f6(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -279,7 +279,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_05_89(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_05_9d(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -342,7 +342,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_e9(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_e5(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -362,7 +362,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_07( +static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_00( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -375,7 +375,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_6d2( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_422( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -394,7 +394,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_6d1( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_421( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -414,7 +414,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_d6( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_cf( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -427,7 +427,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_6d0( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_420( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -446,7 +446,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_6d( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_42( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 689fdc58c..be005d67c 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 3676fd514a5df7dc5dd8382e2c18dfffa42488dd + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index d85b1d40c..9935422a8 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 3676fd514a5df7dc5dd8382e2c18dfffa42488dd + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_mlkem768_avx2_H @@ -1211,7 +1211,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_89_9f(void) { +libcrux_ml_kem_polynomial_ZERO_89_7d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); @@ -1240,8 +1240,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_24(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_9f(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_5c(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_7d(); } /** @@ -1252,10 +1252,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a9( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_13( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_9f(); + libcrux_ml_kem_polynomial_ZERO_89_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1276,12 +1276,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_40( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_71( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_9f(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1294,7 +1294,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_40( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a9( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_13( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1323,8 +1323,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_4f(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_9f(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_1c(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_7d(); } /** @@ -1335,7 +1335,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2b( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1387,9 +1387,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4c( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_94( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2b( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa( vector); } @@ -1401,10 +1401,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_26( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_39( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_9f(); + libcrux_ml_kem_polynomial_ZERO_89_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -1412,7 +1412,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_26( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4c( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_94( coefficient); } return re; @@ -1426,7 +1426,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2b0( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa0( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1478,9 +1478,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4c0( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_940( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2b0( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa0( vector); } @@ -1492,10 +1492,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_e6( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_e1( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_9f(); + libcrux_ml_kem_polynomial_ZERO_89_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -1503,7 +1503,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_e6( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4c0( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_940( coefficient); } return re; @@ -1517,9 +1517,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_68( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6c( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_26(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_39(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1534,7 +1534,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_e8( +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6( __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -1547,9 +1547,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_6c(__m256i a, __m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0d(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_e8(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1563,7 +1563,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_46( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1576,7 +1576,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_46( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_6c( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0d( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -1594,7 +1594,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_3d( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_46( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1613,7 +1613,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_16( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_53( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1635,7 +1635,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_8f( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_f7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1665,7 +1665,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_ef( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_f5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1682,21 +1682,21 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_b8( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_3d(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_16(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_8f(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_ef(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_46(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_f7(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_f5(re); } /** @@ -1713,12 +1713,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_e2( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_e1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_9f(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1738,9 +1738,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_e2( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_68( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6c( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_b8(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_61(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1755,7 +1755,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2b1( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa1( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1807,9 +1807,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4c1( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_941( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2b1( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa1( vector); } @@ -1821,10 +1821,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_61( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_37( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_9f(); + libcrux_ml_kem_polynomial_ZERO_89_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -1832,7 +1832,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_61( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4c1( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_941( coefficient); } return re; @@ -1846,7 +1846,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2b2( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa2( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1898,9 +1898,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4c2( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_942( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2b2( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa2( vector); } @@ -1912,10 +1912,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_d4( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_9f( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_9f(); + libcrux_ml_kem_polynomial_ZERO_89_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -1923,7 +1923,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_d4( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4c2( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_942( re.coefficients[i0]); } return re; @@ -1937,9 +1937,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f2( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_69( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_61(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_37(serialized); } /** @@ -1981,11 +1981,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_89_ce( +libcrux_ml_kem_polynomial_ntt_multiply_89_04( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_89_9f(); + libcrux_ml_kem_polynomial_ZERO_89_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2021,7 +2021,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_7e( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_98( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2042,7 +2042,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_56( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_bc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2069,7 +2069,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_db( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_b2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2092,7 +2092,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_db( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_f2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2113,13 +2113,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_d9(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_05(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_e8(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2132,7 +2132,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_32( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2147,7 +2147,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_32( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_d9( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_05( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2165,22 +2165,22 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d2( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_56(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_db(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_db(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_32(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_bc(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_b2(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_f2(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_32(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_32(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_32(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_ef(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_f5(re); } /** @@ -2195,7 +2195,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_89_22( +libcrux_ml_kem_polynomial_subtract_reduce_89_b7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2225,21 +2225,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_fd( +libcrux_ml_kem_matrix_compute_message_d3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_9f(); + libcrux_ml_kem_polynomial_ZERO_89_7d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_ce(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_04(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_7e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_98(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d2(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_22(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3a(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_b7(v, result); return result; } @@ -2250,7 +2250,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_b1(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_6a(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2264,9 +2264,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_47( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_02( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_b1(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_6a(vector); } /** @@ -2277,8 +2277,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_9b(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_47(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_38(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_02(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2292,13 +2292,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_77( +libcrux_ml_kem_serialize_compress_then_serialize_message_d7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_9b( + libcrux_ml_kem_vector_traits_to_unsigned_representative_38( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); @@ -2347,20 +2347,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_70( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_31( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_e2(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_e1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f2( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_69( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_fd(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_d3(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_77(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_d7(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2375,11 +2375,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_df(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_95(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_40(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_71(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2391,7 +2391,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_df(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_70(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_31(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2406,7 +2406,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_5a( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_67( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -2417,7 +2417,7 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_ba( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_d1( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -2436,9 +2436,9 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_b0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_ba(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_d1(input, ret); } /** @@ -2450,9 +2450,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_1c( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_d4( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_9f(); + return libcrux_ml_kem_polynomial_ZERO_89_7d(); } /** @@ -2469,10 +2469,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8e( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_bc( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_9f(); + libcrux_ml_kem_polynomial_ZERO_89_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2500,12 +2500,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ef( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_2d( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_9f(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -2518,7 +2518,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ef( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8e( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_bc( ring_element); deserialized_pk[i0] = uu____0; } @@ -2535,8 +2535,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_65(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_9f(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_3d(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_7d(); } /** @@ -2546,10 +2546,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_d0( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_64( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_9f(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); } } @@ -2563,7 +2563,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_e5( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_2a( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); @@ -2586,12 +2586,12 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_30( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_1c( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_e5( + return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_2a( copy_of_input); } @@ -2603,7 +2603,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_62( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_0c( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -2639,9 +2639,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_a1( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_2e( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_62(self, + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_0c(self, ret); } @@ -2695,7 +2695,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9a( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6b( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2737,7 +2737,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_58( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_4a( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -2772,9 +2772,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_93( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_1d( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_58(self, ret); + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_4a(self, ret); } /** @@ -2827,7 +2827,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9a0( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6b0( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2874,9 +2874,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_89_94(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_89_82(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_9f(); + libcrux_ml_kem_polynomial_ZERO_89_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2895,8 +2895,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_a5(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_94( +libcrux_ml_kem_sampling_sample_from_xof_closure_86(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_82( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2907,7 +2907,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_16( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_6c( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -2916,28 +2916,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_16( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_30( + libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_1c( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_a1( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_2e( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9a( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6b( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_93( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_1d( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9a0( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6b0( copy_of_randomness, sampled_coefficients, out); } } @@ -2947,7 +2947,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_16( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_a5(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_86(copy_of_out[i]); } memcpy( ret, ret0, @@ -2961,12 +2961,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_b8( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_29( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_d0(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_64(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -2986,7 +2986,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_b8( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_16(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_6c(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3030,8 +3030,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_68(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_9f(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_1f(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_7d(); } /** @@ -3041,7 +3041,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_e1( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_08( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -3080,9 +3080,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_9b( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_16( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_avx2_PRFxN_e1(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRFxN_08(input, ret); } /** @@ -3142,7 +3142,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_13( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_f2( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3177,7 +3177,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_13( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_94( + return libcrux_ml_kem_polynomial_from_i16_array_89_82( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3189,7 +3189,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_12( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_75( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3223,7 +3223,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_12( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_94( + return libcrux_ml_kem_polynomial_from_i16_array_89_82( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3235,9 +3235,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_5f( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_13( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_f2( randomness); } @@ -3248,7 +3248,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_34( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3270,20 +3270,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_58( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_e1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_34(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_2f(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_46(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_3d(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_16(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_8f(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_ef(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_46(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_f7(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_f5(re); } /** @@ -3300,11 +3300,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_88(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_9f(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3319,13 +3319,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_88(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_9b(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_16(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_5f( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_58(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_e1(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; @@ -3350,8 +3350,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_9c(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_9f(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_c4(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_7d(); } /** @@ -3367,11 +3367,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e4(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_99(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_9f(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3386,11 +3386,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e4(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_9b(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_16(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_5f( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -3413,7 +3413,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_ba0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_d10( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -3432,9 +3432,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_b00( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_420( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_ba0(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_d10(input, ret); } /** @@ -3445,8 +3445,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_5d(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_9f(); +libcrux_ml_kem_matrix_compute_vector_u_closure_60(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_7d(); } /** @@ -3460,7 +3460,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_8f( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_5d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3485,14 +3485,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_12( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_9c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_9f(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3513,12 +3513,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_12( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_ce(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_7e(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_89_04(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_98(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d2(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_8f(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3a(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_5d(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3532,7 +3532,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_56(__m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_a5(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3547,10 +3547,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_ef( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_c3( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_9f(); + libcrux_ml_kem_polynomial_ZERO_89_7d(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = @@ -3558,7 +3558,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_ef( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_56(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_a5(coefficient_compressed); } return re; } @@ -3575,7 +3575,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_d9( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_d3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3606,22 +3606,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_fb( +libcrux_ml_kem_matrix_compute_ring_element_v_b7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_9f(); + libcrux_ml_kem_polynomial_ZERO_89_7d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_ce(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_04(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_7e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_98(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d2(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_d9( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3a(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_d3( error_2, message, result); return result; } @@ -3634,7 +3634,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_08( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d8( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3689,9 +3689,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_97( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_31( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_08( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d8( vector); } @@ -3703,14 +3703,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_9c( +libcrux_ml_kem_serialize_compress_then_serialize_10_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_97( - libcrux_ml_kem_vector_traits_to_unsigned_representative_9b( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_31( + libcrux_ml_kem_vector_traits_to_unsigned_representative_38( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); @@ -3730,7 +3730,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_080( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d80( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3785,9 +3785,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_970( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_310( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_080( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d80( vector); } @@ -3799,14 +3799,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_ba( +libcrux_ml_kem_serialize_compress_then_serialize_11_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_970( - libcrux_ml_kem_vector_traits_to_unsigned_representative_9b( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_310( + libcrux_ml_kem_vector_traits_to_unsigned_representative_38( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); @@ -3827,10 +3827,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_36( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_23( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_9c(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_8b(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3847,7 +3847,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_ff( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_f2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3863,7 +3863,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_ff( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_36(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_23(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3878,7 +3878,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_081( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d81( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3933,9 +3933,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_971( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_311( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_081( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d81( vector); } @@ -3947,14 +3947,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_dd( +libcrux_ml_kem_serialize_compress_then_serialize_4_38( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_971( - libcrux_ml_kem_vector_traits_to_unsigned_representative_9b( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_311( + libcrux_ml_kem_vector_traits_to_unsigned_representative_38( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); @@ -3973,7 +3973,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_082( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d82( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4028,9 +4028,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_972( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_312( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_082( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d82( vector); } @@ -4042,14 +4042,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_22( +libcrux_ml_kem_serialize_compress_then_serialize_5_64( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_972( - libcrux_ml_kem_vector_traits_to_unsigned_representative_9b( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_312( + libcrux_ml_kem_vector_traits_to_unsigned_representative_38( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); @@ -4069,9 +4069,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_76( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_dd(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_38(re, out); } /** @@ -4092,26 +4092,26 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_a4(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_a6(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ef( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_2d( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_6d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_b8(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_29(ret0, false, A); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_6d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_88( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -4121,7 +4121,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_a4(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e4( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_99( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4130,32 +4130,32 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_a4(Eurydice_slice public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_b00( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_420( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_5f( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_12(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_9c(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_ef( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_c3( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_fb( + libcrux_ml_kem_matrix_compute_ring_element_v_b7( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_ff( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_f2( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_76( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4a( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4173,7 +4173,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_42( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_d2( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -4205,7 +4205,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_98( +static inline void libcrux_ml_kem_ind_cca_decapsulate_3c( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4223,10 +4223,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_98( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_df(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_95(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -4234,7 +4234,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_98( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_5a( + libcrux_ml_kem_hash_functions_avx2_G_a9_67( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4243,14 +4243,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_98( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_6d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d6(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_cf(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_b0( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -4258,18 +4258,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_98( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a4(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_a6(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_42( + libcrux_ml_kem_variant_kdf_d8_d2( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_42(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_d8_d2(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_d6(ciphertext), + libcrux_ml_kem_types_as_ref_00_cf(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4302,10 +4302,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_7e( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_ea( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_98(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_3c(private_key, ciphertext, ret); } /** @@ -4319,7 +4319,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_7e(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_ea(private_key, ciphertext, ret); } @@ -4334,7 +4334,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_c6( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_e1( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4352,7 +4352,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_38( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -4377,28 +4377,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_54( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_c6( + libcrux_ml_kem_variant_entropy_preprocess_d8_e1( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_38( + libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_07(public_key), + libcrux_ml_kem_types_as_slice_cb_00(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_5a( + libcrux_ml_kem_hash_functions_avx2_G_a9_67( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4407,20 +4407,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_54( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_07(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_00(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a4(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_a6(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_e9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_42(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_d2(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4452,14 +4452,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_f0( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_a4( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_54(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, copy_of_randomness); } /** @@ -4477,7 +4477,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_f0( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_a4( uu____0, copy_of_randomness); } @@ -4492,7 +4492,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_7c( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_51( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4503,7 +4503,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_7c( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)3U; uint8_t ret0[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_5a( + libcrux_ml_kem_hash_functions_avx2_G_a9_67( Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -4516,8 +4516,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_c4(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_9f(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_99(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_7d(); } /** @@ -4527,7 +4527,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_bf( +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_8a( __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -4545,14 +4545,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_67( +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_bf( + libcrux_ml_kem_vector_traits_to_standard_domain_8a( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, @@ -4570,14 +4570,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_2d( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_6a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_9f(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4599,12 +4599,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_ce(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_89_04(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_7e(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_89_98(&result[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_67( + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_c1( &result[i1], &error_as_ntt[i1]); } memcpy( @@ -4620,14 +4620,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_b6( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_16( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_9b( + libcrux_ml_kem_vector_traits_to_unsigned_representative_38( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); @@ -4650,7 +4650,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_6d( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_fd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -4668,7 +4668,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_6d( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_b6(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_16(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4687,14 +4687,14 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d0( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_77( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_6d(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_fd(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4718,9 +4718,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_9d(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_51(Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_7c(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_51(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4728,15 +4728,15 @@ libcrux_ml_kem_ind_cpa_generate_keypair_9d(Eurydice_slice key_generation_seed) { Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_b8(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_29(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_88( + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( @@ -4749,23 +4749,23 @@ libcrux_ml_kem_ind_cpa_generate_keypair_9d(Eurydice_slice key_generation_seed) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_88(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_2d(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_6a(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + libcrux_ml_kem_ind_cpa_serialize_public_key_77( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_6d(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_fd(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -4794,7 +4794,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d4( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f5( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -4820,7 +4820,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d4( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_38(public_key, ret0); + libcrux_ml_kem_hash_functions_avx2_H_a9_16(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -4859,7 +4859,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_5d(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_61(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -4868,13 +4868,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_5d(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_9d(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_51(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d4( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f5( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -4883,13 +4883,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_5d(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_89(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_9d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_82( - uu____2, libcrux_ml_kem_types_from_b6_96(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_f6( + uu____2, libcrux_ml_kem_types_from_b6_8c(copy_of_public_key)); } /** @@ -4908,12 +4908,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_2a( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_6c( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_5d(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_61(copy_of_randomness); } /** @@ -4925,7 +4925,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_2a( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_6c( copy_of_randomness); } @@ -4941,24 +4941,24 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_fb( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_72( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_6d(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_42(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_38( + libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_b2(ciphertext), + libcrux_ml_kem_types_as_slice_d4_aa(ciphertext), uint8_t), ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_b0( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -4986,7 +4986,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_980( +static inline void libcrux_ml_kem_ind_cca_decapsulate_3c0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5004,10 +5004,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_980( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_df(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_95(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5015,7 +5015,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_980( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_5a( + libcrux_ml_kem_hash_functions_avx2_G_a9_67( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5024,14 +5024,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_980( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_6d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d6(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_cf(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_b0( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5039,18 +5039,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_980( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a4(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_a6(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_fb( + libcrux_ml_kem_variant_kdf_33_72( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_fb(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_33_72(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_d6(ciphertext), + libcrux_ml_kem_types_as_ref_00_cf(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5084,10 +5084,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_33( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_ed( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_980(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_3c0(private_key, ciphertext, ret); } /** @@ -5101,7 +5101,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_33( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_ed( private_key, ciphertext, ret); } @@ -5116,9 +5116,9 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_89( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_7a( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H_a9_38(randomness, ret); + libcrux_ml_kem_hash_functions_avx2_H_a9_16(randomness, ret); } /** @@ -5141,28 +5141,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_540( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_89( + libcrux_ml_kem_variant_entropy_preprocess_33_7a( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_38( + libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_07(public_key), + libcrux_ml_kem_types_as_slice_cb_00(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_5a( + libcrux_ml_kem_hash_functions_avx2_G_a9_67( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5171,20 +5171,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_540( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_07(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_00(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a4(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_a6(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_e9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_fb(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_72(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5219,14 +5219,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_2c( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_63( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_540(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, copy_of_randomness); } /** @@ -5244,7 +5244,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_2c( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_63( uu____0, copy_of_randomness); } @@ -5259,9 +5259,9 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_70( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_2c( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G_a9_5a(key_generation_seed, ret); + libcrux_ml_kem_hash_functions_avx2_G_a9_67(key_generation_seed, ret); } /** @@ -5278,10 +5278,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_9d0( +libcrux_ml_kem_ind_cpa_generate_keypair_510( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_70(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_2c(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5289,15 +5289,15 @@ libcrux_ml_kem_ind_cpa_generate_keypair_9d0( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_b8(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_29(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_88( + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( @@ -5310,23 +5310,23 @@ libcrux_ml_kem_ind_cpa_generate_keypair_9d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_88(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_2d(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_6a(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + libcrux_ml_kem_ind_cpa_serialize_public_key_77( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_6d(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_fd(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5367,7 +5367,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_5d0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_610(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5376,13 +5376,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_5d0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_9d0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_510(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d4( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f5( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5391,13 +5391,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_5d0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_89(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_9d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_82( - uu____2, libcrux_ml_kem_types_from_b6_96(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_f6( + uu____2, libcrux_ml_kem_types_from_b6_8c(copy_of_public_key)); } /** @@ -5414,12 +5414,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_7e( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_35( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_5d0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_610(copy_of_randomness); } /** @@ -5431,7 +5431,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_7e( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_35( copy_of_randomness); } @@ -5451,11 +5451,11 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_58( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_8e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_38( + libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U, (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), @@ -5480,10 +5480,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_f4( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_09( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_58(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_8e(private_key, ciphertext); } @@ -5496,7 +5496,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_f4( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_09( private_key, ciphertext); } @@ -5509,9 +5509,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_1c0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_d40( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_9f(); + return libcrux_ml_kem_polynomial_ZERO_89_7d(); } /** @@ -5529,12 +5529,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ef0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_2d0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_9f(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -5547,7 +5547,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ef0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8e( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_bc( ring_element); deserialized_pk[i0] = uu____0; } @@ -5572,16 +5572,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_32( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_8e( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ef0( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_2d0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + libcrux_ml_kem_ind_cpa_serialize_public_key_77( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -5603,9 +5603,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_c2( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_87( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_32(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_8e(public_key); } /** @@ -5616,7 +5616,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_c2( KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_c2( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_87( public_key->value); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 180d9ae3f..034a42c5a 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 3676fd514a5df7dc5dd8382e2c18dfffa42488dd + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_mlkem768_portable_H @@ -2426,7 +2426,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_89_c3(void) { +libcrux_ml_kem_polynomial_ZERO_89_19(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2454,8 +2454,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_cd(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_c3(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_fe(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_19(); } /** @@ -2465,10 +2465,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_85( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8d( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_c3(); + libcrux_ml_kem_polynomial_ZERO_89_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2490,12 +2490,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_d7( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_34( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_c3(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2508,7 +2508,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_d7( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_85( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8d( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2536,8 +2536,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_6e(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_c3(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_bb(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_19(); } /** @@ -2547,7 +2547,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_84( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_86( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2572,9 +2572,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_b3( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_84( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_86( v); } @@ -2585,10 +2585,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_7d( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_59( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_c3(); + libcrux_ml_kem_polynomial_ZERO_89_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -2597,7 +2597,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_7d( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_b3( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c( coefficient); re.coefficients[i0] = uu____0; } @@ -2611,7 +2611,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_840( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_860( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2636,9 +2636,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_b30( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_840( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_860( v); } @@ -2649,10 +2649,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_0d( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_f3( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_c3(); + libcrux_ml_kem_polynomial_ZERO_89_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2661,7 +2661,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_b30( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c0( coefficient); re.coefficients[i0] = uu____0; } @@ -2675,9 +2675,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_45( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ca( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_7d(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_59(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2692,7 +2692,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_05( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_b1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2706,12 +2706,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_88( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_96( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_05(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_b1(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2725,7 +2725,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2738,7 +2738,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_88( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_96( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2755,7 +2755,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_34( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_38( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2775,7 +2775,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_26( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_6d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2797,7 +2797,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_3c( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_0b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2827,7 +2827,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_d8( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_62( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2845,21 +2845,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_1c( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_22( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_26(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_3c(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_d8(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_38(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_6d(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_0b(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_62(re); } /** @@ -2875,12 +2875,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_dc( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_56( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_c3(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2900,9 +2900,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_dc( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_45( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ca( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_1c(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_22(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2916,7 +2916,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_841( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_861( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2941,9 +2941,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_b31( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_841( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_861( v); } @@ -2954,10 +2954,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_9c( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_30( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_c3(); + libcrux_ml_kem_polynomial_ZERO_89_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -2966,7 +2966,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_9c( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_b31( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c1( coefficient); re.coefficients[i0] = uu____0; } @@ -2980,7 +2980,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_842( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_862( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3005,9 +3005,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_b32( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_842( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_862( v); } @@ -3018,10 +3018,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_62( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_d9( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_c3(); + libcrux_ml_kem_polynomial_ZERO_89_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3030,7 +3030,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_62( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_b32( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c2( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3044,9 +3044,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_91( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_83( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_9c(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_30(serialized); } /** @@ -3087,11 +3087,11 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_89_3b( +libcrux_ml_kem_polynomial_ntt_multiply_89_58( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_89_c3(); + libcrux_ml_kem_polynomial_ZERO_89_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3128,7 +3128,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_1e( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_88( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3152,7 +3152,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_38( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ed( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3178,7 +3178,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c4( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_8b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3200,7 +3200,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_69( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_e0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3222,7 +3222,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ea( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_da( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3230,7 +3230,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_05(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_b1(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3243,7 +3243,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7b( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3258,7 +3258,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7b( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ea( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_da( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3275,22 +3275,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ca( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_38(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c4(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_69(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7b(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ed(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_8b(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_e0(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7b(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7b(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7b(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_d8(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_62(re); } /** @@ -3304,7 +3304,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_ac( +libcrux_ml_kem_polynomial_subtract_reduce_89_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3336,21 +3336,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_83( +libcrux_ml_kem_matrix_compute_message_72( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_c3(); + libcrux_ml_kem_polynomial_ZERO_89_19(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_3b(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_58(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_1e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_88(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ca(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_ac(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d1(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_ea(v, result); return result; } @@ -3360,7 +3360,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_b0( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_0f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3380,9 +3380,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_01( +libcrux_ml_kem_vector_portable_shift_right_0d_1e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_b0(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_0f(v); } /** @@ -3392,10 +3392,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_84( +libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_01(a); + libcrux_ml_kem_vector_portable_shift_right_0d_1e(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3409,13 +3409,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_53( +libcrux_ml_kem_serialize_compress_then_serialize_message_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_84( + libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3465,20 +3465,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_68( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_1b( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_dc(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_56(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_91( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_83( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_83(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_72(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_53(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_d8(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3492,11 +3492,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_0e(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_b1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_d7(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_34(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3508,7 +3508,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_0e(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_68(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_1b(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3522,7 +3522,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_38( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_07( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -3532,7 +3532,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_7c( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_44( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -3550,9 +3550,9 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_2e( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_7c(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_44(input, ret); } /** @@ -3563,9 +3563,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_05( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_fc( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_c3(); + return libcrux_ml_kem_polynomial_ZERO_89_19(); } /** @@ -3581,10 +3581,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_47( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_5e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_c3(); + libcrux_ml_kem_polynomial_ZERO_89_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3613,12 +3613,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_20( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_60( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_c3(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -3631,7 +3631,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_20( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_47( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_5e( ring_element); deserialized_pk[i0] = uu____0; } @@ -3648,8 +3648,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_81(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_c3(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_25(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_19(); } /** @@ -3659,10 +3659,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_fc( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_8e( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_c3(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); } } @@ -3681,7 +3681,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_79( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_37( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3714,12 +3714,12 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_77( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_17( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_79( + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_37( copy_of_input); } @@ -3730,7 +3730,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_eb( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_72( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; @@ -3754,10 +3754,10 @@ const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_84( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_75( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_eb(self, + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_72(self, ret); } @@ -3810,7 +3810,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_17( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9b( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3852,7 +3852,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_3b( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_e6( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; @@ -3876,10 +3876,10 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_8e( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_48( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_3b(self, ret); + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_e6(self, ret); } /** @@ -3931,7 +3931,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_170( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9b0( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3977,9 +3977,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_89_33(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_89_4e(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_c3(); + libcrux_ml_kem_polynomial_ZERO_89_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -4000,8 +4000,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_e4(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_33( +libcrux_ml_kem_sampling_sample_from_xof_closure_97(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_4e( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4012,7 +4012,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_46( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2f( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -4021,28 +4021,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_46( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_77( + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_17( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_84( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_75( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_17( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9b( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_8e( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_48( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_170( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9b0( copy_of_randomness, sampled_coefficients, out); } } @@ -4052,7 +4052,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_46( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_e4(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_97(copy_of_out[i]); } memcpy( ret, ret0, @@ -4066,12 +4066,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_e7( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_3c( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_fc(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_8e(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -4091,7 +4091,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_e7( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_46(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_2f(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4135,8 +4135,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_99(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_c3(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_0a(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_19(); } /** @@ -4145,7 +4145,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_1c( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_d5( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4167,9 +4167,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_d5( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_9f( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_1c(input, ret); + libcrux_ml_kem_hash_functions_portable_PRFxN_d5(input, ret); } /** @@ -4228,7 +4228,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_7b( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_f0( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4263,7 +4263,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_7b( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_33( + return libcrux_ml_kem_polynomial_from_i16_array_89_4e( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4274,7 +4274,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_14( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_77( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4308,7 +4308,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_14( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_33( + return libcrux_ml_kem_polynomial_from_i16_array_89_4e( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4319,9 +4319,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_ca( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_63( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_7b( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_f0( randomness); } @@ -4331,7 +4331,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_60( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_ca( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4354,20 +4354,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_63( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_c4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_60(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_ca(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_26(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_3c(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_d8(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_38(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_6d(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_0b(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_62(re); } /** @@ -4384,11 +4384,11 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_78(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_c3(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4403,13 +4403,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_78(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_d5(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_9f(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_ca( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_63( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_63(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_c4(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; @@ -4434,8 +4434,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_f5(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_c3(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_97(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_19(); } /** @@ -4451,11 +4451,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_6d(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_54(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_c3(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4470,11 +4470,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_6d(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_d5(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_9f(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_ca( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_63( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -4496,7 +4496,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_7c0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_440( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -4514,9 +4514,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_2e0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9d0( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_7c0(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_440(input, ret); } /** @@ -4526,8 +4526,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_57(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_c3(); +libcrux_ml_kem_matrix_compute_vector_u_closure_f1(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_19(); } /** @@ -4540,7 +4540,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_27( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_aa( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4567,14 +4567,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_59( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_62( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_c3(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4595,12 +4595,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_59( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_3b(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_1e(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_89_58(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_88(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ca(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_27(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d1(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_aa(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4614,7 +4614,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_0c( +libcrux_ml_kem_vector_traits_decompress_1_97( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4629,10 +4629,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_c4( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_57( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_c3(); + libcrux_ml_kem_polynomial_ZERO_89_19(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4642,7 +4642,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_c4( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_0c(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_97(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4659,7 +4659,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_d3( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4692,22 +4692,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_db( +libcrux_ml_kem_matrix_compute_ring_element_v_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_c3(); + libcrux_ml_kem_polynomial_ZERO_89_19(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_3b(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_58(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_1e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_88(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ca(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_d3( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d1(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_7e( error_2, message, result); return result; } @@ -4718,7 +4718,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_dc( +libcrux_ml_kem_vector_portable_compress_compress_53( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4741,9 +4741,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_96( +libcrux_ml_kem_vector_portable_compress_0d_fd( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_dc(v); + return libcrux_ml_kem_vector_portable_compress_compress_53(v); } /** @@ -4753,15 +4753,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_18( +libcrux_ml_kem_serialize_compress_then_serialize_10_43( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_96( - libcrux_ml_kem_vector_traits_to_unsigned_representative_84( + libcrux_ml_kem_vector_portable_compress_0d_fd( + libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4779,7 +4779,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_dc0( +libcrux_ml_kem_vector_portable_compress_compress_530( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4802,9 +4802,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_960( +libcrux_ml_kem_vector_portable_compress_0d_fd0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_dc0(v); + return libcrux_ml_kem_vector_portable_compress_compress_530(v); } /** @@ -4814,15 +4814,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_82( +libcrux_ml_kem_serialize_compress_then_serialize_11_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_960( - libcrux_ml_kem_vector_traits_to_unsigned_representative_84( + libcrux_ml_kem_vector_portable_compress_0d_fd0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4842,10 +4842,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_24( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_9c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_18(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_43(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4861,7 +4861,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e6( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_bb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4877,7 +4877,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e6( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_24(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_9c(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4890,7 +4890,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_dc1( +libcrux_ml_kem_vector_portable_compress_compress_531( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4913,9 +4913,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_961( +libcrux_ml_kem_vector_portable_compress_0d_fd1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_dc1(v); + return libcrux_ml_kem_vector_portable_compress_compress_531(v); } /** @@ -4925,15 +4925,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_19( +libcrux_ml_kem_serialize_compress_then_serialize_4_12( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_961( - libcrux_ml_kem_vector_traits_to_unsigned_representative_84( + libcrux_ml_kem_vector_portable_compress_0d_fd1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4950,7 +4950,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_dc2( +libcrux_ml_kem_vector_portable_compress_compress_532( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4973,9 +4973,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_962( +libcrux_ml_kem_vector_portable_compress_0d_fd2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_dc2(v); + return libcrux_ml_kem_vector_portable_compress_compress_532(v); } /** @@ -4985,15 +4985,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_02( +libcrux_ml_kem_serialize_compress_then_serialize_5_cb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_962( - libcrux_ml_kem_vector_traits_to_unsigned_representative_84( + libcrux_ml_kem_vector_portable_compress_0d_fd2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -5012,9 +5012,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_47( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_19(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_12(re, out); } /** @@ -5035,26 +5035,26 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_b4(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_d8(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_20( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_60( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_6d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_e7(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_3c(ret0, false, A); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_6d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_78( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -5064,7 +5064,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_b4(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_6d( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_54( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5073,32 +5073,32 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_b4(Eurydice_slice public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_2e0( + libcrux_ml_kem_hash_functions_portable_PRF_f1_9d0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_ca( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_63( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_59(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_62(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_c4( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_57( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_db( + libcrux_ml_kem_matrix_compute_ring_element_v_2f( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e6( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_bb( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_47( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3b( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5115,7 +5115,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_c5( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_97( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -5146,7 +5146,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_d3( +static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5164,10 +5164,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d3( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_0e(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5175,7 +5175,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d3( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_38( + libcrux_ml_kem_hash_functions_portable_G_f1_07( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5184,14 +5184,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d3( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_6d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d6(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_cf(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_2e( + libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5199,18 +5199,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d3( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_b4(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_d8(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_c5( + libcrux_ml_kem_variant_kdf_d8_97( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_c5(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_d8_97(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_d6(ciphertext), + libcrux_ml_kem_types_as_ref_00_cf(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5243,10 +5243,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_c7( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_d3(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a6(private_key, ciphertext, ret); } /** @@ -5259,7 +5259,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_c7( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_c7( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b0( private_key, ciphertext, ret); } @@ -5273,7 +5273,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_9f( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_2b( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5290,7 +5290,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_19( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5314,28 +5314,28 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c4( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_9f( + libcrux_ml_kem_variant_entropy_preprocess_d8_2b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_19( + libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_07(public_key), + libcrux_ml_kem_types_as_slice_cb_00(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_38( + libcrux_ml_kem_hash_functions_portable_G_f1_07( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5344,20 +5344,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c4( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_07(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_00(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_b4(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_d8(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_e9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_c5(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_97(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5388,14 +5388,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_66( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_80( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_c4(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_23(uu____0, copy_of_randomness); } /** @@ -5412,7 +5412,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_66( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_80( uu____0, copy_of_randomness); } @@ -5426,7 +5426,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_b0( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_0a( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -5437,7 +5437,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_b0( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)3U; uint8_t ret0[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_38( + libcrux_ml_kem_hash_functions_portable_G_f1_07( Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -5449,8 +5449,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_06(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_c3(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_e7(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_19(); } /** @@ -5460,7 +5460,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_21( +libcrux_ml_kem_vector_traits_to_standard_domain_97( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5477,7 +5477,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_64( +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_82( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5485,7 +5485,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_64( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_21( + libcrux_ml_kem_vector_traits_to_standard_domain_97( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5504,14 +5504,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_c7( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_c8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_c3(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5533,12 +5533,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_3b(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_89_58(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_1e(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_89_88(&result[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_64( + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_82( &result[i1], &error_as_ntt[i1]); } memcpy( @@ -5553,14 +5553,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_3c( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_47( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_84( + libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5582,7 +5582,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_a3( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5600,7 +5600,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_a3( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_3c(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_47(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5618,14 +5618,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_67( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_5d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_a3(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_6c(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5648,9 +5648,9 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_a2(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_02(Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_b0(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_0a(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5658,15 +5658,15 @@ libcrux_ml_kem_ind_cpa_generate_keypair_a2(Eurydice_slice key_generation_seed) { Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_e7(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_3c(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_78( + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( @@ -5679,23 +5679,23 @@ libcrux_ml_kem_ind_cpa_generate_keypair_a2(Eurydice_slice key_generation_seed) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_78(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_c7(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_c8(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_67( + libcrux_ml_kem_ind_cpa_serialize_public_key_5d( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_a3(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_6c(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5723,7 +5723,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5d( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5a( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5749,7 +5749,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5d( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_19(public_key, ret0); + libcrux_ml_kem_hash_functions_portable_H_f1_c6(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -5787,7 +5787,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f6(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d4(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5796,13 +5796,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f6(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_a2(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_02(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5d( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5a( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5811,13 +5811,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f6(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_89(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_9d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_82( - uu____2, libcrux_ml_kem_types_from_b6_96(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_f6( + uu____2, libcrux_ml_kem_types_from_b6_8c(copy_of_public_key)); } /** @@ -5836,12 +5836,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_87( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_63( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_f6(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d4(copy_of_randomness); } /** @@ -5852,7 +5852,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_87( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_63( copy_of_randomness); } @@ -5867,24 +5867,24 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_25( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_bc( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_6d(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_42(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_19( + libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_b2(ciphertext), + libcrux_ml_kem_types_as_slice_d4_aa(ciphertext), uint8_t), ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_2e( + libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -5911,7 +5911,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_d30( +static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5929,10 +5929,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d30( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_0e(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5940,7 +5940,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d30( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_38( + libcrux_ml_kem_hash_functions_portable_G_f1_07( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5949,14 +5949,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d30( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_6d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d6(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_cf(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_2e( + libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5964,18 +5964,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d30( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_b4(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_d8(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_25( + libcrux_ml_kem_variant_kdf_33_bc( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_25(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_33_bc(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_d6(ciphertext), + libcrux_ml_kem_types_as_ref_00_cf(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6009,10 +6009,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_f1( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_46( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_d30(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a60(private_key, ciphertext, ret); } /** @@ -6025,7 +6025,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_f1( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_f1( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_46( private_key, ciphertext, ret); } @@ -6039,9 +6039,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_d5( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_38( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_19(randomness, ret); + libcrux_ml_kem_hash_functions_portable_H_f1_c6(randomness, ret); } /** @@ -6063,28 +6063,28 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c40( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_230( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_d5( + libcrux_ml_kem_variant_entropy_preprocess_33_38( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_6d( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_19( + libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_07(public_key), + libcrux_ml_kem_types_as_slice_cb_00(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_38( + libcrux_ml_kem_hash_functions_portable_G_f1_07( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -6093,20 +6093,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c40( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_07(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_00(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_b4(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_d8(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_e9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_25(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_bc(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6141,14 +6141,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_8e( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_f5( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_c40(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_230(uu____0, copy_of_randomness); } /** @@ -6165,7 +6165,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_8e( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_f5( uu____0, copy_of_randomness); } @@ -6179,9 +6179,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_ea( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_9c( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_portable_G_f1_38(key_generation_seed, ret); + libcrux_ml_kem_hash_functions_portable_G_f1_07(key_generation_seed, ret); } /** @@ -6197,10 +6197,10 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_a20( +libcrux_ml_kem_ind_cpa_generate_keypair_020( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_ea(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_9c(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6208,15 +6208,15 @@ libcrux_ml_kem_ind_cpa_generate_keypair_a20( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_6d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_e7(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_3c(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_6d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_78( + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( @@ -6229,23 +6229,23 @@ libcrux_ml_kem_ind_cpa_generate_keypair_a20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_78(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_c7(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_c8(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); unwrap_41_33(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_67( + libcrux_ml_kem_ind_cpa_serialize_public_key_5d( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_a3(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_6c(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6285,7 +6285,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f60(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d40(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6294,13 +6294,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f60(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_a20(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_020(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5d( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5a( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6309,13 +6309,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f60(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_89(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_9d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_82( - uu____2, libcrux_ml_kem_types_from_b6_96(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_f6( + uu____2, libcrux_ml_kem_types_from_b6_8c(copy_of_public_key)); } /** @@ -6331,12 +6331,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_e7( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_8d( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_f60(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d40(copy_of_randomness); } /** @@ -6348,7 +6348,7 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_e7( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_8d( copy_of_randomness); } @@ -6367,11 +6367,11 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_4f( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_3d( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_19( + libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U, (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), @@ -6395,10 +6395,10 @@ generics - CIPHERTEXT_SIZE= 1088 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_40( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_58( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_4f(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_3d(private_key, ciphertext); } @@ -6410,7 +6410,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_40( static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_40( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_58( private_key, ciphertext); } @@ -6422,9 +6422,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_050( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_fc0( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_c3(); + return libcrux_ml_kem_polynomial_ZERO_89_19(); } /** @@ -6441,12 +6441,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_200( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_600( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_c3(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -6459,7 +6459,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_200( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_47( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_5e( ring_element); deserialized_pk[i0] = uu____0; } @@ -6483,16 +6483,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_c1( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_45( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_200( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_600( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_67( + libcrux_ml_kem_ind_cpa_serialize_public_key_5d( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6513,9 +6513,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_d3( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_ec( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_c1(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_45(public_key); } /** @@ -6525,7 +6525,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_d3( */ static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_d3( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_ec( public_key->value); } diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index cd32aec32..24805a174 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 3676fd514a5df7dc5dd8382e2c18dfffa42488dd + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 60e8874ef..564fcb92e 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -7,8 +7,8 @@ * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 3676fd514a5df7dc5dd8382e2c18dfffa42488dd + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d */ #ifndef __libcrux_sha3_portable_H @@ -3513,7 +3513,7 @@ typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { Initialise the `KeccakState2`. */ static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState -libcrux_sha3_neon_x2_incremental_shake128_init(void) { +libcrux_sha3_neon_x2_incremental_init(void) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -3557,6 +3557,54 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( KRML_HOST_EXIT(255U); } +/** + Squeeze five blocks +*/ +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_five_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +/** + Shake256 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake256_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, + Eurydice_slice data1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +/** + Squeeze block +*/ +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake256_squeeze_first_block( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +/** + Squeeze next block +*/ +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake256_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks with types uint64_t From 76a08da6b710a8d725d134bc5dfe88f4b9712ad5 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 10 Sep 2024 06:58:21 +0000 Subject: [PATCH 133/172] wip --- libcrux-ml-kem/boring.sh | 2 +- libcrux-ml-kem/cg/code_gen.txt | 2 +- ...rux_ml_kem.Ind_cca.Instantiations.Avx2.fst | 12 + ...ux_ml_kem.Ind_cca.Instantiations.Avx2.fsti | 7 + ...rux_ml_kem.Ind_cca.Instantiations.Neon.fst | 12 + ...ux_ml_kem.Ind_cca.Instantiations.Neon.fsti | 7 + ...ml_kem.Ind_cca.Instantiations.Portable.fst | 12 + ...l_kem.Ind_cca.Instantiations.Portable.fsti | 7 + .../Libcrux_ml_kem.Ind_cca.Multiplexing.fst | 43 +- .../Libcrux_ml_kem.Ind_cca.Multiplexing.fsti | 16 +- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 32 ++ .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 16 + .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 86 +++- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 12 + .../extraction/Libcrux_ml_kem.Matrix.fst | 101 +++-- .../extraction/Libcrux_ml_kem.Matrix.fsti | 15 + .../Libcrux_ml_kem.Mlkem1024.Avx2.fst | 27 +- .../Libcrux_ml_kem.Mlkem1024.Avx2.fsti | 13 +- .../Libcrux_ml_kem.Mlkem1024.Neon.fst | 27 +- .../Libcrux_ml_kem.Mlkem1024.Neon.fsti | 13 +- .../Libcrux_ml_kem.Mlkem1024.Portable.fst | 27 +- .../Libcrux_ml_kem.Mlkem1024.Portable.fsti | 13 +- .../extraction/Libcrux_ml_kem.Mlkem1024.fst | 31 +- .../extraction/Libcrux_ml_kem.Mlkem1024.fsti | 19 +- .../Libcrux_ml_kem.Mlkem512.Avx2.fst | 25 +- .../Libcrux_ml_kem.Mlkem512.Avx2.fsti | 13 +- .../Libcrux_ml_kem.Mlkem512.Neon.fst | 25 +- .../Libcrux_ml_kem.Mlkem512.Neon.fsti | 13 +- .../Libcrux_ml_kem.Mlkem512.Portable.fst | 25 +- .../Libcrux_ml_kem.Mlkem512.Portable.fsti | 13 +- .../extraction/Libcrux_ml_kem.Mlkem512.fst | 29 +- .../extraction/Libcrux_ml_kem.Mlkem512.fsti | 19 +- .../Libcrux_ml_kem.Mlkem768.Avx2.fst | 27 +- .../Libcrux_ml_kem.Mlkem768.Avx2.fsti | 13 +- .../Libcrux_ml_kem.Mlkem768.Neon.fst | 27 +- .../Libcrux_ml_kem.Mlkem768.Neon.fsti | 13 +- .../Libcrux_ml_kem.Mlkem768.Portable.fst | 27 +- .../Libcrux_ml_kem.Mlkem768.Portable.fsti | 13 +- .../extraction/Libcrux_ml_kem.Mlkem768.fst | 31 +- .../extraction/Libcrux_ml_kem.Mlkem768.fsti | 19 +- libcrux-ml-kem/src/ind_cca.rs | 421 +++++++++--------- libcrux-ml-kem/src/ind_cca/instantiations.rs | 40 +- libcrux-ml-kem/src/ind_cpa.rs | 78 ++-- libcrux-ml-kem/src/matrix.rs | 30 +- libcrux-ml-kem/src/mlkem768.rs | 95 ++++ .../extraction/Libcrux_platform.X86.fsti | 6 - 46 files changed, 1006 insertions(+), 548 deletions(-) diff --git a/libcrux-ml-kem/boring.sh b/libcrux-ml-kem/boring.sh index 54c092332..b38fcdf79 100755 --- a/libcrux-ml-kem/boring.sh +++ b/libcrux-ml-kem/boring.sh @@ -20,7 +20,7 @@ if [[ "$no_clean" = 0 ]]; then cargo clean fi ./c.sh --config cg.yaml --out cg --mlkem768 --kyber768 \ - --no-glue --no-unrolling --no-karamel_include --no-karamel_include + --no-glue --no-unrolling --no-karamel_include --no-karamel_include --unpacked clang-format --style=Google -i cg/*.h diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index dde362958..bb21a42c5 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d +Libcrux: 4a129c7105a62d75cfafa6f7568fe1b579ab03f1 diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst index 12985ff96..6168bf69a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -11,6 +11,18 @@ let _ = let open Libcrux_ml_kem.Vector.Avx2 in () +let validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_private_key v_K + v_SECRET_KEY_SIZE + v_CIPHERTEXT_SIZE + #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash + private_key + ciphertext + let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti index cdab1e25f..18a7e22cf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -11,6 +11,13 @@ let _ = let open Libcrux_ml_kem.Vector.Avx2 in () +/// Portable private key validation +val validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst index 30dbbeab8..9a095a977 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst @@ -11,6 +11,18 @@ let _ = let open Libcrux_ml_kem.Vector.Neon in () +let validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_private_key v_K + v_SECRET_KEY_SIZE + v_CIPHERTEXT_SIZE + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash + private_key + ciphertext + let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti index a1f27b1ab..b67717e7c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti @@ -11,6 +11,13 @@ let _ = let open Libcrux_ml_kem.Vector.Neon in () +/// Portable private key validation +val validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst index 1c7e37cca..b04763512 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -11,6 +11,18 @@ let _ = let open Libcrux_ml_kem.Vector.Portable in () +let validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_private_key v_K + v_SECRET_KEY_SIZE + v_CIPHERTEXT_SIZE + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) + private_key + ciphertext + let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti index 1ea820a62..7aaa97f9a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -11,6 +11,13 @@ let _ = let open Libcrux_ml_kem.Vector.Portable in () +/// Portable private key validation +val validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst index 1f6aadbe3..3978adc07 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst @@ -3,6 +3,26 @@ module Libcrux_ml_kem.Ind_cca.Multiplexing open Core open FStar.Mul +let validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key v_K + v_SECRET_KEY_SIZE + v_CIPHERTEXT_SIZE + private_key + ciphertext + +let validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + public_key + let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) @@ -28,29 +48,6 @@ let encapsulate v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE public_key randomness -let validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - = - if Libcrux_platform.Platform.simd256_support () - then - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - public_key - else - if Libcrux_platform.Platform.simd128_support () - then - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - public_key - else - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - public_key - let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti index 32b735bc8..53142ce81 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti @@ -3,6 +3,17 @@ module Libcrux_ml_kem.Ind_cca.Multiplexing open Core open FStar.Mul +val validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +val validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) @@ -12,11 +23,6 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -val validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 29d2222df..81f135162 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -156,6 +156,38 @@ let validate_public_key in public_key =. public_key_serialized +let validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (v__ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + let t:t_Array u8 (sz 32) = + Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (private_key.Libcrux_ml_kem.Types.f_value.[ { + Core.Ops.Range.f_start = sz 384 *! v_K <: usize; + Core.Ops.Range.f_end = (sz 768 *! v_K <: usize) +! sz 32 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let expected:t_Slice u8 = + private_key.Libcrux_ml_kem.Types.f_value.[ { + Core.Ops.Range.f_start = (sz 768 *! v_K <: usize) +! sz 32 <: usize; + Core.Ops.Range.f_end = (sz 768 *! v_K <: usize) +! sz 64 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + in + t =. expected + let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 5815d4a85..ad432d409 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -28,6 +28,10 @@ val serialize_kem_secret_key (private_key public_key implicit_rejection_value: t_Slice u8) : Prims.Pure (t_Array u8 v_SERIALIZED_KEY_LEN) Prims.l_True (fun _ -> Prims.l_True) +/// Validate an ML-KEM public key. +/// This implements the Modulus check in 7.2 2. +/// Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the +/// `public_key` type. val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (#v_Vector: Type0) @@ -35,6 +39,18 @@ val validate_public_key (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +/// Validate an ML-KEM private key. +/// This implements the Hash check in 7.3 3. +/// Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` +/// and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +val validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (#v_Hasher: Type0) + {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (v__ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index f9cd4aa5c..1b0f708be 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -106,18 +106,10 @@ let sample_vector_cbd_then_ntt (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (re_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (prf_input: t_Array u8 (sz 33)) (domain_separator: u8) = - let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K - (fun v__i -> - let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - in let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range @@ -188,6 +180,44 @@ let sample_vector_cbd_then_ntt in re_as_ntt) in + let hax_temp_output:u8 = domain_separator in + re_as_ntt, hax_temp_output + <: + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) + +let sample_vector_cbd_then_ntt_out + (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (prf_input: t_Array u8 (sz 33)) + (domain_separator: u8) + = + let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K + (fun v__i -> + let v__i:usize = v__i in + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + in + let tmp0, out:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) = + sample_vector_cbd_then_ntt v_K + v_ETA + v_ETA_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + re_as_ntt + prf_input + domain_separator + in + let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = tmp0 in + let domain_separator:u8 = out in re_as_ntt, domain_separator <: (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) @@ -358,7 +388,7 @@ let encrypt Core.Ops.Range.t_RangeFrom usize ] in let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Libcrux_ml_kem.Matrix.sample_matrix_A v_K + Libcrux_ml_kem.Matrix.sample_matrix_a_out v_K #v_Vector #v_Hasher (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed <: t_Array u8 (sz 34)) @@ -370,7 +400,13 @@ let encrypt let r_as_ntt, domain_separator:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) = - sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE #v_Vector #v_Hasher prf_input 0uy + sample_vector_cbd_then_ntt_out v_K + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + prf_input + 0uy in let error_1_, domain_separator:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & @@ -641,7 +677,7 @@ let generate_keypair in let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Libcrux_ml_kem.Matrix.sample_matrix_A v_K + Libcrux_ml_kem.Matrix.sample_matrix_a_out v_K #v_Vector #v_Hasher (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed_for_A <: t_Array u8 (sz 34)) @@ -653,11 +689,17 @@ let generate_keypair let secret_as_ntt, domain_separator:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) = - sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE #v_Vector #v_Hasher prf_input 0uy + sample_vector_cbd_then_ntt_out v_K + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + prf_input + 0uy in let error_as_ntt, _:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8 ) = - sample_vector_cbd_then_ntt v_K + sample_vector_cbd_then_ntt_out v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE #v_Vector @@ -666,7 +708,21 @@ let generate_keypair domain_separator in let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Matrix.compute_As_plus_e v_K #v_Vector v_A_transpose secret_as_ntt error_as_ntt + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K + (fun v__i -> + let v__i:usize = v__i in + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + in + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Libcrux_ml_kem.Matrix.compute_As_plus_e v_K + #v_Vector + tt_as_ntt + v_A_transpose + secret_as_ntt + error_as_ntt in let (seed_for_A: t_Array u8 (sz 32)):t_Array u8 (sz 32) = Core.Result.impl__unwrap #(t_Array u8 (sz 32)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index 6aa9de813..d6ae9cf08 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -26,6 +26,18 @@ val sample_ring_element_cbd /// Sample a vector of ring elements from a centered binomial distribution and /// convert them into their NTT representations. val sample_vector_cbd_then_ntt + (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (re_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (prf_input: t_Array u8 (sz 33)) + (domain_separator: u8) + : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) + Prims.l_True + (fun _ -> Prims.l_True) + +val sample_vector_cbd_then_ntt_out (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) (#v_Vector #v_Hasher: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index 0dc329562..011ead4d3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -16,21 +16,14 @@ let compute_As_plus_e (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (matrix_A: t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (s_as_ntt error_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K - (fun v__i -> - let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - in - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + let tt_as_ntt, hax_temp_output:t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) @@ -55,16 +48,16 @@ let compute_As_plus_e Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) - result - (fun result temp_1_ -> - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - result + tt_as_ntt + (fun tt_as_ntt temp_1_ -> + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + tt_as_ntt in let i, row:(usize & t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = temp_1_ in - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) @@ -88,11 +81,11 @@ let compute_As_plus_e Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) )) - result - (fun result temp_1_ -> - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + tt_as_ntt + (fun tt_as_ntt temp_1_ -> + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - result + tt_as_ntt in let j, matrix_element:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = @@ -103,33 +96,33 @@ let compute_As_plus_e matrix_element (s_as_ntt.[ j ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tt_as_ntt i (Libcrux_ml_kem.Polynomial.impl__add_to_ring_element #v_Vector v_K - (result.[ i ] + (tt_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) product <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in - result) + tt_as_ntt) in - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tt_as_ntt i (Libcrux_ml_kem.Polynomial.impl__add_standard_error_reduce #v_Vector - (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (tt_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (error_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in - result) + tt_as_ntt) in - result + tt_as_ntt let compute_ring_element_v (v_K: usize) @@ -356,26 +349,12 @@ let sample_matrix_A (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (v_A_transpose: + t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (seed: t_Array u8 (sz 34)) (transpose: bool) = - let v_A_transpose:t_Array - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - v_K - (fun v__i -> - let v__i:usize = v__i in - Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K - (fun v__j -> - let v__j:usize = v__j in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - <: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - in - let v_A_transpose:t_Array + let v_A_transpose, hax_temp_output:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range usize) @@ -499,3 +478,35 @@ let sample_matrix_A v_A_transpose)) in v_A_transpose + +let sample_matrix_a_out + (v_K: usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (seed: t_Array u8 (sz 34)) + (transpose: bool) + = + let a:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K + (fun v__i -> + let v__i:usize = v__i in + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K + (fun v__j -> + let v__j:usize = v__j in + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + in + let a:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + sample_matrix_A v_K #v_Vector #v_Hasher a seed transpose + in + a diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti index dce9ae911..b282cb03b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti @@ -15,6 +15,7 @@ val compute_As_plus_e (v_K: usize) (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (matrix_A: t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (s_as_ntt error_as_ntt: @@ -62,6 +63,20 @@ val compute_message (fun _ -> Prims.l_True) val sample_matrix_A + (v_K: usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (v_A_transpose: + t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) + (seed: t_Array u8 (sz 34)) + (transpose: bool) + : Prims.Pure + (t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) + Prims.l_True + (fun _ -> Prims.l_True) + +val sample_matrix_a_out (v_K: usize) (#v_Vector #v_Hasher: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst index 92d239a86..46f95044d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst @@ -3,6 +3,16 @@ module Libcrux_ml_kem.Mlkem1024.Avx2 open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (sz 4) + (sz 3168) + (sz 1568) + private_key + ciphertext + let encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) (randomness: t_Array u8 (sz 32)) @@ -11,19 +21,10 @@ let encapsulate (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti index 2328c8d2a..8bdbe0725 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem1024.Avx2 open Core open FStar.Mul +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Encapsulate ML-KEM 1024 /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -15,11 +22,9 @@ val encapsulate (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst index 45a07df21..00b887854 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst @@ -3,6 +3,16 @@ module Libcrux_ml_kem.Mlkem1024.Neon open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (sz 4) + (sz 3168) + (sz 1568) + private_key + ciphertext + let encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) (randomness: t_Array u8 (sz 32)) @@ -11,19 +21,10 @@ let encapsulate (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti index 5911a2ae3..b9c106d0d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem1024.Neon open Core open FStar.Mul +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Encapsulate ML-KEM 1024 /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -15,11 +22,9 @@ val encapsulate (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst index c28c2c857..685a05ebe 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst @@ -3,6 +3,16 @@ module Libcrux_ml_kem.Mlkem1024.Portable open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (sz 4) + (sz 3168) + (sz 1568) + private_key + ciphertext + let encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) (randomness: t_Array u8 (sz 32)) @@ -11,19 +21,10 @@ let encapsulate (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti index c28386f94..133b61ff4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem1024.Portable open Core open FStar.Mul +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Encapsulate ML-KEM 1024 /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -15,11 +22,9 @@ val encapsulate (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst index efef5d867..4f202cfd7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst @@ -3,6 +3,22 @@ module Libcrux_ml_kem.Mlkem1024 open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (sz 4) + (sz 3168) + (sz 1568) + private_key + ciphertext + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value + let encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) (randomness: t_Array u8 (sz 32)) @@ -10,21 +26,6 @@ let encapsulate Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - if - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti index 698f0b9ef..f2392f194 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti @@ -62,6 +62,18 @@ let v_CPA_PKE_CIPHERTEXT_SIZE_1024_: usize = v_C1_SIZE_1024_ +! v_C2_SIZE_1024_ let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_1024_ +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Encapsulate ML-KEM 1024 /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -73,13 +85,6 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst index 38bf6188b..1256d4b58 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst @@ -3,6 +3,16 @@ module Libcrux_ml_kem.Mlkem512.Avx2 open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (sz 2) + (sz 1632) + (sz 768) + private_key + ciphertext + let encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) (randomness: t_Array u8 (sz 32)) @@ -11,17 +21,10 @@ let encapsulate (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - else - Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti index 807f211cc..7d6f5f2af 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem512.Avx2 open Core open FStar.Mul +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Encapsulate ML-KEM 512 /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -15,11 +22,9 @@ val encapsulate (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst index 4299e04c3..3adfbcc08 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst @@ -3,6 +3,16 @@ module Libcrux_ml_kem.Mlkem512.Neon open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (sz 2) + (sz 1632) + (sz 768) + private_key + ciphertext + let encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) (randomness: t_Array u8 (sz 32)) @@ -11,17 +21,10 @@ let encapsulate (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - else - Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti index 0c02c89fd..1d673c096 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem512.Neon open Core open FStar.Mul +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Encapsulate ML-KEM 512 /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -15,11 +22,9 @@ val encapsulate (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst index 7a9d84fb6..924411db0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst @@ -3,6 +3,16 @@ module Libcrux_ml_kem.Mlkem512.Portable open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (sz 2) + (sz 1632) + (sz 768) + private_key + ciphertext + let encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) (randomness: t_Array u8 (sz 32)) @@ -11,17 +21,10 @@ let encapsulate (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - else - Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti index a119efa43..e5a9ccbc4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem512.Portable open Core open FStar.Mul +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Encapsulate ML-KEM 512 /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -15,11 +22,9 @@ val encapsulate (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst index e5628c836..8d6976b63 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst @@ -3,6 +3,22 @@ module Libcrux_ml_kem.Mlkem512 open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (sz 2) + (sz 1632) + (sz 768) + private_key + ciphertext + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value + let encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) (randomness: t_Array u8 (sz 32)) @@ -10,19 +26,6 @@ let encapsulate Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - if - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - else - Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti index d2fb363c4..b87dfb18d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti @@ -62,6 +62,18 @@ let v_CPA_PKE_CIPHERTEXT_SIZE_512_: usize = v_C1_SIZE_512_ +! v_C2_SIZE_512_ let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_512_ +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Encapsulate ML-KEM 512 /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -73,13 +85,6 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst index 306e91697..ad93c77c1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst @@ -3,6 +3,16 @@ module Libcrux_ml_kem.Mlkem768.Avx2 open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (sz 3) + (sz 2400) + (sz 1088) + private_key + ciphertext + let encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) (randomness: t_Array u8 (sz 32)) @@ -11,19 +21,10 @@ let encapsulate (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti index 9a3179c1c..e28b0965f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem768.Avx2 open Core open FStar.Mul +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Encapsulate ML-KEM 768 /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -15,11 +22,9 @@ val encapsulate (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst index 020024946..cfedb0260 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst @@ -3,6 +3,16 @@ module Libcrux_ml_kem.Mlkem768.Neon open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (sz 3) + (sz 2400) + (sz 1088) + private_key + ciphertext + let encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) (randomness: t_Array u8 (sz 32)) @@ -11,19 +21,10 @@ let encapsulate (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti index 6b65cf91f..3f5477cae 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem768.Neon open Core open FStar.Mul +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Encapsulate ML-KEM 768 /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -15,11 +22,9 @@ val encapsulate (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst index 14c69001d..04197a49b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst @@ -3,6 +3,16 @@ module Libcrux_ml_kem.Mlkem768.Portable open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (sz 3) + (sz 2400) + (sz 1088) + private_key + ciphertext + let encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) (randomness: t_Array u8 (sz 32)) @@ -11,19 +21,10 @@ let encapsulate (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti index 95252b386..85517e2e3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem768.Portable open Core open FStar.Mul +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Encapsulate ML-KEM 768 /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -15,11 +22,9 @@ val encapsulate (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst index e814cd4de..c7e82c154 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst @@ -3,6 +3,22 @@ module Libcrux_ml_kem.Mlkem768 open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (sz 3) + (sz 2400) + (sz 1088) + private_key + ciphertext + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value + let encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) (randomness: t_Array u8 (sz 32)) @@ -10,21 +26,6 @@ let encapsulate Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - if - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti index ea6223aa8..d4978f354 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti @@ -62,6 +62,18 @@ let v_CPA_PKE_CIPHERTEXT_SIZE_768_: usize = v_C1_SIZE_768_ +! v_C2_SIZE_768_ let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_768_ +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Encapsulate ML-KEM 768 /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -73,13 +85,6 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index f09b6c7ce..2bbb0bb41 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -9,39 +9,6 @@ use crate::{ variant::*, vector::Operations, }; -#[cfg(feature = "unpacked")] -use crate::{ - constant_time_ops::{ - compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, - }, - polynomial::PolynomialRingElement, -}; - -/// Types for the unpacked API. -#[cfg(feature = "unpacked")] -pub(crate) mod unpacked { - use crate::{ind_cpa::unpacked::*, vector::traits::Operations}; - - /// An unpacked ML-KEM IND-CCA Private Key - pub struct MlKemPrivateKeyUnpacked { - pub(crate) ind_cpa_private_key: IndCpaPrivateKeyUnpacked, - pub(crate) implicit_rejection_value: [u8; 32], - } - - /// An unpacked ML-KEM IND-CCA Private Key - pub struct MlKemPublicKeyUnpacked { - pub(crate) ind_cpa_public_key: IndCpaPublicKeyUnpacked, - pub(crate) public_key_hash: [u8; 32], - } - - /// An unpacked ML-KEM KeyPair - pub struct MlKemKeyPairUnpacked { - pub private_key: MlKemPrivateKeyUnpacked, - pub public_key: MlKemPublicKeyUnpacked, - } -} -#[cfg(feature = "unpacked")] -use unpacked::*; /// Seed size for key generation pub const KEY_GENERATION_SEED_SIZE: usize = CPA_PKE_KEY_GENERATION_SEED_SIZE + SHARED_SECRET_SIZE; @@ -309,187 +276,243 @@ pub(crate) fn decapsulate< ) } -// Unpacked API -// Generate Unpacked Keys +/// Types for the unpacked API. #[cfg(feature = "unpacked")] -pub(crate) fn generate_keypair_unpacked< - const K: usize, - const CPA_PRIVATE_KEY_SIZE: usize, - const PRIVATE_KEY_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const BYTES_PER_RING_ELEMENT: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, - Vector: Operations, - Hasher: Hash, ->( - randomness: [u8; KEY_GENERATION_SEED_SIZE], -) -> MlKemKeyPairUnpacked { - let ind_cpa_keypair_randomness = &randomness[0..CPA_PKE_KEY_GENERATION_SEED_SIZE]; - let implicit_rejection_value = &randomness[CPA_PKE_KEY_GENERATION_SEED_SIZE..]; - let (ind_cpa_private_key, mut ind_cpa_public_key) = - crate::ind_cpa::generate_keypair_unpacked::( - ind_cpa_keypair_randomness, - ); +pub(crate) mod unpacked { + use super::*; + use crate::{ + constant_time_ops::{ + compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, + }, + ind_cpa::{generate_keypair_unpacked, unpacked::*}, + polynomial::PolynomialRingElement, + vector::traits::Operations, + }; - // We need to un-transpose the A_transpose matrix provided by IND-CPA - // We would like to write the following but it is not supported by Eurydice yet. - // https://github.com/AeneasVerif/eurydice/issues/39 - // - // let A = core::array::from_fn(|i| { - // core::array::from_fn(|j| A_transpose[j][i]) - // }); - - #[allow(non_snake_case)] - let mut A = core::array::from_fn(|_i| { - core::array::from_fn(|_j| PolynomialRingElement::::ZERO()) - }); - for i in 0..K { - for j in 0..K { - A[i][j] = ind_cpa_public_key.A[j][i].clone(); - } + /// An unpacked ML-KEM IND-CCA Private Key + pub struct MlKemPrivateKeyUnpacked { + pub(crate) ind_cpa_private_key: IndCpaPrivateKeyUnpacked, + pub(crate) implicit_rejection_value: [u8; 32], } - ind_cpa_public_key.A = A; - let pk_serialized = serialize_public_key::( - &ind_cpa_public_key.t_as_ntt, - &ind_cpa_public_key.seed_for_A, - ); - let public_key_hash = Hasher::H(&pk_serialized); - let implicit_rejection_value: [u8; 32] = implicit_rejection_value.try_into().unwrap(); + /// An unpacked ML-KEM IND-CCA Private Key + pub struct MlKemPublicKeyUnpacked { + pub(crate) ind_cpa_public_key: IndCpaPublicKeyUnpacked, + pub(crate) public_key_hash: [u8; 32], + } - MlKemKeyPairUnpacked { - private_key: MlKemPrivateKeyUnpacked { - ind_cpa_private_key, - implicit_rejection_value, - }, - public_key: MlKemPublicKeyUnpacked { - ind_cpa_public_key, - public_key_hash, - }, + /// An unpacked ML-KEM KeyPair + pub struct MlKemKeyPairUnpacked { + pub private_key: MlKemPrivateKeyUnpacked, + pub public_key: MlKemPublicKeyUnpacked, } -} -// Encapsulate with Unpacked Public Key -#[cfg(feature = "unpacked")] -pub(crate) fn encapsulate_unpacked< - const K: usize, - const CIPHERTEXT_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const T_AS_NTT_ENCODED_SIZE: usize, - const C1_SIZE: usize, - const C2_SIZE: usize, - const VECTOR_U_COMPRESSION_FACTOR: usize, - const VECTOR_V_COMPRESSION_FACTOR: usize, - const VECTOR_U_BLOCK_LEN: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, - const ETA2: usize, - const ETA2_RANDOMNESS_SIZE: usize, - Vector: Operations, - Hasher: Hash, ->( - public_key: &MlKemPublicKeyUnpacked, - randomness: [u8; SHARED_SECRET_SIZE], -) -> (MlKemCiphertext, MlKemSharedSecret) { - let mut to_hash: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&randomness); - to_hash[H_DIGEST_SIZE..].copy_from_slice(&public_key.public_key_hash); + #[inline(always)] + fn init_re() -> [PolynomialRingElement; K] { + core::array::from_fn(|_| PolynomialRingElement::::ZERO()) + } - let hashed = Hasher::G(&to_hash); - let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); + #[inline(always)] + fn init_ae() -> [[PolynomialRingElement; K]; K] { + core::array::from_fn(|_| core::array::from_fn(|_| PolynomialRingElement::::ZERO())) + } - let ciphertext = crate::ind_cpa::encrypt_unpacked::< - K, - CIPHERTEXT_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - VECTOR_U_BLOCK_LEN, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - Vector, - Hasher, - >(&public_key.ind_cpa_public_key, randomness, pseudorandomness); - let mut shared_secret_array = [0u8; SHARED_SECRET_SIZE]; - shared_secret_array.copy_from_slice(shared_secret); - (MlKemCiphertext::from(ciphertext), shared_secret_array) -} + impl Default for MlKemKeyPairUnpacked { + #[inline(always)] + fn default() -> Self { + Self { + private_key: MlKemPrivateKeyUnpacked { + ind_cpa_private_key: IndCpaPrivateKeyUnpacked { + secret_as_ntt: init_re(), + }, + implicit_rejection_value: [0u8; 32], + }, + public_key: MlKemPublicKeyUnpacked { + ind_cpa_public_key: IndCpaPublicKeyUnpacked { + t_as_ntt: init_re(), + seed_for_A: [0u8; 32], + // XXX: initializing inline here makes eurydice fail. + A: init_ae(), + }, + public_key_hash: [0u8; 32], + }, + } + } + } -// Decapsulate with Unpacked Private Key -#[cfg(feature = "unpacked")] -pub(crate) fn decapsulate_unpacked< - const K: usize, - const SECRET_KEY_SIZE: usize, - const CPA_SECRET_KEY_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const CIPHERTEXT_SIZE: usize, - const T_AS_NTT_ENCODED_SIZE: usize, - const C1_SIZE: usize, - const C2_SIZE: usize, - const VECTOR_U_COMPRESSION_FACTOR: usize, - const VECTOR_V_COMPRESSION_FACTOR: usize, - const C1_BLOCK_SIZE: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, - const ETA2: usize, - const ETA2_RANDOMNESS_SIZE: usize, - const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, - Vector: Operations, - Hasher: Hash, ->( - key_pair: &MlKemKeyPairUnpacked, - ciphertext: &MlKemCiphertext, -) -> MlKemSharedSecret { - let decrypted = crate::ind_cpa::decrypt_unpacked::< - K, - CIPHERTEXT_SIZE, - C1_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - Vector, - >(&key_pair.private_key.ind_cpa_private_key, &ciphertext.value); + // Unpacked API + // Generate Unpacked Keys + pub(crate) fn generate_keypair< + const K: usize, + const CPA_PRIVATE_KEY_SIZE: usize, + const PRIVATE_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const BYTES_PER_RING_ELEMENT: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + Vector: Operations, + Hasher: Hash, + >( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + out: &mut MlKemKeyPairUnpacked, + ) { + let ind_cpa_keypair_randomness = &randomness[0..CPA_PKE_KEY_GENERATION_SEED_SIZE]; + let implicit_rejection_value = &randomness[CPA_PKE_KEY_GENERATION_SEED_SIZE..]; - let mut to_hash: [u8; SHARED_SECRET_SIZE + H_DIGEST_SIZE] = into_padded_array(&decrypted); - to_hash[SHARED_SECRET_SIZE..].copy_from_slice(&key_pair.public_key.public_key_hash); + generate_keypair_unpacked::( + ind_cpa_keypair_randomness, + &mut out.private_key.ind_cpa_private_key, + &mut out.public_key.ind_cpa_public_key, + ); - let hashed = Hasher::G(&to_hash); - let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); + // We need to un-transpose the A_transpose matrix provided by IND-CPA + // We would like to write the following but it is not supported by Eurydice yet. + // https://github.com/AeneasVerif/eurydice/issues/39 + // + // let A = core::array::from_fn(|i| { + // core::array::from_fn(|j| A_transpose[j][i]) + // }); + + #[allow(non_snake_case)] + let mut A = core::array::from_fn(|_i| { + core::array::from_fn(|_j| PolynomialRingElement::::ZERO()) + }); + for i in 0..K { + for j in 0..K { + A[i][j] = out.public_key.ind_cpa_public_key.A[j][i].clone(); + } + } + out.public_key.ind_cpa_public_key.A = A; + + let pk_serialized = + serialize_public_key::( + &out.public_key.ind_cpa_public_key.t_as_ntt, + &out.public_key.ind_cpa_public_key.seed_for_A, + ); + out.public_key.public_key_hash = Hasher::H(&pk_serialized); + out.private_key.implicit_rejection_value = implicit_rejection_value.try_into().unwrap(); + } - let mut to_hash: [u8; IMPLICIT_REJECTION_HASH_INPUT_SIZE] = - into_padded_array(&key_pair.private_key.implicit_rejection_value); - to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ciphertext.as_ref()); - let implicit_rejection_shared_secret: [u8; SHARED_SECRET_SIZE] = Hasher::PRF(&to_hash); + // Encapsulate with Unpacked Public Key + pub(crate) fn encapsulate< + const K: usize, + const CIPHERTEXT_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const VECTOR_U_BLOCK_LEN: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, + Vector: Operations, + Hasher: Hash, + >( + public_key: &MlKemPublicKeyUnpacked, + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKemCiphertext, MlKemSharedSecret) { + let mut to_hash: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&randomness); + to_hash[H_DIGEST_SIZE..].copy_from_slice(&public_key.public_key_hash); + + let hashed = Hasher::G(&to_hash); + let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); + + let ciphertext = crate::ind_cpa::encrypt_unpacked::< + K, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + VECTOR_U_BLOCK_LEN, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + Vector, + Hasher, + >(&public_key.ind_cpa_public_key, randomness, pseudorandomness); + let mut shared_secret_array = [0u8; SHARED_SECRET_SIZE]; + shared_secret_array.copy_from_slice(shared_secret); + (MlKemCiphertext::from(ciphertext), shared_secret_array) + } - let expected_ciphertext = crate::ind_cpa::encrypt_unpacked::< - K, - CIPHERTEXT_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - C1_BLOCK_SIZE, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - Vector, - Hasher, + // Decapsulate with Unpacked Private Key + pub(crate) fn decapsulate< + const K: usize, + const SECRET_KEY_SIZE: usize, + const CPA_SECRET_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const CIPHERTEXT_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const C1_BLOCK_SIZE: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, + const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, + Vector: Operations, + Hasher: Hash, >( - &key_pair.public_key.ind_cpa_public_key, - decrypted, - pseudorandomness, - ); + key_pair: &MlKemKeyPairUnpacked, + ciphertext: &MlKemCiphertext, + ) -> MlKemSharedSecret { + let decrypted = crate::ind_cpa::decrypt_unpacked::< + K, + CIPHERTEXT_SIZE, + C1_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + Vector, + >(&key_pair.private_key.ind_cpa_private_key, &ciphertext.value); + + let mut to_hash: [u8; SHARED_SECRET_SIZE + H_DIGEST_SIZE] = into_padded_array(&decrypted); + to_hash[SHARED_SECRET_SIZE..].copy_from_slice(&key_pair.public_key.public_key_hash); + + let hashed = Hasher::G(&to_hash); + let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); + + let mut to_hash: [u8; IMPLICIT_REJECTION_HASH_INPUT_SIZE] = + into_padded_array(&key_pair.private_key.implicit_rejection_value); + to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ciphertext.as_ref()); + let implicit_rejection_shared_secret: [u8; SHARED_SECRET_SIZE] = Hasher::PRF(&to_hash); + + let expected_ciphertext = crate::ind_cpa::encrypt_unpacked::< + K, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + C1_BLOCK_SIZE, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + Vector, + Hasher, + >( + &key_pair.public_key.ind_cpa_public_key, + decrypted, + pseudorandomness, + ); - let selector = compare_ciphertexts_in_constant_time(ciphertext.as_ref(), &expected_ciphertext); + let selector = + compare_ciphertexts_in_constant_time(ciphertext.as_ref(), &expected_ciphertext); - select_shared_secret_in_constant_time( - shared_secret, - &implicit_rejection_shared_secret, - selector, - ) + select_shared_secret_in_constant_time( + shared_secret, + &implicit_rejection_shared_secret, + selector, + ) + } } diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index e9d780ab2..994d65b50 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -268,6 +268,36 @@ macro_rules! instantiate { } /// Unpacked API + #[cfg(feature = "unpacked")] + pub(crate) mod unpacked { + use super::*; + + pub(crate) fn generate_keypair< + const K: usize, + const CPA_PRIVATE_KEY_SIZE: usize, + const PRIVATE_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const BYTES_PER_RING_ELEMENT: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + >( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + out: &mut MlKemKeyPairUnpacked, + ) { + crate::ind_cca::unpacked::generate_keypair::< + K, + CPA_PRIVATE_KEY_SIZE, + PRIVATE_KEY_SIZE, + PUBLIC_KEY_SIZE, + BYTES_PER_RING_ELEMENT, + ETA1, + ETA1_RANDOMNESS_SIZE, + $vector, + $hash, + >(randomness, out) + } + } + #[cfg(feature = "unpacked")] pub(crate) fn generate_keypair_unpacked< const K: usize, @@ -280,7 +310,8 @@ macro_rules! instantiate { >( randomness: [u8; KEY_GENERATION_SEED_SIZE], ) -> MlKemKeyPairUnpacked { - crate::ind_cca::generate_keypair_unpacked::< + let mut out = MlKemKeyPairUnpacked::::default(); + crate::ind_cca::unpacked::generate_keypair::< K, CPA_PRIVATE_KEY_SIZE, PRIVATE_KEY_SIZE, @@ -290,7 +321,8 @@ macro_rules! instantiate { ETA1_RANDOMNESS_SIZE, $vector, $hash, - >(randomness) + >(randomness, &mut out); + out } /// Portable encapsualte @@ -313,7 +345,7 @@ macro_rules! instantiate { public_key: &MlKemPublicKeyUnpacked, randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKemCiphertext, MlKemSharedSecret) { - crate::ind_cca::encapsulate_unpacked::< + crate::ind_cca::unpacked::encapsulate::< K, CIPHERTEXT_SIZE, PUBLIC_KEY_SIZE, @@ -355,7 +387,7 @@ macro_rules! instantiate { key_pair: &MlKemKeyPairUnpacked, ciphertext: &MlKemCiphertext, ) -> MlKemSharedSecret { - crate::ind_cca::decapsulate_unpacked::< + crate::ind_cca::unpacked::decapsulate::< K, SECRET_KEY_SIZE, CPA_SECRET_KEY_SIZE, diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 9704a32ab..88c7644ef 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -111,10 +111,10 @@ fn sample_vector_cbd_then_ntt< Vector: Operations, Hasher: Hash, >( + re_as_ntt: &mut [PolynomialRingElement; K], prf_input: [u8; 33], mut domain_separator: u8, -) -> ([PolynomialRingElement; K], u8) { - let mut re_as_ntt = core::array::from_fn(|_i| PolynomialRingElement::::ZERO()); +) -> u8 { let mut prf_inputs = [prf_input; K]; for i in 0..K { prf_inputs[i][32] = domain_separator; @@ -125,6 +125,26 @@ fn sample_vector_cbd_then_ntt< re_as_ntt[i] = sample_from_binomial_distribution::(&prf_outputs[i]); ntt_binomially_sampled_ring_element(&mut re_as_ntt[i]); } + domain_separator +} + +#[inline(always)] +fn sample_vector_cbd_then_ntt_out< + const K: usize, + const ETA: usize, + const ETA_RANDOMNESS_SIZE: usize, + Vector: Operations, + Hasher: Hash, +>( + prf_input: [u8; 33], + mut domain_separator: u8, +) -> ([PolynomialRingElement; K], u8) { + let mut re_as_ntt = core::array::from_fn(|_i| PolynomialRingElement::::ZERO()); + domain_separator = sample_vector_cbd_then_ntt::( + &mut re_as_ntt, + prf_input, + domain_separator, + ); (re_as_ntt, domain_separator) } @@ -176,40 +196,41 @@ pub(crate) fn generate_keypair_unpacked< Hasher: Hash, >( key_generation_seed: &[u8], -) -> ( - IndCpaPrivateKeyUnpacked, - IndCpaPublicKeyUnpacked, + private_key: &mut IndCpaPrivateKeyUnpacked, + public_key: &mut IndCpaPublicKeyUnpacked, ) { // (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for ML-KEM let hashed = MlKem::cpa_keygen_seed::(key_generation_seed); let (seed_for_A, seed_for_secret_and_error) = hashed.split_at(32); - let A_transpose = sample_matrix_A::(into_padded_array(seed_for_A), true); + sample_matrix_A::(&mut public_key.A, into_padded_array(seed_for_A), true); let prf_input: [u8; 33] = into_padded_array(seed_for_secret_and_error); - let (secret_as_ntt, domain_separator) = - sample_vector_cbd_then_ntt::(prf_input, 0); - let (error_as_ntt, _) = + let domain_separator = sample_vector_cbd_then_ntt::( + &mut private_key.secret_as_ntt, + prf_input, + 0, + ); + let (error_as_ntt, _) = + sample_vector_cbd_then_ntt_out::( prf_input, domain_separator, ); // tˆ := Aˆ ◦ sˆ + eˆ - let t_as_ntt = compute_As_plus_e(&A_transpose, &secret_as_ntt, &error_as_ntt); + compute_As_plus_e( + &mut public_key.t_as_ntt, + &public_key.A, + &private_key.secret_as_ntt, + &error_as_ntt, + ); - let seed_for_A: [u8; 32] = seed_for_A.try_into().unwrap(); + public_key.seed_for_A = seed_for_A.try_into().unwrap(); // For encapsulation, we need to store A not Aˆ, and so we untranspose A // However, we pass A_transpose here and let the IND-CCA layer do the untranspose. // We could do it here, but then we would pay the performance cost (if any) for the packed API as well. - let pk = IndCpaPublicKeyUnpacked { - t_as_ntt, - A: A_transpose, - seed_for_A, - }; - let sk = IndCpaPrivateKeyUnpacked { secret_as_ntt }; - (sk, pk) } #[allow(non_snake_case)] @@ -232,19 +253,22 @@ pub(crate) fn generate_keypair< let hashed = Scheme::cpa_keygen_seed::(key_generation_seed); let (seed_for_A, seed_for_secret_and_error) = hashed.split_at(32); - let A_transpose = sample_matrix_A::(into_padded_array(seed_for_A), true); + let A_transpose = sample_matrix_a_out::(into_padded_array(seed_for_A), true); let prf_input: [u8; 33] = into_padded_array(seed_for_secret_and_error); let (secret_as_ntt, domain_separator) = - sample_vector_cbd_then_ntt::(prf_input, 0); + sample_vector_cbd_then_ntt_out::( + prf_input, 0, + ); let (error_as_ntt, _) = - sample_vector_cbd_then_ntt::( + sample_vector_cbd_then_ntt_out::( prf_input, domain_separator, ); // tˆ := Aˆ ◦ sˆ + eˆ - let t_as_ntt = compute_As_plus_e(&A_transpose, &secret_as_ntt, &error_as_ntt); + let mut t_as_ntt = core::array::from_fn(|_i| PolynomialRingElement::::ZERO()); + compute_As_plus_e(&mut t_as_ntt, &A_transpose, &secret_as_ntt, &error_as_ntt); let seed_for_A: [u8; 32] = seed_for_A.try_into().unwrap(); @@ -352,7 +376,9 @@ pub(crate) fn encrypt_unpacked< // rˆ := NTT(r) let mut prf_input: [u8; 33] = into_padded_array(randomness); let (r_as_ntt, domain_separator) = - sample_vector_cbd_then_ntt::(prf_input, 0); + sample_vector_cbd_then_ntt_out::( + prf_input, 0, + ); // for i from 0 to k−1 do // e1[i] := CBD_{η2}(PRF(r,N)) @@ -431,7 +457,7 @@ pub(crate) fn encrypt< // end for // end for let seed = &public_key[T_AS_NTT_ENCODED_SIZE..]; - let A = sample_matrix_A::(into_padded_array(seed), false); + let A = sample_matrix_a_out::(into_padded_array(seed), false); // Note that we do not use the unpacked function internally here and instead // duplicate the code to avoid blowing up the stack. @@ -443,7 +469,9 @@ pub(crate) fn encrypt< // rˆ := NTT(r) let mut prf_input: [u8; 33] = into_padded_array(randomness); let (r_as_ntt, domain_separator) = - sample_vector_cbd_then_ntt::(prf_input, 0); + sample_vector_cbd_then_ntt_out::( + prf_input, 0, + ); // for i from 0 to k−1 do // e1[i] := CBD_{η2}(PRF(r,N)) diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs index d07c95f93..65dd1b86d 100644 --- a/libcrux-ml-kem/src/matrix.rs +++ b/libcrux-ml-kem/src/matrix.rs @@ -6,13 +6,10 @@ use crate::{ #[inline(always)] #[allow(non_snake_case)] pub(crate) fn sample_matrix_A>( + A_transpose: &mut [[PolynomialRingElement; K]; K], seed: [u8; 34], transpose: bool, -) -> [[PolynomialRingElement; K]; K] { - let mut A_transpose = core::array::from_fn(|_i| { - core::array::from_fn(|_j| PolynomialRingElement::::ZERO()) - }); - +) { for i in 0..K { let mut seeds = [seed; K]; for j in 0..K { @@ -31,8 +28,18 @@ pub(crate) fn sample_matrix_A>( + seed: [u8; 34], + transpose: bool, +) -> [[PolynomialRingElement; K]; K] { + let mut a = core::array::from_fn(|_i| { + core::array::from_fn(|_j| PolynomialRingElement::::ZERO()) + }); + sample_matrix_A::(&mut a, seed, transpose); + a } /// The following functions compute various expressions involving @@ -110,23 +117,20 @@ pub(crate) fn compute_vector_u( #[inline(always)] #[allow(non_snake_case)] pub(crate) fn compute_As_plus_e( + t_as_ntt: &mut [PolynomialRingElement; K], matrix_A: &[[PolynomialRingElement; K]; K], s_as_ntt: &[PolynomialRingElement; K], error_as_ntt: &[PolynomialRingElement; K], -) -> [PolynomialRingElement; K] { - let mut result = core::array::from_fn(|_i| PolynomialRingElement::::ZERO()); - +) { cloop! { for (i, row) in matrix_A.iter().enumerate() { cloop! { for (j, matrix_element) in row.iter().enumerate() { let product = matrix_element.ntt_multiply(&s_as_ntt[j]); - result[i].add_to_ring_element::(&product); + t_as_ntt[i].add_to_ring_element::(&product); } } - result[i].add_standard_error_reduce(&error_as_ntt[i]); + t_as_ntt[i].add_standard_error_reduce(&error_as_ntt[i]); } } - - result } diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 88c328801..a91000a14 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -234,6 +234,101 @@ macro_rules! instantiate { >(private_key, ciphertext) } + /// Unpacked APIs that don't use serialized keys. + #[cfg(feature = "unpacked")] + #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] + pub mod unpacked { + use super::*; + + /// Generate ML-KEM 768 Key Pair in "unpacked" form. + pub fn generate_key_pair( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + key_pair: &mut MlKem768KeyPairUnpacked<$vec>, + ) { + p::unpacked::generate_keypair::< + RANK_768, + CPA_PKE_SECRET_KEY_SIZE_768, + SECRET_KEY_SIZE_768, + CPA_PKE_PUBLIC_KEY_SIZE_768, + RANKED_BYTES_PER_RING_ELEMENT_768, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness, key_pair) + } + + /// Encapsulate ML-KEM 768 (unpacked) + /// + /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + /// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], + /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. + #[cfg_attr( + hax, + hax_lib::fstar::before( + interface, + " + let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + ()" + ) + )] + #[cfg(feature = "unpacked")] + #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] + pub fn encapsulate_unpacked( + public_key: &MlKem768PublicKeyUnpacked<$vec>, + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKem768Ciphertext, MlKemSharedSecret) { + p::encapsulate_unpacked::< + RANK_768, + CPA_PKE_CIPHERTEXT_SIZE_768, + CPA_PKE_PUBLIC_KEY_SIZE_768, + T_AS_NTT_ENCODED_SIZE_768, + C1_SIZE_768, + C2_SIZE_768, + VECTOR_U_COMPRESSION_FACTOR_768, + VECTOR_V_COMPRESSION_FACTOR_768, + C1_BLOCK_SIZE_768, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + >(public_key, randomness) + } + + /// Decapsulate ML-KEM 768 (unpacked) + /// + /// Generates an [`MlKemSharedSecret`]. + /// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] + /// and an [`MlKem768Ciphertext`]. + #[cfg(feature = "unpacked")] + #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] + pub fn decapsulate_unpacked( + private_key: &MlKem768KeyPairUnpacked<$vec>, + ciphertext: &MlKem768Ciphertext, + ) -> MlKemSharedSecret { + p::decapsulate_unpacked::< + RANK_768, + SECRET_KEY_SIZE_768, + CPA_PKE_SECRET_KEY_SIZE_768, + CPA_PKE_PUBLIC_KEY_SIZE_768, + CPA_PKE_CIPHERTEXT_SIZE_768, + T_AS_NTT_ENCODED_SIZE_768, + C1_SIZE_768, + C2_SIZE_768, + VECTOR_U_COMPRESSION_FACTOR_768, + VECTOR_V_COMPRESSION_FACTOR_768, + C1_BLOCK_SIZE_768, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + >(private_key, ciphertext) + } + } + /// Generate ML-KEM 768 Key Pair in "unpacked" form #[cfg(feature = "unpacked")] #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti index 35516c01f..0b77def1e 100644 --- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti @@ -41,11 +41,5 @@ val t_Feature_cast_to_repr (x: t_Feature) : Prims.Pure isize Prims.l_True (fun _ /// Initialize CPU detection. val init: Prims.unit -> Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True) -val init__cpuid (leaf: u32) - : Prims.Pure Core.Core_arch.X86.Cpuid.t_CpuidResult Prims.l_True (fun _ -> Prims.l_True) - -val init__cpuid_count (leaf sub_leaf: u32) - : Prims.Pure Core.Core_arch.X86.Cpuid.t_CpuidResult Prims.l_True (fun _ -> Prims.l_True) - /// Check hardware [`Feature`] support. val supported (feature: t_Feature) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) From 787584d3fc00a8c7702e1bde28af7bb7c9832297 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 10 Sep 2024 14:56:58 +0200 Subject: [PATCH 134/172] Dont `unwrap()` or `expect()` in examples --- libcrux-ml-dsa/examples/sign_65.rs | 3 +-- libcrux-ml-dsa/examples/verify_65.rs | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/libcrux-ml-dsa/examples/sign_65.rs b/libcrux-ml-dsa/examples/sign_65.rs index 0981da400..162d3fc11 100644 --- a/libcrux-ml-dsa/examples/sign_65.rs +++ b/libcrux-ml-dsa/examples/sign_65.rs @@ -16,7 +16,6 @@ fn main() { let keypair = ml_dsa_65::generate_key_pair(key_generation_seed); for _i in 0..100_000 { - let _ = ml_dsa_65::sign(&keypair.signing_key, &message, signing_randomness) - .expect("Rejection sampling failure probability is < 2⁻¹²⁸"); + let _ = ml_dsa_65::sign(&keypair.signing_key, &message, signing_randomness); } } diff --git a/libcrux-ml-dsa/examples/verify_65.rs b/libcrux-ml-dsa/examples/verify_65.rs index 854288d03..9b8c1436a 100644 --- a/libcrux-ml-dsa/examples/verify_65.rs +++ b/libcrux-ml-dsa/examples/verify_65.rs @@ -18,6 +18,6 @@ fn main() { .expect("Rejection sampling failure probability is < 2⁻¹²⁸"); for _i in 0..100_000 { - ml_dsa_65::verify(&keypair.verification_key, &message, &signature).unwrap(); + ml_dsa_65::verify(&keypair.verification_key, &message, &signature); } } From 6aa31a6492831d75b34b551f10678c95a7588c08 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 10 Sep 2024 15:00:23 +0200 Subject: [PATCH 135/172] Use constant for rejection sample loop bound --- libcrux-ml-dsa/src/constants.rs | 1 + libcrux-ml-dsa/src/ml_dsa_generic.rs | 9 +++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/libcrux-ml-dsa/src/constants.rs b/libcrux-ml-dsa/src/constants.rs index ac15681aa..f67537ba9 100644 --- a/libcrux-ml-dsa/src/constants.rs +++ b/libcrux-ml-dsa/src/constants.rs @@ -27,3 +27,4 @@ pub(crate) const MESSAGE_REPRESENTATIVE_SIZE: usize = 64; pub(crate) const MASK_SEED_SIZE: usize = 64; pub(crate) const VERIFIER_CHALLENGE_SEED_SIZE: usize = 32; +pub(crate) const REJECTION_SAMPLE_BOUND: usize = 576; diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs index 01dee47ef..dbdb7bb35 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs @@ -175,11 +175,12 @@ pub(crate) fn sign< let mut hint = None; // Depending on the mode, one try has a chance between 1/7 and 1/4 - // of succeeding. Thus it is safe to say that 576 iterations - // are enough as (6/7)⁵⁷⁶ < 2⁻¹²⁸[1]. + // of succeeding. Thus it is safe to say that 576 + // (REJECTION_SAMPLE_BOUND) iterations are enough as (6/7)⁵⁷⁶ < + // 2⁻¹²⁸[1]. // // [1]: https://github.com/cloudflare/circl/blob/main/sign/dilithium/mode2/internal/dilithium.go#L341 - while attempt < 576 { + while attempt < REJECTION_SAMPLE_BOUND { attempt += 1; let mask = @@ -261,7 +262,7 @@ pub(crate) fn sign< if ones_in_hint > MAX_ONES_IN_HINT { } else { - attempt = 576; // exit loop now + attempt = REJECTION_SAMPLE_BOUND; // exit loop now commitment_hash = Some(commitment_hash_candidate); signer_response = Some(signer_response_candidate); hint = Some(hint_candidate); From df48c900332cf385cd22126b4a3c5b8e9eec1d57 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 10 Sep 2024 15:43:03 +0200 Subject: [PATCH 136/172] Update intrinsics interfaces --- libcrux-intrinsics/src/avx2_extract.rs | 132 +++++++++++++++++- libcrux-ml-dsa/examples/verify_65.rs | 2 +- libcrux-ml-dsa/src/ml_dsa_44.rs | 4 +- .../src/ml_dsa_generic/instantiations.rs | 6 +- 4 files changed, 134 insertions(+), 10 deletions(-) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index f1d42e188..8afb4ab49 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -5,18 +5,27 @@ pub type Vec256 = u8; pub type Vec128 = u8; +pub type Vec256Float = u8; +pub fn mm256_storeu_si256_u8(output: &mut [u8], vector: Vec256) { + debug_assert_eq!(output.len(), 32); + unimplemented!() +} pub fn mm256_storeu_si256_i16(output: &mut [i16], vector: Vec256) { debug_assert_eq!(output.len(), 16); unimplemented!() } - -pub fn mm256_storeu_si256_u8(output: &mut [u8], vector: Vec256) { - debug_assert_eq!(output.len(), 32); +pub fn mm256_storeu_si256_i32(output: &mut [i32], vector: Vec256) { + debug_assert_eq!(output.len(), 8); unimplemented!() } + pub fn mm_storeu_si128(output: &mut [i16], vector: Vec128) { - // debug_assert_eq!(output.len(), 8); + debug_assert!(output.len() >= 8); + unimplemented!() +} +pub fn mm_storeu_si128_i32(output: &mut [i32], vector: Vec128) { + debug_assert_eq!(output.len(), 4); unimplemented!() } @@ -34,15 +43,21 @@ pub fn mm256_loadu_si256_u8(input: &[u8]) -> Vec256 { debug_assert_eq!(input.len(), 32); unimplemented!() } - pub fn mm256_loadu_si256_i16(input: &[i16]) -> Vec256 { debug_assert_eq!(input.len(), 16); unimplemented!() } +pub fn mm256_loadu_si256_i32(input: &[i32]) -> Vec256 { + debug_assert_eq!(input.len(), 8); + unimplemented!() +} pub fn mm256_setzero_si256() -> Vec256 { unimplemented!() } +pub fn mm256_set_m128i(hi: Vec128, lo: Vec128) -> Vec256 { + unimplemented!() +} pub fn mm_set_epi8( byte15: u8, @@ -126,13 +141,21 @@ pub fn mm256_set_epi16( unimplemented!() } +#[inline(always)] pub fn mm_set1_epi16(constant: i16) -> Vec128 { unimplemented!() } +#[inline(always)] pub fn mm256_set1_epi32(constant: i32) -> Vec256 { unimplemented!() } + +#[inline(always)] +pub fn mm_set_epi32(input3: i32, input2: i32, input1: i32, input0: i32) -> Vec128 { + unimplemented!() +} +#[inline(always)] pub fn mm256_set_epi32( input7: i32, input6: i32, @@ -146,22 +169,40 @@ pub fn mm256_set_epi32( unimplemented!() } +#[inline(always)] pub fn mm_add_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() } +#[inline(always)] pub fn mm256_add_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[inline(always)] pub fn mm256_madd_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[inline(always)] pub fn mm256_add_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[inline(always)] +pub fn mm256_add_epi64(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +#[inline(always)] +pub fn mm256_abs_epi32(a: Vec256) -> Vec256 { + unimplemented!() +} + pub fn mm256_sub_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +pub fn mm256_sub_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + pub fn mm_sub_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() } @@ -174,9 +215,33 @@ pub fn mm_mullo_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() } +#[inline(always)] pub fn mm256_cmpgt_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[inline(always)] +pub fn mm256_cmpgt_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} +#[inline(always)] +pub fn mm256_cmpeq_epi32(a: Vec256, b: Vec256) -> Vec256 { + unimplemented!() +} + +#[inline(always)] +pub fn mm256_sign_epi32(a: Vec256, b: Vec256) -> Vec256 { + unimplemented!() +} + +#[inline(always)] +pub fn mm256_castsi256_ps(a: Vec256) -> Vec256Float { + unimplemented!() +} + +#[inline(always)] +pub fn mm256_movemask_ps(a: Vec256Float) -> i32 { + unimplemented!() +} pub fn mm_mulhi_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() @@ -194,10 +259,25 @@ pub fn mm256_mul_epu32(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[inline(always)] +pub fn mm256_mul_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +#[inline(always)] pub fn mm256_and_si256(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[inline(always)] +pub fn mm256_or_si256(a: Vec256, b: Vec256) -> Vec256 { + unimplemented!() +} + +pub fn mm256_testz_si256(lhs: Vec256, rhs: Vec256) -> i32 { + unimplemented!() +} + pub fn mm256_xor_si256(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } @@ -220,6 +300,10 @@ pub fn mm256_srli_epi32(vector: Vec256) -> Vec256 { unimplemented!() } +pub fn mm_srli_epi64(vector: Vec128) -> Vec128 { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 64); + unimplemented!() +} pub fn mm256_srli_epi64(vector: Vec256) -> Vec256 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 64); unimplemented!() @@ -291,19 +375,47 @@ pub fn mm256_inserti128_si256(vector: Vec256, vector_i128: V unimplemented!() } +#[inline(always)] pub fn mm256_blend_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { debug_assert!(CONTROL >= 0 && CONTROL < 256); unimplemented!() } +#[inline(always)] +pub fn mm256_blend_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { + debug_assert!(CONTROL >= 0 && CONTROL < 256); + unimplemented!() +} + +// This is essentially _mm256_blendv_ps adapted for use with the Vec256 type. +// It is not offered by the AVX2 instruction set. +#[inline(always)] +pub fn vec256_blendv_epi32(a: Vec256, b: Vec256, mask: Vec256) -> Vec256 { + unimplemented!() +} + +#[inline(always)] pub fn mm_movemask_epi8(vector: Vec128) -> i32 { unimplemented!() } +#[inline(always)] pub fn mm256_permutevar8x32_epi32(vector: Vec256, control: Vec256) -> Vec256 { unimplemented!() } +#[inline(always)] +pub fn mm256_srlv_epi32(vector: Vec256, counts: Vec256) -> Vec256 { + unimplemented!() +} +#[inline(always)] +pub fn mm256_srlv_epi64(vector: Vec256, counts: Vec256) -> Vec256 { + unimplemented!() +} + +pub fn mm_sllv_epi32(vector: Vec128, counts: Vec128) -> Vec128 { + unimplemented!() +} pub fn mm256_sllv_epi32(vector: Vec256, counts: Vec256) -> Vec256 { unimplemented!() } @@ -313,6 +425,12 @@ pub fn mm256_slli_epi64(x: Vec256) -> Vec256 { unimplemented!() } +#[inline(always)] +pub fn mm256_bsrli_epi128(x: Vec256) -> Vec256 { + debug_assert!(SHIFT_BY > 0 && SHIFT_BY < 16); + unimplemented!() +} + #[inline(always)] pub fn mm256_andnot_si256(a: Vec256, b: Vec256) -> Vec256 { unimplemented!() @@ -322,6 +440,10 @@ pub fn mm256_andnot_si256(a: Vec256, b: Vec256) -> Vec256 { pub fn mm256_set1_epi64x(a: i64) -> Vec256 { unimplemented!() } +#[inline(always)] +pub fn mm256_set_epi64x(input3: i64, input2: i64, input1: i64, input0: i64) -> Vec256 { + unimplemented!() +} #[inline(always)] pub fn mm256_unpacklo_epi64(a: Vec256, b: Vec256) -> Vec256 { diff --git a/libcrux-ml-dsa/examples/verify_65.rs b/libcrux-ml-dsa/examples/verify_65.rs index 9b8c1436a..3bc1289f8 100644 --- a/libcrux-ml-dsa/examples/verify_65.rs +++ b/libcrux-ml-dsa/examples/verify_65.rs @@ -18,6 +18,6 @@ fn main() { .expect("Rejection sampling failure probability is < 2⁻¹²⁸"); for _i in 0..100_000 { - ml_dsa_65::verify(&keypair.verification_key, &message, &signature); + let _ = ml_dsa_65::verify(&keypair.verification_key, &message, &signature); } } diff --git a/libcrux-ml-dsa/src/ml_dsa_44.rs b/libcrux-ml-dsa/src/ml_dsa_44.rs index cb2b0669b..62f3ae4d7 100644 --- a/libcrux-ml-dsa/src/ml_dsa_44.rs +++ b/libcrux-ml-dsa/src/ml_dsa_44.rs @@ -2,11 +2,9 @@ use crate::{ constants::*, ml_dsa_generic::{self, multiplexing}, types::*, -SigningError, - VerificationError, + SigningError, VerificationError, }; - // ML-DSA-44-specific parameters const ROWS_IN_A: usize = 4; diff --git a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs index ec1470f96..6149e50f3 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs @@ -1,7 +1,11 @@ macro_rules! instantiate { ($modp:ident, $simdunit:path, $shake128x4:path, $shake256:path, $shake256x4:path) => { pub mod $modp { - use crate::{constants::*, ml_dsa_generic::{VerificationError, SigningError}, types::*}; + use crate::{ + constants::*, + ml_dsa_generic::{SigningError, VerificationError}, + types::*, + }; /// Generate key pair. pub(crate) fn generate_key_pair< From 9bdda4c03597de873dd5e4e26b229aa7f6d73246 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 10 Sep 2024 15:48:03 +0200 Subject: [PATCH 137/172] hax-compatibility: cast match scrutinees --- libcrux-ml-dsa/src/simd/avx2/encoding/commitment.rs | 2 +- libcrux-ml-dsa/src/simd/avx2/encoding/error.rs | 4 ++-- libcrux-ml-dsa/src/simd/avx2/encoding/gamma1.rs | 4 ++-- .../src/simd/avx2/rejection_sample/less_than_eta.rs | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/libcrux-ml-dsa/src/simd/avx2/encoding/commitment.rs b/libcrux-ml-dsa/src/simd/avx2/encoding/commitment.rs index 033fcf05e..c8a3e40a1 100644 --- a/libcrux-ml-dsa/src/simd/avx2/encoding/commitment.rs +++ b/libcrux-ml-dsa/src/simd/avx2/encoding/commitment.rs @@ -4,7 +4,7 @@ use libcrux_intrinsics::avx2::*; pub fn serialize(simd_unit: Vec256) -> [u8; OUTPUT_SIZE] { let mut serialized = [0u8; 19]; - match OUTPUT_SIZE { + match OUTPUT_SIZE as u8 { 4 => { let adjacent_2_combined = mm256_sllv_epi32(simd_unit, mm256_set_epi32(0, 28, 0, 28, 0, 28, 0, 28)); diff --git a/libcrux-ml-dsa/src/simd/avx2/encoding/error.rs b/libcrux-ml-dsa/src/simd/avx2/encoding/error.rs index 828bc2135..0d9095166 100644 --- a/libcrux-ml-dsa/src/simd/avx2/encoding/error.rs +++ b/libcrux-ml-dsa/src/simd/avx2/encoding/error.rs @@ -65,7 +65,7 @@ fn serialize_when_eta_is_4(simd_unit: Vec256) -> [u8; } #[inline(always)] pub fn serialize(simd_unit: Vec256) -> [u8; OUTPUT_SIZE] { - match OUTPUT_SIZE { + match OUTPUT_SIZE as u8 { 3 => serialize_when_eta_is_2::(simd_unit), 4 => serialize_when_eta_is_4::(simd_unit), _ => unreachable!(), @@ -118,7 +118,7 @@ fn deserialize_to_unsigned_when_eta_is_4(bytes: &[u8]) -> Vec256 { } #[inline(always)] pub(crate) fn deserialize_to_unsigned(serialized: &[u8]) -> Vec256 { - match ETA { + match ETA as u8 { 2 => deserialize_to_unsigned_when_eta_is_2(serialized), 4 => deserialize_to_unsigned_when_eta_is_4(serialized), _ => unreachable!(), diff --git a/libcrux-ml-dsa/src/simd/avx2/encoding/gamma1.rs b/libcrux-ml-dsa/src/simd/avx2/encoding/gamma1.rs index 38296f225..80b666707 100644 --- a/libcrux-ml-dsa/src/simd/avx2/encoding/gamma1.rs +++ b/libcrux-ml-dsa/src/simd/avx2/encoding/gamma1.rs @@ -66,7 +66,7 @@ fn serialize_when_gamma1_is_2_pow_19( #[inline(always)] pub(crate) fn serialize(simd_unit: Vec256) -> [u8; OUTPUT_SIZE] { - match OUTPUT_SIZE { + match OUTPUT_SIZE as u8 { 18 => serialize_when_gamma1_is_2_pow_17::(simd_unit), 20 => serialize_when_gamma1_is_2_pow_19::(simd_unit), _ => unreachable!(), @@ -130,7 +130,7 @@ fn deserialize_when_gamma1_is_2_pow_19(serialized: &[u8]) -> Vec256 { #[inline(always)] pub(crate) fn deserialize(serialized: &[u8]) -> Vec256 { - match GAMMA1_EXPONENT { + match GAMMA1_EXPONENT as u8 { 17 => deserialize_when_gamma1_is_2_pow_17(serialized), 19 => deserialize_when_gamma1_is_2_pow_19(serialized), _ => unreachable!(), diff --git a/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_eta.rs b/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_eta.rs index cd0f5b05d..052a6b855 100644 --- a/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_eta.rs +++ b/libcrux-ml-dsa/src/simd/avx2/rejection_sample/less_than_eta.rs @@ -7,7 +7,7 @@ use libcrux_intrinsics::avx2::*; #[inline(always)] fn shift_interval(coefficients: Vec256) -> Vec256 { - match ETA { + match ETA as u8 { 2 => { let quotient = mm256_mullo_epi32(coefficients, mm256_set1_epi32(26)); let quotient = mm256_srai_epi32::<7>(quotient); @@ -29,7 +29,7 @@ pub(crate) fn sample(input: &[u8], output: &mut [i32]) -> usiz // values that are 4-bits wide. let potential_coefficients = encoding::error::deserialize_to_unsigned::<4>(input); - let interval_boundary: i32 = match ETA { + let interval_boundary: i32 = match ETA as u8 { 2 => 15, 4 => 9, _ => unreachable!(), From 08a3cad50aaec0d07fdab4ae4f809ed424e58b08 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 10 Sep 2024 18:45:38 +0000 Subject: [PATCH 138/172] updated unpacked api --- libcrux-ml-kem/cg.yaml | 8 +- libcrux-ml-kem/cg/CMakeLists.txt | 1 + libcrux-ml-kem/cg/benches/mlkem768.cc | 113 ++ libcrux-ml-kem/cg/code_gen.txt | 8 +- libcrux-ml-kem/cg/eurydice_glue.h | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 64 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 8 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 1622 +++++++++++++---- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 1610 ++++++++++++---- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 20 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 176 +- libcrux-ml-kem/cg/tests/mlkem768.cc | 52 + libcrux-ml-kem/src/ind_cca.rs | 21 +- libcrux-ml-kem/src/ind_cca/instantiations.rs | 201 +- libcrux-ml-kem/src/mlkem1024.rs | 199 +- libcrux-ml-kem/src/mlkem512.rs | 192 +- libcrux-ml-kem/src/mlkem768.rs | 129 +- libcrux-ml-kem/src/polynomial.rs | 2 +- libcrux-ml-kem/tests/self.rs | 57 +- 19 files changed, 3135 insertions(+), 1350 deletions(-) diff --git a/libcrux-ml-kem/cg.yaml b/libcrux-ml-kem/cg.yaml index 58908b2b7..9bf20593b 100644 --- a/libcrux-ml-kem/cg.yaml +++ b/libcrux-ml-kem/cg.yaml @@ -81,13 +81,13 @@ files: patterns: - [libcrux_ml_kem, vector, avx2, "*"] - [libcrux_ml_kem, hash_functions, avx2, "*"] - - [libcrux_ml_kem, mlkem768, avx2] - - [libcrux_ml_kem, ind_cca, instantiations, avx2] + - [libcrux_ml_kem, mlkem768, avx2, "*"] + - [libcrux_ml_kem, ind_cca, instantiations, avx2, "*"] monomorphizations_of: - [libcrux_ml_kem, vector, avx2, "*"] - [libcrux_ml_kem, hash_functions, avx2, "*"] - - [libcrux_ml_kem, mlkem768, avx2] - - [libcrux_ml_kem, ind_cca, instantiations, avx2] + - [libcrux_ml_kem, mlkem768, avx2, "*"] + - [libcrux_ml_kem, ind_cca, instantiations, avx2, "*"] monomorphizations_using: - [libcrux_ml_kem, vector, avx2, "*"] - [libcrux_ml_kem, hash_functions, avx2, "*"] diff --git a/libcrux-ml-kem/cg/CMakeLists.txt b/libcrux-ml-kem/cg/CMakeLists.txt index 4d33faa9a..f29b5b5dc 100644 --- a/libcrux-ml-kem/cg/CMakeLists.txt +++ b/libcrux-ml-kem/cg/CMakeLists.txt @@ -17,6 +17,7 @@ if(NOT MSVC) add_compile_options( -Wall -fstack-usage + -Wunused-function $<$:-g> $<$:-Og> $<$:-g> diff --git a/libcrux-ml-kem/cg/benches/mlkem768.cc b/libcrux-ml-kem/cg/benches/mlkem768.cc index 4a9bea540..7ce70a7e1 100644 --- a/libcrux-ml-kem/cg/benches/mlkem768.cc +++ b/libcrux-ml-kem/cg/benches/mlkem768.cc @@ -29,6 +29,20 @@ kyber768_key_generation(benchmark::State &state) } } +static void +kyber768_key_generation_unpacked(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair); + + for (auto _ : state) + { + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair); + } +} + static void kyber768_encapsulation(benchmark::State &state) { @@ -45,6 +59,24 @@ kyber768_encapsulation(benchmark::State &state) } } +static void +kyber768_encapsulation_unpacked(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair); + + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(&key_pair.public_key, randomness); + + for (auto _ : state) + { + ctxt = libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(&key_pair.public_key, randomness); + } +} + static void kyber768_decapsulation(benchmark::State &state) { @@ -63,9 +95,33 @@ kyber768_decapsulation(benchmark::State &state) } } +static void +kyber768_decapsulation_unpacked(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair); + + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(&key_pair.public_key, randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + + for (auto _ : state) + { + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate(&key_pair, &ctxt.fst, sharedSecret2); + } +} + BENCHMARK(kyber768_key_generation); +BENCHMARK(kyber768_key_generation_unpacked); BENCHMARK(kyber768_encapsulation); +BENCHMARK(kyber768_encapsulation_unpacked); BENCHMARK(kyber768_decapsulation); +BENCHMARK(kyber768_decapsulation_unpacked); #ifdef LIBCRUX_AARCH64 #include "libcrux_mlkem768_neon.h" @@ -138,6 +194,22 @@ kyber768_key_generation_avx2(benchmark::State &state) } } +static void +kyber768_key_generation_avx2_unpacked(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(randomness, &key_pair); + + for (auto _ : state) + { + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(randomness, &key_pair); + } +} + static void kyber768_encapsulation_avx2(benchmark::State &state) { @@ -154,6 +226,24 @@ kyber768_encapsulation_avx2(benchmark::State &state) } } +static void +kyber768_encapsulation_avx2_unpacked(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(randomness, &key_pair); + + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate(&key_pair.public_key, randomness); + + for (auto _ : state) + { + ctxt = libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate(&key_pair.public_key, randomness); + } +} + static void kyber768_decapsulation_avx2(benchmark::State &state) { @@ -172,9 +262,32 @@ kyber768_decapsulation_avx2(benchmark::State &state) } } +static void +kyber768_decapsulation_avx2_unpacked(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(randomness, &key_pair); + + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate(&key_pair.public_key, randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + + for (auto _ : state) + { + libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate(&key_pair, &ctxt.fst, sharedSecret2); + } +} + BENCHMARK(kyber768_key_generation_avx2); +BENCHMARK(kyber768_key_generation_avx2_unpacked); BENCHMARK(kyber768_encapsulation_avx2); +BENCHMARK(kyber768_encapsulation_avx2_unpacked); BENCHMARK(kyber768_decapsulation_avx2); +BENCHMARK(kyber768_decapsulation_avx2_unpacked); #endif #ifdef LIBCRUX_SYMCRYPT diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index bb21a42c5..dee9bbaac 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d -Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 -Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 +Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 +Eurydice: 36ae22046856004fa274a38d29b1697974017344 +Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 4a129c7105a62d75cfafa6f7568fe1b579ab03f1 +Libcrux: 76a08da6b710a8d725d134bc5dfe88f4b9712ad5 diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 8ead868e5..bc07ba4b9 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -167,7 +167,7 @@ static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { ? (CLITERAL(ret_t){.tag = None}) \ : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++})) -#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \ Eurydice_range_iter_next // See note in karamel/lib/Inlining.ml if you change this diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index be9bbe04a..4777be512 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 + * Eurydice: 36ae22046856004fa274a38d29b1697974017344 + * Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 76a08da6b710a8d725d134bc5dfe88f4b9712ad5 */ #ifndef __libcrux_core_H @@ -97,14 +97,15 @@ typedef struct Result_6f_s { } Result_6f; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_76(Result_6f self, uint8_t ret[24U]) { +static inline void unwrap_26_76(Result_6f self, uint8_t ret[24U]) { if (self.tag == Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -130,14 +131,15 @@ typedef struct Result_7a_s { } Result_7a; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_ea(Result_7a self, uint8_t ret[20U]) { +static inline void unwrap_26_ea(Result_7a self, uint8_t ret[20U]) { if (self.tag == Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -163,14 +165,15 @@ typedef struct Result_cd_s { } Result_cd; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_07(Result_cd self, uint8_t ret[10U]) { +static inline void unwrap_26_07(Result_cd self, uint8_t ret[10U]) { if (self.tag == Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -202,7 +205,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_aa( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_35( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -226,7 +229,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_b6_8c(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_b6_25(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -263,7 +266,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_f6(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_17_2a(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -279,7 +282,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_05_9d(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_05_ae(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -302,14 +305,15 @@ typedef struct Result_00_s { } Result_00; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_33(Result_00 self, uint8_t ret[32U]) { +static inline void unwrap_26_33(Result_00 self, uint8_t ret[32U]) { if (self.tag == Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -342,7 +346,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_e5(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_32(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -362,7 +366,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_00( +static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_23( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -414,7 +418,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_cf( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_8c( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -471,14 +475,15 @@ typedef struct Result_c0_s { } Result_c0; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_30(Result_c0 self, int16_t ret[16U]) { +static inline void unwrap_26_30(Result_c0 self, int16_t ret[16U]) { if (self.tag == Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -504,14 +509,15 @@ typedef struct Result_56_s { } Result_56; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_0e(Result_56 self, uint8_t ret[8U]) { +static inline void unwrap_26_0e(Result_56 self, uint8_t ret[8U]) { if (self.tag == Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index be005d67c..e3b6cab5a 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 + * Eurydice: 36ae22046856004fa274a38d29b1697974017344 + * Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 76a08da6b710a8d725d134bc5dfe88f4b9712ad5 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 9935422a8..608af7814 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 + * Eurydice: 36ae22046856004fa274a38d29b1697974017344 + * Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 76a08da6b710a8d725d134bc5dfe88f4b9712ad5 */ #ifndef __libcrux_mlkem768_avx2_H @@ -719,7 +719,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, ret0); + unwrap_26_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -819,7 +819,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - unwrap_41_07(dst, ret0); + unwrap_26_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -932,7 +932,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - unwrap_41_ea(dst, ret0); + unwrap_26_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1077,7 +1077,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - unwrap_41_76(dst, ret0); + unwrap_26_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1201,17 +1201,18 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_89_7d(void) { +libcrux_ml_kem_polynomial_ZERO_d6_7d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); @@ -1240,8 +1241,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_5c(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_7d(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_b0(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } /** @@ -1252,10 +1253,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_13( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_c7( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1276,12 +1277,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_71( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_8f( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1294,7 +1295,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_71( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_13( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_c7( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1323,8 +1324,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_1c(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_7d(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_14(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } /** @@ -1335,7 +1336,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_96( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1387,9 +1388,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_94( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_bb( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_96( vector); } @@ -1401,10 +1402,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_39( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_f1( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -1412,7 +1413,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_39( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_94( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_bb( coefficient); } return re; @@ -1426,7 +1427,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa0( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_960( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1478,9 +1479,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_940( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_bb0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa0( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_960( vector); } @@ -1492,10 +1493,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_e1( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_7e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -1503,7 +1504,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_e1( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_940( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_bb0( coefficient); } return re; @@ -1517,9 +1518,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6c( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_c1( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_39(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_f1(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1534,7 +1535,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6( +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_07( __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -1547,9 +1548,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0d(__m256i a, __m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0f(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_07(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1563,7 +1564,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1576,7 +1577,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0d( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0f( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -1594,7 +1595,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_46( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_4d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1613,7 +1614,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_53( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_e4( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1635,7 +1636,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_f7( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_d7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1656,16 +1657,17 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_f7( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_f5( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_1a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1682,21 +1684,21 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_61( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_b6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_46(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_f7(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_f5(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_4d(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_e4(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_d7(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_1a(re); } /** @@ -1713,12 +1715,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_e1( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_51( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1738,9 +1740,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_e1( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6c( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_c1( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_61(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_b6(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1755,7 +1757,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa1( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_961( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1807,9 +1809,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_941( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_bb1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa1( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_961( vector); } @@ -1824,7 +1826,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_4_37( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -1832,7 +1834,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_37( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_941( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_bb1( coefficient); } return re; @@ -1846,7 +1848,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa2( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_962( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1898,9 +1900,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_942( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_bb2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa2( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_962( vector); } @@ -1912,10 +1914,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_9f( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_13( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -1923,7 +1925,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_9f( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_942( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_bb2( re.coefficients[i0]); } return re; @@ -1937,7 +1939,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_69( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_75( Eurydice_slice serialized) { return libcrux_ml_kem_serialize_deserialize_then_decompress_4_37(serialized); } @@ -1971,21 +1973,22 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_69( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_89_04( +libcrux_ml_kem_polynomial_ntt_multiply_d6_51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2012,16 +2015,17 @@ libcrux_ml_kem_polynomial_ntt_multiply_89_04( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_98( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2042,7 +2046,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_bc( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_72( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2069,7 +2073,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_b2( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_0a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2092,7 +2096,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_f2( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2113,13 +2117,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_05(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_93(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_07(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2132,7 +2136,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d3( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2147,7 +2151,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_05( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_93( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2165,37 +2169,38 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cf( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_bc(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_b2(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_f2(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_72(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_0a(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d3(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d3(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d3(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d3(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_f5(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_1a(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_89_b7( +libcrux_ml_kem_polynomial_subtract_reduce_d6_fd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2225,21 +2230,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_d3( +libcrux_ml_kem_matrix_compute_message_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_04(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_d6_51(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_98(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_50(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3a(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_b7(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cf(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_d6_fd(v, result); return result; } @@ -2250,7 +2255,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_6a(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_33(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2264,9 +2269,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_02( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_46( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_6a(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_33(vector); } /** @@ -2277,8 +2282,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_38(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_02(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_0e(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_46(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2292,13 +2297,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_d7( +libcrux_ml_kem_serialize_compress_then_serialize_message_6d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_38( + libcrux_ml_kem_vector_traits_to_unsigned_representative_0e( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); @@ -2347,20 +2352,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_31( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_66( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_e1(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_51(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_69( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_75( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_d3(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_e8(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_d7(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_6d(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2375,11 +2380,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_95(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_36(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_71(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_8f(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2391,7 +2396,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_95(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_31(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_66(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2450,9 +2455,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_d4( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_fe( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_7d(); + return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } /** @@ -2469,10 +2474,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_bc( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c6( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2500,12 +2505,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_2d( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ad( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -2518,7 +2523,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_2d( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_bc( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c6( ring_element); deserialized_pk[i0] = uu____0; } @@ -2528,28 +2533,29 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_2d( } /** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +A monomorphic instance of +libcrux_ml_kem.matrix.sample_matrix_a_out.closure.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_3d(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_7d(); +libcrux_ml_kem_matrix_sample_matrix_a_out_closure_closure_3d(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } /** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_a_out.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_64( +static inline void libcrux_ml_kem_matrix_sample_matrix_a_out_closure_64( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); } } @@ -2864,19 +2870,20 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6b0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_89_82(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_d6_82(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2896,7 +2903,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_sampling_sample_from_xof_closure_86(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_82( + return libcrux_ml_kem_polynomial_from_i16_array_d6_82( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2961,13 +2968,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_29( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_64(i, A_transpose[i]); - } +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_d8( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[3U], + uint8_t seed[34U], bool transpose) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -3003,7 +3006,27 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_29( } } } - memcpy(ret, A_transpose, +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_a_out +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_a_out_8e( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 a[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_matrix_sample_matrix_a_out_closure_64(i, a[i]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[3U] = a; + uint8_t uu____1[34U]; + memcpy(uu____1, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_kem_matrix_sample_matrix_A_d8(uu____0, uu____1, transpose); + memcpy(ret, a, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); } @@ -3021,7 +3044,7 @@ typedef struct tuple_b00_s { /** A monomorphic instance of -libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types +libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -3030,8 +3053,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_1f(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_7d(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_b5(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } /** @@ -3142,7 +3165,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_f2( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ab( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3177,7 +3200,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_f2( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_82( + return libcrux_ml_kem_polynomial_from_i16_array_d6_82( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3189,7 +3212,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_75( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_16( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3223,7 +3246,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_75( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_82( + return libcrux_ml_kem_polynomial_from_i16_array_d6_82( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3235,9 +3258,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_c1( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_f2( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ab( randomness); } @@ -3248,7 +3271,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_2f( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_ed( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3270,20 +3293,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_e1( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_f3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_2f(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_ed(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_46(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_f7(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_f5(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_4d(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_e4(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_d7(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_1a(re); } /** @@ -3299,13 +3322,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); - } +static KRML_MUSTINLINE uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, + uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3323,10 +3343,34 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_c1( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_e1(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_f3(&re_as_ntt[i0]); + } + return domain_separator; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE tuple_b00 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d2( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b( + uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -3350,8 +3394,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_c4(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_7d(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_40(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } /** @@ -3367,11 +3411,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_99(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_1f(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3390,7 +3434,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_99(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_c1( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -3445,22 +3489,23 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_60(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_7d(); +libcrux_ml_kem_matrix_compute_vector_u_closure_a4(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_5d( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_44( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3485,14 +3530,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_9c( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); + result[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3513,12 +3558,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_9c( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_04(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_98(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_d6_51(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_50(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3a(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_5d(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cf(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_d6_44(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3532,7 +3577,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_a5(__m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_f0(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3547,10 +3592,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_c3( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_17( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = @@ -3558,24 +3603,25 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_c3( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_a5(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_f0(coefficient_compressed); } return re; } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_d3( +libcrux_ml_kem_polynomial_add_message_error_reduce_d6_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3606,22 +3652,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_b7( +libcrux_ml_kem_matrix_compute_ring_element_v_07( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_04(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_d6_51(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_98(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_50(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3a(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_d3( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cf(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_3a( error_2, message, result); return result; } @@ -3634,7 +3680,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d8( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_da( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3689,9 +3735,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_31( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_5a( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d8( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_da( vector); } @@ -3703,14 +3749,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_8b( +libcrux_ml_kem_serialize_compress_then_serialize_10_70( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_31( - libcrux_ml_kem_vector_traits_to_unsigned_representative_38( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_5a( + libcrux_ml_kem_vector_traits_to_unsigned_representative_0e( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); @@ -3730,7 +3776,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d80( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_da0( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3785,9 +3831,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_310( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_5a0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d80( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_da0( vector); } @@ -3805,8 +3851,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_0c( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_310( - libcrux_ml_kem_vector_traits_to_unsigned_representative_38( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_5a0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_0e( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); @@ -3827,10 +3873,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_23( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_f3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_8b(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_70(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3847,7 +3893,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_f2( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_46( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3863,7 +3909,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_f2( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_23(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_f3(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3878,7 +3924,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d81( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_da1( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3933,9 +3979,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_311( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_5a1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d81( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_da1( vector); } @@ -3947,14 +3993,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_38( +libcrux_ml_kem_serialize_compress_then_serialize_4_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_311( - libcrux_ml_kem_vector_traits_to_unsigned_representative_38( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_5a1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_0e( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); @@ -3973,7 +4019,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d82( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_da2( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4028,9 +4074,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_312( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_5a2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d82( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_da2( vector); } @@ -4042,14 +4088,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_64( +libcrux_ml_kem_serialize_compress_then_serialize_5_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_312( - libcrux_ml_kem_vector_traits_to_unsigned_representative_38( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_5a2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_0e( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); @@ -4069,9 +4115,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4a( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_12( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_38(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_97(re, out); } /** @@ -4092,12 +4138,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_a6(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_47(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_2d( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ad( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -4105,13 +4151,13 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_a6(Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_29(ret0, false, A); + libcrux_ml_kem_matrix_sample_matrix_a_out_8e(ret0, false, A); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d2( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -4121,7 +4167,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_a6(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_99( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_1f( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4133,29 +4179,29 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_a6(Eurydice_slice public_key, libcrux_ml_kem_hash_functions_avx2_PRF_a9_420( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_c1( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_9c(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_f7(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_c3( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_17( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_b7( + libcrux_ml_kem_matrix_compute_ring_element_v_07( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_f2( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_46( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4a( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_12( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4173,7 +4219,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_d2( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_d5( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -4205,7 +4251,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_3c( +static inline void libcrux_ml_kem_ind_cca_decapsulate_73( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4223,7 +4269,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_3c( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_95(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_36(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4247,7 +4293,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_3c( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_cf(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -4258,18 +4304,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_3c( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a6(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_47(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_d2( + libcrux_ml_kem_variant_kdf_d8_d5( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_d2(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_d8_d5(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_cf(ciphertext), + libcrux_ml_kem_types_as_ref_00_8c(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4302,10 +4348,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_ea( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_9a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_3c(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_73(private_key, ciphertext, ret); } /** @@ -4319,7 +4365,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_ea(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_9a(private_key, ciphertext, ret); } @@ -4334,7 +4380,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_e1( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_43( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4377,11 +4423,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_5d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_e1( + libcrux_ml_kem_variant_entropy_preprocess_d8_43( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4392,7 +4438,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_00(public_key), + libcrux_ml_kem_types_as_slice_cb_23(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4407,20 +4453,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_00(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_23(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a6(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_47(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_e5(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_32(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_d2(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_d5(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4452,14 +4498,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_a4( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_42( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_5d(uu____0, copy_of_randomness); } /** @@ -4477,7 +4523,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_a4( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_42( uu____0, copy_of_randomness); } @@ -4492,7 +4538,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_51( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_9f( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4509,15 +4555,21 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_51( } /** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics - K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_99(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_7d(); +libcrux_ml_kem_ind_cpa_generate_keypair_closure_9d(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } /** @@ -4527,7 +4579,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_8a( +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_a4( __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -4535,24 +4587,25 @@ static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_8a( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_c1( +libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_4a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_8a( + libcrux_ml_kem_vector_traits_to_standard_domain_a4( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, @@ -4570,15 +4623,11 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_6a( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_c2( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); - } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt) { for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4599,17 +4648,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_6a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_04(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_d6_51(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_98(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_d6_50(&t_as_ntt[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_c1( - &result[i1], &error_as_ntt[i1]); + libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_4a( + &t_as_ntt[i1], &error_as_ntt[i1]); } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } /** @@ -4620,14 +4666,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_16( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_95( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_38( + libcrux_ml_kem_vector_traits_to_unsigned_representative_0e( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); @@ -4650,7 +4696,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_fd( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_69( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -4668,7 +4714,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_fd( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_16(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_95(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4687,14 +4733,14 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_77( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_fd(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_69(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4718,9 +4764,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_51(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_3c(Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_51(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_9f(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4729,14 +4775,14 @@ libcrux_ml_kem_ind_cpa_generate_keypair_51(Eurydice_slice key_generation_seed) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_29(ret, true, A_transpose); + libcrux_ml_kem_matrix_sample_matrix_a_out_8e(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e( + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d2( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( @@ -4749,23 +4795,26 @@ libcrux_ml_kem_ind_cpa_generate_keypair_51(Eurydice_slice key_generation_seed) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e(copy_of_prf_input, - domain_separator) + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d2( + copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_6a(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + t_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + } + libcrux_ml_kem_matrix_compute_As_plus_e_c2(t_as_ntt, A_transpose, + secret_as_ntt, error_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, seed_for_A); + unwrap_26_33(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_77( + libcrux_ml_kem_ind_cpa_serialize_public_key_6c( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_fd(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_69(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -4794,7 +4843,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f5( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -4859,7 +4908,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_61(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_e4(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -4868,13 +4917,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_61(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_51(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_3c(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f5( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -4883,13 +4932,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_61(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_9d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_ae(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f6( - uu____2, libcrux_ml_kem_types_from_b6_8c(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_2a( + uu____2, libcrux_ml_kem_types_from_b6_25(copy_of_public_key)); } /** @@ -4908,12 +4957,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_6c( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_55( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_61(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_e4(copy_of_randomness); } /** @@ -4925,7 +4974,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_6c( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_55( copy_of_randomness); } @@ -4941,7 +4990,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_72( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_ae( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -4952,7 +5001,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_72( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_aa(ciphertext), + libcrux_ml_kem_types_as_slice_d4_35(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -4986,7 +5035,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_3c0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_730( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5004,7 +5053,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_3c0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_95(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_36(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5028,7 +5077,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_3c0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_cf(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -5039,18 +5088,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_3c0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a6(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_47(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_72( + libcrux_ml_kem_variant_kdf_33_ae( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_72(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_33_ae(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_cf(ciphertext), + libcrux_ml_kem_types_as_ref_00_8c(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5084,10 +5133,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_ed( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_f4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_3c0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_730(private_key, ciphertext, ret); } /** @@ -5101,7 +5150,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_ed( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_f4( private_key, ciphertext, ret); } @@ -5116,7 +5165,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_7a( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_1a( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_16(randomness, ret); } @@ -5141,11 +5190,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_5d0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_7a( + libcrux_ml_kem_variant_entropy_preprocess_33_1a( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5156,7 +5205,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_00(public_key), + libcrux_ml_kem_types_as_slice_cb_23(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5171,20 +5220,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_00(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_23(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a6(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_47(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_e5(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_32(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_72(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_ae(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5219,14 +5268,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_63( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_af( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_5d0(uu____0, copy_of_randomness); } /** @@ -5244,7 +5293,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_63( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_af( uu____0, copy_of_randomness); } @@ -5259,11 +5308,29 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_2c( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_d0( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G_a9_67(key_generation_seed, ret); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_Kyber +with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cpa_generate_keypair_closure_9d0(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_d6_7d(); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5278,10 +5345,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_510( +libcrux_ml_kem_ind_cpa_generate_keypair_3c0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_2c(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_d0(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5290,14 +5357,14 @@ libcrux_ml_kem_ind_cpa_generate_keypair_510( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_29(ret, true, A_transpose); + libcrux_ml_kem_matrix_sample_matrix_a_out_8e(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e( + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d2( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( @@ -5310,23 +5377,26 @@ libcrux_ml_kem_ind_cpa_generate_keypair_510( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e(copy_of_prf_input, - domain_separator) + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d2( + copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_6a(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + t_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + } + libcrux_ml_kem_matrix_compute_As_plus_e_c2(t_as_ntt, A_transpose, + secret_as_ntt, error_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, seed_for_A); + unwrap_26_33(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_77( + libcrux_ml_kem_ind_cpa_serialize_public_key_6c( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_fd(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_69(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5367,7 +5437,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_610(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_e40(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5376,13 +5446,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_610(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_510(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_3c0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f5( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5391,13 +5461,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_610(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_9d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_ae(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f6( - uu____2, libcrux_ml_kem_types_from_b6_8c(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_2a( + uu____2, libcrux_ml_kem_types_from_b6_25(copy_of_public_key)); } /** @@ -5414,12 +5484,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_35( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_f8( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_610(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_e40(copy_of_randomness); } /** @@ -5431,7 +5501,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_35( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_f8( copy_of_randomness); } @@ -5451,7 +5521,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_8e( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_ad( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -5480,10 +5550,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_09( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_ed( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_8e(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_ad(private_key, ciphertext); } @@ -5496,7 +5566,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_09( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_ed( private_key, ciphertext); } @@ -5509,9 +5579,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_d40( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_fe0( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_7d(); + return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } /** @@ -5529,12 +5599,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_2d0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ad0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -5547,7 +5617,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_2d0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_bc( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c6( ring_element); deserialized_pk[i0] = uu____0; } @@ -5572,16 +5642,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_8e( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_fe( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_2d0( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ad0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_77( + libcrux_ml_kem_ind_cpa_serialize_public_key_6c( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -5603,9 +5673,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_87( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_47( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_8e(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_fe(public_key); } /** @@ -5616,19 +5686,817 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_87( KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_87( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_47( public_key->value); } /** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; + +typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked; + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { - return self[0U]; +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_53( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d2( + copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_1f( + copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_420( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_c1( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; + libcrux_ml_kem_matrix_compute_vector_u_f7(public_key->A, r_as_ntt, error_1, + u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message_17( + copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + libcrux_ml_kem_matrix_compute_ring_element_v_07( + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_46( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_12( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_a3( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_66( + &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_42( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t); + Eurydice_slice_copy( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t), + uint8_t); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_67( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_420( + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + uint8_t); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_53( + uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + Unpacked decapsulate +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.decapsulate with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_33( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_unpacked_decapsulate_a3(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_33( + private_key, ciphertext, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_bd( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_42( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_67( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = + &public_key->ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_53(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_01_32(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** + Unpacked encapsulate +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.encapsulate with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_16( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = + public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_bd(uu____0, + copy_of_randomness); +} + +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = + public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_16( + uu____0, copy_of_randomness); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_08( + Eurydice_slice key_generation_seed, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { + uint8_t hashed[64U]; + libcrux_ml_kem_variant_cpa_keygen_seed_d8_9f(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[3U] = + public_key->A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A_d8(uu____1, ret, true); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 = + private_key->secret_as_ntt; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t domain_separator = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b( + uu____2, copy_of_prf_input0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d2( + copy_of_prf_input, domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_matrix_compute_As_plus_e_c2( + public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, + error_as_ntt); + uint8_t uu____5[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair.closure.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_0e(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_d6_7d(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_21( + size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + } +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@2])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_17 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_clone_17_16( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + __m256i ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, __m256i, void *); + memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_a1( + uint8_t randomness[64U], + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_08( + ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, + &out->public_key.ind_cpa_public_key); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_21(i, A[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_polynomial_clone_17_16( + &out->public_key.ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____0; + } + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + memcpy(out->public_key.ind_cpa_public_key.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t pk_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_6c( + out->public_key.ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice( + (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), + pk_serialized); + uint8_t uu____2[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_16( + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), uu____2); + memcpy(out->public_key.public_key_hash, uu____2, + (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, + uint8_t[32U]); + unwrap_26_33(dst, uu____3); + memcpy(out->private_key.implicit_rejection_value, uu____3, + (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.generate_keypair with const +generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_81( + uint8_t randomness[64U], + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_a1(copy_of_randomness, out); +} + +/** + Generate ML-KEM 768 Key Pair in "unpacked" form. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( + uint8_t randomness[64U], + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_81( + copy_of_randomness, key_pair); +} + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_53 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked + libcrux_ml_kem_ind_cca_unpacked_default_53_1a(void) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____0; + uu____0.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + uu____0.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + uu____0.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____1; + uu____1.ind_cpa_private_key = uu____0; + uu____1.implicit_rejection_value[0U] = 0U; + uu____1.implicit_rejection_value[1U] = 0U; + uu____1.implicit_rejection_value[2U] = 0U; + uu____1.implicit_rejection_value[3U] = 0U; + uu____1.implicit_rejection_value[4U] = 0U; + uu____1.implicit_rejection_value[5U] = 0U; + uu____1.implicit_rejection_value[6U] = 0U; + uu____1.implicit_rejection_value[7U] = 0U; + uu____1.implicit_rejection_value[8U] = 0U; + uu____1.implicit_rejection_value[9U] = 0U; + uu____1.implicit_rejection_value[10U] = 0U; + uu____1.implicit_rejection_value[11U] = 0U; + uu____1.implicit_rejection_value[12U] = 0U; + uu____1.implicit_rejection_value[13U] = 0U; + uu____1.implicit_rejection_value[14U] = 0U; + uu____1.implicit_rejection_value[15U] = 0U; + uu____1.implicit_rejection_value[16U] = 0U; + uu____1.implicit_rejection_value[17U] = 0U; + uu____1.implicit_rejection_value[18U] = 0U; + uu____1.implicit_rejection_value[19U] = 0U; + uu____1.implicit_rejection_value[20U] = 0U; + uu____1.implicit_rejection_value[21U] = 0U; + uu____1.implicit_rejection_value[22U] = 0U; + uu____1.implicit_rejection_value[23U] = 0U; + uu____1.implicit_rejection_value[24U] = 0U; + uu____1.implicit_rejection_value[25U] = 0U; + uu____1.implicit_rejection_value[26U] = 0U; + uu____1.implicit_rejection_value[27U] = 0U; + uu____1.implicit_rejection_value[28U] = 0U; + uu____1.implicit_rejection_value[29U] = 0U; + uu____1.implicit_rejection_value[30U] = 0U; + uu____1.implicit_rejection_value[31U] = 0U; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + uu____2[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + } + uint8_t uu____3[32U] = {0U}; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____4; + memcpy( + uu____4.t_as_ntt, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(uu____4.seed_for_A, uu____3, (size_t)32U * sizeof(uint8_t)); + uu____4.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + uu____4.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + uu____4.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + uu____4.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + uu____4.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + uu____4.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + uu____4.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + uu____4.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + uu____4.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked lit; + lit.private_key = uu____1; + lit.public_key.ind_cpa_public_key = uu____4; + lit.public_key.public_key_hash[0U] = 0U; + lit.public_key.public_key_hash[1U] = 0U; + lit.public_key.public_key_hash[2U] = 0U; + lit.public_key.public_key_hash[3U] = 0U; + lit.public_key.public_key_hash[4U] = 0U; + lit.public_key.public_key_hash[5U] = 0U; + lit.public_key.public_key_hash[6U] = 0U; + lit.public_key.public_key_hash[7U] = 0U; + lit.public_key.public_key_hash[8U] = 0U; + lit.public_key.public_key_hash[9U] = 0U; + lit.public_key.public_key_hash[10U] = 0U; + lit.public_key.public_key_hash[11U] = 0U; + lit.public_key.public_key_hash[12U] = 0U; + lit.public_key.public_key_hash[13U] = 0U; + lit.public_key.public_key_hash[14U] = 0U; + lit.public_key.public_key_hash[15U] = 0U; + lit.public_key.public_key_hash[16U] = 0U; + lit.public_key.public_key_hash[17U] = 0U; + lit.public_key.public_key_hash[18U] = 0U; + lit.public_key.public_key_hash[19U] = 0U; + lit.public_key.public_key_hash[20U] = 0U; + lit.public_key.public_key_hash[21U] = 0U; + lit.public_key.public_key_hash[22U] = 0U; + lit.public_key.public_key_hash[23U] = 0U; + lit.public_key.public_key_hash[24U] = 0U; + lit.public_key.public_key_hash[25U] = 0U; + lit.public_key.public_key_hash[26U] = 0U; + lit.public_key.public_key_hash[27U] = 0U; + lit.public_key.public_key_hash[28U] = 0U; + lit.public_key.public_key_hash[29U] = 0U; + lit.public_key.public_key_hash[30U] = 0U; + lit.public_key.public_key_hash[31U] = 0U; + return lit; +} + +/** + Create a new, empty unpacked key. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked +libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { + return libcrux_ml_kem_ind_cca_unpacked_default_53_1a(); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { + return self[0U]; +} + +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 034a42c5a..02004f0ee 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 + * Eurydice: 36ae22046856004fa274a38d29b1697974017344 + * Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 76a08da6b710a8d725d134bc5dfe88f4b9712ad5 */ #ifndef __libcrux_mlkem768_portable_H @@ -114,7 +114,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - unwrap_41_30(dst, ret); + unwrap_26_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -1039,17 +1039,17 @@ libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { Option_b3 uu____0 = - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3); - if (!(uu____0.tag == None)) { + if (uu____0.tag == None) { + return v; + } else { size_t i = uu____0.f0; if (v.elements[i] >= (int16_t)3329) { size_t uu____1 = i; v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; } - continue; } - return v; } } @@ -2417,16 +2417,17 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_89_19(void) { +libcrux_ml_kem_polynomial_ZERO_d6_19(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2454,8 +2455,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_fe(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_19(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_aa(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_d6_19(); } /** @@ -2465,10 +2466,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8d( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_11( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2490,12 +2491,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_34( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_13( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2508,7 +2509,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_34( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8d( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_11( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2536,8 +2537,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_bb(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_19(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_bc(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_d6_19(); } /** @@ -2547,7 +2548,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_86( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_5a( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2572,9 +2573,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_98( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_86( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_5a( v); } @@ -2585,10 +2586,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_59( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_6c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -2597,7 +2598,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_59( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_98( coefficient); re.coefficients[i0] = uu____0; } @@ -2611,7 +2612,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_860( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_5a0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2636,9 +2637,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c0( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_980( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_860( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_5a0( v); } @@ -2649,10 +2650,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_f3( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_96( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2661,7 +2662,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_f3( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c0( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_980( coefficient); re.coefficients[i0] = uu____0; } @@ -2675,9 +2676,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ca( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_e8( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_59(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_6c(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2692,7 +2693,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_b1( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_64( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2706,12 +2707,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_96( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_2a( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_b1(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_64(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2725,7 +2726,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_f8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2738,7 +2739,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_96( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_2a( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2755,7 +2756,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_38( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_18( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2775,7 +2776,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_6d( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_c6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2797,7 +2798,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_0b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_23( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2819,15 +2820,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_0b( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_62( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_fb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2845,21 +2847,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_22( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_38(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_6d(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_0b(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_62(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_18(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_c6(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_23(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_fb(re); } /** @@ -2875,12 +2877,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_56( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_37( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2900,9 +2902,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_56( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ca( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_e8( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_22(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_11(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2916,7 +2918,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_861( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_5a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2941,9 +2943,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c1( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_981( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_861( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_5a1( v); } @@ -2954,10 +2956,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_30( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_b6( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -2966,7 +2968,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_30( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c1( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_981( coefficient); re.coefficients[i0] = uu____0; } @@ -2980,7 +2982,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_862( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_5a2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3005,9 +3007,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c2( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_982( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_862( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_5a2( v); } @@ -3018,10 +3020,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_d9( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_1e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3030,7 +3032,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_d9( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c2( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_982( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3044,9 +3046,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_83( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e8( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_30(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_b6(serialized); } /** @@ -3078,20 +3080,21 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_83( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_89_58( +libcrux_ml_kem_polynomial_ntt_multiply_d6_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3120,15 +3123,16 @@ libcrux_ml_kem_polynomial_ntt_multiply_89_58( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_88( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_af( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3152,7 +3156,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ed( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_b5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3178,7 +3182,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_8b( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_30( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3200,7 +3204,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_e0( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_b5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3222,7 +3226,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_da( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_91( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3230,7 +3234,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_b1(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_64(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3258,7 +3262,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_da( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_91( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3275,13 +3279,13 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d1( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ed(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_8b(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_e0(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_b5(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_30(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_b5(&zeta_i, re, (size_t)3U); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3(&zeta_i, re, (size_t)4U); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3(&zeta_i, re, @@ -3290,21 +3294,22 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d1( (size_t)6U); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_62(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_fb(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_ea( +libcrux_ml_kem_polynomial_subtract_reduce_d6_0b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3336,21 +3341,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_72( +libcrux_ml_kem_matrix_compute_message_68( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_58(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_d6_7e(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_88(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_af(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d1(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_ea(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_11(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_d6_0b(v, result); return result; } @@ -3360,7 +3365,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_0f( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_3f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3380,9 +3385,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_1e( +libcrux_ml_kem_vector_portable_shift_right_0d_fa( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_0f(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_3f(v); } /** @@ -3392,10 +3397,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( +libcrux_ml_kem_vector_traits_to_unsigned_representative_eb( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_1e(a); + libcrux_ml_kem_vector_portable_shift_right_0d_fa(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3409,13 +3414,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_d8( +libcrux_ml_kem_serialize_compress_then_serialize_message_15( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( + libcrux_ml_kem_vector_traits_to_unsigned_representative_eb( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3465,20 +3470,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_1b( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_3a( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_56(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_37(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_83( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e8( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_72(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_68(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_d8(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_15(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3492,11 +3497,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_b1(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_60(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_34(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_13(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3508,7 +3513,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_b1(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_1b(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_3a(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3563,9 +3568,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_fc( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_e1( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_19(); + return libcrux_ml_kem_polynomial_ZERO_d6_19(); } /** @@ -3581,10 +3586,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_5e( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3613,12 +3618,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_60( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -3631,7 +3636,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_60( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_5e( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8e( ring_element); deserialized_pk[i0] = uu____0; } @@ -3641,28 +3646,29 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_60( } /** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +A monomorphic instance of +libcrux_ml_kem.matrix.sample_matrix_a_out.closure.closure with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_25(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_19(); +libcrux_ml_kem_matrix_sample_matrix_a_out_closure_closure_25(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_d6_19(); } /** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_a_out.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_8e( +static inline void libcrux_ml_kem_matrix_sample_matrix_a_out_closure_8e( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); } } @@ -3968,18 +3974,19 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9b0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_89_4e(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_d6_4e(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -4001,7 +4008,7 @@ generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_sampling_sample_from_xof_closure_97(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_4e( + return libcrux_ml_kem_polynomial_from_i16_array_d6_4e( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4066,13 +4073,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_3c( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_8e(i, A_transpose[i]); - } +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_30( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[3U], + uint8_t seed[34U], bool transpose) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4108,7 +4111,27 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_3c( } } } - memcpy(ret, A_transpose, +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_a_out +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_a_out_24( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 a[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_matrix_sample_matrix_a_out_closure_8e(i, a[i]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[3U] = a; + uint8_t uu____1[34U]; + memcpy(uu____1, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_kem_matrix_sample_matrix_A_30(uu____0, uu____1, transpose); + memcpy(ret, a, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); } @@ -4126,7 +4149,7 @@ typedef struct tuple_b0_s { /** A monomorphic instance of -libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types +libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -4135,8 +4158,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_0a(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_19(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_2f(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_d6_19(); } /** @@ -4228,7 +4251,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_f0( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_0d( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4263,7 +4286,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_f0( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_4e( + return libcrux_ml_kem_polynomial_from_i16_array_d6_4e( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4274,7 +4297,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_77( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_b0( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4308,7 +4331,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_77( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_4e( + return libcrux_ml_kem_polynomial_from_i16_array_d6_4e( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4319,9 +4342,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_63( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_f0( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_0d( randomness); } @@ -4331,7 +4354,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_ca( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_53( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4354,20 +4377,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_c4( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_ca(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_53(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_38(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_6d(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_0b(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_62(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_18(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_c6(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_23(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_fb(re); } /** @@ -4383,13 +4406,10 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); - } +static KRML_MUSTINLINE uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_41( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, + uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4407,10 +4427,34 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_63( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_c4(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_93(&re_as_ntt[i0]); + } + return domain_separator; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b0 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cf( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_41( + uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -4434,8 +4478,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_97(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_19(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_8e(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_d6_19(); } /** @@ -4451,11 +4495,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_54(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_7d(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4474,7 +4518,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_54(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_63( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -4526,21 +4570,22 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_f1(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_19(); +libcrux_ml_kem_matrix_compute_vector_u_closure_76(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_d6_19(); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_aa( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_29( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4567,14 +4612,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_62( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_af( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); + result[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4595,12 +4640,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_62( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_58(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_88(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_d6_7e(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_af(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d1(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_aa(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_11(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_d6_29(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4614,7 +4659,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_97( +libcrux_ml_kem_vector_traits_decompress_1_d9( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4629,10 +4674,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_57( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_94( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4642,7 +4687,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_57( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_97(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_d9(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4650,16 +4695,17 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_57( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_7e( +libcrux_ml_kem_polynomial_add_message_error_reduce_d6_e4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4692,22 +4738,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_2f( +libcrux_ml_kem_matrix_compute_ring_element_v_45( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_58(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_d6_7e(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_88(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_af(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d1(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_7e( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_11(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_e4( error_2, message, result); return result; } @@ -4718,7 +4764,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_53( +libcrux_ml_kem_vector_portable_compress_compress_1c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4741,9 +4787,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_fd( +libcrux_ml_kem_vector_portable_compress_0d_55( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_53(v); + return libcrux_ml_kem_vector_portable_compress_compress_1c(v); } /** @@ -4753,15 +4799,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_43( +libcrux_ml_kem_serialize_compress_then_serialize_10_92( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_fd( - libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( + libcrux_ml_kem_vector_portable_compress_0d_55( + libcrux_ml_kem_vector_traits_to_unsigned_representative_eb( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4779,7 +4825,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_530( +libcrux_ml_kem_vector_portable_compress_compress_1c0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4802,9 +4848,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_fd0( +libcrux_ml_kem_vector_portable_compress_0d_550( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_530(v); + return libcrux_ml_kem_vector_portable_compress_compress_1c0(v); } /** @@ -4814,15 +4860,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_f7( +libcrux_ml_kem_serialize_compress_then_serialize_11_08( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_fd0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( + libcrux_ml_kem_vector_portable_compress_0d_550( + libcrux_ml_kem_vector_traits_to_unsigned_representative_eb( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4842,10 +4888,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_9c( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_43(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_92(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4861,7 +4907,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_bb( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4877,7 +4923,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_bb( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_9c(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_55(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4890,7 +4936,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_531( +libcrux_ml_kem_vector_portable_compress_compress_1c1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4913,9 +4959,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_fd1( +libcrux_ml_kem_vector_portable_compress_0d_551( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_531(v); + return libcrux_ml_kem_vector_portable_compress_compress_1c1(v); } /** @@ -4925,15 +4971,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_12( +libcrux_ml_kem_serialize_compress_then_serialize_4_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_fd1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( + libcrux_ml_kem_vector_portable_compress_0d_551( + libcrux_ml_kem_vector_traits_to_unsigned_representative_eb( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4950,7 +4996,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_532( +libcrux_ml_kem_vector_portable_compress_compress_1c2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4973,9 +5019,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_fd2( +libcrux_ml_kem_vector_portable_compress_0d_552( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_532(v); + return libcrux_ml_kem_vector_portable_compress_compress_1c2(v); } /** @@ -4985,15 +5031,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_cb( +libcrux_ml_kem_serialize_compress_then_serialize_5_9e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_fd2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( + libcrux_ml_kem_vector_portable_compress_0d_552( + libcrux_ml_kem_vector_traits_to_unsigned_representative_eb( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -5012,9 +5058,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3b( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_b6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_12(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_f0(re, out); } /** @@ -5035,12 +5081,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_d8(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_48(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_60( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e0( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -5048,13 +5094,13 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_d8(Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_3c(ret0, false, A); + libcrux_ml_kem_matrix_sample_matrix_a_out_24(ret0, false, A); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cf( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -5064,7 +5110,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_d8(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_54( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_7d( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5076,29 +5122,29 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_d8(Eurydice_slice public_key, libcrux_ml_kem_hash_functions_portable_PRF_f1_9d0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_63( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_62(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_af(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_57( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_94( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_2f( + libcrux_ml_kem_matrix_compute_ring_element_v_45( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_bb( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3b( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3b( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_b6( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5115,7 +5161,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_97( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_ee( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -5146,7 +5192,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( +static inline void libcrux_ml_kem_ind_cca_decapsulate_24( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5164,7 +5210,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_60(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5188,7 +5234,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_cf(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -5199,18 +5245,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_d8(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_48(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_97( + libcrux_ml_kem_variant_kdf_d8_ee( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_97(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_d8_ee(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_cf(ciphertext), + libcrux_ml_kem_types_as_ref_00_8c(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5243,10 +5289,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b0( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_82( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a6(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_24(private_key, ciphertext, ret); } /** @@ -5259,7 +5305,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b0( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b0( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_82( private_key, ciphertext, ret); } @@ -5273,7 +5319,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_2b( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_3d( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5314,11 +5360,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_05( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_2b( + libcrux_ml_kem_variant_entropy_preprocess_d8_3d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5329,7 +5375,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_00(public_key), + libcrux_ml_kem_types_as_slice_cb_23(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5344,20 +5390,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_00(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_23(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_d8(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_48(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_e5(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_32(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_97(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_ee(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5388,14 +5434,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_80( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_45( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_23(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_05(uu____0, copy_of_randomness); } /** @@ -5412,7 +5458,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_80( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_45( uu____0, copy_of_randomness); } @@ -5426,7 +5472,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_0a( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_0b( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -5443,14 +5489,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_0a( } /** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair.closure +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_e7(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_19(); +libcrux_ml_kem_ind_cpa_generate_keypair_closure_84(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_d6_19(); } /** @@ -5460,7 +5512,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_97( +libcrux_ml_kem_vector_traits_to_standard_domain_18( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5468,16 +5520,17 @@ libcrux_ml_kem_vector_traits_to_standard_domain_97( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_82( +libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5485,7 +5538,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_82( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_97( + libcrux_ml_kem_vector_traits_to_standard_domain_18( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5504,15 +5557,11 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_c8( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_19( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); - } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt) { for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5533,17 +5582,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_c8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_58(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_d6_7e(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_88(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_d6_af(&t_as_ntt[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_82( - &result[i1], &error_as_ntt[i1]); + libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_f7( + &t_as_ntt[i1], &error_as_ntt[i1]); } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** @@ -5553,14 +5599,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_47( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_54( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( + libcrux_ml_kem_vector_traits_to_unsigned_representative_eb( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5582,7 +5628,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_6c( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_66( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5600,7 +5646,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_6c( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_47(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_54(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5618,14 +5664,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_5d( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_6c(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_66(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5648,9 +5694,9 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_02(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_74(Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_0a(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_0b(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5659,14 +5705,14 @@ libcrux_ml_kem_ind_cpa_generate_keypair_02(Eurydice_slice key_generation_seed) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_3c(ret, true, A_transpose); + libcrux_ml_kem_matrix_sample_matrix_a_out_24(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce( + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cf( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( @@ -5679,23 +5725,26 @@ libcrux_ml_kem_ind_cpa_generate_keypair_02(Eurydice_slice key_generation_seed) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce(copy_of_prf_input, - domain_separator) + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cf( + copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_c8(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + t_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + } + libcrux_ml_kem_matrix_compute_As_plus_e_19(t_as_ntt, A_transpose, + secret_as_ntt, error_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, seed_for_A); + unwrap_26_33(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_5d( + libcrux_ml_kem_ind_cpa_serialize_public_key_3c( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_6c(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_66(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5723,7 +5772,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_4d( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5787,7 +5836,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d4(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_31(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5796,13 +5845,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d4(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_02(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_74(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5a( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_4d( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5811,13 +5860,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d4(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_9d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_ae(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f6( - uu____2, libcrux_ml_kem_types_from_b6_8c(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_2a( + uu____2, libcrux_ml_kem_types_from_b6_25(copy_of_public_key)); } /** @@ -5836,12 +5885,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_63( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_0f( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_d4(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_31(copy_of_randomness); } /** @@ -5852,7 +5901,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_63( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_0f( copy_of_randomness); } @@ -5867,7 +5916,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_bc( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_5f( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5878,7 +5927,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_bc( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_aa(ciphertext), + libcrux_ml_kem_types_as_slice_d4_35(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -5911,7 +5960,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( +static inline void libcrux_ml_kem_ind_cca_decapsulate_240( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5929,7 +5978,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_60(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5953,7 +6002,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_cf(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -5964,18 +6013,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_d8(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_48(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_bc( + libcrux_ml_kem_variant_kdf_33_5f( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_bc(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_33_5f(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_cf(ciphertext), + libcrux_ml_kem_types_as_ref_00_8c(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6009,10 +6058,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_46( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_27( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a60(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_240(private_key, ciphertext, ret); } /** @@ -6025,7 +6074,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_46( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_46( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_27( private_key, ciphertext, ret); } @@ -6039,7 +6088,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_38( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_1f( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_c6(randomness, ret); } @@ -6063,11 +6112,11 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_230( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_050( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_38( + libcrux_ml_kem_variant_entropy_preprocess_33_1f( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6078,7 +6127,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_230( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_00(public_key), + libcrux_ml_kem_types_as_slice_cb_23(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6093,20 +6142,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_230( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_00(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_23(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_d8(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_48(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_e5(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_32(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_bc(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_5f(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6141,14 +6190,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_f5( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_bb( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_230(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_050(uu____0, copy_of_randomness); } /** @@ -6165,7 +6214,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_f5( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_bb( uu____0, copy_of_randomness); } @@ -6179,11 +6228,28 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_9c( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_36( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G_f1_07(key_generation_seed, ret); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair.closure +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_Kyber with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 +libcrux_ml_kem_ind_cpa_generate_keypair_closure_840(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_d6_19(); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6197,10 +6263,10 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_020( +libcrux_ml_kem_ind_cpa_generate_keypair_740( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_9c(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_36(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6209,14 +6275,14 @@ libcrux_ml_kem_ind_cpa_generate_keypair_020( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_3c(ret, true, A_transpose); + libcrux_ml_kem_matrix_sample_matrix_a_out_24(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce( + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cf( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( @@ -6229,23 +6295,26 @@ libcrux_ml_kem_ind_cpa_generate_keypair_020( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce(copy_of_prf_input, - domain_separator) + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cf( + copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_c8(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + t_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + } + libcrux_ml_kem_matrix_compute_As_plus_e_19(t_as_ntt, A_transpose, + secret_as_ntt, error_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, seed_for_A); + unwrap_26_33(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_5d( + libcrux_ml_kem_ind_cpa_serialize_public_key_3c( t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_6c(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_66(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6285,7 +6354,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d40(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_310(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6294,13 +6363,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d40(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_020(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_740(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5a( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_4d( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6309,13 +6378,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d40(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_9d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_ae(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f6( - uu____2, libcrux_ml_kem_types_from_b6_8c(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_2a( + uu____2, libcrux_ml_kem_types_from_b6_25(copy_of_public_key)); } /** @@ -6331,12 +6400,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_8d( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_0f( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_d40(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_310(copy_of_randomness); } /** @@ -6348,7 +6417,7 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_8d( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_0f( copy_of_randomness); } @@ -6367,7 +6436,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_3d( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_2e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -6395,10 +6464,10 @@ generics - CIPHERTEXT_SIZE= 1088 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_58( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_67( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_3d(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_2e(private_key, ciphertext); } @@ -6410,7 +6479,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_58( static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_58( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_67( private_key, ciphertext); } @@ -6422,9 +6491,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_fc0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_e10( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_19(); + return libcrux_ml_kem_polynomial_ZERO_d6_19(); } /** @@ -6441,12 +6510,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_600( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e00( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -6459,7 +6528,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_600( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_5e( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8e( ring_element); deserialized_pk[i0] = uu____0; } @@ -6483,16 +6552,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_45( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_8b( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_600( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e00( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_5d( + libcrux_ml_kem_ind_cpa_serialize_public_key_3c( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6513,9 +6582,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_ec( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_57( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_45(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_8b(public_key); } /** @@ -6525,10 +6594,805 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_ec( */ static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_ec( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_57( public_key->value); } +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; + +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; + +typedef struct + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; +} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_78( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cf( + copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator0 = uu____1.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_7d( + copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_portable_PRF_f1_9d0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; + libcrux_ml_kem_matrix_compute_vector_u_af(public_key->A, r_as_ntt, error_1, + u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message_94( + copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = + libcrux_ml_kem_matrix_compute_ring_element_v_45( + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3b( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_b6( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_7d( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_3a( + &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_42( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t); + Eurydice_slice_copy( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t), + uint8_t); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable_G_f1_07( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_420( + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + uint8_t); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_78( + uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + Unpacked decapsulate +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.decapsulate with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +static inline void +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_34( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_unpacked_decapsulate_7d(key_pair, ciphertext, ret); +} + +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ +static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_34( + private_key, ciphertext, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_e9( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_42( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable_G_f1_07( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = + &public_key->ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_78(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_01_32(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** + Unpacked encapsulate +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.encapsulate with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline tuple_3c +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_c0( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = + public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_e9(uu____0, + copy_of_randomness); +} + +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ +static inline tuple_3c libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = + public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_c0( + uu____0, copy_of_randomness); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_09( + Eurydice_slice key_generation_seed, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { + uint8_t hashed[64U]; + libcrux_ml_kem_variant_cpa_keygen_seed_d8_0b(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[3U] = + public_key->A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A_30(uu____1, ret, true); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 = + private_key->secret_as_ntt; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t domain_separator = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_41( + uu____2, copy_of_prf_input0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cf( + copy_of_prf_input, domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_matrix_compute_As_plus_e_19( + public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, + error_as_ntt); + uint8_t uu____5[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair.closure.closure with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_a5(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_d6_19(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair.closure with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_07( + size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + } +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@2])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_17 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 +libcrux_ml_kem_polynomial_clone_17_06( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; + libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, + libcrux_ml_kem_vector_portable_vector_type_PortableVector, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * + sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_2b( + uint8_t randomness[64U], + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_09( + ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, + &out->public_key.ind_cpa_public_key); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_07(i, A[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + libcrux_ml_kem_polynomial_clone_17_06( + &out->public_key.ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____0; + } + } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); + memcpy(out->public_key.ind_cpa_public_key.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); + uint8_t pk_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_3c( + out->public_key.ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice( + (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), + pk_serialized); + uint8_t uu____2[32U]; + libcrux_ml_kem_hash_functions_portable_H_f1_c6( + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), uu____2); + memcpy(out->public_key.public_key_hash, uu____2, + (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, + uint8_t[32U]); + unwrap_26_33(dst, uu____3); + memcpy(out->private_key.implicit_rejection_value, uu____3, + (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.generate_keypair with +const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline void +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_9d( + uint8_t randomness[64U], + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_2b(copy_of_randomness, out); +} + +/** + Generate ML-KEM 768 Key Pair in "unpacked" form. +*/ +static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( + uint8_t randomness[64U], + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + *key_pair) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_9d( + copy_of_randomness, key_pair); +} + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_53 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + libcrux_ml_kem_ind_cca_unpacked_default_53_10(void) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____0; + uu____0.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + uu____0.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + uu____0.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____1; + uu____1.ind_cpa_private_key = uu____0; + uu____1.implicit_rejection_value[0U] = 0U; + uu____1.implicit_rejection_value[1U] = 0U; + uu____1.implicit_rejection_value[2U] = 0U; + uu____1.implicit_rejection_value[3U] = 0U; + uu____1.implicit_rejection_value[4U] = 0U; + uu____1.implicit_rejection_value[5U] = 0U; + uu____1.implicit_rejection_value[6U] = 0U; + uu____1.implicit_rejection_value[7U] = 0U; + uu____1.implicit_rejection_value[8U] = 0U; + uu____1.implicit_rejection_value[9U] = 0U; + uu____1.implicit_rejection_value[10U] = 0U; + uu____1.implicit_rejection_value[11U] = 0U; + uu____1.implicit_rejection_value[12U] = 0U; + uu____1.implicit_rejection_value[13U] = 0U; + uu____1.implicit_rejection_value[14U] = 0U; + uu____1.implicit_rejection_value[15U] = 0U; + uu____1.implicit_rejection_value[16U] = 0U; + uu____1.implicit_rejection_value[17U] = 0U; + uu____1.implicit_rejection_value[18U] = 0U; + uu____1.implicit_rejection_value[19U] = 0U; + uu____1.implicit_rejection_value[20U] = 0U; + uu____1.implicit_rejection_value[21U] = 0U; + uu____1.implicit_rejection_value[22U] = 0U; + uu____1.implicit_rejection_value[23U] = 0U; + uu____1.implicit_rejection_value[24U] = 0U; + uu____1.implicit_rejection_value[25U] = 0U; + uu____1.implicit_rejection_value[26U] = 0U; + uu____1.implicit_rejection_value[27U] = 0U; + uu____1.implicit_rejection_value[28U] = 0U; + uu____1.implicit_rejection_value[29U] = 0U; + uu____1.implicit_rejection_value[30U] = 0U; + uu____1.implicit_rejection_value[31U] = 0U; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + uu____2[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + } + uint8_t uu____3[32U] = {0U}; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____4; + memcpy( + uu____4.t_as_ntt, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy(uu____4.seed_for_A, uu____3, (size_t)32U * sizeof(uint8_t)); + uu____4.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + uu____4.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + uu____4.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + uu____4.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + uu____4.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + uu____4.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + uu____4.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + uu____4.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + uu____4.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked lit; + lit.private_key = uu____1; + lit.public_key.ind_cpa_public_key = uu____4; + lit.public_key.public_key_hash[0U] = 0U; + lit.public_key.public_key_hash[1U] = 0U; + lit.public_key.public_key_hash[2U] = 0U; + lit.public_key.public_key_hash[3U] = 0U; + lit.public_key.public_key_hash[4U] = 0U; + lit.public_key.public_key_hash[5U] = 0U; + lit.public_key.public_key_hash[6U] = 0U; + lit.public_key.public_key_hash[7U] = 0U; + lit.public_key.public_key_hash[8U] = 0U; + lit.public_key.public_key_hash[9U] = 0U; + lit.public_key.public_key_hash[10U] = 0U; + lit.public_key.public_key_hash[11U] = 0U; + lit.public_key.public_key_hash[12U] = 0U; + lit.public_key.public_key_hash[13U] = 0U; + lit.public_key.public_key_hash[14U] = 0U; + lit.public_key.public_key_hash[15U] = 0U; + lit.public_key.public_key_hash[16U] = 0U; + lit.public_key.public_key_hash[17U] = 0U; + lit.public_key.public_key_hash[18U] = 0U; + lit.public_key.public_key_hash[19U] = 0U; + lit.public_key.public_key_hash[20U] = 0U; + lit.public_key.public_key_hash[21U] = 0U; + lit.public_key.public_key_hash[22U] = 0U; + lit.public_key.public_key_hash[23U] = 0U; + lit.public_key.public_key_hash[24U] = 0U; + lit.public_key.public_key_hash[25U] = 0U; + lit.public_key.public_key_hash[26U] = 0U; + lit.public_key.public_key_hash[27U] = 0U; + lit.public_key.public_key_hash[28U] = 0U; + lit.public_key.public_key_hash[29U] = 0U; + lit.public_key.public_key_hash[30U] = 0U; + lit.public_key.public_key_hash[31U] = 0U; + return lit; +} + +/** + Create a new, empty unpacked key. +*/ +static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked +libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { + return libcrux_ml_kem_ind_cca_unpacked_default_53_10(); +} + /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 24805a174..54a84b3ce 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 + * Eurydice: 36ae22046856004fa274a38d29b1697974017344 + * Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 76a08da6b710a8d725d134bc5dfe88f4b9712ad5 */ #ifndef __libcrux_sha3_avx2_H @@ -212,17 +212,17 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types core_core_arch_x86___m256i with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -libcrux_sha3_generic_keccak_new_1e_71(void) { +libcrux_sha3_generic_keccak_new_89_71(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); @@ -1964,7 +1964,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_1e_71(); + libcrux_sha3_generic_keccak_new_89_71(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2005,7 +2005,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2048,7 +2048,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_29 KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return libcrux_sha3_generic_keccak_new_1e_71(); + return libcrux_sha3_generic_keccak_new_89_71(); } /** diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 564fcb92e..193ef332c 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 + * Eurydice: 36ae22046856004fa274a38d29b1697974017344 + * Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 76a08da6b710a8d725d134bc5dfe88f4b9712ad5 */ #ifndef __libcrux_sha3_portable_H @@ -192,16 +192,16 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_cf(void) { +libcrux_sha3_generic_keccak_new_89_cf(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1582,7 +1582,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -1623,7 +1623,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -1684,7 +1684,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1941,7 +1941,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1982,7 +1982,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2069,7 +2069,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2110,7 +2110,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2163,7 +2163,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -2182,7 +2182,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2419,7 +2419,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2676,7 +2676,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2717,7 +2717,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2778,7 +2778,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3035,7 +3035,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -3076,7 +3076,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -3331,7 +3331,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -3372,7 +3372,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -3671,7 +3671,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -3722,16 +3722,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -3756,16 +3756,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3773,7 +3773,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_15(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_15(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3826,16 +3826,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3843,7 +3843,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3872,7 +3872,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} static inline void libcrux_sha3_portable_incremental_absorb_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_45(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_45(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_4f @@ -3886,17 +3886,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3904,7 +3904,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3951,7 +3951,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_absorb_final_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b6(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b6(&self, buf); return self; } @@ -3960,16 +3960,16 @@ libcrux_sha3_portable_incremental_absorb_final_7d( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -4114,21 +4114,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_9d_47(void) { +libcrux_sha3_generic_keccak_new_8b_47(void) { libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -4145,7 +4145,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_9d_47(); + return libcrux_sha3_generic_keccak_new_8b_47(); } /** @@ -4176,16 +4176,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -4210,16 +4210,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4227,7 +4227,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_150(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_150(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4280,16 +4280,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4297,7 +4297,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4323,7 +4323,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} static inline void libcrux_sha3_portable_incremental_absorb_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_450(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_450(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_78 @@ -4337,17 +4337,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4355,7 +4355,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4399,7 +4399,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_absorb_final_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b60(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b60(&self, buf); return self; } @@ -4408,16 +4408,16 @@ libcrux_sha3_portable_incremental_absorb_final_1c( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -4594,21 +4594,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_9d_470(void) { +libcrux_sha3_generic_keccak_new_8b_470(void) { libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e0(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e0(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -4622,7 +4622,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_9d_470(); + return libcrux_sha3_generic_keccak_new_8b_470(); } /** @@ -4669,16 +4669,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -4706,7 +4706,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -4741,7 +4741,7 @@ libcrux_sha3::portable::incremental::Shake256Squeeze)#3} static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba(self, buf); } /** @@ -4788,16 +4788,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -4825,7 +4825,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -4860,7 +4860,7 @@ libcrux_sha3::portable::incremental::Shake128Squeeze)#1} static inline void libcrux_sha3_portable_incremental_squeeze_10( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba0(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba0(self, buf); } /** diff --git a/libcrux-ml-kem/cg/tests/mlkem768.cc b/libcrux-ml-kem/cg/tests/mlkem768.cc index e8a333d6c..947171f58 100644 --- a/libcrux-ml-kem/cg/tests/mlkem768.cc +++ b/libcrux-ml-kem/cg/tests/mlkem768.cc @@ -98,6 +98,32 @@ TEST(MlKem768TestPortable, ConsistencyTest) LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); } +TEST(MlKem768TestPortableUnpacked, ConsistencyTest) +{ + uint8_t keygen_randomness[64]; + for (int i = 0; i < 64; i++) + { + keygen_randomness[i] = 13; + } + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(keygen_randomness, &key_pair); + + uint8_t encap_randomness[32]; + for (int i = 0; i < 32; i++) + { + encap_randomness[i] = 15; + } + auto ctxt = libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(&key_pair.public_key, encap_randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate(&key_pair, &ctxt.fst, sharedSecret2); + + EXPECT_EQ(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); +} + TEST(Kyber768TestPortable, ModifiedCiphertextTest) { uint8_t randomness[64]; @@ -232,6 +258,32 @@ TEST(MlKem768TestAvx2, ConsistencyTest) LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); } +TEST(MlKem768TestAvx2Unpacked, ConsistencyTest) +{ + uint8_t keygen_randomness[64]; + for (int i = 0; i < 64; i++) + { + keygen_randomness[i] = 13; + } + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(keygen_randomness, &key_pair); + + uint8_t encap_randomness[32]; + for (int i = 0; i < 32; i++) + { + encap_randomness[i] = 15; + } + auto ctxt = libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate(&key_pair.public_key, encap_randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate(&key_pair, &ctxt.fst, sharedSecret2); + + EXPECT_EQ(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); +} + TEST(Kyber768TestAvx2, ModifiedCiphertextTest) { uint8_t randomness[64]; diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 2bbb0bb41..ea1f001f4 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -307,14 +307,12 @@ pub(crate) mod unpacked { pub public_key: MlKemPublicKeyUnpacked, } - #[inline(always)] - fn init_re() -> [PolynomialRingElement; K] { - core::array::from_fn(|_| PolynomialRingElement::::ZERO()) - } - - #[inline(always)] - fn init_ae() -> [[PolynomialRingElement; K]; K] { - core::array::from_fn(|_| core::array::from_fn(|_| PolynomialRingElement::::ZERO())) + impl MlKemKeyPairUnpacked { + /// Create a new empty unpacked key pair. + #[inline(always)] + pub fn new() -> Self { + Self::default() + } } impl Default for MlKemKeyPairUnpacked { @@ -323,16 +321,15 @@ pub(crate) mod unpacked { Self { private_key: MlKemPrivateKeyUnpacked { ind_cpa_private_key: IndCpaPrivateKeyUnpacked { - secret_as_ntt: init_re(), + secret_as_ntt: [PolynomialRingElement::::ZERO(); K], }, implicit_rejection_value: [0u8; 32], }, public_key: MlKemPublicKeyUnpacked { ind_cpa_public_key: IndCpaPublicKeyUnpacked { - t_as_ntt: init_re(), + t_as_ntt: [PolynomialRingElement::::ZERO(); K], seed_for_A: [0u8; 32], - // XXX: initializing inline here makes eurydice fail. - A: init_ae(), + A: [[PolynomialRingElement::::ZERO(); K]; K], }, public_key_hash: [0u8; 32], }, diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index 994d65b50..d2e5cb367 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -6,13 +6,6 @@ macro_rules! instantiate { KEY_GENERATION_SEED_SIZE, SHARED_SECRET_SIZE, }; - #[cfg(feature = "unpacked")] - pub(crate) type MlKemKeyPairUnpacked = - crate::ind_cca::unpacked::MlKemKeyPairUnpacked; - #[cfg(feature = "unpacked")] - pub(crate) type MlKemPublicKeyUnpacked = - crate::ind_cca::unpacked::MlKemPublicKeyUnpacked; - /// Portable generate key pair. pub(crate) fn generate_keypair< const K: usize, @@ -272,6 +265,11 @@ macro_rules! instantiate { pub(crate) mod unpacked { use super::*; + pub(crate) type MlKemKeyPairUnpacked = + crate::ind_cca::unpacked::MlKemKeyPairUnpacked; + pub(crate) type MlKemPublicKeyUnpacked = + crate::ind_cca::unpacked::MlKemPublicKeyUnpacked; + pub(crate) fn generate_keypair< const K: usize, const CPA_PRIVATE_KEY_SIZE: usize, @@ -296,117 +294,88 @@ macro_rules! instantiate { $hash, >(randomness, out) } - } - #[cfg(feature = "unpacked")] - pub(crate) fn generate_keypair_unpacked< - const K: usize, - const CPA_PRIVATE_KEY_SIZE: usize, - const PRIVATE_KEY_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const BYTES_PER_RING_ELEMENT: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, - >( - randomness: [u8; KEY_GENERATION_SEED_SIZE], - ) -> MlKemKeyPairUnpacked { - let mut out = MlKemKeyPairUnpacked::::default(); - crate::ind_cca::unpacked::generate_keypair::< - K, - CPA_PRIVATE_KEY_SIZE, - PRIVATE_KEY_SIZE, - PUBLIC_KEY_SIZE, - BYTES_PER_RING_ELEMENT, - ETA1, - ETA1_RANDOMNESS_SIZE, - $vector, - $hash, - >(randomness, &mut out); - out - } - - /// Portable encapsualte - #[cfg(feature = "unpacked")] - pub(crate) fn encapsulate_unpacked< - const K: usize, - const CIPHERTEXT_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const T_AS_NTT_ENCODED_SIZE: usize, - const C1_SIZE: usize, - const C2_SIZE: usize, - const VECTOR_U_COMPRESSION_FACTOR: usize, - const VECTOR_V_COMPRESSION_FACTOR: usize, - const VECTOR_U_BLOCK_LEN: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, - const ETA2: usize, - const ETA2_RANDOMNESS_SIZE: usize, - >( - public_key: &MlKemPublicKeyUnpacked, - randomness: [u8; SHARED_SECRET_SIZE], - ) -> (MlKemCiphertext, MlKemSharedSecret) { - crate::ind_cca::unpacked::encapsulate::< - K, - CIPHERTEXT_SIZE, - PUBLIC_KEY_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - VECTOR_U_BLOCK_LEN, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - $vector, - $hash, - >(public_key, randomness) - } + /// Unpacked encapsulate + pub(crate) fn encapsulate< + const K: usize, + const CIPHERTEXT_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const VECTOR_U_BLOCK_LEN: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, + >( + public_key: &MlKemPublicKeyUnpacked, + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKemCiphertext, MlKemSharedSecret) { + crate::ind_cca::unpacked::encapsulate::< + K, + CIPHERTEXT_SIZE, + PUBLIC_KEY_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + VECTOR_U_BLOCK_LEN, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + $vector, + $hash, + >(public_key, randomness) + } - /// Portable decapsulate - #[cfg(feature = "unpacked")] - pub(crate) fn decapsulate_unpacked< - const K: usize, - const SECRET_KEY_SIZE: usize, - const CPA_SECRET_KEY_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const CIPHERTEXT_SIZE: usize, - const T_AS_NTT_ENCODED_SIZE: usize, - const C1_SIZE: usize, - const C2_SIZE: usize, - const VECTOR_U_COMPRESSION_FACTOR: usize, - const VECTOR_V_COMPRESSION_FACTOR: usize, - const C1_BLOCK_SIZE: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, - const ETA2: usize, - const ETA2_RANDOMNESS_SIZE: usize, - const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, - >( - key_pair: &MlKemKeyPairUnpacked, - ciphertext: &MlKemCiphertext, - ) -> MlKemSharedSecret { - crate::ind_cca::unpacked::decapsulate::< - K, - SECRET_KEY_SIZE, - CPA_SECRET_KEY_SIZE, - PUBLIC_KEY_SIZE, - CIPHERTEXT_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - C1_BLOCK_SIZE, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - IMPLICIT_REJECTION_HASH_INPUT_SIZE, - $vector, - $hash, - >(key_pair, ciphertext) + /// Unpacked decapsulate + pub(crate) fn decapsulate< + const K: usize, + const SECRET_KEY_SIZE: usize, + const CPA_SECRET_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const CIPHERTEXT_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const C1_BLOCK_SIZE: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, + const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, + >( + key_pair: &MlKemKeyPairUnpacked, + ciphertext: &MlKemCiphertext, + ) -> MlKemSharedSecret { + crate::ind_cca::unpacked::decapsulate::< + K, + SECRET_KEY_SIZE, + CPA_SECRET_KEY_SIZE, + PUBLIC_KEY_SIZE, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + C1_BLOCK_SIZE, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + $vector, + $hash, + >(key_pair, ciphertext) + } } } }; diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 26718e625..f32f83b48 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -46,17 +46,6 @@ pub type MlKem1024PublicKey = MlKemPublicKey; /// An ML-KEM 1024 Key pair pub type MlKem1024KeyPair = MlKemKeyPair; -/// An Unpacked ML-KEM 1024 Public key -#[allow(type_alias_bounds)] -#[cfg(feature = "unpacked")] -#[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] -pub type MlKem1024PublicKeyUnpacked = MlKemPublicKeyUnpacked; -/// Am Unpacked ML-KEM 1024 Key pair -#[allow(type_alias_bounds)] -#[cfg(feature = "unpacked")] -#[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] -pub type MlKem1024KeyPairUnpacked = MlKemKeyPairUnpacked; - // Instantiate the different functions. macro_rules! instantiate { ($modp:ident, $p:path, $vec:path, $doc:expr) => { @@ -234,95 +223,109 @@ macro_rules! instantiate { >(private_key, ciphertext) } - /// Generate ML-KEM 1024 Key Pair in "unpacked" form - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn generate_key_pair_unpacked( - randomness: [u8; KEY_GENERATION_SEED_SIZE], - ) -> MlKem1024KeyPairUnpacked<$vec> { - p::generate_keypair_unpacked::< - RANK_1024, - CPA_PKE_SECRET_KEY_SIZE_1024, - SECRET_KEY_SIZE_1024, - CPA_PKE_PUBLIC_KEY_SIZE_1024, - RANKED_BYTES_PER_RING_ELEMENT_1024, - ETA1, - ETA1_RANDOMNESS_SIZE, - >(randomness) - } - - /// Encapsulate ML-KEM 1024 (unpacked) - /// - /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - /// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], - /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. - /// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: - /// - #[cfg_attr( - hax, - hax_lib::fstar::before( - interface, - " -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - ()" - ) - )] + /// Unpacked APIs that don't use serialized keys. #[cfg(feature = "unpacked")] #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn encapsulate_unpacked( - public_key: &MlKem1024PublicKeyUnpacked<$vec>, - randomness: [u8; SHARED_SECRET_SIZE], - ) -> (MlKem1024Ciphertext, MlKemSharedSecret) { - p::encapsulate_unpacked::< - RANK_1024, - CPA_PKE_CIPHERTEXT_SIZE_1024, - CPA_PKE_PUBLIC_KEY_SIZE_1024, - T_AS_NTT_ENCODED_SIZE_1024, - C1_SIZE_1024, - C2_SIZE_1024, - VECTOR_U_COMPRESSION_FACTOR_1024, - VECTOR_V_COMPRESSION_FACTOR_1024, - C1_BLOCK_SIZE_1024, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - >(public_key, randomness) - } - - /// Decapsulate ML-KEM 1024 (unpacked) - /// - /// Generates an [`MlKemSharedSecret`]. - /// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] - /// and an [`MlKem1024Ciphertext`]. - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn decapsulate_unpacked( - private_key: &MlKem1024KeyPairUnpacked<$vec>, - ciphertext: &MlKem1024Ciphertext, - ) -> MlKemSharedSecret { - p::decapsulate_unpacked::< - RANK_1024, - SECRET_KEY_SIZE_1024, - CPA_PKE_SECRET_KEY_SIZE_1024, - CPA_PKE_PUBLIC_KEY_SIZE_1024, - CPA_PKE_CIPHERTEXT_SIZE_1024, - T_AS_NTT_ENCODED_SIZE_1024, - C1_SIZE_1024, - C2_SIZE_1024, - VECTOR_U_COMPRESSION_FACTOR_1024, - VECTOR_V_COMPRESSION_FACTOR_1024, - C1_BLOCK_SIZE_1024, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - IMPLICIT_REJECTION_HASH_INPUT_SIZE, - >(private_key, ciphertext) + pub mod unpacked { + use super::*; + + /// An Unpacked ML-KEM 1024 Public key + #[allow(type_alias_bounds)] + pub type MlKem1024PublicKeyUnpacked = + MlKemPublicKeyUnpacked; + + /// Am Unpacked ML-KEM 1024 Key pair + #[allow(type_alias_bounds)] + pub type MlKem1024KeyPairUnpacked = + MlKemKeyPairUnpacked; + + /// Generate ML-KEM 1024 Key Pair in "unpacked" form + #[cfg(feature = "unpacked")] + #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] + pub fn generate_key_pair( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + key_pair: &mut MlKem1024KeyPairUnpacked<$vec>, + ) { + p::unpacked::generate_keypair::< + RANK_1024, + CPA_PKE_SECRET_KEY_SIZE_1024, + SECRET_KEY_SIZE_1024, + CPA_PKE_PUBLIC_KEY_SIZE_1024, + RANKED_BYTES_PER_RING_ELEMENT_1024, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness, key_pair) + } + + /// Encapsulate ML-KEM 1024 (unpacked) + /// + /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + /// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], + /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. + /// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: + /// + #[cfg_attr( + hax, + hax_lib::fstar::before( + interface, + " + let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + ()" + ) + )] + pub fn encapsulate( + public_key: &MlKem1024PublicKeyUnpacked<$vec>, + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKem1024Ciphertext, MlKemSharedSecret) { + p::unpacked::encapsulate::< + RANK_1024, + CPA_PKE_CIPHERTEXT_SIZE_1024, + CPA_PKE_PUBLIC_KEY_SIZE_1024, + T_AS_NTT_ENCODED_SIZE_1024, + C1_SIZE_1024, + C2_SIZE_1024, + VECTOR_U_COMPRESSION_FACTOR_1024, + VECTOR_V_COMPRESSION_FACTOR_1024, + C1_BLOCK_SIZE_1024, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + >(public_key, randomness) + } + + /// Decapsulate ML-KEM 1024 (unpacked) + /// + /// Generates an [`MlKemSharedSecret`]. + /// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] + /// and an [`MlKem1024Ciphertext`]. + pub fn decapsulate( + private_key: &MlKem1024KeyPairUnpacked<$vec>, + ciphertext: &MlKem1024Ciphertext, + ) -> MlKemSharedSecret { + p::unpacked::decapsulate::< + RANK_1024, + SECRET_KEY_SIZE_1024, + CPA_PKE_SECRET_KEY_SIZE_1024, + CPA_PKE_PUBLIC_KEY_SIZE_1024, + CPA_PKE_CIPHERTEXT_SIZE_1024, + T_AS_NTT_ENCODED_SIZE_1024, + C1_SIZE_1024, + C2_SIZE_1024, + VECTOR_U_COMPRESSION_FACTOR_1024, + VECTOR_V_COMPRESSION_FACTOR_1024, + C1_BLOCK_SIZE_1024, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + >(private_key, ciphertext) + } } } }; diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index eb5a37ddf..d5beb5479 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -44,17 +44,6 @@ pub type MlKem512PublicKey = MlKemPublicKey; /// An ML-KEM 512 Key pair pub type MlKem512KeyPair = MlKemKeyPair; -/// An Unpacked ML-KEM 512 Public key -#[allow(type_alias_bounds)] -#[cfg(feature = "unpacked")] -#[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] -pub type MlKem512PublicKeyUnpacked = MlKemPublicKeyUnpacked; -/// Am Unpacked ML-KEM 512 Key pair -#[allow(type_alias_bounds)] -#[cfg(feature = "unpacked")] -#[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] -pub type MlKem512KeyPairUnpacked = MlKemKeyPairUnpacked; - // Instantiate the different functions. macro_rules! instantiate { ($modp:ident, $p:path, $vec:path, $doc:expr) => { @@ -231,93 +220,106 @@ macro_rules! instantiate { >(private_key, ciphertext) } - /// Generate ML-KEM 512 Key Pair in "unpacked" form - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn generate_key_pair_unpacked( - randomness: [u8; KEY_GENERATION_SEED_SIZE], - ) -> MlKem512KeyPairUnpacked<$vec> { - p::generate_keypair_unpacked::< - RANK_512, - CPA_PKE_SECRET_KEY_SIZE_512, - SECRET_KEY_SIZE_512, - CPA_PKE_PUBLIC_KEY_SIZE_512, - RANKED_BYTES_PER_RING_ELEMENT_512, - ETA1, - ETA1_RANDOMNESS_SIZE, - >(randomness) - } - - /// Encapsulate ML-KEM 512 (unpacked) - /// - /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - /// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], - /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. - #[cfg_attr( - hax, - hax_lib::fstar::before( - interface, - " -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - ()" - ) - )] - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn encapsulate_unpacked( - public_key: &MlKem512PublicKeyUnpacked<$vec>, - randomness: [u8; SHARED_SECRET_SIZE], - ) -> (MlKem512Ciphertext, MlKemSharedSecret) { - p::encapsulate_unpacked::< - RANK_512, - CPA_PKE_CIPHERTEXT_SIZE_512, - CPA_PKE_PUBLIC_KEY_SIZE_512, - T_AS_NTT_ENCODED_SIZE_512, - C1_SIZE_512, - C2_SIZE_512, - VECTOR_U_COMPRESSION_FACTOR_512, - VECTOR_V_COMPRESSION_FACTOR_512, - C1_BLOCK_SIZE_512, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - >(public_key, randomness) - } - /// Decapsulate ML-KEM 512 (unpacked) - /// - /// Generates an [`MlKemSharedSecret`]. - /// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] - /// and an [`MlKem512Ciphertext`]. + /// Unpacked APIs that don't use serialized keys. #[cfg(feature = "unpacked")] #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn decapsulate_unpacked( - private_key: &MlKem512KeyPairUnpacked<$vec>, - ciphertext: &MlKem512Ciphertext, - ) -> MlKemSharedSecret { - p::decapsulate_unpacked::< - RANK_512, - SECRET_KEY_SIZE_512, - CPA_PKE_SECRET_KEY_SIZE_512, - CPA_PKE_PUBLIC_KEY_SIZE_512, - CPA_PKE_CIPHERTEXT_SIZE_512, - T_AS_NTT_ENCODED_SIZE_512, - C1_SIZE_512, - C2_SIZE_512, - VECTOR_U_COMPRESSION_FACTOR_512, - VECTOR_V_COMPRESSION_FACTOR_512, - C1_BLOCK_SIZE_512, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - IMPLICIT_REJECTION_HASH_INPUT_SIZE, - >(private_key, ciphertext) + pub mod unpacked { + use super::*; + + + /// An Unpacked ML-KEM 512 Public key + #[allow(type_alias_bounds)] + pub type MlKem512PublicKeyUnpacked = MlKemPublicKeyUnpacked; + + /// Am Unpacked ML-KEM 512 Key pair + #[allow(type_alias_bounds)] + pub type MlKem512KeyPairUnpacked = MlKemKeyPairUnpacked; + + + /// Generate ML-KEM 512 Key Pair in "unpacked" form + pub fn generate_key_pair( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + key_pair: &mut MlKem512KeyPairUnpacked<$vec>, + ) { + p::unpacked::generate_keypair::< + RANK_512, + CPA_PKE_SECRET_KEY_SIZE_512, + SECRET_KEY_SIZE_512, + CPA_PKE_PUBLIC_KEY_SIZE_512, + RANKED_BYTES_PER_RING_ELEMENT_512, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness, key_pair); + } + + /// Encapsulate ML-KEM 512 (unpacked) + /// + /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + /// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], + /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. + #[cfg_attr( + hax, + hax_lib::fstar::before( + interface, + " + let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + ()" + ) + )] + pub fn encapsulate( + public_key: &MlKem512PublicKeyUnpacked<$vec>, + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKem512Ciphertext, MlKemSharedSecret) { + p::unpacked::encapsulate::< + RANK_512, + CPA_PKE_CIPHERTEXT_SIZE_512, + CPA_PKE_PUBLIC_KEY_SIZE_512, + T_AS_NTT_ENCODED_SIZE_512, + C1_SIZE_512, + C2_SIZE_512, + VECTOR_U_COMPRESSION_FACTOR_512, + VECTOR_V_COMPRESSION_FACTOR_512, + C1_BLOCK_SIZE_512, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + >(public_key, randomness) + } + + /// Decapsulate ML-KEM 512 (unpacked) + /// + /// Generates an [`MlKemSharedSecret`]. + /// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] + /// and an [`MlKem512Ciphertext`]. + pub fn decapsulate( + private_key: &MlKem512KeyPairUnpacked<$vec>, + ciphertext: &MlKem512Ciphertext, + ) -> MlKemSharedSecret { + p::unpacked::decapsulate::< + RANK_512, + SECRET_KEY_SIZE_512, + CPA_PKE_SECRET_KEY_SIZE_512, + CPA_PKE_PUBLIC_KEY_SIZE_512, + CPA_PKE_CIPHERTEXT_SIZE_512, + T_AS_NTT_ENCODED_SIZE_512, + C1_SIZE_512, + C2_SIZE_512, + VECTOR_U_COMPRESSION_FACTOR_512, + VECTOR_V_COMPRESSION_FACTOR_512, + C1_BLOCK_SIZE_512, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + >(private_key, ciphertext) + } } } }; diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index a91000a14..b749bc752 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -1,8 +1,6 @@ //! ML-KEM 768 use super::{constants::*, ind_cca::*, types::*, *}; -#[cfg(feature = "unpacked")] -use super::{ind_cca::unpacked::*, vector::traits::VectorType}; // Kyber 768 parameters const RANK_768: usize = 3; @@ -46,17 +44,6 @@ pub type MlKem768PublicKey = MlKemPublicKey; /// An ML-KEM 768 Key pair pub type MlKem768KeyPair = MlKemKeyPair; -/// An Unpacked ML-KEM 768 Public key -#[allow(type_alias_bounds)] -#[cfg(feature = "unpacked")] -#[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] -pub type MlKem768PublicKeyUnpacked = MlKemPublicKeyUnpacked; -/// Am Unpacked ML-KEM 768 Key pair -#[allow(type_alias_bounds)] -#[cfg(feature = "unpacked")] -#[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] -pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked; - // Instantiate the different functions. macro_rules! instantiate { ($modp:ident, $p:path, $vec:path, $doc:expr) => { @@ -240,10 +227,21 @@ macro_rules! instantiate { pub mod unpacked { use super::*; + /// An Unpacked ML-KEM 768 Public key + pub type MlKem768PublicKeyUnpacked = p::unpacked::MlKemPublicKeyUnpacked; + + /// Am Unpacked ML-KEM 768 Key pair + pub type MlKem768KeyPairUnpacked = p::unpacked::MlKemKeyPairUnpacked; + + /// Create a new, empty unpacked key. + pub fn init_key_pair() -> MlKem768KeyPairUnpacked { + MlKem768KeyPairUnpacked::default() + } + /// Generate ML-KEM 768 Key Pair in "unpacked" form. pub fn generate_key_pair( randomness: [u8; KEY_GENERATION_SEED_SIZE], - key_pair: &mut MlKem768KeyPairUnpacked<$vec>, + key_pair: &mut MlKem768KeyPairUnpacked, ) { p::unpacked::generate_keypair::< RANK_768, @@ -253,7 +251,7 @@ macro_rules! instantiate { RANKED_BYTES_PER_RING_ELEMENT_768, ETA1, ETA1_RANDOMNESS_SIZE, - >(randomness, key_pair) + >(randomness, key_pair); } /// Encapsulate ML-KEM 768 (unpacked) @@ -276,11 +274,11 @@ macro_rules! instantiate { )] #[cfg(feature = "unpacked")] #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn encapsulate_unpacked( - public_key: &MlKem768PublicKeyUnpacked<$vec>, + pub fn encapsulate( + public_key: &MlKem768PublicKeyUnpacked, randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKem768Ciphertext, MlKemSharedSecret) { - p::encapsulate_unpacked::< + p::unpacked::encapsulate::< RANK_768, CPA_PKE_CIPHERTEXT_SIZE_768, CPA_PKE_PUBLIC_KEY_SIZE_768, @@ -304,11 +302,11 @@ macro_rules! instantiate { /// and an [`MlKem768Ciphertext`]. #[cfg(feature = "unpacked")] #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn decapsulate_unpacked( - private_key: &MlKem768KeyPairUnpacked<$vec>, + pub fn decapsulate( + private_key: &MlKem768KeyPairUnpacked, ciphertext: &MlKem768Ciphertext, ) -> MlKemSharedSecret { - p::decapsulate_unpacked::< + p::unpacked::decapsulate::< RANK_768, SECRET_KEY_SIZE_768, CPA_PKE_SECRET_KEY_SIZE_768, @@ -328,95 +326,6 @@ macro_rules! instantiate { >(private_key, ciphertext) } } - - /// Generate ML-KEM 768 Key Pair in "unpacked" form - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn generate_key_pair_unpacked( - randomness: [u8; KEY_GENERATION_SEED_SIZE], - ) -> MlKem768KeyPairUnpacked<$vec> { - p::generate_keypair_unpacked::< - RANK_768, - CPA_PKE_SECRET_KEY_SIZE_768, - SECRET_KEY_SIZE_768, - CPA_PKE_PUBLIC_KEY_SIZE_768, - RANKED_BYTES_PER_RING_ELEMENT_768, - ETA1, - ETA1_RANDOMNESS_SIZE, - >(randomness) - } - - /// Encapsulate ML-KEM 768 (unpacked) - /// - /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - /// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], - /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. - #[cfg_attr( - hax, - hax_lib::fstar::before( - interface, - " -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - ()" - ) - )] - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn encapsulate_unpacked( - public_key: &MlKem768PublicKeyUnpacked<$vec>, - randomness: [u8; SHARED_SECRET_SIZE], - ) -> (MlKem768Ciphertext, MlKemSharedSecret) { - p::encapsulate_unpacked::< - RANK_768, - CPA_PKE_CIPHERTEXT_SIZE_768, - CPA_PKE_PUBLIC_KEY_SIZE_768, - T_AS_NTT_ENCODED_SIZE_768, - C1_SIZE_768, - C2_SIZE_768, - VECTOR_U_COMPRESSION_FACTOR_768, - VECTOR_V_COMPRESSION_FACTOR_768, - C1_BLOCK_SIZE_768, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - >(public_key, randomness) - } - - /// Decapsulate ML-KEM 768 (unpacked) - /// - /// Generates an [`MlKemSharedSecret`]. - /// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] - /// and an [`MlKem768Ciphertext`]. - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn decapsulate_unpacked( - private_key: &MlKem768KeyPairUnpacked<$vec>, - ciphertext: &MlKem768Ciphertext, - ) -> MlKemSharedSecret { - p::decapsulate_unpacked::< - RANK_768, - SECRET_KEY_SIZE_768, - CPA_PKE_SECRET_KEY_SIZE_768, - CPA_PKE_PUBLIC_KEY_SIZE_768, - CPA_PKE_CIPHERTEXT_SIZE_768, - T_AS_NTT_ENCODED_SIZE_768, - C1_SIZE_768, - C2_SIZE_768, - VECTOR_U_COMPRESSION_FACTOR_768, - VECTOR_V_COMPRESSION_FACTOR_768, - C1_BLOCK_SIZE_768, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - IMPLICIT_REJECTION_HASH_INPUT_SIZE, - >(private_key, ciphertext) - } } }; } diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index f7efc95a7..b0230875f 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -15,7 +15,7 @@ pub(crate) const VECTORS_IN_RING_ELEMENT: usize = super::constants::COEFFICIENTS_IN_RING_ELEMENT / FIELD_ELEMENTS_IN_VECTOR; #[cfg_attr(eurydice, derive(Clone, Copy))] -#[cfg_attr(not(eurydice), derive(Clone))] +#[cfg_attr(not(eurydice), derive(Clone, Copy))] pub(crate) struct PolynomialRingElement { pub(crate) coefficients: [Vector; VECTORS_IN_RING_ELEMENT], } diff --git a/libcrux-ml-kem/tests/self.rs b/libcrux-ml-kem/tests/self.rs index 065183385..65bc54470 100644 --- a/libcrux-ml-kem/tests/self.rs +++ b/libcrux-ml-kem/tests/self.rs @@ -41,7 +41,8 @@ macro_rules! impl_consistency_unpacked { #[test] fn $name() { let randomness = random_array(); - let key_pair_unpacked = $key_gen_unpacked(randomness); + let mut key_pair_unpacked = Default::default(); + $key_gen_unpacked(randomness, &mut key_pair_unpacked); let key_pair = $key_gen(randomness); let randomness = random_array(); let (ciphertext, shared_secret) = $encaps(key_pair.public_key(), randomness); @@ -238,9 +239,9 @@ impl_consistency_unpacked!( consistency_unpacked_512_portable, libcrux_ml_kem::mlkem512::portable::generate_key_pair, libcrux_ml_kem::mlkem512::portable::encapsulate, - libcrux_ml_kem::mlkem512::portable::generate_key_pair_unpacked, - libcrux_ml_kem::mlkem512::portable::encapsulate_unpacked, - libcrux_ml_kem::mlkem512::portable::decapsulate_unpacked + libcrux_ml_kem::mlkem512::portable::unpacked::generate_key_pair, + libcrux_ml_kem::mlkem512::portable::unpacked::encapsulate, + libcrux_ml_kem::mlkem512::portable::unpacked::decapsulate ); #[cfg(all( @@ -253,9 +254,9 @@ impl_consistency_unpacked!( consistency_unpacked_512_neon, libcrux_ml_kem::mlkem512::neon::generate_key_pair, libcrux_ml_kem::mlkem512::neon::encapsulate, - libcrux_ml_kem::mlkem512::neon::generate_key_pair_unpacked, - libcrux_ml_kem::mlkem512::neon::encapsulate_unpacked, - libcrux_ml_kem::mlkem512::neon::decapsulate_unpacked + libcrux_ml_kem::mlkem512::neon::unpacked::generate_key_pair, + libcrux_ml_kem::mlkem512::neon::unpacked::encapsulate, + libcrux_ml_kem::mlkem512::neon::unpacked::decapsulate ); #[cfg(all( @@ -268,9 +269,9 @@ impl_consistency_unpacked!( consistency_unpacked_512_avx2, libcrux_ml_kem::mlkem512::avx2::generate_key_pair, libcrux_ml_kem::mlkem512::avx2::encapsulate, - libcrux_ml_kem::mlkem512::avx2::generate_key_pair_unpacked, - libcrux_ml_kem::mlkem512::avx2::encapsulate_unpacked, - libcrux_ml_kem::mlkem512::avx2::decapsulate_unpacked + libcrux_ml_kem::mlkem512::avx2::unpacked::generate_key_pair, + libcrux_ml_kem::mlkem512::avx2::unpacked::encapsulate, + libcrux_ml_kem::mlkem512::avx2::unpacked::decapsulate ); #[cfg(all( @@ -282,9 +283,9 @@ impl_consistency_unpacked!( consistency_unpacked_1024_portable, libcrux_ml_kem::mlkem1024::portable::generate_key_pair, libcrux_ml_kem::mlkem1024::portable::encapsulate, - libcrux_ml_kem::mlkem1024::portable::generate_key_pair_unpacked, - libcrux_ml_kem::mlkem1024::portable::encapsulate_unpacked, - libcrux_ml_kem::mlkem1024::portable::decapsulate_unpacked + libcrux_ml_kem::mlkem1024::portable::unpacked::generate_key_pair, + libcrux_ml_kem::mlkem1024::portable::unpacked::encapsulate, + libcrux_ml_kem::mlkem1024::portable::unpacked::decapsulate ); #[cfg(all( @@ -297,9 +298,9 @@ impl_consistency_unpacked!( consistency_unpacked_1024_neon, libcrux_ml_kem::mlkem1024::neon::generate_key_pair, libcrux_ml_kem::mlkem1024::neon::encapsulate, - libcrux_ml_kem::mlkem1024::neon::generate_key_pair_unpacked, - libcrux_ml_kem::mlkem1024::neon::encapsulate_unpacked, - libcrux_ml_kem::mlkem1024::neon::decapsulate_unpacked + libcrux_ml_kem::mlkem1024::neon::unpacked::generate_key_pair, + libcrux_ml_kem::mlkem1024::neon::unpacked::encapsulate, + libcrux_ml_kem::mlkem1024::neon::unpacked::decapsulate ); #[cfg(all( @@ -312,9 +313,9 @@ impl_consistency_unpacked!( consistency_unpacked_1024_avx2, libcrux_ml_kem::mlkem1024::avx2::generate_key_pair, libcrux_ml_kem::mlkem1024::avx2::encapsulate, - libcrux_ml_kem::mlkem1024::avx2::generate_key_pair_unpacked, - libcrux_ml_kem::mlkem1024::avx2::encapsulate_unpacked, - libcrux_ml_kem::mlkem1024::avx2::decapsulate_unpacked + libcrux_ml_kem::mlkem1024::avx2::unpacked::generate_key_pair, + libcrux_ml_kem::mlkem1024::avx2::unpacked::encapsulate, + libcrux_ml_kem::mlkem1024::avx2::unpacked::decapsulate ); #[cfg(all( @@ -326,9 +327,9 @@ impl_consistency_unpacked!( consistency_unpacked_768_portable, libcrux_ml_kem::mlkem768::portable::generate_key_pair, libcrux_ml_kem::mlkem768::portable::encapsulate, - libcrux_ml_kem::mlkem768::portable::generate_key_pair_unpacked, - libcrux_ml_kem::mlkem768::portable::encapsulate_unpacked, - libcrux_ml_kem::mlkem768::portable::decapsulate_unpacked + libcrux_ml_kem::mlkem768::portable::unpacked::generate_key_pair, + libcrux_ml_kem::mlkem768::portable::unpacked::encapsulate, + libcrux_ml_kem::mlkem768::portable::unpacked::decapsulate ); #[cfg(all( @@ -341,9 +342,9 @@ impl_consistency_unpacked!( consistency_unpacked_768_neon, libcrux_ml_kem::mlkem768::neon::generate_key_pair, libcrux_ml_kem::mlkem768::neon::encapsulate, - libcrux_ml_kem::mlkem768::neon::generate_key_pair_unpacked, - libcrux_ml_kem::mlkem768::neon::encapsulate_unpacked, - libcrux_ml_kem::mlkem768::neon::decapsulate_unpacked + libcrux_ml_kem::mlkem768::neon::unpacked::generate_key_pair, + libcrux_ml_kem::mlkem768::neon::unpacked::encapsulate, + libcrux_ml_kem::mlkem768::neon::unpacked::decapsulate ); #[cfg(all( @@ -356,9 +357,9 @@ impl_consistency_unpacked!( consistency_unpacked_768_avx2, libcrux_ml_kem::mlkem768::avx2::generate_key_pair, libcrux_ml_kem::mlkem768::avx2::encapsulate, - libcrux_ml_kem::mlkem768::avx2::generate_key_pair_unpacked, - libcrux_ml_kem::mlkem768::avx2::encapsulate_unpacked, - libcrux_ml_kem::mlkem768::avx2::decapsulate_unpacked + libcrux_ml_kem::mlkem768::avx2::unpacked::generate_key_pair, + libcrux_ml_kem::mlkem768::avx2::unpacked::encapsulate, + libcrux_ml_kem::mlkem768::avx2::unpacked::decapsulate ); #[cfg(feature = "mlkem512")] From 16c5cbb1567f75eae528439541818205846c84da Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 11 Sep 2024 12:44:55 +0000 Subject: [PATCH 139/172] serialize functions for unpacked keys --- libcrux-ml-kem/benches/ml-kem.rs | 267 +++++++------------ libcrux-ml-kem/src/ind_cca.rs | 75 +++++- libcrux-ml-kem/src/ind_cca/instantiations.rs | 30 +++ libcrux-ml-kem/src/ind_cpa.rs | 45 ++-- libcrux-ml-kem/src/mlkem1024.rs | 45 +++- libcrux-ml-kem/src/mlkem512.rs | 36 ++- libcrux-ml-kem/src/mlkem768.rs | 17 ++ libcrux-ml-kem/src/polynomial.rs | 2 +- libcrux-ml-kem/src/vector/traits.rs | 9 - libcrux-ml-kem/tests/self.rs | 93 +++---- 10 files changed, 330 insertions(+), 289 deletions(-) diff --git a/libcrux-ml-kem/benches/ml-kem.rs b/libcrux-ml-kem/benches/ml-kem.rs index 5e004aaf1..59e24da45 100644 --- a/libcrux-ml-kem/benches/ml-kem.rs +++ b/libcrux-ml-kem/benches/ml-kem.rs @@ -14,10 +14,24 @@ macro_rules! init { use $version as version; #[cfg(feature = "pre-verification")] fun!("portable", version::portable, group); + #[cfg(all(feature = "pre-verification", feature = "unpacked"))] + fun_unpacked!("portable", version::portable::unpacked, group); #[cfg(all(feature = "simd128", feature = "pre-verification"))] fun!("neon", version::neon, group); + #[cfg(all( + feature = "simd128", + feature = "pre-verification", + feature = "unpacked" + ))] + fun_unpacked!("neon", version::neon::unpacked, group); #[cfg(all(feature = "simd256", feature = "pre-verification"))] - fun!("neon", version::avx2, group); + fun!("avx2", version::avx2, group); + #[cfg(all( + feature = "simd256", + feature = "pre-verification", + feature = "unpacked" + ))] + fun_unpacked!("avx2", version::avx2::unpacked, group); #[cfg(not(feature = "pre-verification"))] fun!("verified", version, group); }}; @@ -40,49 +54,27 @@ pub fn key_generation(c: &mut Criterion) { }; } + macro_rules! fun_unpacked { + ($name:expr, $p:path, $group:expr) => { + $group.bench_function( + format!("libcrux unpacked {} (external random)", $name), + |b| { + use $p as p; + + let mut seed = [0; 64]; + rng.fill_bytes(&mut seed); + b.iter(|| { + let mut kp = p::init_key_pair(); + p::generate_key_pair(seed, &mut kp); + }) + }, + ); + }; + } + init!(mlkem512, "Key Generation", c); init!(mlkem768, "Key Generation", c); init!(mlkem1024, "Key Generation", c); - - #[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "simd256", - feature = "unpacked" - ))] - c.bench_function("libcrux avx2 unpacked (external random)", |b| { - let mut seed = [0; 64]; - rng.fill_bytes(&mut seed); - b.iter(|| { - let _kp = mlkem768::avx2::generate_key_pair_unpacked(seed); - }) - }); - - #[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "simd128" - ))] - c.bench_function("libcrux neon unpacked (external random)", |b| { - let mut seed = [0; 64]; - rng.fill_bytes(&mut seed); - b.iter(|| { - let _kp = mlkem768::neon::generate_key_pair_unpacked(seed); - }) - }); - - #[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "unpacked" - ))] - c.bench_function("libcrux portable unpacked (external random)", |b| { - let mut seed = [0; 64]; - rng.fill_bytes(&mut seed); - b.iter(|| { - let _kp = mlkem768::portable::generate_key_pair_unpacked(seed); - }) - }); } pub fn pk_validation(c: &mut Criterion) { @@ -109,6 +101,12 @@ pub fn pk_validation(c: &mut Criterion) { }; } + macro_rules! fun_unpacked { + ($name:expr, $p:path, $group:expr) => { + // We don't do anything here. + }; + } + init!(mlkem512, "PK Validation", c); init!(mlkem768, "PK Validation", c); init!(mlkem1024, "PK Validation", c); @@ -135,70 +133,36 @@ pub fn encapsulation(c: &mut Criterion) { }; } + macro_rules! fun_unpacked { + ($name:expr, $p:path, $group:expr) => { + $group.bench_function( + format!("libcrux unpacked {} (external random)", $name), + |b| { + use $p as p; + let mut seed1 = [0; 64]; + OsRng.fill_bytes(&mut seed1); + let mut seed2 = [0; 32]; + OsRng.fill_bytes(&mut seed2); + b.iter_batched( + || { + let mut kp = p::init_key_pair(); + p::generate_key_pair(seed1, &mut kp); + kp + }, + |keypair| { + let (_shared_secret, _ciphertext) = + black_box(p::encapsulate(&keypair.public_key, seed2)); + }, + BatchSize::SmallInput, + ) + }, + ); + }; + } + init!(mlkem512, "Encapsulation", c); init!(mlkem768, "Encapsulation", c); init!(mlkem1024, "Encapsulation", c); - - #[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "unpacked" - ))] - c.bench_function("libcrux unpacked portable (external random)", |b| { - let mut seed1 = [0; 64]; - OsRng.fill_bytes(&mut seed1); - let mut seed2 = [0; 32]; - OsRng.fill_bytes(&mut seed2); - b.iter_batched( - || mlkem768::portable::generate_key_pair_unpacked(seed1), - |keypair| { - let (_shared_secret, _ciphertext) = - mlkem768::portable::encapsulate_unpacked(&keypair.public_key, seed2); - }, - BatchSize::SmallInput, - ) - }); - - #[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "simd128" - ))] - c.bench_function("libcrux unpacked neon (external random)", |b| { - let mut seed1 = [0; 64]; - OsRng.fill_bytes(&mut seed1); - let mut seed2 = [0; 32]; - OsRng.fill_bytes(&mut seed2); - b.iter_batched( - || mlkem768::neon::generate_key_pair_unpacked(seed1), - |keypair| { - let (_shared_secret, _ciphertext) = - mlkem768::neon::encapsulate_unpacked(&keypair.public_key, seed2); - }, - BatchSize::SmallInput, - ) - }); - - #[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "simd256", - feature = "unpacked" - ))] - c.bench_function("libcrux unpacked avx2 (external random)", |b| { - let mut seed1 = [0; 64]; - OsRng.fill_bytes(&mut seed1); - let mut seed2 = [0; 32]; - OsRng.fill_bytes(&mut seed2); - b.iter_batched( - || mlkem768::avx2::generate_key_pair_unpacked(seed1), - |keypair| { - let (_shared_secret, _ciphertext) = - mlkem768::avx2::encapsulate_unpacked(&keypair.public_key, seed2); - }, - BatchSize::SmallInput, - ) - }); } pub fn decapsulation(c: &mut Criterion) { @@ -227,83 +191,34 @@ pub fn decapsulation(c: &mut Criterion) { }; } + macro_rules! fun_unpacked { + ($name:expr, $p:path, $group:expr) => { + $group.bench_function(format!("libcrux unpacked {}", $name), |b| { + use $p as p; + let mut seed1 = [0; 64]; + OsRng.fill_bytes(&mut seed1); + let mut seed2 = [0; 32]; + OsRng.fill_bytes(&mut seed2); + b.iter_batched( + || { + let mut keypair = p::init_key_pair(); + p::generate_key_pair(seed1, &mut keypair); + let (ciphertext, _shared_secret) = + p::encapsulate(&keypair.public_key, seed2); + (keypair, ciphertext) + }, + |(keypair, ciphertext)| { + let _shared_secret = black_box(p::decapsulate(&keypair, &ciphertext)); + }, + BatchSize::SmallInput, + ) + }); + }; + } + init!(mlkem512, "Decapsulation", c); init!(mlkem768, "Decapsulation", c); init!(mlkem1024, "Decapsulation", c); - - #[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "unpacked" - ))] - c.bench_function("libcrux unpacked portable", |b| { - let mut seed1 = [0; 64]; - OsRng.fill_bytes(&mut seed1); - let mut seed2 = [0; 32]; - OsRng.fill_bytes(&mut seed2); - b.iter_batched( - || { - let keypair = mlkem768::portable::generate_key_pair_unpacked(seed1); - let (ciphertext, _shared_secret) = - mlkem768::portable::encapsulate_unpacked(&keypair.public_key, seed2); - (keypair, ciphertext) - }, - |(keypair, ciphertext)| { - let _shared_secret = - mlkem768::portable::decapsulate_unpacked(&keypair, &ciphertext); - }, - BatchSize::SmallInput, - ) - }); - - #[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "simd128" - ))] - c.bench_function("libcrux unpacked neon", |b| { - let mut seed1 = [0; 64]; - OsRng.fill_bytes(&mut seed1); - let mut seed2 = [0; 32]; - OsRng.fill_bytes(&mut seed2); - b.iter_batched( - || { - let keypair = mlkem768::neon::generate_key_pair_unpacked(seed1); - let (ciphertext, _shared_secret) = - mlkem768::neon::encapsulate_unpacked(&keypair.public_key, seed2); - (keypair, ciphertext) - }, - |(keypair, ciphertext)| { - let _shared_secret = mlkem768::neon::decapsulate_unpacked(&keypair, &ciphertext); - }, - BatchSize::SmallInput, - ) - }); - - #[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "simd256", - feature = "unpacked" - ))] - c.bench_function("libcrux unpacked avx2", |b| { - let mut seed1 = [0; 64]; - OsRng.fill_bytes(&mut seed1); - let mut seed2 = [0; 32]; - OsRng.fill_bytes(&mut seed2); - b.iter_batched( - || { - let keypair = mlkem768::avx2::generate_key_pair_unpacked(seed1); - let (ciphertext, _shared_secret) = - mlkem768::avx2::encapsulate_unpacked(&keypair.public_key, seed2); - (keypair, ciphertext) - }, - |(keypair, ciphertext)| { - let _shared_secret = mlkem768::avx2::decapsulate_unpacked(&keypair, &ciphertext); - }, - BatchSize::SmallInput, - ) - }); } pub fn comparisons(c: &mut Criterion) { diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index ea1f001f4..a8c1132a9 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -284,7 +284,8 @@ pub(crate) mod unpacked { constant_time_ops::{ compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, }, - ind_cpa::{generate_keypair_unpacked, unpacked::*}, + ind_cpa::{self, generate_keypair_unpacked, unpacked::*}, + matrix::sample_matrix_a_out, polynomial::PolynomialRingElement, vector::traits::Operations, }; @@ -307,12 +308,81 @@ pub(crate) mod unpacked { pub public_key: MlKemPublicKeyUnpacked, } + impl MlKemPublicKeyUnpacked { + /// Generate an unpacked key from a packed key. + pub(crate) fn from_public_key< + const T_AS_NTT_ENCODED_SIZE: usize, + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, + Hasher: Hash, + >( + public_key: &MlKemPublicKey, + ) -> Self { + let t_as_ntt = deserialize_ring_elements_reduced::( + &public_key[..T_AS_NTT_ENCODED_SIZE], + ); + let seed_for_a = into_padded_array(&public_key[T_AS_NTT_ENCODED_SIZE..]); + let a = sample_matrix_a_out::( + into_padded_array(&public_key[T_AS_NTT_ENCODED_SIZE..]), + false, + ); + + Self { + ind_cpa_public_key: IndCpaPublicKeyUnpacked { + t_as_ntt, + seed_for_A: seed_for_a, + A: a, + }, + public_key_hash: Hasher::H(public_key.as_slice()), + } + } + + /// Get the serialized public key. + pub fn serialized_public_key< + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, + >( + &self, + ) -> MlKemPublicKey { + let public_key_serialized = + serialize_public_key::( + &self.ind_cpa_public_key.t_as_ntt, + &self.ind_cpa_public_key.seed_for_A, + ); + + MlKemPublicKey::from(public_key_serialized) + } + } + + impl MlKemPrivateKeyUnpacked { + /// Generate an unpacked key from a packed key. + pub fn from_private_key(private_key: MlKemPrivateKey) -> Self { + todo!() + } + } + impl MlKemKeyPairUnpacked { /// Create a new empty unpacked key pair. #[inline(always)] pub fn new() -> Self { Self::default() } + + /// Get the serialized public key. + pub fn serialized_public_key< + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, + >( + &self, + ) -> MlKemPublicKey { + self.public_key + .serialized_public_key::() + } + + /// Get the serialized private key. + pub fn serialized_private_key(&self) -> MlKemPrivateKey { + todo!() + } } impl Default for MlKemKeyPairUnpacked { @@ -337,8 +407,7 @@ pub(crate) mod unpacked { } } - // Unpacked API - // Generate Unpacked Keys + /// Generate Unpacked Keys pub(crate) fn generate_keypair< const K: usize, const CPA_PRIVATE_KEY_SIZE: usize, diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index d2e5cb367..39a14bcd9 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -270,6 +270,36 @@ macro_rules! instantiate { pub(crate) type MlKemPublicKeyUnpacked = crate::ind_cca::unpacked::MlKemPublicKeyUnpacked; + /// Get the serialized public key. + pub fn serialized_public_key< + const K: usize, + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, + >( + public_key: &MlKemPublicKeyUnpacked, + ) -> MlKemPublicKey { + public_key + .serialized_public_key::() + } + + /// Get the unpacked public key. + pub(crate) fn unpacked_public_key< + const K: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, + >( + public_key: &MlKemPublicKey, + ) -> MlKemPublicKeyUnpacked { + MlKemPublicKeyUnpacked::from_public_key::< + T_AS_NTT_ENCODED_SIZE, + RANKED_BYTES_PER_RING_ELEMENT, + PUBLIC_KEY_SIZE, + $hash, + >(public_key) + } + + /// Generate a key pair pub(crate) fn generate_keypair< const K: usize, const CPA_PRIVATE_KEY_SIZE: usize, diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 88c7644ef..2dc2c7c69 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -61,7 +61,7 @@ pub(crate) fn serialize_public_key< /// Call [`serialize_uncompressed_ring_element`] for each ring element. #[inline(always)] -fn serialize_secret_key( +pub(crate) fn serialize_secret_key( key: &[PolynomialRingElement; K], ) -> [u8; OUT_LEN] { let mut out = [0u8; OUT_LEN]; @@ -187,7 +187,6 @@ fn sample_vector_cbd_then_ntt_out< /// The NIST FIPS 203 standard can be found at /// . #[allow(non_snake_case)] -#[cfg(feature = "unpacked")] pub(crate) fn generate_keypair_unpacked< const K: usize, const ETA1: usize, @@ -247,40 +246,30 @@ pub(crate) fn generate_keypair< >( key_generation_seed: &[u8], ) -> ([u8; PRIVATE_KEY_SIZE], [u8; PUBLIC_KEY_SIZE]) { - // We don't use the unpacked function here in order to reduce stack size. - - // (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for ML-KEM - let hashed = Scheme::cpa_keygen_seed::(key_generation_seed); - let (seed_for_A, seed_for_secret_and_error) = hashed.split_at(32); - - let A_transpose = sample_matrix_a_out::(into_padded_array(seed_for_A), true); - - let prf_input: [u8; 33] = into_padded_array(seed_for_secret_and_error); - let (secret_as_ntt, domain_separator) = - sample_vector_cbd_then_ntt_out::( - prf_input, 0, - ); - let (error_as_ntt, _) = - sample_vector_cbd_then_ntt_out::( - prf_input, - domain_separator, - ); - - // tˆ := Aˆ ◦ sˆ + eˆ - let mut t_as_ntt = core::array::from_fn(|_i| PolynomialRingElement::::ZERO()); - compute_As_plus_e(&mut t_as_ntt, &A_transpose, &secret_as_ntt, &error_as_ntt); + let mut private_key = IndCpaPrivateKeyUnpacked { + secret_as_ntt: [PolynomialRingElement::::ZERO(); K], + }; + let mut public_key = IndCpaPublicKeyUnpacked { + t_as_ntt: [PolynomialRingElement::::ZERO(); K], + seed_for_A: [0u8; 32], + A: [[PolynomialRingElement::::ZERO(); K]; K], + }; - let seed_for_A: [u8; 32] = seed_for_A.try_into().unwrap(); + generate_keypair_unpacked::( + key_generation_seed, + &mut private_key, + &mut public_key, + ); // pk := (Encode_12(tˆ mod^{+}q) || ρ) let public_key_serialized = serialize_public_key::( - &t_as_ntt, - &seed_for_A, + &public_key.t_as_ntt, + &public_key.seed_for_A, ); // sk := Encode_12(sˆ mod^{+}q) - let secret_key_serialized = serialize_secret_key(&secret_as_ntt); + let secret_key_serialized = serialize_secret_key(&private_key.secret_as_ntt); (secret_key_serialized, public_key_serialized) } diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index f32f83b48..397130e95 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -1,7 +1,5 @@ //! ML-KEM 1024 use super::{constants::*, ind_cca::*, types::*, *}; -#[cfg(feature = "unpacked")] -use super::{ind_cca::unpacked::*, vector::traits::VectorType}; // Kyber 1024 parameters const RANK_1024: usize = 4; @@ -230,21 +228,46 @@ macro_rules! instantiate { use super::*; /// An Unpacked ML-KEM 1024 Public key - #[allow(type_alias_bounds)] - pub type MlKem1024PublicKeyUnpacked = - MlKemPublicKeyUnpacked; + pub type MlKem1024PublicKeyUnpacked = + p::unpacked::MlKemPublicKeyUnpacked; /// Am Unpacked ML-KEM 1024 Key pair - #[allow(type_alias_bounds)] - pub type MlKem1024KeyPairUnpacked = - MlKemKeyPairUnpacked; + pub type MlKem1024KeyPairUnpacked = p::unpacked::MlKemKeyPairUnpacked; + + /// Create a new, empty unpacked key. + pub fn init_key_pair() -> MlKem1024KeyPairUnpacked { + MlKem1024KeyPairUnpacked::default() + } + + /// Get the serialized public key. + pub fn serialized_public_key( + public_key: &MlKem1024PublicKeyUnpacked, + ) -> MlKem1024PublicKey { + p::unpacked::serialized_public_key::< + RANK_1024, + RANKED_BYTES_PER_RING_ELEMENT_1024, + CPA_PKE_PUBLIC_KEY_SIZE_1024, + >(public_key) + } + + /// Get the unpacked public key. + pub fn unpacked_public_key( + public_key: &MlKem1024PublicKey, + ) -> MlKem1024PublicKeyUnpacked { + p::unpacked::unpacked_public_key::< + RANK_1024, + T_AS_NTT_ENCODED_SIZE_1024, + RANKED_BYTES_PER_RING_ELEMENT_1024, + CPA_PKE_PUBLIC_KEY_SIZE_1024, + >(public_key) + } /// Generate ML-KEM 1024 Key Pair in "unpacked" form #[cfg(feature = "unpacked")] #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] pub fn generate_key_pair( randomness: [u8; KEY_GENERATION_SEED_SIZE], - key_pair: &mut MlKem1024KeyPairUnpacked<$vec>, + key_pair: &mut MlKem1024KeyPairUnpacked, ) { p::unpacked::generate_keypair::< RANK_1024, @@ -278,7 +301,7 @@ macro_rules! instantiate { ) )] pub fn encapsulate( - public_key: &MlKem1024PublicKeyUnpacked<$vec>, + public_key: &MlKem1024PublicKeyUnpacked, randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKem1024Ciphertext, MlKemSharedSecret) { p::unpacked::encapsulate::< @@ -304,7 +327,7 @@ macro_rules! instantiate { /// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] /// and an [`MlKem1024Ciphertext`]. pub fn decapsulate( - private_key: &MlKem1024KeyPairUnpacked<$vec>, + private_key: &MlKem1024KeyPairUnpacked, ciphertext: &MlKem1024Ciphertext, ) -> MlKemSharedSecret { p::unpacked::decapsulate::< diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index d5beb5479..a1a8a07e5 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -1,7 +1,5 @@ //! ML-KEM 512 use super::{constants::*, ind_cca::*, types::*, *}; -#[cfg(feature = "unpacked")] -use super::{ind_cca::unpacked::*, vector::traits::VectorType}; // Kyber 512 parameters const RANK_512: usize = 2; @@ -227,20 +225,38 @@ macro_rules! instantiate { pub mod unpacked { use super::*; - /// An Unpacked ML-KEM 512 Public key - #[allow(type_alias_bounds)] - pub type MlKem512PublicKeyUnpacked = MlKemPublicKeyUnpacked; + pub type MlKem512PublicKeyUnpacked = p::unpacked::MlKemPublicKeyUnpacked; /// Am Unpacked ML-KEM 512 Key pair - #[allow(type_alias_bounds)] - pub type MlKem512KeyPairUnpacked = MlKemKeyPairUnpacked; + pub type MlKem512KeyPairUnpacked = p::unpacked::MlKemKeyPairUnpacked; + + /// Create a new, empty unpacked key. + pub fn init_key_pair() -> MlKem512KeyPairUnpacked { + MlKem512KeyPairUnpacked::default() + } + + /// Get the serialized public key. + pub fn serialized_public_key(public_key: &MlKem512PublicKeyUnpacked) -> MlKem512PublicKey { + p::unpacked::serialized_public_key::(public_key) + } + /// Get the unpacked public key. + pub fn unpacked_public_key( + public_key: &MlKem512PublicKey, + ) -> MlKem512PublicKeyUnpacked { + p::unpacked::unpacked_public_key::< + RANK_512, + T_AS_NTT_ENCODED_SIZE_512, + RANKED_BYTES_PER_RING_ELEMENT_512, + CPA_PKE_PUBLIC_KEY_SIZE_512, + >(public_key) + } /// Generate ML-KEM 512 Key Pair in "unpacked" form pub fn generate_key_pair( randomness: [u8; KEY_GENERATION_SEED_SIZE], - key_pair: &mut MlKem512KeyPairUnpacked<$vec>, + key_pair: &mut MlKem512KeyPairUnpacked, ) { p::unpacked::generate_keypair::< RANK_512, @@ -272,7 +288,7 @@ macro_rules! instantiate { ) )] pub fn encapsulate( - public_key: &MlKem512PublicKeyUnpacked<$vec>, + public_key: &MlKem512PublicKeyUnpacked, randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKem512Ciphertext, MlKemSharedSecret) { p::unpacked::encapsulate::< @@ -298,7 +314,7 @@ macro_rules! instantiate { /// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] /// and an [`MlKem512Ciphertext`]. pub fn decapsulate( - private_key: &MlKem512KeyPairUnpacked<$vec>, + private_key: &MlKem512KeyPairUnpacked, ciphertext: &MlKem512Ciphertext, ) -> MlKemSharedSecret { p::unpacked::decapsulate::< diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index b749bc752..4f5c64078 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -238,6 +238,23 @@ macro_rules! instantiate { MlKem768KeyPairUnpacked::default() } + /// Get the serialized public key. + pub fn serialized_public_key(public_key: &MlKem768PublicKeyUnpacked) -> MlKem768PublicKey { + p::unpacked::serialized_public_key::(public_key) + } + + /// Get the unpacked public key. + pub fn unpacked_public_key( + public_key: &MlKem768PublicKey, + ) -> MlKem768PublicKeyUnpacked { + p::unpacked::unpacked_public_key::< + RANK_768, + T_AS_NTT_ENCODED_SIZE_768, + RANKED_BYTES_PER_RING_ELEMENT_768, + CPA_PKE_PUBLIC_KEY_SIZE_768, + >(public_key) + } + /// Generate ML-KEM 768 Key Pair in "unpacked" form. pub fn generate_key_pair( randomness: [u8; KEY_GENERATION_SEED_SIZE], diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index b0230875f..3fb370d6b 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -14,7 +14,7 @@ pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = [ pub(crate) const VECTORS_IN_RING_ELEMENT: usize = super::constants::COEFFICIENTS_IN_RING_ELEMENT / FIELD_ELEMENTS_IN_VECTOR; -#[cfg_attr(eurydice, derive(Clone, Copy))] +#[cfg_attr(eurydice, derive(Clone))] #[cfg_attr(not(eurydice), derive(Clone, Copy))] pub(crate) struct PolynomialRingElement { pub(crate) coefficients: [Vector; VECTORS_IN_RING_ELEMENT], diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 8f392ea41..138ad7ad3 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -81,12 +81,3 @@ pub fn to_unsigned_representative(a: T) -> T { pub fn decompress_1(v: T) -> T { T::bitwise_and_with_constant(T::sub(T::ZERO(), &v), 1665) } - -/// Internal vectors. -/// -/// Used in the unpacked API. -#[cfg(feature = "unpacked")] -pub trait VectorType: Operations {} - -#[cfg(feature = "unpacked")] -impl VectorType for T {} diff --git a/libcrux-ml-kem/tests/self.rs b/libcrux-ml-kem/tests/self.rs index 65bc54470..34b89e66f 100644 --- a/libcrux-ml-kem/tests/self.rs +++ b/libcrux-ml-kem/tests/self.rs @@ -36,18 +36,39 @@ macro_rules! impl_consistency { #[cfg(all(feature = "pre-verification", feature = "unpacked"))] macro_rules! impl_consistency_unpacked { - ($name:ident, $key_gen:expr, $encaps:expr, $key_gen_unpacked:expr, $encaps_unpacked:expr, $decaps_unpacked:expr) => { + // $key_gen:expr, $encaps:expr, $key_gen_unpacked:expr, $encaps_unpacked:expr, $decaps_unpacked:expr + ($name:ident, $modp:path) => { #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)] #[test] fn $name() { + use $modp as p; + let randomness = random_array(); + + // Generate unpacked key let mut key_pair_unpacked = Default::default(); - $key_gen_unpacked(randomness, &mut key_pair_unpacked); - let key_pair = $key_gen(randomness); + p::unpacked::generate_key_pair(randomness, &mut key_pair_unpacked); + + // Generate regular key + let key_pair = p::generate_key_pair(randomness); + + // Ensure the two keys are the same + assert_eq!( + key_pair.public_key().as_slice(), + p::unpacked::serialized_public_key(&key_pair_unpacked.public_key).as_slice() + ); + assert_eq!( + p::unpacked::serialized_public_key(&p::unpacked::unpacked_public_key( + key_pair.public_key() + )) + .as_slice(), + key_pair.public_key().as_slice() + ); + let randomness = random_array(); - let (ciphertext, shared_secret) = $encaps(key_pair.public_key(), randomness); + let (ciphertext, shared_secret) = p::encapsulate(key_pair.public_key(), randomness); let (ciphertext_unpacked, shared_secret_unpacked) = - $encaps_unpacked(&key_pair_unpacked.public_key, randomness); + p::unpacked::encapsulate(&key_pair_unpacked.public_key, randomness); assert_eq!( shared_secret, shared_secret_unpacked, "lhs: shared_secret, rhs: shared_secret_unpacked" @@ -57,11 +78,17 @@ macro_rules! impl_consistency_unpacked { ciphertext_unpacked.as_slice(), "lhs: ciphertext, rhs: ciphertext_unpacked" ); - let shared_secret_decapsulated = $decaps_unpacked(&key_pair_unpacked, &ciphertext); + let shared_secret_decapsulated = + p::unpacked::decapsulate(&key_pair_unpacked, &ciphertext); + let shared_secret = p::decapsulate(key_pair.private_key(), &ciphertext); assert_eq!( shared_secret_unpacked, shared_secret_decapsulated, "lhs: shared_secret_unpacked, rhs: shared_secret_decapsulated" ); + assert_eq!( + shared_secret, shared_secret_decapsulated, + "lhs: shared_secret, rhs: shared_secret_decapsulated" + ); // If the randomness was not enough for the rejection sampling step // in key-generation and encapsulation, simply return without // failing. @@ -237,11 +264,7 @@ impl_consistency!( ))] impl_consistency_unpacked!( consistency_unpacked_512_portable, - libcrux_ml_kem::mlkem512::portable::generate_key_pair, - libcrux_ml_kem::mlkem512::portable::encapsulate, - libcrux_ml_kem::mlkem512::portable::unpacked::generate_key_pair, - libcrux_ml_kem::mlkem512::portable::unpacked::encapsulate, - libcrux_ml_kem::mlkem512::portable::unpacked::decapsulate + libcrux_ml_kem::mlkem512::portable ); #[cfg(all( @@ -252,11 +275,7 @@ impl_consistency_unpacked!( ))] impl_consistency_unpacked!( consistency_unpacked_512_neon, - libcrux_ml_kem::mlkem512::neon::generate_key_pair, - libcrux_ml_kem::mlkem512::neon::encapsulate, - libcrux_ml_kem::mlkem512::neon::unpacked::generate_key_pair, - libcrux_ml_kem::mlkem512::neon::unpacked::encapsulate, - libcrux_ml_kem::mlkem512::neon::unpacked::decapsulate + libcrux_ml_kem::mlkem512::neon ); #[cfg(all( @@ -267,11 +286,7 @@ impl_consistency_unpacked!( ))] impl_consistency_unpacked!( consistency_unpacked_512_avx2, - libcrux_ml_kem::mlkem512::avx2::generate_key_pair, - libcrux_ml_kem::mlkem512::avx2::encapsulate, - libcrux_ml_kem::mlkem512::avx2::unpacked::generate_key_pair, - libcrux_ml_kem::mlkem512::avx2::unpacked::encapsulate, - libcrux_ml_kem::mlkem512::avx2::unpacked::decapsulate + libcrux_ml_kem::mlkem512::avx2 ); #[cfg(all( @@ -281,11 +296,7 @@ impl_consistency_unpacked!( ))] impl_consistency_unpacked!( consistency_unpacked_1024_portable, - libcrux_ml_kem::mlkem1024::portable::generate_key_pair, - libcrux_ml_kem::mlkem1024::portable::encapsulate, - libcrux_ml_kem::mlkem1024::portable::unpacked::generate_key_pair, - libcrux_ml_kem::mlkem1024::portable::unpacked::encapsulate, - libcrux_ml_kem::mlkem1024::portable::unpacked::decapsulate + libcrux_ml_kem::mlkem1024::portable ); #[cfg(all( @@ -296,11 +307,7 @@ impl_consistency_unpacked!( ))] impl_consistency_unpacked!( consistency_unpacked_1024_neon, - libcrux_ml_kem::mlkem1024::neon::generate_key_pair, - libcrux_ml_kem::mlkem1024::neon::encapsulate, - libcrux_ml_kem::mlkem1024::neon::unpacked::generate_key_pair, - libcrux_ml_kem::mlkem1024::neon::unpacked::encapsulate, - libcrux_ml_kem::mlkem1024::neon::unpacked::decapsulate + libcrux_ml_kem::mlkem1024::neon ); #[cfg(all( @@ -311,11 +318,7 @@ impl_consistency_unpacked!( ))] impl_consistency_unpacked!( consistency_unpacked_1024_avx2, - libcrux_ml_kem::mlkem1024::avx2::generate_key_pair, - libcrux_ml_kem::mlkem1024::avx2::encapsulate, - libcrux_ml_kem::mlkem1024::avx2::unpacked::generate_key_pair, - libcrux_ml_kem::mlkem1024::avx2::unpacked::encapsulate, - libcrux_ml_kem::mlkem1024::avx2::unpacked::decapsulate + libcrux_ml_kem::mlkem1024::avx2 ); #[cfg(all( @@ -325,11 +328,7 @@ impl_consistency_unpacked!( ))] impl_consistency_unpacked!( consistency_unpacked_768_portable, - libcrux_ml_kem::mlkem768::portable::generate_key_pair, - libcrux_ml_kem::mlkem768::portable::encapsulate, - libcrux_ml_kem::mlkem768::portable::unpacked::generate_key_pair, - libcrux_ml_kem::mlkem768::portable::unpacked::encapsulate, - libcrux_ml_kem::mlkem768::portable::unpacked::decapsulate + libcrux_ml_kem::mlkem768::portable ); #[cfg(all( @@ -340,11 +339,7 @@ impl_consistency_unpacked!( ))] impl_consistency_unpacked!( consistency_unpacked_768_neon, - libcrux_ml_kem::mlkem768::neon::generate_key_pair, - libcrux_ml_kem::mlkem768::neon::encapsulate, - libcrux_ml_kem::mlkem768::neon::unpacked::generate_key_pair, - libcrux_ml_kem::mlkem768::neon::unpacked::encapsulate, - libcrux_ml_kem::mlkem768::neon::unpacked::decapsulate + libcrux_ml_kem::mlkem768::neon ); #[cfg(all( @@ -355,11 +350,7 @@ impl_consistency_unpacked!( ))] impl_consistency_unpacked!( consistency_unpacked_768_avx2, - libcrux_ml_kem::mlkem768::avx2::generate_key_pair, - libcrux_ml_kem::mlkem768::avx2::encapsulate, - libcrux_ml_kem::mlkem768::avx2::unpacked::generate_key_pair, - libcrux_ml_kem::mlkem768::avx2::unpacked::encapsulate, - libcrux_ml_kem::mlkem768::avx2::unpacked::decapsulate + libcrux_ml_kem::mlkem768::avx2 ); #[cfg(feature = "mlkem512")] From e992824de9fbd4117b2e3b53826e9e5565bc693e Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 11 Sep 2024 13:15:01 +0000 Subject: [PATCH 140/172] serialize functions for unpacked and C --- libcrux-ml-kem/cg/code_gen.txt | 4 +- libcrux-ml-kem/cg/libcrux_core.h | 18 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 4 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 1310 +++++++++-------- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 1299 ++++++++-------- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 4 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 4 +- libcrux-ml-kem/src/ind_cca.rs | 83 +- libcrux-ml-kem/src/ind_cca/instantiations.rs | 6 +- libcrux-ml-kem/src/ind_cpa.rs | 38 +- libcrux-ml-kem/src/mlkem1024.rs | 2 +- libcrux-ml-kem/src/mlkem512.rs | 2 +- libcrux-ml-kem/src/mlkem768.rs | 2 +- libcrux-ml-kem/src/polynomial.rs | 2 +- 14 files changed, 1423 insertions(+), 1355 deletions(-) diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index dee9bbaac..35ff13be5 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 -Eurydice: 36ae22046856004fa274a38d29b1697974017344 +Eurydice: 207141ec7b9ad912b3c0a4ad3bd405fe70948a04 Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 76a08da6b710a8d725d134bc5dfe88f4b9712ad5 +Libcrux: 16c5cbb1567f75eae528439541818205846c84da diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 4777be512..7d67f613e 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 - * Eurydice: 36ae22046856004fa274a38d29b1697974017344 + * Eurydice: 207141ec7b9ad912b3c0a4ad3bd405fe70948a04 * Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76a08da6b710a8d725d134bc5dfe88f4b9712ad5 + * Libcrux: 16c5cbb1567f75eae528439541818205846c84da */ #ifndef __libcrux_core_H @@ -205,7 +205,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_35( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_8c( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -229,7 +229,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_b6_25(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_b6_eb(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -266,7 +266,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_2a(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_17_28(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -282,7 +282,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_05_ae(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_05_04(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -346,7 +346,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_32(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_ab(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -366,7 +366,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_23( +static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_60( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -418,7 +418,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_8c( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_14( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index e3b6cab5a..649187862 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 - * Eurydice: 36ae22046856004fa274a38d29b1697974017344 + * Eurydice: 207141ec7b9ad912b3c0a4ad3bd405fe70948a04 * Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76a08da6b710a8d725d134bc5dfe88f4b9712ad5 + * Libcrux: 16c5cbb1567f75eae528439541818205846c84da */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 608af7814..0f4df54f5 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 - * Eurydice: 36ae22046856004fa274a38d29b1697974017344 + * Eurydice: 207141ec7b9ad912b3c0a4ad3bd405fe70948a04 * Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76a08da6b710a8d725d134bc5dfe88f4b9712ad5 + * Libcrux: 16c5cbb1567f75eae528439541818205846c84da */ #ifndef __libcrux_mlkem768_avx2_H @@ -1241,7 +1241,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_b0(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_d6(size_t _) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -1253,7 +1253,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_c7( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_9f( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1277,7 +1277,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_8f( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_32( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -1295,7 +1295,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_8f( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_c7( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_9f( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1324,7 +1324,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_14(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_fc(size_t _) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -1336,7 +1336,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_96( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_74( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1388,9 +1388,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_bb( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_90( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_96( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_74( vector); } @@ -1402,7 +1402,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_f1( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_99( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1413,7 +1413,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_f1( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_bb( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_90( coefficient); } return re; @@ -1427,7 +1427,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_960( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_740( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1479,9 +1479,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_bb0( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_900( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_960( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_740( vector); } @@ -1493,7 +1493,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_7e( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_ca( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1504,7 +1504,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_7e( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_bb0( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_900( coefficient); } return re; @@ -1518,9 +1518,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_c1( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_520( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_f1(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_99(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1535,7 +1535,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_07( +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_78( __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -1548,9 +1548,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0f(__m256i a, __m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_07(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_78(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1564,7 +1564,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ba( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1577,7 +1577,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0f( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -1595,7 +1595,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_4d( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_b7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1614,7 +1614,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_e4( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_20( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1636,7 +1636,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_d7( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_91( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1667,7 +1667,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_1a( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1684,21 +1684,21 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_b6( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_53( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_4d(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_e4(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_d7(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_1a(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_b7(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_20(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_91(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a7(re); } /** @@ -1715,7 +1715,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_51( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_23( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -1740,9 +1740,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_51( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_c1( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_520( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_b6(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_53(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1757,7 +1757,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_961( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_741( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1809,9 +1809,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_bb1( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_901( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_961( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_741( vector); } @@ -1823,7 +1823,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_37( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_99( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1834,7 +1834,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_37( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_bb1( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_901( coefficient); } return re; @@ -1848,7 +1848,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_962( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_742( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1900,9 +1900,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_bb2( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_902( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_962( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_742( vector); } @@ -1914,7 +1914,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_13( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_dd( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1925,7 +1925,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_13( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_bb2( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_902( re.coefficients[i0]); } return re; @@ -1939,9 +1939,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_75( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e9( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_37(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_99(serialized); } /** @@ -1984,7 +1984,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_d6_51( +libcrux_ml_kem_polynomial_ntt_multiply_d6_5f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = @@ -2025,7 +2025,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_50( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_13( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2046,7 +2046,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_72( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_5f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2073,7 +2073,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_0a( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_d6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2096,7 +2096,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_34( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_31( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2117,13 +2117,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_93(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_bb(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_07(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_78(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2136,7 +2136,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d3( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2151,7 +2151,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d3( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_93( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_bb( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2169,22 +2169,22 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cf( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_10( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_72(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_0a(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d3(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_5f(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_d6(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_31(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b0(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d3(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b0(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d3(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b0(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d3(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b0(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_1a(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a7(re); } /** @@ -2200,7 +2200,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_d6_fd( +libcrux_ml_kem_polynomial_subtract_reduce_d6_eb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2230,7 +2230,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_e8( +libcrux_ml_kem_matrix_compute_message_3f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -2239,12 +2239,12 @@ libcrux_ml_kem_matrix_compute_message_e8( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_51(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_d6_5f(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_50(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_13(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cf(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_d6_fd(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_10(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_d6_eb(v, result); return result; } @@ -2255,7 +2255,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_33(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_51(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2269,9 +2269,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_46( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_b4( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_33(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_51(vector); } /** @@ -2282,8 +2282,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_0e(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_46(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_95(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_b4(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2297,13 +2297,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_6d( +libcrux_ml_kem_serialize_compress_then_serialize_message_22( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_0e( + libcrux_ml_kem_vector_traits_to_unsigned_representative_95( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); @@ -2352,20 +2352,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_66( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_f1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_51(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_23(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_75( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e9( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_e8(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_3f(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_6d(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_22(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2380,11 +2380,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_36(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_3c(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_8f(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_32(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2396,7 +2396,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_36(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_66(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_f1(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2455,7 +2455,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_fe( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_71( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -2474,7 +2474,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c6( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8a( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -2505,7 +2505,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ad( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_94( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; @@ -2523,7 +2523,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ad( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c6( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8a( ring_element); deserialized_pk[i0] = uu____0; } @@ -2541,7 +2541,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_a_out_closure_closure_3d(size_t _j) { +libcrux_ml_kem_matrix_sample_matrix_a_out_closure_closure_84(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -2552,7 +2552,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_a_out_closure_64( +static inline void libcrux_ml_kem_matrix_sample_matrix_a_out_closure_87( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -2701,7 +2701,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6b( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e0( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2833,7 +2833,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6b0( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e00( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2881,7 +2881,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_d6_82(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_d6_34(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; @@ -2902,8 +2902,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_86(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_d6_82( +libcrux_ml_kem_sampling_sample_from_xof_closure_b7(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_d6_34( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2914,7 +2914,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_6c( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_59( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -2931,7 +2931,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_6c( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6b( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e0( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -2944,7 +2944,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_6c( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6b0( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e00( copy_of_randomness, sampled_coefficients, out); } } @@ -2954,7 +2954,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_86(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_b7(copy_of_out[i]); } memcpy( ret, ret0, @@ -2968,7 +2968,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_d8( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_59( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2989,7 +2989,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_d8( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_6c(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_59(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3015,17 +3015,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_a_out_8e( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_a_out_64( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 a[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_a_out_closure_64(i, a[i]); + libcrux_ml_kem_matrix_sample_matrix_a_out_closure_87(i, a[i]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[3U] = a; uint8_t uu____1[34U]; memcpy(uu____1, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_kem_matrix_sample_matrix_A_d8(uu____0, uu____1, transpose); + libcrux_ml_kem_matrix_sample_matrix_A_59(uu____0, uu____1, transpose); memcpy(ret, a, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); @@ -3053,7 +3053,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_b5(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_b6(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -3165,7 +3165,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ab( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_1b( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3200,7 +3200,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ab( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_d6_82( + return libcrux_ml_kem_polynomial_from_i16_array_d6_34( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3212,7 +3212,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_16( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_e1( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3246,7 +3246,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_16( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_d6_82( + return libcrux_ml_kem_polynomial_from_i16_array_d6_34( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3258,9 +3258,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_c1( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_d5( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ab( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_1b( randomness); } @@ -3271,7 +3271,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_ed( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_77( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3293,20 +3293,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_f3( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_ed(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_77(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_4d(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_e4(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_d7(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_1a(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_b7(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_20(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_91(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a7(re); } /** @@ -3323,7 +3323,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -3343,9 +3343,9 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_c1( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_d5( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_f3(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b6(&re_as_ntt[i0]); } return domain_separator; } @@ -3360,7 +3360,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d2( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_1a( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3369,7 +3369,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b( + domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e( uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; @@ -3394,7 +3394,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_40(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_51(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -3411,7 +3411,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_1f(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_de(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3434,7 +3434,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_1f(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_c1( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_d5( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -3489,7 +3489,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_a4(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_c7(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -3505,7 +3505,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_44( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_5e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3530,7 +3530,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_f7( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_82( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -3558,12 +3558,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_f7( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_51(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_50(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_d6_5f(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_13(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cf(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_d6_44(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_10(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_d6_5e(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3577,7 +3577,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_f0(__m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_f6(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3592,7 +3592,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_17( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_4b( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -3603,7 +3603,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_17( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_f0(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_f6(coefficient_compressed); } return re; } @@ -3621,7 +3621,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_d6_3a( +libcrux_ml_kem_polynomial_add_message_error_reduce_d6_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3652,7 +3652,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_07( +libcrux_ml_kem_matrix_compute_ring_element_v_f2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -3662,12 +3662,12 @@ libcrux_ml_kem_matrix_compute_ring_element_v_07( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_51(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_d6_5f(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_50(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_13(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cf(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_3a( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_10(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_8c( error_2, message, result); return result; } @@ -3680,7 +3680,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_da( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_90( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3735,9 +3735,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_5a( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_98( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_da( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_90( vector); } @@ -3749,14 +3749,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_70( +libcrux_ml_kem_serialize_compress_then_serialize_10_cc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_5a( - libcrux_ml_kem_vector_traits_to_unsigned_representative_0e( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_98( + libcrux_ml_kem_vector_traits_to_unsigned_representative_95( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); @@ -3776,7 +3776,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_da0( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_900( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3831,9 +3831,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_5a0( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_980( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_da0( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_900( vector); } @@ -3845,14 +3845,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_0c( +libcrux_ml_kem_serialize_compress_then_serialize_11_d3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_5a0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_0e( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_980( + libcrux_ml_kem_vector_traits_to_unsigned_representative_95( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); @@ -3873,10 +3873,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_f3( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_a4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_70(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_cc(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3893,7 +3893,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_46( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_56( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3909,7 +3909,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_46( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_f3(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_a4(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3924,7 +3924,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_da1( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_901( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3979,9 +3979,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_5a1( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_981( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_da1( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_901( vector); } @@ -3993,14 +3993,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_97( +libcrux_ml_kem_serialize_compress_then_serialize_4_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_5a1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_0e( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_981( + libcrux_ml_kem_vector_traits_to_unsigned_representative_95( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); @@ -4019,7 +4019,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_da2( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_902( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4074,9 +4074,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_5a2( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_982( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_da2( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_902( vector); } @@ -4088,14 +4088,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_a2( +libcrux_ml_kem_serialize_compress_then_serialize_5_e5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_5a2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_0e( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_982( + libcrux_ml_kem_vector_traits_to_unsigned_representative_95( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); @@ -4115,9 +4115,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_12( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_41( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_97(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_f4(re, out); } /** @@ -4138,12 +4138,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_47(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_2b(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ad( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_94( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -4151,13 +4151,13 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_47(Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_a_out_8e(ret0, false, A); + libcrux_ml_kem_matrix_sample_matrix_a_out_64(ret0, false, A); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d2( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_1a( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -4167,7 +4167,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_47(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_1f( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_de( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4179,29 +4179,29 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_47(Eurydice_slice public_key, libcrux_ml_kem_hash_functions_avx2_PRF_a9_420( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_c1( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_d5( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_f7(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_82(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_17( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_4b( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_07( + libcrux_ml_kem_matrix_compute_ring_element_v_f2( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_46( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_56( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_12( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_41( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4219,7 +4219,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_d5( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_95( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -4251,7 +4251,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_73( +static inline void libcrux_ml_kem_ind_cca_decapsulate_b3( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4269,7 +4269,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_73( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_36(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_3c(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4293,7 +4293,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_73( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_14(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -4304,18 +4304,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_73( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_47(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_2b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_d5( + libcrux_ml_kem_variant_kdf_d8_95( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_d5(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_d8_95(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + libcrux_ml_kem_types_as_ref_00_14(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4348,10 +4348,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_9a( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_17( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_73(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b3(private_key, ciphertext, ret); } /** @@ -4365,7 +4365,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_9a(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_17(private_key, ciphertext, ret); } @@ -4380,7 +4380,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_43( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_5d( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4423,11 +4423,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_5d( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f2( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_43( + libcrux_ml_kem_variant_entropy_preprocess_d8_5d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4438,7 +4438,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_5d( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_23(public_key), + libcrux_ml_kem_types_as_slice_cb_60(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4453,20 +4453,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_5d( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_23(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_60(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_47(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_2b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_32(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ab(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_d5(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_95(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4498,14 +4498,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_42( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_14( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_5d(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_f2(uu____0, copy_of_randomness); } /** @@ -4523,10 +4523,79 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_42( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_14( uu____0, copy_of_randomness); } +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 +libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(void) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 lit; + lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 +libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + } + uint8_t uu____1[32U] = {0U}; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + return lit; +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)#1} @@ -4538,7 +4607,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_9f( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_520( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4554,24 +4623,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_9f( memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem -with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_generate_keypair_closure_9d(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_7d(); -} - /** A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4579,7 +4630,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_a4( +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_07( __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -4598,14 +4649,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_4a( +libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_9a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_a4( + libcrux_ml_kem_vector_traits_to_standard_domain_07( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, @@ -4623,7 +4674,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_c2( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_91( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -4648,16 +4699,113 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_c2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_51(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_d6_5f(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_50(&t_as_ntt[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_d6_13(&t_as_ntt[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_4a( + libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_9a( &t_as_ntt[i1], &error_as_ntt[i1]); } } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_c2( + Eurydice_slice key_generation_seed, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { + uint8_t hashed[64U]; + libcrux_ml_kem_variant_cpa_keygen_seed_d8_520(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[3U] = + public_key->A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A_59(uu____1, ret, true); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 = + private_key->secret_as_ntt; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t domain_separator = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e( + uu____2, copy_of_prf_input0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_1a( + copy_of_prf_input, domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_matrix_compute_As_plus_e_91( + public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, + error_as_ntt); + uint8_t uu____5[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + /** A monomorphic instance of libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types @@ -4666,14 +4814,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_95( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_0e( + libcrux_ml_kem_vector_traits_to_unsigned_representative_95( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); @@ -4696,7 +4844,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_69( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_e1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -4714,7 +4862,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_69( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_95(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5f(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4733,14 +4881,14 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_6c( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_69(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_e1(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4764,57 +4912,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_3c(Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_9f(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_a_out_8e(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d2( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d2( - copy_of_prf_input, domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - t_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - } - libcrux_ml_kem_matrix_compute_As_plus_e_c2(t_as_ntt, A_transpose, - secret_as_ntt, error_as_ntt); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, seed_for_A); +libcrux_ml_kem_ind_cpa_generate_keypair_5f(Eurydice_slice key_generation_seed) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = + libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = + libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_c2( + key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_6c( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + libcrux_ml_kem_ind_cpa_serialize_public_key_a7( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_69(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_e1(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -4843,7 +4954,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_2a( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -4908,7 +5019,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_e4(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_63(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -4917,13 +5028,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_e4(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_3c(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_5f(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_2a( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -4932,13 +5043,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_e4(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_ae(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_04(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2a( - uu____2, libcrux_ml_kem_types_from_b6_25(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_28( + uu____2, libcrux_ml_kem_types_from_b6_eb(copy_of_public_key)); } /** @@ -4957,12 +5068,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_55( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_df( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_e4(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_63(copy_of_randomness); } /** @@ -4974,7 +5085,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_55( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_df( copy_of_randomness); } @@ -4990,7 +5101,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_ae( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_0d( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5001,7 +5112,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_ae( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_35(ciphertext), + libcrux_ml_kem_types_as_slice_d4_8c(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -5035,7 +5146,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_730( +static inline void libcrux_ml_kem_ind_cca_decapsulate_b30( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5053,7 +5164,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_730( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_36(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_3c(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5077,7 +5188,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_730( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_14(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -5088,18 +5199,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_730( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_47(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_2b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_ae( + libcrux_ml_kem_variant_kdf_33_0d( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_ae(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_33_0d(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + libcrux_ml_kem_types_as_ref_00_14(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5133,10 +5244,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_f4( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_b3( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_730(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b30(private_key, ciphertext, ret); } /** @@ -5150,7 +5261,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_f4( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_b3( private_key, ciphertext, ret); } @@ -5165,7 +5276,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_1a( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_a6( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_16(randomness, ret); } @@ -5190,11 +5301,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_5d0( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f20( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_1a( + libcrux_ml_kem_variant_entropy_preprocess_33_a6( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5205,7 +5316,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_5d0( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_23(public_key), + libcrux_ml_kem_types_as_slice_cb_60(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5220,20 +5331,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_5d0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_23(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_60(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_47(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_2b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_32(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ab(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_ae(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_0d(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5268,14 +5379,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_af( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_29( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_5d0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_f20(uu____0, copy_of_randomness); } /** @@ -5293,44 +5404,10 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_af( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_29( uu____0, copy_of_randomness); } -/** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_33 -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_d0( - Eurydice_slice key_generation_seed, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G_a9_67(key_generation_seed, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_Kyber -with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_generate_keypair_closure_9d0(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_7d(); -} - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5345,58 +5422,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_3c0( +libcrux_ml_kem_ind_cpa_generate_keypair_5f0( Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_d0(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_a_out_8e(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d2( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d2( - copy_of_prf_input, domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - t_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - } - libcrux_ml_kem_matrix_compute_As_plus_e_c2(t_as_ntt, A_transpose, - secret_as_ntt, error_as_ntt); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, seed_for_A); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = + libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = + libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_c2( + key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_6c( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + libcrux_ml_kem_ind_cpa_serialize_public_key_a7( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_69(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_e1(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5437,7 +5477,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_e40(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_630(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5446,13 +5486,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_e40(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_3c0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_5f0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_2a( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5461,13 +5501,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_e40(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_ae(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_04(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2a( - uu____2, libcrux_ml_kem_types_from_b6_25(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_28( + uu____2, libcrux_ml_kem_types_from_b6_eb(copy_of_public_key)); } /** @@ -5484,12 +5524,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_f8( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_51( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_e40(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_630(copy_of_randomness); } /** @@ -5501,7 +5541,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_f8( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_51( copy_of_randomness); } @@ -5521,7 +5561,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_ad( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_d9( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -5550,10 +5590,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_ed( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_98( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_ad(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_d9(private_key, ciphertext); } @@ -5566,7 +5606,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_ed( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_98( private_key, ciphertext); } @@ -5579,7 +5619,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_fe0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_710( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -5599,7 +5639,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ad0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_940( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; @@ -5617,7 +5657,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ad0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c6( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8a( ring_element); deserialized_pk[i0] = uu____0; } @@ -5642,16 +5682,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_fe( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_39( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ad0( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_940( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_6c( + libcrux_ml_kem_ind_cpa_serialize_public_key_a7( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -5673,9 +5713,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_47( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ec( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_fe(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_39(public_key); } /** @@ -5686,7 +5726,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_47( KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_47( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ec( public_key->value); } @@ -5702,18 +5742,6 @@ typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { uint8_t implicit_rejection_value[32U]; } libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; - /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5789,7 +5817,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_53( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_1b( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -5797,7 +5825,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_53( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d2( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_1a( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -5807,7 +5835,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_53( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_1f( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_de( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -5819,30 +5847,30 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_53( libcrux_ml_kem_hash_functions_avx2_PRF_a9_420( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_c1( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_d5( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_f7(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_82(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_17( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_4b( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_07( + libcrux_ml_kem_matrix_compute_ring_element_v_f2( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_46( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_56( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_12( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_41( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5870,11 +5898,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_a3( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_41( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_66( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_f1( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5904,7 +5932,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_a3( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_14(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -5916,11 +5944,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_a3( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_53( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_1b( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + libcrux_ml_kem_types_as_ref_00_14(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5957,10 +5985,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_33( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_fc( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_a3(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_41(key_pair, ciphertext, ret); } /** @@ -5974,7 +6002,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_33( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_fc( private_key, ciphertext, ret); } @@ -5997,7 +6025,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_bd( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_9e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6025,7 +6053,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_bd( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_53(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_1b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6035,7 +6063,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_bd( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_32(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ab(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6069,7 +6097,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_16( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_76( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -6077,7 +6105,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_16( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_bd(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_9e(uu____0, copy_of_randomness); } @@ -6098,107 +6126,10 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_16( + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_76( uu____0, copy_of_randomness); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_08( - Eurydice_slice key_generation_seed, - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { - uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_9f(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[3U] = - public_key->A; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A_d8(uu____1, ret, true); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, - prf_input); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 = - private_key->secret_as_ntt; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b( - uu____2, copy_of_prf_input0, 0U); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d2( - copy_of_prf_input, domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_matrix_compute_As_plus_e_c2( - public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, - error_as_ntt); - uint8_t uu____5[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____5); - memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); -} - /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair.closure.closure with types @@ -6214,7 +6145,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_0e(size_t _j) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_5b(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -6232,7 +6163,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_21( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_7b( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -6252,7 +6183,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_17_16( +libcrux_ml_kem_polynomial_clone_17_69( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -6262,6 +6193,9 @@ libcrux_ml_kem_polynomial_clone_17_16( return lit; } +/** + Generate Unpacked Keys +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -6275,7 +6209,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_a1( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_45( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -6285,19 +6219,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_a1( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_08( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_c2( ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_21(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_7b(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_clone_17_16( + libcrux_ml_kem_polynomial_clone_17_69( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -6310,7 +6244,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_a1( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_6c( + libcrux_ml_kem_ind_cpa_serialize_public_key_a7( out->public_key.ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice( (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), @@ -6329,6 +6263,9 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_a1( (size_t)32U * sizeof(uint8_t)); } +/** + Generate a key pair +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.generate_keypair with const @@ -6343,13 +6280,13 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_81( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_31( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_a1(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_45(copy_of_randomness, out); } /** @@ -6362,17 +6299,17 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_81( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_31( copy_of_randomness, key_pair); } /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0, TraitClause@1])#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_53 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_43 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 @@ -6380,67 +6317,46 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_53_1a(void) { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____0; - uu____0.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - uu____0.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - uu____0.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____1; - uu____1.ind_cpa_private_key = uu____0; - uu____1.implicit_rejection_value[0U] = 0U; - uu____1.implicit_rejection_value[1U] = 0U; - uu____1.implicit_rejection_value[2U] = 0U; - uu____1.implicit_rejection_value[3U] = 0U; - uu____1.implicit_rejection_value[4U] = 0U; - uu____1.implicit_rejection_value[5U] = 0U; - uu____1.implicit_rejection_value[6U] = 0U; - uu____1.implicit_rejection_value[7U] = 0U; - uu____1.implicit_rejection_value[8U] = 0U; - uu____1.implicit_rejection_value[9U] = 0U; - uu____1.implicit_rejection_value[10U] = 0U; - uu____1.implicit_rejection_value[11U] = 0U; - uu____1.implicit_rejection_value[12U] = 0U; - uu____1.implicit_rejection_value[13U] = 0U; - uu____1.implicit_rejection_value[14U] = 0U; - uu____1.implicit_rejection_value[15U] = 0U; - uu____1.implicit_rejection_value[16U] = 0U; - uu____1.implicit_rejection_value[17U] = 0U; - uu____1.implicit_rejection_value[18U] = 0U; - uu____1.implicit_rejection_value[19U] = 0U; - uu____1.implicit_rejection_value[20U] = 0U; - uu____1.implicit_rejection_value[21U] = 0U; - uu____1.implicit_rejection_value[22U] = 0U; - uu____1.implicit_rejection_value[23U] = 0U; - uu____1.implicit_rejection_value[24U] = 0U; - uu____1.implicit_rejection_value[25U] = 0U; - uu____1.implicit_rejection_value[26U] = 0U; - uu____1.implicit_rejection_value[27U] = 0U; - uu____1.implicit_rejection_value[28U] = 0U; - uu____1.implicit_rejection_value[29U] = 0U; - uu____1.implicit_rejection_value[30U] = 0U; - uu____1.implicit_rejection_value[31U] = 0U; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - uu____2[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - } - uint8_t uu____3[32U] = {0U}; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____4; - memcpy( - uu____4.t_as_ntt, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(uu____4.seed_for_A, uu____3, (size_t)32U * sizeof(uint8_t)); - uu____4.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - uu____4.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - uu____4.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - uu____4.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - uu____4.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - uu____4.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - uu____4.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - uu____4.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - uu____4.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + libcrux_ml_kem_ind_cca_unpacked_default_43_0d(void) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0; + uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); + uu____0.implicit_rejection_value[0U] = 0U; + uu____0.implicit_rejection_value[1U] = 0U; + uu____0.implicit_rejection_value[2U] = 0U; + uu____0.implicit_rejection_value[3U] = 0U; + uu____0.implicit_rejection_value[4U] = 0U; + uu____0.implicit_rejection_value[5U] = 0U; + uu____0.implicit_rejection_value[6U] = 0U; + uu____0.implicit_rejection_value[7U] = 0U; + uu____0.implicit_rejection_value[8U] = 0U; + uu____0.implicit_rejection_value[9U] = 0U; + uu____0.implicit_rejection_value[10U] = 0U; + uu____0.implicit_rejection_value[11U] = 0U; + uu____0.implicit_rejection_value[12U] = 0U; + uu____0.implicit_rejection_value[13U] = 0U; + uu____0.implicit_rejection_value[14U] = 0U; + uu____0.implicit_rejection_value[15U] = 0U; + uu____0.implicit_rejection_value[16U] = 0U; + uu____0.implicit_rejection_value[17U] = 0U; + uu____0.implicit_rejection_value[18U] = 0U; + uu____0.implicit_rejection_value[19U] = 0U; + uu____0.implicit_rejection_value[20U] = 0U; + uu____0.implicit_rejection_value[21U] = 0U; + uu____0.implicit_rejection_value[22U] = 0U; + uu____0.implicit_rejection_value[23U] = 0U; + uu____0.implicit_rejection_value[24U] = 0U; + uu____0.implicit_rejection_value[25U] = 0U; + uu____0.implicit_rejection_value[26U] = 0U; + uu____0.implicit_rejection_value[27U] = 0U; + uu____0.implicit_rejection_value[28U] = 0U; + uu____0.implicit_rejection_value[29U] = 0U; + uu____0.implicit_rejection_value[30U] = 0U; + uu____0.implicit_rejection_value[31U] = 0U; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____1 = + libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked lit; - lit.private_key = uu____1; - lit.public_key.ind_cpa_public_key = uu____4; + lit.private_key = uu____0; + lit.public_key.ind_cpa_public_key = uu____1; lit.public_key.public_key_hash[0U] = 0U; lit.public_key.public_key_hash[1U] = 0U; lit.public_key.public_key_hash[2U] = 0U; @@ -6482,7 +6398,125 @@ static KRML_MUSTINLINE KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_53_1a(); + return libcrux_ml_kem_ind_cca_unpacked_default_43_0d(); +} + +/** + Get the serialized public key. +*/ +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_dd with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_types_MlKemPublicKey_15 +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_dd_c3( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_a7( + self->ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, + uint8_t), + public_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_b6_eb(copy_of_public_key_serialized); +} + +/** + Get the serialized public key. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.serialized_public_key with +const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_types_MlKemPublicKey_15 +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_serialized_public_key_0e( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key) { + return libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_dd_c3( + public_key); +} + +/** + Get the serialized public key. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_types_MlKemPublicKey_15 +libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key) { + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_serialized_public_key_0e( + public_key); +} + +/** + Generate an unpacked key from a packed key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.unpack_public_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash, +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- T_AS_NTT_ENCODED_SIZE= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 +libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_a6( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { + KRML_HOST_EPRINTF( + "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "Eurydice error: Failure(\"TODO: TraitTypes " + "libcrux_ml_kem::types::index_impls::{core::ops::index::Index[core::marker::Sized]> for " + "libcrux_ml_kem::types::MlKemPublicKey}#20::Output\")\n"); + KRML_HOST_EXIT(255U); +} + +/** + Get the unpacked public key. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.unpack_public_key with const +generics +- K= 3 +- T_AS_NTT_ENCODED_SIZE= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_64( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { + return libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_a6(public_key); +} + +/** + Get the unpacked public key. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 +libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_64( + public_key); } /** diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 02004f0ee..b84e6e142 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 - * Eurydice: 36ae22046856004fa274a38d29b1697974017344 + * Eurydice: 207141ec7b9ad912b3c0a4ad3bd405fe70948a04 * Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76a08da6b710a8d725d134bc5dfe88f4b9712ad5 + * Libcrux: 16c5cbb1567f75eae528439541818205846c84da */ #ifndef __libcrux_mlkem768_portable_H @@ -2455,7 +2455,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_aa(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_82(size_t _) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -2466,7 +2466,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_11( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_35( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -2491,7 +2491,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_13( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_d1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -2509,7 +2509,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_13( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_11( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_35( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2537,7 +2537,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_bc(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_58(size_t _) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -2548,7 +2548,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_5a( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_2a( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2573,9 +2573,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_98( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_32( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_5a( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_2a( v); } @@ -2586,7 +2586,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_6c( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_d2( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -2598,7 +2598,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_6c( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_98( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_32( coefficient); re.coefficients[i0] = uu____0; } @@ -2612,7 +2612,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_5a0( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_2a0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2637,9 +2637,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_980( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_320( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_5a0( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_2a0( v); } @@ -2650,7 +2650,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_96( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_7e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -2662,7 +2662,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_96( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_980( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_320( coefficient); re.coefficients[i0] = uu____0; } @@ -2676,9 +2676,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_e8( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_52( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_6c(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_d2(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2693,7 +2693,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_64( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_3b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2707,12 +2707,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_2a( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_59( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_64(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_3b(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2726,7 +2726,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_f8( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_d5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2739,7 +2739,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_f8( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_2a( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_59( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2756,7 +2756,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_18( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_ae( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2776,7 +2776,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_c6( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_cf( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2798,7 +2798,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_23( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_01( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2829,7 +2829,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_fb( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_c2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2847,21 +2847,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_11( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_eb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_18(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_c6(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_23(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_fb(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_ae(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_cf(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_01(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_c2(re); } /** @@ -2877,7 +2877,7 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_37( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8f( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -2902,9 +2902,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_37( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_e8( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_52( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_11(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_eb(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2918,7 +2918,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_5a1( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_2a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2943,9 +2943,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_981( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_321( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_5a1( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_2a1( v); } @@ -2956,7 +2956,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_b6( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_75( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -2968,7 +2968,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_b6( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_981( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_321( coefficient); re.coefficients[i0] = uu____0; } @@ -2982,7 +2982,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_5a2( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_2a2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3007,9 +3007,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_982( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_322( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_5a2( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_2a2( v); } @@ -3020,7 +3020,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_1e( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_78( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -3032,7 +3032,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_1e( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_982( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_322( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3046,9 +3046,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e8( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a0( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_b6(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_75(serialized); } /** @@ -3090,7 +3090,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_d6_7e( +libcrux_ml_kem_polynomial_ntt_multiply_d6_1b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = @@ -3132,7 +3132,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_af( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_9d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3156,7 +3156,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_b5( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_45( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3182,7 +3182,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_30( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_88( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3204,7 +3204,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_b5( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_52( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3226,7 +3226,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_91( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_f3( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3234,7 +3234,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_64(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_3b(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3247,7 +3247,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3262,7 +3262,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_91( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_f3( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3279,22 +3279,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_11( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_a6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_b5(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_30(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_b5(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_45(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_88(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_52(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_fb(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_c2(re); } /** @@ -3309,7 +3309,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_d6_0b( +libcrux_ml_kem_polynomial_subtract_reduce_d6_e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3341,7 +3341,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_68( +libcrux_ml_kem_matrix_compute_message_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -3350,12 +3350,12 @@ libcrux_ml_kem_matrix_compute_message_68( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_7e(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_d6_1b(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_af(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_9d(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_11(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_d6_0b(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_a6(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_d6_e0(v, result); return result; } @@ -3365,7 +3365,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_3f( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_c3( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3385,9 +3385,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_fa( +libcrux_ml_kem_vector_portable_shift_right_0d_67( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_3f(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_c3(v); } /** @@ -3397,10 +3397,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_eb( +libcrux_ml_kem_vector_traits_to_unsigned_representative_11( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_fa(a); + libcrux_ml_kem_vector_portable_shift_right_0d_67(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3414,13 +3414,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_15( +libcrux_ml_kem_serialize_compress_then_serialize_message_84( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_eb( + libcrux_ml_kem_vector_traits_to_unsigned_representative_11( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3470,20 +3470,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_3a( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_fb( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_37(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8f(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e8( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a0( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_68(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_69(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_15(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_84(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3497,11 +3497,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_60(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_d4(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_13(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_d1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3513,7 +3513,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_60(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_3a(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_fb(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3568,7 +3568,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_e1( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_63( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -3586,7 +3586,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8e( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_f0( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -3618,7 +3618,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_58( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; @@ -3636,7 +3636,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8e( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_f0( ring_element); deserialized_pk[i0] = uu____0; } @@ -3654,7 +3654,7 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_a_out_closure_closure_25(size_t _j) { +libcrux_ml_kem_matrix_sample_matrix_a_out_closure_closure_79(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -3665,7 +3665,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_a_out_closure_8e( +static inline void libcrux_ml_kem_matrix_sample_matrix_a_out_closure_44( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -3816,7 +3816,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9b( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_60( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3937,7 +3937,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9b0( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_600( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3984,7 +3984,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_d6_4e(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_d6_b3(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; @@ -4007,8 +4007,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_97(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_d6_4e( +libcrux_ml_kem_sampling_sample_from_xof_closure_55(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_d6_b3( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4019,7 +4019,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2f( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_d8( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -4036,7 +4036,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2f( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9b( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_60( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -4049,7 +4049,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2f( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9b0( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_600( copy_of_randomness, sampled_coefficients, out); } } @@ -4059,7 +4059,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_97(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_55(copy_of_out[i]); } memcpy( ret, ret0, @@ -4073,7 +4073,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_30( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_95( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -4094,7 +4094,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_30( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_2f(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_d8(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4120,17 +4120,17 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_a_out_24( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_a_out_29( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 a[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_a_out_closure_8e(i, a[i]); + libcrux_ml_kem_matrix_sample_matrix_a_out_closure_44(i, a[i]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[3U] = a; uint8_t uu____1[34U]; memcpy(uu____1, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_kem_matrix_sample_matrix_A_30(uu____0, uu____1, transpose); + libcrux_ml_kem_matrix_sample_matrix_A_95(uu____0, uu____1, transpose); memcpy(ret, a, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); @@ -4158,7 +4158,7 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_2f(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_bf(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -4251,7 +4251,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_0d( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_26( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4286,7 +4286,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_0d( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_d6_4e( + return libcrux_ml_kem_polynomial_from_i16_array_d6_b3( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4297,7 +4297,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_b0( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_c3( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4331,7 +4331,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_b0( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_d6_4e( + return libcrux_ml_kem_polynomial_from_i16_array_d6_b3( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4342,9 +4342,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_0f( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_0d( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_26( randomness); } @@ -4354,7 +4354,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_53( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_39( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4377,20 +4377,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_93( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_4d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_53(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_39(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_18(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_c6(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_23(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_fb(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_ae(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_cf(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_01(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_c2(re); } /** @@ -4407,7 +4407,7 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_41( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -4427,9 +4427,9 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_41( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_0f( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_93(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_4d(&re_as_ntt[i0]); } return domain_separator; } @@ -4444,7 +4444,7 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cf( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_25( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4453,7 +4453,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cf( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_41( + domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce( uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; @@ -4478,7 +4478,7 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_8e(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_d7(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -4495,7 +4495,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_7d(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_10(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4518,7 +4518,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_7d(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_0f( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -4570,7 +4570,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_76(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_53(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -4585,7 +4585,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_29( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_c5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4612,7 +4612,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_af( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -4640,12 +4640,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_af( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_7e(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_af(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_d6_1b(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_9d(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_11(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_d6_29(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_a6(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_d6_c5(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4659,7 +4659,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_d9( +libcrux_ml_kem_vector_traits_decompress_1_25( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4674,7 +4674,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_94( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_c6( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -4687,7 +4687,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_94( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_d9(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_25(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4705,7 +4705,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_d6_e4( +libcrux_ml_kem_polynomial_add_message_error_reduce_d6_ff( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4738,7 +4738,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_45( +libcrux_ml_kem_matrix_compute_ring_element_v_03( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4748,12 +4748,12 @@ libcrux_ml_kem_matrix_compute_ring_element_v_45( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_7e(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_d6_1b(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_af(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_9d(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_11(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_e4( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_a6(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_ff( error_2, message, result); return result; } @@ -4764,7 +4764,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_1c( +libcrux_ml_kem_vector_portable_compress_compress_5d( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4787,9 +4787,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_55( +libcrux_ml_kem_vector_portable_compress_0d_e1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_1c(v); + return libcrux_ml_kem_vector_portable_compress_compress_5d(v); } /** @@ -4799,15 +4799,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_92( +libcrux_ml_kem_serialize_compress_then_serialize_10_b4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_55( - libcrux_ml_kem_vector_traits_to_unsigned_representative_eb( + libcrux_ml_kem_vector_portable_compress_0d_e1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_11( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4825,7 +4825,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_1c0( +libcrux_ml_kem_vector_portable_compress_compress_5d0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4848,9 +4848,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_550( +libcrux_ml_kem_vector_portable_compress_0d_e10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_1c0(v); + return libcrux_ml_kem_vector_portable_compress_compress_5d0(v); } /** @@ -4860,15 +4860,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_08( +libcrux_ml_kem_serialize_compress_then_serialize_11_a6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_550( - libcrux_ml_kem_vector_traits_to_unsigned_representative_eb( + libcrux_ml_kem_vector_portable_compress_0d_e10( + libcrux_ml_kem_vector_traits_to_unsigned_representative_11( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4888,10 +4888,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_55( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_af( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_92(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_b4(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4907,7 +4907,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3b( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_fb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4923,7 +4923,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3b( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_55(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_af(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4936,7 +4936,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_1c1( +libcrux_ml_kem_vector_portable_compress_compress_5d1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4959,9 +4959,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_551( +libcrux_ml_kem_vector_portable_compress_0d_e11( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_1c1(v); + return libcrux_ml_kem_vector_portable_compress_compress_5d1(v); } /** @@ -4971,15 +4971,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_f0( +libcrux_ml_kem_serialize_compress_then_serialize_4_14( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_551( - libcrux_ml_kem_vector_traits_to_unsigned_representative_eb( + libcrux_ml_kem_vector_portable_compress_0d_e11( + libcrux_ml_kem_vector_traits_to_unsigned_representative_11( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4996,7 +4996,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_1c2( +libcrux_ml_kem_vector_portable_compress_compress_5d2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5019,9 +5019,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_552( +libcrux_ml_kem_vector_portable_compress_0d_e12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_1c2(v); + return libcrux_ml_kem_vector_portable_compress_compress_5d2(v); } /** @@ -5031,15 +5031,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_9e( +libcrux_ml_kem_serialize_compress_then_serialize_5_1a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_552( - libcrux_ml_kem_vector_traits_to_unsigned_representative_eb( + libcrux_ml_kem_vector_portable_compress_0d_e12( + libcrux_ml_kem_vector_traits_to_unsigned_representative_11( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -5058,9 +5058,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_b6( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_29( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_f0(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_14(re, out); } /** @@ -5081,12 +5081,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_48(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_91(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e0( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_58( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -5094,13 +5094,13 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_48(Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_a_out_24(ret0, false, A); + libcrux_ml_kem_matrix_sample_matrix_a_out_29(ret0, false, A); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cf( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_25( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -5110,7 +5110,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_48(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_7d( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_10( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5122,29 +5122,29 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_48(Eurydice_slice public_key, libcrux_ml_kem_hash_functions_portable_PRF_f1_9d0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_0f( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_af(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_a1(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_94( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_c6( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_45( + libcrux_ml_kem_matrix_compute_ring_element_v_03( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3b( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_fb( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_b6( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_29( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5161,7 +5161,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_ee( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_f1( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -5192,7 +5192,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_24( +static inline void libcrux_ml_kem_ind_cca_decapsulate_b9( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5210,7 +5210,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_24( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_60(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_d4(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5234,7 +5234,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_24( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_14(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -5245,18 +5245,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_24( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_48(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_91(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_ee( + libcrux_ml_kem_variant_kdf_d8_f1( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_ee(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_d8_f1(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + libcrux_ml_kem_types_as_ref_00_14(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5289,10 +5289,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_82( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_42( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_24(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b9(private_key, ciphertext, ret); } /** @@ -5305,7 +5305,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_82( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_82( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_42( private_key, ciphertext, ret); } @@ -5319,7 +5319,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_3d( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_07( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5360,11 +5360,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_05( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_79( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_3d( + libcrux_ml_kem_variant_entropy_preprocess_d8_07( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5375,7 +5375,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_05( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_23(public_key), + libcrux_ml_kem_types_as_slice_cb_60(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5390,20 +5390,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_05( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_23(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_60(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_48(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_91(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_32(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ab(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_ee(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_f1(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5434,14 +5434,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_45( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_3a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_05(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_79(uu____0, copy_of_randomness); } /** @@ -5458,10 +5458,77 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_45( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_3a( uu____0, copy_of_randomness); } +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 +libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(void) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 lit; + lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 +libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + } + uint8_t uu____1[32U] = {0U}; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + return lit; +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)#1} @@ -5472,7 +5539,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_0b( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_52( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -5488,23 +5555,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_0b( memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], -libcrux_ml_kem_variant_MlKem with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_generate_keypair_closure_84(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_19(); -} - /** A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5512,7 +5562,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_18( +libcrux_ml_kem_vector_traits_to_standard_domain_38( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5530,7 +5580,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_f7( +libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5538,7 +5588,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_f7( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_18( + libcrux_ml_kem_vector_traits_to_standard_domain_38( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5557,7 +5607,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_19( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -5582,16 +5632,113 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_19( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_7e(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_d6_1b(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_af(&t_as_ntt[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_d6_9d(&t_as_ntt[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_f7( + libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_00( &t_as_ntt[i1], &error_as_ntt[i1]); } } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_b2( + Eurydice_slice key_generation_seed, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { + uint8_t hashed[64U]; + libcrux_ml_kem_variant_cpa_keygen_seed_d8_52(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[3U] = + public_key->A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A_95(uu____1, ret, true); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 = + private_key->secret_as_ntt; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t domain_separator = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce( + uu____2, copy_of_prf_input0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_25( + copy_of_prf_input, domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_matrix_compute_As_plus_e_50( + public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, + error_as_ntt); + uint8_t uu____5[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + /** A monomorphic instance of libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types @@ -5599,14 +5746,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_54( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_eb( + libcrux_ml_kem_vector_traits_to_unsigned_representative_11( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5628,7 +5775,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_66( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_03( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5646,7 +5793,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_66( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_54(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2b(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5664,14 +5811,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_3c( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_b4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_66(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_03(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5694,57 +5841,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_74(Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_0b(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_a_out_24(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cf( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cf( - copy_of_prf_input, domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - t_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - } - libcrux_ml_kem_matrix_compute_As_plus_e_19(t_as_ntt, A_transpose, - secret_as_ntt, error_as_ntt); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, seed_for_A); +libcrux_ml_kem_ind_cpa_generate_keypair_c6(Eurydice_slice key_generation_seed) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = + libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = + libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_b2( + key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_3c( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + libcrux_ml_kem_ind_cpa_serialize_public_key_b4( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_66(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_03(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5772,7 +5882,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_4d( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f0( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5836,7 +5946,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_31(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_9c(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5845,13 +5955,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_31(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_74(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_c6(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_4d( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f0( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5860,13 +5970,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_31(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_ae(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_04(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2a( - uu____2, libcrux_ml_kem_types_from_b6_25(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_28( + uu____2, libcrux_ml_kem_types_from_b6_eb(copy_of_public_key)); } /** @@ -5885,12 +5995,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_0f( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_f1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_31(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_9c(copy_of_randomness); } /** @@ -5901,7 +6011,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_0f( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_f1( copy_of_randomness); } @@ -5916,7 +6026,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_5f( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_8e( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5927,7 +6037,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_5f( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_35(ciphertext), + libcrux_ml_kem_types_as_slice_d4_8c(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -5960,7 +6070,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_240( +static inline void libcrux_ml_kem_ind_cca_decapsulate_b90( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5978,7 +6088,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_240( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_60(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_d4(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6002,7 +6112,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_240( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_14(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -6013,18 +6123,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_240( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_48(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_91(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_5f( + libcrux_ml_kem_variant_kdf_33_8e( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_5f(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_33_8e(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + libcrux_ml_kem_types_as_ref_00_14(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6058,10 +6168,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_27( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_07( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_240(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b90(private_key, ciphertext, ret); } /** @@ -6074,7 +6184,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_27( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_27( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_07( private_key, ciphertext, ret); } @@ -6088,7 +6198,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_1f( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_57( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_c6(randomness, ret); } @@ -6112,11 +6222,11 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_050( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_790( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_1f( + libcrux_ml_kem_variant_entropy_preprocess_33_57( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6127,7 +6237,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_050( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_23(public_key), + libcrux_ml_kem_types_as_slice_cb_60(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6142,20 +6252,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_050( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_23(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_60(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_48(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_91(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_32(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ab(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_5f(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_8e(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6190,14 +6300,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_bb( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_050(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_790(uu____0, copy_of_randomness); } /** @@ -6214,42 +6324,10 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_bb( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7f( uu____0, copy_of_randomness); } -/** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_33 -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_36( - Eurydice_slice key_generation_seed, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_portable_G_f1_07(key_generation_seed, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], -libcrux_ml_kem_variant_Kyber with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_generate_keypair_closure_840(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_19(); -} - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6263,58 +6341,21 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_740( +libcrux_ml_kem_ind_cpa_generate_keypair_c60( Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_36(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_a_out_24(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cf( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cf( - copy_of_prf_input, domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - t_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - } - libcrux_ml_kem_matrix_compute_As_plus_e_19(t_as_ntt, A_transpose, - secret_as_ntt, error_as_ntt); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, seed_for_A); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = + libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = + libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_b2( + key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_3c( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + libcrux_ml_kem_ind_cpa_serialize_public_key_b4( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_66(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_03(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6354,7 +6395,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_310(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_9c0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6363,13 +6404,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_310(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_740(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_c60(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_4d( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f0( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6378,13 +6419,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_310(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_ae(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_04(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2a( - uu____2, libcrux_ml_kem_types_from_b6_25(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_28( + uu____2, libcrux_ml_kem_types_from_b6_eb(copy_of_public_key)); } /** @@ -6400,12 +6441,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_0f( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_3a( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_310(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_9c0(copy_of_randomness); } /** @@ -6417,7 +6458,7 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_0f( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_3a( copy_of_randomness); } @@ -6436,7 +6477,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_2e( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_4c( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -6464,10 +6505,10 @@ generics - CIPHERTEXT_SIZE= 1088 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_67( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_14( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_2e(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_4c(private_key, ciphertext); } @@ -6479,7 +6520,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_67( static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_67( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_14( private_key, ciphertext); } @@ -6491,7 +6532,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_e10( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_630( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -6510,7 +6551,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e00( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_580( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; @@ -6528,7 +6569,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e00( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8e( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_f0( ring_element); deserialized_pk[i0] = uu____0; } @@ -6552,16 +6593,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_8b( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_03( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e00( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_580( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_3c( + libcrux_ml_kem_ind_cpa_serialize_public_key_b4( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6582,9 +6623,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_57( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_84( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_8b(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_03(public_key); } /** @@ -6594,22 +6635,10 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_57( */ static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_57( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_84( public_key->value); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8; - /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6701,7 +6730,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_78( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_91( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -6709,7 +6738,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_78( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cf( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_25( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -6719,7 +6748,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_78( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_7d( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_10( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -6731,30 +6760,30 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_78( libcrux_ml_kem_hash_functions_portable_PRF_f1_9d0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_0f( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_af(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_94( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_c6( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_45( + libcrux_ml_kem_matrix_compute_ring_element_v_03( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3b( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_fb( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_b6( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_29( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -6782,11 +6811,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_7d( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_fc( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_3a( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_fb( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6816,7 +6845,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_7d( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_14(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -6828,11 +6857,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_7d( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_78( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_91( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + libcrux_ml_kem_types_as_ref_00_14(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -6868,10 +6897,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_34( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_b3( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_7d(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_fc(key_pair, ciphertext, ret); } /** @@ -6885,7 +6914,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_34( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_b3( private_key, ciphertext, ret); } @@ -6908,7 +6937,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_e9( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_03( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6936,7 +6965,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_e9( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_78(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_91(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6946,7 +6975,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_e9( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_32(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ab(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6979,7 +7008,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_c0( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_4f( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -6987,7 +7016,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_c0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_e9(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_03(uu____0, copy_of_randomness); } @@ -7007,107 +7036,10 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_c0( + return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_4f( uu____0, copy_of_randomness); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_09( - Eurydice_slice key_generation_seed, - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { - uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_0b(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[3U] = - public_key->A; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A_30(uu____1, ret, true); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, - prf_input); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 = - private_key->secret_as_ntt; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_41( - uu____2, copy_of_prf_input0, 0U); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cf( - copy_of_prf_input, domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_matrix_compute_As_plus_e_19( - public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, - error_as_ntt); - uint8_t uu____5[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____5); - memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); -} - /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair.closure.closure with types @@ -7123,7 +7055,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_a5(size_t _j) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_17(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -7141,7 +7073,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_07( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_ea( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -7160,7 +7092,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_17_06( +libcrux_ml_kem_polynomial_clone_17_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -7173,6 +7105,9 @@ libcrux_ml_kem_polynomial_clone_17_06( return lit; } +/** + Generate Unpacked Keys +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -7186,7 +7121,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_2b( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_7b( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -7196,19 +7131,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_2b( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_09( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_b2( ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_07(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_ea(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_clone_17_06( + libcrux_ml_kem_polynomial_clone_17_1c( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -7221,7 +7156,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_2b( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_3c( + libcrux_ml_kem_ind_cpa_serialize_public_key_b4( out->public_key.ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice( (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), @@ -7240,6 +7175,9 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_2b( (size_t)32U * sizeof(uint8_t)); } +/** + Generate a key pair +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.generate_keypair with @@ -7253,13 +7191,13 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_9d( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_14( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_2b(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_7b(copy_of_randomness, out); } /** @@ -7272,84 +7210,63 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_9d( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_14( copy_of_randomness, key_pair); } /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0, TraitClause@1])#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_53 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_43 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_53_10(void) { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____0; - uu____0.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - uu____0.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - uu____0.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____1; - uu____1.ind_cpa_private_key = uu____0; - uu____1.implicit_rejection_value[0U] = 0U; - uu____1.implicit_rejection_value[1U] = 0U; - uu____1.implicit_rejection_value[2U] = 0U; - uu____1.implicit_rejection_value[3U] = 0U; - uu____1.implicit_rejection_value[4U] = 0U; - uu____1.implicit_rejection_value[5U] = 0U; - uu____1.implicit_rejection_value[6U] = 0U; - uu____1.implicit_rejection_value[7U] = 0U; - uu____1.implicit_rejection_value[8U] = 0U; - uu____1.implicit_rejection_value[9U] = 0U; - uu____1.implicit_rejection_value[10U] = 0U; - uu____1.implicit_rejection_value[11U] = 0U; - uu____1.implicit_rejection_value[12U] = 0U; - uu____1.implicit_rejection_value[13U] = 0U; - uu____1.implicit_rejection_value[14U] = 0U; - uu____1.implicit_rejection_value[15U] = 0U; - uu____1.implicit_rejection_value[16U] = 0U; - uu____1.implicit_rejection_value[17U] = 0U; - uu____1.implicit_rejection_value[18U] = 0U; - uu____1.implicit_rejection_value[19U] = 0U; - uu____1.implicit_rejection_value[20U] = 0U; - uu____1.implicit_rejection_value[21U] = 0U; - uu____1.implicit_rejection_value[22U] = 0U; - uu____1.implicit_rejection_value[23U] = 0U; - uu____1.implicit_rejection_value[24U] = 0U; - uu____1.implicit_rejection_value[25U] = 0U; - uu____1.implicit_rejection_value[26U] = 0U; - uu____1.implicit_rejection_value[27U] = 0U; - uu____1.implicit_rejection_value[28U] = 0U; - uu____1.implicit_rejection_value[29U] = 0U; - uu____1.implicit_rejection_value[30U] = 0U; - uu____1.implicit_rejection_value[31U] = 0U; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - uu____2[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - } - uint8_t uu____3[32U] = {0U}; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____4; - memcpy( - uu____4.t_as_ntt, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(uu____4.seed_for_A, uu____3, (size_t)32U * sizeof(uint8_t)); - uu____4.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - uu____4.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - uu____4.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - uu____4.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - uu____4.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - uu____4.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - uu____4.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - uu____4.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - uu____4.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + libcrux_ml_kem_ind_cca_unpacked_default_43_9b(void) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0; + uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); + uu____0.implicit_rejection_value[0U] = 0U; + uu____0.implicit_rejection_value[1U] = 0U; + uu____0.implicit_rejection_value[2U] = 0U; + uu____0.implicit_rejection_value[3U] = 0U; + uu____0.implicit_rejection_value[4U] = 0U; + uu____0.implicit_rejection_value[5U] = 0U; + uu____0.implicit_rejection_value[6U] = 0U; + uu____0.implicit_rejection_value[7U] = 0U; + uu____0.implicit_rejection_value[8U] = 0U; + uu____0.implicit_rejection_value[9U] = 0U; + uu____0.implicit_rejection_value[10U] = 0U; + uu____0.implicit_rejection_value[11U] = 0U; + uu____0.implicit_rejection_value[12U] = 0U; + uu____0.implicit_rejection_value[13U] = 0U; + uu____0.implicit_rejection_value[14U] = 0U; + uu____0.implicit_rejection_value[15U] = 0U; + uu____0.implicit_rejection_value[16U] = 0U; + uu____0.implicit_rejection_value[17U] = 0U; + uu____0.implicit_rejection_value[18U] = 0U; + uu____0.implicit_rejection_value[19U] = 0U; + uu____0.implicit_rejection_value[20U] = 0U; + uu____0.implicit_rejection_value[21U] = 0U; + uu____0.implicit_rejection_value[22U] = 0U; + uu____0.implicit_rejection_value[23U] = 0U; + uu____0.implicit_rejection_value[24U] = 0U; + uu____0.implicit_rejection_value[25U] = 0U; + uu____0.implicit_rejection_value[26U] = 0U; + uu____0.implicit_rejection_value[27U] = 0U; + uu____0.implicit_rejection_value[28U] = 0U; + uu____0.implicit_rejection_value[29U] = 0U; + uu____0.implicit_rejection_value[30U] = 0U; + uu____0.implicit_rejection_value[31U] = 0U; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____1 = + libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked lit; - lit.private_key = uu____1; - lit.public_key.ind_cpa_public_key = uu____4; + lit.private_key = uu____0; + lit.public_key.ind_cpa_public_key = uu____1; lit.public_key.public_key_hash[0U] = 0U; lit.public_key.public_key_hash[1U] = 0U; lit.public_key.public_key_hash[2U] = 0U; @@ -7390,7 +7307,119 @@ static KRML_MUSTINLINE */ static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_53_10(); + return libcrux_ml_kem_ind_cca_unpacked_default_43_9b(); +} + +/** + Get the serialized public key. +*/ +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_dd with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static inline libcrux_ml_kem_types_MlKemPublicKey_15 +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_dd_99( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) { + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_b4( + self->ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, + uint8_t), + public_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_b6_eb(copy_of_public_key_serialized); +} + +/** + Get the serialized public key. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.serialized_public_key +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static inline libcrux_ml_kem_types_MlKemPublicKey_15 +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_serialized_public_key_db( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key) { + return libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_dd_99( + public_key); +} + +/** + Get the serialized public key. +*/ +static inline libcrux_ml_kem_types_MlKemPublicKey_15 +libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key) { + return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_serialized_public_key_db( + public_key); +} + +/** + Generate an unpacked key from a packed key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.unpack_public_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- K= 3 +- T_AS_NTT_ENCODED_SIZE= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 +libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { + KRML_HOST_EPRINTF( + "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "Eurydice error: Failure(\"TODO: TraitTypes " + "libcrux_ml_kem::types::index_impls::{core::ops::index::Index[core::marker::Sized]> for " + "libcrux_ml_kem::types::MlKemPublicKey}#20::Output\")\n"); + KRML_HOST_EXIT(255U); +} + +/** + Get the unpacked public key. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.unpack_public_key with +const generics +- K= 3 +- T_AS_NTT_ENCODED_SIZE= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_8f( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { + return libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40(public_key); +} + +/** + Get the unpacked public key. +*/ +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 +libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { + return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_8f( + public_key); } /** diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 54a84b3ce..dad37856a 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 - * Eurydice: 36ae22046856004fa274a38d29b1697974017344 + * Eurydice: 207141ec7b9ad912b3c0a4ad3bd405fe70948a04 * Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76a08da6b710a8d725d134bc5dfe88f4b9712ad5 + * Libcrux: 16c5cbb1567f75eae528439541818205846c84da */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 193ef332c..54d285f72 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 - * Eurydice: 36ae22046856004fa274a38d29b1697974017344 + * Eurydice: 207141ec7b9ad912b3c0a4ad3bd405fe70948a04 * Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76a08da6b710a8d725d134bc5dfe88f4b9712ad5 + * Libcrux: 16c5cbb1567f75eae528439541818205846c84da */ #ifndef __libcrux_sha3_portable_H diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index a8c1132a9..b50142775 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -279,12 +279,14 @@ pub(crate) fn decapsulate< /// Types for the unpacked API. #[cfg(feature = "unpacked")] pub(crate) mod unpacked { + use core::array::from_fn; + use super::*; use crate::{ constant_time_ops::{ compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, }, - ind_cpa::{self, generate_keypair_unpacked, unpacked::*}, + ind_cpa::{generate_keypair_unpacked, unpacked::*}, matrix::sample_matrix_a_out, polynomial::PolynomialRingElement, vector::traits::Operations, @@ -308,35 +310,37 @@ pub(crate) mod unpacked { pub public_key: MlKemPublicKeyUnpacked, } - impl MlKemPublicKeyUnpacked { - /// Generate an unpacked key from a packed key. - pub(crate) fn from_public_key< - const T_AS_NTT_ENCODED_SIZE: usize, - const RANKED_BYTES_PER_RING_ELEMENT: usize, - const PUBLIC_KEY_SIZE: usize, - Hasher: Hash, - >( - public_key: &MlKemPublicKey, - ) -> Self { - let t_as_ntt = deserialize_ring_elements_reduced::( - &public_key[..T_AS_NTT_ENCODED_SIZE], - ); - let seed_for_a = into_padded_array(&public_key[T_AS_NTT_ENCODED_SIZE..]); - let a = sample_matrix_a_out::( - into_padded_array(&public_key[T_AS_NTT_ENCODED_SIZE..]), - false, - ); + /// Generate an unpacked key from a packed key. + pub(crate) fn unpack_public_key< + const K: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, + Hasher: Hash, + Vector: Operations, + >( + public_key: &MlKemPublicKey, + ) -> MlKemPublicKeyUnpacked { + let t_as_ntt = deserialize_ring_elements_reduced::( + &public_key[..T_AS_NTT_ENCODED_SIZE], + ); + let seed_for_a = into_padded_array(&public_key[T_AS_NTT_ENCODED_SIZE..]); + let a = sample_matrix_a_out::( + into_padded_array(&public_key[T_AS_NTT_ENCODED_SIZE..]), + false, + ); - Self { - ind_cpa_public_key: IndCpaPublicKeyUnpacked { - t_as_ntt, - seed_for_A: seed_for_a, - A: a, - }, - public_key_hash: Hasher::H(public_key.as_slice()), - } + MlKemPublicKeyUnpacked { + ind_cpa_public_key: IndCpaPublicKeyUnpacked { + t_as_ntt, + seed_for_A: seed_for_a, + A: a, + }, + public_key_hash: Hasher::H(public_key.as_slice()), } + } + impl MlKemPublicKeyUnpacked { /// Get the serialized public key. pub fn serialized_public_key< const RANKED_BYTES_PER_RING_ELEMENT: usize, @@ -354,13 +358,6 @@ pub(crate) mod unpacked { } } - impl MlKemPrivateKeyUnpacked { - /// Generate an unpacked key from a packed key. - pub fn from_private_key(private_key: MlKemPrivateKey) -> Self { - todo!() - } - } - impl MlKemKeyPairUnpacked { /// Create a new empty unpacked key pair. #[inline(always)] @@ -390,17 +387,11 @@ pub(crate) mod unpacked { fn default() -> Self { Self { private_key: MlKemPrivateKeyUnpacked { - ind_cpa_private_key: IndCpaPrivateKeyUnpacked { - secret_as_ntt: [PolynomialRingElement::::ZERO(); K], - }, + ind_cpa_private_key: IndCpaPrivateKeyUnpacked::default(), implicit_rejection_value: [0u8; 32], }, public_key: MlKemPublicKeyUnpacked { - ind_cpa_public_key: IndCpaPublicKeyUnpacked { - t_as_ntt: [PolynomialRingElement::::ZERO(); K], - seed_for_A: [0u8; 32], - A: [[PolynomialRingElement::::ZERO(); K]; K], - }, + ind_cpa_public_key: IndCpaPublicKeyUnpacked::default(), public_key_hash: [0u8; 32], }, } @@ -435,14 +426,12 @@ pub(crate) mod unpacked { // We would like to write the following but it is not supported by Eurydice yet. // https://github.com/AeneasVerif/eurydice/issues/39 // - // let A = core::array::from_fn(|i| { - // core::array::from_fn(|j| A_transpose[j][i]) + // let A = from_fn(|i| { + // from_fn(|j| A_transpose[j][i]) // }); #[allow(non_snake_case)] - let mut A = core::array::from_fn(|_i| { - core::array::from_fn(|_j| PolynomialRingElement::::ZERO()) - }); + let mut A = from_fn(|_i| from_fn(|_j| PolynomialRingElement::::ZERO())); for i in 0..K { for j in 0..K { A[i][j] = out.public_key.ind_cpa_public_key.A[j][i].clone(); diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index 39a14bcd9..e369d52b4 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -283,7 +283,7 @@ macro_rules! instantiate { } /// Get the unpacked public key. - pub(crate) fn unpacked_public_key< + pub(crate) fn unpack_public_key< const K: usize, const T_AS_NTT_ENCODED_SIZE: usize, const RANKED_BYTES_PER_RING_ELEMENT: usize, @@ -291,11 +291,13 @@ macro_rules! instantiate { >( public_key: &MlKemPublicKey, ) -> MlKemPublicKeyUnpacked { - MlKemPublicKeyUnpacked::from_public_key::< + crate::ind_cca::unpacked::unpack_public_key::< + K, T_AS_NTT_ENCODED_SIZE, RANKED_BYTES_PER_RING_ELEMENT, PUBLIC_KEY_SIZE, $hash, + $vector, >(public_key) } diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 2dc2c7c69..f14f649d7 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -1,3 +1,5 @@ +use core::array::from_fn; + #[cfg(feature = "unpacked")] use crate::variant::MlKem; use crate::{ @@ -30,6 +32,14 @@ pub mod unpacked { pub(crate) secret_as_ntt: [PolynomialRingElement; K], } + impl Default for IndCpaPrivateKeyUnpacked { + fn default() -> Self { + Self { + secret_as_ntt: [PolynomialRingElement::::ZERO(); K], + } + } + } + /// An unpacked ML-KEM IND-CPA Private Key #[cfg(feature = "unpacked")] pub(crate) struct IndCpaPublicKeyUnpacked { @@ -37,6 +47,16 @@ pub mod unpacked { pub(crate) seed_for_A: [u8; 32], pub(crate) A: [[PolynomialRingElement; K]; K], } + + impl Default for IndCpaPublicKeyUnpacked { + fn default() -> Self { + Self { + t_as_ntt: [PolynomialRingElement::::ZERO(); K], + seed_for_A: [0u8; 32], + A: [[PolynomialRingElement::::ZERO(); K]; K], + } + } + } } use unpacked::*; @@ -88,7 +108,7 @@ fn sample_ring_element_cbd< prf_input: [u8; 33], mut domain_separator: u8, ) -> ([PolynomialRingElement; K], u8) { - let mut error_1 = core::array::from_fn(|_i| PolynomialRingElement::::ZERO()); + let mut error_1 = from_fn(|_i| PolynomialRingElement::::ZERO()); let mut prf_inputs = [prf_input; K]; for i in 0..K { prf_inputs[i][32] = domain_separator; @@ -139,7 +159,7 @@ fn sample_vector_cbd_then_ntt_out< prf_input: [u8; 33], mut domain_separator: u8, ) -> ([PolynomialRingElement; K], u8) { - let mut re_as_ntt = core::array::from_fn(|_i| PolynomialRingElement::::ZERO()); + let mut re_as_ntt = from_fn(|_i| PolynomialRingElement::::ZERO()); domain_separator = sample_vector_cbd_then_ntt::( &mut re_as_ntt, prf_input, @@ -246,14 +266,8 @@ pub(crate) fn generate_keypair< >( key_generation_seed: &[u8], ) -> ([u8; PRIVATE_KEY_SIZE], [u8; PUBLIC_KEY_SIZE]) { - let mut private_key = IndCpaPrivateKeyUnpacked { - secret_as_ntt: [PolynomialRingElement::::ZERO(); K], - }; - let mut public_key = IndCpaPublicKeyUnpacked { - t_as_ntt: [PolynomialRingElement::::ZERO(); K], - seed_for_A: [0u8; 32], - A: [[PolynomialRingElement::::ZERO(); K]; K], - }; + let mut private_key = IndCpaPrivateKeyUnpacked::default(); + let mut public_key = IndCpaPublicKeyUnpacked::default(); generate_keypair_unpacked::( key_generation_seed, @@ -512,7 +526,7 @@ fn deserialize_then_decompress_u< >( ciphertext: &[u8; CIPHERTEXT_SIZE], ) -> [PolynomialRingElement; K] { - let mut u_as_ntt = core::array::from_fn(|_| PolynomialRingElement::::ZERO()); + let mut u_as_ntt = from_fn(|_| PolynomialRingElement::::ZERO()); cloop! { for (i, u_bytes) in ciphertext .chunks_exact((COEFFICIENTS_IN_RING_ELEMENT * U_COMPRESSION_FACTOR) / 8) @@ -530,7 +544,7 @@ fn deserialize_then_decompress_u< fn deserialize_secret_key( secret_key: &[u8], ) -> [PolynomialRingElement; K] { - let mut secret_as_ntt = core::array::from_fn(|_| PolynomialRingElement::::ZERO()); + let mut secret_as_ntt = from_fn(|_| PolynomialRingElement::::ZERO()); cloop! { for (i, secret_bytes) in secret_key.chunks_exact(BYTES_PER_RING_ELEMENT).enumerate() { secret_as_ntt[i] = deserialize_to_uncompressed_ring_element(secret_bytes); diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 397130e95..93505a365 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -254,7 +254,7 @@ macro_rules! instantiate { pub fn unpacked_public_key( public_key: &MlKem1024PublicKey, ) -> MlKem1024PublicKeyUnpacked { - p::unpacked::unpacked_public_key::< + p::unpacked::unpack_public_key::< RANK_1024, T_AS_NTT_ENCODED_SIZE_1024, RANKED_BYTES_PER_RING_ELEMENT_1024, diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index a1a8a07e5..dc146ca59 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -245,7 +245,7 @@ macro_rules! instantiate { pub fn unpacked_public_key( public_key: &MlKem512PublicKey, ) -> MlKem512PublicKeyUnpacked { - p::unpacked::unpacked_public_key::< + p::unpacked::unpack_public_key::< RANK_512, T_AS_NTT_ENCODED_SIZE_512, RANKED_BYTES_PER_RING_ELEMENT_512, diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 4f5c64078..6be10c261 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -247,7 +247,7 @@ macro_rules! instantiate { pub fn unpacked_public_key( public_key: &MlKem768PublicKey, ) -> MlKem768PublicKeyUnpacked { - p::unpacked::unpacked_public_key::< + p::unpacked::unpack_public_key::< RANK_768, T_AS_NTT_ENCODED_SIZE_768, RANKED_BYTES_PER_RING_ELEMENT_768, diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index 3fb370d6b..b0230875f 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -14,7 +14,7 @@ pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = [ pub(crate) const VECTORS_IN_RING_ELEMENT: usize = super::constants::COEFFICIENTS_IN_RING_ELEMENT / FIELD_ELEMENTS_IN_VECTOR; -#[cfg_attr(eurydice, derive(Clone))] +#[cfg_attr(eurydice, derive(Clone, Copy))] #[cfg_attr(not(eurydice), derive(Clone, Copy))] pub(crate) struct PolynomialRingElement { pub(crate) coefficients: [Vector; VECTORS_IN_RING_ELEMENT], From 263b880c929ee0f64f734e17d0e09d3d57c98306 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 11 Sep 2024 16:20:18 +0200 Subject: [PATCH 141/172] Fix benchmarks --- libcrux-ml-dsa/benches/bench_utils.rs | 6 +++--- libcrux-ml-dsa/benches/ml-dsa.rs | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/libcrux-ml-dsa/benches/bench_utils.rs b/libcrux-ml-dsa/benches/bench_utils.rs index 0ea3450e8..1eb958c27 100644 --- a/libcrux-ml-dsa/benches/bench_utils.rs +++ b/libcrux-ml-dsa/benches/bench_utils.rs @@ -51,7 +51,7 @@ macro_rules! bench { // Warmup for _ in 0..bench_utils::WARMUP_ITERATIONS { let input = $setup($input); - $routine(input); + let _ = $routine(input); } // Benchmark @@ -59,7 +59,7 @@ macro_rules! bench { let input = $setup($input); let start = std::time::Instant::now(); - core::hint::black_box($routine(input)); + let _ = core::hint::black_box($routine(input)); let end = std::time::Instant::now(); time += end.duration_since(start); @@ -116,7 +116,7 @@ macro_rules! bench_group_libcrux { let signing_randomness: [u8; SIGNING_RANDOMNESS_SIZE] = bench_utils::random_array(); let message = bench_utils::random_array::<1023>(); let keypair = p::generate_key_pair(key_generation_seed); - let signature = p::sign(&keypair.signing_key, &message, signing_randomness); + let signature = p::sign(&keypair.signing_key, &message, signing_randomness).unwrap(); (keypair, message, signature) }, |(keypair, message, signature): ($keypair_t, [u8; 1023], $signature_t)| { diff --git a/libcrux-ml-dsa/benches/ml-dsa.rs b/libcrux-ml-dsa/benches/ml-dsa.rs index b4957030b..ac1b96ed8 100644 --- a/libcrux-ml-dsa/benches/ml-dsa.rs +++ b/libcrux-ml-dsa/benches/ml-dsa.rs @@ -67,7 +67,7 @@ pub fn comparisons_verification(c: &mut Criterion) { let keypair = ml_dsa_65::generate_key_pair(randomness); rng.fill_bytes(&mut randomness); - let signature = ml_dsa_65::sign(&keypair.signing_key, &message, randomness); + let signature = ml_dsa_65::sign(&keypair.signing_key, &message, randomness).unwrap(); group.bench_function("libcrux", move |b| { b.iter(|| { From 6ba626316c5fa316965571fb29c293783dd6073d Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 11 Sep 2024 16:21:07 +0200 Subject: [PATCH 142/172] Format --- libcrux-ml-dsa/benches/bench_utils.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libcrux-ml-dsa/benches/bench_utils.rs b/libcrux-ml-dsa/benches/bench_utils.rs index 1eb958c27..52b63e16b 100644 --- a/libcrux-ml-dsa/benches/bench_utils.rs +++ b/libcrux-ml-dsa/benches/bench_utils.rs @@ -116,7 +116,8 @@ macro_rules! bench_group_libcrux { let signing_randomness: [u8; SIGNING_RANDOMNESS_SIZE] = bench_utils::random_array(); let message = bench_utils::random_array::<1023>(); let keypair = p::generate_key_pair(key_generation_seed); - let signature = p::sign(&keypair.signing_key, &message, signing_randomness).unwrap(); + let signature = + p::sign(&keypair.signing_key, &message, signing_randomness).unwrap(); (keypair, message, signature) }, |(keypair, message, signature): ($keypair_t, [u8; 1023], $signature_t)| { From a452304be00dde2b06461bfc85d24551868a2457 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 11 Sep 2024 16:23:35 +0200 Subject: [PATCH 143/172] Build benchmarks (without running) on CI --- .github/workflows/mldsa.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/mldsa.yml b/.github/workflows/mldsa.yml index a05d1e6c3..40be6f8c0 100644 --- a/.github/workflows/mldsa.yml +++ b/.github/workflows/mldsa.yml @@ -98,3 +98,9 @@ jobs: run: | cargo clean cargo test --verbose --release $RUST_TARGET_FLAG + + # Benchmarks + - name: 🔨 Build Benchmarks + run: | + cargo clean + cargo bench --no-run From f484e75746872cf3e062c11db2a3ee1b7bffee0b Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Thu, 12 Sep 2024 16:36:50 +0200 Subject: [PATCH 144/172] Use the right SIMD unit for AVX2 --- libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs index 6149e50f3..1ef02a3a2 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs @@ -129,7 +129,7 @@ instantiate! {portable, // AVX2 generic implementation. #[cfg(feature = "simd256")] instantiate! {avx2, - crate::simd::portable::PortableSIMDUnit, + crate::simd::avx2::AVX2SIMDUnit, crate::hash_functions::simd256::Shake128x4, crate::hash_functions::simd256::Shake256, crate::hash_functions::simd256::Shake256x4 From 820917887719aec8e8629dd2fa35c34974eda150 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Thu, 12 Sep 2024 16:47:24 +0200 Subject: [PATCH 145/172] Extend multiplexing --- libcrux-ml-dsa/benches/manual65.rs | 21 ++++- libcrux-ml-dsa/benches/manual87.rs | 21 ++++- libcrux-ml-dsa/src/ml_dsa_65.rs | 144 +++++++++++++++++++++------- libcrux-ml-dsa/src/ml_dsa_87.rs | 146 +++++++++++++++++++++-------- 4 files changed, 257 insertions(+), 75 deletions(-) diff --git a/libcrux-ml-dsa/benches/manual65.rs b/libcrux-ml-dsa/benches/manual65.rs index 18c6598dc..bec7eac45 100644 --- a/libcrux-ml-dsa/benches/manual65.rs +++ b/libcrux-ml-dsa/benches/manual65.rs @@ -8,6 +8,25 @@ use pqcrypto_dilithium; mod bench_utils; fn main() { - bench_group_libcrux!("65", ml_dsa_65, MLDSA65KeyPair, MLDSA65Signature); + bench_group_libcrux!( + "65 portable", + ml_dsa_65::portable, + MLDSA65KeyPair, + MLDSA65Signature + ); + #[cfg(feature = "simd128")] + bench_group_libcrux!( + "65 sim1d28", + ml_dsa_65::neon, + MLDSA65KeyPair, + MLDSA65Signature + ); + #[cfg(feature = "simd256")] + bench_group_libcrux!( + "65 simd256", + ml_dsa_65::avx2, + MLDSA65KeyPair, + MLDSA65Signature + ); bench_group_pqclean!("65", dilithium3); } diff --git a/libcrux-ml-dsa/benches/manual87.rs b/libcrux-ml-dsa/benches/manual87.rs index 4daf07f24..5b49f39c9 100644 --- a/libcrux-ml-dsa/benches/manual87.rs +++ b/libcrux-ml-dsa/benches/manual87.rs @@ -8,6 +8,25 @@ use pqcrypto_dilithium; mod bench_utils; fn main() { - bench_group_libcrux!("87", ml_dsa_87, MLDSA87KeyPair, MLDSA87Signature); + bench_group_libcrux!( + "87 portable", + ml_dsa_87::portable, + MLDSA87KeyPair, + MLDSA87Signature + ); + #[cfg(feature = "simd128")] + bench_group_libcrux!( + "87 sim1d28", + ml_dsa_87::neon, + MLDSA87KeyPair, + MLDSA87Signature + ); + #[cfg(feature = "simd256")] + bench_group_libcrux!( + "87 simd256", + ml_dsa_87::avx2, + MLDSA87KeyPair, + MLDSA87Signature + ); bench_group_pqclean!("87", dilithium5); } diff --git a/libcrux-ml-dsa/src/ml_dsa_65.rs b/libcrux-ml-dsa/src/ml_dsa_65.rs index 03164928b..9d8044471 100644 --- a/libcrux-ml-dsa/src/ml_dsa_65.rs +++ b/libcrux-ml-dsa/src/ml_dsa_65.rs @@ -1,4 +1,9 @@ -use crate::{constants::*, types::*, SigningError, VerificationError}; +use crate::{ + constants::*, + ml_dsa_generic::{self, multiplexing}, + types::*, + SigningError, VerificationError, +}; // ML-DSA-65-specific parameters @@ -62,35 +67,100 @@ pub type MLDSA65VerificationKey = MLDSAVerificationKey; pub type MLDSA65KeyPair = MLDSAKeyPair; pub type MLDSA65Signature = MLDSASignature; -// TODO: Multiplex more intelligently. -#[cfg(feature = "simd256")] -type SIMDUnit = crate::simd::avx2::AVX2SIMDUnit; -#[cfg(not(feature = "simd256"))] -type SIMDUnit = crate::simd::portable::PortableSIMDUnit; - -#[cfg(feature = "simd256")] -type Shake128X4 = crate::hash_functions::simd256::Shake128x4; -#[cfg(not(feature = "simd256"))] -type Shake128X4 = crate::hash_functions::portable::Shake128X4; +// Instantiate the different functions. +macro_rules! instantiate { + ($modp:ident, $p:path, $doc:expr) => { + #[doc = $doc] + pub mod $modp { + use super::*; + use $p as p; + + /// Generate an ML-DSA-65 Key Pair + pub fn generate_key_pair( + randomness: [u8; KEY_GENERATION_RANDOMNESS_SIZE], + ) -> MLDSA65KeyPair { + let (signing_key, verification_key) = p::generate_key_pair::< + ROWS_IN_A, + COLUMNS_IN_A, + ETA, + ERROR_RING_ELEMENT_SIZE, + SIGNING_KEY_SIZE, + VERIFICATION_KEY_SIZE, + >(randomness); + + MLDSA65KeyPair { + signing_key: MLDSASigningKey(signing_key), + verification_key: MLDSAVerificationKey(verification_key), + } + } + + /// Generate an ML-DSA-65 Signature + pub fn sign( + signing_key: &MLDSA65SigningKey, + message: &[u8], + randomness: [u8; SIGNING_RANDOMNESS_SIZE], + ) -> Result { + p::sign::< + ROWS_IN_A, + COLUMNS_IN_A, + ETA, + ERROR_RING_ELEMENT_SIZE, + GAMMA1_EXPONENT, + GAMMA2, + COMMITMENT_RING_ELEMENT_SIZE, + COMMITMENT_VECTOR_SIZE, + COMMITMENT_HASH_SIZE, + ONES_IN_VERIFIER_CHALLENGE, + MAX_ONES_IN_HINT, + GAMMA1_RING_ELEMENT_SIZE, + SIGNING_KEY_SIZE, + SIGNATURE_SIZE, + >(&signing_key.0, message, randomness) + } + + /// Verify an ML-DSA-65 Signature + pub fn verify( + verification_key: &MLDSA65VerificationKey, + message: &[u8], + signature: &MLDSA65Signature, + ) -> Result<(), VerificationError> { + p::verify::< + ROWS_IN_A, + COLUMNS_IN_A, + SIGNATURE_SIZE, + VERIFICATION_KEY_SIZE, + GAMMA1_EXPONENT, + GAMMA1_RING_ELEMENT_SIZE, + GAMMA2, + BETA, + COMMITMENT_RING_ELEMENT_SIZE, + COMMITMENT_VECTOR_SIZE, + COMMITMENT_HASH_SIZE, + ONES_IN_VERIFIER_CHALLENGE, + MAX_ONES_IN_HINT, + >(&verification_key.0, message, &signature.0) + } + } + }; +} -#[cfg(feature = "simd256")] -type Shake256X4 = crate::hash_functions::simd256::Shake256x4; -#[cfg(not(feature = "simd256"))] -type Shake256X4 = crate::hash_functions::portable::Shake256X4; +// Instantiations -// TODO: This is all portable for now. +instantiate! {portable, ml_dsa_generic::instantiations::portable, "Portable ML-DSA 65"} #[cfg(feature = "simd256")] -type Shake256 = crate::hash_functions::portable::Shake256; -#[cfg(not(feature = "simd256"))] -type Shake256 = crate::hash_functions::portable::Shake256; - -/// Generate an ML-DSA-65 Key Pair +instantiate! {avx2, ml_dsa_generic::instantiations::avx2, "AVX2 Optimised ML-DSA 65"} +#[cfg(feature = "simd128")] +instantiate! {neon, ml_dsa_generic::instantiations::neon, "Neon Optimised ML-DSA 65"} + +/// Generate an ML-DSA 65 Key Pair +/// +/// Generate an ML-DSA key pair. The input is a byte array of size +/// [`KEY_GENERATION_RANDOMNESS_SIZE`]. +/// +/// This function returns an [`MLDSA65KeyPair`]. +#[cfg(not(eurydice))] pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_RANDOMNESS_SIZE]) -> MLDSA65KeyPair { - let (signing_key, verification_key) = crate::ml_dsa_generic::generate_key_pair::< - SIMDUnit, - Shake128X4, - Shake256, - Shake256X4, + let (signing_key, verification_key) = multiplexing::generate_key_pair::< ROWS_IN_A, COLUMNS_IN_A, ETA, @@ -105,17 +175,18 @@ pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_RANDOMNESS_SIZE]) -> ML } } -/// Generate an ML-DSA-65 Signature +/// Sign with ML-DSA 65 +/// +/// Sign a `message` with the ML-DSA `signing_key`. +/// +/// This function returns an [`MLDSA65Signature`]. +#[cfg(not(eurydice))] pub fn sign( signing_key: &MLDSA65SigningKey, message: &[u8], randomness: [u8; SIGNING_RANDOMNESS_SIZE], ) -> Result { - crate::ml_dsa_generic::sign::< - SIMDUnit, - Shake128X4, - Shake256, - Shake256X4, + multiplexing::sign::< ROWS_IN_A, COLUMNS_IN_A, ETA, @@ -134,15 +205,16 @@ pub fn sign( } /// Verify an ML-DSA-65 Signature +/// +/// Returns `Ok` when the `signature` is valid for the `message` and +/// `verification_key`, and a [`VerificationError`] otherwise. +#[cfg(not(eurydice))] pub fn verify( verification_key: &MLDSA65VerificationKey, message: &[u8], signature: &MLDSA65Signature, ) -> Result<(), VerificationError> { - crate::ml_dsa_generic::verify::< - SIMDUnit, - Shake128X4, - Shake256, + multiplexing::verify::< ROWS_IN_A, COLUMNS_IN_A, SIGNATURE_SIZE, diff --git a/libcrux-ml-dsa/src/ml_dsa_87.rs b/libcrux-ml-dsa/src/ml_dsa_87.rs index eb02f21bc..48949c19b 100644 --- a/libcrux-ml-dsa/src/ml_dsa_87.rs +++ b/libcrux-ml-dsa/src/ml_dsa_87.rs @@ -1,4 +1,9 @@ -use crate::{constants::*, types::*, SigningError, VerificationError}; +use crate::{ + constants::*, + ml_dsa_generic::{self, multiplexing}, + types::*, + SigningError, VerificationError, +}; // ML-DSA-87 parameters @@ -65,35 +70,100 @@ pub type MLDSA87VerificationKey = MLDSAVerificationKey; pub type MLDSA87KeyPair = MLDSAKeyPair; pub type MLDSA87Signature = MLDSASignature; -// TODO: Multiplex more intelligently. -#[cfg(feature = "simd256")] -type SIMDUnit = crate::simd::avx2::AVX2SIMDUnit; -#[cfg(not(feature = "simd256"))] -type SIMDUnit = crate::simd::portable::PortableSIMDUnit; - -#[cfg(feature = "simd256")] -type Shake128X4 = crate::hash_functions::simd256::Shake128x4; -#[cfg(not(feature = "simd256"))] -type Shake128X4 = crate::hash_functions::portable::Shake128X4; +// Instantiate the different functions. +macro_rules! instantiate { + ($modp:ident, $p:path, $doc:expr) => { + #[doc = $doc] + pub mod $modp { + use super::*; + use $p as p; + + /// Generate an ML-DSA-87 Key Pair + pub fn generate_key_pair( + randomness: [u8; KEY_GENERATION_RANDOMNESS_SIZE], + ) -> MLDSA87KeyPair { + let (signing_key, verification_key) = p::generate_key_pair::< + ROWS_IN_A, + COLUMNS_IN_A, + ETA, + ERROR_RING_ELEMENT_SIZE, + SIGNING_KEY_SIZE, + VERIFICATION_KEY_SIZE, + >(randomness); + + MLDSA87KeyPair { + signing_key: MLDSASigningKey(signing_key), + verification_key: MLDSAVerificationKey(verification_key), + } + } + + /// Generate an ML-DSA-87 Signature + pub fn sign( + signing_key: &MLDSA87SigningKey, + message: &[u8], + randomness: [u8; SIGNING_RANDOMNESS_SIZE], + ) -> Result { + p::sign::< + ROWS_IN_A, + COLUMNS_IN_A, + ETA, + ERROR_RING_ELEMENT_SIZE, + GAMMA1_EXPONENT, + GAMMA2, + COMMITMENT_RING_ELEMENT_SIZE, + COMMITMENT_VECTOR_SIZE, + COMMITMENT_HASH_SIZE, + ONES_IN_VERIFIER_CHALLENGE, + MAX_ONES_IN_HINT, + GAMMA1_RING_ELEMENT_SIZE, + SIGNING_KEY_SIZE, + SIGNATURE_SIZE, + >(&signing_key.0, message, randomness) + } + + /// Verify an ML-DSA-87 Signature + pub fn verify( + verification_key: &MLDSA87VerificationKey, + message: &[u8], + signature: &MLDSA87Signature, + ) -> Result<(), VerificationError> { + p::verify::< + ROWS_IN_A, + COLUMNS_IN_A, + SIGNATURE_SIZE, + VERIFICATION_KEY_SIZE, + GAMMA1_EXPONENT, + GAMMA1_RING_ELEMENT_SIZE, + GAMMA2, + BETA, + COMMITMENT_RING_ELEMENT_SIZE, + COMMITMENT_VECTOR_SIZE, + COMMITMENT_HASH_SIZE, + ONES_IN_VERIFIER_CHALLENGE, + MAX_ONES_IN_HINT, + >(&verification_key.0, message, &signature.0) + } + } + }; +} -#[cfg(feature = "simd256")] -type Shake256X4 = crate::hash_functions::simd256::Shake256x4; -#[cfg(not(feature = "simd256"))] -type Shake256X4 = crate::hash_functions::portable::Shake256X4; +// Instantiations -// TODO: This is all portable for now. +instantiate! {portable, ml_dsa_generic::instantiations::portable, "Portable ML-DSA 87"} #[cfg(feature = "simd256")] -type Shake256 = crate::hash_functions::portable::Shake256; -#[cfg(not(feature = "simd256"))] -type Shake256 = crate::hash_functions::portable::Shake256; - -/// Generate an ML-DSA-87 Key Pair -pub fn generate_key_pair(randomness: [u8; 32]) -> MLDSA87KeyPair { - let (signing_key, verification_key) = crate::ml_dsa_generic::generate_key_pair::< - SIMDUnit, - Shake128X4, - Shake256, - Shake256X4, +instantiate! {avx2, ml_dsa_generic::instantiations::avx2, "AVX2 Optimised ML-DSA 87"} +#[cfg(feature = "simd128")] +instantiate! {neon, ml_dsa_generic::instantiations::neon, "Neon Optimised ML-DSA 87"} + +/// Generate an ML-DSA 87 Key Pair +/// +/// Generate an ML-DSA key pair. The input is a byte array of size +/// [`KEY_GENERATION_RANDOMNESS_SIZE`]. +/// +/// This function returns an [`MLDSA87KeyPair`]. +#[cfg(not(eurydice))] +pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_RANDOMNESS_SIZE]) -> MLDSA87KeyPair { + let (signing_key, verification_key) = multiplexing::generate_key_pair::< ROWS_IN_A, COLUMNS_IN_A, ETA, @@ -108,17 +178,18 @@ pub fn generate_key_pair(randomness: [u8; 32]) -> MLDSA87KeyPair { } } -/// Generate an ML-DSA-87 Signature +/// Sign with ML-DSA 87 +/// +/// Sign a `message` with the ML-DSA `signing_key`. +/// +/// This function returns an [`MLDSA87Signature`]. +#[cfg(not(eurydice))] pub fn sign( signing_key: &MLDSA87SigningKey, message: &[u8], randomness: [u8; SIGNING_RANDOMNESS_SIZE], ) -> Result { - crate::ml_dsa_generic::sign::< - SIMDUnit, - Shake128X4, - Shake256, - Shake256X4, + multiplexing::sign::< ROWS_IN_A, COLUMNS_IN_A, ETA, @@ -137,15 +208,16 @@ pub fn sign( } /// Verify an ML-DSA-87 Signature +/// +/// Returns `Ok` when the `signature` is valid for the `message` and +/// `verification_key`, and a [`VerificationError`] otherwise. +#[cfg(not(eurydice))] pub fn verify( verification_key: &MLDSA87VerificationKey, message: &[u8], signature: &MLDSA87Signature, ) -> Result<(), VerificationError> { - crate::ml_dsa_generic::verify::< - SIMDUnit, - Shake128X4, - Shake256, + multiplexing::verify::< ROWS_IN_A, COLUMNS_IN_A, SIGNATURE_SIZE, From 28acae74380fdbfad38476b6f748967531d5abbc Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Thu, 12 Sep 2024 15:13:14 -0700 Subject: [PATCH 146/172] minor tweak --- libcrux-ml-kem/cg/CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/libcrux-ml-kem/cg/CMakeLists.txt b/libcrux-ml-kem/cg/CMakeLists.txt index f29b5b5dc..ce8ed53c2 100644 --- a/libcrux-ml-kem/cg/CMakeLists.txt +++ b/libcrux-ml-kem/cg/CMakeLists.txt @@ -33,6 +33,7 @@ if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND endif() set(CMAKE_COLOR_DIAGNOSTICS "ON") +set(CMAKE_EXPORT_COMPILE_COMMANDS 1) include_directories( ${PROJECT_SOURCE_DIR} ${PROJECT_SOURCE_DIR}/internal From f4cf47e0ec7fcca0495666dcfd09178907a9fe64 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Thu, 12 Sep 2024 16:31:22 -0700 Subject: [PATCH 147/172] wip --- libcrux-ml-kem/cg.yaml | 10 +++ libcrux-ml-kem/cg/code_gen.txt | 10 +-- libcrux-ml-kem/cg/libcrux_core.h | 34 ++------ libcrux-ml-kem/cg/libcrux_ct_ops.h | 10 +-- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 77 +++++++++++++++++-- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 77 +++++++++++++++++-- libcrux-ml-kem/cg/libcrux_mlkem768_types.h | 51 ++++++++++++ libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 10 +-- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 10 +-- 9 files changed, 229 insertions(+), 60 deletions(-) create mode 100644 libcrux-ml-kem/cg/libcrux_mlkem768_types.h diff --git a/libcrux-ml-kem/cg.yaml b/libcrux-ml-kem/cg.yaml index 9bf20593b..aa071bde4 100644 --- a/libcrux-ml-kem/cg.yaml +++ b/libcrux-ml-kem/cg.yaml @@ -51,6 +51,16 @@ files: monomorphizations_using: - [libcrux_sha3, "*"] + # Header with types only + + - name: libcrux_mlkem768_types + inline_static: true + api: + monomorphizations_exact: + - [ libcrux_ml_kem, types, MlKemPrivateKey_55 ] + - [ libcrux_ml_kem, types, MlKemPublicKey_15 ] + - [ libcrux_ml_kem, mlkem768, MlKem768KeyPair ] + # MLKEM: MISC NON-ARCHITECTURE SPECIFIC HEADERS - name: libcrux_core inline_static: true diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 35ff13be5..5e4252e6c 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 -Eurydice: 207141ec7b9ad912b3c0a4ad3bd405fe70948a04 -Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 -F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 16c5cbb1567f75eae528439541818205846c84da +Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 +Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da +Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 +F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 +Libcrux: 83de47ccd1ac9aa7c1b708da52072fa809ad30f2 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 7d67f613e..2f57a10fc 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 - * Eurydice: 207141ec7b9ad912b3c0a4ad3bd405fe70948a04 - * Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 16c5cbb1567f75eae528439541818205846c84da + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 83de47ccd1ac9aa7c1b708da52072fa809ad30f2 */ #ifndef __libcrux_core_H @@ -19,6 +19,7 @@ extern "C" { #endif #include "eurydice_glue.h" +#include "libcrux_mlkem768_types.h" /** A monomorphic instance of core.ops.range.Range @@ -210,15 +211,6 @@ static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_8c( return self->value; } -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $1184size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { - uint8_t value[1184U]; -} libcrux_ml_kem_types_MlKemPublicKey_15; - /** This function found in impl {(core::convert::From<@Array> for libcrux_ml_kem::types::MlKemPublicKey)#14} @@ -238,20 +230,6 @@ libcrux_ml_kem_types_from_b6_eb(uint8_t value[1184U]) { return lit; } -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $2400size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_55_s { - uint8_t value[2400U]; -} libcrux_ml_kem_types_MlKemPrivateKey_55; - -typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { - libcrux_ml_kem_types_MlKemPrivateKey_55 sk; - libcrux_ml_kem_types_MlKemPublicKey_15 pk; -} libcrux_ml_kem_mlkem768_MlKem768KeyPair; - /** Create a new [`MlKemKeyPair`] from the secret and public key. */ diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 649187862..cbd439764 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 - * Eurydice: 207141ec7b9ad912b3c0a4ad3bd405fe70948a04 - * Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 16c5cbb1567f75eae528439541818205846c84da + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 83de47ccd1ac9aa7c1b708da52072fa809ad30f2 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 0f4df54f5..00691c89a 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 - * Eurydice: 207141ec7b9ad912b3c0a4ad3bd405fe70948a04 - * Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 16c5cbb1567f75eae528439541818205846c84da + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 83de47ccd1ac9aa7c1b708da52072fa809ad30f2 */ #ifndef __libcrux_mlkem768_avx2_H @@ -22,6 +22,7 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_ct_ops.h" #include "libcrux_mlkem768_portable.h" +#include "libcrux_mlkem768_types.h" #include "libcrux_sha3_avx2.h" #include "libcrux_sha3_portable.h" @@ -6485,7 +6486,71 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_a6( "Eurydice error: Failure(\"TODO: TraitTypes " "libcrux_ml_kem::types::index_impls::{core::ops::index::Index[core::marker::Sized]> for " - "libcrux_ml_kem::types::MlKemPublicKey}#20::Output\")\n"); + "libcrux_ml_kem::types::MlKemPublicKey}#20::Output\")\nRaised " + "at Stdlib.failwith in file \"stdlib.ml\", line 29, characters " + "17-33\nCalled from Eurydice__AstOfLlbc.typ_of_ty in file " + "\"lib/AstOfLlbc.ml\", line 340, characters 14-29\nCalled from " + "Eurydice__AstOfLlbc.lookup_signature in file \"lib/AstOfLlbc.ml\", line " + "842, characters 15-35\nCalled from " + "Eurydice__AstOfLlbc.lookup_fun.lookup_result_of_fun_id in file " + "\"lib/AstOfLlbc.ml\", line 945, characters 26-62\nCalled from " + "Eurydice__AstOfLlbc.expression_of_fn_ptr in file \"lib/AstOfLlbc.ml\", " + "line 1028, characters 4-31\nCalled from " + "Eurydice__AstOfLlbc.expression_of_fn_ptr in file \"lib/AstOfLlbc.ml\" " + "(inlined), line 1179, characters 51-85\nCalled from " + "Eurydice__AstOfLlbc.expression_of_raw_statement in file " + "\"lib/AstOfLlbc.ml\", line 1436, characters 44-75\nCalled from " + "Eurydice__AstOfLlbc.expression_of_raw_statement in file " + "\"lib/AstOfLlbc.ml\", line 1488, characters 15-65\nCalled from " + "Eurydice__AstOfLlbc.expression_of_raw_statement in file " + "\"lib/AstOfLlbc.ml\", line 1489, characters 15-65\nCalled from " + "Eurydice__AstOfLlbc.expression_of_raw_statement in file " + "\"lib/AstOfLlbc.ml\", line 1489, characters 15-65\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.decl_of_id in file " + "\"lib/AstOfLlbc.ml\", line 1751, characters 20-169\n"); KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index b84e6e142..9d30177c9 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 - * Eurydice: 207141ec7b9ad912b3c0a4ad3bd405fe70948a04 - * Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 16c5cbb1567f75eae528439541818205846c84da + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 83de47ccd1ac9aa7c1b708da52072fa809ad30f2 */ #ifndef __libcrux_mlkem768_portable_H @@ -21,6 +21,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" #include "libcrux_ct_ops.h" +#include "libcrux_mlkem768_types.h" #include "libcrux_sha3_portable.h" #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) @@ -7390,7 +7391,71 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( "Eurydice error: Failure(\"TODO: TraitTypes " "libcrux_ml_kem::types::index_impls::{core::ops::index::Index[core::marker::Sized]> for " - "libcrux_ml_kem::types::MlKemPublicKey}#20::Output\")\n"); + "libcrux_ml_kem::types::MlKemPublicKey}#20::Output\")\nRaised " + "at Stdlib.failwith in file \"stdlib.ml\", line 29, characters " + "17-33\nCalled from Eurydice__AstOfLlbc.typ_of_ty in file " + "\"lib/AstOfLlbc.ml\", line 340, characters 14-29\nCalled from " + "Eurydice__AstOfLlbc.lookup_signature in file \"lib/AstOfLlbc.ml\", line " + "842, characters 15-35\nCalled from " + "Eurydice__AstOfLlbc.lookup_fun.lookup_result_of_fun_id in file " + "\"lib/AstOfLlbc.ml\", line 945, characters 26-62\nCalled from " + "Eurydice__AstOfLlbc.expression_of_fn_ptr in file \"lib/AstOfLlbc.ml\", " + "line 1028, characters 4-31\nCalled from " + "Eurydice__AstOfLlbc.expression_of_fn_ptr in file \"lib/AstOfLlbc.ml\" " + "(inlined), line 1179, characters 51-85\nCalled from " + "Eurydice__AstOfLlbc.expression_of_raw_statement in file " + "\"lib/AstOfLlbc.ml\", line 1436, characters 44-75\nCalled from " + "Eurydice__AstOfLlbc.expression_of_raw_statement in file " + "\"lib/AstOfLlbc.ml\", line 1488, characters 15-65\nCalled from " + "Eurydice__AstOfLlbc.expression_of_raw_statement in file " + "\"lib/AstOfLlbc.ml\", line 1489, characters 15-65\nCalled from " + "Eurydice__AstOfLlbc.expression_of_raw_statement in file " + "\"lib/AstOfLlbc.ml\", line 1489, characters 15-65\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " + "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " + "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " + "characters 49-75\nCalled from Eurydice__AstOfLlbc.decl_of_id in file " + "\"lib/AstOfLlbc.ml\", line 1751, characters 20-169\n"); KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_types.h new file mode 100644 index 000000000..4eb5629bf --- /dev/null +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_types.h @@ -0,0 +1,51 @@ +/* + * SPDX-FileCopyrightText: 2024 Cryspen Sarl + * + * SPDX-License-Identifier: MIT or Apache-2.0 + * + * This code was generated with the following revisions: + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 83de47ccd1ac9aa7c1b708da52072fa809ad30f2 + */ + +#ifndef __libcrux_mlkem768_types_H +#define __libcrux_mlkem768_types_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { + libcrux_ml_kem_types_MlKemPrivateKey_55 sk; + libcrux_ml_kem_types_MlKemPublicKey_15 pk; +} libcrux_ml_kem_mlkem768_MlKem768KeyPair; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $1184size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { + uint8_t value[1184U]; +} libcrux_ml_kem_types_MlKemPublicKey_15; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $2400size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_55_s { + uint8_t value[2400U]; +} libcrux_ml_kem_types_MlKemPrivateKey_55; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem768_types_H_DEFINED +#endif diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index dad37856a..60fde7979 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 - * Eurydice: 207141ec7b9ad912b3c0a4ad3bd405fe70948a04 - * Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 16c5cbb1567f75eae528439541818205846c84da + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 83de47ccd1ac9aa7c1b708da52072fa809ad30f2 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 54d285f72..5066e7bd4 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: e43b806912ff9e473e2d6ee37f8ab75af792d497 - * Eurydice: 207141ec7b9ad912b3c0a4ad3bd405fe70948a04 - * Karamel: 44792b0a6f8b62a2c6731d663265925752a28bd9 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 16c5cbb1567f75eae528439541818205846c84da + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 83de47ccd1ac9aa7c1b708da52072fa809ad30f2 */ #ifndef __libcrux_sha3_portable_H From f07d78fabdf3bdaec305a271f826e41a0e6c2366 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Thu, 12 Sep 2024 16:48:48 -0700 Subject: [PATCH 148/172] wip --- libcrux-ml-kem/cg.yaml | 15 +++- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 26 ++++++- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 63 +--------------- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 3 +- libcrux-ml-kem/cg/libcrux_mlkem768_types.h | 71 ++++++++++++++----- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 9 files changed, 97 insertions(+), 89 deletions(-) diff --git a/libcrux-ml-kem/cg.yaml b/libcrux-ml-kem/cg.yaml index aa071bde4..396419cf8 100644 --- a/libcrux-ml-kem/cg.yaml +++ b/libcrux-ml-kem/cg.yaml @@ -55,11 +55,20 @@ files: - name: libcrux_mlkem768_types inline_static: true + include_in_h: + - '"intrinsics/libcrux_intrinsics_avx2.h"' api: monomorphizations_exact: - - [ libcrux_ml_kem, types, MlKemPrivateKey_55 ] - - [ libcrux_ml_kem, types, MlKemPublicKey_15 ] - - [ libcrux_ml_kem, mlkem768, MlKem768KeyPair ] + # - [ libcrux_ml_kem, mlkem768, MlKem768KeyPair ] + # - [ libcrux_ml_kem, types, MlKemPrivateKey_55 ] + # - [ libcrux_ml_kem, types, MlKemPublicKey_15 ] + - [ libcrux_ml_kem, mlkem768, avx2, unpacked, MlKem768KeyPairUnpacked ] + - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPrivateKeyUnpacked_a0 ] + - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPublicKeyUnpacked_a0 ] + - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPrivateKeyUnpacked_a0 ] + - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPublicKeyUnpacked_a0 ] + - [ libcrux_ml_kem, polynomial, PolynomialRingElement_d2 ] + - [ libcrux_ml_kem, vector, avx2, SIMD256Vector ] # MLKEM: MISC NON-ARCHITECTURE SPECIFIC HEADERS - name: libcrux_core diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 5e4252e6c..a4598eb98 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 -Libcrux: 83de47ccd1ac9aa7c1b708da52072fa809ad30f2 +Libcrux: f4cf47e0ec7fcca0495666dcfd09178907a9fe64 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 2f57a10fc..4be6b9357 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 83de47ccd1ac9aa7c1b708da52072fa809ad30f2 + * Libcrux: f4cf47e0ec7fcca0495666dcfd09178907a9fe64 */ #ifndef __libcrux_core_H @@ -19,7 +19,6 @@ extern "C" { #endif #include "eurydice_glue.h" -#include "libcrux_mlkem768_types.h" /** A monomorphic instance of core.ops.range.Range @@ -211,6 +210,15 @@ static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_8c( return self->value; } +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $1184size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { + uint8_t value[1184U]; +} libcrux_ml_kem_types_MlKemPublicKey_15; + /** This function found in impl {(core::convert::From<@Array> for libcrux_ml_kem::types::MlKemPublicKey)#14} @@ -230,6 +238,20 @@ libcrux_ml_kem_types_from_b6_eb(uint8_t value[1184U]) { return lit; } +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $2400size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_55_s { + uint8_t value[2400U]; +} libcrux_ml_kem_types_MlKemPrivateKey_55; + +typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { + libcrux_ml_kem_types_MlKemPrivateKey_55 sk; + libcrux_ml_kem_types_MlKemPublicKey_15 pk; +} libcrux_ml_kem_mlkem768_MlKem768KeyPair; + /** Create a new [`MlKemKeyPair`] from the secret and public key. */ diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index cbd439764..10c699e3e 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 83de47ccd1ac9aa7c1b708da52072fa809ad30f2 + * Libcrux: f4cf47e0ec7fcca0495666dcfd09178907a9fe64 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 00691c89a..8251d0cff 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 83de47ccd1ac9aa7c1b708da52072fa809ad30f2 + * Libcrux: f4cf47e0ec7fcca0495666dcfd09178907a9fe64 */ #ifndef __libcrux_mlkem768_avx2_H @@ -44,8 +44,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H( memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; - KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { return libcrux_intrinsics_avx2_mm256_setzero_si256(); @@ -1191,15 +1189,6 @@ static inline size_t libcrux_ml_kem_vector_avx2_rej_sample_ea( return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); } -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - __m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; - /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, @@ -1305,16 +1294,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_32( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types @@ -4549,18 +4528,6 @@ libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(void) { return lit; } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; - /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpackedvalue); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked; - /** This function implements Algorithm 13 of the NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 9d30177c9..5ffd7790c 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 83de47ccd1ac9aa7c1b708da52072fa809ad30f2 + * Libcrux: f4cf47e0ec7fcca0495666dcfd09178907a9fe64 */ #ifndef __libcrux_mlkem768_portable_H @@ -21,7 +21,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" #include "libcrux_ct_ops.h" -#include "libcrux_mlkem768_types.h" #include "libcrux_sha3_portable.h" #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_types.h index 4eb5629bf..a593267f9 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_types.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 83de47ccd1ac9aa7c1b708da52072fa809ad30f2 + * Libcrux: f4cf47e0ec7fcca0495666dcfd09178907a9fe64 */ #ifndef __libcrux_mlkem768_types_H @@ -19,29 +19,68 @@ extern "C" { #endif #include "eurydice_glue.h" +#include "intrinsics/libcrux_intrinsics_avx2.h" -typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { - libcrux_ml_kem_types_MlKemPrivateKey_55 sk; - libcrux_ml_kem_types_MlKemPublicKey_15 pk; -} libcrux_ml_kem_mlkem768_MlKem768KeyPair; +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_avx2_SIMD256Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + __m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; /** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $1184size_t +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t */ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { - uint8_t value[1184U]; -} libcrux_ml_kem_types_MlKemPublicKey_15; +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; /** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2400size_t +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t */ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_55_s { - uint8_t value[2400U]; -} libcrux_ml_kem_types_MlKemPrivateKey_55; +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; + +typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; + +typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 60fde7979..3f82d3e01 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 83de47ccd1ac9aa7c1b708da52072fa809ad30f2 + * Libcrux: f4cf47e0ec7fcca0495666dcfd09178907a9fe64 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 5066e7bd4..1a26e94d0 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 83de47ccd1ac9aa7c1b708da52072fa809ad30f2 + * Libcrux: f4cf47e0ec7fcca0495666dcfd09178907a9fe64 */ #ifndef __libcrux_sha3_portable_H From e889dcc61b920c30e358a243bec2d9dc893734fa Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 13 Sep 2024 06:46:42 +0000 Subject: [PATCH 149/172] updated cg.yaml --- libcrux-ml-kem/cg.yaml | 21 +- libcrux-ml-kem/cg/code_gen.txt | 6 +- libcrux-ml-kem/cg/libcrux_core.h | 25 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 6 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 289 ++++++++---------- ..._types.h => libcrux_mlkem768_avx2_types.h} | 61 ++-- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 238 +++++---------- .../cg/libcrux_mlkem768_portable_types.h | 92 ++++++ libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 6 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 6 +- libcrux-ml-kem/src/ind_cca.rs | 6 +- 11 files changed, 384 insertions(+), 372 deletions(-) rename libcrux-ml-kem/cg/{libcrux_mlkem768_types.h => libcrux_mlkem768_avx2_types.h} (89%) create mode 100644 libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h diff --git a/libcrux-ml-kem/cg.yaml b/libcrux-ml-kem/cg.yaml index 396419cf8..62950cc05 100644 --- a/libcrux-ml-kem/cg.yaml +++ b/libcrux-ml-kem/cg.yaml @@ -53,15 +53,10 @@ files: # Header with types only - - name: libcrux_mlkem768_types + - name: libcrux_mlkem768_avx2_types inline_static: true - include_in_h: - - '"intrinsics/libcrux_intrinsics_avx2.h"' api: monomorphizations_exact: - # - [ libcrux_ml_kem, mlkem768, MlKem768KeyPair ] - # - [ libcrux_ml_kem, types, MlKemPrivateKey_55 ] - # - [ libcrux_ml_kem, types, MlKemPublicKey_15 ] - [ libcrux_ml_kem, mlkem768, avx2, unpacked, MlKem768KeyPairUnpacked ] - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPrivateKeyUnpacked_a0 ] - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPublicKeyUnpacked_a0 ] @@ -70,6 +65,18 @@ files: - [ libcrux_ml_kem, polynomial, PolynomialRingElement_d2 ] - [ libcrux_ml_kem, vector, avx2, SIMD256Vector ] + - name: libcrux_mlkem768_portable_types + inline_static: true + api: + monomorphizations_exact: + - [ libcrux_ml_kem, mlkem768, portable, unpacked, MlKem768KeyPairUnpacked ] + - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPrivateKeyUnpacked_f8 ] + - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPublicKeyUnpacked_f8 ] + - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPrivateKeyUnpacked_f8 ] + - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPublicKeyUnpacked_f8 ] + - [ libcrux_ml_kem, polynomial, PolynomialRingElement_f0 ] + - [ libcrux_ml_kem, vector, portable, vector_type, PortableVector ] + # MLKEM: MISC NON-ARCHITECTURE SPECIFIC HEADERS - name: libcrux_core inline_static: true @@ -96,6 +103,8 @@ files: - name: libcrux_mlkem768_avx2 inline_static: true target: "avx2" + include_in_h: + - '"intrinsics/libcrux_intrinsics_avx2.h"' api: patterns: - [libcrux_ml_kem, vector, avx2, "*"] diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index a4598eb98..36ce0c03d 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 -Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da +Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 -F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 -Libcrux: f4cf47e0ec7fcca0495666dcfd09178907a9fe64 +F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty +Libcrux: f07d78fabdf3bdaec305a271f826e41a0e6c2366 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 4be6b9357..4ab77cd91 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: f4cf47e0ec7fcca0495666dcfd09178907a9fe64 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: f07d78fabdf3bdaec305a271f826e41a0e6c2366 */ #ifndef __libcrux_core_H @@ -190,6 +190,25 @@ typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { Eurydice_slice snd[4U]; } Eurydice_slice_uint8_t_4size_t__x2; +/** + Pad the `slice` with `0`s at the end. +*/ +/** +A monomorphic instance of libcrux_ml_kem.utils.into_padded_array +with const generics +- LEN= 32 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_423( + Eurydice_slice slice, uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + uint8_t *uu____0 = out; + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { uint8_t value[1088U]; } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 10c699e3e..0b4bb4a0d 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: f4cf47e0ec7fcca0495666dcfd09178907a9fe64 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: f07d78fabdf3bdaec305a271f826e41a0e6c2366 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 8251d0cff..9f94ae5c8 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: f4cf47e0ec7fcca0495666dcfd09178907a9fe64 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: f07d78fabdf3bdaec305a271f826e41a0e6c2366 */ #ifndef __libcrux_mlkem768_avx2_H @@ -19,10 +19,12 @@ extern "C" { #endif #include "eurydice_glue.h" +#include "intrinsics/libcrux_intrinsics_avx2.h" #include "libcrux_core.h" #include "libcrux_ct_ops.h" +#include "libcrux_mlkem768_avx2_types.h" #include "libcrux_mlkem768_portable.h" -#include "libcrux_mlkem768_types.h" +#include "libcrux_mlkem768_portable_types.h" #include "libcrux_sha3_avx2.h" #include "libcrux_sha3_portable.h" @@ -1316,7 +1318,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_74( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_dd( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1368,9 +1370,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_90( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_84( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_74( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_dd( vector); } @@ -1393,7 +1395,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_99( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_90( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_84( coefficient); } return re; @@ -1407,7 +1409,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_740( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_dd0( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1459,9 +1461,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_900( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_840( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_740( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_dd0( vector); } @@ -1484,7 +1486,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_ca( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_900( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_840( coefficient); } return re; @@ -1737,7 +1739,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_741( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_dd1( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1789,9 +1791,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_901( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_841( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_741( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_dd1( vector); } @@ -1814,7 +1816,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_99( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_901( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_841( coefficient); } return re; @@ -1828,7 +1830,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_742( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_dd2( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1880,9 +1882,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_902( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_842( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_742( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_dd2( vector); } @@ -1905,7 +1907,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_dd( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_902( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_842( re.coefficients[i0]); } return re; @@ -2235,7 +2237,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_51(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_c7(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2249,9 +2251,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_b4( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_59( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_51(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_c7(vector); } /** @@ -2263,7 +2265,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i libcrux_ml_kem_vector_traits_to_unsigned_representative_95(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_b4(a); + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_59(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -3660,7 +3662,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_90( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_fd( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3715,9 +3717,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_98( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_d8( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_90( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_fd( vector); } @@ -3735,7 +3737,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_cc( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_98( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_d8( libcrux_ml_kem_vector_traits_to_unsigned_representative_95( re->coefficients[i0])); uint8_t bytes[20U]; @@ -3756,7 +3758,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_900( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_fd0( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3811,9 +3813,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_980( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_d80( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_900( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_fd0( vector); } @@ -3831,7 +3833,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_d3( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_980( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_d80( libcrux_ml_kem_vector_traits_to_unsigned_representative_95( re->coefficients[i0])); uint8_t bytes[22U]; @@ -3904,7 +3906,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_901( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_fd1( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3959,9 +3961,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_981( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_d81( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_901( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_fd1( vector); } @@ -3979,7 +3981,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_f4( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_981( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_d81( libcrux_ml_kem_vector_traits_to_unsigned_representative_95( re.coefficients[i0])); uint8_t bytes[8U]; @@ -3999,7 +4001,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_902( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_fd2( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4054,9 +4056,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_982( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_d82( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_902( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_fd2( vector); } @@ -4074,7 +4076,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_e5( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_982( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_d82( libcrux_ml_kem_vector_traits_to_unsigned_representative_95( re.coefficients[i0])); uint8_t bytes[10U]; @@ -4328,7 +4330,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_17( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_04( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_b3(private_key, ciphertext, ret); @@ -4345,7 +4347,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_17(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_04(private_key, ciphertext, ret); } @@ -4478,7 +4480,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_14( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_ff( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -4503,7 +4505,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_14( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_ff( uu____0, copy_of_randomness); } @@ -5036,7 +5038,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_df( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_15( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -5053,7 +5055,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_df( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_15( copy_of_randomness); } @@ -5212,7 +5214,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_b3( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_ff( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_b30(private_key, ciphertext, ret); @@ -5229,7 +5231,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_b3( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_ff( private_key, ciphertext, ret); } @@ -5347,7 +5349,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_29( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -5372,7 +5374,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_29( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0a( uu____0, copy_of_randomness); } @@ -5492,7 +5494,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_51( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_bd( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -5509,7 +5511,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_51( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_bd( copy_of_randomness); } @@ -5558,7 +5560,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_98( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_2b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { return libcrux_ml_kem_ind_cca_validate_private_key_d9(private_key, @@ -5574,7 +5576,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_98( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_2b( private_key, ciphertext); } @@ -5681,7 +5683,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ec( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_17( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_39(public_key); } @@ -5694,7 +5696,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ec( KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ec( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_17( public_key->value); } @@ -5757,7 +5759,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_1b( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_99( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -5838,7 +5840,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_41( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_d9( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; @@ -5884,7 +5886,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_41( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_1b( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_99( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( @@ -5925,10 +5927,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_fc( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_30( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_41(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_d9(key_pair, ciphertext, ret); } /** @@ -5942,7 +5944,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_fc( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_30( private_key, ciphertext, ret); } @@ -5965,7 +5967,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_9e( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_aa( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5993,7 +5995,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_9e( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_1b(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_99(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6037,7 +6039,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_76( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_03( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -6045,7 +6047,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_76( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_9e(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_aa(uu____0, copy_of_randomness); } @@ -6066,7 +6068,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_76( + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_03( uu____0, copy_of_randomness); } @@ -6085,7 +6087,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_5b(size_t _j) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_3d(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -6103,7 +6105,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_7b( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_fe( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -6123,7 +6125,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_17_69( +libcrux_ml_kem_polynomial_clone_17_fa( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -6149,7 +6151,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_45( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_40( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -6164,14 +6166,14 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_45( &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_7b(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_fe(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_clone_17_69( + libcrux_ml_kem_polynomial_clone_17_fa( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -6220,13 +6222,13 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_31( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_67( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_45(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_40(copy_of_randomness, out); } /** @@ -6239,7 +6241,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_31( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_67( copy_of_randomness, key_pair); } @@ -6257,7 +6259,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_43_0d(void) { + libcrux_ml_kem_ind_cca_unpacked_default_43_60(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0; uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); uu____0.implicit_rejection_value[0U] = 0U; @@ -6338,7 +6340,7 @@ static KRML_MUSTINLINE KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_43_0d(); + return libcrux_ml_kem_ind_cca_unpacked_default_43_60(); } /** @@ -6387,7 +6389,7 @@ const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_serialized_public_key_0e( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_serialized_public_key_07( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key) { return libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_dd_c3( public_key); @@ -6400,7 +6402,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_serialized_public_key_0e( + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_serialized_public_key_07( public_key); } @@ -6418,79 +6420,56 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_a6( +libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_3d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - KRML_HOST_EPRINTF( - "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "Eurydice error: Failure(\"TODO: TraitTypes " - "libcrux_ml_kem::types::index_impls::{core::ops::index::Index[core::marker::Sized]> for " - "libcrux_ml_kem::types::MlKemPublicKey}#20::Output\")\nRaised " - "at Stdlib.failwith in file \"stdlib.ml\", line 29, characters " - "17-33\nCalled from Eurydice__AstOfLlbc.typ_of_ty in file " - "\"lib/AstOfLlbc.ml\", line 340, characters 14-29\nCalled from " - "Eurydice__AstOfLlbc.lookup_signature in file \"lib/AstOfLlbc.ml\", line " - "842, characters 15-35\nCalled from " - "Eurydice__AstOfLlbc.lookup_fun.lookup_result_of_fun_id in file " - "\"lib/AstOfLlbc.ml\", line 945, characters 26-62\nCalled from " - "Eurydice__AstOfLlbc.expression_of_fn_ptr in file \"lib/AstOfLlbc.ml\", " - "line 1028, characters 4-31\nCalled from " - "Eurydice__AstOfLlbc.expression_of_fn_ptr in file \"lib/AstOfLlbc.ml\" " - "(inlined), line 1179, characters 51-85\nCalled from " - "Eurydice__AstOfLlbc.expression_of_raw_statement in file " - "\"lib/AstOfLlbc.ml\", line 1436, characters 44-75\nCalled from " - "Eurydice__AstOfLlbc.expression_of_raw_statement in file " - "\"lib/AstOfLlbc.ml\", line 1488, characters 15-65\nCalled from " - "Eurydice__AstOfLlbc.expression_of_raw_statement in file " - "\"lib/AstOfLlbc.ml\", line 1489, characters 15-65\nCalled from " - "Eurydice__AstOfLlbc.expression_of_raw_statement in file " - "\"lib/AstOfLlbc.ml\", line 1489, characters 15-65\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.decl_of_id in file " - "\"lib/AstOfLlbc.ml\", line 1751, characters 20-169\n"); - KRML_HOST_EXIT(255U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_94( + Eurydice_array_to_subslice_to((size_t)1184U, public_key->value, + (size_t)1152U, uint8_t, size_t), + t_as_ntt); + uint8_t seed_for_a[32U]; + libcrux_ml_kem_utils_into_padded_array_423( + Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, + (size_t)1152U, uint8_t, size_t), + seed_for_a); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 a[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_421( + Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, + (size_t)1152U, uint8_t, size_t), + ret0); + libcrux_ml_kem_matrix_sample_matrix_a_out_64(ret0, false, a); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_a[32U]; + memcpy(copy_of_seed_for_a, seed_for_a, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_a[3U][3U]; + memcpy(copy_of_a, a, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____3; + memcpy( + uu____3.t_as_ntt, copy_of_t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(uu____3.seed_for_A, copy_of_seed_for_a, (size_t)32U * sizeof(uint8_t)); + memcpy(uu____3.A, copy_of_a, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; + lit.ind_cpa_public_key = uu____3; + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_16( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_cb_60(public_key), + uint8_t), + ret); + memcpy(lit.public_key_hash, ret, (size_t)32U * sizeof(uint8_t)); + return lit; } /** @@ -6507,9 +6486,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_64( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_f3( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_a6(public_key); + return libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_3d(public_key); } /** @@ -6519,7 +6498,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_64( + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_f3( public_key); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h similarity index 89% rename from libcrux-ml-kem/cg/libcrux_mlkem768_types.h rename to libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index a593267f9..039819306 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -5,21 +5,22 @@ * * This code was generated with the following revisions: * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: f4cf47e0ec7fcca0495666dcfd09178907a9fe64 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: f07d78fabdf3bdaec305a271f826e41a0e6c2366 */ -#ifndef __libcrux_mlkem768_types_H -#define __libcrux_mlkem768_types_H +#ifndef __libcrux_mlkem768_avx2_types_H +#define __libcrux_mlkem768_avx2_types_H #if defined(__cplusplus) extern "C" { #endif #include "eurydice_glue.h" -#include "intrinsics/libcrux_intrinsics_avx2.h" + +typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; /** A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement @@ -30,18 +31,6 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { __m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2; -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types @@ -52,17 +41,6 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types @@ -75,7 +53,28 @@ typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { uint8_t implicit_rejection_value[32U]; } libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; -typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; @@ -86,5 +85,5 @@ typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { } #endif -#define __libcrux_mlkem768_types_H_DEFINED +#define __libcrux_mlkem768_avx2_types_H_DEFINED #endif diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 5ffd7790c..44db10c5b 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: f4cf47e0ec7fcca0495666dcfd09178907a9fe64 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: f07d78fabdf3bdaec305a271f826e41a0e6c2366 */ #ifndef __libcrux_mlkem768_portable_H @@ -21,6 +21,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" #include "libcrux_ct_ops.h" +#include "libcrux_mlkem768_portable_types.h" #include "libcrux_sha3_portable.h" #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) @@ -101,10 +102,6 @@ static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) -typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { - int16_t elements[16U]; -} libcrux_ml_kem_vector_portable_vector_type_PortableVector; - static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice array) { @@ -2406,15 +2403,6 @@ typedef libcrux_ml_kem_types_MlKemPublicKey_15 LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { - libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; - /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, @@ -2518,16 +2506,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_d1( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8; - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types @@ -5482,18 +5460,6 @@ libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(void) { return lit; } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8; - /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpackedvalue); } -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; - typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; - -typedef struct - libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; -} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; - /** This function implements Algorithm 13 of the NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. @@ -6730,7 +6667,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_91( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_4c( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -6811,7 +6748,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_fc( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_8e( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; @@ -6857,7 +6794,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_fc( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_91( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_4c( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( @@ -6897,10 +6834,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_b3( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_30( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_fc(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_8e(key_pair, ciphertext, ret); } /** @@ -6914,7 +6851,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_b3( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_30( private_key, ciphertext, ret); } @@ -6937,7 +6874,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_03( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_cf( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6965,7 +6902,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_03( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_91(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_4c(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -7008,7 +6945,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_4f( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_24( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -7016,7 +6953,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_4f( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_03(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_cf(uu____0, copy_of_randomness); } @@ -7036,7 +6973,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_4f( + return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_24( uu____0, copy_of_randomness); } @@ -7055,7 +6992,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_17(size_t _j) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_ab(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -7073,7 +7010,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_ea( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_ac( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -7092,7 +7029,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_17_1c( +libcrux_ml_kem_polynomial_clone_17_86( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -7121,7 +7058,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_7b( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_51( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -7136,14 +7073,14 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_7b( &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_ea(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_ac(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_clone_17_1c( + libcrux_ml_kem_polynomial_clone_17_86( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -7191,13 +7128,13 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_14( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_77( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_7b(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_51(copy_of_randomness, out); } /** @@ -7210,7 +7147,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_14( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_77( copy_of_randomness, key_pair); } @@ -7227,7 +7164,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_43_9b(void) { + libcrux_ml_kem_ind_cca_unpacked_default_43_b1(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0; uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); uu____0.implicit_rejection_value[0U] = 0U; @@ -7307,7 +7244,7 @@ static KRML_MUSTINLINE */ static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_43_9b(); + return libcrux_ml_kem_ind_cca_unpacked_default_43_b1(); } /** @@ -7385,77 +7322,54 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - KRML_HOST_EPRINTF( - "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "Eurydice error: Failure(\"TODO: TraitTypes " - "libcrux_ml_kem::types::index_impls::{core::ops::index::Index[core::marker::Sized]> for " - "libcrux_ml_kem::types::MlKemPublicKey}#20::Output\")\nRaised " - "at Stdlib.failwith in file \"stdlib.ml\", line 29, characters " - "17-33\nCalled from Eurydice__AstOfLlbc.typ_of_ty in file " - "\"lib/AstOfLlbc.ml\", line 340, characters 14-29\nCalled from " - "Eurydice__AstOfLlbc.lookup_signature in file \"lib/AstOfLlbc.ml\", line " - "842, characters 15-35\nCalled from " - "Eurydice__AstOfLlbc.lookup_fun.lookup_result_of_fun_id in file " - "\"lib/AstOfLlbc.ml\", line 945, characters 26-62\nCalled from " - "Eurydice__AstOfLlbc.expression_of_fn_ptr in file \"lib/AstOfLlbc.ml\", " - "line 1028, characters 4-31\nCalled from " - "Eurydice__AstOfLlbc.expression_of_fn_ptr in file \"lib/AstOfLlbc.ml\" " - "(inlined), line 1179, characters 51-85\nCalled from " - "Eurydice__AstOfLlbc.expression_of_raw_statement in file " - "\"lib/AstOfLlbc.ml\", line 1436, characters 44-75\nCalled from " - "Eurydice__AstOfLlbc.expression_of_raw_statement in file " - "\"lib/AstOfLlbc.ml\", line 1488, characters 15-65\nCalled from " - "Eurydice__AstOfLlbc.expression_of_raw_statement in file " - "\"lib/AstOfLlbc.ml\", line 1489, characters 15-65\nCalled from " - "Eurydice__AstOfLlbc.expression_of_raw_statement in file " - "\"lib/AstOfLlbc.ml\", line 1489, characters 15-65\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.with_locals in file " - "\"lib/AstOfLlbc.ml\", line 489, characters 49-75\nCalled from " - "Eurydice__AstOfLlbc.with_locals in file \"lib/AstOfLlbc.ml\", line 489, " - "characters 49-75\nCalled from Eurydice__AstOfLlbc.decl_of_id in file " - "\"lib/AstOfLlbc.ml\", line 1751, characters 20-169\n"); - KRML_HOST_EXIT(255U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_58( + Eurydice_array_to_subslice_to((size_t)1184U, public_key->value, + (size_t)1152U, uint8_t, size_t), + t_as_ntt); + uint8_t seed_for_a[32U]; + libcrux_ml_kem_utils_into_padded_array_423( + Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, + (size_t)1152U, uint8_t, size_t), + seed_for_a); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 a[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_421( + Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, + (size_t)1152U, uint8_t, size_t), + ret0); + libcrux_ml_kem_matrix_sample_matrix_a_out_29(ret0, false, a); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_a[32U]; + memcpy(copy_of_seed_for_a, seed_for_a, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_a[3U][3U]; + memcpy(copy_of_a, a, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____3; + memcpy( + uu____3.t_as_ntt, copy_of_t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy(uu____3.seed_for_A, copy_of_seed_for_a, (size_t)32U * sizeof(uint8_t)); + memcpy(uu____3.A, copy_of_a, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; + lit.ind_cpa_public_key = uu____3; + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_portable_H_f1_c6( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_cb_60(public_key), + uint8_t), + ret); + memcpy(lit.public_key_hash, ret, (size_t)32U * sizeof(uint8_t)); + return lit; } /** @@ -7471,7 +7385,7 @@ const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_8f( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_5f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { return libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40(public_key); } @@ -7482,7 +7396,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_8f( static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_8f( + return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_5f( public_key); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h new file mode 100644 index 000000000..5e26dd29d --- /dev/null +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -0,0 +1,92 @@ +/* + * SPDX-FileCopyrightText: 2024 Cryspen Sarl + * + * SPDX-License-Identifier: MIT or Apache-2.0 + * + * This code was generated with the following revisions: + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: f07d78fabdf3bdaec305a271f826e41a0e6c2366 + */ + +#ifndef __libcrux_mlkem768_portable_types_H +#define __libcrux_mlkem768_portable_types_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_portable_vector_type_PortableVector; + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; + +typedef struct + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; +} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem768_portable_types_H_DEFINED +#endif diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 3f82d3e01..47c03991c 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: f4cf47e0ec7fcca0495666dcfd09178907a9fe64 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: f07d78fabdf3bdaec305a271f826e41a0e6c2366 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 1a26e94d0..bd6c578ef 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: f4cf47e0ec7fcca0495666dcfd09178907a9fe64 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: f07d78fabdf3bdaec305a271f826e41a0e6c2366 */ #ifndef __libcrux_sha3_portable_H diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index b50142775..a83cba36e 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -322,11 +322,11 @@ pub(crate) mod unpacked { public_key: &MlKemPublicKey, ) -> MlKemPublicKeyUnpacked { let t_as_ntt = deserialize_ring_elements_reduced::( - &public_key[..T_AS_NTT_ENCODED_SIZE], + &public_key.value[..T_AS_NTT_ENCODED_SIZE], ); - let seed_for_a = into_padded_array(&public_key[T_AS_NTT_ENCODED_SIZE..]); + let seed_for_a = into_padded_array(&public_key.value[T_AS_NTT_ENCODED_SIZE..]); let a = sample_matrix_a_out::( - into_padded_array(&public_key[T_AS_NTT_ENCODED_SIZE..]), + into_padded_array(&public_key.value[T_AS_NTT_ENCODED_SIZE..]), false, ); From af73d01e58cc94de073411deb991caf96181d442 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 15 Sep 2024 11:49:27 +0000 Subject: [PATCH 150/172] unpacked API for cg --- libcrux-ml-kem/cg.yaml | 2 + libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 40 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 926 ++++++++++-------- .../cg/libcrux_mlkem768_avx2_types.h | 49 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 913 +++++++++-------- .../cg/libcrux_mlkem768_portable_types.h | 49 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- libcrux-ml-kem/src/ind_cca.rs | 101 +- libcrux-ml-kem/src/ind_cca/instantiations.rs | 17 +- libcrux-ml-kem/src/ind_cpa.rs | 28 +- libcrux-ml-kem/src/lib.rs | 3 + libcrux-ml-kem/src/matrix.rs | 3 + libcrux-ml-kem/src/mlkem1024.rs | 18 +- libcrux-ml-kem/src/mlkem512.rs | 20 +- libcrux-ml-kem/src/mlkem768.rs | 24 +- libcrux-ml-kem/src/polynomial.rs | 4 +- libcrux-ml-kem/src/types.rs | 6 + libcrux-ml-kem/tests/self.rs | 16 +- 21 files changed, 1316 insertions(+), 911 deletions(-) diff --git a/libcrux-ml-kem/cg.yaml b/libcrux-ml-kem/cg.yaml index 62950cc05..08e55ac47 100644 --- a/libcrux-ml-kem/cg.yaml +++ b/libcrux-ml-kem/cg.yaml @@ -58,6 +58,7 @@ files: api: monomorphizations_exact: - [ libcrux_ml_kem, mlkem768, avx2, unpacked, MlKem768KeyPairUnpacked ] + - [ libcrux_ml_kem, mlkem768, avx2, unpacked, MlKem768PublicKeyUnpacked ] - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPrivateKeyUnpacked_a0 ] - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPublicKeyUnpacked_a0 ] - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPrivateKeyUnpacked_a0 ] @@ -70,6 +71,7 @@ files: api: monomorphizations_exact: - [ libcrux_ml_kem, mlkem768, portable, unpacked, MlKem768KeyPairUnpacked ] + - [ libcrux_ml_kem, mlkem768, portable, unpacked, MlKem768PublicKeyUnpacked ] - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPrivateKeyUnpacked_f8 ] - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPublicKeyUnpacked_f8 ] - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPrivateKeyUnpacked_f8 ] diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 36ce0c03d..2a59a07f2 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: f07d78fabdf3bdaec305a271f826e41a0e6c2366 +Libcrux: e889dcc61b920c30e358a243bec2d9dc893734fa diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 4ab77cd91..576f60191 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: f07d78fabdf3bdaec305a271f826e41a0e6c2366 + * Libcrux: e889dcc61b920c30e358a243bec2d9dc893734fa */ #ifndef __libcrux_core_H @@ -217,14 +217,14 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { A reference to the raw byte slice. */ /** -This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#6} +This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#7} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 +A monomorphic instance of libcrux_ml_kem.types.as_slice_07 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_8c( +static inline uint8_t *libcrux_ml_kem_types_as_slice_07_61( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -240,15 +240,15 @@ typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_b6_eb(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_40_1c(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -285,7 +285,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_28(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_17_62(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -293,15 +293,15 @@ libcrux_ml_kem_types_from_17_28(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#10} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_05_04(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_88_3e(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -357,15 +357,15 @@ typedef struct tuple_3c_s { /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#3} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_ab(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_fc_e5(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -378,14 +378,14 @@ libcrux_ml_kem_types_from_01_ab(uint8_t value[1088U]) { A reference to the raw byte slice. */ /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_60( +static inline uint8_t *libcrux_ml_kem_types_as_slice_ba_7a( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -430,14 +430,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_421( /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_14( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_fd_71( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 0b4bb4a0d..e13e9dfb3 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: f07d78fabdf3bdaec305a271f826e41a0e6c2366 + * Libcrux: e889dcc61b920c30e358a243bec2d9dc893734fa */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 9f94ae5c8..32ac2b179 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: f07d78fabdf3bdaec305a271f826e41a0e6c2366 + * Libcrux: e889dcc61b920c30e358a243bec2d9dc893734fa */ #ifndef __libcrux_mlkem768_avx2_H @@ -1233,7 +1233,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_d6(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_b0(size_t _) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -1245,7 +1245,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_9f( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ac( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1269,7 +1269,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_32( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_8f( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -1287,7 +1287,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_32( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_9f( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ac( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1306,7 +1306,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_fc(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_c8(size_t _) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -1318,7 +1318,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_dd( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b8( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1370,9 +1370,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_84( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_7d( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_dd( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b8( vector); } @@ -1384,7 +1384,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_99( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_4e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1395,7 +1395,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_99( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_84( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_7d( coefficient); } return re; @@ -1409,7 +1409,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_dd0( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b80( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1461,9 +1461,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_840( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_7d0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_dd0( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b80( vector); } @@ -1475,7 +1475,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_ca( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_11( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1486,7 +1486,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_ca( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_840( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_7d0( coefficient); } return re; @@ -1500,9 +1500,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_520( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_0c( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_99(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_4e(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1666,7 +1666,7 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_53( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_99( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)7U, @@ -1697,7 +1697,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_23( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_80( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -1722,9 +1722,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_23( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_520( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_0c( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_53(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_99(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1739,7 +1739,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_dd1( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b81( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1791,9 +1791,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_841( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_7d1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_dd1( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b81( vector); } @@ -1805,7 +1805,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_99( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_1b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1816,7 +1816,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_99( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_841( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_7d1( coefficient); } return re; @@ -1830,7 +1830,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_dd2( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b82( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1882,9 +1882,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_842( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_7d2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_dd2( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b82( vector); } @@ -1896,7 +1896,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_dd( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_d9( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1907,7 +1907,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_dd( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_842( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_7d2( re.coefficients[i0]); } return re; @@ -1921,9 +1921,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e9( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_dc( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_99(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_1b(serialized); } /** @@ -2028,7 +2028,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_5f( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_97( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2055,7 +2055,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_d6( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_46( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2078,7 +2078,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_31( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_7f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2099,7 +2099,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_bb(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_bc(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); @@ -2118,7 +2118,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b0( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_58( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2133,7 +2133,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b0( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_bb( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_bc( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2151,20 +2151,20 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_10( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_5f(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_d6(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_31(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b0(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_97(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_46(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_7f(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_58(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b0(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_58(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b0(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_58(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b0(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_58(&zeta_i, re, (size_t)7U); libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a7(re); } @@ -2182,7 +2182,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_d6_eb( +libcrux_ml_kem_polynomial_subtract_reduce_d6_d9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2212,7 +2212,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_3f( +libcrux_ml_kem_matrix_compute_message_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -2225,8 +2225,8 @@ libcrux_ml_kem_matrix_compute_message_3f( &u_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_d6_13(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_10(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_d6_eb(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f4(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_d6_d9(v, result); return result; } @@ -2237,7 +2237,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_c7(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_26(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2251,9 +2251,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_59( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_10( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_c7(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_26(vector); } /** @@ -2264,8 +2264,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_95(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_59(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_32(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_10(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2279,13 +2279,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_22( +libcrux_ml_kem_serialize_compress_then_serialize_message_5c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_95( + libcrux_ml_kem_vector_traits_to_unsigned_representative_32( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); @@ -2334,20 +2334,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_f1( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_89( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_23(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_80(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e9( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_dc( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_3f(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_3a(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_22(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_5c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2362,11 +2362,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_3c(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_fa(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_32(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_8f(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2378,7 +2378,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_3c(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_f1(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_89(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2437,7 +2437,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_71( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_7c( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -2456,7 +2456,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8a( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_66( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -2487,7 +2487,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_94( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_35( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; @@ -2505,7 +2505,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_94( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8a( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_66( ring_element); deserialized_pk[i0] = uu____0; } @@ -2523,7 +2523,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_a_out_closure_closure_84(size_t _j) { +libcrux_ml_kem_matrix_sample_matrix_a_out_closure_closure_a7(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -2534,7 +2534,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_a_out_closure_87( +static inline void libcrux_ml_kem_matrix_sample_matrix_a_out_closure_7f( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -2997,12 +2997,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_a_out_64( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_a_out_03( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 a[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_a_out_closure_87(i, a[i]); + libcrux_ml_kem_matrix_sample_matrix_a_out_closure_7f(i, a[i]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[3U] = a; uint8_t uu____1[34U]; @@ -3376,7 +3376,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_51(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_f0(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -3393,7 +3393,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_de(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_0a(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3471,7 +3471,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_c7(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_2e(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -3487,7 +3487,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_5e( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_be( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3512,7 +3512,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_82( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_38( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -3544,8 +3544,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_82( libcrux_ml_kem_polynomial_add_to_ring_element_d6_13(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_10(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_d6_5e(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f4(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_d6_be(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3559,7 +3559,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_f6(__m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_14(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3574,7 +3574,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_4b( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_35( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -3585,7 +3585,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_4b( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_f6(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_14(coefficient_compressed); } return re; } @@ -3603,7 +3603,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_d6_8c( +libcrux_ml_kem_polynomial_add_message_error_reduce_d6_50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3634,7 +3634,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_f2( +libcrux_ml_kem_matrix_compute_ring_element_v_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -3648,8 +3648,8 @@ libcrux_ml_kem_matrix_compute_ring_element_v_f2( &r_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_d6_13(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_10(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_8c( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f4(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_50( error_2, message, result); return result; } @@ -3662,7 +3662,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_fd( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2a( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3717,9 +3717,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_d8( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_0c( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_fd( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2a( vector); } @@ -3731,14 +3731,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_cc( +libcrux_ml_kem_serialize_compress_then_serialize_10_1d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_d8( - libcrux_ml_kem_vector_traits_to_unsigned_representative_95( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_0c( + libcrux_ml_kem_vector_traits_to_unsigned_representative_32( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); @@ -3758,7 +3758,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_fd0( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2a0( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3813,9 +3813,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_d80( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_0c0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_fd0( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2a0( vector); } @@ -3827,14 +3827,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_d3( +libcrux_ml_kem_serialize_compress_then_serialize_11_bc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_d80( - libcrux_ml_kem_vector_traits_to_unsigned_representative_95( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_0c0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_32( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); @@ -3855,10 +3855,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_a4( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_53( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_cc(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_1d(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3875,7 +3875,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_56( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3891,7 +3891,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_56( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_a4(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_53(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3906,7 +3906,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_fd1( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2a1( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3961,9 +3961,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_d81( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_0c1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_fd1( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2a1( vector); } @@ -3975,14 +3975,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_f4( +libcrux_ml_kem_serialize_compress_then_serialize_4_0d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_d81( - libcrux_ml_kem_vector_traits_to_unsigned_representative_95( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_0c1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_32( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); @@ -4001,7 +4001,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_fd2( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2a2( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4056,9 +4056,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_d82( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_0c2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_fd2( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2a2( vector); } @@ -4070,14 +4070,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_e5( +libcrux_ml_kem_serialize_compress_then_serialize_5_c2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_d82( - libcrux_ml_kem_vector_traits_to_unsigned_representative_95( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_0c2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_32( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); @@ -4097,9 +4097,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_41( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_75( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_f4(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_0d(re, out); } /** @@ -4120,12 +4120,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_2b(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_67(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_94( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_35( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -4133,7 +4133,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_2b(Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_a_out_64(ret0, false, A); + libcrux_ml_kem_matrix_sample_matrix_a_out_03(ret0, false, A); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ @@ -4149,7 +4149,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_2b(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_de( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_0a( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4164,26 +4164,26 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_2b(Eurydice_slice public_key, libcrux_ml_kem_sampling_sample_from_binomial_distribution_d5( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_82(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_38(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_4b( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_35( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_f2( + libcrux_ml_kem_matrix_compute_ring_element_v_3b( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_56( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_0e( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_41( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_75( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4233,7 +4233,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_b3( +static inline void libcrux_ml_kem_ind_cca_decapsulate_05( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4251,7 +4251,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b3( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_3c(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_fa(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4275,7 +4275,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b3( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_14(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_71(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -4286,7 +4286,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b3( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_2b(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_67(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_variant_kdf_d8_95( @@ -4297,7 +4297,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b3( libcrux_ml_kem_variant_kdf_d8_95(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_14(ciphertext), + libcrux_ml_kem_types_as_ref_fd_71(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4330,10 +4330,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_04( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_cc( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b3(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_05(private_key, ciphertext, ret); } /** @@ -4347,7 +4347,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_04(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_cc(private_key, ciphertext, ret); } @@ -4405,7 +4405,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f2( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_13( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -4420,7 +4420,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f2( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_60(public_key), + libcrux_ml_kem_types_as_slice_ba_7a(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4435,18 +4435,18 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f2( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_60(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_7a(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_2b(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_67(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_ab(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_e5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_variant_kdf_d8_95(shared_secret, &ciphertext0, shared_secret_array); @@ -4480,14 +4480,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_ff( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_70( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_f2(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_13(uu____0, copy_of_randomness); } /** @@ -4505,7 +4505,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_ff( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_70( uu____0, copy_of_randomness); } @@ -4649,33 +4649,36 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_91( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt) { - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_polynomial_ZERO_d6_7d(); + t_as_ntt[i0] = uu____0; + for (size_t i1 = (size_t)0U; + i1 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i1++) { + size_t j = i1; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = libcrux_ml_kem_polynomial_ntt_multiply_d6_5f(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_13(&t_as_ntt[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_d6_13(&t_as_ntt[i0], &product); } libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_9a( - &t_as_ntt[i1], &error_as_ntt[i1]); + &t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -4729,7 +4732,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_c2( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a5( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { @@ -4784,14 +4787,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5f( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_95( + libcrux_ml_kem_vector_traits_to_unsigned_representative_32( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); @@ -4814,7 +4817,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_e1( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_19( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -4832,7 +4835,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_e1( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5f(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_50(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4843,7 +4846,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_e1( Concatenate `t` and `ρ` into the public key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 @@ -4851,20 +4854,39 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_a7( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ac( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_e1(t_as_ntt, ret0); + Eurydice_slice seed_for_a, uint8_t *serialized) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, + (size_t)1152U, uint8_t); + uint8_t ret[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_19(t_as_ntt, ret); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), + Eurydice_array_to_subslice_from((size_t)1184U, serialized, (size_t)1152U, + uint8_t, size_t), seed_for_a, uint8_t); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_37( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ac(t_as_ntt, seed_for_a, + public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -4882,20 +4904,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_5f(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_c1(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_c2( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a5( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_a7( + libcrux_ml_kem_ind_cpa_serialize_public_key_37( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_e1(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_19(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -4924,7 +4946,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_2a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_90( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -4989,7 +5011,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_63(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_7a(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -4998,13 +5020,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_63(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_5f(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_c1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_2a( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_90( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5013,13 +5035,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_63(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_04(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_3e(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_28( - uu____2, libcrux_ml_kem_types_from_b6_eb(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_62( + uu____2, libcrux_ml_kem_types_from_40_1c(copy_of_public_key)); } /** @@ -5038,12 +5060,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_15( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_8b( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_63(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_7a(copy_of_randomness); } /** @@ -5055,7 +5077,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_15( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_8b( copy_of_randomness); } @@ -5071,7 +5093,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_0d( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_4e( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5082,7 +5104,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_0d( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_8c(ciphertext), + libcrux_ml_kem_types_as_slice_07_61(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -5116,7 +5138,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_b30( +static inline void libcrux_ml_kem_ind_cca_decapsulate_050( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5134,7 +5156,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b30( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_3c(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_fa(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5158,7 +5180,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b30( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_14(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_71(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -5169,18 +5191,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b30( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_2b(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_67(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_0d( + libcrux_ml_kem_variant_kdf_33_4e( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_0d(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_33_4e(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_14(ciphertext), + libcrux_ml_kem_types_as_ref_fd_71(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5214,10 +5236,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_ff( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_db( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b30(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_050(private_key, ciphertext, ret); } /** @@ -5231,7 +5253,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_ff( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_db( private_key, ciphertext, ret); } @@ -5246,7 +5268,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_a6( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_c1( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_16(randomness, ret); } @@ -5271,11 +5293,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f20( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_130( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_a6( + libcrux_ml_kem_variant_entropy_preprocess_33_c1( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5286,7 +5308,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f20( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_60(public_key), + libcrux_ml_kem_types_as_slice_ba_7a(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5301,20 +5323,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f20( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_60(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_7a(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_2b(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_67(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_ab(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_e5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_0d(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_4e(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5349,14 +5371,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0a( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ab( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_f20(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_130(uu____0, copy_of_randomness); } /** @@ -5374,7 +5396,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0a( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ab( uu____0, copy_of_randomness); } @@ -5392,21 +5414,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_5f0( +libcrux_ml_kem_ind_cpa_generate_keypair_c10( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_c2( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a5( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_a7( + libcrux_ml_kem_ind_cpa_serialize_public_key_37( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_e1(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_19(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5447,7 +5469,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_630(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_7a0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5456,13 +5478,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_630(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_5f0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_c10(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_2a( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_90( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5471,13 +5493,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_630(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_04(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_3e(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_28( - uu____2, libcrux_ml_kem_types_from_b6_eb(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_62( + uu____2, libcrux_ml_kem_types_from_40_1c(copy_of_public_key)); } /** @@ -5494,12 +5516,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_bd( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_45( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_630(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_7a0(copy_of_randomness); } /** @@ -5511,7 +5533,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_bd( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_45( copy_of_randomness); } @@ -5531,7 +5553,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_d9( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_e9( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -5560,10 +5582,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_2b( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_97( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_d9(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_e9(private_key, ciphertext); } @@ -5576,7 +5598,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_2b( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_97( private_key, ciphertext); } @@ -5589,7 +5611,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_710( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_7c0( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -5609,7 +5631,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_940( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_350( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; @@ -5627,7 +5649,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_940( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8a( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_66( ring_element); deserialized_pk[i0] = uu____0; } @@ -5652,16 +5674,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_39( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_de( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_940( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_350( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_a7( + libcrux_ml_kem_ind_cpa_serialize_public_key_37( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -5683,9 +5705,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_17( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ef( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_39(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_de(public_key); } /** @@ -5696,7 +5718,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_17( KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_17( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ef( public_key->value); } @@ -5759,7 +5781,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_99( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_68( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -5777,7 +5799,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_99( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_de( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_0a( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -5792,27 +5814,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_99( libcrux_ml_kem_sampling_sample_from_binomial_distribution_d5( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_82(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_38(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_4b( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_35( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_f2( + libcrux_ml_kem_matrix_compute_ring_element_v_3b( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_56( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_0e( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_41( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_75( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5840,11 +5862,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_d9( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_5e( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_f1( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_89( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5874,7 +5896,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_d9( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_14(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_71(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -5886,11 +5908,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_d9( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_99( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_68( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_14(ciphertext), + libcrux_ml_kem_types_as_ref_fd_71(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5927,10 +5949,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_30( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_c7( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_d9(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_5e(key_pair, ciphertext, ret); } /** @@ -5944,7 +5966,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_30( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_c7( private_key, ciphertext, ret); } @@ -5967,7 +5989,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_aa( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_e8( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5995,7 +6017,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_aa( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_99(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_68(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6005,7 +6027,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_aa( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_ab(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_e5(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6039,7 +6061,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_03( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_4d( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -6047,7 +6069,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_03( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_aa(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_e8(uu____0, copy_of_randomness); } @@ -6068,7 +6090,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_03( + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_4d( uu____0, copy_of_randomness); } @@ -6087,7 +6109,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_3d(size_t _j) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_a2(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -6105,7 +6127,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_fe( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8a( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -6125,7 +6147,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_17_fa( +libcrux_ml_kem_polynomial_clone_17_18( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -6151,7 +6173,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_40( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f9( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -6161,19 +6183,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_40( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_c2( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a5( ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_fe(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8a(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_clone_17_fa( + libcrux_ml_kem_polynomial_clone_17_18( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -6186,7 +6208,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_40( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_a7( + libcrux_ml_kem_ind_cpa_serialize_public_key_37( out->public_key.ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice( (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), @@ -6222,13 +6244,13 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_67( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_76( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_40(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f9(copy_of_randomness, out); } /** @@ -6241,17 +6263,68 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_67( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_76( copy_of_randomness, key_pair); } +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_1c +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 +libcrux_ml_kem_ind_cca_unpacked_default_1c_b7(void) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; + lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); + lit.public_key_hash[0U] = 0U; + lit.public_key_hash[1U] = 0U; + lit.public_key_hash[2U] = 0U; + lit.public_key_hash[3U] = 0U; + lit.public_key_hash[4U] = 0U; + lit.public_key_hash[5U] = 0U; + lit.public_key_hash[6U] = 0U; + lit.public_key_hash[7U] = 0U; + lit.public_key_hash[8U] = 0U; + lit.public_key_hash[9U] = 0U; + lit.public_key_hash[10U] = 0U; + lit.public_key_hash[11U] = 0U; + lit.public_key_hash[12U] = 0U; + lit.public_key_hash[13U] = 0U; + lit.public_key_hash[14U] = 0U; + lit.public_key_hash[15U] = 0U; + lit.public_key_hash[16U] = 0U; + lit.public_key_hash[17U] = 0U; + lit.public_key_hash[18U] = 0U; + lit.public_key_hash[19U] = 0U; + lit.public_key_hash[20U] = 0U; + lit.public_key_hash[21U] = 0U; + lit.public_key_hash[22U] = 0U; + lit.public_key_hash[23U] = 0U; + lit.public_key_hash[24U] = 0U; + lit.public_key_hash[25U] = 0U; + lit.public_key_hash[26U] = 0U; + lit.public_key_hash[27U] = 0U; + lit.public_key_hash[28U] = 0U; + lit.public_key_hash[29U] = 0U; + lit.public_key_hash[30U] = 0U; + lit.public_key_hash[31U] = 0U; + return lit; +} + /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1])#2} +K>[TraitClause@0, TraitClause@1])#3} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_43 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_07 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 @@ -6259,7 +6332,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_43_60(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_bd(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0; uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); uu____0.implicit_rejection_value[0U] = 0U; @@ -6294,44 +6367,10 @@ static KRML_MUSTINLINE uu____0.implicit_rejection_value[29U] = 0U; uu____0.implicit_rejection_value[30U] = 0U; uu____0.implicit_rejection_value[31U] = 0U; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____1 = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); - libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked lit; - lit.private_key = uu____0; - lit.public_key.ind_cpa_public_key = uu____1; - lit.public_key.public_key_hash[0U] = 0U; - lit.public_key.public_key_hash[1U] = 0U; - lit.public_key.public_key_hash[2U] = 0U; - lit.public_key.public_key_hash[3U] = 0U; - lit.public_key.public_key_hash[4U] = 0U; - lit.public_key.public_key_hash[5U] = 0U; - lit.public_key.public_key_hash[6U] = 0U; - lit.public_key.public_key_hash[7U] = 0U; - lit.public_key.public_key_hash[8U] = 0U; - lit.public_key.public_key_hash[9U] = 0U; - lit.public_key.public_key_hash[10U] = 0U; - lit.public_key.public_key_hash[11U] = 0U; - lit.public_key.public_key_hash[12U] = 0U; - lit.public_key.public_key_hash[13U] = 0U; - lit.public_key.public_key_hash[14U] = 0U; - lit.public_key.public_key_hash[15U] = 0U; - lit.public_key.public_key_hash[16U] = 0U; - lit.public_key.public_key_hash[17U] = 0U; - lit.public_key.public_key_hash[18U] = 0U; - lit.public_key.public_key_hash[19U] = 0U; - lit.public_key.public_key_hash[20U] = 0U; - lit.public_key.public_key_hash[21U] = 0U; - lit.public_key.public_key_hash[22U] = 0U; - lit.public_key.public_key_hash[23U] = 0U; - lit.public_key.public_key_hash[24U] = 0U; - lit.public_key.public_key_hash[25U] = 0U; - lit.public_key.public_key_hash[26U] = 0U; - lit.public_key.public_key_hash[27U] = 0U; - lit.public_key.public_key_hash[28U] = 0U; - lit.public_key.public_key_hash[29U] = 0U; - lit.public_key.public_key_hash[30U] = 0U; - lit.public_key.public_key_hash[31U] = 0U; - return lit; + return ( + CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){ + .private_key = uu____0, + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_b7()}); } /** @@ -6340,7 +6379,16 @@ static KRML_MUSTINLINE KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_43_60(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_bd(); +} + +/** + Create a new, empty unpacked public key. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 +libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { + return libcrux_ml_kem_ind_cca_unpacked_default_1c_b7(); } /** @@ -6353,61 +6401,171 @@ K>[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_dd with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_dd_c3( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_a7( +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_54( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self, + libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ac( self->ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, uint8_t), - public_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1184U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_b6_eb(copy_of_public_key_serialized); + serialized->value); } /** Get the serialized public key. */ /** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +*/ +/** A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.serialized_public_key with -const generics +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_de with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_serialized_public_key_07( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key) { - return libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_dd_c3( - public_key); +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_fb( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self, + libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_54( + &self->public_key, serialized); } /** Get the serialized public key. */ KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_serialized_public_key_07( - public_key); +static inline void +libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_fb(key_pair, + serialized); } /** - Generate an unpacked key from a packed key. +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_de( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3U, self->t_as_ntt, uu____0, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, void *); + uint8_t uu____1[32U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)32U, self->seed_for_A, uu____1, uint8_t, void *); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3U, self->A, ret, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], void *); + memcpy(lit.A, ret, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + return lit; +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@2])#4} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 +libcrux_ml_kem_ind_cca_unpacked_clone_28_f8( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; + lit.ind_cpa_public_key = + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_de(&self->ind_cpa_public_key); + uint8_t ret[32U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)32U, self->public_key_hash, ret, uint8_t, void *); + memcpy(lit.public_key_hash, ret, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** + Get the serialized public key. +*/ +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_de +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * + libcrux_ml_kem_ind_cca_unpacked_public_key_de_e3( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { + return &self->public_key; +} + +/** + Get the unpacked public key. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = + libcrux_ml_kem_ind_cca_unpacked_clone_28_f8( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_e3(key_pair)); + pk[0U] = uu____0; +} + +/** + Get the serialized public key. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_54(public_key, + serialized); +} + +/** + Generate an unpacked key from a serialized key. */ /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.unpack_public_key @@ -6419,57 +6577,44 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_3d( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_94( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + *unpacked_public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_35( Eurydice_array_to_subslice_to((size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - uint8_t seed_for_a[32U]; + uu____0); + memcpy( + unpacked_public_key->ind_cpa_public_key.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t uu____1[32U]; libcrux_ml_kem_utils_into_padded_array_423( Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t), - seed_for_a); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 a[3U][3U]; - uint8_t ret0[34U]; + uu____1); + memcpy(unpacked_public_key->ind_cpa_public_key.seed_for_A, uu____1, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; + uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_421( Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t), - ret0); - libcrux_ml_kem_matrix_sample_matrix_a_out_64(ret0, false, a); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_a[32U]; - memcpy(copy_of_seed_for_a, seed_for_a, (size_t)32U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_a[3U][3U]; - memcpy(copy_of_a, a, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____3; - memcpy( - uu____3.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(uu____3.seed_for_A, copy_of_seed_for_a, (size_t)32U * sizeof(uint8_t)); - memcpy(uu____3.A, copy_of_a, + ret); + libcrux_ml_kem_matrix_sample_matrix_a_out_03(ret, false, uu____2); + memcpy(unpacked_public_key->ind_cpa_public_key.A, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; - lit.ind_cpa_public_key = uu____3; - uint8_t ret[32U]; + uint8_t uu____3[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_60(public_key), + libcrux_ml_kem_types_as_slice_ba_7a(public_key), uint8_t), - ret); - memcpy(lit.public_key_hash, ret, (size_t)32U * sizeof(uint8_t)); - return lit; + uu____3); + memcpy(unpacked_public_key->public_key_hash, uu____3, + (size_t)32U * sizeof(uint8_t)); } /** @@ -6485,21 +6630,25 @@ generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_f3( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_3d(public_key); +static inline void +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_9c( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + *unpacked_public_key) { + libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_3d(public_key, + unpacked_public_key); } /** Get the unpacked public key. */ KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_f3( - public_key); +static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + *unpacked_public_key) { + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_9c( + public_key, unpacked_public_key); } /** @@ -6511,9 +6660,6 @@ static inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { return self[0U]; } -typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 - libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked; - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index 039819306..55f82a0be 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: f07d78fabdf3bdaec305a271f826e41a0e6c2366 + * Libcrux: e889dcc61b920c30e358a243bec2d9dc893734fa */ #ifndef __libcrux_mlkem768_avx2_types_H @@ -31,28 +31,6 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { __m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2; -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types @@ -76,6 +54,31 @@ typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { uint8_t public_key_hash[32U]; } libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; + typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 44db10c5b..7514e834a 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: f07d78fabdf3bdaec305a271f826e41a0e6c2366 + * Libcrux: e889dcc61b920c30e358a243bec2d9dc893734fa */ #ifndef __libcrux_mlkem768_portable_H @@ -2443,7 +2443,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_82(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_b9(size_t _) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -2454,7 +2454,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_35( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_91( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -2479,7 +2479,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_d1( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_7f( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -2497,7 +2497,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_d1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_35( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_91( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2515,7 +2515,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_58(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_6c(size_t _) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -2526,7 +2526,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_2a( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_40( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2551,9 +2551,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_32( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_17( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_2a( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_40( v); } @@ -2564,7 +2564,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_d2( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_d8( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -2576,7 +2576,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_d2( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_32( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_17( coefficient); re.coefficients[i0] = uu____0; } @@ -2590,7 +2590,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_2a0( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_400( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2615,9 +2615,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_320( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_170( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_2a0( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_400( v); } @@ -2628,7 +2628,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_7e( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_b9( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -2640,7 +2640,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_7e( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_320( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_170( coefficient); re.coefficients[i0] = uu____0; } @@ -2654,9 +2654,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_52( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ca( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_d2(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_d8(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2825,7 +2825,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_eb( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_13( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)7U, @@ -2855,7 +2855,7 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8f( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ac( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -2880,9 +2880,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8f( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_52( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ca( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_eb(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_13(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2896,7 +2896,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_2a1( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_401( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2921,9 +2921,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_321( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_171( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_2a1( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_401( v); } @@ -2934,7 +2934,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_75( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -2946,7 +2946,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_75( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_321( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_171( coefficient); re.coefficients[i0] = uu____0; } @@ -2960,7 +2960,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_2a2( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_402( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2985,9 +2985,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_322( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_172( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_2a2( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_402( v); } @@ -2998,7 +2998,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_78( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_ce( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -3010,7 +3010,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_78( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_322( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_172( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3024,9 +3024,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a0( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_53( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_75(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2(serialized); } /** @@ -3134,7 +3134,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_45( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_13( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3160,7 +3160,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_88( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_f0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3182,7 +3182,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_52( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_d4( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3204,7 +3204,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_f3( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_4b( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3225,7 +3225,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_4d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3240,7 +3240,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_f3( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_4b( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3257,20 +3257,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_a6( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_45(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_88(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_52(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_13(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_f0(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_d4(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_4d(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_4d(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_4d(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_4d(&zeta_i, re, (size_t)7U); libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_c2(re); } @@ -3287,7 +3287,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_d6_e0( +libcrux_ml_kem_polynomial_subtract_reduce_d6_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3319,7 +3319,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_69( +libcrux_ml_kem_matrix_compute_message_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -3332,8 +3332,8 @@ libcrux_ml_kem_matrix_compute_message_69( &u_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_d6_9d(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_a6(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_d6_e0(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7d(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_d6_da(v, result); return result; } @@ -3343,7 +3343,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_c3( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_56( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3363,9 +3363,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_67( +libcrux_ml_kem_vector_portable_shift_right_0d_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_c3(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_56(v); } /** @@ -3375,10 +3375,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_11( +libcrux_ml_kem_vector_traits_to_unsigned_representative_80( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_67(a); + libcrux_ml_kem_vector_portable_shift_right_0d_12(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3392,13 +3392,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_84( +libcrux_ml_kem_serialize_compress_then_serialize_message_95( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_11( + libcrux_ml_kem_vector_traits_to_unsigned_representative_80( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3448,20 +3448,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_fb( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_2a( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8f(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ac(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a0( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_53( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_69(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_2b(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_84(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_95(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3475,11 +3475,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_d4(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_89(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_d1(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_7f(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3491,7 +3491,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_d4(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_fb(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_2a(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3546,7 +3546,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_63( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_9f( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -3564,7 +3564,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_f0( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_0c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -3596,7 +3596,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_58( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_0f( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; @@ -3614,7 +3614,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_58( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_f0( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_0c( ring_element); deserialized_pk[i0] = uu____0; } @@ -3632,7 +3632,7 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_a_out_closure_closure_79(size_t _j) { +libcrux_ml_kem_matrix_sample_matrix_a_out_closure_closure_9d(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -3643,7 +3643,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_a_out_closure_44( +static inline void libcrux_ml_kem_matrix_sample_matrix_a_out_closure_b3( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -4098,12 +4098,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_a_out_29( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_a_out_ba( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 a[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_a_out_closure_44(i, a[i]); + libcrux_ml_kem_matrix_sample_matrix_a_out_closure_b3(i, a[i]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[3U] = a; uint8_t uu____1[34U]; @@ -4456,7 +4456,7 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_d7(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_d2(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -4473,7 +4473,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_10(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_16(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4548,7 +4548,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_53(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_74(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -4563,7 +4563,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_c5( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_6b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4590,7 +4590,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_d2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -4622,8 +4622,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( libcrux_ml_kem_polynomial_add_to_ring_element_d6_9d(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_a6(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_d6_c5(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7d(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_d6_6b(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4637,7 +4637,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_25( +libcrux_ml_kem_vector_traits_decompress_1_6b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4652,7 +4652,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_c6( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_00( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -4665,7 +4665,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_c6( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_25(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_6b(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4683,7 +4683,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_d6_ff( +libcrux_ml_kem_polynomial_add_message_error_reduce_d6_b4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4716,7 +4716,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_03( +libcrux_ml_kem_matrix_compute_ring_element_v_1d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4730,8 +4730,8 @@ libcrux_ml_kem_matrix_compute_ring_element_v_03( &r_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_d6_9d(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_a6(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_ff( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7d(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_b4( error_2, message, result); return result; } @@ -4742,7 +4742,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_5d( +libcrux_ml_kem_vector_portable_compress_compress_35( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4765,9 +4765,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_e1( +libcrux_ml_kem_vector_portable_compress_0d_5f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_5d(v); + return libcrux_ml_kem_vector_portable_compress_compress_35(v); } /** @@ -4777,15 +4777,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_b4( +libcrux_ml_kem_serialize_compress_then_serialize_10_68( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_e1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_11( + libcrux_ml_kem_vector_portable_compress_0d_5f( + libcrux_ml_kem_vector_traits_to_unsigned_representative_80( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4803,7 +4803,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_5d0( +libcrux_ml_kem_vector_portable_compress_compress_350( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4826,9 +4826,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_e10( +libcrux_ml_kem_vector_portable_compress_0d_5f0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_5d0(v); + return libcrux_ml_kem_vector_portable_compress_compress_350(v); } /** @@ -4838,15 +4838,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_a6( +libcrux_ml_kem_serialize_compress_then_serialize_11_76( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_e10( - libcrux_ml_kem_vector_traits_to_unsigned_representative_11( + libcrux_ml_kem_vector_portable_compress_0d_5f0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_80( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4866,10 +4866,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_af( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_b4(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_68(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4885,7 +4885,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_fb( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_77( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4901,7 +4901,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_fb( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_af(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_8e(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4914,7 +4914,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_5d1( +libcrux_ml_kem_vector_portable_compress_compress_351( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4937,9 +4937,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_e11( +libcrux_ml_kem_vector_portable_compress_0d_5f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_5d1(v); + return libcrux_ml_kem_vector_portable_compress_compress_351(v); } /** @@ -4949,15 +4949,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_14( +libcrux_ml_kem_serialize_compress_then_serialize_4_92( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_e11( - libcrux_ml_kem_vector_traits_to_unsigned_representative_11( + libcrux_ml_kem_vector_portable_compress_0d_5f1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_80( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4974,7 +4974,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_5d2( +libcrux_ml_kem_vector_portable_compress_compress_352( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4997,9 +4997,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_e12( +libcrux_ml_kem_vector_portable_compress_0d_5f2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_5d2(v); + return libcrux_ml_kem_vector_portable_compress_compress_352(v); } /** @@ -5009,15 +5009,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_1a( +libcrux_ml_kem_serialize_compress_then_serialize_5_34( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_e12( - libcrux_ml_kem_vector_traits_to_unsigned_representative_11( + libcrux_ml_kem_vector_portable_compress_0d_5f2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_80( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -5036,9 +5036,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_29( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_14(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_92(re, out); } /** @@ -5059,12 +5059,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_91(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_12(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_58( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_0f( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -5072,7 +5072,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_91(Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_a_out_29(ret0, false, A); + libcrux_ml_kem_matrix_sample_matrix_a_out_ba(ret0, false, A); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ @@ -5088,7 +5088,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_91(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_10( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_16( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5103,26 +5103,26 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_91(Eurydice_slice public_key, libcrux_ml_kem_sampling_sample_from_binomial_distribution_0f( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_a1(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_d2(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_c6( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_00( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_03( + libcrux_ml_kem_matrix_compute_ring_element_v_1d( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_fb( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_77( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_29( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_1f( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5170,7 +5170,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_b9( +static inline void libcrux_ml_kem_ind_cca_decapsulate_09( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5188,7 +5188,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b9( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_d4(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_89(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5212,7 +5212,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b9( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_14(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_71(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -5223,7 +5223,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b9( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_91(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_12(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_variant_kdf_d8_f1( @@ -5234,7 +5234,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b9( libcrux_ml_kem_variant_kdf_d8_f1(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_14(ciphertext), + libcrux_ml_kem_types_as_ref_fd_71(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5270,7 +5270,7 @@ static inline void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_42( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b9(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_09(private_key, ciphertext, ret); } /** @@ -5338,7 +5338,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_79( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -5353,7 +5353,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_79( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_60(public_key), + libcrux_ml_kem_types_as_slice_ba_7a(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5368,18 +5368,18 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_79( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_60(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_7a(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_91(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_12(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_ab(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_e5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_variant_kdf_d8_f1(shared_secret, &ciphertext0, shared_secret_array); @@ -5412,14 +5412,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_3a( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_51( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_79(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, copy_of_randomness); } /** @@ -5436,7 +5436,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_3a( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_51( uu____0, copy_of_randomness); } @@ -5578,33 +5578,36 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt) { - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); - i++) { - size_t j = i; + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + libcrux_ml_kem_polynomial_ZERO_d6_19(); + t_as_ntt[i0] = uu____0; + for (size_t i1 = (size_t)0U; + i1 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + i1++) { + size_t j = i1; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = libcrux_ml_kem_polynomial_ntt_multiply_d6_1b(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_9d(&t_as_ntt[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_d6_9d(&t_as_ntt[i0], &product); } libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_00( - &t_as_ntt[i1], &error_as_ntt[i1]); + &t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -5658,7 +5661,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_b2( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_7e( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { @@ -5712,14 +5715,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2b( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_47( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_11( + libcrux_ml_kem_vector_traits_to_unsigned_representative_80( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5741,7 +5744,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_03( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5759,7 +5762,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_03( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2b(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_47(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5770,27 +5773,45 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_03( Concatenate `t` and `ρ` into the public key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_b4( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_49( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_03(t_as_ntt, ret0); + Eurydice_slice seed_for_a, uint8_t *serialized) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, + (size_t)1152U, uint8_t); + uint8_t ret[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_d8(t_as_ntt, ret); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), + Eurydice_array_to_subslice_from((size_t)1184U, serialized, (size_t)1152U, + uint8_t, size_t), seed_for_a, uint8_t); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d3( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_49(t_as_ntt, seed_for_a, + public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -5807,20 +5828,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_c6(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_e3(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_b2( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_7e( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_b4( + libcrux_ml_kem_ind_cpa_serialize_public_key_d3( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_03(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_d8(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5848,7 +5869,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0f( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5912,7 +5933,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_9c(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_7d(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5921,13 +5942,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_9c(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_c6(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_e3(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f0( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0f( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5936,13 +5957,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_9c(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_04(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_3e(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_28( - uu____2, libcrux_ml_kem_types_from_b6_eb(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_62( + uu____2, libcrux_ml_kem_types_from_40_1c(copy_of_public_key)); } /** @@ -5961,12 +5982,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_f1( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_b3( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_9c(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_7d(copy_of_randomness); } /** @@ -5977,7 +5998,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_f1( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_b3( copy_of_randomness); } @@ -5992,7 +6013,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_8e( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_f2( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -6003,7 +6024,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_8e( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_8c(ciphertext), + libcrux_ml_kem_types_as_slice_07_61(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -6036,7 +6057,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_b90( +static inline void libcrux_ml_kem_ind_cca_decapsulate_090( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6054,7 +6075,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b90( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_d4(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_89(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6078,7 +6099,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b90( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_14(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_71(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -6089,18 +6110,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b90( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_91(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_12(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_8e( + libcrux_ml_kem_variant_kdf_33_f2( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_8e(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_33_f2(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_14(ciphertext), + libcrux_ml_kem_types_as_ref_fd_71(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6134,10 +6155,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_07( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_ec( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b90(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_090(private_key, ciphertext, ret); } /** @@ -6150,7 +6171,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_07( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_07( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_ec( private_key, ciphertext, ret); } @@ -6164,7 +6185,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_57( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_79( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_c6(randomness, ret); } @@ -6188,11 +6209,11 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_790( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_57( + libcrux_ml_kem_variant_entropy_preprocess_33_79( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6203,7 +6224,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_790( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_60(public_key), + libcrux_ml_kem_types_as_slice_ba_7a(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6218,20 +6239,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_790( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_60(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_7a(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_91(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_12(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_ab(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_e5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_8e(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_f2(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6266,14 +6287,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7f( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_4b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_790(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, copy_of_randomness); } /** @@ -6290,7 +6311,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7f( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_4b( uu____0, copy_of_randomness); } @@ -6307,21 +6328,21 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_c60( +libcrux_ml_kem_ind_cpa_generate_keypair_e30( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_b2( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_7e( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_b4( + libcrux_ml_kem_ind_cpa_serialize_public_key_d3( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_03(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_d8(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6361,7 +6382,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_9c0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_7d0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6370,13 +6391,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_9c0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_c60(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_e30(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f0( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0f( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6385,13 +6406,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_9c0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_04(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_3e(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_28( - uu____2, libcrux_ml_kem_types_from_b6_eb(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_62( + uu____2, libcrux_ml_kem_types_from_40_1c(copy_of_public_key)); } /** @@ -6407,12 +6428,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_3a( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_0b( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_9c0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_7d0(copy_of_randomness); } /** @@ -6424,7 +6445,7 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_3a( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_0b( copy_of_randomness); } @@ -6443,7 +6464,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_4c( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_1e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -6471,10 +6492,10 @@ generics - CIPHERTEXT_SIZE= 1088 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_14( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_fb( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_4c(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_1e(private_key, ciphertext); } @@ -6486,7 +6507,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_14( static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_14( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_fb( private_key, ciphertext); } @@ -6498,7 +6519,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_630( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_9f0( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -6517,7 +6538,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_580( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_0f0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; @@ -6535,7 +6556,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_580( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_f0( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_0c( ring_element); deserialized_pk[i0] = uu____0; } @@ -6559,16 +6580,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_03( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_82( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_580( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_0f0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_b4( + libcrux_ml_kem_ind_cpa_serialize_public_key_d3( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6589,9 +6610,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_84( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2f( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_03(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_82(public_key); } /** @@ -6601,13 +6622,10 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_84( */ static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_84( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2f( public_key->value); } -typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 - libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; - /** This function implements Algorithm 13 of the NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. @@ -6667,7 +6685,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_4c( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_7e( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -6685,7 +6703,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_4c( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_10( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_16( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -6700,27 +6718,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_4c( libcrux_ml_kem_sampling_sample_from_binomial_distribution_0f( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_a1(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_d2(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_c6( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_00( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_03( + libcrux_ml_kem_matrix_compute_ring_element_v_1d( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_fb( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_77( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_29( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_1f( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -6748,11 +6766,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_8e( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_ec( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_fb( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_2a( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6782,7 +6800,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_8e( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_14(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_71(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -6794,11 +6812,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_8e( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_4c( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_7e( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_14(ciphertext), + libcrux_ml_kem_types_as_ref_fd_71(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -6834,10 +6852,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_30( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_ef( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_8e(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_ec(key_pair, ciphertext, ret); } /** @@ -6851,7 +6869,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_30( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_ef( private_key, ciphertext, ret); } @@ -6874,7 +6892,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_cf( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_16( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6902,7 +6920,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_cf( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_4c(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_7e(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6912,7 +6930,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_cf( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_ab(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_e5(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6945,7 +6963,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_24( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_25( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -6953,7 +6971,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_24( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_cf(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_16(uu____0, copy_of_randomness); } @@ -6973,7 +6991,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_24( + return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_25( uu____0, copy_of_randomness); } @@ -6992,7 +7010,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_ab(size_t _j) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_70(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -7010,7 +7028,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_ac( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_c1( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -7029,7 +7047,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_17_86( +libcrux_ml_kem_polynomial_clone_17_56( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -7058,7 +7076,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_51( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_b5( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -7068,19 +7086,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_51( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_b2( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_7e( ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_ac(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_c1(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_clone_17_86( + libcrux_ml_kem_polynomial_clone_17_56( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -7093,7 +7111,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_51( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_b4( + libcrux_ml_kem_ind_cpa_serialize_public_key_d3( out->public_key.ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice( (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), @@ -7128,13 +7146,13 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_77( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_15( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_51(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_b5(copy_of_randomness, out); } /** @@ -7147,24 +7165,74 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_77( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_15( copy_of_randomness, key_pair); } +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_1c +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 +libcrux_ml_kem_ind_cca_unpacked_default_1c_20(void) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; + lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); + lit.public_key_hash[0U] = 0U; + lit.public_key_hash[1U] = 0U; + lit.public_key_hash[2U] = 0U; + lit.public_key_hash[3U] = 0U; + lit.public_key_hash[4U] = 0U; + lit.public_key_hash[5U] = 0U; + lit.public_key_hash[6U] = 0U; + lit.public_key_hash[7U] = 0U; + lit.public_key_hash[8U] = 0U; + lit.public_key_hash[9U] = 0U; + lit.public_key_hash[10U] = 0U; + lit.public_key_hash[11U] = 0U; + lit.public_key_hash[12U] = 0U; + lit.public_key_hash[13U] = 0U; + lit.public_key_hash[14U] = 0U; + lit.public_key_hash[15U] = 0U; + lit.public_key_hash[16U] = 0U; + lit.public_key_hash[17U] = 0U; + lit.public_key_hash[18U] = 0U; + lit.public_key_hash[19U] = 0U; + lit.public_key_hash[20U] = 0U; + lit.public_key_hash[21U] = 0U; + lit.public_key_hash[22U] = 0U; + lit.public_key_hash[23U] = 0U; + lit.public_key_hash[24U] = 0U; + lit.public_key_hash[25U] = 0U; + lit.public_key_hash[26U] = 0U; + lit.public_key_hash[27U] = 0U; + lit.public_key_hash[28U] = 0U; + lit.public_key_hash[29U] = 0U; + lit.public_key_hash[30U] = 0U; + lit.public_key_hash[31U] = 0U; + return lit; +} + /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1])#2} +K>[TraitClause@0, TraitClause@1])#3} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_43 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_07 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_43_b1(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_7e(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0; uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); uu____0.implicit_rejection_value[0U] = 0U; @@ -7199,44 +7267,10 @@ static KRML_MUSTINLINE uu____0.implicit_rejection_value[29U] = 0U; uu____0.implicit_rejection_value[30U] = 0U; uu____0.implicit_rejection_value[31U] = 0U; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____1 = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); - libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked lit; - lit.private_key = uu____0; - lit.public_key.ind_cpa_public_key = uu____1; - lit.public_key.public_key_hash[0U] = 0U; - lit.public_key.public_key_hash[1U] = 0U; - lit.public_key.public_key_hash[2U] = 0U; - lit.public_key.public_key_hash[3U] = 0U; - lit.public_key.public_key_hash[4U] = 0U; - lit.public_key.public_key_hash[5U] = 0U; - lit.public_key.public_key_hash[6U] = 0U; - lit.public_key.public_key_hash[7U] = 0U; - lit.public_key.public_key_hash[8U] = 0U; - lit.public_key.public_key_hash[9U] = 0U; - lit.public_key.public_key_hash[10U] = 0U; - lit.public_key.public_key_hash[11U] = 0U; - lit.public_key.public_key_hash[12U] = 0U; - lit.public_key.public_key_hash[13U] = 0U; - lit.public_key.public_key_hash[14U] = 0U; - lit.public_key.public_key_hash[15U] = 0U; - lit.public_key.public_key_hash[16U] = 0U; - lit.public_key.public_key_hash[17U] = 0U; - lit.public_key.public_key_hash[18U] = 0U; - lit.public_key.public_key_hash[19U] = 0U; - lit.public_key.public_key_hash[20U] = 0U; - lit.public_key.public_key_hash[21U] = 0U; - lit.public_key.public_key_hash[22U] = 0U; - lit.public_key.public_key_hash[23U] = 0U; - lit.public_key.public_key_hash[24U] = 0U; - lit.public_key.public_key_hash[25U] = 0U; - lit.public_key.public_key_hash[26U] = 0U; - lit.public_key.public_key_hash[27U] = 0U; - lit.public_key.public_key_hash[28U] = 0U; - lit.public_key.public_key_hash[29U] = 0U; - lit.public_key.public_key_hash[30U] = 0U; - lit.public_key.public_key_hash[31U] = 0U; - return lit; + return (CLITERAL( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){ + .private_key = uu____0, + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_20()}); } /** @@ -7244,7 +7278,15 @@ static KRML_MUSTINLINE */ static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_43_b1(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_7e(); +} + +/** + Create a new, empty unpacked public key. +*/ +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 +libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { + return libcrux_ml_kem_ind_cca_unpacked_default_1c_20(); } /** @@ -7257,58 +7299,165 @@ K>[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_dd with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_dd_99( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) { - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_b4( +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_83( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self, + libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_49( self->ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, uint8_t), - public_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1184U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_b6_eb(copy_of_public_key_serialized); + serialized->value); } /** Get the serialized public key. */ /** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +*/ +/** A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.serialized_public_key -with const generics +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_de with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_serialized_public_key_db( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key) { - return libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_dd_99( - public_key); +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_f9( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, + libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_83( + &self->public_key, serialized); +} + +/** + Get the serialized public key. +*/ +static inline void +libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_f9(key_pair, + serialized); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c9( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3U, self->t_as_ntt, uu____0, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, void *); + uint8_t uu____1[32U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)32U, self->seed_for_A, uu____1, uint8_t, void *); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3U, self->A, ret, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], void *); + memcpy(lit.A, ret, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); + return lit; +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@2])#4} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 +libcrux_ml_kem_ind_cca_unpacked_clone_28_aa( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; + lit.ind_cpa_public_key = + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c9(&self->ind_cpa_public_key); + uint8_t ret[32U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)32U, self->public_key_hash, ret, uint8_t, void *); + memcpy(lit.public_key_hash, ret, (size_t)32U * sizeof(uint8_t)); + return lit; } /** Get the serialized public key. */ -static inline libcrux_ml_kem_types_MlKemPublicKey_15 +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_de +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 * + libcrux_ml_kem_ind_cca_unpacked_public_key_de_5e( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + *self) { + return &self->public_key; +} + +/** + Get the unpacked public key. +*/ +static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 = + libcrux_ml_kem_ind_cca_unpacked_clone_28_aa( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_5e(key_pair)); + pk[0U] = uu____0; +} + +/** + Get the serialized public key. +*/ +static inline void libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_serialized_public_key_db( - public_key); + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, + libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_83(public_key, + serialized); } /** - Generate an unpacked key from a packed key. + Generate an unpacked key from a serialized key. */ /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.unpack_public_key @@ -7319,57 +7468,44 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_58( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 + *unpacked_public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_0f( Eurydice_array_to_subslice_to((size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - uint8_t seed_for_a[32U]; + uu____0); + memcpy( + unpacked_public_key->ind_cpa_public_key.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t uu____1[32U]; libcrux_ml_kem_utils_into_padded_array_423( Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t), - seed_for_a); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 a[3U][3U]; - uint8_t ret0[34U]; + uu____1); + memcpy(unpacked_public_key->ind_cpa_public_key.seed_for_A, uu____1, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; + uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_421( Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t), - ret0); - libcrux_ml_kem_matrix_sample_matrix_a_out_29(ret0, false, a); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_a[32U]; - memcpy(copy_of_seed_for_a, seed_for_a, (size_t)32U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_a[3U][3U]; - memcpy(copy_of_a, a, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____3; - memcpy( - uu____3.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(uu____3.seed_for_A, copy_of_seed_for_a, (size_t)32U * sizeof(uint8_t)); - memcpy(uu____3.A, copy_of_a, + ret); + libcrux_ml_kem_matrix_sample_matrix_a_out_ba(ret, false, uu____2); + memcpy(unpacked_public_key->ind_cpa_public_key.A, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; - lit.ind_cpa_public_key = uu____3; - uint8_t ret[32U]; + uint8_t uu____3[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_60(public_key), + libcrux_ml_kem_types_as_slice_ba_7a(public_key), uint8_t), - ret); - memcpy(lit.public_key_hash, ret, (size_t)32U * sizeof(uint8_t)); - return lit; + uu____3); + memcpy(unpacked_public_key->public_key_hash, uu____3, + (size_t)32U * sizeof(uint8_t)); } /** @@ -7384,20 +7520,25 @@ const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_5f( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40(public_key); +static inline void +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_68( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 + *unpacked_public_key) { + libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40(public_key, + unpacked_public_key); } /** Get the unpacked public key. */ -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 +static inline void libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_5f( - public_key); + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 + *unpacked_public_key) { + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_68( + public_key, unpacked_public_key); } /** diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index 5e26dd29d..e9dfd590f 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: f07d78fabdf3bdaec305a271f826e41a0e6c2366 + * Libcrux: e889dcc61b920c30e358a243bec2d9dc893734fa */ #ifndef __libcrux_mlkem768_portable_types_H @@ -33,28 +33,6 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0; -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types @@ -78,6 +56,31 @@ typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { uint8_t public_key_hash[32U]; } libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; + typedef struct libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 47c03991c..e41ba303c 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: f07d78fabdf3bdaec305a271f826e41a0e6c2366 + * Libcrux: e889dcc61b920c30e358a243bec2d9dc893734fa */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index bd6c578ef..d57c43db6 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: f07d78fabdf3bdaec305a271f826e41a0e6c2366 + * Libcrux: e889dcc61b920c30e358a243bec2d9dc893734fa */ #ifndef __libcrux_sha3_portable_H diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index a83cba36e..3bdbfb662 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -286,7 +286,7 @@ pub(crate) mod unpacked { constant_time_ops::{ compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, }, - ind_cpa::{generate_keypair_unpacked, unpacked::*}, + ind_cpa::{generate_keypair_unpacked, serialize_public_key_mut, unpacked::*}, matrix::sample_matrix_a_out, polynomial::PolynomialRingElement, vector::traits::Operations, @@ -299,6 +299,7 @@ pub(crate) mod unpacked { } /// An unpacked ML-KEM IND-CCA Private Key + #[derive(Clone)] pub struct MlKemPublicKeyUnpacked { pub(crate) ind_cpa_public_key: IndCpaPublicKeyUnpacked, pub(crate) public_key_hash: [u8; 32], @@ -310,7 +311,8 @@ pub(crate) mod unpacked { pub public_key: MlKemPublicKeyUnpacked, } - /// Generate an unpacked key from a packed key. + /// Generate an unpacked key from a serialized key. + #[inline(always)] pub(crate) fn unpack_public_key< const K: usize, const T_AS_NTT_ENCODED_SIZE: usize, @@ -320,41 +322,61 @@ pub(crate) mod unpacked { Vector: Operations, >( public_key: &MlKemPublicKey, - ) -> MlKemPublicKeyUnpacked { - let t_as_ntt = deserialize_ring_elements_reduced::( - &public_key.value[..T_AS_NTT_ENCODED_SIZE], - ); - let seed_for_a = into_padded_array(&public_key.value[T_AS_NTT_ENCODED_SIZE..]); - let a = sample_matrix_a_out::( + unpacked_public_key: &mut MlKemPublicKeyUnpacked, + ) { + unpacked_public_key.ind_cpa_public_key.t_as_ntt = + deserialize_ring_elements_reduced::( + &public_key.value[..T_AS_NTT_ENCODED_SIZE], + ); + unpacked_public_key.ind_cpa_public_key.seed_for_A = + into_padded_array(&public_key.value[T_AS_NTT_ENCODED_SIZE..]); + unpacked_public_key.ind_cpa_public_key.A = sample_matrix_a_out::( into_padded_array(&public_key.value[T_AS_NTT_ENCODED_SIZE..]), false, ); - - MlKemPublicKeyUnpacked { - ind_cpa_public_key: IndCpaPublicKeyUnpacked { - t_as_ntt, - seed_for_A: seed_for_a, - A: a, - }, - public_key_hash: Hasher::H(public_key.as_slice()), - } + unpacked_public_key.public_key_hash = Hasher::H(public_key.as_slice()); } impl MlKemPublicKeyUnpacked { /// Get the serialized public key. + #[inline(always)] + pub fn serialized_public_key_mut< + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, + >( + &self, + serialized: &mut MlKemPublicKey, + ) { + serialize_public_key_mut::( + &self.ind_cpa_public_key.t_as_ntt, + &self.ind_cpa_public_key.seed_for_A, + &mut serialized.value, + ); + } + + /// Get the serialized public key. + #[inline(always)] pub fn serialized_public_key< const RANKED_BYTES_PER_RING_ELEMENT: usize, const PUBLIC_KEY_SIZE: usize, >( &self, ) -> MlKemPublicKey { - let public_key_serialized = - serialize_public_key::( - &self.ind_cpa_public_key.t_as_ntt, - &self.ind_cpa_public_key.seed_for_A, - ); + serialize_public_key::( + &self.ind_cpa_public_key.t_as_ntt, + &self.ind_cpa_public_key.seed_for_A, + ) + .into() + } + } - MlKemPublicKey::from(public_key_serialized) + impl Default for MlKemPublicKeyUnpacked { + #[inline(always)] + fn default() -> Self { + Self { + ind_cpa_public_key: IndCpaPublicKeyUnpacked::default(), + public_key_hash: [0u8; 32], + } } } @@ -366,6 +388,22 @@ pub(crate) mod unpacked { } /// Get the serialized public key. + #[inline(always)] + pub fn serialized_public_key_mut< + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, + >( + &self, + serialized: &mut MlKemPublicKey, + ) { + self.public_key + .serialized_public_key_mut::( + serialized, + ) + } + + /// Get the serialized public key. + #[inline(always)] pub fn serialized_public_key< const RANKED_BYTES_PER_RING_ELEMENT: usize, const PUBLIC_KEY_SIZE: usize, @@ -376,6 +414,18 @@ pub(crate) mod unpacked { .serialized_public_key::() } + /// Get the serialized public key. + #[inline(always)] + pub fn public_key(&self) -> &MlKemPublicKeyUnpacked { + &self.public_key + } + + /// Get the serialized public key. + #[inline(always)] + pub fn private_key(&self) -> &MlKemPrivateKeyUnpacked { + &self.private_key + } + /// Get the serialized private key. pub fn serialized_private_key(&self) -> MlKemPrivateKey { todo!() @@ -390,10 +440,7 @@ pub(crate) mod unpacked { ind_cpa_private_key: IndCpaPrivateKeyUnpacked::default(), implicit_rejection_value: [0u8; 32], }, - public_key: MlKemPublicKeyUnpacked { - ind_cpa_public_key: IndCpaPublicKeyUnpacked::default(), - public_key_hash: [0u8; 32], - }, + public_key: MlKemPublicKeyUnpacked::default(), } } } diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index e369d52b4..ff47cca0f 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -270,18 +270,6 @@ macro_rules! instantiate { pub(crate) type MlKemPublicKeyUnpacked = crate::ind_cca::unpacked::MlKemPublicKeyUnpacked; - /// Get the serialized public key. - pub fn serialized_public_key< - const K: usize, - const RANKED_BYTES_PER_RING_ELEMENT: usize, - const PUBLIC_KEY_SIZE: usize, - >( - public_key: &MlKemPublicKeyUnpacked, - ) -> MlKemPublicKey { - public_key - .serialized_public_key::() - } - /// Get the unpacked public key. pub(crate) fn unpack_public_key< const K: usize, @@ -290,7 +278,8 @@ macro_rules! instantiate { const PUBLIC_KEY_SIZE: usize, >( public_key: &MlKemPublicKey, - ) -> MlKemPublicKeyUnpacked { + unpacked_public_key: &mut MlKemPublicKeyUnpacked, + ) { crate::ind_cca::unpacked::unpack_public_key::< K, T_AS_NTT_ENCODED_SIZE, @@ -298,7 +287,7 @@ macro_rules! instantiate { PUBLIC_KEY_SIZE, $hash, $vector, - >(public_key) + >(public_key, unpacked_public_key) } /// Generate a key pair diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index f14f649d7..fe5a232b6 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -42,6 +42,7 @@ pub mod unpacked { /// An unpacked ML-KEM IND-CPA Private Key #[cfg(feature = "unpacked")] + #[derive(Clone)] pub(crate) struct IndCpaPublicKeyUnpacked { pub(crate) t_as_ntt: [PolynomialRingElement; K], pub(crate) seed_for_A: [u8; 32], @@ -72,13 +73,34 @@ pub(crate) fn serialize_public_key< seed_for_a: &[u8], ) -> [u8; PUBLIC_KEY_SIZE] { let mut public_key_serialized = [0u8; PUBLIC_KEY_SIZE]; - public_key_serialized[0..RANKED_BYTES_PER_RING_ELEMENT].copy_from_slice( - &serialize_secret_key::(t_as_ntt), + serialize_public_key_mut::( + t_as_ntt, + seed_for_a, + &mut public_key_serialized, ); - public_key_serialized[RANKED_BYTES_PER_RING_ELEMENT..].copy_from_slice(seed_for_a); public_key_serialized } +/// Concatenate `t` and `ρ` into the public key. +#[inline(always)] +pub(crate) fn serialize_public_key_mut< + const K: usize, + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, + Vector: Operations, +>( + t_as_ntt: &[PolynomialRingElement; K], + seed_for_a: &[u8], + serialized: &mut [u8; PUBLIC_KEY_SIZE], +) { + serialized[0..RANKED_BYTES_PER_RING_ELEMENT].copy_from_slice(&serialize_secret_key::< + K, + RANKED_BYTES_PER_RING_ELEMENT, + Vector, + >(t_as_ntt)); + serialized[RANKED_BYTES_PER_RING_ELEMENT..].copy_from_slice(seed_for_a); +} + /// Call [`serialize_uncompressed_ring_element`] for each ring element. #[inline(always)] pub(crate) fn serialize_secret_key( diff --git a/libcrux-ml-kem/src/lib.rs b/libcrux-ml-kem/src/lib.rs index a787a5f1d..acd6466b3 100644 --- a/libcrux-ml-kem/src/lib.rs +++ b/libcrux-ml-kem/src/lib.rs @@ -75,6 +75,9 @@ analogously for encapsulation and decapsulation."## // Enable doc cfg feature for doc builds. They use nightly. #![cfg_attr(doc_cfg, feature(doc_cfg))] +#[cfg(feature = "std")] +extern crate std; + /// Feature gating helper macros #[macro_use] mod cfg; diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs index 65dd1b86d..75d886e8a 100644 --- a/libcrux-ml-kem/src/matrix.rs +++ b/libcrux-ml-kem/src/matrix.rs @@ -124,6 +124,9 @@ pub(crate) fn compute_As_plus_e( ) { cloop! { for (i, row) in matrix_A.iter().enumerate() { + // This may be externally provided memory. Ensure that `t_as_ntt` + // is all 0. + t_as_ntt[i] = PolynomialRingElement::::ZERO(); cloop! { for (j, matrix_element) in row.iter().enumerate() { let product = matrix_element.ntt_multiply(&s_as_ntt[j]); diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 93505a365..1b9faf437 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -239,27 +239,33 @@ macro_rules! instantiate { MlKem1024KeyPairUnpacked::default() } + /// Create a new, empty unpacked public key. + pub fn init_public_key() -> MlKem1024PublicKeyUnpacked { + MlKem1024PublicKeyUnpacked::default() + } + /// Get the serialized public key. pub fn serialized_public_key( public_key: &MlKem1024PublicKeyUnpacked, - ) -> MlKem1024PublicKey { - p::unpacked::serialized_public_key::< - RANK_1024, + serialized: &mut MlKem1024PublicKey, + ) { + public_key.serialized_public_key_mut::< RANKED_BYTES_PER_RING_ELEMENT_1024, CPA_PKE_PUBLIC_KEY_SIZE_1024, - >(public_key) + >(serialized); } /// Get the unpacked public key. pub fn unpacked_public_key( public_key: &MlKem1024PublicKey, - ) -> MlKem1024PublicKeyUnpacked { + unpacked_public_key: &mut MlKem1024PublicKeyUnpacked, + ) { p::unpacked::unpack_public_key::< RANK_1024, T_AS_NTT_ENCODED_SIZE_1024, RANKED_BYTES_PER_RING_ELEMENT_1024, CPA_PKE_PUBLIC_KEY_SIZE_1024, - >(public_key) + >(public_key, unpacked_public_key) } /// Generate ML-KEM 1024 Key Pair in "unpacked" form diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index dc146ca59..0ff9903a1 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -236,21 +236,33 @@ macro_rules! instantiate { MlKem512KeyPairUnpacked::default() } + /// Create a new, empty unpacked public key. + pub fn init_public_key() -> MlKem512PublicKeyUnpacked { + MlKem512PublicKeyUnpacked::default() + } + /// Get the serialized public key. - pub fn serialized_public_key(public_key: &MlKem512PublicKeyUnpacked) -> MlKem512PublicKey { - p::unpacked::serialized_public_key::(public_key) + pub fn serialized_public_key( + public_key: &MlKem512PublicKeyUnpacked, + serialized: &mut MlKem512PublicKey + ) { + public_key.serialized_public_key_mut::< + RANKED_BYTES_PER_RING_ELEMENT_512, + CPA_PKE_PUBLIC_KEY_SIZE_512 + >(serialized) } /// Get the unpacked public key. pub fn unpacked_public_key( public_key: &MlKem512PublicKey, - ) -> MlKem512PublicKeyUnpacked { + unpacked_public_key: &mut MlKem512PublicKeyUnpacked , + ) { p::unpacked::unpack_public_key::< RANK_512, T_AS_NTT_ENCODED_SIZE_512, RANKED_BYTES_PER_RING_ELEMENT_512, CPA_PKE_PUBLIC_KEY_SIZE_512, - >(public_key) + >(public_key, unpacked_public_key) } /// Generate ML-KEM 512 Key Pair in "unpacked" form diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 6be10c261..bc384d76c 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -238,21 +238,37 @@ macro_rules! instantiate { MlKem768KeyPairUnpacked::default() } + /// Create a new, empty unpacked public key. + pub fn init_public_key() -> MlKem768PublicKeyUnpacked { + MlKem768PublicKeyUnpacked::default() + } + + /// Get the serialized public key. + pub fn serialized_public_key(public_key: &MlKem768PublicKeyUnpacked, serialized : &mut MlKem768PublicKey) { + public_key.serialized_public_key_mut::(serialized); + } + /// Get the serialized public key. - pub fn serialized_public_key(public_key: &MlKem768PublicKeyUnpacked) -> MlKem768PublicKey { - p::unpacked::serialized_public_key::(public_key) + pub fn key_pair_serialized_public_key(key_pair: &MlKem768KeyPairUnpacked, serialized : &mut MlKem768PublicKey) { + key_pair.serialized_public_key_mut::(serialized); + } + + /// Get the unpacked public key. + pub fn public_key(key_pair: &MlKem768KeyPairUnpacked, pk: &mut MlKem768PublicKeyUnpacked) { + *pk = (*key_pair.public_key()).clone(); } /// Get the unpacked public key. pub fn unpacked_public_key( public_key: &MlKem768PublicKey, - ) -> MlKem768PublicKeyUnpacked { + unpacked_public_key: &mut MlKem768PublicKeyUnpacked + ) { p::unpacked::unpack_public_key::< RANK_768, T_AS_NTT_ENCODED_SIZE_768, RANKED_BYTES_PER_RING_ELEMENT_768, CPA_PKE_PUBLIC_KEY_SIZE_768, - >(public_key) + >(public_key, unpacked_public_key) } /// Generate ML-KEM 768 Key Pair in "unpacked" form. diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index b0230875f..e5abd0045 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -14,8 +14,8 @@ pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = [ pub(crate) const VECTORS_IN_RING_ELEMENT: usize = super::constants::COEFFICIENTS_IN_RING_ELEMENT / FIELD_ELEMENTS_IN_VECTOR; -#[cfg_attr(eurydice, derive(Clone, Copy))] -#[cfg_attr(not(eurydice), derive(Clone, Copy))] +// XXX: We don't want to copy this. But for eurydice we have to have this. +#[derive(Clone, Copy)] pub(crate) struct PolynomialRingElement { pub(crate) coefficients: [Vector; VECTORS_IN_RING_ELEMENT], } diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs index b2ab0cc30..b13a8e8dd 100644 --- a/libcrux-ml-kem/src/types.rs +++ b/libcrux-ml-kem/src/types.rs @@ -5,6 +5,12 @@ macro_rules! impl_generic_struct { pub(crate) value: [u8; SIZE], } + impl Default for $name { + fn default() -> Self { + Self { value: [0u8; SIZE] } + } + } + impl AsRef<[u8]> for $name { fn as_ref(&self) -> &[u8] { &self.value diff --git a/libcrux-ml-kem/tests/self.rs b/libcrux-ml-kem/tests/self.rs index 34b89e66f..3ab9e088a 100644 --- a/libcrux-ml-kem/tests/self.rs +++ b/libcrux-ml-kem/tests/self.rs @@ -53,15 +53,21 @@ macro_rules! impl_consistency_unpacked { let key_pair = p::generate_key_pair(randomness); // Ensure the two keys are the same + let mut serialized_public_key = Default::default(); + p::unpacked::serialized_public_key( + key_pair_unpacked.public_key(), + &mut serialized_public_key, + ); assert_eq!( key_pair.public_key().as_slice(), - p::unpacked::serialized_public_key(&key_pair_unpacked.public_key).as_slice() + serialized_public_key.as_slice() ); + let mut re_unpacked_public_key = Default::default(); + p::unpacked::unpacked_public_key(key_pair.public_key(), &mut re_unpacked_public_key); + let mut serialized_public_key = Default::default(); + p::unpacked::serialized_public_key(&re_unpacked_public_key, &mut serialized_public_key); assert_eq!( - p::unpacked::serialized_public_key(&p::unpacked::unpacked_public_key( - key_pair.public_key() - )) - .as_slice(), + serialized_public_key.as_slice(), key_pair.public_key().as_slice() ); From 11875059e8bb57c0911968fe33e72cc9851527a6 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 16 Sep 2024 09:56:24 +0000 Subject: [PATCH 151/172] drop unpacked feature --- libcrux-ml-kem/Cargo.toml | 5 +- libcrux-ml-kem/benches/ml-kem.rs | 29 +++---- libcrux-ml-kem/boring.sh | 2 +- libcrux-ml-kem/c.sh | 1 - libcrux-ml-kem/src/ind_cca.rs | 19 ++--- libcrux-ml-kem/src/ind_cca/instantiations.rs | 1 - libcrux-ml-kem/src/ind_cpa.rs | 84 ++++++-------------- libcrux-ml-kem/src/matrix.rs | 12 --- libcrux-ml-kem/src/mlkem1024.rs | 4 - libcrux-ml-kem/src/mlkem512.rs | 2 - libcrux-ml-kem/src/mlkem768.rs | 6 -- libcrux-ml-kem/src/serialize.rs | 20 ++++- libcrux-ml-kem/tests/self.rs | 26 +----- 13 files changed, 72 insertions(+), 139 deletions(-) diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index a0f82ec4e..912023be8 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -47,9 +47,6 @@ mlkem512 = [] mlkem768 = [] mlkem1024 = [] -# Enable the unpacked API -unpacked = [] - # Enable Round 3 Kyber in addition to ML-KEM kyber = [] @@ -86,7 +83,7 @@ name = "keygen" required-features = ["mlkem768"] [package.metadata."docs.rs"] -features = ["pre-verification", "kyber", "unpacked"] +features = ["pre-verification", "kyber"] rustdoc-args = ["--cfg", "doc_cfg"] [lints.rust] diff --git a/libcrux-ml-kem/benches/ml-kem.rs b/libcrux-ml-kem/benches/ml-kem.rs index 59e24da45..ef048452d 100644 --- a/libcrux-ml-kem/benches/ml-kem.rs +++ b/libcrux-ml-kem/benches/ml-kem.rs @@ -13,25 +13,20 @@ macro_rules! init { use $version as version; #[cfg(feature = "pre-verification")] - fun!("portable", version::portable, group); - #[cfg(all(feature = "pre-verification", feature = "unpacked"))] - fun_unpacked!("portable", version::portable::unpacked, group); + { + fun!("portable", version::portable, group); + fun_unpacked!("portable", version::portable::unpacked, group); + } #[cfg(all(feature = "simd128", feature = "pre-verification"))] - fun!("neon", version::neon, group); - #[cfg(all( - feature = "simd128", - feature = "pre-verification", - feature = "unpacked" - ))] - fun_unpacked!("neon", version::neon::unpacked, group); + { + fun!("neon", version::neon, group); + fun_unpacked!("neon", version::neon::unpacked, group); + } #[cfg(all(feature = "simd256", feature = "pre-verification"))] - fun!("avx2", version::avx2, group); - #[cfg(all( - feature = "simd256", - feature = "pre-verification", - feature = "unpacked" - ))] - fun_unpacked!("avx2", version::avx2::unpacked, group); + { + fun!("avx2", version::avx2, group); + fun_unpacked!("avx2", version::avx2::unpacked, group); + } #[cfg(not(feature = "pre-verification"))] fun!("verified", version, group); }}; diff --git a/libcrux-ml-kem/boring.sh b/libcrux-ml-kem/boring.sh index b38fcdf79..54c092332 100755 --- a/libcrux-ml-kem/boring.sh +++ b/libcrux-ml-kem/boring.sh @@ -20,7 +20,7 @@ if [[ "$no_clean" = 0 ]]; then cargo clean fi ./c.sh --config cg.yaml --out cg --mlkem768 --kyber768 \ - --no-glue --no-unrolling --no-karamel_include --no-karamel_include --unpacked + --no-glue --no-unrolling --no-karamel_include --no-karamel_include clang-format --style=Google -i cg/*.h diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index d6fc41bf8..142ece36a 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -41,7 +41,6 @@ while [ $# -gt 0 ]; do --glue) glue="$2"; shift ;; --mlkem768) features="${features} --cargo-arg=--no-default-features --cargo-arg=--features=mlkem768" ;; --kyber768) features="${features} --cargo-arg=--features=kyber" ;; - --unpacked) features="${features} --cargo-arg=--features=unpacked" ;; --no-glue) eurydice_glue=0 ;; --no-karamel_include) karamel_include=0 ;; --no-unrolling) unrolling=0 ;; diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 3bdbfb662..31dc1b563 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -3,7 +3,7 @@ use crate::{ constants::{CPA_PKE_KEY_GENERATION_SEED_SIZE, H_DIGEST_SIZE, SHARED_SECRET_SIZE}, hash_functions::Hash, ind_cpa::serialize_public_key, - serialize::deserialize_ring_elements_reduced, + serialize::deserialize_ring_elements_reduced_out, types::*, utils::into_padded_array, variant::*, @@ -67,7 +67,7 @@ fn validate_public_key< >( public_key: &[u8; PUBLIC_KEY_SIZE], ) -> bool { - let deserialized_pk = deserialize_ring_elements_reduced::( + let deserialized_pk = deserialize_ring_elements_reduced_out::( &public_key[..RANKED_BYTES_PER_RING_ELEMENT], ); let public_key_serialized = @@ -277,7 +277,6 @@ pub(crate) fn decapsulate< } /// Types for the unpacked API. -#[cfg(feature = "unpacked")] pub(crate) mod unpacked { use core::array::from_fn; @@ -287,8 +286,9 @@ pub(crate) mod unpacked { compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, }, ind_cpa::{generate_keypair_unpacked, serialize_public_key_mut, unpacked::*}, - matrix::sample_matrix_a_out, + matrix::sample_matrix_A, polynomial::PolynomialRingElement, + serialize::deserialize_ring_elements_reduced, vector::traits::Operations, }; @@ -324,13 +324,14 @@ pub(crate) mod unpacked { public_key: &MlKemPublicKey, unpacked_public_key: &mut MlKemPublicKeyUnpacked, ) { - unpacked_public_key.ind_cpa_public_key.t_as_ntt = - deserialize_ring_elements_reduced::( - &public_key.value[..T_AS_NTT_ENCODED_SIZE], - ); + deserialize_ring_elements_reduced::( + &public_key.value[..T_AS_NTT_ENCODED_SIZE], + &mut unpacked_public_key.ind_cpa_public_key.t_as_ntt, + ); unpacked_public_key.ind_cpa_public_key.seed_for_A = into_padded_array(&public_key.value[T_AS_NTT_ENCODED_SIZE..]); - unpacked_public_key.ind_cpa_public_key.A = sample_matrix_a_out::( + sample_matrix_A::( + &mut unpacked_public_key.ind_cpa_public_key.A, into_padded_array(&public_key.value[T_AS_NTT_ENCODED_SIZE..]), false, ); diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index ff47cca0f..84c25668b 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -261,7 +261,6 @@ macro_rules! instantiate { } /// Unpacked API - #[cfg(feature = "unpacked")] pub(crate) mod unpacked { use super::*; diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index fe5a232b6..da13442ec 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -1,7 +1,5 @@ use core::array::from_fn; -#[cfg(feature = "unpacked")] -use crate::variant::MlKem; use crate::{ constants::{BYTES_PER_RING_ELEMENT, COEFFICIENTS_IN_RING_ELEMENT, SHARED_SECRET_SIZE}, hash_functions::Hash, @@ -18,7 +16,7 @@ use crate::{ serialize_uncompressed_ring_element, }, utils::into_padded_array, - variant::Variant, + variant::{MlKem, Variant}, vector::Operations, }; @@ -41,7 +39,6 @@ pub mod unpacked { } /// An unpacked ML-KEM IND-CPA Private Key - #[cfg(feature = "unpacked")] #[derive(Clone)] pub(crate) struct IndCpaPublicKeyUnpacked { pub(crate) t_as_ntt: [PolynomialRingElement; K], @@ -373,7 +370,6 @@ fn compress_then_serialize_u< /// The NIST FIPS 203 standard can be found at /// . #[allow(non_snake_case)] -#[cfg(feature = "unpacked")] pub(crate) fn encrypt_unpacked< const K: usize, const CIPHERTEXT_SIZE: usize, @@ -470,9 +466,12 @@ pub(crate) fn encrypt< message: [u8; SHARED_SECRET_SIZE], randomness: &[u8], ) -> [u8; CIPHERTEXT_SIZE] { + let mut unpacked_public_key = IndCpaPublicKeyUnpacked::::default(); + // tˆ := Decode_12(pk) - let t_as_ntt = deserialize_ring_elements_reduced::( + deserialize_ring_elements_reduced::( &public_key[..T_AS_NTT_ENCODED_SIZE], + &mut unpacked_public_key.t_as_ntt, ); // ρ := pk + 12·k·n / 8 @@ -482,59 +481,29 @@ pub(crate) fn encrypt< // end for // end for let seed = &public_key[T_AS_NTT_ENCODED_SIZE..]; - let A = sample_matrix_a_out::(into_padded_array(seed), false); - - // Note that we do not use the unpacked function internally here and instead - // duplicate the code to avoid blowing up the stack. - - // for i from 0 to k−1 do - // r[i] := CBD{η1}(PRF(r, N)) - // N := N + 1 - // end for - // rˆ := NTT(r) - let mut prf_input: [u8; 33] = into_padded_array(randomness); - let (r_as_ntt, domain_separator) = - sample_vector_cbd_then_ntt_out::( - prf_input, 0, - ); - - // for i from 0 to k−1 do - // e1[i] := CBD_{η2}(PRF(r,N)) - // N := N + 1 - // end for - let (error_1, domain_separator) = - sample_ring_element_cbd::( - prf_input, - domain_separator, - ); - - // e_2 := CBD{η2}(PRF(r, N)) - prf_input[32] = domain_separator; - let prf_output: [u8; ETA2_RANDOMNESS_SIZE] = Hasher::PRF(&prf_input); - let error_2 = sample_from_binomial_distribution::(&prf_output); - - // u := NTT^{-1}(AˆT ◦ rˆ) + e_1 - let u = compute_vector_u(&A, &r_as_ntt, &error_1); - - // v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) - let message_as_ring_element = deserialize_then_decompress_message(message); - let v = compute_ring_element_v(&t_as_ntt, &r_as_ntt, &error_2, &message_as_ring_element); - - let mut ciphertext = [0u8; CIPHERTEXT_SIZE]; - - // c_1 := Encode_{du}(Compress_q(u,d_u)) - compress_then_serialize_u::( - u, - &mut ciphertext[0..C1_LEN], + sample_matrix_A::( + &mut unpacked_public_key.A, + into_padded_array(seed), + false, ); - // c_2 := Encode_{dv}(Compress_q(v,d_v)) - compress_then_serialize_ring_element_v::( - v, - &mut ciphertext[C1_LEN..], - ); - - ciphertext + // After unpacking the public key we can now call the unpacked decryption. + encrypt_unpacked::< + K, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_LEN, + C2_LEN, + U_COMPRESSION_FACTOR, + V_COMPRESSION_FACTOR, + BLOCK_LEN, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + Vector, + Hasher, + >(&unpacked_public_key, message, randomness) } /// Call [`deserialize_then_decompress_ring_element_u`] on each ring element @@ -638,7 +607,6 @@ pub(crate) fn decrypt< ) -> [u8; SHARED_SECRET_SIZE] { // sˆ := Decode_12(sk) let secret_as_ntt = deserialize_secret_key::(secret_key); - let secret_key_unpacked = IndCpaPrivateKeyUnpacked { secret_as_ntt }; decrypt_unpacked::< diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs index 75d886e8a..3f086e3d4 100644 --- a/libcrux-ml-kem/src/matrix.rs +++ b/libcrux-ml-kem/src/matrix.rs @@ -30,18 +30,6 @@ pub(crate) fn sample_matrix_A>( - seed: [u8; 34], - transpose: bool, -) -> [[PolynomialRingElement; K]; K] { - let mut a = core::array::from_fn(|_i| { - core::array::from_fn(|_j| PolynomialRingElement::::ZERO()) - }); - sample_matrix_A::(&mut a, seed, transpose); - a -} - /// The following functions compute various expressions involving /// vectors and matrices. The computation of these expressions has been /// abstracted away into these functions in order to save on loop iterations. diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 1b9faf437..3b3484b04 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -222,8 +222,6 @@ macro_rules! instantiate { } /// Unpacked APIs that don't use serialized keys. - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] pub mod unpacked { use super::*; @@ -269,8 +267,6 @@ macro_rules! instantiate { } /// Generate ML-KEM 1024 Key Pair in "unpacked" form - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] pub fn generate_key_pair( randomness: [u8; KEY_GENERATION_SEED_SIZE], key_pair: &mut MlKem1024KeyPairUnpacked, diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 0ff9903a1..c6fa31997 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -220,8 +220,6 @@ macro_rules! instantiate { /// Unpacked APIs that don't use serialized keys. - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] pub mod unpacked { use super::*; diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index bc384d76c..bdc5c78f7 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -222,8 +222,6 @@ macro_rules! instantiate { } /// Unpacked APIs that don't use serialized keys. - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] pub mod unpacked { use super::*; @@ -305,8 +303,6 @@ macro_rules! instantiate { ()" ) )] - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] pub fn encapsulate( public_key: &MlKem768PublicKeyUnpacked, randomness: [u8; SHARED_SECRET_SIZE], @@ -333,8 +329,6 @@ macro_rules! instantiate { /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] /// and an [`MlKem768Ciphertext`]. - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] pub fn decapsulate( private_key: &MlKem768KeyPairUnpacked, ciphertext: &MlKem768Ciphertext, diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs index 65648ce22..db357ccf6 100644 --- a/libcrux-ml-kem/src/serialize.rs +++ b/libcrux-ml-kem/src/serialize.rs @@ -89,7 +89,7 @@ fn deserialize_to_reduced_ring_element( /// /// This function MUST NOT be used on secret inputs. #[inline(always)] -pub(super) fn deserialize_ring_elements_reduced< +pub(super) fn deserialize_ring_elements_reduced_out< const PUBLIC_KEY_SIZE: usize, const K: usize, Vector: Operations, @@ -97,6 +97,23 @@ pub(super) fn deserialize_ring_elements_reduced< public_key: &[u8], ) -> [PolynomialRingElement; K] { let mut deserialized_pk = core::array::from_fn(|_i| PolynomialRingElement::::ZERO()); + deserialize_ring_elements_reduced::( + public_key, + &mut deserialized_pk, + ); + deserialized_pk +} + +/// See [deserialize_ring_elements_reduced_out]. +#[inline(always)] +pub(super) fn deserialize_ring_elements_reduced< + const PUBLIC_KEY_SIZE: usize, + const K: usize, + Vector: Operations, +>( + public_key: &[u8], + deserialized_pk: &mut [PolynomialRingElement; K], +) { cloop! { for (i, ring_element) in public_key .chunks_exact(BYTES_PER_RING_ELEMENT) @@ -105,7 +122,6 @@ pub(super) fn deserialize_ring_elements_reduced< deserialized_pk[i] = deserialize_to_reduced_ring_element(ring_element); } } - deserialized_pk } #[inline(always)] diff --git a/libcrux-ml-kem/tests/self.rs b/libcrux-ml-kem/tests/self.rs index 3ab9e088a..c2cea8a4b 100644 --- a/libcrux-ml-kem/tests/self.rs +++ b/libcrux-ml-kem/tests/self.rs @@ -34,7 +34,7 @@ macro_rules! impl_consistency { }; } -#[cfg(all(feature = "pre-verification", feature = "unpacked"))] +#[cfg(all(feature = "pre-verification",))] macro_rules! impl_consistency_unpacked { // $key_gen:expr, $encaps:expr, $key_gen_unpacked:expr, $encaps_unpacked:expr, $decaps_unpacked:expr ($name:ident, $modp:path) => { @@ -263,11 +263,7 @@ impl_consistency!( libcrux_ml_kem::mlkem1024::decapsulate ); -#[cfg(all( - feature = "mlkem512", - feature = "pre-verification", - feature = "unpacked" -))] +#[cfg(all(feature = "mlkem512", feature = "pre-verification",))] impl_consistency_unpacked!( consistency_unpacked_512_portable, libcrux_ml_kem::mlkem512::portable @@ -277,7 +273,6 @@ impl_consistency_unpacked!( feature = "mlkem512", feature = "pre-verification", feature = "simd128", - feature = "unpacked" ))] impl_consistency_unpacked!( consistency_unpacked_512_neon, @@ -288,18 +283,13 @@ impl_consistency_unpacked!( feature = "mlkem512", feature = "pre-verification", feature = "simd256", - feature = "unpacked" ))] impl_consistency_unpacked!( consistency_unpacked_512_avx2, libcrux_ml_kem::mlkem512::avx2 ); -#[cfg(all( - feature = "mlkem1024", - feature = "pre-verification", - feature = "unpacked" -))] +#[cfg(all(feature = "mlkem1024", feature = "pre-verification",))] impl_consistency_unpacked!( consistency_unpacked_1024_portable, libcrux_ml_kem::mlkem1024::portable @@ -309,7 +299,6 @@ impl_consistency_unpacked!( feature = "mlkem1024", feature = "pre-verification", feature = "simd128", - feature = "unpacked" ))] impl_consistency_unpacked!( consistency_unpacked_1024_neon, @@ -320,18 +309,13 @@ impl_consistency_unpacked!( feature = "mlkem1024", feature = "pre-verification", feature = "simd256", - feature = "unpacked" ))] impl_consistency_unpacked!( consistency_unpacked_1024_avx2, libcrux_ml_kem::mlkem1024::avx2 ); -#[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "unpacked" -))] +#[cfg(all(feature = "mlkem768", feature = "pre-verification",))] impl_consistency_unpacked!( consistency_unpacked_768_portable, libcrux_ml_kem::mlkem768::portable @@ -341,7 +325,6 @@ impl_consistency_unpacked!( feature = "mlkem768", feature = "pre-verification", feature = "simd128", - feature = "unpacked" ))] impl_consistency_unpacked!( consistency_unpacked_768_neon, @@ -352,7 +335,6 @@ impl_consistency_unpacked!( feature = "mlkem768", feature = "pre-verification", feature = "simd256", - feature = "unpacked" ))] impl_consistency_unpacked!( consistency_unpacked_768_avx2, From 1e523e84ff508f72dfbaa402eaf06ef5eeb121d5 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 16 Sep 2024 10:06:37 +0000 Subject: [PATCH 152/172] update C code --- libcrux-ml-kem/c/code_gen.txt | 8 +- libcrux-ml-kem/c/eurydice_glue.h | 18 + libcrux-ml-kem/c/internal/libcrux_core.h | 285 +- .../c/internal/libcrux_mlkem_avx2.h | 42 +- .../c/internal/libcrux_mlkem_portable.h | 42 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 8 +- .../c/internal/libcrux_sha3_internal.h | 136 +- libcrux-ml-kem/c/libcrux_core.c | 408 +-- libcrux-ml-kem/c/libcrux_core.h | 80 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 11 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 48 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 12 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 48 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 12 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 38 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 38 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 38 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 38 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2681 +++++++++------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2687 ++++++++++------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 8 +- libcrux-ml-kem/c/libcrux_sha3.h | 8 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 20 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 48 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 8 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 8 +- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 8 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 831 +++-- .../cg/libcrux_mlkem768_avx2_types.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 746 ++--- .../cg/libcrux_mlkem768_portable_types.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 43 files changed, 4799 insertions(+), 3640 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index dde362958..41794f3c1 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d -Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 -Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 +Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 +Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac +Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d +Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 660918c54..ad026b9e1 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -18,6 +18,13 @@ extern "C" { #include "krml/lowstar_endianness.h" #define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) +#define EURYDICE_ASSERT(test, msg) \ + do { \ + if (!(test)) { \ + fprintf(stderr, "assertion \"%s\" failed: file \"%s\", line %d\n", msg, \ + __FILE__, __LINE__); \ + } \ + } while (0) // SLICES, ARRAYS, ETC. @@ -130,6 +137,10 @@ static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { memcpy(dst, &x, 4); } +static inline void core_num__u32_8__to_le_bytes(uint32_t src, uint8_t dst[4]) { + store32_le(dst, src); +} + static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { return load32_le(buf); } @@ -137,6 +148,7 @@ static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { store64_le(buf, v); } + static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { return load64_le(buf); } @@ -188,6 +200,9 @@ static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } +static inline uint32_t Eurydice_min_u32(uint32_t x, uint32_t y) { + return x < y ? x : y; +} #define core_num_nonzero_private_NonZeroUsizeInner size_t static inline core_num_nonzero_private_NonZeroUsizeInner @@ -210,6 +225,9 @@ core_num_nonzero_private___core__clone__Clone_for_core__num__nonzero__private__N #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ Eurydice_range_iter_next +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \ + Eurydice_range_iter_next + // See note in karamel/lib/Inlining.ml if you change this #define Eurydice_into_iter(x, t, _ret_t) (x) #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter \ diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index fac523ae0..9d4ec69c2 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __internal_libcrux_core_H @@ -62,14 +62,14 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_8c1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_40_1c1( uint8_t value[1568U]); /** @@ -85,82 +85,74 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_f61( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_621( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#10} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_9d1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_88_3e1( uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemPublicKey)#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_131( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_40_1c0( + uint8_t value[1184U]); /** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb -with const generics -- SIZE= 1568 + Create a new [`MlKemKeyPair`] from the secret and public key. */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_a91( - libcrux_ml_kem_types_MlKemPublicKey_1f *self); - /** -This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +This function found in impl +{libcrux_ml_kem::types::MlKemKeyPair} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- SIZE= 1568 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_df1( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_620( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** - Pad the `slice` with `0`s at the end. +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPrivateKey)#10} */ /** -A monomorphic instance of libcrux_ml_kem.utils.into_padded_array +A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics -- LEN= 1600 +- SIZE= 2400 */ -void libcrux_ml_kem_utils_into_padded_array_424(Eurydice_slice slice, - uint8_t ret[1600U]); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_88_3e0( + uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics -- SIZE= 1184 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_8c0( - uint8_t value[1184U]); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_40_1c( + uint8_t value[800U]); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -172,61 +164,61 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_f60( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_62( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#10} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics -- SIZE= 2400 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_9d0( - uint8_t value[2400U]); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_88_3e( + uint8_t value[1632U]); /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} + A reference to the raw byte slice. */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 -with const generics -- SIZE= 1088 +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_130( - uint8_t value[1088U]); - /** - A reference to the raw byte slice. +A monomorphic instance of libcrux_ml_kem.types.as_slice_ba +with const generics +- SIZE= 1184 */ +uint8_t *libcrux_ml_kem_types_as_slice_ba_e91( + libcrux_ml_kem_types_MlKemPublicKey_15 *self); + /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemCiphertext)#3} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics -- SIZE= 1184 +- SIZE= 1088 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_a90( - libcrux_ml_kem_types_MlKemPublicKey_15 *self); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_fc_151( + uint8_t value[1088U]); /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_df0( +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_b61( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -237,49 +229,71 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_423(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_425(Eurydice_slice slice, uint8_t ret[1120U]); /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} + A reference to the raw byte slice. +*/ +/** +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_8c( - uint8_t value[800U]); +uint8_t *libcrux_ml_kem_types_as_slice_ba_e90( + libcrux_ml_kem_types_MlKemPublicKey_be *self); /** - Create a new [`MlKemKeyPair`] from the secret and public key. +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemCiphertext)#3} */ /** -This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair} +A monomorphic instance of libcrux_ml_kem.types.from_fc +with const generics +- SIZE= 768 */ +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_fc_150( + uint8_t value[768U]); + /** -A monomorphic instance of libcrux_ml_kem.types.from_17 +This function found in impl {(core::convert::AsRef<@Slice> for +libcrux_ml_kem::types::MlKemCiphertext)#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- SIZE= 768 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_f6( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk); +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_b60( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} + Pad the `slice` with `0`s at the end. */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- SIZE= 1632 +- LEN= 800 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_9d( - uint8_t value[1632U]); +void libcrux_ml_kem_utils_into_padded_array_424(Eurydice_slice slice, + uint8_t ret[800U]); + +/** + A reference to the raw byte slice. +*/ +/** +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.as_slice_ba +with const generics +- SIZE= 1568 +*/ +uint8_t *libcrux_ml_kem_types_as_slice_ba_e9( + libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** A monomorphic instance of core.result.Result @@ -295,40 +309,38 @@ typedef struct core_result_Result_00_s { } core_result_Result_00; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]); +void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]); /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} + Pad the `slice` with `0`s at the end. */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- SIZE= 768 +- LEN= 34 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_13( - uint8_t value[768U]); +void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, + uint8_t ret[34U]); /** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemCiphertext)#3} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics -- SIZE= 800 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_a9( - libcrux_ml_kem_types_MlKemPublicKey_be *self); +libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_fc_15( + uint8_t value[1568U]); /** Pad the `slice` with `0`s at the end. @@ -338,31 +350,20 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, - uint8_t ret[33U]); - -/** - Pad the `slice` with `0`s at the end. -*/ -/** -A monomorphic instance of libcrux_ml_kem.utils.into_padded_array -with const generics -- LEN= 34 -*/ void libcrux_ml_kem_utils_into_padded_array_421(Eurydice_slice slice, - uint8_t ret[34U]); + uint8_t ret[33U]); /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics -- SIZE= 768 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_df( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_b6( + libcrux_ml_kem_types_MlKemCiphertext_1f *self); /** Pad the `slice` with `0`s at the end. @@ -370,10 +371,10 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_df( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1600 */ void libcrux_ml_kem_utils_into_padded_array_420(Eurydice_slice slice, - uint8_t ret[800U]); + uint8_t ret[1600U]); /** Pad the `slice` with `0`s at the end. @@ -400,14 +401,15 @@ typedef struct core_result_Result_6f_s { } core_result_Result_6f; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]); +void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]); /** A monomorphic instance of core.result.Result @@ -423,14 +425,15 @@ typedef struct core_result_Result_7a_s { } core_result_Result_7a; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]); +void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]); /** A monomorphic instance of core.result.Result @@ -446,14 +449,15 @@ typedef struct core_result_Result_cd_s { } core_result_Result_cd; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]); +void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result @@ -469,14 +473,15 @@ typedef struct core_result_Result_c0_s { } core_result_Result_c0; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]); +void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]); typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { Eurydice_slice fst[4U]; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 7b2cba596..dae116343 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -48,7 +48,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6e1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_331(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -65,7 +65,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_fd1( +bool libcrux_ml_kem_ind_cca_validate_private_key_701( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); @@ -91,7 +91,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_611(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_7a1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -112,7 +112,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_ae1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_4a1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -138,7 +138,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_bb1( +void libcrux_ml_kem_ind_cca_decapsulate_051( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -157,7 +157,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6e0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_330(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -174,9 +174,9 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_fd0( +bool libcrux_ml_kem_ind_cca_validate_private_key_700( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); /** Packed API @@ -200,7 +200,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_610(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_7a0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -221,7 +221,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_ae0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_4a0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -247,9 +247,9 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_bb0( +void libcrux_ml_kem_ind_cca_decapsulate_050( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); /** Validate an ML-KEM public key. @@ -266,7 +266,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6e(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_33(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -283,7 +283,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_fd( +bool libcrux_ml_kem_ind_cca_validate_private_key_70( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); @@ -308,7 +308,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_61( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_7a( uint8_t randomness[64U]); /** @@ -330,7 +330,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_ae( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_4a( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -356,7 +356,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_bb( +void libcrux_ml_kem_ind_cca_decapsulate_05( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 0353b2721..2718a9825 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -53,7 +53,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_7b1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_c31(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -70,9 +70,9 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_be( +bool libcrux_ml_kem_ind_cca_validate_private_key_9d( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); /** Packed API @@ -96,7 +96,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d41(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_7d1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -117,7 +117,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c11( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -143,9 +143,9 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_641( +void libcrux_ml_kem_ind_cca_decapsulate_2b1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); /** Validate an ML-KEM public key. @@ -162,7 +162,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_7b0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_c30(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -179,7 +179,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_db( +bool libcrux_ml_kem_ind_cca_validate_private_key_df( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); @@ -205,7 +205,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_d40(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_7d0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -226,7 +226,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c10( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -252,7 +252,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_640( +void libcrux_ml_kem_ind_cca_decapsulate_2b0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -271,7 +271,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_7b(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_c3(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -288,7 +288,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_c7( +bool libcrux_ml_kem_ind_cca_validate_private_key_49( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); @@ -314,7 +314,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d4(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_7d(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -335,7 +335,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -361,7 +361,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_64( +void libcrux_ml_kem_ind_cca_decapsulate_2b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index f39f4c3b2..c112b8994 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index a71b1d5fe..e99d22bd0 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __internal_libcrux_sha3_internal_H @@ -29,7 +29,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -207,7 +207,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -258,16 +258,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -292,16 +292,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -309,7 +309,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_15(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_15(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -362,16 +362,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -379,7 +379,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { @@ -408,7 +408,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} static inline void libcrux_sha3_portable_incremental_absorb_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_45(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_45(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_4f @@ -422,17 +422,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -440,7 +440,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -487,7 +487,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_absorb_final_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b6(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b6(&self, buf); return self; } @@ -496,16 +496,16 @@ libcrux_sha3_portable_incremental_absorb_final_7d( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -650,21 +650,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_9d_47(void) { +libcrux_sha3_generic_keccak_new_8b_47(void) { libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -681,7 +681,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_9d_47(); + return libcrux_sha3_generic_keccak_new_8b_47(); } /** @@ -712,16 +712,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -746,16 +746,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -763,7 +763,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_150(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_150(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -816,16 +816,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -833,7 +833,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { @@ -859,7 +859,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} static inline void libcrux_sha3_portable_incremental_absorb_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_450(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_450(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_78 @@ -873,17 +873,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -891,7 +891,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -935,7 +935,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_absorb_final_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b60(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b60(&self, buf); return self; } @@ -944,16 +944,16 @@ libcrux_sha3_portable_incremental_absorb_final_1c( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -1130,21 +1130,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_9d_470(void) { +libcrux_sha3_generic_keccak_new_8b_470(void) { libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e0(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e0(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -1158,7 +1158,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_9d_470(); + return libcrux_sha3_generic_keccak_new_8b_470(); } /** @@ -1205,16 +1205,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -1242,7 +1242,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1277,7 +1277,7 @@ libcrux_sha3::portable::incremental::Shake256Squeeze)#3} static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba(self, buf); } /** @@ -1324,16 +1324,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -1361,7 +1361,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1396,7 +1396,7 @@ libcrux_sha3::portable::incremental::Shake128Squeeze)#1} static inline void libcrux_sha3_portable_incremental_squeeze_10( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba0(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba0(self, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 4713a24f9..0bfb8347b 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #include "internal/libcrux_core.h" @@ -84,14 +84,14 @@ void libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_i /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_8c1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_40_1c1( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -114,7 +114,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_f61( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_621( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -123,14 +123,14 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_f61( /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#10} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_9d1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_88_3e1( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -142,88 +142,78 @@ libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_9d1( /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemPublicKey)#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_131( - uint8_t value[1568U]) { +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_40_1c0( + uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1568U]; - memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); + uint8_t copy_of_value[1184U]; + memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_15 lit; + memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); return lit; } /** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb -with const generics -- SIZE= 1568 + Create a new [`MlKemKeyPair`] from the secret and public key. */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_a91( - libcrux_ml_kem_types_MlKemPublicKey_1f *self) { - return self->value; -} - /** -This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +This function found in impl +{libcrux_ml_kem::types::MlKemKeyPair} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- SIZE= 1568 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_df1( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_620( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk) { + return ( + CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** - Pad the `slice` with `0`s at the end. +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPrivateKey)#10} */ /** -A monomorphic instance of libcrux_ml_kem.utils.into_padded_array +A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics -- LEN= 1600 +- SIZE= 2400 */ -void libcrux_ml_kem_utils_into_padded_array_424(Eurydice_slice slice, - uint8_t ret[1600U]) { - uint8_t out[1600U] = {0U}; - uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); - memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_88_3e0( + uint8_t value[2400U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[2400U]; + memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 lit; + memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); + return lit; } /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics -- SIZE= 1184 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_8c0( - uint8_t value[1184U]) { +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_40_1c( + uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1184U]; - memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); + uint8_t copy_of_value[800U]; + memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_be lit; + memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -237,45 +227,60 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_f60( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk) { - return ( - CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_62( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk) { + return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); } /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#10} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics -- SIZE= 2400 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_9d0( - uint8_t value[2400U]) { +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_88_3e( + uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[2400U]; - memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); + uint8_t copy_of_value[1632U]; + memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e lit; + memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t)); return lit; } +/** + A reference to the raw byte slice. +*/ +/** +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.as_slice_ba +with const generics +- SIZE= 1184 +*/ +uint8_t *libcrux_ml_kem_types_as_slice_ba_e91( + libcrux_ml_kem_types_MlKemPublicKey_15 *self) { + return self->value; +} + /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#3} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_130( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_fc_151( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -285,32 +290,16 @@ libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_130( return lit; } -/** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb -with const generics -- SIZE= 1184 -*/ -uint8_t *libcrux_ml_kem_types_as_slice_cb_a90( - libcrux_ml_kem_types_MlKemPublicKey_15 *self) { - return self->value; -} - /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_df0( +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_b61( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -323,7 +312,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_423(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_425(Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -335,71 +324,99 @@ void libcrux_ml_kem_utils_into_padded_array_423(Eurydice_slice slice, } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} + A reference to the raw byte slice. +*/ +/** +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_8c( - uint8_t value[800U]) { +uint8_t *libcrux_ml_kem_types_as_slice_ba_e90( + libcrux_ml_kem_types_MlKemPublicKey_be *self) { + return self->value; +} + +/** +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemCiphertext)#3} +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.from_fc +with const generics +- SIZE= 768 +*/ +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_fc_150( + uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[800U]; - memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); + uint8_t copy_of_value[768U]; + memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 lit; + memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); return lit; } /** - Create a new [`MlKemKeyPair`] from the secret and public key. +This function found in impl {(core::convert::AsRef<@Slice> for +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair} +A monomorphic instance of libcrux_ml_kem.types.as_ref_fd +with const generics +- SIZE= 768 +*/ +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_b60( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); +} + +/** + Pad the `slice` with `0`s at the end. */ /** -A monomorphic instance of libcrux_ml_kem.types.from_17 +A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- LEN= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_f6( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk) { - return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); +void libcrux_ml_kem_utils_into_padded_array_424(Eurydice_slice slice, + uint8_t ret[800U]) { + uint8_t out[800U] = {0U}; + uint8_t *uu____0 = out; + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); + memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} + A reference to the raw byte slice. +*/ +/** +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics -- SIZE= 1632 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_9d( - uint8_t value[1632U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1632U]; - memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t)); - return lit; +uint8_t *libcrux_ml_kem_types_as_slice_ba_e9( + libcrux_ml_kem_types_MlKemPublicKey_1f *self) { + return self->value; } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]) { +void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]) { if (self.tag == core_result_Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -412,38 +429,41 @@ void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]) { } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} + Pad the `slice` with `0`s at the end. */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- SIZE= 768 +- LEN= 34 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_13( - uint8_t value[768U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[768U]; - memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); - return lit; +void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, + uint8_t ret[34U]) { + uint8_t out[34U] = {0U}; + uint8_t *uu____0 = out; + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); + memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } /** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemCiphertext)#3} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics -- SIZE= 800 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_a9( - libcrux_ml_kem_types_MlKemPublicKey_be *self) { - return self->value; +libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_fc_15( + uint8_t value[1568U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_1f lit; + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); + return lit; } /** @@ -454,7 +474,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_421(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -465,37 +485,18 @@ void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } -/** - Pad the `slice` with `0`s at the end. -*/ -/** -A monomorphic instance of libcrux_ml_kem.utils.into_padded_array -with const generics -- LEN= 34 -*/ -void libcrux_ml_kem_utils_into_padded_array_421(Eurydice_slice slice, - uint8_t ret[34U]) { - uint8_t out[34U] = {0U}; - uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); - memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); -} - /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics -- SIZE= 768 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_df( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_b6( + libcrux_ml_kem_types_MlKemCiphertext_1f *self) { + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } /** @@ -504,17 +505,17 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_df( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1600 */ void libcrux_ml_kem_utils_into_padded_array_420(Eurydice_slice slice, - uint8_t ret[800U]) { - uint8_t out[800U] = {0U}; + uint8_t ret[1600U]) { + uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t), slice, uint8_t); - memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } /** @@ -537,14 +538,15 @@ void libcrux_ml_kem_utils_into_padded_array_42(Eurydice_slice slice, } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]) { +void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]) { if (self.tag == core_result_Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -557,14 +559,15 @@ void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]) { +void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]) { if (self.tag == core_result_Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -577,14 +580,15 @@ void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]) { +void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]) { if (self.tag == core_result_Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -597,14 +601,15 @@ void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]) { +void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]) { if (self.tag == core_result_Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -617,14 +622,15 @@ void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]) { +void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]) { if (self.tag == core_result_Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index e0a6152f9..346856746 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_core_H @@ -77,21 +77,6 @@ typedef struct libcrux_ml_kem_mlkem1024_MlKem1024KeyPair_s { libcrux_ml_kem_types_MlKemPublicKey_1f pk; } libcrux_ml_kem_mlkem1024_MlKem1024KeyPair; -typedef struct libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext_s { - uint8_t value[1568U]; -} libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$1568size_t]], -uint8_t[32size_t] - -*/ -typedef struct tuple_21_s { - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext fst; - uint8_t snd[32U]; -} tuple_21; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -115,21 +100,6 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { libcrux_ml_kem_types_MlKemPublicKey_15 pk; } libcrux_ml_kem_mlkem768_MlKem768KeyPair; -typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { - uint8_t value[1088U]; -} libcrux_ml_kem_mlkem768_MlKem768Ciphertext; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]], -uint8_t[32size_t] - -*/ -typedef struct tuple_3c_s { - libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst; - uint8_t snd[32U]; -} tuple_3c; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -159,6 +129,21 @@ typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { libcrux_ml_kem_types_MlKemPublicKey_be pk; } libcrux_ml_kem_types_MlKemKeyPair_cb; +typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { + uint8_t value[1088U]; +} libcrux_ml_kem_mlkem768_MlKem768Ciphertext; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]], +uint8_t[32size_t] + +*/ +typedef struct tuple_3c_s { + libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst; + uint8_t snd[32U]; +} tuple_3c; + /** A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext with const generics @@ -178,6 +163,26 @@ typedef struct tuple_ec_s { uint8_t snd[32U]; } tuple_ec; +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext +with const generics +- $1568size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemCiphertext_1f_s { + uint8_t value[1568U]; +} libcrux_ml_kem_types_MlKemCiphertext_1f; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$1568size_t]], +uint8_t[32size_t] + +*/ +typedef struct tuple_21_s { + libcrux_ml_kem_types_MlKemCiphertext_1f fst; + uint8_t snd[32U]; +} tuple_21; + /** A monomorphic instance of core.result.Result with types uint8_t[8size_t], core_array_TryFromSliceError @@ -192,14 +197,15 @@ typedef struct core_result_Result_56_s { } core_result_Result_56; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]); +void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]); typedef struct Eurydice_slice_uint8_t_x2_s { Eurydice_slice fst; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 15fe78611..9a2dcb13a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_mlkem1024_H @@ -70,6 +70,9 @@ extern "C" { (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024) +typedef libcrux_ml_kem_types_MlKemCiphertext_1f + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext; + typedef libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_mlkem1024_MlKem1024PrivateKey; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index ec89cbbb1..885e07729 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #include "libcrux_mlkem1024_avx2.h" @@ -38,11 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_470( +static void decapsulate_d60( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_bb0(private_key, ciphertext, ret); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_050(private_key, ciphertext, ret); } /** @@ -54,9 +53,8 @@ static void decapsulate_470( */ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - decapsulate_470(private_key, ciphertext, ret); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { + decapsulate_d60(private_key, ciphertext, ret); } /** @@ -76,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_030( +static tuple_21 encapsulate_200( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_ae0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_4a0(uu____0, copy_of_randomness); } /** @@ -100,7 +98,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_030(uu____0, copy_of_randomness); + return encapsulate_200(uu____0, copy_of_randomness); } /** @@ -117,12 +115,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_990( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_700( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_610(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_7a0(copy_of_randomness); } /** @@ -133,7 +131,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_990(copy_of_randomness); + return generate_keypair_700(copy_of_randomness); } /** @@ -147,10 +145,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_900( +static KRML_MUSTINLINE bool validate_private_key_290( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_fd0(private_key, + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_700(private_key, ciphertext); } @@ -161,8 +159,8 @@ static KRML_MUSTINLINE bool validate_private_key_900( */ bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { - return validate_private_key_900(private_key, ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { + return validate_private_key_290(private_key, ciphertext); } /** @@ -176,8 +174,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_670(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_6e0(public_key); +static KRML_MUSTINLINE bool validate_public_key_e70(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_330(public_key); } /** @@ -187,5 +185,5 @@ static KRML_MUSTINLINE bool validate_public_key_670(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_670(public_key->value); + return validate_public_key_e70(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 07c10744f..aec5de25f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_mlkem1024_avx2_H @@ -30,7 +30,7 @@ extern "C" { */ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); /** Encapsulate ML-KEM 1024 @@ -56,7 +56,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); */ bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext); /** Validate a public key. diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 54ba411c7..9015a9b24 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #include "libcrux_mlkem1024_portable.h" @@ -38,11 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_ce1( +static void decapsulate_a61( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_641(private_key, ciphertext, ret); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_2b1(private_key, ciphertext, ret); } /** @@ -54,9 +53,8 @@ static void decapsulate_ce1( */ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - decapsulate_ce1(private_key, ciphertext, ret); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { + decapsulate_a61(private_key, ciphertext, ret); } /** @@ -76,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_371( +static tuple_21 encapsulate_8a1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_f41(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_c11(uu____0, copy_of_randomness); } /** @@ -100,7 +98,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_371(uu____0, copy_of_randomness); + return encapsulate_8a1(uu____0, copy_of_randomness); } /** @@ -118,12 +116,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_631( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_b31( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_d41(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_7d1(copy_of_randomness); } /** @@ -134,7 +132,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_631(copy_of_randomness); + return generate_keypair_b31(copy_of_randomness); } /** @@ -148,10 +146,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_f21( +static KRML_MUSTINLINE bool validate_private_key_221( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_be(private_key, + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_9d(private_key, ciphertext); } @@ -162,8 +160,8 @@ static KRML_MUSTINLINE bool validate_private_key_f21( */ bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { - return validate_private_key_f21(private_key, ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { + return validate_private_key_221(private_key, ciphertext); } /** @@ -177,8 +175,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_d61(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_7b1(public_key); +static KRML_MUSTINLINE bool validate_public_key_091(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_c31(public_key); } /** @@ -188,5 +186,5 @@ static KRML_MUSTINLINE bool validate_public_key_d61(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_d61(public_key->value); + return validate_public_key_091(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 2207e0f1e..6445f213d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_mlkem1024_portable_H @@ -30,7 +30,7 @@ extern "C" { */ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); /** Encapsulate ML-KEM 1024 @@ -56,7 +56,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); */ bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext); /** Validate a public key. diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index e955cc307..7ef378319 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 217a6dcf3..83e9daf1b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #include "libcrux_mlkem512_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_47(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_d6(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_bb(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_05(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_47(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_47(private_key, ciphertext, ret); + decapsulate_d6(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_03( +static tuple_ec encapsulate_20( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_ae(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_4a(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_03(uu____0, copy_of_randomness); + return encapsulate_20(uu____0, copy_of_randomness); } /** @@ -115,12 +115,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_99( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_70( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_61(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_7a(copy_of_randomness); } /** @@ -131,7 +131,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_99(copy_of_randomness); + return generate_keypair_70(copy_of_randomness); } /** @@ -145,10 +145,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_90( +static KRML_MUSTINLINE bool validate_private_key_29( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_fd(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_70(private_key, ciphertext); } @@ -160,7 +160,7 @@ static KRML_MUSTINLINE bool validate_private_key_90( bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_90(private_key, ciphertext); + return validate_private_key_29(private_key, ciphertext); } /** @@ -174,8 +174,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_67(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_6e(public_key); +static KRML_MUSTINLINE bool validate_public_key_e7(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_33(public_key); } /** @@ -185,5 +185,5 @@ static KRML_MUSTINLINE bool validate_public_key_67(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_67(public_key->value); + return validate_public_key_e7(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 1a7f83ca6..690bd5e94 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index b77e15702..187424327 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #include "libcrux_mlkem512_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_ce0( +static void decapsulate_a60( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_640(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_2b0(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_ce0( void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_ce0(private_key, ciphertext, ret); + decapsulate_a60(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_370( +static tuple_ec encapsulate_8a0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_f40(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_c10(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_370(uu____0, copy_of_randomness); + return encapsulate_8a0(uu____0, copy_of_randomness); } /** @@ -116,12 +116,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_630( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_b30( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_d40(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_7d0(copy_of_randomness); } /** @@ -132,7 +132,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_630(copy_of_randomness); + return generate_keypair_b30(copy_of_randomness); } /** @@ -146,10 +146,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_f20( +static KRML_MUSTINLINE bool validate_private_key_220( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_db(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_df(private_key, ciphertext); } @@ -161,7 +161,7 @@ static KRML_MUSTINLINE bool validate_private_key_f20( bool libcrux_ml_kem_mlkem512_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_f20(private_key, ciphertext); + return validate_private_key_220(private_key, ciphertext); } /** @@ -175,8 +175,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_d60(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_7b0(public_key); +static KRML_MUSTINLINE bool validate_public_key_090(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_c30(public_key); } /** @@ -186,5 +186,5 @@ static KRML_MUSTINLINE bool validate_public_key_d60(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_d60(public_key->value); + return validate_public_key_090(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index e0e40f336..ea7de228c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index c18af1445..79c13ed2a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 0f50bb03b..1e49c1f00 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #include "libcrux_mlkem768_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_471( +static void decapsulate_d61( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_bb1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_051(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_471( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_471(private_key, ciphertext, ret); + decapsulate_d61(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_031( +static tuple_3c encapsulate_201( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_ae1(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_4a1(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_031(uu____0, copy_of_randomness); + return encapsulate_201(uu____0, copy_of_randomness); } /** @@ -115,12 +115,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_991( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_701( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_611(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_7a1(copy_of_randomness); } /** @@ -131,7 +131,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_991(copy_of_randomness); + return generate_keypair_701(copy_of_randomness); } /** @@ -145,10 +145,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_901( +static KRML_MUSTINLINE bool validate_private_key_291( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_fd1(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_701(private_key, ciphertext); } @@ -160,7 +160,7 @@ static KRML_MUSTINLINE bool validate_private_key_901( bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_901(private_key, ciphertext); + return validate_private_key_291(private_key, ciphertext); } /** @@ -174,8 +174,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_671(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_6e1(public_key); +static KRML_MUSTINLINE bool validate_public_key_e71(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_331(public_key); } /** @@ -185,5 +185,5 @@ static KRML_MUSTINLINE bool validate_public_key_671(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_671(public_key->value); + return validate_public_key_e71(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index aeb4d0450..d3520a1b9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 4c862d52c..1a7176897 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #include "libcrux_mlkem768_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_ce( +static void decapsulate_a6( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_64(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_2b(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_ce( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_ce(private_key, ciphertext, ret); + decapsulate_a6(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_37( +static tuple_3c encapsulate_8a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_f4(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_c1(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_37(uu____0, copy_of_randomness); + return encapsulate_8a(uu____0, copy_of_randomness); } /** @@ -116,12 +116,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_63( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_b3( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_d4(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_7d(copy_of_randomness); } /** @@ -132,7 +132,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_63(copy_of_randomness); + return generate_keypair_b3(copy_of_randomness); } /** @@ -146,10 +146,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_f2( +static KRML_MUSTINLINE bool validate_private_key_22( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_c7(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_49(private_key, ciphertext); } @@ -161,7 +161,7 @@ static KRML_MUSTINLINE bool validate_private_key_f2( bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_f2(private_key, ciphertext); + return validate_private_key_22(private_key, ciphertext); } /** @@ -175,8 +175,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_d6(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_7b(public_key); +static KRML_MUSTINLINE bool validate_public_key_09(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_c3(public_key); } /** @@ -186,5 +186,5 @@ static KRML_MUSTINLINE bool validate_public_key_d6(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_d6(public_key->value); + return validate_public_key_09(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 15f45f131..1e62a474e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index e7386e0d0..446d84534 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #include "internal/libcrux_mlkem_avx2.h" @@ -599,7 +599,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, ret0); + core_result_unwrap_26_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -690,7 +690,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - core_result_unwrap_41_07(dst, ret0); + core_result_unwrap_26_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -793,7 +793,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - core_result_unwrap_41_ea(dst, ret0); + core_result_unwrap_26_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -920,7 +920,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - core_result_unwrap_41_76(dst, ret0); + core_result_unwrap_26_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1027,15 +1027,16 @@ inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_7d(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_d6_7d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); @@ -1069,8 +1070,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_d0(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); +deserialize_to_reduced_ring_element_5c(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1084,10 +1085,7 @@ deserialize_to_reduced_ring_element_d0(Eurydice_slice serialized) { } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -1096,12 +1094,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b64( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c54( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_7d();); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1113,9 +1108,31 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b64( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_d0(ring_element); + deserialize_to_reduced_ring_element_5c(ring_element); deserialized_pk[i0] = uu____0; } +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_551( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_d6_7d();); + deserialize_ring_elements_reduced_c54(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1126,7 +1143,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_9a(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_d8(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1139,8 +1156,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_ea_07(__m256i vector) { - return shift_right_9a(vector); +static __m256i shift_right_ea_12(__m256i vector) { + return shift_right_d8(vector); } /** @@ -1149,8 +1166,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_unsigned_representative_38(__m256i a) { - __m256i t = shift_right_ea_07(a); +static __m256i to_unsigned_representative_32(__m256i a) { + __m256i t = shift_right_ea_12(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -1162,13 +1179,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_16( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = to_unsigned_representative_38(re->coefficients[i0]); + __m256i coefficient = to_unsigned_representative_32(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1189,7 +1206,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_fd1( +static KRML_MUSTINLINE void serialize_secret_key_191( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1207,7 +1224,7 @@ static KRML_MUSTINLINE void serialize_secret_key_fd1( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_16(&re, ret0); + serialize_uncompressed_ring_element_50(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -1218,27 +1235,44 @@ static KRML_MUSTINLINE void serialize_secret_key_fd1( Concatenate `t` and `ρ` into the public key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_771( +static KRML_MUSTINLINE void serialize_public_key_mut_ac1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); - uint8_t ret0[1152U]; - serialize_secret_key_fd1(t_as_ntt, ret0); + Eurydice_slice seed_for_a, uint8_t *serialized) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, + (size_t)1152U, uint8_t); + uint8_t ret[1152U]; + serialize_secret_key_191(t_as_ntt, ret); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), + Eurydice_array_to_subslice_from((size_t)1184U, serialized, (size_t)1152U, + uint8_t, size_t), seed_for_a, uint8_t); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void serialize_public_key_371( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + serialize_public_key_mut_ac1(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -1257,15 +1291,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6e1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_331(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_b64( + deserialize_ring_elements_reduced_out_551( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_771( + serialize_public_key_371( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1302,7 +1336,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_fd1( +bool libcrux_ml_kem_ind_cca_validate_private_key_701( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -1317,6 +1351,80 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_fd1( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; +} IndCpaPrivateKeyUnpacked_a0; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static IndCpaPrivateKeyUnpacked_a0 default_1a_191(void) { + IndCpaPrivateKeyUnpacked_a0 lit; + lit.secret_as_ntt[0U] = ZERO_d6_7d(); + lit.secret_as_ntt[1U] = ZERO_d6_7d(); + lit.secret_as_ntt[2U] = ZERO_d6_7d(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} IndCpaPublicKeyUnpacked_a0; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static IndCpaPublicKeyUnpacked_a0 default_8d_801(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + uu____0[i] = ZERO_d6_7d();); + uint8_t uu____1[32U] = {0U}; + IndCpaPublicKeyUnpacked_a0 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + lit.A[0U][0U] = ZERO_d6_7d(); + lit.A[0U][1U] = ZERO_d6_7d(); + lit.A[0U][2U] = ZERO_d6_7d(); + lit.A[1U][0U] = ZERO_d6_7d(); + lit.A[1U][1U] = ZERO_d6_7d(); + lit.A[1U][2U] = ZERO_d6_7d(); + lit.A[2U][0U] = ZERO_d6_7d(); + lit.A[2U][1U] = ZERO_d6_7d(); + lit.A[2U][2U] = ZERO_d6_7d(); + return lit; +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} @@ -1340,7 +1448,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_511( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_521( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -1355,18 +1463,6 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_511( memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static void closure_641( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_7d();); -} - /** A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics @@ -1494,7 +1590,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b3( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e03( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1617,7 +1713,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b4( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e04( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1651,17 +1747,18 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b4( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_89_82(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); +from_i16_array_d6_34(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1678,9 +1775,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_861( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_b71( int16_t s[272U]) { - return from_i16_array_89_82( + return from_i16_array_d6_34( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1690,7 +1787,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_6c1( +static KRML_MUSTINLINE void sample_from_xof_591( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -1705,7 +1802,7 @@ static KRML_MUSTINLINE void sample_from_xof_6c1( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_6b3( + bool done = sample_from_uniform_distribution_next_e03( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -1717,7 +1814,7 @@ static KRML_MUSTINLINE void sample_from_xof_6c1( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_6b4( + done = sample_from_uniform_distribution_next_e04( copy_of_randomness, sampled_coefficients, out); } } @@ -1726,7 +1823,7 @@ static KRML_MUSTINLINE void sample_from_xof_6c1( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_861(copy_of_out[i]);); + ret0[i] = closure_b71(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1738,12 +1835,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_291( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_641(A_transpose[i]);); +static KRML_MUSTINLINE void sample_matrix_A_591( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[3U], + uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -1758,7 +1852,7 @@ static KRML_MUSTINLINE void sample_matrix_A_291( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_6c1(copy_of_seeds, sampled); + sample_from_xof_591(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -1776,22 +1870,8 @@ static KRML_MUSTINLINE void sample_matrix_A_291( } ); - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b00_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; - uint8_t snd; -} tuple_b00; - /** A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN with const generics @@ -1897,7 +1977,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_f2(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_1b(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -1931,7 +2011,7 @@ sample_from_binomial_distribution_2_f2(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_82( + return from_i16_array_d6_34( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1942,7 +2022,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_75(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_e1(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -1975,7 +2055,7 @@ sample_from_binomial_distribution_3_75(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_82( + return from_i16_array_d6_34( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1986,8 +2066,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_910(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_f2(randomness); +sample_from_binomial_distribution_d5(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_1b(randomness); } /** @@ -1996,7 +2076,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_2f( +static KRML_MUSTINLINE void ntt_at_layer_7_77( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -2021,7 +2101,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i montgomery_multiply_fe_a6(__m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_78(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -2032,8 +2112,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_0d(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_a6(b, zeta_r); +ntt_layer_int_vec_step_d7(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_78(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -2046,7 +2126,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_a5( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_ba( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2059,7 +2139,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_a5( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_0d( + ntt_layer_int_vec_step_d7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2076,7 +2156,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_46( +static KRML_MUSTINLINE void ntt_at_layer_3_b7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2092,7 +2172,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_53( +static KRML_MUSTINLINE void ntt_at_layer_2_20( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2111,7 +2191,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_f7( +static KRML_MUSTINLINE void ntt_at_layer_1_91( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2130,15 +2210,16 @@ static KRML_MUSTINLINE void ntt_at_layer_1_f7( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_f5( +static KRML_MUSTINLINE void poly_barrett_reduce_d6_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2154,17 +2235,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_e1( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_2f(re); + ntt_at_layer_7_77(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_46(&zeta_i, re); - ntt_at_layer_2_53(&zeta_i, re); - ntt_at_layer_1_f7(&zeta_i, re); - poly_barrett_reduce_89_f5(re); + ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b7(&zeta_i, re); + ntt_at_layer_2_20(&zeta_i, re); + ntt_at_layer_1_91(&zeta_i, re); + poly_barrett_reduce_d6_a7(re); } /** @@ -2179,11 +2260,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_6e1( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_6e1( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2198,15 +2277,47 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_6e1( PRFxN_a9_162(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_910( + re_as_ntt[i0] = sample_from_binomial_distribution_d5( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_e1(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_b6(&re_as_ntt[i0]);); + return domain_separator; +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; + uint8_t snd; +} tuple_b0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_1a1( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO_d6_7d();); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + domain_separator = + sample_vector_cbd_then_ntt_6e1(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; + tuple_b0 lit; memcpy( lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -2243,18 +2354,19 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_6e1( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_89_04(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_d6_5f(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2281,15 +2393,16 @@ ntt_multiply_89_04(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_981( +static KRML_MUSTINLINE void add_to_ring_element_d6_131( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2309,29 +2422,30 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_standard_domain_8a(__m256i v) { +static __m256i to_standard_domain_07(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_c1( +static KRML_MUSTINLINE void add_standard_error_reduce_d6_9a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - to_standard_domain_8a(self->coefficients[j]); + to_standard_domain_07(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &error->coefficients[j])); @@ -2347,101 +2461,157 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_6a1( +static KRML_MUSTINLINE void compute_As_plus_e_911( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_7d();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_d6_7d(); + t_as_ntt[i0] = uu____0; + for (size_t i1 = (size_t)0U; + i1 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i1++) { + size_t j = i1; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_981(&result[i1], &product); + ntt_multiply_d6_5f(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_131(&t_as_ntt[i0], &product); } - add_standard_error_reduce_89_c1(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_d6_9a(&t_as_ntt[i0], &error_as_ntt[i0]); } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem -with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_511( - Eurydice_slice key_generation_seed) { +static void generate_keypair_unpacked_a51( + Eurydice_slice key_generation_seed, + IndCpaPrivateKeyUnpacked_a0 *private_key, + IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_511(key_generation_seed, hashed); + cpa_keygen_seed_d8_521(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[3U] = + public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - sample_matrix_A_291(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); + sample_matrix_A_591(uu____1, ret, true); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 = + private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_6e1(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; + uint8_t domain_separator = + sample_vector_cbd_then_ntt_6e1(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_6e1(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_out_1a1(copy_of_prf_input, domain_separator) + .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_6a1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; + compute_As_plus_e_911(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); + uint8_t uu____5[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_c11( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_191(); + IndCpaPublicKeyUnpacked_a0 public_key = default_8d_801(); + generate_keypair_unpacked_a51(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - serialize_public_key_771( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + serialize_public_key_371( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_fd1(secret_as_ntt, secret_key_serialized); + serialize_secret_key_191(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2468,7 +2638,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f51( +static KRML_MUSTINLINE void serialize_kem_secret_key_901( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2532,7 +2702,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_611(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_7a1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2541,13 +2711,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_611(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_511(ind_cpa_keypair_randomness); + generate_keypair_c11(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_f51( + serialize_kem_secret_key_901( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2556,13 +2726,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_611(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_9d0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_3e0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f60( - uu____2, libcrux_ml_kem_types_from_b6_8c0(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_620( + uu____2, libcrux_ml_kem_types_from_40_1c0(copy_of_public_key)); } /** @@ -2575,7 +2745,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_e11(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_5d1(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -2584,10 +2754,7 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_e11(Eurydice_slice randomness, } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -2596,12 +2763,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b63( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c51( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_7d();); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2613,12 +2777,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b63( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_d0(ring_element); + deserialize_to_reduced_ring_element_5c(ring_element); deserialized_pk[i0] = uu____0; } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } /** @@ -2632,11 +2793,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_851(uint8_t prf_input[33U], uint8_t domain_separator) { +static KRML_MUSTINLINE tuple_b0 +sample_ring_element_cbd_5b1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_7d();); + error_1[i] = ZERO_d6_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2652,7 +2813,7 @@ sample_ring_element_cbd_851(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_910( + sample_from_binomial_distribution_d5( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -2660,7 +2821,7 @@ sample_ring_element_cbd_851(uint8_t prf_input[33U], uint8_t domain_separator) { memcpy( copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; + tuple_b0 lit; memcpy( lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -2701,7 +2862,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_a5( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_a9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2725,7 +2886,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_0a( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_c9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2745,7 +2906,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_2b( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_e8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2763,11 +2924,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_d6(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_af(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = montgomery_multiply_fe_a6(a_minus_b, zeta_r); + b = montgomery_multiply_fe_78(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2778,7 +2939,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_dd( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_4a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2793,7 +2954,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_dd( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_d6( + inv_ntt_layer_int_vec_step_reduce_af( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2810,31 +2971,32 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_3e1( +static KRML_MUSTINLINE void invert_ntt_montgomery_bf1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_a5(&zeta_i, re); - invert_ntt_at_layer_2_0a(&zeta_i, re); - invert_ntt_at_layer_3_2b(&zeta_i, re); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_f5(re); + invert_ntt_at_layer_1_a9(&zeta_i, re); + invert_ntt_at_layer_2_c9(&zeta_i, re); + invert_ntt_at_layer_3_e8(&zeta_i, re); + invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_a7(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_69( +static KRML_MUSTINLINE void add_error_reduce_d6_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2858,14 +3020,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_731( +static KRML_MUSTINLINE void compute_vector_u_c61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_7d();); + result[i] = ZERO_d6_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2885,11 +3047,11 @@ static KRML_MUSTINLINE void compute_vector_u_731( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(a_element, &r_as_ntt[j]); - add_to_ring_element_89_981(&result[i1], &product); + ntt_multiply_d6_5f(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_131(&result[i1], &product); } - invert_ntt_montgomery_3e1(&result[i1]); - add_error_reduce_89_69(&result[i1], &error_1[i1]); + invert_ntt_montgomery_bf1(&result[i1]); + add_error_reduce_d6_f4(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -2902,7 +3064,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_0b(__m256i v) { +static __m256i decompress_1_a0(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -2916,8 +3078,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_4d(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); +deserialize_then_decompress_message_37(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -2925,22 +3087,23 @@ deserialize_then_decompress_message_4d(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_0b(coefficient_compressed);); + re.coefficients[i0] = decompress_1_a0(coefficient_compressed);); return re; } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_c3( +add_message_error_reduce_d6_a6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2970,18 +3133,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_881( +compute_ring_element_v_d01( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_981(&result, &product);); - invert_ntt_montgomery_3e1(&result); - result = add_message_error_reduce_89_c3(error_2, message, result); + ntt_multiply_d6_5f(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_131(&result, &product);); + invert_ntt_montgomery_bf1(&result); + result = add_message_error_reduce_d6_a6(error_2, message, result); return result; } @@ -2992,7 +3155,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_de(__m256i vector) { +compress_ciphertext_coefficient_fb(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3039,8 +3202,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_ea_39(__m256i vector) { - return compress_ciphertext_coefficient_de(vector); +static __m256i compress_ea_43(__m256i vector) { + return compress_ciphertext_coefficient_fb(vector); } /** @@ -3049,14 +3212,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_3e( +static KRML_MUSTINLINE void compress_then_serialize_10_d20( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_39(to_unsigned_representative_38(re->coefficients[i0])); + compress_ea_43(to_unsigned_representative_32(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3074,7 +3237,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_de0(__m256i vector) { +compress_ciphertext_coefficient_fb0(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3121,8 +3284,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_ea_390(__m256i vector) { - return compress_ciphertext_coefficient_de0(vector); +static __m256i compress_ea_430(__m256i vector) { + return compress_ciphertext_coefficient_fb0(vector); } /** @@ -3132,10 +3295,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_5b( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_cc0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_3e(re, uu____0); + compress_then_serialize_10_d20(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3151,7 +3314,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_4b1( +static void compress_then_serialize_u_9e1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3167,7 +3330,7 @@ static void compress_then_serialize_u_4b1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_5b(&re, ret); + compress_then_serialize_ring_element_u_cc0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3180,7 +3343,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_de1(__m256i vector) { +compress_ciphertext_coefficient_fb1(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3227,8 +3390,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_ea_391(__m256i vector) { - return compress_ciphertext_coefficient_de1(vector); +static __m256i compress_ea_431(__m256i vector) { + return compress_ciphertext_coefficient_fb1(vector); } /** @@ -3237,14 +3400,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_93( +static KRML_MUSTINLINE void compress_then_serialize_4_8a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_391(to_unsigned_representative_38(re.coefficients[i0])); + compress_ea_431(to_unsigned_representative_32(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); Eurydice_slice_copy( @@ -3261,7 +3424,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_de2(__m256i vector) { +compress_ciphertext_coefficient_fb2(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3308,8 +3471,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_ea_392(__m256i vector) { - return compress_ciphertext_coefficient_de2(vector); +static __m256i compress_ea_432(__m256i vector) { + return compress_ciphertext_coefficient_fb2(vector); } /** @@ -3318,14 +3481,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_8c( +static KRML_MUSTINLINE void compress_then_serialize_5_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_ea_392(to_unsigned_representative_38(re.coefficients[i0])); + compress_ea_432(to_unsigned_representative_32(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); Eurydice_slice_copy( @@ -3342,13 +3505,54 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_e4( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_bb0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_93(re, out); + compress_then_serialize_4_8a(re, out); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -3364,24 +3568,16 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_041(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_b63( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - sample_matrix_A_291(ret0, false, A); +static void encrypt_unpacked_5d1(IndCpaPublicKeyUnpacked_a0 *public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_6e1(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_1a1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -3390,8 +3586,8 @@ static void encrypt_041(Eurydice_slice public_key, uint8_t message[32U], /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = - sample_ring_element_cbd_851(copy_of_prf_input, domain_separator0); + tuple_b0 uu____3 = + sample_ring_element_cbd_5b1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3402,33 +3598,72 @@ static void encrypt_041(Eurydice_slice public_key, uint8_t message[32U], PRF_a9_424(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_910( + sample_from_binomial_distribution_d5( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_731(A, r_as_ntt, error_1, u); + compute_vector_u_c61(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_4d(copy_of_message); + deserialize_then_decompress_message_37(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_881(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_d01(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_4b1( + compress_then_serialize_u_9e1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_e4( + compress_then_serialize_ring_element_v_bb0( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_0f1(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_801(); + deserialize_ring_elements_reduced_c51( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[3U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); + sample_matrix_A_591(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_a0 *uu____1 = &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + encrypt_unpacked_5d1(uu____1, copy_of_message, randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)} @@ -3440,7 +3675,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_d21(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_951(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3467,11 +3702,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_ae1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_4a1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_e11( + entropy_preprocess_d8_5d1( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -3481,7 +3716,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_ae1( size_t); uint8_t ret[32U]; H_a9_161(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_a90(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_e91(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -3495,19 +3730,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_ae1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_a90(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_e91(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_041(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_0f1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_130(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_151(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_d21(shared_secret, shared_secret_array); + kdf_d8_951(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3526,8 +3761,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_4f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); +deserialize_to_uncompressed_ring_element_e3(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3547,12 +3782,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_f11( +static KRML_MUSTINLINE void deserialize_secret_key_131( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_7d();); + secret_as_ntt[i] = ZERO_d6_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3564,7 +3799,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_f11( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_4f(secret_bytes); + deserialize_to_uncompressed_ring_element_e3(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -3572,16 +3807,6 @@ static KRML_MUSTINLINE void deserialize_secret_key_f11( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct IndCpaPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; -} IndCpaPrivateKeyUnpacked_a0; - /** A monomorphic instance of libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const @@ -3589,7 +3814,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_45(__m256i vector) { +decompress_ciphertext_coefficient_39(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3633,8 +3858,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_ea_5b(__m256i vector) { - return decompress_ciphertext_coefficient_45(vector); +static __m256i decompress_ciphertext_coefficient_ea_64(__m256i vector) { + return decompress_ciphertext_coefficient_39(vector); } /** @@ -3644,15 +3869,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_58(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); +deserialize_then_decompress_10_c6(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5b(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_64(coefficient); } return re; } @@ -3664,7 +3889,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_450(__m256i vector) { +decompress_ciphertext_coefficient_390(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3708,8 +3933,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_ea_5b0(__m256i vector) { - return decompress_ciphertext_coefficient_450(vector); +static __m256i decompress_ciphertext_coefficient_ea_640(__m256i vector) { + return decompress_ciphertext_coefficient_390(vector); } /** @@ -3719,15 +3944,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_99(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); +deserialize_then_decompress_11_1f(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5b0(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_640(coefficient); } return re; } @@ -3739,8 +3964,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_69(Eurydice_slice serialized) { - return deserialize_then_decompress_10_58(serialized); +deserialize_then_decompress_ring_element_u_320(Eurydice_slice serialized) { + return deserialize_then_decompress_10_c6(serialized); } /** @@ -3749,17 +3974,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_26( +static KRML_MUSTINLINE void ntt_vector_u_4d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_46(&zeta_i, re); - ntt_at_layer_2_53(&zeta_i, re); - ntt_at_layer_1_f7(&zeta_i, re); - poly_barrett_reduce_89_f5(re); + ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b7(&zeta_i, re); + ntt_at_layer_2_20(&zeta_i, re); + ntt_at_layer_1_91(&zeta_i, re); + poly_barrett_reduce_d6_a7(re); } /** @@ -3774,12 +3999,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_831( +static KRML_MUSTINLINE void deserialize_then_decompress_u_1f1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_7d();); + u_as_ntt[i] = ZERO_d6_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -3797,8 +4022,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_831( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_69(u_bytes); - ntt_vector_u_26(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_320(u_bytes); + ntt_vector_u_4d0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3812,7 +4037,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_451(__m256i vector) { +decompress_ciphertext_coefficient_391(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3856,8 +4081,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_ea_5b1(__m256i vector) { - return decompress_ciphertext_coefficient_451(vector); +static __m256i decompress_ciphertext_coefficient_ea_641(__m256i vector) { + return decompress_ciphertext_coefficient_391(vector); } /** @@ -3867,15 +4092,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_37(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); +deserialize_then_decompress_4_b1(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5b1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_641(coefficient); } return re; } @@ -3887,7 +4112,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_452(__m256i vector) { +decompress_ciphertext_coefficient_392(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3931,8 +4156,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_ea_5b2(__m256i vector) { - return decompress_ciphertext_coefficient_452(vector); +static __m256i decompress_ciphertext_coefficient_ea_642(__m256i vector) { + return decompress_ciphertext_coefficient_392(vector); } /** @@ -3942,8 +4167,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_a1(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); +deserialize_then_decompress_5_7e(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3951,7 +4176,7 @@ deserialize_then_decompress_5_a1(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_5b2(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_642(re.coefficients[i0]); } return re; } @@ -3963,22 +4188,23 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_86(Eurydice_slice serialized) { - return deserialize_then_decompress_4_37(serialized); +deserialize_then_decompress_ring_element_v_7b0(Eurydice_slice serialized) { + return deserialize_then_decompress_4_b1(serialized); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_ed(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_d6_a7(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4006,17 +4232,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_7d1( +compute_message_1b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_981(&result, &product);); - invert_ntt_montgomery_3e1(&result); - result = subtract_reduce_89_ed(v, result); + ntt_multiply_d6_5f(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_131(&result, &product);); + invert_ntt_montgomery_bf1(&result); + result = subtract_reduce_d6_a7(v, result); return result; } @@ -4026,12 +4252,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_70( +static KRML_MUSTINLINE void compress_then_serialize_message_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_representative_38(re.coefficients[i0]); + __m256i coefficient = to_unsigned_representative_32(re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); uint8_t bytes[2U]; @@ -4078,18 +4304,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_c31(IndCpaPrivateKeyUnpacked_a0 *secret_key, +static void decrypt_unpacked_e71(IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_831(ciphertext, u_as_ntt); + deserialize_then_decompress_u_1f1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_86( + deserialize_then_decompress_ring_element_v_7b0( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_7d1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_1b1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_70(message, ret0); + compress_then_serialize_message_0e(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4103,10 +4329,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_fd1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_481(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_f11(secret_key, secret_as_ntt); + deserialize_secret_key_131(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4117,7 +4343,7 @@ static void decrypt_fd1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_c31(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e71(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4169,7 +4395,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_bb1( +void libcrux_ml_kem_ind_cca_decapsulate_051( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4187,7 +4413,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_fd1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_481(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -4205,11 +4431,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb1( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_423(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_425(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_df0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_b61(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_423(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4219,17 +4445,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_041(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_0f1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_d21(Eurydice_array_to_slice( + kdf_d8_951(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_d21(shared_secret0, shared_secret); + kdf_d8_951(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_df0(ciphertext), + libcrux_ml_kem_types_as_ref_fd_b61(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4239,10 +4465,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb1( } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -4251,12 +4474,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b62( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c53( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_7d();); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4268,9 +4488,31 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b62( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_d0(ring_element); + deserialize_to_reduced_ring_element_5c(ring_element); deserialized_pk[i0] = uu____0; } +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1568 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_550( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_d6_7d();); + deserialize_ring_elements_reduced_c53(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -4286,7 +4528,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_fd0( +static KRML_MUSTINLINE void serialize_secret_key_19( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -4304,7 +4546,7 @@ static KRML_MUSTINLINE void serialize_secret_key_fd0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_16(&re, ret0); + serialize_uncompressed_ring_element_50(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4315,27 +4557,44 @@ static KRML_MUSTINLINE void serialize_secret_key_fd0( Concatenate `t` and `ρ` into the public key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_770( +static KRML_MUSTINLINE void serialize_public_key_mut_ac( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); - uint8_t ret0[1536U]; - serialize_secret_key_fd0(t_as_ntt, ret0); + Eurydice_slice seed_for_a, uint8_t *serialized) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, + (size_t)1536U, uint8_t); + uint8_t ret[1536U]; + serialize_secret_key_19(t_as_ntt, ret); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); + uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t), + Eurydice_array_to_subslice_from((size_t)1568U, serialized, (size_t)1536U, + uint8_t, size_t), seed_for_a, uint8_t); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +static KRML_MUSTINLINE void serialize_public_key_37( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + serialize_public_key_mut_ac(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -4354,15 +4613,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6e0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_330(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_b62( + deserialize_ring_elements_reduced_out_550( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_770( + serialize_public_key_37( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -4380,7 +4639,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_a9_160(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_16(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -4399,14 +4658,14 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_fd0( +bool libcrux_ml_kem_ind_cca_validate_private_key_700( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext) { + libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { uint8_t t[32U]; - H_a9_160(Eurydice_array_to_subslice2( - private_key->value, (size_t)384U * (size_t)4U, - (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), - t); + H_a9_16(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)4U, + (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), + t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)4U + (size_t)32U, (size_t)768U * (size_t)4U + (size_t)64U, uint8_t); @@ -4414,6 +4673,88 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_fd0( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct IndCpaPrivateKeyUnpacked_01_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; +} IndCpaPrivateKeyUnpacked_01; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static IndCpaPrivateKeyUnpacked_01 default_1a_19(void) { + IndCpaPrivateKeyUnpacked_01 lit; + lit.secret_as_ntt[0U] = ZERO_d6_7d(); + lit.secret_as_ntt[1U] = ZERO_d6_7d(); + lit.secret_as_ntt[2U] = ZERO_d6_7d(); + lit.secret_as_ntt[3U] = ZERO_d6_7d(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct IndCpaPublicKeyUnpacked_01_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; +} IndCpaPublicKeyUnpacked_01; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static IndCpaPublicKeyUnpacked_01 default_8d_80(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + uu____0[i] = ZERO_d6_7d();); + uint8_t uu____1[32U] = {0U}; + IndCpaPublicKeyUnpacked_01 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + lit.A[0U][0U] = ZERO_d6_7d(); + lit.A[0U][1U] = ZERO_d6_7d(); + lit.A[0U][2U] = ZERO_d6_7d(); + lit.A[0U][3U] = ZERO_d6_7d(); + lit.A[1U][0U] = ZERO_d6_7d(); + lit.A[1U][1U] = ZERO_d6_7d(); + lit.A[1U][2U] = ZERO_d6_7d(); + lit.A[1U][3U] = ZERO_d6_7d(); + lit.A[2U][0U] = ZERO_d6_7d(); + lit.A[2U][1U] = ZERO_d6_7d(); + lit.A[2U][2U] = ZERO_d6_7d(); + lit.A[2U][3U] = ZERO_d6_7d(); + lit.A[3U][0U] = ZERO_d6_7d(); + lit.A[3U][1U] = ZERO_d6_7d(); + lit.A[3U][2U] = ZERO_d6_7d(); + lit.A[3U][3U] = ZERO_d6_7d(); + return lit; +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} @@ -4423,7 +4764,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_a9_670(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_67(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -4437,7 +4778,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_510( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_52( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4448,29 +4789,17 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_510( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)4U; uint8_t ret0[64U]; - G_a9_670(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_a9_67(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static void closure_640( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_7d();); -} - /** A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_2a0(uint8_t input[4U][34U]) { +shake128_init_absorb_2a(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -4491,11 +4820,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_1c0(uint8_t input[4U][34U]) { +shake128_init_absorb_a9_1c(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_2a0(copy_of_input); + return shake128_init_absorb_2a(copy_of_input); } /** @@ -4504,7 +4833,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c0( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -4541,9 +4870,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e0( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_0c0(self, ret); + shake128_squeeze_three_blocks_0c(self, ret); } /** @@ -4594,7 +4923,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b1( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e0( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4631,7 +4960,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_4a0( +static KRML_MUSTINLINE void shake128_squeeze_block_4a( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -4667,9 +4996,9 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d0( +static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_4a0(self, ret); + shake128_squeeze_block_4a(self, ret); } /** @@ -4720,7 +5049,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b2( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e00( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4758,9 +5087,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_860( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_b7( int16_t s[272U]) { - return from_i16_array_89_82( + return from_i16_array_d6_34( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4770,7 +5099,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_6c0( +static KRML_MUSTINLINE void sample_from_xof_59( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -4779,25 +5108,25 @@ static KRML_MUSTINLINE void sample_from_xof_6c0( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_1c0(copy_of_seeds); + shake128_init_absorb_a9_1c(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_a9_2e0(&xof_state, randomness0); + shake128_squeeze_three_blocks_a9_2e(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_6b1( + bool done = sample_from_uniform_distribution_next_e0( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_block_a9_1d0(&xof_state, randomness); + shake128_squeeze_block_a9_1d(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_6b2( + done = sample_from_uniform_distribution_next_e00( copy_of_randomness, sampled_coefficients, out); } } @@ -4806,7 +5135,7 @@ static KRML_MUSTINLINE void sample_from_xof_6c0( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_860(copy_of_out[i]);); + ret0[i] = closure_b7(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -4818,12 +5147,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_290( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_640(A_transpose[i]);); +static KRML_MUSTINLINE void sample_matrix_A_59( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[4U], + uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4838,7 +5164,7 @@ static KRML_MUSTINLINE void sample_matrix_A_290( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_6c0(copy_of_seeds, sampled); + sample_from_xof_59(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4856,30 +5182,16 @@ static KRML_MUSTINLINE void sample_matrix_A_290( } ); - memcpy(ret, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[4size_t], uint8_t - -*/ -typedef struct tuple_71_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[4U]; - uint8_t snd; -} tuple_71; - /** A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_081(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { +static KRML_MUSTINLINE void PRFxN_08(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; uint8_t out1[128U] = {0U}; @@ -4919,9 +5231,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_161(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_081(input, ret); +static KRML_MUSTINLINE void PRFxN_a9_16(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + PRFxN_08(input, ret); } /** @@ -4936,11 +5248,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_6e0( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_6e( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4952,12 +5262,44 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_6e0( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_161(prf_inputs, prf_outputs); + PRFxN_a9_16(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_910( + re_as_ntt[i0] = sample_from_binomial_distribution_d5( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_e1(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_b6(&re_as_ntt[i0]);); + return domain_separator; +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[4size_t], uint8_t + +*/ +typedef struct tuple_71_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[4U]; + uint8_t snd; +} tuple_71; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_1a( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO_d6_7d();); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + domain_separator = + sample_vector_cbd_then_ntt_6e(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -4977,15 +5319,16 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_6e0( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_980( +static KRML_MUSTINLINE void add_to_ring_element_d6_13( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5008,101 +5351,157 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_6a0( +static KRML_MUSTINLINE void compute_As_plus_e_91( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_7d();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_d6_7d(); + t_as_ntt[i0] = uu____0; + for (size_t i1 = (size_t)0U; + i1 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i1++) { + size_t j = i1; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_980(&result[i1], &product); + ntt_multiply_d6_5f(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_13(&t_as_ntt[i0], &product); } - add_standard_error_reduce_89_c1(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_d6_9a(&t_as_ntt[i0], &error_as_ntt[i0]); } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem -with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_510( - Eurydice_slice key_generation_seed) { +static void generate_keypair_unpacked_a5( + Eurydice_slice key_generation_seed, + IndCpaPrivateKeyUnpacked_01 *private_key, + IndCpaPublicKeyUnpacked_01 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_510(key_generation_seed, hashed); + cpa_keygen_seed_d8_52(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[4U] = + public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - sample_matrix_A_290(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); + sample_matrix_A_59(uu____1, ret, true); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 = + private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_6e0(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; + uint8_t domain_separator = + sample_vector_cbd_then_ntt_6e(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_6e0(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_out_1a(copy_of_prf_input, domain_separator) + .fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_6a0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; + compute_As_plus_e_91(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); + uint8_t uu____5[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics +- K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_c10( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_01 private_key = default_1a_19(); + IndCpaPublicKeyUnpacked_01 public_key = default_8d_80(); + generate_keypair_unpacked_a5(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; - serialize_public_key_770( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + serialize_public_key_37( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_fd0(secret_as_ntt, secret_key_serialized); + serialize_secret_key_19(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -5129,7 +5528,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f50( +static KRML_MUSTINLINE void serialize_kem_secret_key_900( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5155,7 +5554,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f50( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_160(public_key, ret0); + H_a9_16(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -5193,7 +5592,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_610(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_7a0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5202,13 +5601,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_610(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_510(ind_cpa_keypair_randomness); + generate_keypair_c10(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_f50( + serialize_kem_secret_key_900( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5217,13 +5616,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_610(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_9d1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_3e1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f61( - uu____2, libcrux_ml_kem_types_from_b6_8c1(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_621( + uu____2, libcrux_ml_kem_types_from_40_1c1(copy_of_public_key)); } /** @@ -5236,7 +5635,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_e10(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_5d0(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5245,10 +5644,7 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_e10(Eurydice_slice randomness, } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -5257,12 +5653,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b61( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c5( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_7d();); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5274,12 +5667,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b61( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_d0(ring_element); + deserialize_to_reduced_ring_element_5c(ring_element); deserialized_pk[i0] = uu____0; } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } /** @@ -5294,10 +5684,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_850(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_5b(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_7d();); + error_1[i] = ZERO_d6_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5309,11 +5699,11 @@ sample_ring_element_cbd_850(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_161(prf_inputs, prf_outputs); + PRFxN_a9_16(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_910( + sample_from_binomial_distribution_d5( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -5339,7 +5729,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_422(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_420(Eurydice_slice input, uint8_t ret[128U]) { PRF_d10(input, ret); } @@ -5350,18 +5740,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_3e0( +static KRML_MUSTINLINE void invert_ntt_montgomery_bf( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_a5(&zeta_i, re); - invert_ntt_at_layer_2_0a(&zeta_i, re); - invert_ntt_at_layer_3_2b(&zeta_i, re); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_f5(re); + invert_ntt_at_layer_1_a9(&zeta_i, re); + invert_ntt_at_layer_2_c9(&zeta_i, re); + invert_ntt_at_layer_3_e8(&zeta_i, re); + invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_a7(re); } /** @@ -5373,14 +5763,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_730( +static KRML_MUSTINLINE void compute_vector_u_c6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_7d();); + result[i] = ZERO_d6_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5400,11 +5790,11 @@ static KRML_MUSTINLINE void compute_vector_u_730( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(a_element, &r_as_ntt[j]); - add_to_ring_element_89_980(&result[i1], &product); + ntt_multiply_d6_5f(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_13(&result[i1], &product); } - invert_ntt_montgomery_3e0(&result[i1]); - add_error_reduce_89_69(&result[i1], &error_1[i1]); + invert_ntt_montgomery_bf(&result[i1]); + add_error_reduce_d6_f4(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -5421,18 +5811,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_880( +compute_ring_element_v_d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_980(&result, &product);); - invert_ntt_montgomery_3e0(&result); - result = add_message_error_reduce_89_c3(error_2, message, result); + ntt_multiply_d6_5f(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_13(&result, &product);); + invert_ntt_montgomery_bf(&result); + result = add_message_error_reduce_d6_a6(error_2, message, result); return result; } @@ -5442,14 +5832,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_c70( +static KRML_MUSTINLINE void compress_then_serialize_11_81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_390(to_unsigned_representative_38(re->coefficients[i0])); + compress_ea_430(to_unsigned_representative_32(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5467,10 +5857,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_5b0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_cc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_c70(re, uu____0); + compress_then_serialize_11_81(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -5486,7 +5876,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_4b0( +static void compress_then_serialize_u_9e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -5502,7 +5892,7 @@ static void compress_then_serialize_u_4b0( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_5b0(&re, ret); + compress_then_serialize_ring_element_u_cc(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5515,13 +5905,54 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_e40( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_bb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_8c(re, out); + compress_then_serialize_5_f8(re, out); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 @@ -5537,24 +5968,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_040(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_b61( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - sample_matrix_A_290(ret0, false, A); +static void encrypt_unpacked_5d(IndCpaPublicKeyUnpacked_01 *public_key, + uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_6e0(copy_of_prf_input0, 0U); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_1a(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -5564,7 +5986,7 @@ static void encrypt_040(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_850(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_5b(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -5572,36 +5994,75 @@ static void encrypt_040(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_422(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_420(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_910( + sample_from_binomial_distribution_d5( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_730(A, r_as_ntt, error_1, u); + compute_vector_u_c6(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_4d(copy_of_message); + deserialize_then_decompress_message_37(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_880(t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); + compute_ring_element_v_d0(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_4b0( + compress_then_serialize_u_9e( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_e40( + compress_then_serialize_ring_element_v_bb( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_0f0(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_8d_80(); + deserialize_ring_elements_reduced_c5( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[4U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); + sample_matrix_A_59(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_01 *uu____1 = &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1568U]; + encrypt_unpacked_5d(uu____1, copy_of_message, randomness, ret1); + memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)} @@ -5613,7 +6074,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_d20(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_950(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5640,11 +6101,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_ae0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_4a0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_e10( + entropy_preprocess_d8_5d0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5653,14 +6114,14 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_ae0( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_160(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_a91(public_key), - uint8_t), - ret); + H_a9_16(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_e9(public_key), + uint8_t), + ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_670(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_67(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5668,20 +6129,20 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_ae0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_a91(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_e9(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_040(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_0f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_131(copy_of_ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = + libcrux_ml_kem_types_from_fc_15(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_d20(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + kdf_d8_950(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5701,12 +6162,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_f10( +static KRML_MUSTINLINE void deserialize_secret_key_130( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_7d();); + secret_as_ntt[i] = ZERO_d6_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5718,7 +6179,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_f10( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_4f(secret_bytes); + deserialize_to_uncompressed_ring_element_e3(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5726,16 +6187,6 @@ static KRML_MUSTINLINE void deserialize_secret_key_f10( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct IndCpaPrivateKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; -} IndCpaPrivateKeyUnpacked_01; - /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types @@ -5743,8 +6194,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_690(Eurydice_slice serialized) { - return deserialize_then_decompress_11_99(serialized); +deserialize_then_decompress_ring_element_u_32(Eurydice_slice serialized) { + return deserialize_then_decompress_11_1f(serialized); } /** @@ -5753,17 +6204,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_260( +static KRML_MUSTINLINE void ntt_vector_u_4d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_46(&zeta_i, re); - ntt_at_layer_2_53(&zeta_i, re); - ntt_at_layer_1_f7(&zeta_i, re); - poly_barrett_reduce_89_f5(re); + ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b7(&zeta_i, re); + ntt_at_layer_2_20(&zeta_i, re); + ntt_at_layer_1_91(&zeta_i, re); + poly_barrett_reduce_d6_a7(re); } /** @@ -5778,12 +6229,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_830( +static KRML_MUSTINLINE void deserialize_then_decompress_u_1f( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_7d();); + u_as_ntt[i] = ZERO_d6_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -5801,8 +6252,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_830( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_690(u_bytes); - ntt_vector_u_260(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_32(u_bytes); + ntt_vector_u_4d(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5816,8 +6267,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_860(Eurydice_slice serialized) { - return deserialize_then_decompress_5_a1(serialized); +deserialize_then_decompress_ring_element_v_7b(Eurydice_slice serialized) { + return deserialize_then_decompress_5_7e(serialized); } /** @@ -5833,17 +6284,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_7d0( +compute_message_1b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_980(&result, &product);); - invert_ntt_montgomery_3e0(&result); - result = subtract_reduce_89_ed(v, result); + ntt_multiply_d6_5f(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_13(&result, &product);); + invert_ntt_montgomery_bf(&result); + result = subtract_reduce_d6_a7(v, result); return result; } @@ -5881,18 +6332,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_c30(IndCpaPrivateKeyUnpacked_01 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { +static void decrypt_unpacked_e7(IndCpaPrivateKeyUnpacked_01 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_830(ciphertext, u_as_ntt); + deserialize_then_decompress_u_1f(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_860( + deserialize_then_decompress_ring_element_v_7b( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_7d0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_1b(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_70(message, ret0); + compress_then_serialize_message_0e(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5906,10 +6357,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_fd0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_480(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_f10(secret_key, secret_as_ntt); + deserialize_secret_key_130(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -5920,7 +6371,7 @@ static void decrypt_fd0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_c30(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e7(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5934,7 +6385,7 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_421(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_a9_42(Eurydice_slice input, uint8_t ret[32U]) { PRF_d1(input, ret); } @@ -5960,10 +6411,9 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_bb0( +void libcrux_ml_kem_ind_cca_decapsulate_050( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5979,7 +6429,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_fd0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_480(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5989,7 +6439,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb0( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_670(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_67(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5997,31 +6447,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_424(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_df1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_b6(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_421(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_a9_42(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_040(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_0f0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_d20(Eurydice_array_to_slice( + kdf_d8_950(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_d20(shared_secret0, shared_secret); + kdf_d8_950(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_df1(ciphertext), + libcrux_ml_kem_types_as_ref_fd_b6(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6031,10 +6481,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb0( } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -6043,12 +6490,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b60( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c52( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_7d();); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6060,9 +6504,31 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b60( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_d0(ring_element); + deserialize_to_reduced_ring_element_5c(ring_element); deserialized_pk[i0] = uu____0; } +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 800 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_55( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_d6_7d();); + deserialize_ring_elements_reduced_c52(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -6078,7 +6544,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_fd( +static KRML_MUSTINLINE void serialize_secret_key_190( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6096,7 +6562,7 @@ static KRML_MUSTINLINE void serialize_secret_key_fd( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_16(&re, ret0); + serialize_uncompressed_ring_element_50(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -6107,27 +6573,44 @@ static KRML_MUSTINLINE void serialize_secret_key_fd( Concatenate `t` and `ρ` into the public key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_77( +static KRML_MUSTINLINE void serialize_public_key_mut_ac0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); - uint8_t ret0[768U]; - serialize_secret_key_fd(t_as_ntt, ret0); + Eurydice_slice seed_for_a, uint8_t *serialized) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, + (size_t)768U, uint8_t); + uint8_t ret[768U]; + serialize_secret_key_190(t_as_ntt, ret); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); + uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t), + Eurydice_array_to_subslice_from((size_t)800U, serialized, (size_t)768U, + uint8_t, size_t), seed_for_a, uint8_t); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +static KRML_MUSTINLINE void serialize_public_key_370( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + serialize_public_key_mut_ac0(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -6146,15 +6629,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6e(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_33(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_b60( + deserialize_ring_elements_reduced_out_55( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_77( + serialize_public_key_370( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -6172,7 +6655,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_a9_16(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_160(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -6191,14 +6674,14 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_fd( +bool libcrux_ml_kem_ind_cca_validate_private_key_70( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; - H_a9_16(Eurydice_array_to_subslice2( - private_key->value, (size_t)384U * (size_t)2U, - (size_t)768U * (size_t)2U + (size_t)32U, uint8_t), - t); + H_a9_160(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)2U, + (size_t)768U * (size_t)2U + (size_t)32U, uint8_t), + t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)2U + (size_t)32U, (size_t)768U * (size_t)2U + (size_t)64U, uint8_t); @@ -6206,6 +6689,74 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_fd( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct IndCpaPrivateKeyUnpacked_d6_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; +} IndCpaPrivateKeyUnpacked_d6; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static IndCpaPrivateKeyUnpacked_d6 default_1a_190(void) { + IndCpaPrivateKeyUnpacked_d6 lit; + lit.secret_as_ntt[0U] = ZERO_d6_7d(); + lit.secret_as_ntt[1U] = ZERO_d6_7d(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct IndCpaPublicKeyUnpacked_d6_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; +} IndCpaPublicKeyUnpacked_d6; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static IndCpaPublicKeyUnpacked_d6 default_8d_800(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + uu____0[i] = ZERO_d6_7d();); + uint8_t uu____1[32U] = {0U}; + IndCpaPublicKeyUnpacked_d6 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + lit.A[0U][0U] = ZERO_d6_7d(); + lit.A[0U][1U] = ZERO_d6_7d(); + lit.A[1U][0U] = ZERO_d6_7d(); + lit.A[1U][1U] = ZERO_d6_7d(); + return lit; +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} @@ -6215,7 +6766,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_a9_67(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_670(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -6229,7 +6780,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_51( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_520( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -6240,29 +6791,17 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_51( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)2U; uint8_t ret0[64U]; - G_a9_67(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_a9_670(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static void closure_64( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_7d();); -} - /** A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_2a(uint8_t input[2U][34U]) { +shake128_init_absorb_2a0(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -6283,11 +6822,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_1c(uint8_t input[2U][34U]) { +shake128_init_absorb_a9_1c0(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_2a(copy_of_input); + return shake128_init_absorb_2a0(copy_of_input); } /** @@ -6296,7 +6835,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c0( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -6327,9 +6866,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_0c(self, ret); + shake128_squeeze_three_blocks_0c0(self, ret); } /** @@ -6380,7 +6919,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e01( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6417,7 +6956,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_4a( +static KRML_MUSTINLINE void shake128_squeeze_block_4a0( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -6447,9 +6986,9 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d( +static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_4a(self, ret); + shake128_squeeze_block_4a0(self, ret); } /** @@ -6500,7 +7039,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b0( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e02( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6538,9 +7077,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_86( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_b70( int16_t s[272U]) { - return from_i16_array_89_82( + return from_i16_array_d6_34( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6550,7 +7089,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_6c( +static KRML_MUSTINLINE void sample_from_xof_590( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -6559,25 +7098,25 @@ static KRML_MUSTINLINE void sample_from_xof_6c( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_1c(copy_of_seeds); + shake128_init_absorb_a9_1c0(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_a9_2e(&xof_state, randomness0); + shake128_squeeze_three_blocks_a9_2e0(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_6b( + bool done = sample_from_uniform_distribution_next_e01( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_block_a9_1d(&xof_state, randomness); + shake128_squeeze_block_a9_1d0(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_6b0( + done = sample_from_uniform_distribution_next_e02( copy_of_randomness, sampled_coefficients, out); } } @@ -6586,7 +7125,7 @@ static KRML_MUSTINLINE void sample_from_xof_6c( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_86(copy_of_out[i]);); + ret0[i] = closure_b70(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -6598,12 +7137,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_29( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_64(A_transpose[i]);); +static KRML_MUSTINLINE void sample_matrix_A_590( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[2U], + uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6618,7 +7154,7 @@ static KRML_MUSTINLINE void sample_matrix_A_29( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_6c(copy_of_seeds, sampled); + sample_from_xof_590(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6636,30 +7172,16 @@ static KRML_MUSTINLINE void sample_matrix_A_29( } ); - memcpy(ret, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[2size_t], uint8_t - -*/ -typedef struct tuple_74_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[2U]; - uint8_t snd; -} tuple_74; - /** A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_08(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { +static KRML_MUSTINLINE void PRFxN_080(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; uint8_t out0[192U] = {0U}; uint8_t out1[192U] = {0U}; @@ -6693,9 +7215,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_a9_16(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_08(input, ret); +static KRML_MUSTINLINE void PRFxN_a9_160(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + PRFxN_080(input, ret); } /** @@ -6705,8 +7227,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_91(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_75(randomness); +sample_from_binomial_distribution_d50(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_e1(randomness); } /** @@ -6721,11 +7243,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_6e( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_6e0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6737,12 +7257,44 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_6e( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_a9_16(prf_inputs, prf_outputs); + PRFxN_a9_160(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_91( + re_as_ntt[i0] = sample_from_binomial_distribution_d50( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_e1(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_b6(&re_as_ntt[i0]);); + return domain_separator; +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[2size_t], uint8_t + +*/ +typedef struct tuple_74_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[2U]; + uint8_t snd; +} tuple_74; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA= 3 +- ETA_RANDOMNESS_SIZE= 192 +*/ +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_1a0( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO_d6_7d();); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + domain_separator = + sample_vector_cbd_then_ntt_6e0(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -6762,15 +7314,16 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_6e( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_98( +static KRML_MUSTINLINE void add_to_ring_element_d6_130( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -6793,101 +7346,157 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_6a( +static KRML_MUSTINLINE void compute_As_plus_e_910( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_7d();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_d6_7d(); + t_as_ntt[i0] = uu____0; + for (size_t i1 = (size_t)0U; + i1 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i1++) { + size_t j = i1; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_98(&result[i1], &product); + ntt_multiply_d6_5f(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_130(&t_as_ntt[i0], &product); } - add_standard_error_reduce_89_c1(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_d6_9a(&t_as_ntt[i0], &error_as_ntt[i0]); } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem -with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 -- PRIVATE_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_51( - Eurydice_slice key_generation_seed) { +static void generate_keypair_unpacked_a50( + Eurydice_slice key_generation_seed, + IndCpaPrivateKeyUnpacked_d6 *private_key, + IndCpaPublicKeyUnpacked_d6 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_51(key_generation_seed, hashed); + cpa_keygen_seed_d8_520(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[2U] = + public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - sample_matrix_A_29(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); + sample_matrix_A_590(uu____1, ret, true); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 = + private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_6e(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; + uint8_t domain_separator = + sample_vector_cbd_then_ntt_6e0(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_6e(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_out_1a0(copy_of_prf_input, domain_separator) + .fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_6a(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; + compute_As_plus_e_910(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); + uint8_t uu____5[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics +- K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_c1( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_d6 private_key = default_1a_190(); + IndCpaPublicKeyUnpacked_d6 public_key = default_8d_800(); + generate_keypair_unpacked_a50(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_77( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + serialize_public_key_370( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_fd(secret_as_ntt, secret_key_serialized); + serialize_secret_key_190(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6914,7 +7523,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f5( +static KRML_MUSTINLINE void serialize_kem_secret_key_90( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6940,7 +7549,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f5( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_16(public_key, ret0); + H_a9_160(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -6977,7 +7586,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_61( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_7a( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6987,13 +7596,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_61( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_51(ind_cpa_keypair_randomness); + generate_keypair_c1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_f5( + serialize_kem_secret_key_90( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7002,13 +7611,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_61( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_9d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_3e(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f6( - uu____2, libcrux_ml_kem_types_from_b6_8c(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_62( + uu____2, libcrux_ml_kem_types_from_40_1c(copy_of_public_key)); } /** @@ -7021,7 +7630,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_e1(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_5d(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7030,10 +7639,7 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_e1(Eurydice_slice randomness, } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -7042,12 +7648,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b6( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c50( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_7d();); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7059,12 +7662,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b6( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_d0(ring_element); + deserialize_to_reduced_ring_element_5c(ring_element); deserialized_pk[i0] = uu____0; } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } /** @@ -7073,7 +7673,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_080(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_081(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -7108,9 +7708,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_160(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_161(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_080(input, ret); + PRFxN_081(input, ret); } /** @@ -7125,10 +7725,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_85(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_5b0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_7d();); + error_1[i] = ZERO_d6_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7140,11 +7740,11 @@ sample_ring_element_cbd_85(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_a9_160(prf_inputs, prf_outputs); + PRFxN_a9_161(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_910( + sample_from_binomial_distribution_d5( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -7170,7 +7770,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_420(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_422(Eurydice_slice input, uint8_t ret[128U]) { PRF_d10(input, ret); } @@ -7181,18 +7781,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_3e( +static KRML_MUSTINLINE void invert_ntt_montgomery_bf0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_a5(&zeta_i, re); - invert_ntt_at_layer_2_0a(&zeta_i, re); - invert_ntt_at_layer_3_2b(&zeta_i, re); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_f5(re); + invert_ntt_at_layer_1_a9(&zeta_i, re); + invert_ntt_at_layer_2_c9(&zeta_i, re); + invert_ntt_at_layer_3_e8(&zeta_i, re); + invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_a7(re); } /** @@ -7204,14 +7804,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_73( +static KRML_MUSTINLINE void compute_vector_u_c60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_7d();); + result[i] = ZERO_d6_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7231,11 +7831,11 @@ static KRML_MUSTINLINE void compute_vector_u_73( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(a_element, &r_as_ntt[j]); - add_to_ring_element_89_98(&result[i1], &product); + ntt_multiply_d6_5f(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_130(&result[i1], &product); } - invert_ntt_montgomery_3e(&result[i1]); - add_error_reduce_89_69(&result[i1], &error_1[i1]); + invert_ntt_montgomery_bf0(&result[i1]); + add_error_reduce_d6_f4(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -7252,18 +7852,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_88( +compute_ring_element_v_d00( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_98(&result, &product);); - invert_ntt_montgomery_3e(&result); - result = add_message_error_reduce_89_c3(error_2, message, result); + ntt_multiply_d6_5f(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_130(&result, &product);); + invert_ntt_montgomery_bf0(&result); + result = add_message_error_reduce_d6_a6(error_2, message, result); return result; } @@ -7279,7 +7879,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_4b( +static void compress_then_serialize_u_9e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7295,14 +7895,55 @@ static void compress_then_serialize_u_4b( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_5b(&re, ret); + compress_then_serialize_ring_element_u_cc0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 @@ -7318,24 +7959,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_04(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_b6( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - sample_matrix_A_29(ret0, false, A); +static void encrypt_unpacked_5d0(IndCpaPublicKeyUnpacked_d6 *public_key, + uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_6e(copy_of_prf_input0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_1a0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -7345,7 +7977,7 @@ static void encrypt_04(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_85(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_5b0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7353,36 +7985,75 @@ static void encrypt_04(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_420(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_422(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_910( + sample_from_binomial_distribution_d5( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_73(A, r_as_ntt, error_1, u); + compute_vector_u_c60(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_4d(copy_of_message); + deserialize_then_decompress_message_37(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_88(t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); + compute_ring_element_v_d00(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_4b( + compress_then_serialize_u_9e0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_e4( + compress_then_serialize_ring_element_v_bb0( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_0f(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { + IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_8d_800(); + deserialize_ring_elements_reduced_c50( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[2U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); + sample_matrix_A_590(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_d6 *uu____1 = &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[768U]; + encrypt_unpacked_5d0(uu____1, copy_of_message, randomness, ret1); + memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)} @@ -7394,7 +8065,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_d2(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_95(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7421,11 +8092,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_ae( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_4a( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_e1( + entropy_preprocess_d8_5d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -7434,14 +8105,14 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_ae( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_16(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_a9(public_key), - uint8_t), - ret); + H_a9_160(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_ba_e90(public_key), + uint8_t), + ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_67(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_670(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7449,19 +8120,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_ae( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_a9(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_ba_e90(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_04(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_0f(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_13(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_150(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_d2(shared_secret, shared_secret_array); + kdf_d8_95(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7482,12 +8153,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_f1( +static KRML_MUSTINLINE void deserialize_secret_key_13( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_7d();); + secret_as_ntt[i] = ZERO_d6_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7499,7 +8170,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_f1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_4f(secret_bytes); + deserialize_to_uncompressed_ring_element_e3(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7507,16 +8178,6 @@ static KRML_MUSTINLINE void deserialize_secret_key_f1( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct IndCpaPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; -} IndCpaPrivateKeyUnpacked_d6; - /** Call [`deserialize_then_decompress_ring_element_u`] on each ring element in the `ciphertext`. @@ -7529,12 +8190,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_83( +static KRML_MUSTINLINE void deserialize_then_decompress_u_1f0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_7d();); + u_as_ntt[i] = ZERO_d6_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7552,8 +8213,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_83( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_69(u_bytes); - ntt_vector_u_26(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_320(u_bytes); + ntt_vector_u_4d0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7573,17 +8234,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_7d( +compute_message_1b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_98(&result, &product);); - invert_ntt_montgomery_3e(&result); - result = subtract_reduce_89_ed(v, result); + ntt_multiply_d6_5f(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_130(&result, &product);); + invert_ntt_montgomery_bf0(&result); + result = subtract_reduce_d6_a7(v, result); return result; } @@ -7621,18 +8282,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_c3(IndCpaPrivateKeyUnpacked_d6 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { +static void decrypt_unpacked_e70(IndCpaPrivateKeyUnpacked_d6 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_83(ciphertext, u_as_ntt); + deserialize_then_decompress_u_1f0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_86( + deserialize_then_decompress_ring_element_v_7b0( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_7d(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_1b0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_70(message, ret0); + compress_then_serialize_message_0e(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7646,10 +8307,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_fd(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_48(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_f1(secret_key, secret_as_ntt); + deserialize_secret_key_13(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -7660,7 +8321,7 @@ static void decrypt_fd(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_c3(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e70(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7674,7 +8335,7 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_42(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_a9_421(Eurydice_slice input, uint8_t ret[32U]) { PRF_d1(input, ret); } @@ -7700,7 +8361,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_bb( +void libcrux_ml_kem_ind_cca_decapsulate_05( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7718,7 +8379,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_fd(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_48(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7728,7 +8389,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_67(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_670(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7736,30 +8397,30 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_424(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_df(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_b60(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_42(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_a9_421(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_04(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_0f(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_d2(Eurydice_array_to_slice((size_t)32U, + kdf_d8_95(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_d2(shared_secret0, shared_secret); + kdf_d8_95(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_df(ciphertext), + libcrux_ml_kem_types_as_ref_fd_b60(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index ff2b51df5..6224ae299 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 3cb9f2f65..9c30544c1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #include "internal/libcrux_mlkem_portable.h" @@ -75,7 +75,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - core_result_unwrap_41_30(dst, ret); + core_result_unwrap_26_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -973,17 +973,17 @@ libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { core_option_Option_b3 uu____0 = - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3); - if (!(uu____0.tag == core_option_None)) { + if (uu____0.tag == core_option_None) { + return v; + } else { size_t i = uu____0.f0; if (v.elements[i] >= (int16_t)3329) { size_t uu____1 = i; v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; } - continue; } - return v; } } @@ -2233,15 +2233,16 @@ libcrux_ml_kem_vector_portable_vector_type_clone_3b( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_19(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_d6_19(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2275,8 +2276,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_3f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); +deserialize_to_reduced_ring_element_19(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2292,10 +2293,7 @@ deserialize_to_reduced_ring_element_3f(Eurydice_slice serialized) { } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -2304,12 +2302,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_644( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2321,9 +2316,31 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e4( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_3f(ring_element); + deserialize_to_reduced_ring_element_19(ring_element); deserialized_pk[i0] = uu____0; } +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- PUBLIC_KEY_SIZE= 1568 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_da1( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_d6_19();); + deserialize_ring_elements_reduced_644(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2335,7 +2352,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0f(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_56(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2354,8 +2371,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_1e(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_0f(v); +shift_right_0d_12(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_56(v); } /** @@ -2365,10 +2382,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_5d( +to_unsigned_representative_80( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_1e(a); + shift_right_0d_12(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2388,7 +2405,7 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_47( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_5d(re->coefficients[i0]); + to_unsigned_representative_80(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2409,7 +2426,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_6c1( +static KRML_MUSTINLINE void serialize_secret_key_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2438,27 +2455,44 @@ static KRML_MUSTINLINE void serialize_secret_key_6c1( Concatenate `t` and `ρ` into the public key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_5d1( +static KRML_MUSTINLINE void serialize_public_key_mut_49( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); - uint8_t ret0[1536U]; - serialize_secret_key_6c1(t_as_ntt, ret0); + Eurydice_slice seed_for_a, uint8_t *serialized) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, + (size_t)1536U, uint8_t); + uint8_t ret[1536U]; + serialize_secret_key_d8(t_as_ntt, ret); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); + uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t), + Eurydice_array_to_subslice_from((size_t)1568U, serialized, (size_t)1536U, + uint8_t, size_t), seed_for_a, uint8_t); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +static KRML_MUSTINLINE void serialize_public_key_d3( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + serialize_public_key_mut_49(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -2477,15 +2511,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_7b1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_c31(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_7e4( + deserialize_ring_elements_reduced_out_da1( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_5d1( + serialize_public_key_d3( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2503,7 +2537,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_c61(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_c6(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -2522,14 +2556,14 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_be( +bool libcrux_ml_kem_ind_cca_validate_private_key_9d( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext) { + libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { uint8_t t[32U]; - H_f1_c61(Eurydice_array_to_subslice2( - private_key->value, (size_t)384U * (size_t)4U, - (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), - t); + H_f1_c6(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)4U, + (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), + t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)4U + (size_t)32U, (size_t)768U * (size_t)4U + (size_t)64U, uint8_t); @@ -2537,6 +2571,88 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_be( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $4size_t +*/ +typedef struct IndCpaPrivateKeyUnpacked_42_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; +} IndCpaPrivateKeyUnpacked_42; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 4 +*/ +static IndCpaPrivateKeyUnpacked_42 default_1a_a3(void) { + IndCpaPrivateKeyUnpacked_42 lit; + lit.secret_as_ntt[0U] = ZERO_d6_19(); + lit.secret_as_ntt[1U] = ZERO_d6_19(); + lit.secret_as_ntt[2U] = ZERO_d6_19(); + lit.secret_as_ntt[3U] = ZERO_d6_19(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $4size_t +*/ +typedef struct IndCpaPublicKeyUnpacked_42_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; +} IndCpaPublicKeyUnpacked_42; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 4 +*/ +static IndCpaPublicKeyUnpacked_42 default_8d_6b(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + uu____0[i] = ZERO_d6_19();); + uint8_t uu____1[32U] = {0U}; + IndCpaPublicKeyUnpacked_42 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + lit.A[0U][0U] = ZERO_d6_19(); + lit.A[0U][1U] = ZERO_d6_19(); + lit.A[0U][2U] = ZERO_d6_19(); + lit.A[0U][3U] = ZERO_d6_19(); + lit.A[1U][0U] = ZERO_d6_19(); + lit.A[1U][1U] = ZERO_d6_19(); + lit.A[1U][2U] = ZERO_d6_19(); + lit.A[1U][3U] = ZERO_d6_19(); + lit.A[2U][0U] = ZERO_d6_19(); + lit.A[2U][1U] = ZERO_d6_19(); + lit.A[2U][2U] = ZERO_d6_19(); + lit.A[2U][3U] = ZERO_d6_19(); + lit.A[3U][0U] = ZERO_d6_19(); + lit.A[3U][1U] = ZERO_d6_19(); + lit.A[3U][2U] = ZERO_d6_19(); + lit.A[3U][3U] = ZERO_d6_19(); + return lit; +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash)} @@ -2546,7 +2662,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_071(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_07(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2560,7 +2676,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_e0( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_84( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -2571,23 +2687,10 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_e0( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)4U; uint8_t ret0[64U]; - G_f1_071(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_f1_07(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 -*/ -static void closure_8e1( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_19();); -} - /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PortableHash with const generics @@ -2603,7 +2706,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_371(uint8_t input[4U][34U]) { +shake128_init_absorb_37(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2634,11 +2737,11 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_f1_171(uint8_t input[4U][34U]) { +shake128_init_absorb_f1_17(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_371(copy_of_input); + return shake128_init_absorb_37(copy_of_input); } /** @@ -2647,7 +2750,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_721( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_72( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2668,9 +2771,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_751( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_75( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_721(self, ret); + shake128_squeeze_three_blocks_72(self, ret); } /** @@ -2721,7 +2824,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b3( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_60( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2759,8 +2862,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_e61(PortableHash_d1 *st, - uint8_t ret[4U][168U]) { +static KRML_MUSTINLINE void shake128_squeeze_block_e6(PortableHash_d1 *st, + uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2780,9 +2883,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_481( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_48( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_e61(self, ret); + shake128_squeeze_block_e6(self, ret); } /** @@ -2833,7 +2936,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b4( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_600( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2867,17 +2970,18 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b4( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_89_4e(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); +from_i16_array_d6_b3(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2897,9 +3001,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_971( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_55( int16_t s[272U]) { - return from_i16_array_89_4e( + return from_i16_array_d6_b3( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2910,7 +3014,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_2f1( +static KRML_MUSTINLINE void sample_from_xof_d8( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -2918,25 +3022,25 @@ static KRML_MUSTINLINE void sample_from_xof_2f1( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_f1_171(copy_of_seeds); + PortableHash_d1 xof_state = shake128_init_absorb_f1_17(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_f1_751(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_75(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_9b3( + bool done = sample_from_uniform_distribution_next_60( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_block_f1_481(&xof_state, randomness); + shake128_squeeze_block_f1_48(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_9b4( + done = sample_from_uniform_distribution_next_600( copy_of_randomness, sampled_coefficients, out); } } @@ -2945,7 +3049,7 @@ static KRML_MUSTINLINE void sample_from_xof_2f1( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_971(copy_of_out[i]);); + ret0[i] = closure_55(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2958,12 +3062,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_3c1( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_8e1(A_transpose[i]);); +static KRML_MUSTINLINE void sample_matrix_A_95( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[4U], + uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -2978,7 +3079,7 @@ static KRML_MUSTINLINE void sample_matrix_A_3c1( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_2f1(copy_of_seeds, sampled); + sample_from_xof_d8(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2996,30 +3097,16 @@ static KRML_MUSTINLINE void sample_matrix_A_3c1( } ); - memcpy(ret, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_portable_vector_type_PortableVector[4size_t], uint8_t - -*/ -typedef struct tuple_710_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[4U]; - uint8_t snd; -} tuple_710; - /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_d52(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { +static KRML_MUSTINLINE void PRFxN_d5(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -3039,9 +3126,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_9f2(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_d52(input, ret); +static KRML_MUSTINLINE void PRFxN_f1_9f(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + PRFxN_d5(input, ret); } /** @@ -3100,7 +3187,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_f0(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_26(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -3134,7 +3221,7 @@ sample_from_binomial_distribution_2_f0(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_4e( + return from_i16_array_d6_b3( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3145,7 +3232,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_77(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_c3(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -3178,7 +3265,7 @@ sample_from_binomial_distribution_3_77(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_4e( + return from_i16_array_d6_b3( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3189,8 +3276,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_63(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_f0(randomness); +sample_from_binomial_distribution_0f(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_26(randomness); } /** @@ -3199,7 +3286,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_ca( +static KRML_MUSTINLINE void ntt_at_layer_7_39( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3227,7 +3314,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_b1( +montgomery_multiply_fe_3b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3241,12 +3328,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_96( + ntt_layer_int_vec_step_59( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_b1(b, zeta_r); + montgomery_multiply_fe_3b(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3260,7 +3347,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_05( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_d5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3273,7 +3360,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_05( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_96( + ntt_layer_int_vec_step_59( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3290,7 +3377,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_38( +static KRML_MUSTINLINE void ntt_at_layer_3_ae( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3308,7 +3395,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_6d( +static KRML_MUSTINLINE void ntt_at_layer_2_cf( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3328,7 +3415,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_0b( +static KRML_MUSTINLINE void ntt_at_layer_1_01( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3348,15 +3435,16 @@ static KRML_MUSTINLINE void ntt_at_layer_1_0b( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_62( +static KRML_MUSTINLINE void poly_barrett_reduce_d6_c2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3374,17 +3462,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_c4( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_4d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_ca(re); + ntt_at_layer_7_39(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_38(&zeta_i, re); - ntt_at_layer_2_6d(&zeta_i, re); - ntt_at_layer_1_0b(&zeta_i, re); - poly_barrett_reduce_89_62(re); + ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_ae(&zeta_i, re); + ntt_at_layer_2_cf(&zeta_i, re); + ntt_at_layer_1_01(&zeta_i, re); + poly_barrett_reduce_d6_c2(re); } /** @@ -3400,11 +3488,9 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_ce1( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ce( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3416,12 +3502,45 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_ce1( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_9f2(prf_inputs, prf_outputs); + PRFxN_f1_9f(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_63( + re_as_ntt[i0] = sample_from_binomial_distribution_0f( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_c4(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_4d(&re_as_ntt[i0]);); + return domain_separator; +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_portable_vector_type_PortableVector[4size_t], uint8_t + +*/ +typedef struct tuple_710_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[4U]; + uint8_t snd; +} tuple_710; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const +generics +- K= 4 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_25( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO_d6_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + domain_separator = + sample_vector_cbd_then_ntt_ce(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -3464,18 +3583,19 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_ce1( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_89_58(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_d6_1b(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_d6_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3504,15 +3624,16 @@ ntt_multiply_89_58(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_881( +static KRML_MUSTINLINE void add_to_ring_element_d6_9d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3537,7 +3658,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_97( +to_standard_domain_38( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3545,22 +3666,23 @@ to_standard_domain_97( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_82( +static KRML_MUSTINLINE void add_standard_error_reduce_d6_00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_97(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_38(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3578,101 +3700,158 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_c81( +static KRML_MUSTINLINE void compute_As_plus_e_50( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_19();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); - i++) { - size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_d6_19(); + t_as_ntt[i0] = uu____0; + for (size_t i1 = (size_t)0U; + i1 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + i1++) { + size_t j = i1; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_881(&result[i1], &product); + ntt_multiply_d6_1b(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_9d(&t_as_ntt[i0], &product); } - add_standard_error_reduce_89_82(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_d6_00(&t_as_ntt[i0], &error_as_ntt[i0]); } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], -libcrux_ml_kem_variant_MlKem with const generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const +generics - K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_021( - Eurydice_slice key_generation_seed) { +static void generate_keypair_unpacked_7e( + Eurydice_slice key_generation_seed, + IndCpaPrivateKeyUnpacked_42 *private_key, + IndCpaPublicKeyUnpacked_42 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_e0(key_generation_seed, hashed); + cpa_keygen_seed_d8_84(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[4U] = + public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - sample_matrix_A_3c1(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); + sample_matrix_A_95(uu____1, ret, true); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 = + private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_ce1(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; + uint8_t domain_separator = + sample_vector_cbd_then_ntt_ce(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_ce1(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_out_25(copy_of_prf_input, domain_separator) + .fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_c81(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; + compute_As_plus_e_50(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); + uint8_t uu____5[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e31( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_42 private_key = default_1a_a3(); + IndCpaPublicKeyUnpacked_42 public_key = default_8d_6b(); + generate_keypair_unpacked_7e(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; - serialize_public_key_5d1( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + serialize_public_key_d3( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_6c1(secret_as_ntt, secret_key_serialized); + serialize_secret_key_d8(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3699,7 +3878,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_b2( +static KRML_MUSTINLINE void serialize_kem_secret_key_5c( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3725,7 +3904,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_b2( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_c61(public_key, ret0); + H_f1_c6(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -3763,7 +3942,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d41(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_7d1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3772,13 +3951,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d41(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_021(ind_cpa_keypair_randomness); + generate_keypair_e31(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_b2( + serialize_kem_secret_key_5c( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3787,13 +3966,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d41(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_9d1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_3e1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f61( - uu____2, libcrux_ml_kem_types_from_b6_8c1(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_621( + uu____2, libcrux_ml_kem_types_from_40_1c1(copy_of_public_key)); } /** @@ -3806,7 +3985,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_1b(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_9b(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3815,10 +3994,7 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_1b(Eurydice_slice randomness, } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -3827,12 +4003,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e3( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_64( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3844,12 +4017,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e3( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_3f(ring_element); + deserialize_to_reduced_ring_element_19(ring_element); deserialized_pk[i0] = uu____0; } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** @@ -3865,10 +4035,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_3a1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_d8(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_19();); + error_1[i] = ZERO_d6_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3880,11 +4050,11 @@ sample_ring_element_cbd_3a1(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_9f2(prf_inputs, prf_outputs); + PRFxN_f1_9f(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_63( + sample_from_binomial_distribution_0f( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -3922,7 +4092,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_9d4(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_9d0(Eurydice_slice input, uint8_t ret[128U]) { PRF_440(input, ret); } @@ -3933,7 +4103,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_ca( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_2a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3957,7 +4127,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_06( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_56( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3977,7 +4147,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_0d( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_81( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3997,7 +4167,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_df( + inv_ntt_layer_int_vec_step_reduce_3a( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4005,7 +4175,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_b1(a_minus_b, zeta_r); + b = montgomery_multiply_fe_3b(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4017,7 +4187,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_07( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ba( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4032,7 +4202,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_07( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_df( + inv_ntt_layer_int_vec_step_reduce_3a( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4049,31 +4219,32 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_471( +static KRML_MUSTINLINE void invert_ntt_montgomery_05( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_ca(&zeta_i, re); - invert_ntt_at_layer_2_06(&zeta_i, re); - invert_ntt_at_layer_3_0d(&zeta_i, re); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_62(re); + invert_ntt_at_layer_1_2a(&zeta_i, re); + invert_ntt_at_layer_2_56(&zeta_i, re); + invert_ntt_at_layer_3_81(&zeta_i, re); + invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_c2(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_20( +static KRML_MUSTINLINE void add_error_reduce_d6_26( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4100,14 +4271,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_771( +static KRML_MUSTINLINE void compute_vector_u_0d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_19();); + result[i] = ZERO_d6_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4127,11 +4298,11 @@ static KRML_MUSTINLINE void compute_vector_u_771( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(a_element, &r_as_ntt[j]); - add_to_ring_element_89_881(&result[i1], &product); + ntt_multiply_d6_1b(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_9d(&result[i1], &product); } - invert_ntt_montgomery_471(&result[i1]); - add_error_reduce_89_20(&result[i1], &error_1[i1]); + invert_ntt_montgomery_05(&result[i1]); + add_error_reduce_d6_26(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4145,7 +4316,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_75(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_ad(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4159,8 +4330,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_94(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); +deserialize_then_decompress_message_e4(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4170,23 +4341,24 @@ deserialize_then_decompress_message_94(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_75(coefficient_compressed); + decompress_1_ad(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_57( +add_message_error_reduce_d6_09( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4219,18 +4391,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_fe1( +compute_ring_element_v_d2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_881(&result, &product);); - invert_ntt_montgomery_471(&result); - result = add_message_error_reduce_89_57(error_2, message, result); + ntt_multiply_d6_1b(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_9d(&result, &product);); + invert_ntt_montgomery_05(&result); + result = add_message_error_reduce_d6_09(error_2, message, result); return result; } @@ -4240,7 +4412,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_53(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_35(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4261,9 +4433,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_fd( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_5f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_53(v); + return compress_35(v); } /** @@ -4272,7 +4444,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_530(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_350(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4294,8 +4466,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_fd0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_530(v); +compress_0d_5f0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_350(v); } /** @@ -4304,14 +4476,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_6f0( +static KRML_MUSTINLINE void compress_then_serialize_11_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_fd0(to_unsigned_representative_5d(re->coefficients[i0])); + compress_0d_5f0(to_unsigned_representative_80(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4329,10 +4501,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4e0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_6f0(re, uu____0); + compress_then_serialize_11_c1(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4348,7 +4520,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_861( +static void compress_then_serialize_u_e3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4364,7 +4536,7 @@ static void compress_then_serialize_u_861( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_4e0(&re, ret); + compress_then_serialize_ring_element_u_90(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4376,7 +4548,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_531(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_351(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4398,8 +4570,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_fd1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_531(v); +compress_0d_5f1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_351(v); } /** @@ -4408,14 +4580,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_97( +static KRML_MUSTINLINE void compress_then_serialize_4_27( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_fd1(to_unsigned_representative_5d(re.coefficients[i0])); + compress_0d_5f1(to_unsigned_representative_80(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4431,7 +4603,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_532(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_352(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4453,8 +4625,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_fd2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_532(v); +compress_0d_5f2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_352(v); } /** @@ -4463,14 +4635,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_0a( +static KRML_MUSTINLINE void compress_then_serialize_5_59( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_fd2(to_unsigned_representative_5d(re.coefficients[i0])); + compress_0d_5f2(to_unsigned_representative_80(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4487,13 +4659,54 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_800( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_c8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_0a(re, out); + compress_then_serialize_5_59(re, out); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics @@ -4510,24 +4723,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_8c1(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_7e3( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - sample_matrix_A_3c1(ret0, false, A); +static void encrypt_unpacked_88(IndCpaPublicKeyUnpacked_42 *public_key, + uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_ce1(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_25(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4537,7 +4741,7 @@ static void encrypt_8c1(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_3a1(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_d8(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4545,36 +4749,76 @@ static void encrypt_8c1(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_9d4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_9d0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_63( + sample_from_binomial_distribution_0f( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_771(A, r_as_ntt, error_1, u); + compute_vector_u_0d(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_94(copy_of_message); + deserialize_then_decompress_message_e4(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_fe1(t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); + compute_ring_element_v_d2(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_861( + compress_then_serialize_u_e3( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_800( + compress_then_serialize_ring_element_v_c8( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const +generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_1e1(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_8d_6b(); + deserialize_ring_elements_reduced_64( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[4U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); + sample_matrix_A_95(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_42 *uu____1 = &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1568U]; + encrypt_unpacked_88(uu____1, copy_of_message, randomness, ret1); + memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)} @@ -4586,7 +4830,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_d9(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_11(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4613,11 +4857,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c11( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_1b( + entropy_preprocess_d8_9b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4626,14 +4870,14 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_c61(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_a91(public_key), - uint8_t), - ret); + H_f1_c6(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_e9(public_key), + uint8_t), + ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_071(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4641,20 +4885,20 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_a91(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_e9(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_8c1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_1e1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_131(copy_of_ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = + libcrux_ml_kem_types_from_fc_15(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_d9(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + kdf_d8_11(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4672,8 +4916,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_79(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); +deserialize_to_uncompressed_ring_element_ce(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4695,12 +4939,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_301( +static KRML_MUSTINLINE void deserialize_secret_key_fc1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_19();); + secret_as_ntt[i] = ZERO_d6_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4712,7 +4956,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_301( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_79(secret_bytes); + deserialize_to_uncompressed_ring_element_ce(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4720,16 +4964,6 @@ static KRML_MUSTINLINE void deserialize_secret_key_301( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $4size_t -*/ -typedef struct IndCpaPrivateKeyUnpacked_42_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; -} IndCpaPrivateKeyUnpacked_42; - /** A monomorphic instance of libcrux_ml_kem.vector.portable.compress.decompress_ciphertext_coefficient with @@ -4737,7 +4971,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_86( +decompress_ciphertext_coefficient_40( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4762,9 +4996,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_4c( +decompress_ciphertext_coefficient_0d_17( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_86(v); + return decompress_ciphertext_coefficient_40(v); } /** @@ -4774,8 +5008,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_4c(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); +deserialize_then_decompress_10_28(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -4784,7 +5018,7 @@ deserialize_then_decompress_10_4c(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_4c(coefficient); + decompress_ciphertext_coefficient_0d_17(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4797,7 +5031,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_860( +decompress_ciphertext_coefficient_400( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4822,9 +5056,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_4c0( +decompress_ciphertext_coefficient_0d_170( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_860(v); + return decompress_ciphertext_coefficient_400(v); } /** @@ -4834,8 +5068,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_c3(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); +deserialize_then_decompress_11_ca(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4844,7 +5078,7 @@ deserialize_then_decompress_11_c3(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_4c0(coefficient); + decompress_ciphertext_coefficient_0d_170(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4857,8 +5091,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_770(Eurydice_slice serialized) { - return deserialize_then_decompress_11_c3(serialized); +deserialize_then_decompress_ring_element_u_7a(Eurydice_slice serialized) { + return deserialize_then_decompress_11_ca(serialized); } /** @@ -4867,17 +5101,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_340( +static KRML_MUSTINLINE void ntt_vector_u_6d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_38(&zeta_i, re); - ntt_at_layer_2_6d(&zeta_i, re); - ntt_at_layer_1_0b(&zeta_i, re); - poly_barrett_reduce_89_62(re); + ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_ae(&zeta_i, re); + ntt_at_layer_2_cf(&zeta_i, re); + ntt_at_layer_1_01(&zeta_i, re); + poly_barrett_reduce_d6_c2(re); } /** @@ -4892,12 +5126,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_321( +static KRML_MUSTINLINE void deserialize_then_decompress_u_23( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_19();); + u_as_ntt[i] = ZERO_d6_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -4915,8 +5149,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_321( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_770(u_bytes); - ntt_vector_u_340(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_7a(u_bytes); + ntt_vector_u_6d(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4930,7 +5164,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_861( +decompress_ciphertext_coefficient_401( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4955,9 +5189,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_4c1( +decompress_ciphertext_coefficient_0d_171( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_861(v); + return decompress_ciphertext_coefficient_401(v); } /** @@ -4967,8 +5201,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_ad(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); +deserialize_then_decompress_4_da(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -4977,7 +5211,7 @@ deserialize_then_decompress_4_ad(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_4c1(coefficient); + decompress_ciphertext_coefficient_0d_171(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4990,7 +5224,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_862( +decompress_ciphertext_coefficient_402( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5015,9 +5249,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_4c2( +decompress_ciphertext_coefficient_0d_172( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_862(v); + return decompress_ciphertext_coefficient_402(v); } /** @@ -5027,8 +5261,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_3f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); +deserialize_then_decompress_5_aa(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5037,7 +5271,7 @@ deserialize_then_decompress_5_3f(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_4c2(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_172(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5050,22 +5284,23 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_0d0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_3f(serialized); +deserialize_then_decompress_ring_element_v_b6(Eurydice_slice serialized) { + return deserialize_then_decompress_5_aa(serialized); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_ee(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_d6_28(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5096,17 +5331,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_291( +compute_message_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_881(&result, &product);); - invert_ntt_montgomery_471(&result); - result = subtract_reduce_89_ee(v, result); + ntt_multiply_d6_1b(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_9d(&result, &product);); + invert_ntt_montgomery_05(&result); + result = subtract_reduce_d6_28(v, result); return result; } @@ -5116,13 +5351,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_62( +static KRML_MUSTINLINE void compress_then_serialize_message_f3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_5d(re.coefficients[i0]); + to_unsigned_representative_80(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5170,18 +5405,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_3c1(IndCpaPrivateKeyUnpacked_42 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { +static void decrypt_unpacked_ce(IndCpaPrivateKeyUnpacked_42 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_321(ciphertext, u_as_ntt); + deserialize_then_decompress_u_23(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_0d0( + deserialize_then_decompress_ring_element_v_b6( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_291(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_2b(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_62(message, ret0); + compress_then_serialize_message_f3(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5195,10 +5430,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_d31(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_1b1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_301(secret_key, secret_as_ntt); + deserialize_secret_key_fc1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5209,7 +5444,7 @@ static void decrypt_d31(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_3c1(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_ce(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5235,7 +5470,7 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_9d3(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_f1_9d(Eurydice_slice input, uint8_t ret[32U]) { PRF_44(input, ret); } @@ -5261,10 +5496,9 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_641( +void libcrux_ml_kem_ind_cca_decapsulate_2b1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5280,7 +5514,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_641( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_d31(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_1b1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5290,7 +5524,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_641( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_071(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5298,31 +5532,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_641( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_424(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_df1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_b6(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_9d3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_f1_9d(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_8c1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_1e1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_d9(Eurydice_array_to_slice((size_t)32U, + kdf_d8_11(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_d9(shared_secret0, shared_secret); + kdf_d8_11(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_df1(ciphertext), + libcrux_ml_kem_types_as_ref_fd_b6(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5332,10 +5566,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_641( } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -5344,12 +5575,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_643( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5361,9 +5589,31 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e2( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_3f(ring_element); + deserialize_to_reduced_ring_element_19(ring_element); deserialized_pk[i0] = uu____0; } +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- PUBLIC_KEY_SIZE= 800 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_da0( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_d6_19();); + deserialize_ring_elements_reduced_643(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5379,7 +5629,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_6c0( +static KRML_MUSTINLINE void serialize_secret_key_d80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5408,27 +5658,44 @@ static KRML_MUSTINLINE void serialize_secret_key_6c0( Concatenate `t` and `ρ` into the public key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_5d0( +static KRML_MUSTINLINE void serialize_public_key_mut_490( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); - uint8_t ret0[768U]; - serialize_secret_key_6c0(t_as_ntt, ret0); + Eurydice_slice seed_for_a, uint8_t *serialized) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, + (size_t)768U, uint8_t); + uint8_t ret[768U]; + serialize_secret_key_d80(t_as_ntt, ret); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); + uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t), + Eurydice_array_to_subslice_from((size_t)800U, serialized, (size_t)768U, + uint8_t, size_t), seed_for_a, uint8_t); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +static KRML_MUSTINLINE void serialize_public_key_d30( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + serialize_public_key_mut_490(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -5447,15 +5714,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_7b0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_c30(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_7e2( + deserialize_ring_elements_reduced_out_da0( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_5d0( + serialize_public_key_d30( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5492,7 +5759,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_db( +bool libcrux_ml_kem_ind_cca_validate_private_key_df( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; @@ -5507,6 +5774,74 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_db( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $2size_t +*/ +typedef struct IndCpaPrivateKeyUnpacked_ae_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; +} IndCpaPrivateKeyUnpacked_ae; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 2 +*/ +static IndCpaPrivateKeyUnpacked_ae default_1a_a30(void) { + IndCpaPrivateKeyUnpacked_ae lit; + lit.secret_as_ntt[0U] = ZERO_d6_19(); + lit.secret_as_ntt[1U] = ZERO_d6_19(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $2size_t +*/ +typedef struct IndCpaPublicKeyUnpacked_ae_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; +} IndCpaPublicKeyUnpacked_ae; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 2 +*/ +static IndCpaPublicKeyUnpacked_ae default_8d_6b0(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + uu____0[i] = ZERO_d6_19();); + uint8_t uu____1[32U] = {0U}; + IndCpaPublicKeyUnpacked_ae lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + lit.A[0U][0U] = ZERO_d6_19(); + lit.A[0U][1U] = ZERO_d6_19(); + lit.A[1U][0U] = ZERO_d6_19(); + lit.A[1U][1U] = ZERO_d6_19(); + return lit; +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash)} @@ -5530,7 +5865,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_e8( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_9c( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -5545,19 +5880,6 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_e8( memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -*/ -static void closure_8e0( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_19();); -} - /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PortableHash with const generics @@ -5691,7 +6013,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b1( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_601( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5803,7 +6125,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b2( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_602( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5842,9 +6164,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_970( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_550( int16_t s[272U]) { - return from_i16_array_89_4e( + return from_i16_array_d6_b3( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5855,7 +6177,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_2f0( +static KRML_MUSTINLINE void sample_from_xof_d80( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -5869,7 +6191,7 @@ static KRML_MUSTINLINE void sample_from_xof_2f0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_9b1( + bool done = sample_from_uniform_distribution_next_601( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -5881,7 +6203,7 @@ static KRML_MUSTINLINE void sample_from_xof_2f0( uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_9b2( + done = sample_from_uniform_distribution_next_602( copy_of_randomness, sampled_coefficients, out); } } @@ -5890,7 +6212,7 @@ static KRML_MUSTINLINE void sample_from_xof_2f0( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_970(copy_of_out[i]);); + ret0[i] = closure_550(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5903,12 +6225,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_3c0( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_8e0(A_transpose[i]);); +static KRML_MUSTINLINE void sample_matrix_A_950( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[2U], + uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5923,7 +6242,7 @@ static KRML_MUSTINLINE void sample_matrix_A_3c0( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_2f0(copy_of_seeds, sampled); + sample_from_xof_d80(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5941,22 +6260,8 @@ static KRML_MUSTINLINE void sample_matrix_A_3c0( } ); - memcpy(ret, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_portable_vector_type_PortableVector[2size_t], uint8_t - -*/ -typedef struct tuple_740_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[2U]; - uint8_t snd; -} tuple_740; - /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN with const generics @@ -5996,8 +6301,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_630(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_77(randomness); +sample_from_binomial_distribution_0f0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_c3(randomness); } /** @@ -6013,11 +6318,9 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_ce0( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ce0( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6032,9 +6335,42 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_ce0( PRFxN_f1_9f0(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_630( + re_as_ntt[i0] = sample_from_binomial_distribution_0f0( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_c4(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_4d(&re_as_ntt[i0]);); + return domain_separator; +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_portable_vector_type_PortableVector[2size_t], uint8_t + +*/ +typedef struct tuple_740_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[2U]; + uint8_t snd; +} tuple_740; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const +generics +- K= 2 +- ETA= 3 +- ETA_RANDOMNESS_SIZE= 192 +*/ +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_250( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO_d6_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + domain_separator = + sample_vector_cbd_then_ntt_ce0(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -6054,15 +6390,16 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_ce0( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_880( +static KRML_MUSTINLINE void add_to_ring_element_d6_9d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6089,101 +6426,158 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_c80( +static KRML_MUSTINLINE void compute_As_plus_e_500( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_19();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); - i++) { - size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_d6_19(); + t_as_ntt[i0] = uu____0; + for (size_t i1 = (size_t)0U; + i1 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + i1++) { + size_t j = i1; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_880(&result[i1], &product); + ntt_multiply_d6_1b(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_9d0(&t_as_ntt[i0], &product); } - add_standard_error_reduce_89_82(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_d6_00(&t_as_ntt[i0], &error_as_ntt[i0]); } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], -libcrux_ml_kem_variant_MlKem with const generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const +generics - K= 2 -- PRIVATE_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_020( - Eurydice_slice key_generation_seed) { +static void generate_keypair_unpacked_7e0( + Eurydice_slice key_generation_seed, + IndCpaPrivateKeyUnpacked_ae *private_key, + IndCpaPublicKeyUnpacked_ae *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_e8(key_generation_seed, hashed); + cpa_keygen_seed_d8_9c(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[2U] = + public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - sample_matrix_A_3c0(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); + sample_matrix_A_950(uu____1, ret, true); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 = + private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_ce0(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; + uint8_t domain_separator = + sample_vector_cbd_then_ntt_ce0(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_ce0(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_out_250(copy_of_prf_input, domain_separator) + .fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_c80(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; + compute_As_plus_e_500(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); + uint8_t uu____5[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e30( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_ae private_key = default_1a_a30(); + IndCpaPublicKeyUnpacked_ae public_key = default_8d_6b0(); + generate_keypair_unpacked_7e0(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_5d0( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + serialize_public_key_d30( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_6c0(secret_as_ntt, secret_key_serialized); + serialize_secret_key_d80(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6210,7 +6604,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_a8( +static KRML_MUSTINLINE void serialize_kem_secret_key_5b( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6274,7 +6668,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_d40(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_7d0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6283,13 +6677,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d40(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_020(ind_cpa_keypair_randomness); + generate_keypair_e30(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_a8( + serialize_kem_secret_key_5b( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6298,13 +6692,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d40(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_9d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_3e(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f6( - uu____2, libcrux_ml_kem_types_from_b6_8c(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_62( + uu____2, libcrux_ml_kem_types_from_40_1c(copy_of_public_key)); } /** @@ -6317,7 +6711,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_3c(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_90(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6326,10 +6720,7 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_3c(Eurydice_slice randomness, } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -6338,12 +6729,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_640( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6355,12 +6743,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_3f(ring_element); + deserialize_to_reduced_ring_element_19(ring_element); deserialized_pk[i0] = uu____0; } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** @@ -6408,10 +6793,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_3a0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_d80(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_19();); + error_1[i] = ZERO_d6_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6427,7 +6812,7 @@ sample_ring_element_cbd_3a0(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_63( + sample_from_binomial_distribution_0f( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -6464,18 +6849,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_470( +static KRML_MUSTINLINE void invert_ntt_montgomery_050( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_ca(&zeta_i, re); - invert_ntt_at_layer_2_06(&zeta_i, re); - invert_ntt_at_layer_3_0d(&zeta_i, re); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_62(re); + invert_ntt_at_layer_1_2a(&zeta_i, re); + invert_ntt_at_layer_2_56(&zeta_i, re); + invert_ntt_at_layer_3_81(&zeta_i, re); + invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_c2(re); } /** @@ -6487,14 +6872,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_770( +static KRML_MUSTINLINE void compute_vector_u_0d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_19();); + result[i] = ZERO_d6_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6514,11 +6899,11 @@ static KRML_MUSTINLINE void compute_vector_u_770( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(a_element, &r_as_ntt[j]); - add_to_ring_element_89_880(&result[i1], &product); + ntt_multiply_d6_1b(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_9d0(&result[i1], &product); } - invert_ntt_montgomery_470(&result[i1]); - add_error_reduce_89_20(&result[i1], &error_1[i1]); + invert_ntt_montgomery_050(&result[i1]); + add_error_reduce_d6_26(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -6535,18 +6920,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_fe0( +compute_ring_element_v_d20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_880(&result, &product);); - invert_ntt_montgomery_470(&result); - result = add_message_error_reduce_89_57(error_2, message, result); + ntt_multiply_d6_1b(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_9d0(&result, &product);); + invert_ntt_montgomery_050(&result); + result = add_message_error_reduce_d6_09(error_2, message, result); return result; } @@ -6556,14 +6941,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_f3( +static KRML_MUSTINLINE void compress_then_serialize_10_820( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_fd(to_unsigned_representative_5d(re->coefficients[i0])); + compress_0d_5f(to_unsigned_representative_80(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6581,10 +6966,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4e( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_900( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_f3(re, uu____0); + compress_then_serialize_10_820(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6600,7 +6985,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_860( +static void compress_then_serialize_u_e30( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6616,7 +7001,7 @@ static void compress_then_serialize_u_860( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_4e(&re, ret); + compress_then_serialize_ring_element_u_900(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -6629,13 +7014,54 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_80( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_c80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_97(re, out); + compress_then_serialize_4_27(re, out); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics @@ -6652,24 +7078,16 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_8c0(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_7e1( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - sample_matrix_A_3c0(ret0, false, A); +static void encrypt_unpacked_880(IndCpaPublicKeyUnpacked_ae *public_key, + uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_ce0(copy_of_prf_input0, 0U); + tuple_740 uu____1 = + sample_vector_cbd_then_ntt_out_250(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6679,7 +7097,7 @@ static void encrypt_8c0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_3a0(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_d80(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6690,33 +7108,73 @@ static void encrypt_8c0(Eurydice_slice public_key, uint8_t message[32U], PRF_f1_9d2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_63( + sample_from_binomial_distribution_0f( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_770(A, r_as_ntt, error_1, u); + compute_vector_u_0d0(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_94(copy_of_message); + deserialize_then_decompress_message_e4(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_fe0(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_d20(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_860( + compress_then_serialize_u_e30( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_80( + compress_then_serialize_ring_element_v_c80( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const +generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_1e0(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { + IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_8d_6b0(); + deserialize_ring_elements_reduced_640( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[2U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); + sample_matrix_A_950(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_ae *uu____1 = &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[768U]; + encrypt_unpacked_880(uu____1, copy_of_message, randomness, ret1); + memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)} @@ -6728,7 +7186,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_44(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_01(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6755,11 +7213,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c10( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_3c( + entropy_preprocess_d8_90( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6769,7 +7227,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( size_t); uint8_t ret[32U]; H_f1_c60(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_a9(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_ba_e90(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6783,19 +7241,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_a9(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_ba_e90(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_8c0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_1e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_13(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_150(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_44(shared_secret, shared_secret_array); + kdf_d8_01(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6816,12 +7274,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_300( +static KRML_MUSTINLINE void deserialize_secret_key_fc0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_19();); + secret_as_ntt[i] = ZERO_d6_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6833,7 +7291,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_300( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_79(secret_bytes); + deserialize_to_uncompressed_ring_element_ce(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6841,16 +7299,6 @@ static KRML_MUSTINLINE void deserialize_secret_key_300( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $2size_t -*/ -typedef struct IndCpaPrivateKeyUnpacked_ae_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; -} IndCpaPrivateKeyUnpacked_ae; - /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types @@ -6858,8 +7306,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_77(Eurydice_slice serialized) { - return deserialize_then_decompress_10_4c(serialized); +deserialize_then_decompress_ring_element_u_7a0(Eurydice_slice serialized) { + return deserialize_then_decompress_10_28(serialized); } /** @@ -6868,17 +7316,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_34( +static KRML_MUSTINLINE void ntt_vector_u_6d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_38(&zeta_i, re); - ntt_at_layer_2_6d(&zeta_i, re); - ntt_at_layer_1_0b(&zeta_i, re); - poly_barrett_reduce_89_62(re); + ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_ae(&zeta_i, re); + ntt_at_layer_2_cf(&zeta_i, re); + ntt_at_layer_1_01(&zeta_i, re); + poly_barrett_reduce_d6_c2(re); } /** @@ -6893,12 +7341,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_320( +static KRML_MUSTINLINE void deserialize_then_decompress_u_230( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_19();); + u_as_ntt[i] = ZERO_d6_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -6916,8 +7364,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_320( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_77(u_bytes); - ntt_vector_u_34(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_7a0(u_bytes); + ntt_vector_u_6d0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6931,8 +7379,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_0d(Eurydice_slice serialized) { - return deserialize_then_decompress_4_ad(serialized); +deserialize_then_decompress_ring_element_v_b60(Eurydice_slice serialized) { + return deserialize_then_decompress_4_da(serialized); } /** @@ -6948,17 +7396,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_290( +compute_message_2b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_880(&result, &product);); - invert_ntt_montgomery_470(&result); - result = subtract_reduce_89_ee(v, result); + ntt_multiply_d6_1b(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_9d0(&result, &product);); + invert_ntt_montgomery_050(&result); + result = subtract_reduce_d6_28(v, result); return result; } @@ -6996,18 +7444,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_3c0(IndCpaPrivateKeyUnpacked_ae *secret_key, +static void decrypt_unpacked_ce0(IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_320(ciphertext, u_as_ntt); + deserialize_then_decompress_u_230(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_0d( + deserialize_then_decompress_ring_element_v_b60( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_290(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_2b0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_62(message, ret0); + compress_then_serialize_message_f3(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7021,10 +7469,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_d30(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_1b0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_300(secret_key, secret_as_ntt); + deserialize_secret_key_fc0(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7035,7 +7483,7 @@ static void decrypt_d30(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_3c0(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_ce0(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7075,7 +7523,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_640( +void libcrux_ml_kem_ind_cca_decapsulate_2b0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7093,7 +7541,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_640( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_d30(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_1b0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7111,11 +7559,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_640( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_424(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_df(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_b60(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_9d1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7125,17 +7573,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_640( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_8c0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_1e0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_44(Eurydice_array_to_slice((size_t)32U, + kdf_d8_01(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_44(shared_secret0, shared_secret); + kdf_d8_01(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_df(ciphertext), + libcrux_ml_kem_types_as_ref_fd_b60(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7145,10 +7593,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_640( } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -7157,12 +7602,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_642( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7174,9 +7616,31 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_3f(ring_element); + deserialize_to_reduced_ring_element_19(ring_element); deserialized_pk[i0] = uu____0; } +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_da( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_d6_19();); + deserialize_ring_elements_reduced_642(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7192,7 +7656,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_6c( +static KRML_MUSTINLINE void serialize_secret_key_d81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7221,27 +7685,44 @@ static KRML_MUSTINLINE void serialize_secret_key_6c( Concatenate `t` and `ρ` into the public key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_5d( +static KRML_MUSTINLINE void serialize_public_key_mut_491( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); - uint8_t ret0[1152U]; - serialize_secret_key_6c(t_as_ntt, ret0); + Eurydice_slice seed_for_a, uint8_t *serialized) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, + (size_t)1152U, uint8_t); + uint8_t ret[1152U]; + serialize_secret_key_d81(t_as_ntt, ret); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), + Eurydice_array_to_subslice_from((size_t)1184U, serialized, (size_t)1152U, + uint8_t, size_t), seed_for_a, uint8_t); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void serialize_public_key_d31( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + serialize_public_key_mut_491(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -7260,15 +7741,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_7b(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_c3(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_7e0( + deserialize_ring_elements_reduced_out_da( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_5d( + serialize_public_key_d31( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -7286,7 +7767,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_c6(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_c61(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -7305,14 +7786,14 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_c7( +bool libcrux_ml_kem_ind_cca_validate_private_key_49( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; - H_f1_c6(Eurydice_array_to_subslice2( - private_key->value, (size_t)384U * (size_t)3U, - (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), - t); + H_f1_c61(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)3U, + (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), + t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)3U + (size_t)32U, (size_t)768U * (size_t)3U + (size_t)64U, uint8_t); @@ -7320,6 +7801,80 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_c7( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct IndCpaPrivateKeyUnpacked_f8_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; +} IndCpaPrivateKeyUnpacked_f8; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static IndCpaPrivateKeyUnpacked_f8 default_1a_a31(void) { + IndCpaPrivateKeyUnpacked_f8 lit; + lit.secret_as_ntt[0U] = ZERO_d6_19(); + lit.secret_as_ntt[1U] = ZERO_d6_19(); + lit.secret_as_ntt[2U] = ZERO_d6_19(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct IndCpaPublicKeyUnpacked_f8_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; +} IndCpaPublicKeyUnpacked_f8; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static IndCpaPublicKeyUnpacked_f8 default_8d_6b1(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + uu____0[i] = ZERO_d6_19();); + uint8_t uu____1[32U] = {0U}; + IndCpaPublicKeyUnpacked_f8 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + lit.A[0U][0U] = ZERO_d6_19(); + lit.A[0U][1U] = ZERO_d6_19(); + lit.A[0U][2U] = ZERO_d6_19(); + lit.A[1U][0U] = ZERO_d6_19(); + lit.A[1U][1U] = ZERO_d6_19(); + lit.A[1U][2U] = ZERO_d6_19(); + lit.A[2U][0U] = ZERO_d6_19(); + lit.A[2U][1U] = ZERO_d6_19(); + lit.A[2U][2U] = ZERO_d6_19(); + return lit; +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash)} @@ -7329,7 +7884,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_07(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_071(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7343,7 +7898,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_0a( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_522( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -7354,23 +7909,10 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_0a( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)3U; uint8_t ret0[64U]; - G_f1_07(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_f1_071(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -*/ -static void closure_8e( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_19();); -} - /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PortableHash with const generics @@ -7386,7 +7928,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_37(uint8_t input[3U][34U]) { +shake128_init_absorb_371(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7417,11 +7959,11 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_f1_17(uint8_t input[3U][34U]) { +shake128_init_absorb_f1_171(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_37(copy_of_input); + return shake128_init_absorb_371(copy_of_input); } /** @@ -7430,7 +7972,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_72( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_721( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7451,9 +7993,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_75( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_751( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_72(self, ret); + shake128_squeeze_three_blocks_721(self, ret); } /** @@ -7504,7 +8046,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_603( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7542,8 +8084,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_e6(PortableHash_58 *st, - uint8_t ret[3U][168U]) { +static KRML_MUSTINLINE void shake128_squeeze_block_e61(PortableHash_58 *st, + uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -7563,9 +8105,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_48( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_481( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_e6(self, ret); + shake128_squeeze_block_e61(self, ret); } /** @@ -7616,7 +8158,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b0( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_604( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7655,9 +8197,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_97( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_551( int16_t s[272U]) { - return from_i16_array_89_4e( + return from_i16_array_d6_b3( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7668,7 +8210,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_2f( +static KRML_MUSTINLINE void sample_from_xof_d81( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -7676,25 +8218,25 @@ static KRML_MUSTINLINE void sample_from_xof_2f( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_f1_17(copy_of_seeds); + PortableHash_58 xof_state = shake128_init_absorb_f1_171(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_f1_75(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_751(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_9b( + bool done = sample_from_uniform_distribution_next_603( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_block_f1_48(&xof_state, randomness); + shake128_squeeze_block_f1_481(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_9b0( + done = sample_from_uniform_distribution_next_604( copy_of_randomness, sampled_coefficients, out); } } @@ -7703,7 +8245,7 @@ static KRML_MUSTINLINE void sample_from_xof_2f( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_97(copy_of_out[i]);); + ret0[i] = closure_551(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7716,12 +8258,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_3c( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_8e(A_transpose[i]);); +static KRML_MUSTINLINE void sample_matrix_A_951( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[3U], + uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -7736,7 +8275,7 @@ static KRML_MUSTINLINE void sample_matrix_A_3c( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_2f(copy_of_seeds, sampled); + sample_from_xof_d81(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7754,30 +8293,16 @@ static KRML_MUSTINLINE void sample_matrix_A_3c( } ); - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], uint8_t - -*/ -typedef struct tuple_b0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[3U]; - uint8_t snd; -} tuple_b0; - /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_d5(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { +static KRML_MUSTINLINE void PRFxN_d52(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -7797,9 +8322,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_9f(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_d5(input, ret); +static KRML_MUSTINLINE void PRFxN_f1_9f2(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + PRFxN_d52(input, ret); } /** @@ -7815,11 +8340,9 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_ce( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ce1( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7831,18 +8354,51 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_ce( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_9f(prf_inputs, prf_outputs); + PRFxN_f1_9f2(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_63( + re_as_ntt[i0] = sample_from_binomial_distribution_0f( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_c4(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_4d(&re_as_ntt[i0]);); + return domain_separator; +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], uint8_t + +*/ +typedef struct tuple_b00_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[3U]; + uint8_t snd; +} tuple_b00; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_251( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO_d6_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + domain_separator = + sample_vector_cbd_then_ntt_ce1(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b0 lit; + tuple_b00 lit; memcpy( lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7856,15 +8412,16 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_ce( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_88( +static KRML_MUSTINLINE void add_to_ring_element_d6_9d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -7891,101 +8448,158 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_c8( +static KRML_MUSTINLINE void compute_As_plus_e_501( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_19();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); - i++) { - size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_d6_19(); + t_as_ntt[i0] = uu____0; + for (size_t i1 = (size_t)0U; + i1 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + i1++) { + size_t j = i1; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_88(&result[i1], &product); + ntt_multiply_d6_1b(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_9d1(&t_as_ntt[i0], &product); } - add_standard_error_reduce_89_82(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_d6_00(&t_as_ntt[i0], &error_as_ntt[i0]); } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], -libcrux_ml_kem_variant_MlKem with const generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics - K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_02( - Eurydice_slice key_generation_seed) { +static void generate_keypair_unpacked_7e1( + Eurydice_slice key_generation_seed, + IndCpaPrivateKeyUnpacked_f8 *private_key, + IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_0a(key_generation_seed, hashed); + cpa_keygen_seed_d8_522(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[3U] = + public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - sample_matrix_A_3c(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); + sample_matrix_A_951(uu____1, ret, true); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 = + private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_ce(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; + uint8_t domain_separator = + sample_vector_cbd_then_ntt_ce1(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_ce(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_out_251(copy_of_prf_input, domain_separator) + .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_c8(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; + compute_As_plus_e_501(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); + uint8_t uu____5[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e3( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_f8 private_key = default_1a_a31(); + IndCpaPublicKeyUnpacked_f8 public_key = default_8d_6b1(); + generate_keypair_unpacked_7e1(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - serialize_public_key_5d( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + serialize_public_key_d31( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_6c(secret_as_ntt, secret_key_serialized); + serialize_secret_key_d81(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8012,7 +8626,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_5a( +static KRML_MUSTINLINE void serialize_kem_secret_key_0f( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8038,7 +8652,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_5a( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_c6(public_key, ret0); + H_f1_c61(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -8076,7 +8690,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d4(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_7d(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8085,13 +8699,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d4(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_02(ind_cpa_keypair_randomness); + generate_keypair_e3(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_5a( + serialize_kem_secret_key_0f( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8100,13 +8714,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d4(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_9d0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_3e0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f60( - uu____2, libcrux_ml_kem_types_from_b6_8c0(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_620( + uu____2, libcrux_ml_kem_types_from_40_1c0(copy_of_public_key)); } /** @@ -8119,7 +8733,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_2b(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_07(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8128,10 +8742,7 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_2b(Eurydice_slice randomness, } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -8140,12 +8751,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_641( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8157,12 +8765,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_3f(ring_element); + deserialize_to_reduced_ring_element_19(ring_element); deserialized_pk[i0] = uu____0; } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** @@ -8177,11 +8782,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_3a(uint8_t prf_input[33U], uint8_t domain_separator) { +static KRML_MUSTINLINE tuple_b00 +sample_ring_element_cbd_d81(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_19();); + error_1[i] = ZERO_d6_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8193,11 +8798,11 @@ sample_ring_element_cbd_3a(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_9f(prf_inputs, prf_outputs); + PRFxN_f1_9f2(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_63( + sample_from_binomial_distribution_0f( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8205,7 +8810,7 @@ sample_ring_element_cbd_3a(uint8_t prf_input[33U], uint8_t domain_separator) { memcpy( copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b0 lit; + tuple_b00 lit; memcpy( lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8223,7 +8828,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_9d0(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_9d4(Eurydice_slice input, uint8_t ret[128U]) { PRF_440(input, ret); } @@ -8234,18 +8839,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_47( +static KRML_MUSTINLINE void invert_ntt_montgomery_051( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_ca(&zeta_i, re); - invert_ntt_at_layer_2_06(&zeta_i, re); - invert_ntt_at_layer_3_0d(&zeta_i, re); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_62(re); + invert_ntt_at_layer_1_2a(&zeta_i, re); + invert_ntt_at_layer_2_56(&zeta_i, re); + invert_ntt_at_layer_3_81(&zeta_i, re); + invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_c2(re); } /** @@ -8257,14 +8862,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_77( +static KRML_MUSTINLINE void compute_vector_u_0d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_19();); + result[i] = ZERO_d6_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8284,11 +8889,11 @@ static KRML_MUSTINLINE void compute_vector_u_77( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(a_element, &r_as_ntt[j]); - add_to_ring_element_89_88(&result[i1], &product); + ntt_multiply_d6_1b(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_9d1(&result[i1], &product); } - invert_ntt_montgomery_47(&result[i1]); - add_error_reduce_89_20(&result[i1], &error_1[i1]); + invert_ntt_montgomery_051(&result[i1]); + add_error_reduce_d6_26(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -8305,18 +8910,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_fe( +compute_ring_element_v_d21( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_88(&result, &product);); - invert_ntt_montgomery_47(&result); - result = add_message_error_reduce_89_57(error_2, message, result); + ntt_multiply_d6_1b(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_9d1(&result, &product);); + invert_ntt_montgomery_051(&result); + result = add_message_error_reduce_d6_09(error_2, message, result); return result; } @@ -8332,7 +8937,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_86( +static void compress_then_serialize_u_e31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8348,14 +8953,55 @@ static void compress_then_serialize_u_86( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_4e(&re, ret); + compress_then_serialize_ring_element_u_900(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -8372,24 +9018,17 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_8c(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_7e( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - sample_matrix_A_3c(ret0, false, A); +static void encrypt_unpacked_881(IndCpaPublicKeyUnpacked_f8 *public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_ce(copy_of_prf_input0, 0U); + tuple_b00 uu____1 = + sample_vector_cbd_then_ntt_out_251(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8398,8 +9037,8 @@ static void encrypt_8c(Eurydice_slice public_key, uint8_t message[32U], /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = - sample_ring_element_cbd_3a(copy_of_prf_input, domain_separator0); + tuple_b00 uu____3 = + sample_ring_element_cbd_d81(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8407,36 +9046,76 @@ static void encrypt_8c(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_9d0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_9d4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_63( + sample_from_binomial_distribution_0f( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_77(A, r_as_ntt, error_1, u); + compute_vector_u_0d1(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_94(copy_of_message); + deserialize_then_decompress_message_e4(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_fe(t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); + compute_ring_element_v_d21(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_86( + compress_then_serialize_u_e31( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_80( + compress_then_serialize_ring_element_v_c80( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_1e(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_8d_6b1(); + deserialize_ring_elements_reduced_641( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[3U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); + sample_matrix_A_951(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_f8 *uu____1 = &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + encrypt_unpacked_881(uu____1, copy_of_message, randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)} @@ -8448,7 +9127,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_97(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_f1(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8475,11 +9154,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_2b( + entropy_preprocess_d8_07( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -8488,14 +9167,14 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_c6(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_a90(public_key), - uint8_t), - ret); + H_f1_c61(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_e91(public_key), + uint8_t), + ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_071(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8503,19 +9182,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_a90(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_e91(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_8c(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_1e(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_130(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_151(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_97(shared_secret, shared_secret_array); + kdf_d8_f1(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8536,12 +9215,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_30( +static KRML_MUSTINLINE void deserialize_secret_key_fc( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_19();); + secret_as_ntt[i] = ZERO_d6_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8553,7 +9232,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_30( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_79(secret_bytes); + deserialize_to_uncompressed_ring_element_ce(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8561,16 +9240,6 @@ static KRML_MUSTINLINE void deserialize_secret_key_30( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct IndCpaPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; -} IndCpaPrivateKeyUnpacked_f8; - /** Call [`deserialize_then_decompress_ring_element_u`] on each ring element in the `ciphertext`. @@ -8583,12 +9252,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_32( +static KRML_MUSTINLINE void deserialize_then_decompress_u_231( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_19();); + u_as_ntt[i] = ZERO_d6_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -8606,8 +9275,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_32( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_77(u_bytes); - ntt_vector_u_34(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_7a0(u_bytes); + ntt_vector_u_6d0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8627,17 +9296,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_29( +compute_message_2b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_88(&result, &product);); - invert_ntt_montgomery_47(&result); - result = subtract_reduce_89_ee(v, result); + ntt_multiply_d6_1b(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_9d1(&result, &product);); + invert_ntt_montgomery_051(&result); + result = subtract_reduce_d6_28(v, result); return result; } @@ -8675,18 +9344,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_3c(IndCpaPrivateKeyUnpacked_f8 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { +static void decrypt_unpacked_ce1(IndCpaPrivateKeyUnpacked_f8 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_32(ciphertext, u_as_ntt); + deserialize_then_decompress_u_231(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_0d( + deserialize_then_decompress_ring_element_v_b60( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_29(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_2b1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_62(message, ret0); + compress_then_serialize_message_f3(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8700,10 +9369,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_d3(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_1b(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_30(secret_key, secret_as_ntt); + deserialize_secret_key_fc(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -8714,7 +9383,7 @@ static void decrypt_d3(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_3c(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_ce1(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8728,7 +9397,7 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_9d(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_f1_9d3(Eurydice_slice input, uint8_t ret[32U]) { PRF_44(input, ret); } @@ -8754,7 +9423,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_64( +void libcrux_ml_kem_ind_cca_decapsulate_2b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8772,7 +9441,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_64( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_d3(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_1b(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -8782,7 +9451,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_64( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_071(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8790,30 +9459,30 @@ void libcrux_ml_kem_ind_cca_decapsulate_64( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_423(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_425(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_df0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_b61(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_9d(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_f1_9d3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_8c(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_1e(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_97(Eurydice_array_to_slice((size_t)32U, + kdf_d8_f1(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_97(shared_secret0, shared_secret); + kdf_d8_f1(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_df0(ciphertext), + libcrux_ml_kem_types_as_ref_fd_b61(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 4d36ef4e3..f3c014ca1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index cf6b129b4..17d06bc9d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index dcdb81b02..368e6247b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #include "internal/libcrux_sha3_avx2.h" @@ -167,16 +167,16 @@ split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types core_core_arch_x86___m256i with const generics - N= 4 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_1e_71(void) { +new_89_71(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = zero_ef(); lit.st[0U][1U] = zero_ef(); @@ -1679,7 +1679,7 @@ with const generics */ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_71(); + libcrux_sha3_generic_keccak_KeccakState_29 s = new_89_71(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1719,7 +1719,7 @@ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1757,7 +1757,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, */ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return new_1e_71(); + return new_89_71(); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index d028ae5d8..92de06016 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 49a02e9f6..05f74ac67 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_sha3_internal_H @@ -192,16 +192,16 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_cf(void) { +libcrux_sha3_generic_keccak_new_89_cf(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1465,7 +1465,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1740,7 +1740,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -1781,7 +1781,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1832,7 +1832,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2089,7 +2089,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -2130,7 +2130,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2181,7 +2181,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2438,7 +2438,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2479,7 +2479,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2627,7 +2627,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2668,7 +2668,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2745,7 +2745,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2786,7 +2786,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2837,7 +2837,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3093,7 +3093,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -3134,7 +3134,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 2d2e97511..34cea09db 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index b5d8fcc13..fe569c74c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 2a59a07f2..41794f3c1 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: e889dcc61b920c30e358a243bec2d9dc893734fa +Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 576f60191..1d2043971 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: e889dcc61b920c30e358a243bec2d9dc893734fa + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_core_H @@ -365,7 +365,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_fc_e5(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_fc_66(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -385,7 +385,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_ba_7a( +static inline uint8_t *libcrux_ml_kem_types_as_slice_ba_38( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -437,7 +437,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_fd_71( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_fd_1c( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index e13e9dfb3..30319009a 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: e889dcc61b920c30e358a243bec2d9dc893734fa + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 32ac2b179..32819a696 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: e889dcc61b920c30e358a243bec2d9dc893734fa + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_mlkem768_avx2_H @@ -1233,7 +1233,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_b0(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_df(size_t _) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -1245,7 +1245,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ac( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_94( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1269,7 +1269,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_8f( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_bd( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -1287,7 +1287,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_8f( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ac( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_94( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1306,7 +1306,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_c8(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_f4(size_t _) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -1318,7 +1318,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b8( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a3( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1370,9 +1370,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_7d( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4f( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b8( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a3( vector); } @@ -1384,7 +1384,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_4e( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_27( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1395,7 +1395,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_4e( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_7d( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4f( coefficient); } return re; @@ -1409,7 +1409,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b80( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a30( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1461,9 +1461,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_7d0( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4f0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b80( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a30( vector); } @@ -1475,7 +1475,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_11( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_dc( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1486,7 +1486,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_11( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_7d0( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4f0( coefficient); } return re; @@ -1500,9 +1500,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_0c( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f2( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_4e(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_27(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1666,7 +1666,7 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_99( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_4a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)7U, @@ -1697,7 +1697,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_80( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_93( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -1722,9 +1722,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_80( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_0c( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f2( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_99(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_4a(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1739,7 +1739,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b81( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a31( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1791,9 +1791,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_7d1( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4f1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b81( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a31( vector); } @@ -1805,7 +1805,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_1b( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_89( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1816,7 +1816,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_1b( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_7d1( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4f1( coefficient); } return re; @@ -1830,7 +1830,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b82( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a32( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1882,9 +1882,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_7d2( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4f2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b82( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a32( vector); } @@ -1896,7 +1896,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_d9( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_19( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1907,7 +1907,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_d9( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_7d2( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4f2( re.coefficients[i0]); } return re; @@ -1921,9 +1921,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_dc( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_45( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_1b(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_89(serialized); } /** @@ -2028,7 +2028,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_97( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_13( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2055,7 +2055,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_46( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2078,7 +2078,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_7f( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_3a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2099,7 +2099,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_bc(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_92(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); @@ -2118,7 +2118,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_58( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2133,7 +2133,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_58( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_bc( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_92( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2151,20 +2151,20 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f4( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_97(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_46(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_7f(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_58(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_13(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e7(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_3a(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_58(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_58(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_58(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a7(re); } @@ -2182,7 +2182,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_d6_d9( +libcrux_ml_kem_polynomial_subtract_reduce_d6_98( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2212,7 +2212,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_3a( +libcrux_ml_kem_matrix_compute_message_13( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -2225,8 +2225,8 @@ libcrux_ml_kem_matrix_compute_message_3a( &u_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_d6_13(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f4(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_d6_d9(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_d6_98(v, result); return result; } @@ -2237,7 +2237,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_26(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_d4(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2251,9 +2251,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_10( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_17( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_26(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_d4(vector); } /** @@ -2265,7 +2265,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i libcrux_ml_kem_vector_traits_to_unsigned_representative_32(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_10(a); + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_17(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2279,7 +2279,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_5c( +libcrux_ml_kem_serialize_compress_then_serialize_message_51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2334,20 +2334,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_89( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_08( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_80(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_93(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_dc( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_45( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_3a(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_13(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_5c(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_51(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2362,11 +2362,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_fa(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_b4(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_8f(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_bd(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2378,7 +2378,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_fa(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_89(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_08(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2429,17 +2429,39 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( } /** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1152 +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_7c( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_7d(); +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 +libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + } + uint8_t uu____1[32U] = {0U}; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + return lit; } /** @@ -2473,10 +2495,7 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_66( } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -2487,13 +2506,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_35( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e3( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2509,36 +2524,6 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_35( ring_element); deserialized_pk[i0] = uu____0; } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.matrix.sample_matrix_a_out.closure.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_a_out_closure_closure_a7(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_d6_7d(); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_a_out.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_a_out_closure_7f( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - } } typedef libcrux_sha3_avx2_x4_incremental_KeccakState @@ -2990,29 +2975,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_59( } } -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_a_out -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_a_out_03( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 a[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_a_out_closure_7f(i, a[i]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[3U] = a; - uint8_t uu____1[34U]; - memcpy(uu____1, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_kem_matrix_sample_matrix_A_59(uu____0, uu____1, transpose); - memcpy(ret, a, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); -} - /** A monomorphic instance of K. with types libcrux_ml_kem_polynomial_PolynomialRingElement @@ -3376,7 +3338,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_f0(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_d0(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -3393,7 +3355,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_0a(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b3(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3471,7 +3433,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_2e(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_26(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -3487,7 +3449,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_be( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3512,7 +3474,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_38( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_2a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -3544,8 +3506,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_38( libcrux_ml_kem_polynomial_add_to_ring_element_d6_13(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f4(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_d6_be(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_d6_ba(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3559,7 +3521,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_14(__m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_15(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3574,7 +3536,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_35( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_a6( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -3585,7 +3547,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_35( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_14(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_15(coefficient_compressed); } return re; } @@ -3603,7 +3565,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_d6_50( +libcrux_ml_kem_polynomial_add_message_error_reduce_d6_d9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3634,7 +3596,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_3b( +libcrux_ml_kem_matrix_compute_ring_element_v_24( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -3648,8 +3610,8 @@ libcrux_ml_kem_matrix_compute_ring_element_v_3b( &r_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_d6_13(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f4(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_50( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_d9( error_2, message, result); return result; } @@ -3662,7 +3624,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2a( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_23( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3717,9 +3679,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_0c( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_7e( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2a( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_23( vector); } @@ -3731,13 +3693,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_1d( +libcrux_ml_kem_serialize_compress_then_serialize_10_58( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_0c( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_7e( libcrux_ml_kem_vector_traits_to_unsigned_representative_32( re->coefficients[i0])); uint8_t bytes[20U]; @@ -3758,7 +3720,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2a0( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_230( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3813,9 +3775,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_0c0( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_7e0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2a0( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_230( vector); } @@ -3827,13 +3789,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_bc( +libcrux_ml_kem_serialize_compress_then_serialize_11_d3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_0c0( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_7e0( libcrux_ml_kem_vector_traits_to_unsigned_representative_32( re->coefficients[i0])); uint8_t bytes[22U]; @@ -3855,10 +3817,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_53( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_1d(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_58(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3875,7 +3837,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_0e( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_03( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3891,7 +3853,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_0e( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_53(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fb(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3906,7 +3868,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2a1( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_231( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3961,9 +3923,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_0c1( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_7e1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2a1( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_231( vector); } @@ -3975,13 +3937,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_0d( +libcrux_ml_kem_serialize_compress_then_serialize_4_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_0c1( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_7e1( libcrux_ml_kem_vector_traits_to_unsigned_representative_32( re.coefficients[i0])); uint8_t bytes[8U]; @@ -4001,7 +3963,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2a2( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_232( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4056,9 +4018,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_0c2( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_7e2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2a2( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_232( vector); } @@ -4070,13 +4032,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_c2( +libcrux_ml_kem_serialize_compress_then_serialize_5_26( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_0c2( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_7e2( libcrux_ml_kem_vector_traits_to_unsigned_representative_32( re.coefficients[i0])); uint8_t bytes[10U]; @@ -4097,13 +4059,54 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_75( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_9f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_0d(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_3a(re, out); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -4120,20 +4123,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_67(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_35( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_a_out_03(ret0, false, A); +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_5e( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ @@ -4149,7 +4141,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_67(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_0a( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b3( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4164,31 +4156,77 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_67(Eurydice_slice public_key, libcrux_ml_kem_sampling_sample_from_binomial_distribution_d5( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_38(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_2a(public_key->A, r_as_ntt, error_1, + u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_35( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_a6( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_3b( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + libcrux_ml_kem_matrix_compute_ring_element_v_24( + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_0e( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_03( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_75( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_9f( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_encrypt_0c(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e3( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[3U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_59(uu____0, ret0, false); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____1 = + &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_5e(uu____1, copy_of_message, + randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)#1} @@ -4233,7 +4271,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_05( +static inline void libcrux_ml_kem_ind_cca_decapsulate_71( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4251,7 +4289,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_05( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_fa(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_b4(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4275,7 +4313,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_05( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_71(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -4286,7 +4324,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_05( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_67(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_0c(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_variant_kdf_d8_95( @@ -4297,7 +4335,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_05( libcrux_ml_kem_variant_kdf_d8_95(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_71(ciphertext), + libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4330,10 +4368,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_cc( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_90( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_05(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_71(private_key, ciphertext, ret); } /** @@ -4347,7 +4385,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_cc(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_90(private_key, ciphertext, ret); } @@ -4405,7 +4443,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_13( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d3( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -4420,7 +4458,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_13( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_7a(public_key), + libcrux_ml_kem_types_as_slice_ba_38(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4435,18 +4473,18 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_13( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_7a(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_38(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_67(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_0c(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_fc_e5(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_66(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_variant_kdf_d8_95(shared_secret, &ciphertext0, shared_secret_array); @@ -4480,14 +4518,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_70( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_eb( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_13(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_d3(uu____0, copy_of_randomness); } /** @@ -4505,7 +4543,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_70( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_eb( uu____0, copy_of_randomness); } @@ -4530,42 +4568,6 @@ libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(void) { return lit; } -/** -This function found in impl {(core::default::Default for -libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - uu____0[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - } - uint8_t uu____1[32U] = {0U}; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; - memcpy( - lit.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - return lit; -} - /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)#1} @@ -5060,7 +5062,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_8b( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_65( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -5077,7 +5079,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_8b( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_65( copy_of_randomness); } @@ -5138,7 +5140,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_050( +static inline void libcrux_ml_kem_ind_cca_decapsulate_710( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5156,7 +5158,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_050( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_fa(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_b4(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5180,7 +5182,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_050( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_71(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -5191,7 +5193,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_050( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_67(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_0c(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_variant_kdf_33_4e( @@ -5202,7 +5204,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_050( libcrux_ml_kem_variant_kdf_33_4e(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_71(ciphertext), + libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5236,10 +5238,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_db( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_23( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_050(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_710(private_key, ciphertext, ret); } /** @@ -5253,7 +5255,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_db( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_23( private_key, ciphertext, ret); } @@ -5293,7 +5295,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_130( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d30( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -5308,7 +5310,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_130( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_7a(public_key), + libcrux_ml_kem_types_as_slice_ba_38(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5323,18 +5325,18 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_130( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_7a(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_38(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_67(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_0c(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_fc_e5(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_66(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_variant_kdf_33_4e(shared_secret, &ciphertext0, shared_secret_array); @@ -5371,14 +5373,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ab( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ae( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_130(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_d30(uu____0, copy_of_randomness); } /** @@ -5396,7 +5398,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ab( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ae( uu____0, copy_of_randomness); } @@ -5516,7 +5518,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_45( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_47( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -5533,7 +5535,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_45( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_47( copy_of_randomness); } @@ -5553,7 +5555,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_e9( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_29( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -5582,10 +5584,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_97( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_3e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_e9(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_29(private_key, ciphertext); } @@ -5598,29 +5600,26 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_97( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_3e( private_key, ciphertext); } /** A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out.closure with +types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_7c0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_7c( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -5631,13 +5630,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_350( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e30( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5653,6 +5648,32 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_350( ring_element); deserialized_pk[i0] = uu____0; } +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_10( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + } + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e30( + public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -5674,10 +5695,10 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_de( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_d3( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_350( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_10( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); @@ -5705,9 +5726,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ef( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_73( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_de(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_d3(public_key); } /** @@ -5718,128 +5739,10 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ef( KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ef( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_73( public_key->value); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_68( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_1a( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_0a( - copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_420( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_d5( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_38(public_key->A, r_as_ntt, error_1, - u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_35( - copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_3b( - public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_0e( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_75( - uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5862,11 +5765,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_5e( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_14( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_89( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_08( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5896,7 +5799,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_5e( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_71(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -5908,11 +5811,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_5e( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_68( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_5e( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_71(ciphertext), + libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5949,10 +5852,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_c7( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_7b( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_5e(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_14(key_pair, ciphertext, ret); } /** @@ -5966,7 +5869,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_c7( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_7b( private_key, ciphertext, ret); } @@ -5989,7 +5892,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_e8( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_64( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6017,7 +5920,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_e8( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_68(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_5e(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6027,7 +5930,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_e8( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_fc_e5(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_66(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6061,7 +5964,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_4d( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_70( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -6069,7 +5972,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_4d( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_e8(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_64(uu____0, copy_of_randomness); } @@ -6090,7 +5993,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_4d( + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_70( uu____0, copy_of_randomness); } @@ -6109,7 +6012,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_a2(size_t _j) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_06(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -6127,7 +6030,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8a( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_92( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -6147,7 +6050,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_17_18( +libcrux_ml_kem_polynomial_clone_17_3f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -6173,7 +6076,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f9( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_1f( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -6188,14 +6091,14 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f9( &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8a(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_92(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_clone_17_18( + libcrux_ml_kem_polynomial_clone_17_3f( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -6244,13 +6147,13 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_76( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_c4( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f9(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_1f(copy_of_randomness, out); } /** @@ -6263,7 +6166,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_76( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_c4( copy_of_randomness, key_pair); } @@ -6280,7 +6183,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_default_1c_b7(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_81(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); lit.public_key_hash[0U] = 0U; @@ -6332,7 +6235,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_bd(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_3c(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0; uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); uu____0.implicit_rejection_value[0U] = 0U; @@ -6370,7 +6273,7 @@ static KRML_MUSTINLINE return ( CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_b7()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_81()}); } /** @@ -6379,7 +6282,7 @@ static KRML_MUSTINLINE KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_bd(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_3c(); } /** @@ -6388,7 +6291,7 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_b7(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_81(); } /** @@ -6409,7 +6312,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_54( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_ac( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ac( @@ -6437,10 +6340,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_fb( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_38( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_54( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_ac( &self->public_key, serialized); } @@ -6452,7 +6355,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_fb(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_38(key_pair, serialized); } @@ -6469,7 +6372,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_de( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_d4( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -6506,11 +6409,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_clone_28_f8( +libcrux_ml_kem_ind_cca_unpacked_clone_28_52( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_de(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_d4(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -6535,7 +6438,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * - libcrux_ml_kem_ind_cca_unpacked_public_key_de_e3( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_7a( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -6548,8 +6451,8 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_f8( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_e3(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_52( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_7a(key_pair)); pk[0U] = uu____0; } @@ -6560,7 +6463,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_54(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_ac(public_key, serialized); } @@ -6578,18 +6481,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_3d( +libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_05( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_35( - Eurydice_array_to_subslice_to((size_t)1184U, public_key->value, - (size_t)1152U, uint8_t, size_t), - uu____0); - memcpy( - unpacked_public_key->ind_cpa_public_key.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_to( + (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e3( + uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); uint8_t uu____1[32U]; libcrux_ml_kem_utils_into_padded_array_423( Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, @@ -6597,20 +6496,18 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_3d( uu____1); memcpy(unpacked_public_key->ind_cpa_public_key.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____2)[3U] = + unpacked_public_key->ind_cpa_public_key.A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_421( Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t), ret); - libcrux_ml_kem_matrix_sample_matrix_a_out_03(ret, false, uu____2); - memcpy(unpacked_public_key->ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_matrix_sample_matrix_A_59(uu____2, ret, false); uint8_t uu____3[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_7a(public_key), + libcrux_ml_kem_types_as_slice_ba_38(public_key), uint8_t), uu____3); memcpy(unpacked_public_key->public_key_hash, uu____3, @@ -6631,11 +6528,11 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_9c( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_7a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_3d(public_key, + libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_05(public_key, unpacked_public_key); } @@ -6647,7 +6544,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_9c( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_7a( public_key, unpacked_public_key); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index 55f82a0be..dcd7095f4 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: e889dcc61b920c30e358a243bec2d9dc893734fa + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_mlkem768_avx2_types_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 7514e834a..0c955904c 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: e889dcc61b920c30e358a243bec2d9dc893734fa + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_mlkem768_portable_H @@ -2443,7 +2443,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_b9(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_12(size_t _) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -2454,7 +2454,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_91( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_48( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -2479,7 +2479,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_7f( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_f4( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -2497,7 +2497,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_7f( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_91( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_48( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2515,7 +2515,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_6c(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_07(size_t _) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -2564,7 +2564,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_d8( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_ac( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -2628,7 +2628,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_b9( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_8c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -2654,9 +2654,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ca( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_c2( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_d8(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_ac(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2825,7 +2825,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_13( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_6a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)7U, @@ -2855,7 +2855,7 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ac( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ae( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -2880,9 +2880,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ac( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ca( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_c2( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_13(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_6a(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2934,7 +2934,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_28( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -2998,7 +2998,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_ce( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_5c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -3024,9 +3024,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_53( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_08( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_28(serialized); } /** @@ -3134,7 +3134,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_13( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_04( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3160,7 +3160,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_eb( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3182,7 +3182,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_d4( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_0c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3204,7 +3204,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_4b( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_78( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3225,7 +3225,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_4d( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3240,7 +3240,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_4d( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_4b( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_78( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3257,20 +3257,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7d( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_13(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_f0(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_d4(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_4d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_04(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_eb(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_0c(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_4d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_4d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_4d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)7U); libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_c2(re); } @@ -3287,7 +3287,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_d6_da( +libcrux_ml_kem_polynomial_subtract_reduce_d6_38( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3319,7 +3319,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_2b( +libcrux_ml_kem_matrix_compute_message_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -3332,8 +3332,8 @@ libcrux_ml_kem_matrix_compute_message_2b( &u_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_d6_9d(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7d(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_d6_da(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d6(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_d6_38(v, result); return result; } @@ -3392,7 +3392,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_95( +libcrux_ml_kem_serialize_compress_then_serialize_message_7c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3448,20 +3448,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_2a( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_bc( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ac(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ae(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_53( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_08( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_2b(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_7a(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_95(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_7c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3475,11 +3475,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_89(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_ab(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_7f(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_f4(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3491,7 +3491,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_89(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_2a(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_bc(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3539,16 +3539,38 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( } /** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1152 +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics - K= 3 */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_9f( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_19(); +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 +libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + } + uint8_t uu____1[32U] = {0U}; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + return lit; } /** @@ -3583,10 +3605,7 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_0c( } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -3596,13 +3615,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_0f( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_10( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3618,36 +3633,6 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_0f( ring_element); deserialized_pk[i0] = uu____0; } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.matrix.sample_matrix_a_out.closure.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_a_out_closure_closure_9d(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_d6_19(); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_a_out.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -*/ -static inline void libcrux_ml_kem_matrix_sample_matrix_a_out_closure_b3( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - } } /** @@ -4091,29 +4076,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_95( } } -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_a_out -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_a_out_ba( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 a[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_a_out_closure_b3(i, a[i]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[3U] = a; - uint8_t uu____1[34U]; - memcpy(uu____1, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_kem_matrix_sample_matrix_A_95(uu____0, uu____1, transpose); - memcpy(ret, a, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); -} - /** A monomorphic instance of K. with types libcrux_ml_kem_polynomial_PolynomialRingElement @@ -4456,7 +4418,7 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_d2(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_c2(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -4473,7 +4435,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_16(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_9e(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4548,7 +4510,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_74(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_8f(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -4563,7 +4525,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_6b( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_a6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4590,7 +4552,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_d2( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_46( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -4622,8 +4584,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_d2( libcrux_ml_kem_polynomial_add_to_ring_element_d6_9d(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7d(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_d6_6b(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d6(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_d6_a6(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4637,7 +4599,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_6b( +libcrux_ml_kem_vector_traits_decompress_1_44( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4652,7 +4614,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_00( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_09( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -4665,7 +4627,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_00( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_6b(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_44(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4683,7 +4645,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_d6_b4( +libcrux_ml_kem_polynomial_add_message_error_reduce_d6_bf( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4716,7 +4678,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_1d( +libcrux_ml_kem_matrix_compute_ring_element_v_18( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4730,8 +4692,8 @@ libcrux_ml_kem_matrix_compute_ring_element_v_1d( &r_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_d6_9d(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7d(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_b4( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d6(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_bf( error_2, message, result); return result; } @@ -4777,7 +4739,7 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_68( +libcrux_ml_kem_serialize_compress_then_serialize_10_1a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -4838,7 +4800,7 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_76( +libcrux_ml_kem_serialize_compress_then_serialize_11_23( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -4866,10 +4828,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_8e( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_68(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_1a(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4885,7 +4847,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_77( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4901,7 +4863,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_77( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_8e(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b5(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4949,7 +4911,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_92( +libcrux_ml_kem_serialize_compress_then_serialize_4_48( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -5009,7 +4971,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_34( +libcrux_ml_kem_serialize_compress_then_serialize_5_67( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -5036,13 +4998,54 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_1f( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_5f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_92(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_48(re, out); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -5059,20 +5062,9 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_12(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_0f( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_a_out_ba(ret0, false, A); +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_7f( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ @@ -5088,7 +5080,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_12(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_16( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_9e( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5103,31 +5095,77 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_12(Eurydice_slice public_key, libcrux_ml_kem_sampling_sample_from_binomial_distribution_0f( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_d2(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_46(public_key->A, r_as_ntt, error_1, + u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_00( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_09( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_1d( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + libcrux_ml_kem_matrix_compute_ring_element_v_18( + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_77( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_90( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_1f( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_5f( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cpa_encrypt_41(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_10( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[3U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_95(uu____0, ret0, false); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____1 = + &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_7f(uu____1, copy_of_message, + randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)#1} @@ -5170,7 +5208,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_09( +static inline void libcrux_ml_kem_ind_cca_decapsulate_22( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5188,7 +5226,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_09( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_89(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_ab(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5212,7 +5250,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_09( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_71(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -5223,7 +5261,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_09( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_12(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_41(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_variant_kdf_d8_f1( @@ -5234,7 +5272,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_09( libcrux_ml_kem_variant_kdf_d8_f1(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_71(ciphertext), + libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5267,10 +5305,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_42( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_0d( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_09(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_22(private_key, ciphertext, ret); } /** @@ -5283,7 +5321,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_42( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_42( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_0d( private_key, ciphertext, ret); } @@ -5338,7 +5376,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_00( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -5353,7 +5391,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_7a(public_key), + libcrux_ml_kem_types_as_slice_ba_38(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5368,18 +5406,18 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_7a(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_38(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_12(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_41(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_fc_e5(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_66(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_variant_kdf_d8_f1(shared_secret, &ciphertext0, shared_secret_array); @@ -5412,14 +5450,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_51( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_f5( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_00(uu____0, copy_of_randomness); } /** @@ -5436,7 +5474,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_51( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_f5( uu____0, copy_of_randomness); } @@ -5460,41 +5498,6 @@ libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(void) { return lit; } -/** -This function found in impl {(core::default::Default for -libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - uu____0[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - } - uint8_t uu____1[32U] = {0U}; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 lit; - memcpy( - lit.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - return lit; -} - /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)#1} @@ -6057,7 +6060,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_090( +static inline void libcrux_ml_kem_ind_cca_decapsulate_220( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6075,7 +6078,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_090( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_89(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_ab(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6099,7 +6102,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_090( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_71(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -6110,7 +6113,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_090( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_12(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_41(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_variant_kdf_33_f2( @@ -6121,7 +6124,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_090( libcrux_ml_kem_variant_kdf_33_f2(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_71(ciphertext), + libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6155,10 +6158,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_ec( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fa( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_090(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_220(private_key, ciphertext, ret); } /** @@ -6171,7 +6174,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_ec( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_ec( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fa( private_key, ciphertext, ret); } @@ -6209,7 +6212,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_000( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -6224,7 +6227,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_7a(public_key), + libcrux_ml_kem_types_as_slice_ba_38(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6239,18 +6242,18 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_7a(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_38(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_12(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_41(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_fc_e5(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_66(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_variant_kdf_33_f2(shared_secret, &ciphertext0, shared_secret_array); @@ -6287,14 +6290,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_4b( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_ec( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_000(uu____0, copy_of_randomness); } /** @@ -6311,7 +6314,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_4b( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_ec( uu____0, copy_of_randomness); } @@ -6464,7 +6467,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_1e( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_ef( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -6492,10 +6495,10 @@ generics - CIPHERTEXT_SIZE= 1088 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_fb( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_f2( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_1e(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_ef(private_key, ciphertext); } @@ -6507,28 +6510,26 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_fb( static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_fb( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_f2( private_key, ciphertext); } /** A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out.closure with +types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const +generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_9f0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_9f( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -6538,13 +6539,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_0f0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_100( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6560,6 +6557,31 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_0f0( ring_element); deserialized_pk[i0] = uu____0; } +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_2f( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + } + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_100( + public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6580,10 +6602,10 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_82( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_fc( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_0f0( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_2f( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); @@ -6610,9 +6632,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2f( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e5( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_82(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_fc(public_key); } /** @@ -6622,128 +6644,10 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2f( */ static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2f( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e5( public_key->value); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_7e( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_25( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_16( - copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_9d0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_0f( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_d2(public_key->A, r_as_ntt, error_1, - u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_00( - copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_1d( - public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_77( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_1f( - uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6766,11 +6670,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_ec( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_40( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_2a( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_bc( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6800,7 +6704,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_ec( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_71(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -6812,11 +6716,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_ec( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_7e( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_7f( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_71(ciphertext), + libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -6852,10 +6756,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_ef( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_dd( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_ec(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_40(key_pair, ciphertext, ret); } /** @@ -6869,7 +6773,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_ef( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_dd( private_key, ciphertext, ret); } @@ -6892,7 +6796,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_16( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_80( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6920,7 +6824,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_16( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_7e(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_7f(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6930,7 +6834,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_16( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_fc_e5(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_66(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6963,7 +6867,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_25( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_09( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -6971,7 +6875,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_25( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_16(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_80(uu____0, copy_of_randomness); } @@ -6991,7 +6895,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_25( + return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_09( uu____0, copy_of_randomness); } @@ -7010,7 +6914,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_70(size_t _j) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_ff(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -7028,7 +6932,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_c1( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_73( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -7047,7 +6951,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_17_56( +libcrux_ml_kem_polynomial_clone_17_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -7076,7 +6980,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_b5( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f1( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -7091,14 +6995,14 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_b5( &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_c1(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_73(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_clone_17_56( + libcrux_ml_kem_polynomial_clone_17_55( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -7146,13 +7050,13 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_15( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_f2( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_b5(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f1(copy_of_randomness, out); } /** @@ -7165,7 +7069,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_15( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_f2( copy_of_randomness, key_pair); } @@ -7181,7 +7085,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_default_1c_20(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_50(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); lit.public_key_hash[0U] = 0U; @@ -7232,7 +7136,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_7e(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_14(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0; uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); uu____0.implicit_rejection_value[0U] = 0U; @@ -7270,7 +7174,7 @@ static KRML_MUSTINLINE return (CLITERAL( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_20()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_50()}); } /** @@ -7278,7 +7182,7 @@ static KRML_MUSTINLINE */ static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_7e(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_14(); } /** @@ -7286,7 +7190,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_20(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_50(); } /** @@ -7306,7 +7210,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_83( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_f4( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { libcrux_ml_kem_ind_cpa_serialize_public_key_mut_49( @@ -7333,10 +7237,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_f9( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1d( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_83( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_f4( &self->public_key, serialized); } @@ -7347,7 +7251,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_f9(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1d(key_pair, serialized); } @@ -7363,7 +7267,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c9( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c6( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -7399,11 +7303,11 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_clone_28_aa( +libcrux_ml_kem_ind_cca_unpacked_clone_28_07( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c9(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c6(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -7427,7 +7331,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 * - libcrux_ml_kem_ind_cca_unpacked_public_key_de_5e( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_d1( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; @@ -7440,8 +7344,8 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_aa( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_5e(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_07( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_d1(key_pair)); pk[0U] = uu____0; } @@ -7452,7 +7356,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_83(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_f4(public_key, serialized); } @@ -7473,14 +7377,10 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *unpacked_public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_0f( - Eurydice_array_to_subslice_to((size_t)1184U, public_key->value, - (size_t)1152U, uint8_t, size_t), - uu____0); - memcpy( - unpacked_public_key->ind_cpa_public_key.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_to( + (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_10( + uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); uint8_t uu____1[32U]; libcrux_ml_kem_utils_into_padded_array_423( Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, @@ -7488,20 +7388,18 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( uu____1); memcpy(unpacked_public_key->ind_cpa_public_key.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____2)[3U] = + unpacked_public_key->ind_cpa_public_key.A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_421( Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t), ret); - libcrux_ml_kem_matrix_sample_matrix_a_out_ba(ret, false, uu____2); - memcpy(unpacked_public_key->ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); + libcrux_ml_kem_matrix_sample_matrix_A_95(uu____2, ret, false); uint8_t uu____3[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_7a(public_key), + libcrux_ml_kem_types_as_slice_ba_38(public_key), uint8_t), uu____3); memcpy(unpacked_public_key->public_key_hash, uu____3, @@ -7521,7 +7419,7 @@ const generics - PUBLIC_KEY_SIZE= 1184 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_68( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_a8( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *unpacked_public_key) { @@ -7537,7 +7435,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_68( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_a8( public_key, unpacked_public_key); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index e9dfd590f..c78519b81 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: e889dcc61b920c30e358a243bec2d9dc893734fa + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_mlkem768_portable_types_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index e41ba303c..53a9bf770 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: e889dcc61b920c30e358a243bec2d9dc893734fa + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index d57c43db6..3926d9d80 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: e889dcc61b920c30e358a243bec2d9dc893734fa + * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 */ #ifndef __libcrux_sha3_portable_H From 407268043d912062845dd99ad84a869fa2f873e5 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 16 Sep 2024 13:23:41 +0000 Subject: [PATCH 153/172] update F* --- .../Libcrux_ml_kem.Constant_time_ops.fst | 34 +- ...m.Ind_cca.Instantiations.Avx2.Unpacked.fst | 89 +++ ....Ind_cca.Instantiations.Avx2.Unpacked.fsti | 56 ++ ...rux_ml_kem.Ind_cca.Instantiations.Avx2.fst | 24 +- ...ux_ml_kem.Ind_cca.Instantiations.Avx2.fsti | 18 +- ...m.Ind_cca.Instantiations.Neon.Unpacked.fst | 89 +++ ....Ind_cca.Instantiations.Neon.Unpacked.fsti | 60 ++ ...rux_ml_kem.Ind_cca.Instantiations.Neon.fst | 26 +- ...ux_ml_kem.Ind_cca.Instantiations.Neon.fsti | 18 +- ...d_cca.Instantiations.Portable.Unpacked.fst | 89 +++ ..._cca.Instantiations.Portable.Unpacked.fsti | 60 ++ ...ml_kem.Ind_cca.Instantiations.Portable.fst | 26 +- ...l_kem.Ind_cca.Instantiations.Portable.fsti | 18 +- .../Libcrux_ml_kem.Ind_cca.Multiplexing.fst | 50 +- .../Libcrux_ml_kem.Ind_cca.Multiplexing.fsti | 14 +- .../Libcrux_ml_kem.Ind_cca.Unpacked.fst | 626 +++++++++++++++ .../Libcrux_ml_kem.Ind_cca.Unpacked.fsti | 224 ++++++ .../extraction/Libcrux_ml_kem.Ind_cca.fst | 164 ++-- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 22 +- .../Libcrux_ml_kem.Ind_cpa.Unpacked.fsti | 73 ++ .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 737 ++++++++++-------- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 150 +++- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 81 +- .../extraction/Libcrux_ml_kem.Matrix.fst | 252 ++---- .../extraction/Libcrux_ml_kem.Matrix.fsti | 12 - ...Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst | 108 +++ ...ibcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti | 86 ++ .../Libcrux_ml_kem.Mlkem1024.Avx2.fst | 14 +- .../Libcrux_ml_kem.Mlkem1024.Avx2.fsti | 22 +- ...Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst | 108 +++ ...ibcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti | 94 +++ .../Libcrux_ml_kem.Mlkem1024.Neon.fst | 14 +- .../Libcrux_ml_kem.Mlkem1024.Neon.fsti | 22 +- ...rux_ml_kem.Mlkem1024.Portable.Unpacked.fst | 108 +++ ...ux_ml_kem.Mlkem1024.Portable.Unpacked.fsti | 94 +++ .../Libcrux_ml_kem.Mlkem1024.Portable.fst | 14 +- .../Libcrux_ml_kem.Mlkem1024.Portable.fsti | 22 +- .../Libcrux_ml_kem.Mlkem1024.Rand.fst | 51 ++ .../Libcrux_ml_kem.Mlkem1024.Rand.fsti | 39 + .../extraction/Libcrux_ml_kem.Mlkem1024.fst | 14 +- .../extraction/Libcrux_ml_kem.Mlkem1024.fsti | 16 +- .../Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst | 104 +++ ...Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti | 84 ++ .../Libcrux_ml_kem.Mlkem512.Avx2.fst | 14 +- .../Libcrux_ml_kem.Mlkem512.Avx2.fsti | 22 +- .../Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst | 104 +++ ...Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti | 92 +++ .../Libcrux_ml_kem.Mlkem512.Neon.fst | 14 +- .../Libcrux_ml_kem.Mlkem512.Neon.fsti | 22 +- ...crux_ml_kem.Mlkem512.Portable.Unpacked.fst | 105 +++ ...rux_ml_kem.Mlkem512.Portable.Unpacked.fsti | 92 +++ .../Libcrux_ml_kem.Mlkem512.Portable.fst | 14 +- .../Libcrux_ml_kem.Mlkem512.Portable.fsti | 22 +- .../Libcrux_ml_kem.Mlkem512.Rand.fst | 49 ++ .../Libcrux_ml_kem.Mlkem512.Rand.fsti | 39 + .../extraction/Libcrux_ml_kem.Mlkem512.fst | 14 +- .../extraction/Libcrux_ml_kem.Mlkem512.fsti | 16 +- .../Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst | 140 ++++ ...Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti | 106 +++ .../Libcrux_ml_kem.Mlkem768.Avx2.fst | 14 +- .../Libcrux_ml_kem.Mlkem768.Avx2.fsti | 22 +- .../Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst | 141 ++++ ...Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti | 117 +++ .../Libcrux_ml_kem.Mlkem768.Neon.fst | 14 +- .../Libcrux_ml_kem.Mlkem768.Neon.fsti | 22 +- ...crux_ml_kem.Mlkem768.Portable.Unpacked.fst | 141 ++++ ...rux_ml_kem.Mlkem768.Portable.Unpacked.fsti | 117 +++ .../Libcrux_ml_kem.Mlkem768.Portable.fst | 14 +- .../Libcrux_ml_kem.Mlkem768.Portable.fsti | 22 +- .../Libcrux_ml_kem.Mlkem768.Rand.fst | 51 ++ .../Libcrux_ml_kem.Mlkem768.Rand.fsti | 39 + .../extraction/Libcrux_ml_kem.Mlkem768.fst | 14 +- .../extraction/Libcrux_ml_kem.Mlkem768.fsti | 16 +- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 95 ++- .../extraction/Libcrux_ml_kem.Polynomial.fst | 117 ++- .../extraction/Libcrux_ml_kem.Sampling.fst | 126 ++- .../extraction/Libcrux_ml_kem.Serialize.fst | 279 +++---- .../extraction/Libcrux_ml_kem.Serialize.fsti | 13 +- .../fstar/extraction/Libcrux_ml_kem.Types.fst | 16 +- .../extraction/Libcrux_ml_kem.Types.fsti | 75 +- .../extraction/Libcrux_ml_kem.Variant.fsti | 243 ++++++ ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 136 ++-- ...ibcrux_ml_kem.Vector.Portable.Compress.fst | 51 +- ...ibcrux_ml_kem.Vector.Portable.Sampling.fst | 17 +- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 59 +- 85 files changed, 5301 insertions(+), 1561 deletions(-) create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst index 92f263cc6..018593ecd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst @@ -16,17 +16,12 @@ let is_non_zero (value: u8) = Core.Hint.black_box #u8 (inz value <: u8) let compare (lhs rhs: t_Slice u8) = let (r: u8):u8 = 0uy in let r:u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Core.Slice.impl__len #u8 lhs <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #u8 lhs <: usize) + (fun r temp_1_ -> + let r:u8 = r in + let _:usize = temp_1_ in + true) r (fun r i -> let r:u8 = r in @@ -42,17 +37,12 @@ let select_ct (lhs rhs: t_Slice u8) (selector: u8) = let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) 1uy in let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let out:t_Array u8 (sz 32) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE + (fun out temp_1_ -> + let out:t_Array u8 (sz 32) = out in + let _:usize = temp_1_ in + true) out (fun out i -> let out:t_Array u8 (sz 32) = out in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst new file mode 100644 index 000000000..cecdf9ad1 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst @@ -0,0 +1,89 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions.Avx2 in + let open Libcrux_ml_kem.Vector.Avx2 in + () + +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE + v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash public_key randomness + +let unpack_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = + (), + Libcrux_ml_kem.Ind_cca.Unpacked.unpack_public_key v_K + v_T_AS_NTT_ENCODED_SIZE + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + in + unpacked_public_key + +let decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + Libcrux_ml_kem.Ind_cca.Unpacked.decapsulate v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE + v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE + v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash + key_pair ciphertext + +let generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + (out: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let hax_temp_output, out:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = + (), + Libcrux_ml_kem.Ind_cca.Unpacked.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash + randomness out + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + in + out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti new file mode 100644 index 000000000..609428969 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti @@ -0,0 +1,56 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions.Avx2 in + let open Libcrux_ml_kem.Vector.Avx2 in + () + +/// Unpacked encapsulate +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpack_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Unpacked decapsulate +val decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate a key pair +val generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + (out: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst index 6168bf69a..9f5044e59 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -23,18 +23,6 @@ let validate_private_key private_key ciphertext -let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE - v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR - v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash - #Libcrux_ml_kem.Variant.t_MlKem public_key randomness - let validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -58,6 +46,18 @@ let decapsulate #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash #Libcrux_ml_kem.Variant.t_MlKem private_key ciphertext +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE + v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR + v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash + #Libcrux_ml_kem.Variant.t_MlKem public_key randomness + let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti index 18a7e22cf..c87425a91 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -18,15 +18,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -val encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Portable public key validation val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) @@ -41,6 +32,15 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Portable generate key pair. val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst new file mode 100644 index 000000000..91614ab24 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst @@ -0,0 +1,89 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions.Neon in + let open Libcrux_ml_kem.Vector.Neon in + () + +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE + v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash public_key randomness + +let unpack_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = + (), + Libcrux_ml_kem.Ind_cca.Unpacked.unpack_public_key v_K + v_T_AS_NTT_ENCODED_SIZE + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + in + unpacked_public_key + +let decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + Libcrux_ml_kem.Ind_cca.Unpacked.decapsulate v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE + v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE + v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash key_pair ciphertext + +let generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + (out: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let hax_temp_output, out:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = + (), + Libcrux_ml_kem.Ind_cca.Unpacked.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash randomness out + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + in + out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti new file mode 100644 index 000000000..e602961e3 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti @@ -0,0 +1,60 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions.Neon in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Unpacked encapsulate +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpack_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Unpacked decapsulate +val decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate a key pair +val generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + (out: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst index 9a095a977..b9ce4c8b5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst @@ -23,19 +23,6 @@ let validate_private_key private_key ciphertext -let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE - v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR - v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Variant.t_MlKem public_key - randomness - let validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -60,6 +47,19 @@ let decapsulate #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Variant.t_MlKem private_key ciphertext +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE + v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR + v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Variant.t_MlKem public_key + randomness + let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti index b67717e7c..566639b4a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti @@ -18,15 +18,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -val encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Portable public key validation val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) @@ -41,6 +32,15 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Portable generate key pair. val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst new file mode 100644 index 000000000..3d5ed41ba --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst @@ -0,0 +1,89 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions.Portable in + let open Libcrux_ml_kem.Vector.Portable in + () + +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE + v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) public_key randomness + +let unpack_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + (), + Libcrux_ml_kem.Ind_cca.Unpacked.unpack_public_key v_K + v_T_AS_NTT_ENCODED_SIZE + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + in + unpacked_public_key + +let decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + Libcrux_ml_kem.Ind_cca.Unpacked.decapsulate v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE + v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE + v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) key_pair ciphertext + +let generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + (out: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let hax_temp_output, out:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + (), + Libcrux_ml_kem.Ind_cca.Unpacked.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) randomness out + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + in + out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti new file mode 100644 index 000000000..ef16fb9d1 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti @@ -0,0 +1,60 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions.Portable in + let open Libcrux_ml_kem.Vector.Portable in + () + +/// Unpacked encapsulate +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpack_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Unpacked decapsulate +val decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate a key pair +val generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + (out: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst index b04763512..3ec3de8dc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -23,19 +23,6 @@ let validate_private_key private_key ciphertext -let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE - v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR - v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Variant.t_MlKem - public_key randomness - let validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -60,6 +47,19 @@ let decapsulate #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Variant.t_MlKem private_key ciphertext +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE + v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR + v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Variant.t_MlKem + public_key randomness + let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti index 7aaa97f9a..5b75149d8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -18,15 +18,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -val encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Portable public key validation val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) @@ -41,6 +32,15 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Portable generate key pair. val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst index 3978adc07..f945524c6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst @@ -23,31 +23,6 @@ let validate_public_key v_PUBLIC_KEY_SIZE public_key -let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - = - if Libcrux_platform.Platform.simd256_support () - then - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE - v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE public_key randomness - else - if Libcrux_platform.Platform.simd128_support () - then - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE - v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE public_key randomness - else - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate v_K v_CIPHERTEXT_SIZE - v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE public_key randomness - let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -76,6 +51,31 @@ let decapsulate v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE private_key ciphertext +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + if Libcrux_platform.Platform.simd256_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE + v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE public_key randomness + else + if Libcrux_platform.Platform.simd128_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE + v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE public_key randomness + else + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate v_K v_CIPHERTEXT_SIZE + v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE public_key randomness + let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti index 53142ce81..8323134a3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti @@ -14,6 +14,13 @@ val validate_public_key (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +val decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) @@ -23,13 +30,6 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -val decapsulate - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst new file mode 100644 index 000000000..d06fe9daa --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst @@ -0,0 +1,626 @@ +module Libcrux_ml_kem.Ind_cca.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Ind_cpa.Unpacked in + let open Libcrux_ml_kem.Polynomial in + let open Libcrux_ml_kem.Types in + let open Libcrux_ml_kem.Vector.Traits in + () + +let impl__serialized_public_key + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemPublicKeyUnpacked v_K v_Vector) + = + Core.Convert.f_into #(t_Array u8 v_PUBLIC_KEY_SIZE) + #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + #FStar.Tactics.Typeclasses.solve + (Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #v_Vector + self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + (self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) + <: + t_Array u8 v_PUBLIC_KEY_SIZE) + +let impl__serialized_public_key_mut + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemPublicKeyUnpacked v_K v_Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE = + { + serialized with + Libcrux_ml_kem.Types.f_value + = + Libcrux_ml_kem.Ind_cpa.serialize_public_key_mut v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #v_Vector + self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + (self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) + serialized.Libcrux_ml_kem.Types.f_value + } + <: + Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE + in + serialized + +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (public_key: t_MlKemPublicKeyUnpacked v_K v_Vector) + (randomness: t_Array u8 (sz 32)) + = + let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) + in + let to_hash:t_Array u8 (sz 64) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash + ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize) + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + (public_key.f_public_key_hash <: t_Slice u8) + <: + t_Slice u8) + in + let hashed:t_Array u8 (sz 64) = + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (to_hash <: t_Slice u8) + in + let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + (hashed <: t_Slice u8) + Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE + in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Libcrux_ml_kem.Ind_cpa.encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE + v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN + v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher + public_key.f_ind_cpa_public_key randomness pseudorandomness + in + let shared_secret_array:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let shared_secret_array:t_Array u8 (sz 32) = + Core.Slice.impl__copy_from_slice #u8 shared_secret_array shared_secret + in + Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Array u8 v_CIPHERTEXT_SIZE) + #FStar.Tactics.Typeclasses.solve + ciphertext, + shared_secret_array + <: + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + +let unpack_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Hasher #v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (unpacked_public_key: t_MlKemPublicKeyUnpacked v_K v_Vector) + = + let unpacked_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector = + { + unpacked_public_key with + f_ind_cpa_public_key + = + { + unpacked_public_key.f_ind_cpa_public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + = + Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_T_AS_NTT_ENCODED_SIZE + v_K + #v_Vector + (public_key.Libcrux_ml_kem.Types.f_value.[ { + Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE + } + <: + Core.Ops.Range.t_RangeTo usize ] + <: + t_Slice u8) + unpacked_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + in + let unpacked_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector = + { + unpacked_public_key with + f_ind_cpa_public_key + = + { + unpacked_public_key.f_ind_cpa_public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A + = + Libcrux_ml_kem.Utils.into_padded_array (sz 32) + (public_key.Libcrux_ml_kem.Types.f_value.[ { + Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE + } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + in + let unpacked_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector = + { + unpacked_public_key with + f_ind_cpa_public_key + = + { + unpacked_public_key.f_ind_cpa_public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + = + Libcrux_ml_kem.Matrix.sample_matrix_A v_K + #v_Vector + #v_Hasher + unpacked_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + (Libcrux_ml_kem.Utils.into_padded_array (sz 34) + (public_key.Libcrux_ml_kem.Types.f_value.[ { + Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE + } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + <: + t_Array u8 (sz 34)) + false + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + in + let unpacked_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector = + { + unpacked_public_key with + f_public_key_hash + = + Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (Libcrux_ml_kem.Types.impl_21__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + in + unpacked_public_key + +let impl_2__private_key + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + = self.f_private_key + +let impl_2__public_key + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + = self.f_public_key + +let impl_2__serialized_private_key + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not yet implemented" + <: + Rust_primitives.Hax.t_Never) + +let impl_2__serialized_public_key + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + = + impl__serialized_public_key v_K + #v_Vector + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + self.f_public_key + +let impl_2__serialized_public_key_mut + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + = + let hax_temp_output, serialized:(Prims.unit & + Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) = + (), + impl__serialized_public_key_mut v_K + #v_Vector + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + self.f_public_key + serialized + <: + (Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + in + serialized + +let impl_2__new + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (_: Prims.unit) + = + Core.Default.f_default #(t_MlKemKeyPairUnpacked v_K v_Vector) #FStar.Tactics.Typeclasses.solve () + +let decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (key_pair: t_MlKemKeyPairUnpacked v_K v_Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + let decrypted:t_Array u8 (sz 32) = + Libcrux_ml_kem.Ind_cpa.decrypt_unpacked v_K + v_CIPHERTEXT_SIZE + v_C1_SIZE + v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR + #v_Vector + key_pair.f_private_key.f_ind_cpa_private_key + ciphertext.Libcrux_ml_kem.Types.f_value + in + let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8) + in + let to_hash:t_Array u8 (sz 64) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash + ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize) + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + (key_pair.f_public_key.f_public_key_hash <: t_Slice u8) + <: + t_Slice u8) + in + let hashed:t_Array u8 (sz 64) = + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (to_hash <: t_Slice u8) + in + let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + (hashed <: t_Slice u8) + Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE + in + let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 + v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = + Libcrux_ml_kem.Utils.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + (key_pair.f_private_key.f_implicit_rejection_value <: t_Slice u8) + in + let to_hash:t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash + ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize) + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + <: + t_Slice u8) + in + let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = + Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (sz 32) + (to_hash <: t_Slice u8) + in + let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Libcrux_ml_kem.Ind_cpa.encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE + v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher + key_pair.f_public_key.f_ind_cpa_public_key decrypted pseudorandomness + in + let selector:u8 = + Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_in_constant_time (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext + v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + (expected_ciphertext <: t_Slice u8) + in + Libcrux_ml_kem.Constant_time_ops.select_shared_secret_in_constant_time shared_secret + (implicit_rejection_shared_secret <: t_Slice u8) + selector + +let generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (randomness: t_Array u8 (sz 64)) + (out: t_MlKemKeyPairUnpacked v_K v_Vector) + = + let ind_cpa_keypair_randomness:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_Range usize ] + in + let implicit_rejection_value:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_RangeFrom usize ] + in + let tmp0, tmp1:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = + Libcrux_ml_kem.Ind_cpa.generate_keypair_unpacked v_K + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + ind_cpa_keypair_randomness + out.f_private_key.f_ind_cpa_private_key + out.f_public_key.f_ind_cpa_public_key + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_private_key + = + { out.f_private_key with f_ind_cpa_private_key = tmp0 } + <: + t_MlKemPrivateKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_public_key + = + { out.f_public_key with f_ind_cpa_public_key = tmp1 } <: t_MlKemPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + let _:Prims.unit = () in + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K + (fun v__i -> + let v__i:usize = v__i in + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K + (fun v__j -> + let v__j:usize = v__j in + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + in + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun v_A temp_1_ -> + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K = + v_A + in + let _:usize = temp_1_ in + true) + v_A + (fun v_A i -> + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K = + v_A + in + let i:usize = i in + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun v_A temp_1_ -> + let v_A:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A + in + let _:usize = temp_1_ in + true) + v_A + (fun v_A j -> + let v_A:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A + in + let j:usize = j in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A + i + (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A.[ i ] + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + j + (Core.Clone.f_clone #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement + v_Vector) + #FStar.Tactics.Typeclasses.solve + ((out.f_public_key.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_A.[ j ] + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K).[ i ] + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + <: + t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K) + <: + t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_public_key + = + { + out.f_public_key with + f_ind_cpa_public_key + = + { out.f_public_key.f_ind_cpa_public_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_A = v_A } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + let pk_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K + v_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #v_Vector + out.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + (out.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A + <: + t_Slice u8) + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_public_key + = + { + out.f_public_key with + f_public_key_hash + = + Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (pk_serialized <: t_Slice u8) + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_private_key + = + { + out.f_private_key with + f_implicit_rejection_value + = + Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + #Core.Array.t_TryFromSliceError + (Core.Convert.f_try_into #(t_Slice u8) + #(t_Array u8 (sz 32)) + #FStar.Tactics.Typeclasses.solve + implicit_rejection_value + <: + Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) + } + <: + t_MlKemPrivateKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti new file mode 100644 index 000000000..fbd5de788 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti @@ -0,0 +1,224 @@ +module Libcrux_ml_kem.Ind_cca.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Ind_cpa.Unpacked in + let open Libcrux_ml_kem.Polynomial in + let open Libcrux_ml_kem.Types in + let open Libcrux_ml_kem.Vector.Traits in + () + +/// An unpacked ML-KEM IND-CCA Private Key +type t_MlKemPrivateKeyUnpacked + (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + = { + f_ind_cpa_private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector; + f_implicit_rejection_value:t_Array u8 (sz 32) +} + +/// An unpacked ML-KEM IND-CCA Private Key +type t_MlKemPublicKeyUnpacked + (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + = { + f_ind_cpa_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector; + f_public_key_hash:t_Array u8 (sz 32) +} + +/// Get the serialized public key. +val impl__serialized_public_key + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemPublicKeyUnpacked v_K v_Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val impl__serialized_public_key_mut + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemPublicKeyUnpacked v_K v_Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_1 + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + : Core.Default.t_Default (t_MlKemPublicKeyUnpacked v_K v_Vector) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_MlKemPublicKeyUnpacked v_K v_Vector) -> true); + f_default + = + fun (_: Prims.unit) -> + { + f_ind_cpa_public_key + = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K + v_Vector) + #FStar.Tactics.Typeclasses.solve + (); + f_public_key_hash = Rust_primitives.Hax.repeat 0uy (sz 32) + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + } + +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (public_key: t_MlKemPublicKeyUnpacked v_K v_Vector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate an unpacked key from a serialized key. +val unpack_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Hasher #v_Vector: Type0) + {| i2: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (unpacked_public_key: t_MlKemPublicKeyUnpacked v_K v_Vector) + : Prims.Pure (t_MlKemPublicKeyUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// An unpacked ML-KEM KeyPair +type t_MlKemKeyPairUnpacked + (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + = { + f_private_key:t_MlKemPrivateKeyUnpacked v_K v_Vector; + f_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector +} + +/// Get the serialized public key. +val impl_2__private_key + (v_K: usize) + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + : Prims.Pure (t_MlKemPrivateKeyUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val impl_2__public_key + (v_K: usize) + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + : Prims.Pure (t_MlKemPublicKeyUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val impl_2__serialized_private_key + (v_K: usize) + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_K) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val impl_2__serialized_public_key + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val impl_2__serialized_public_key_mut + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_3 + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + : Core.Default.t_Default (t_MlKemKeyPairUnpacked v_K v_Vector) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_MlKemKeyPairUnpacked v_K v_Vector) -> true); + f_default + = + fun (_: Prims.unit) -> + { + f_private_key + = + { + f_ind_cpa_private_key + = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K + v_Vector) + #FStar.Tactics.Typeclasses.solve + (); + f_implicit_rejection_value = Rust_primitives.Hax.repeat 0uy (sz 32) + } + <: + t_MlKemPrivateKeyUnpacked v_K v_Vector; + f_public_key + = + Core.Default.f_default #(t_MlKemPublicKeyUnpacked v_K v_Vector) + #FStar.Tactics.Typeclasses.solve + () + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + } + +/// Create a new empty unpacked key pair. +val impl_2__new: + v_K: usize -> + #v_Vector: Type0 -> + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} -> + Prims.unit + -> Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) + +val decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (key_pair: t_MlKemKeyPairUnpacked v_K v_Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate Unpacked Keys +val generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (randomness: t_Array u8 (sz 64)) + (out: t_MlKemKeyPairUnpacked v_K v_Vector) + : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 81f135162..b8a238385 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -133,7 +133,7 @@ let validate_public_key (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) = let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_PUBLIC_KEY_SIZE + Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced_out v_PUBLIC_KEY_SIZE v_K #v_Vector (public_key.[ { Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } @@ -188,87 +188,6 @@ let validate_private_key in t =. expected -let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher #v_Scheme: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i4: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - = - let randomness:t_Array u8 (sz 32) = - Libcrux_ml_kem.Variant.f_entropy_preprocess #v_Scheme - #FStar.Tactics.Typeclasses.solve - v_K - #v_Hasher - (randomness <: t_Slice u8) - in - let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) - in - let to_hash:t_Array u8 (sz 64) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash - ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize) - (Core.Slice.impl__copy_from_slice #u8 - (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize ] - <: - t_Slice u8) - (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (Libcrux_ml_kem.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) - <: - t_Slice u8) - <: - t_Slice u8) - in - let hashed:t_Array u8 (sz 64) = - Libcrux_ml_kem.Hash_functions.f_G #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (to_hash <: t_Slice u8) - in - let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 - (hashed <: t_Slice u8) - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE - in - let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = - Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE - v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher - (Libcrux_ml_kem.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) randomness - pseudorandomness - in - let ciphertext:Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE = - Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - #(t_Array u8 v_CIPHERTEXT_SIZE) - #FStar.Tactics.Typeclasses.solve - ciphertext - in - let shared_secret_array:t_Array u8 (sz 32) = - Libcrux_ml_kem.Variant.f_kdf #v_Scheme - #FStar.Tactics.Typeclasses.solve - v_K - v_CIPHERTEXT_SIZE - #v_Hasher - shared_secret - ciphertext - in - ciphertext, shared_secret_array - <: - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -400,6 +319,87 @@ let decapsulate (shared_secret <: t_Slice u8) (implicit_rejection_shared_secret <: t_Slice u8) +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher #v_Scheme: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i4: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + let randomness:t_Array u8 (sz 32) = + Libcrux_ml_kem.Variant.f_entropy_preprocess #v_Scheme + #FStar.Tactics.Typeclasses.solve + v_K + #v_Hasher + (randomness <: t_Slice u8) + in + let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) + in + let to_hash:t_Array u8 (sz 64) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash + ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize) + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (Libcrux_ml_kem.Types.impl_21__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) + <: + t_Slice u8) + <: + t_Slice u8) + in + let hashed:t_Array u8 (sz 64) = + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (to_hash <: t_Slice u8) + in + let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + (hashed <: t_Slice u8) + Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE + in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE + v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher + (Libcrux_ml_kem.Types.impl_21__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) randomness + pseudorandomness + in + let ciphertext:Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE = + Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Array u8 v_CIPHERTEXT_SIZE) + #FStar.Tactics.Typeclasses.solve + ciphertext + in + let shared_secret_array:t_Array u8 (sz 32) = + Libcrux_ml_kem.Variant.f_kdf #v_Scheme + #FStar.Tactics.Typeclasses.solve + v_K + v_CIPHERTEXT_SIZE + #v_Hasher + shared_secret + ciphertext + in + ciphertext, shared_secret_array + <: + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index ad432d409..5d53cee40 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -51,6 +51,17 @@ val validate_private_key (v__ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +val decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (#v_Vector #v_Hasher #v_Scheme: Type0) + {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) @@ -64,17 +75,6 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -val decapsulate - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (#v_Vector #v_Hasher #v_Scheme: Type0) - {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - /// Packed API /// Generate a key pair. /// Depending on the `Vector` and `Hasher` used, this requires different hardware diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti index 0211568dc..11603e5ef 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti @@ -13,3 +13,76 @@ let _ = type t_IndCpaPrivateKeyUnpacked (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} = { f_secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + : Core.Default.t_Default (t_IndCpaPrivateKeyUnpacked v_K v_Vector) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_IndCpaPrivateKeyUnpacked v_K v_Vector) -> true); + f_default + = + fun (_: Prims.unit) -> + { + f_secret_as_ntt + = + Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K + } + <: + t_IndCpaPrivateKeyUnpacked v_K v_Vector + } + +/// An unpacked ML-KEM IND-CPA Private Key +type t_IndCpaPublicKeyUnpacked + (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + = { + f_t_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K; + f_seed_for_A:t_Array u8 (sz 32); + f_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K +} + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_1 + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + : Core.Default.t_Default (t_IndCpaPublicKeyUnpacked v_K v_Vector) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_IndCpaPublicKeyUnpacked v_K v_Vector) -> true); + f_default + = + fun (_: Prims.unit) -> + { + f_t_as_ntt + = + Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K; + f_seed_for_A = Rust_primitives.Hax.repeat 0uy (sz 32); + f_A + = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl__ZERO + #v_Vector + () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K + } + <: + t_IndCpaPublicKeyUnpacked v_K v_Vector + } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 1b0f708be..e905c5190 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Ind_cpa.Unpacked in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Traits in () @@ -34,14 +35,12 @@ let sample_ring_element_cbd in let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in + let _:usize = temp_1_ in + true) (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) (fun temp_0_ i -> let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in @@ -69,14 +68,14 @@ let sample_ring_element_cbd prf_inputs in let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun error_1_ temp_1_ -> + let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + error_1_ + in + let _:usize = temp_1_ in + true) error_1_ (fun error_1_ i -> let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -112,14 +111,12 @@ let sample_vector_cbd_then_ntt = let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in + let _:usize = temp_1_ in + true) (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) (fun temp_0_ i -> let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in @@ -147,14 +144,14 @@ let sample_vector_cbd_then_ntt prf_inputs in let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun re_as_ntt temp_1_ -> + let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + re_as_ntt + in + let _:usize = temp_1_ in + true) re_as_ntt (fun re_as_ntt i -> let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -232,28 +229,11 @@ let compress_then_serialize_u (out: t_Slice u8) = let out:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Collect.f_into_iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - input - <: - Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K - )) + Rust_primitives.Hax.Folds.fold_enumerated_slice input + (fun out temp_1_ -> + let out:t_Slice u8 = out in + let _:usize = temp_1_ in + true) out (fun out temp_1_ -> let out:t_Slice u8 = out in @@ -310,26 +290,20 @@ let deserialize_then_decompress_u Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 - (ciphertext <: t_Slice u8) - ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! - v_U_COMPRESSION_FACTOR - <: - usize) /! - sz 8 - <: - usize) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! + v_U_COMPRESSION_FACTOR + <: + usize) /! + sz 8 <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + usize) + (ciphertext <: t_Slice u8) + (fun u_as_ntt temp_1_ -> + let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + u_as_ntt + in + let _:usize = temp_1_ in + true) u_as_ntt (fun u_as_ntt temp_1_ -> let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -358,131 +332,6 @@ let deserialize_then_decompress_u in u_as_ntt -let encrypt - (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: - Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (public_key: t_Slice u8) - (message: t_Array u8 (sz 32)) - (randomness: t_Slice u8) - = - let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_T_AS_NTT_ENCODED_SIZE - v_K - #v_Vector - (public_key.[ { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE } - <: - Core.Ops.Range.t_RangeTo usize ] - <: - t_Slice u8) - in - let seed:t_Slice u8 = - public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize ] - in - let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Libcrux_ml_kem.Matrix.sample_matrix_a_out v_K - #v_Vector - #v_Hasher - (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed <: t_Array u8 (sz 34)) - false - in - let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = - Libcrux_ml_kem.Utils.into_padded_array (sz 33) randomness - in - let r_as_ntt, domain_separator:(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & - u8) = - sample_vector_cbd_then_ntt_out v_K - v_ETA1 - v_ETA1_RANDOMNESS_SIZE - #v_Vector - #v_Hasher - prf_input - 0uy - in - let error_1_, domain_separator:(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & - u8) = - sample_ring_element_cbd v_K - v_ETA2_RANDOMNESS_SIZE - v_ETA2 - #v_Vector - #v_Hasher - prf_input - domain_separator - in - let prf_input:t_Array u8 (sz 33) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input (sz 32) domain_separator - in - let (prf_output: t_Array u8 v_ETA2_RANDOMNESS_SIZE):t_Array u8 v_ETA2_RANDOMNESS_SIZE = - Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - v_ETA2_RANDOMNESS_SIZE - (prf_input <: t_Slice u8) - in - let error_2_:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 - #v_Vector - (prf_output <: t_Slice u8) - in - let u:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Matrix.compute_vector_u v_K #v_Vector v_A r_as_ntt error_1_ - in - let message_as_ring_element:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Serialize.deserialize_then_decompress_message #v_Vector message - in - let v:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Matrix.compute_ring_element_v v_K - #v_Vector - tt_as_ntt - r_as_ntt - error_2_ - message_as_ring_element - in - let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Rust_primitives.Hax.repeat 0uy v_CIPHERTEXT_SIZE in - let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range ciphertext - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } - <: - Core.Ops.Range.t_Range usize) - (compress_then_serialize_u v_K - v_C1_LEN - v_U_COMPRESSION_FACTOR - v_BLOCK_LEN - #v_Vector - u - (ciphertext.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - <: - t_Slice u8) - in - let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from ciphertext - ({ Core.Ops.Range.f_start = v_C1_LEN } <: Core.Ops.Range.t_RangeFrom usize) - (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_v v_V_COMPRESSION_FACTOR - v_C2_LEN - #v_Vector - v - (ciphertext.[ { Core.Ops.Range.f_start = v_C1_LEN } <: Core.Ops.Range.t_RangeFrom usize ] - <: - t_Slice u8) - <: - t_Slice u8) - in - ciphertext - let deserialize_secret_key (v_K: usize) (#v_Vector: Type0) @@ -501,20 +350,15 @@ let deserialize_secret_key Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 - secret_key - Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + secret_key + (fun secret_as_ntt temp_1_ -> + let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K + = + secret_as_ntt + in + let _:usize = temp_1_ in + true) secret_as_ntt (fun secret_as_ntt temp_1_ -> let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K @@ -543,24 +387,11 @@ let serialize_secret_key = let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let out:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Collect.f_into_iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - key - <: - Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Rust_primitives.Hax.Folds.fold_enumerated_slice key + (fun out temp_1_ -> + let out:t_Array u8 v_OUT_LEN = out in + let _:usize = temp_1_ in + true) out (fun out temp_1_ -> let out:t_Array u8 v_OUT_LEN = out in @@ -603,7 +434,7 @@ let serialize_secret_key in out -let serialize_public_key +let serialize_public_key_mut (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -611,17 +442,15 @@ let serialize_public_key Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (seed_for_a: t_Slice u8) + (serialized: t_Array u8 v_PUBLIC_KEY_SIZE) = - let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - Rust_primitives.Hax.repeat 0uy v_PUBLIC_KEY_SIZE - in - let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range public_key_serialized + let serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 - (public_key_serialized.[ { + (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } @@ -635,13 +464,13 @@ let serialize_public_key <: t_Slice u8) in - let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from public_key_serialized + let serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from serialized ({ Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT } <: Core.Ops.Range.t_RangeFrom usize) (Core.Slice.impl__copy_from_slice #u8 - (public_key_serialized.[ { Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT } + (serialized.[ { Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT } <: Core.Ops.Range.t_RangeFrom usize ] <: @@ -650,104 +479,30 @@ let serialize_public_key <: t_Slice u8) in - public_key_serialized + serialized -let generate_keypair - (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher #v_Scheme: Type0) +let serialize_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: + i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i4: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) - (key_generation_seed: t_Slice u8) + (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (seed_for_a: t_Slice u8) = - let hashed:t_Array u8 (sz 64) = - Libcrux_ml_kem.Variant.f_cpa_keygen_seed #v_Scheme - #FStar.Tactics.Typeclasses.solve - v_K - #v_Hasher - key_generation_seed - in - let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 (hashed <: t_Slice u8) (sz 32) - in - let v_A_transpose:t_Array - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Libcrux_ml_kem.Matrix.sample_matrix_a_out v_K - #v_Vector - #v_Hasher - (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed_for_A <: t_Array u8 (sz 34)) - true - in - let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = - Libcrux_ml_kem.Utils.into_padded_array (sz 33) seed_for_secret_and_error - in - let secret_as_ntt, domain_separator:(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & - u8) = - sample_vector_cbd_then_ntt_out v_K - v_ETA1 - v_ETA1_RANDOMNESS_SIZE - #v_Vector - #v_Hasher - prf_input - 0uy - in - let error_as_ntt, _:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8 - ) = - sample_vector_cbd_then_ntt_out v_K - v_ETA1 - v_ETA1_RANDOMNESS_SIZE - #v_Vector - #v_Hasher - prf_input - domain_separator - in - let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K - (fun v__i -> - let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - in - let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Matrix.compute_As_plus_e v_K - #v_Vector - tt_as_ntt - v_A_transpose - secret_as_ntt - error_as_ntt - in - let (seed_for_A: t_Array u8 (sz 32)):t_Array u8 (sz 32) = - Core.Result.impl__unwrap #(t_Array u8 (sz 32)) - #Core.Array.t_TryFromSliceError - (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (sz 32)) - #FStar.Tactics.Typeclasses.solve - seed_for_A - <: - Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) + let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + Rust_primitives.Hax.repeat 0uy v_PUBLIC_KEY_SIZE in let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - serialize_public_key v_K + serialize_public_key_mut v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE #v_Vector tt_as_ntt - (seed_for_A <: t_Slice u8) + seed_for_a + public_key_serialized in - let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = - serialize_secret_key v_K v_PRIVATE_KEY_SIZE #v_Vector secret_as_ntt - in - secret_key_serialized, public_key_serialized - <: - (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) + public_key_serialized let decrypt_unpacked (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: @@ -806,3 +561,331 @@ let decrypt #v_Vector secret_key_unpacked ciphertext + +let encrypt_unpacked + (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + (message: t_Array u8 (sz 32)) + (randomness: t_Slice u8) + = + let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = + Libcrux_ml_kem.Utils.into_padded_array (sz 33) randomness + in + let r_as_ntt, domain_separator:(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & + u8) = + sample_vector_cbd_then_ntt_out v_K + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + prf_input + 0uy + in + let error_1_, domain_separator:(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & + u8) = + sample_ring_element_cbd v_K + v_ETA2_RANDOMNESS_SIZE + v_ETA2 + #v_Vector + #v_Hasher + prf_input + domain_separator + in + let prf_input:t_Array u8 (sz 33) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input (sz 32) domain_separator + in + let (prf_output: t_Array u8 v_ETA2_RANDOMNESS_SIZE):t_Array u8 v_ETA2_RANDOMNESS_SIZE = + Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + v_ETA2_RANDOMNESS_SIZE + (prf_input <: t_Slice u8) + in + let error_2_:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 + #v_Vector + (prf_output <: t_Slice u8) + in + let u:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Libcrux_ml_kem.Matrix.compute_vector_u v_K + #v_Vector + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + r_as_ntt + error_1_ + in + let message_as_ring_element:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Libcrux_ml_kem.Serialize.deserialize_then_decompress_message #v_Vector message + in + let v:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Libcrux_ml_kem.Matrix.compute_ring_element_v v_K + #v_Vector + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + r_as_ntt + error_2_ + message_as_ring_element + in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Rust_primitives.Hax.repeat 0uy v_CIPHERTEXT_SIZE in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range ciphertext + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } + <: + Core.Ops.Range.t_Range usize) + (compress_then_serialize_u v_K + v_C1_LEN + v_U_COMPRESSION_FACTOR + v_BLOCK_LEN + #v_Vector + u + (ciphertext.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + <: + t_Slice u8) + in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from ciphertext + ({ Core.Ops.Range.f_start = v_C1_LEN } <: Core.Ops.Range.t_RangeFrom usize) + (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_v v_V_COMPRESSION_FACTOR + v_C2_LEN + #v_Vector + v + (ciphertext.[ { Core.Ops.Range.f_start = v_C1_LEN } <: Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + <: + t_Slice u8) + in + ciphertext + +let encrypt + (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (public_key: t_Slice u8) + (message: t_Array u8 (sz 32)) + (randomness: t_Slice u8) + = + let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + #FStar.Tactics.Typeclasses.solve + () + in + let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + { + unpacked_public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + = + Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_T_AS_NTT_ENCODED_SIZE + v_K + #v_Vector + (public_key.[ { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE } + <: + Core.Ops.Range.t_RangeTo usize ] + <: + t_Slice u8) + unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + in + let seed:t_Slice u8 = + public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + in + let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + { + unpacked_public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + = + Libcrux_ml_kem.Matrix.sample_matrix_A v_K + #v_Vector + #v_Hasher + unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed <: t_Array u8 (sz 34)) + false + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + in + encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN + v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher unpacked_public_key message randomness + +let generate_keypair_unpacked + (v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (key_generation_seed: t_Slice u8) + (private_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector) + (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + = + let hashed:t_Array u8 (sz 64) = + Libcrux_ml_kem.Variant.f_cpa_keygen_seed #Libcrux_ml_kem.Variant.t_MlKem + #FStar.Tactics.Typeclasses.solve + v_K + #v_Hasher + key_generation_seed + in + let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 (hashed <: t_Slice u8) (sz 32) + in + let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + { + public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + = + Libcrux_ml_kem.Matrix.sample_matrix_A v_K + #v_Vector + #v_Hasher + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed_for_A <: t_Array u8 (sz 34)) + true + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + in + let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = + Libcrux_ml_kem.Utils.into_padded_array (sz 33) seed_for_secret_and_error + in + let tmp0, out:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) = + sample_vector_cbd_then_ntt v_K + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt + prf_input + 0uy + in + let private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector = + { private_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt = tmp0 } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector + in + let domain_separator:u8 = out in + let error_as_ntt, _:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8 + ) = + sample_vector_cbd_then_ntt_out v_K + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + prf_input + domain_separator + in + let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + { + public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + = + Libcrux_ml_kem.Matrix.compute_As_plus_e v_K + #v_Vector + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt + error_as_ntt + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + in + let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + { + public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A + = + Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + #Core.Array.t_TryFromSliceError + (Core.Convert.f_try_into #(t_Slice u8) + #(t_Array u8 (sz 32)) + #FStar.Tactics.Typeclasses.solve + seed_for_A + <: + Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + in + private_key, public_key + <: + (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + +let generate_keypair + (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher #v_Scheme: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i4: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) + (key_generation_seed: t_Slice u8) + = + let private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector + ) + #FStar.Tactics.Typeclasses.solve + () + in + let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + #FStar.Tactics.Typeclasses.solve + () + in + let tmp0, tmp1:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = + generate_keypair_unpacked v_K + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + key_generation_seed + private_key + public_key + in + let private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector = tmp0 in + let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = tmp1 in + let _:Prims.unit = () in + let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + serialize_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #v_Vector + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + (public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) + in + let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = + serialize_secret_key v_K + v_PRIVATE_KEY_SIZE + #v_Vector + private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt + in + secret_key_serialized, public_key_serialized + <: + (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index d6ae9cf08..90653fb7b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Ind_cpa.Unpacked in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Traits in () @@ -68,17 +69,6 @@ val deserialize_then_decompress_u Prims.l_True (fun _ -> Prims.l_True) -val encrypt - (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (public_key: t_Slice u8) - (message: t_Array u8 (sz 32)) - (randomness: t_Slice u8) - : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) Prims.l_True (fun _ -> Prims.l_True) - /// Call [`deserialize_to_uncompressed_ring_element`] for each ring element. val deserialize_secret_key (v_K: usize) @@ -98,25 +88,23 @@ val serialize_secret_key : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) /// Concatenate `t` and `ρ` into the public key. -val serialize_public_key +val serialize_public_key_mut (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (seed_for_a: t_Slice u8) + (serialized: t_Array u8 v_PUBLIC_KEY_SIZE) : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) -val generate_keypair - (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher #v_Scheme: Type0) - {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} - (key_generation_seed: t_Slice u8) - : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) - Prims.l_True - (fun _ -> Prims.l_True) +/// Concatenate `t` and `ρ` into the public key. +val serialize_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (seed_for_a: t_Slice u8) + : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) /// This function implements Algorithm 14 of the /// NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. @@ -153,3 +141,119 @@ val decrypt (secret_key: t_Slice u8) (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// This function implements Algorithm 13 of the +/// NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. +/// Algorithm 13 is reproduced below: +/// ```plaintext +/// Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. +/// Input: message m ∈ 𝔹^{32}. +/// Input: encryption randomness r ∈ 𝔹^{32}. +/// Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. +/// N ← 0 +/// t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) +/// ρ ← ekₚₖₑ[384k: 384k + 32] +/// for (i ← 0; i < k; i++) +/// for(j ← 0; j < k; j++) +/// Â[i,j] ← SampleNTT(XOF(ρ, i, j)) +/// end for +/// end for +/// for(i ← 0; i < k; i++) +/// r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) +/// N ← N + 1 +/// end for +/// for(i ← 0; i < k; i++) +/// e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) +/// N ← N + 1 +/// end for +/// e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) +/// r̂ ← NTT(r) +/// u ← NTT-¹(Âᵀ ◦ r̂) + e₁ +/// μ ← Decompress₁(ByteDecode₁(m))) +/// v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ +/// c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) +/// c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) +/// return c ← (c₁ ‖ c₂) +/// ``` +/// The NIST FIPS 203 standard can be found at +/// . +val encrypt_unpacked + (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + (message: t_Array u8 (sz 32)) + (randomness: t_Slice u8) + : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) Prims.l_True (fun _ -> Prims.l_True) + +val encrypt + (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (public_key: t_Slice u8) + (message: t_Array u8 (sz 32)) + (randomness: t_Slice u8) + : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) Prims.l_True (fun _ -> Prims.l_True) + +/// This function implements most of Algorithm 12 of the +/// NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation algorithm. +/// We say "most of" since Algorithm 12 samples the required randomness within +/// the function itself, whereas this implementation expects it to be provided +/// through the `key_generation_seed` parameter. +/// Algorithm 12 is reproduced below: +/// ```plaintext +/// Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. +/// Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. +/// d ←$ B +/// (ρ,σ) ← G(d) +/// N ← 0 +/// for (i ← 0; i < k; i++) +/// for(j ← 0; j < k; j++) +/// Â[i,j] ← SampleNTT(XOF(ρ, i, j)) +/// end for +/// end for +/// for(i ← 0; i < k; i++) +/// s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) +/// N ← N + 1 +/// end for +/// for(i ← 0; i < k; i++) +/// e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) +/// N ← N + 1 +/// end for +/// ŝ ← NTT(s) +/// ê ← NTT(e) +/// t̂ ← Â◦ŝ + ê +/// ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ +/// dkₚₖₑ ← ByteEncode₁₂(ŝ) +/// ``` +/// The NIST FIPS 203 standard can be found at +/// . +val generate_keypair_unpacked + (v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (key_generation_seed: t_Slice u8) + (private_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector) + (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +val generate_keypair + (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher #v_Scheme: Type0) + {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} + (key_generation_seed: t_Slice u8) + : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index fe53b5ec3..c8c456676 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -39,14 +39,14 @@ let invert_ntt_at_layer_1_ (v__layer: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -100,14 +100,14 @@ let invert_ntt_at_layer_2_ (v__layer: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -153,14 +153,14 @@ let invert_ntt_at_layer_3_ (v__layer: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -202,14 +202,14 @@ let invert_ntt_at_layer_4_plus = let step:usize = sz 1 <>! layer <: usize } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 128 >>! layer <: usize) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -223,17 +223,12 @@ let invert_ntt_at_layer_4_plus in let step_vec:usize = step /! Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = offset_vec; - Core.Ops.Range.f_end = offset_vec +! step_vec <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range offset_vec + (offset_vec +! step_vec <: usize) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index 011ead4d3..44b51e041 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -24,30 +24,15 @@ let compute_As_plus_e = let tt_as_ntt, hax_temp_output:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (matrix_A - <: - t_Slice - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + Rust_primitives.Hax.Folds.fold_enumerated_slice (matrix_A <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + (fun tt_as_ntt temp_1_ -> + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + tt_as_ntt + in + let _:usize = temp_1_ in + true) tt_as_ntt (fun tt_as_ntt temp_1_ -> let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -58,29 +43,23 @@ let compute_As_plus_e temp_1_ in let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement - v_Vector) - (row - <: - t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tt_as_ntt + i + (Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - )) + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + in + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Rust_primitives.Hax.Folds.fold_enumerated_slice (row + <: + t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + (fun tt_as_ntt temp_1_ -> + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + tt_as_ntt + in + let _:usize = temp_1_ in + true) tt_as_ntt (fun tt_as_ntt temp_1_ -> let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -137,14 +116,12 @@ let compute_ring_element_v Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in @@ -187,30 +164,15 @@ let compute_vector_u Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (a_as_ntt - <: - t_Slice - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + Rust_primitives.Hax.Folds.fold_enumerated_slice (a_as_ntt <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -221,29 +183,16 @@ let compute_vector_u temp_1_ in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement - v_Vector) - (row - <: - t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Rust_primitives.Hax.Folds.fold_enumerated_slice (row <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - )) + t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -310,14 +259,12 @@ let compute_message Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in @@ -356,14 +303,15 @@ let sample_matrix_A = let v_A_transpose, hax_temp_output:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun v_A_transpose temp_1_ -> + let v_A_transpose:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A_transpose + in + let _:usize = temp_1_ in + true) v_A_transpose (fun v_A_transpose i -> let v_A_transpose:t_Array @@ -373,14 +321,12 @@ let sample_matrix_A let i:usize = i in let seeds:t_Array (t_Array u8 (sz 34)) v_K = Rust_primitives.Hax.repeat seed v_K in let seeds:t_Array (t_Array u8 (sz 34)) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun seeds temp_1_ -> + let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in + let _:usize = temp_1_ in + true) seeds (fun seeds j -> let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in @@ -412,28 +358,14 @@ let sample_matrix_A let sampled:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Libcrux_ml_kem.Sampling.sample_from_xof v_K #v_Vector #v_Hasher seeds in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Collect.f_into_iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - sampled - <: - Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + Rust_primitives.Hax.Folds.fold_enumerated_slice sampled + (fun v_A_transpose temp_1_ -> + let v_A_transpose:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A_transpose + in + let _:usize = temp_1_ in + true) v_A_transpose (fun v_A_transpose temp_1_ -> let v_A_transpose:t_Array @@ -478,35 +410,3 @@ let sample_matrix_A v_A_transpose)) in v_A_transpose - -let sample_matrix_a_out - (v_K: usize) - (#v_Vector #v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: - Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (seed: t_Array u8 (sz 34)) - (transpose: bool) - = - let a:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - v_K - (fun v__i -> - let v__i:usize = v__i in - Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K - (fun v__j -> - let v__j:usize = v__j in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - <: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - in - let a:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - sample_matrix_A v_K #v_Vector #v_Hasher a seed transpose - in - a diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti index b282cb03b..78dea4243 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti @@ -75,15 +75,3 @@ val sample_matrix_A (t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) Prims.l_True (fun _ -> Prims.l_True) - -val sample_matrix_a_out - (v_K: usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (seed: t_Array u8 (sz 34)) - (transpose: bool) - : Prims.Pure - (t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst new file mode 100644 index 000000000..ca698a11d --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst @@ -0,0 +1,108 @@ +module Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Avx2 in + () + +let encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (sz 4) (sz 1568) (sz 1568) + (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key + randomness + +let init_public_key (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + #FStar.Tactics.Typeclasses.solve + () + +let serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 4) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 1536) + (sz 1568) + public_key + serialized + in + serialized + +let unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (sz 4) + (sz 1536) + (sz 1536) + (sz 1568) + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + in + unpacked_public_key + +let decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (sz 4) (sz 3168) (sz 1536) + (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) + (sz 128) (sz 1600) private_key ciphertext + +let generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let hax_temp_output, key_pair:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (sz 4) + (sz 1536) + (sz 3168) + (sz 1568) + (sz 1536) + (sz 2) + (sz 128) + randomness + key_pair + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + in + key_pair + +let init_key_pair (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + #FStar.Tactics.Typeclasses.solve + () diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti new file mode 100644 index 000000000..98114aa20 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti @@ -0,0 +1,86 @@ +module Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Avx2 in + () + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Encapsulate ML-KEM 1024 (unpacked) +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], +/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. +/// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: +/// +val encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked public key. +val init_public_key: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Decapsulate ML-KEM 1024 (unpacked) +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] +/// and an [`MlKem1024Ciphertext`]. +val decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate ML-KEM 1024 Key Pair in "unpacked" form +val generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked key. +val init_key_pair: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst index 46f95044d..a7e01533b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst @@ -13,13 +13,6 @@ let validate_private_key private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) - (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 4) (sz 1536) @@ -34,6 +27,13 @@ let decapsulate (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) + (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 4) (sz 1536) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti index 8bdbe0725..24fb25cc9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti @@ -10,17 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Encapsulate ML-KEM 1024 -/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) @@ -34,6 +23,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 1024 +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 1024 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst new file mode 100644 index 000000000..3b74c3b27 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst @@ -0,0 +1,108 @@ +module Libcrux_ml_kem.Mlkem1024.Neon.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Neon in + () + +let encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (sz 4) (sz 1568) (sz 1568) + (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key + randomness + +let init_public_key (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + #FStar.Tactics.Typeclasses.solve + () + +let serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 4) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 1536) + (sz 1568) + public_key + serialized + in + serialized + +let unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (sz 4) + (sz 1536) + (sz 1536) + (sz 1568) + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + in + unpacked_public_key + +let decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (sz 4) (sz 3168) (sz 1536) + (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) + (sz 128) (sz 1600) private_key ciphertext + +let generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let hax_temp_output, key_pair:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (sz 4) + (sz 1536) + (sz 3168) + (sz 1568) + (sz 1536) + (sz 2) + (sz 128) + randomness + key_pair + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + in + key_pair + +let init_key_pair (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + #FStar.Tactics.Typeclasses.solve + () diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti new file mode 100644 index 000000000..46f643f14 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti @@ -0,0 +1,94 @@ +module Libcrux_ml_kem.Mlkem1024.Neon.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Neon in + () + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Encapsulate ML-KEM 1024 (unpacked) +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], +/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. +/// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: +/// +val encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked public key. +val init_public_key: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Decapsulate ML-KEM 1024 (unpacked) +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] +/// and an [`MlKem1024Ciphertext`]. +val decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate ML-KEM 1024 Key Pair in "unpacked" form +val generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked key. +val init_key_pair: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst index 00b887854..e89c0a92f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst @@ -13,13 +13,6 @@ let validate_private_key private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) - (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 4) (sz 1536) @@ -34,6 +27,13 @@ let decapsulate (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) + (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (sz 4) (sz 1536) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti index b9c106d0d..32080b0df 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti @@ -10,17 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Encapsulate ML-KEM 1024 -/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) @@ -34,6 +23,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 1024 +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 1024 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst new file mode 100644 index 000000000..b77d33651 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst @@ -0,0 +1,108 @@ +module Libcrux_ml_kem.Mlkem1024.Portable.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Portable in + () + +let encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (sz 4) (sz 1568) (sz 1568) + (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key + randomness + +let init_public_key (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + #FStar.Tactics.Typeclasses.solve + () + +let serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 4) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 1536) + (sz 1568) + public_key + serialized + in + serialized + +let unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (sz 4) + (sz 1536) + (sz 1536) + (sz 1568) + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + in + unpacked_public_key + +let decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (sz 4) (sz 3168) (sz 1536) + (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) + (sz 128) (sz 1600) private_key ciphertext + +let generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let hax_temp_output, key_pair:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (sz 4) + (sz 1536) + (sz 3168) + (sz 1568) + (sz 1536) + (sz 2) + (sz 128) + randomness + key_pair + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + in + key_pair + +let init_key_pair (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + #FStar.Tactics.Typeclasses.solve + () diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti new file mode 100644 index 000000000..fdc651118 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti @@ -0,0 +1,94 @@ +module Libcrux_ml_kem.Mlkem1024.Portable.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Portable in + () + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Encapsulate ML-KEM 1024 (unpacked) +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], +/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. +/// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: +/// +val encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked public key. +val init_public_key: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Decapsulate ML-KEM 1024 (unpacked) +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] +/// and an [`MlKem1024Ciphertext`]. +val decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate ML-KEM 1024 Key Pair in "unpacked" form +val generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked key. +val init_key_pair: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst index 685a05ebe..326b30645 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst @@ -13,13 +13,6 @@ let validate_private_key private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) - (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 4) (sz 1536) @@ -34,6 +27,13 @@ let decapsulate (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) + (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 4) (sz 1536) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti index 133b61ff4..4ba09a9a9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti @@ -10,17 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Encapsulate ML-KEM 1024 -/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) @@ -34,6 +23,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 1024 +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 1024 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst new file mode 100644 index 000000000..363d3888a --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst @@ -0,0 +1,51 @@ +module Libcrux_ml_kem.Mlkem1024.Rand +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Rand_core in + () + +let encapsulate + (#impl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (rng: impl_277843321_) + = + let randomness:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 32)) = + Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + in + let rng:impl_277843321_ = tmp0 in + let randomness:t_Array u8 (sz 32) = tmp1 in + let _:Prims.unit = () in + let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) = + Libcrux_ml_kem.Mlkem1024.encapsulate public_key randomness + in + rng, hax_temp_output + <: + (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32))) + +let generate_key_pair + (#impl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) + (rng: impl_277843321_) + = + let randomness:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 64)) = + Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + in + let rng:impl_277843321_ = tmp0 in + let randomness:t_Array u8 (sz 64) = tmp1 in + let _:Prims.unit = () in + let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568) = + Libcrux_ml_kem.Mlkem1024.generate_key_pair randomness + in + rng, hax_temp_output + <: + (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti new file mode 100644 index 000000000..a6890b7d0 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti @@ -0,0 +1,39 @@ +module Libcrux_ml_kem.Mlkem1024.Rand +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Rand_core in + () + +/// Encapsulate ML-KEM 1024 +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem1024PublicKey`]. +/// The random number generator `rng` needs to implement `RngCore` and +/// `CryptoRng` to sample the required randomness internally. +val encapsulate + (#impl_277843321_: Type0) + {| i1: Rand_core.t_RngCore impl_277843321_ |} + {| i2: Rand_core.t_CryptoRng impl_277843321_ |} + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (rng: impl_277843321_) + : Prims.Pure + (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32))) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate ML-KEM 1024 Key Pair +/// The random number generator `rng` needs to implement `RngCore` and +/// `CryptoRng` to sample the required randomness internally. +/// This function returns an [`MlKem1024KeyPair`]. +val generate_key_pair + (#impl_277843321_: Type0) + {| i1: Rand_core.t_RngCore impl_277843321_ |} + {| i2: Rand_core.t_CryptoRng impl_277843321_ |} + (rng: impl_277843321_) + : Prims.Pure (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst index 4f202cfd7..6137197ca 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst @@ -19,13 +19,6 @@ let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1 (sz 1568) public_key.Libcrux_ml_kem.Types.f_value -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) - (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) @@ -34,6 +27,13 @@ let decapsulate (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) + (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 4) (sz 1536) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti index f2392f194..e62e15b56 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti @@ -74,6 +74,14 @@ val validate_private_key val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +/// Decapsulate ML-KEM 1024 +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + /// Encapsulate ML-KEM 1024 /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -85,14 +93,6 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -/// Decapsulate ML-KEM 1024 -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. -val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - /// Generate ML-KEM 1024 Key Pair /// Generate an ML-KEM key pair. The input is a byte array of size /// [`KEY_GENERATION_SEED_SIZE`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst new file mode 100644 index 000000000..6fc3cda34 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst @@ -0,0 +1,104 @@ +module Libcrux_ml_kem.Mlkem512.Avx2.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Avx2 in + () + +let encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) + (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + +let init_public_key (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + #FStar.Tactics.Typeclasses.solve + () + +let serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + = + let hax_temp_output, serialized:(Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + (), + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 2) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 768) + (sz 800) + public_key + serialized + <: + (Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + in + serialized + +let unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (sz 2) + (sz 768) + (sz 768) + (sz 800) + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + in + unpacked_public_key + +let decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) + (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) + (sz 800) private_key ciphertext + +let generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (sz 2) + (sz 768) + (sz 1632) + (sz 800) + (sz 768) + (sz 3) + (sz 192) + randomness + key_pair + in + key_pair + +let init_key_pair (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + #FStar.Tactics.Typeclasses.solve + () diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti new file mode 100644 index 000000000..cd0cb965f --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti @@ -0,0 +1,84 @@ +module Libcrux_ml_kem.Mlkem512.Avx2.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Avx2 in + () + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Encapsulate ML-KEM 512 (unpacked) +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], +/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. +val encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked public key. +val init_public_key: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Decapsulate ML-KEM 512 (unpacked) +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] +/// and an [`MlKem512Ciphertext`]. +val decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate ML-KEM 512 Key Pair in "unpacked" form +val generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked key. +val init_key_pair: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst index 1256d4b58..f58c71977 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst @@ -13,13 +13,6 @@ let validate_private_key private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness - let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 2) (sz 768) @@ -34,6 +27,13 @@ let decapsulate (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 2) (sz 768) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti index 7d6f5f2af..5b846dc53 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti @@ -10,17 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Encapsulate ML-KEM 512 -/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) @@ -34,6 +23,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 512 +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 512 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst new file mode 100644 index 000000000..273041027 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst @@ -0,0 +1,104 @@ +module Libcrux_ml_kem.Mlkem512.Neon.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Neon in + () + +let encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) + (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + +let init_public_key (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + #FStar.Tactics.Typeclasses.solve + () + +let serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + = + let hax_temp_output, serialized:(Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + (), + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 2) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 768) + (sz 800) + public_key + serialized + <: + (Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + in + serialized + +let unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (sz 2) + (sz 768) + (sz 768) + (sz 800) + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + in + unpacked_public_key + +let decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) + (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) + (sz 800) private_key ciphertext + +let generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (sz 2) + (sz 768) + (sz 1632) + (sz 800) + (sz 768) + (sz 3) + (sz 192) + randomness + key_pair + in + key_pair + +let init_key_pair (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + #FStar.Tactics.Typeclasses.solve + () diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti new file mode 100644 index 000000000..40ecdcc8d --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti @@ -0,0 +1,92 @@ +module Libcrux_ml_kem.Mlkem512.Neon.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Neon in + () + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Encapsulate ML-KEM 512 (unpacked) +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], +/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. +val encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked public key. +val init_public_key: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Decapsulate ML-KEM 512 (unpacked) +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] +/// and an [`MlKem512Ciphertext`]. +val decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate ML-KEM 512 Key Pair in "unpacked" form +val generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked key. +val init_key_pair: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst index 3adfbcc08..5e88a7193 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst @@ -13,13 +13,6 @@ let validate_private_key private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness - let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 2) (sz 768) @@ -34,6 +27,13 @@ let decapsulate (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (sz 2) (sz 768) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti index 1d673c096..f737bc363 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti @@ -10,17 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Encapsulate ML-KEM 512 -/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) @@ -34,6 +23,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 512 +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 512 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst new file mode 100644 index 000000000..54eb129c9 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst @@ -0,0 +1,105 @@ +module Libcrux_ml_kem.Mlkem512.Portable.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Portable in + () + +let encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (sz 2) (sz 768) (sz 800) + (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key + randomness + +let init_public_key (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + #FStar.Tactics.Typeclasses.solve + () + +let serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + = + let hax_temp_output, serialized:(Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + (), + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 2) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 768) + (sz 800) + public_key + serialized + <: + (Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + in + serialized + +let unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (sz 2) + (sz 768) + (sz 768) + (sz 800) + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + in + unpacked_public_key + +let decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (sz 2) (sz 1632) (sz 768) + (sz 800) (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) + (sz 128) (sz 800) private_key ciphertext + +let generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (sz 2) + (sz 768) + (sz 1632) + (sz 800) + (sz 768) + (sz 3) + (sz 192) + randomness + key_pair + in + key_pair + +let init_key_pair (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + #FStar.Tactics.Typeclasses.solve + () diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti new file mode 100644 index 000000000..2aee55d13 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti @@ -0,0 +1,92 @@ +module Libcrux_ml_kem.Mlkem512.Portable.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Portable in + () + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Encapsulate ML-KEM 512 (unpacked) +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], +/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. +val encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked public key. +val init_public_key: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Decapsulate ML-KEM 512 (unpacked) +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] +/// and an [`MlKem512Ciphertext`]. +val decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate ML-KEM 512 Key Pair in "unpacked" form +val generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked key. +val init_key_pair: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst index 924411db0..47ebe2fe6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst @@ -13,13 +13,6 @@ let validate_private_key private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) - (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness - let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 2) (sz 768) @@ -34,6 +27,13 @@ let decapsulate (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) + (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 2) (sz 768) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti index e5a9ccbc4..277ef3588 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti @@ -10,17 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Encapsulate ML-KEM 512 -/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) @@ -34,6 +23,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 512 +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 512 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst new file mode 100644 index 000000000..e0359272f --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst @@ -0,0 +1,49 @@ +module Libcrux_ml_kem.Mlkem512.Rand +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Rand_core in + () + +let encapsulate + (#impl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (rng: impl_277843321_) + = + let randomness:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 32)) = + Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + in + let rng:impl_277843321_ = tmp0 in + let randomness:t_Array u8 (sz 32) = tmp1 in + let _:Prims.unit = () in + let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) = + Libcrux_ml_kem.Mlkem512.encapsulate public_key randomness + in + rng, hax_temp_output + <: + (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32))) + +let generate_key_pair + (#impl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) + (rng: impl_277843321_) + = + let randomness:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 64)) = + Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + in + let rng:impl_277843321_ = tmp0 in + let randomness:t_Array u8 (sz 64) = tmp1 in + let _:Prims.unit = () in + let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800) = + Libcrux_ml_kem.Mlkem512.generate_key_pair randomness + in + rng, hax_temp_output <: (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti new file mode 100644 index 000000000..95ba62654 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti @@ -0,0 +1,39 @@ +module Libcrux_ml_kem.Mlkem512.Rand +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Rand_core in + () + +/// Encapsulate ML-KEM 512 +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem512PublicKey`]. +/// The random number generator `rng` needs to implement `RngCore` and +/// `CryptoRng` to sample the required randomness internally. +val encapsulate + (#impl_277843321_: Type0) + {| i1: Rand_core.t_RngCore impl_277843321_ |} + {| i2: Rand_core.t_CryptoRng impl_277843321_ |} + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (rng: impl_277843321_) + : Prims.Pure + (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32))) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate ML-KEM 512 Key Pair +/// The random number generator `rng` needs to implement `RngCore` and +/// `CryptoRng` to sample the required randomness internally. +/// This function returns an [`MlKem512KeyPair`]. +val generate_key_pair + (#impl_277843321_: Type0) + {| i1: Rand_core.t_RngCore impl_277843321_ |} + {| i2: Rand_core.t_CryptoRng impl_277843321_ |} + (rng: impl_277843321_) + : Prims.Pure (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst index 8d6976b63..4898aaa26 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst @@ -19,13 +19,6 @@ let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 8 (sz 800) public_key.Libcrux_ml_kem.Types.f_value -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) @@ -34,6 +27,13 @@ let decapsulate (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 2) (sz 768) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti index b87dfb18d..9031c5873 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti @@ -74,6 +74,14 @@ val validate_private_key val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +/// Decapsulate ML-KEM 512 +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + /// Encapsulate ML-KEM 512 /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -85,14 +93,6 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -/// Decapsulate ML-KEM 512 -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. -val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - /// Generate ML-KEM 512 Key Pair /// The input is a byte array of size /// [`KEY_GENERATION_SEED_SIZE`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst new file mode 100644 index 000000000..1a75cf7bf --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst @@ -0,0 +1,140 @@ +module Libcrux_ml_kem.Mlkem768.Avx2.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Avx2 in + () + +let encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (sz 3) (sz 1088) (sz 1184) + (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key + randomness + +let init_public_key (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + #FStar.Tactics.Typeclasses.solve + () + +let serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 3) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 1152) + (sz 1184) + public_key + serialized + in + serialized + +let unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (sz 3) + (sz 1152) + (sz 1152) + (sz 1184) + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + in + unpacked_public_key + +let decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (sz 3) (sz 2400) (sz 1152) + (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) + (sz 128) (sz 1120) private_key ciphertext + +let generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (sz 3) + (sz 1152) + (sz 2400) + (sz 1184) + (sz 1152) + (sz 2) + (sz 128) + randomness + key_pair + in + key_pair + +let init_key_pair (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + #FStar.Tactics.Typeclasses.solve + () + +let key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key_mut (sz 3) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 1152) + (sz 1184) + key_pair + serialized + in + serialized + +let public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (pk: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = + Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + #FStar.Tactics.Typeclasses.solve + (Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__public_key (sz 3) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + key_pair + <: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + in + pk diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti new file mode 100644 index 000000000..4d8df4bc3 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti @@ -0,0 +1,106 @@ +module Libcrux_ml_kem.Mlkem768.Avx2.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Avx2 in + () + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Encapsulate ML-KEM 768 (unpacked) +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], +/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. +val encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked public key. +val init_public_key: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Decapsulate ML-KEM 768 (unpacked) +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] +/// and an [`MlKem768Ciphertext`]. +val decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate ML-KEM 768 Key Pair in "unpacked" form. +val generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked key. +val init_key_pair: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (pk: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst index ad93c77c1..a57fd2b32 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst @@ -13,13 +13,6 @@ let validate_private_key private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) - (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 3) (sz 1152) @@ -34,6 +27,13 @@ let decapsulate (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) + (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 3) (sz 1152) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti index e28b0965f..316f123b3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti @@ -10,17 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Encapsulate ML-KEM 768 -/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) @@ -34,6 +23,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 768 +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 768 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst new file mode 100644 index 000000000..1b1c3736e --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst @@ -0,0 +1,141 @@ +module Libcrux_ml_kem.Mlkem768.Neon.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Neon.Vector_type in + () + +let encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (sz 3) (sz 1088) (sz 1184) + (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key + randomness + +let init_public_key (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + #FStar.Tactics.Typeclasses.solve + () + +let serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 3) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 1152) + (sz 1184) + public_key + serialized + in + serialized + +let unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (sz 3) + (sz 1152) + (sz 1152) + (sz 1184) + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + in + unpacked_public_key + +let decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (sz 3) (sz 2400) (sz 1152) + (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) + (sz 128) (sz 1120) private_key ciphertext + +let generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (sz 3) + (sz 1152) + (sz 2400) + (sz 1184) + (sz 1152) + (sz 2) + (sz 128) + randomness + key_pair + in + key_pair + +let init_key_pair (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + #FStar.Tactics.Typeclasses.solve + () + +let key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key_mut (sz 3) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 1152) + (sz 1184) + key_pair + serialized + in + serialized + +let public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (pk: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = + Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + #FStar.Tactics.Typeclasses.solve + (Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__public_key (sz 3) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + key_pair + <: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + in + pk diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti new file mode 100644 index 000000000..3c76dc76c --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti @@ -0,0 +1,117 @@ +module Libcrux_ml_kem.Mlkem768.Neon.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Neon.Vector_type in + () + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Encapsulate ML-KEM 768 (unpacked) +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], +/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. +val encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked public key. +val init_public_key: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Decapsulate ML-KEM 768 (unpacked) +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] +/// and an [`MlKem768Ciphertext`]. +val decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate ML-KEM 768 Key Pair in "unpacked" form. +val generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked key. +val init_key_pair: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (pk: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst index cfedb0260..b8e43d354 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst @@ -13,13 +13,6 @@ let validate_private_key private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) - (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 3) (sz 1152) @@ -34,6 +27,13 @@ let decapsulate (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) + (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (sz 3) (sz 1152) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti index 3f5477cae..6b527d102 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti @@ -10,17 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Encapsulate ML-KEM 768 -/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) @@ -34,6 +23,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 768 +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 768 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst new file mode 100644 index 000000000..39960a363 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst @@ -0,0 +1,141 @@ +module Libcrux_ml_kem.Mlkem768.Portable.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Portable.Vector_type in + () + +let encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (sz 3) (sz 1088) (sz 1184) + (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key + randomness + +let init_public_key (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + #FStar.Tactics.Typeclasses.solve + () + +let serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 3) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 1152) + (sz 1184) + public_key + serialized + in + serialized + +let unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (sz 3) + (sz 1152) + (sz 1152) + (sz 1184) + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + in + unpacked_public_key + +let decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (sz 3) (sz 2400) (sz 1152) + (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) + (sz 128) (sz 1120) private_key ciphertext + +let generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (sz 3) + (sz 1152) + (sz 2400) + (sz 1184) + (sz 1152) + (sz 2) + (sz 128) + randomness + key_pair + in + key_pair + +let init_key_pair (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + #FStar.Tactics.Typeclasses.solve + () + +let key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key_mut (sz 3) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 1152) + (sz 1184) + key_pair + serialized + in + serialized + +let public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (pk: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + #FStar.Tactics.Typeclasses.solve + (Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__public_key (sz 3) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + key_pair + <: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + in + pk diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti new file mode 100644 index 000000000..30956fcb9 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti @@ -0,0 +1,117 @@ +module Libcrux_ml_kem.Mlkem768.Portable.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Portable.Vector_type in + () + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Encapsulate ML-KEM 768 (unpacked) +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], +/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. +val encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked public key. +val init_public_key: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Decapsulate ML-KEM 768 (unpacked) +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] +/// and an [`MlKem768Ciphertext`]. +val decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate ML-KEM 768 Key Pair in "unpacked" form. +val generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked key. +val init_key_pair: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (pk: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst index 04197a49b..9690ed48f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst @@ -13,13 +13,6 @@ let validate_private_key private_key ciphertext -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) - (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 3) (sz 1152) @@ -34,6 +27,13 @@ let decapsulate (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) + (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 3) (sz 1152) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti index 85517e2e3..a44262014 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti @@ -10,17 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Encapsulate ML-KEM 768 -/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) @@ -34,6 +23,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 768 +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 768 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst new file mode 100644 index 000000000..df3caf4a2 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst @@ -0,0 +1,51 @@ +module Libcrux_ml_kem.Mlkem768.Rand +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Rand_core in + () + +let encapsulate + (#impl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (rng: impl_277843321_) + = + let randomness:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 32)) = + Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + in + let rng:impl_277843321_ = tmp0 in + let randomness:t_Array u8 (sz 32) = tmp1 in + let _:Prims.unit = () in + let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) = + Libcrux_ml_kem.Mlkem768.encapsulate public_key randomness + in + rng, hax_temp_output + <: + (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32))) + +let generate_key_pair + (#impl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) + (rng: impl_277843321_) + = + let randomness:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 64)) = + Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + in + let rng:impl_277843321_ = tmp0 in + let randomness:t_Array u8 (sz 64) = tmp1 in + let _:Prims.unit = () in + let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184) = + Libcrux_ml_kem.Mlkem768.generate_key_pair randomness + in + rng, hax_temp_output + <: + (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti new file mode 100644 index 000000000..6d9fbe622 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti @@ -0,0 +1,39 @@ +module Libcrux_ml_kem.Mlkem768.Rand +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Rand_core in + () + +/// Encapsulate ML-KEM 768 +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem768PublicKey`]. +/// The random number generator `rng` needs to implement `RngCore` and +/// `CryptoRng` to sample the required randomness internally. +val encapsulate + (#impl_277843321_: Type0) + {| i1: Rand_core.t_RngCore impl_277843321_ |} + {| i2: Rand_core.t_CryptoRng impl_277843321_ |} + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (rng: impl_277843321_) + : Prims.Pure + (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32))) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate ML-KEM 768 Key Pair +/// The random number generator `rng` needs to implement `RngCore` and +/// `CryptoRng` to sample the required randomness internally. +/// This function returns an [`MlKem768KeyPair`]. +val generate_key_pair + (#impl_277843321_: Type0) + {| i1: Rand_core.t_RngCore impl_277843321_ |} + {| i2: Rand_core.t_CryptoRng impl_277843321_ |} + (rng: impl_277843321_) + : Prims.Pure (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst index c7e82c154..5d0bec2fe 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst @@ -19,13 +19,6 @@ let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1 (sz 1184) public_key.Libcrux_ml_kem.Types.f_value -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) @@ -34,6 +27,13 @@ let decapsulate (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 3) (sz 1152) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti index d4978f354..16febee24 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti @@ -74,6 +74,14 @@ val validate_private_key val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +/// Decapsulate ML-KEM 768 +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + /// Encapsulate ML-KEM 768 /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -85,14 +93,6 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -/// Decapsulate ML-KEM 768 -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. -val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - /// Generate ML-KEM 768 Key Pair /// Generate an ML-KEM key pair. The input is a byte array of size /// [`KEY_GENERATION_SEED_SIZE`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 3eae8cab8..46dfb217a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -36,14 +36,14 @@ let ntt_at_layer_1_ (v__layer v__initial_coefficient_bound: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -97,14 +97,14 @@ let ntt_at_layer_2_ (v__layer v__initial_coefficient_bound: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -150,14 +150,14 @@ let ntt_at_layer_3_ (v__layer v__initial_coefficient_bound: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -205,14 +205,14 @@ let ntt_at_layer_4_plus in let step:usize = sz 1 <>! layer <: usize } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 128 >>! layer <: usize) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -224,17 +224,12 @@ let ntt_at_layer_4_plus let offset_vec:usize = offset /! sz 16 in let step_vec:usize = step /! sz 16 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = offset_vec; - Core.Ops.Range.f_end = offset_vec +! step_vec <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range offset_vec + (offset_vec +! step_vec <: usize) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -289,14 +284,12 @@ let ntt_at_layer_7_ = let step:usize = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT /! sz 2 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = step } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + step + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index 9c6f28d5d..3cb84c2ef 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -37,14 +37,12 @@ let impl__add_error_reduce (self error: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self j -> let self:t_PolynomialRingElement v_Vector = self in @@ -89,14 +87,12 @@ let impl__add_message_error_reduce (self message result: t_PolynomialRingElement v_Vector) = let result:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun result temp_1_ -> + let result:t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_PolynomialRingElement v_Vector = result in @@ -147,14 +143,12 @@ let impl__add_standard_error_reduce (self error: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self j -> let self:t_PolynomialRingElement v_Vector = self in @@ -198,19 +192,12 @@ let impl__add_to_ring_element (self rhs: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - Core.Slice.impl__len #v_Vector (self.f_coefficients <: t_Slice v_Vector) <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #v_Vector (self.f_coefficients <: t_Slice v_Vector) <: usize) + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self i -> let self:t_PolynomialRingElement v_Vector = self in @@ -245,14 +232,12 @@ let impl__from_i16_array = let result:t_PolynomialRingElement v_Vector = impl__ZERO #v_Vector () in let result:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun result temp_1_ -> + let result:t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_PolynomialRingElement v_Vector = result in @@ -292,14 +277,12 @@ let impl__ntt_multiply = let out:t_PolynomialRingElement v_Vector = impl__ZERO #v_Vector () in let out:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun out temp_1_ -> + let out:t_PolynomialRingElement v_Vector = out in + let _:usize = temp_1_ in + true) out (fun out i -> let out:t_PolynomialRingElement v_Vector = out in @@ -348,14 +331,12 @@ let impl__poly_barrett_reduce (self: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self i -> let self:t_PolynomialRingElement v_Vector = self in @@ -388,14 +369,12 @@ let impl__subtract_reduce (self b: t_PolynomialRingElement v_Vector) = let b:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun b temp_1_ -> + let b:t_PolynomialRingElement v_Vector = b in + let _:usize = temp_1_ in + true) b (fun b i -> let b:t_PolynomialRingElement v_Vector = b in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 0d6e4719e..9c52850fc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -21,28 +21,29 @@ let sample_from_uniform_distribution_next (out: t_Array (t_Array i16 (sz 272)) v_K) = let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = + temp_0_ + in + let _:usize = temp_1_ in + true) (out, sampled_coefficients <: (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) (fun temp_0_ i -> let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = temp_0_ in let i:usize = i in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_N /! sz 24 <: usize } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (v_N /! sz 24 <: usize) + (fun temp_0_ temp_1_ -> + let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & + t_Array usize v_K) = + temp_0_ + in + let _:usize = temp_1_ in + true) (out, sampled_coefficients <: (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) (fun temp_0_ r -> let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & @@ -114,14 +115,12 @@ let sample_from_uniform_distribution_next in let done:bool = true in let done, sampled_coefficients:(bool & t_Array usize v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let done, sampled_coefficients:(bool & t_Array usize v_K) = temp_0_ in + let _:usize = temp_1_ in + true) (done, sampled_coefficients <: (bool & t_Array usize v_K)) (fun temp_0_ i -> let done, sampled_coefficients:(bool & t_Array usize v_K) = temp_0_ in @@ -154,18 +153,12 @@ let sample_from_binomial_distribution_2_ = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 randomness (sz 4) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4) + randomness + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:usize = temp_1_ in + true) sampled_i16s (fun sampled_i16s temp_1_ -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -183,22 +176,13 @@ let sample_from_binomial_distribution_2_ let even_bits:u32 = random_bits_as_u32 &. 1431655765ul in let odd_bits:u32 = (random_bits_as_u32 >>! 1l <: u32) &. 1431655765ul in let coin_toss_outcomes:u32 = even_bits +! odd_bits in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Step_by.t_StepBy - (Core.Ops.Range.t_Range u32)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_step_by #(Core.Ops.Range.t_Range u32) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = 0ul; - Core.Ops.Range.f_end = Core.Num.impl__u32__BITS - } - <: - Core.Ops.Range.t_Range u32) - (sz 4) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32)) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32)) + Rust_primitives.Hax.Folds.fold_range_step_by 0ul + Core.Num.impl__u32__BITS + (sz 4) + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:u32 = temp_1_ in + true) sampled_i16s (fun sampled_i16s outcome_set -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -230,18 +214,12 @@ let sample_from_binomial_distribution_3_ = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 randomness (sz 3) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 3) + randomness + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:usize = temp_1_ in + true) sampled_i16s (fun sampled_i16s temp_1_ -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -257,19 +235,13 @@ let sample_from_binomial_distribution_3_ let second_bits:u32 = (random_bits_as_u24 >>! 1l <: u32) &. 2396745ul in let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Step_by.t_StepBy - (Core.Ops.Range.t_Range i32)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_step_by #(Core.Ops.Range.t_Range i32) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = 0l; Core.Ops.Range.f_end = 24l } - <: - Core.Ops.Range.t_Range i32) - (sz 6) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32)) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32)) + Rust_primitives.Hax.Folds.fold_range_step_by 0l + 24l + (sz 6) + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:i32 = temp_1_ in + true) sampled_i16s (fun sampled_i16s outcome_set -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index a3991d73c..705ef5d7a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -19,17 +19,12 @@ let compress_then_serialize_10_ = let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in @@ -83,17 +78,12 @@ let compress_then_serialize_11_ = let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in @@ -146,17 +136,12 @@ let compress_then_serialize_4_ (serialized: t_Slice u8) = let serialized:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Slice u8 = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Slice u8 = serialized in @@ -210,17 +195,12 @@ let compress_then_serialize_5_ (serialized: t_Slice u8) = let serialized:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Slice u8 = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Slice u8 = serialized in @@ -274,14 +254,12 @@ let compress_then_serialize_message = let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let serialized:t_Array u8 (sz 32) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 32) = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 (sz 32) = serialized in @@ -377,18 +355,12 @@ let deserialize_then_decompress_10_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 20) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 20) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -431,18 +403,12 @@ let deserialize_then_decompress_11_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 22) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 22) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -485,18 +451,12 @@ let deserialize_then_decompress_4_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 8) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 8) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -539,18 +499,12 @@ let deserialize_then_decompress_5_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 10) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 10) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -605,14 +559,12 @@ let deserialize_then_decompress_message Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re i -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -693,18 +645,12 @@ let deserialize_to_reduced_ring_element Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 24) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -742,31 +688,19 @@ let deserialize_ring_elements_reduced i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (public_key: t_Slice u8) + (deserialized_pk: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = - let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K - (fun v__i -> - let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - in - let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 - public_key - Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + let deserialized_pk, hax_temp_output:t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + public_key + (fun deserialized_pk temp_1_ -> + let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + deserialized_pk + in + let _:usize = temp_1_ in + true) deserialized_pk (fun deserialized_pk temp_1_ -> let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -784,6 +718,28 @@ let deserialize_ring_elements_reduced in deserialized_pk +let deserialize_ring_elements_reduced_out + (v_PUBLIC_KEY_SIZE v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (public_key: t_Slice u8) + = + let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K + (fun v__i -> + let v__i:usize = v__i in + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + in + let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + deserialize_ring_elements_reduced v_PUBLIC_KEY_SIZE v_K #v_Vector public_key deserialized_pk + in + deserialized_pk + let deserialize_to_uncompressed_ring_element (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -795,18 +751,12 @@ let deserialize_to_uncompressed_ring_element Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 24) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -840,17 +790,12 @@ let serialize_uncompressed_ring_element = let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in let serialized:t_Array u8 (sz 384) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 384) = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 (sz 384) = serialized in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti index f4e2ef812..b320a6fd9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti @@ -126,10 +126,21 @@ val deserialize_to_reduced_ring_element Prims.l_True (fun _ -> Prims.l_True) +/// See [deserialize_ring_elements_reduced_out]. +val deserialize_ring_elements_reduced + (v_PUBLIC_KEY_SIZE v_K: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (public_key: t_Slice u8) + (deserialized_pk: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + Prims.l_True + (fun _ -> Prims.l_True) + /// This function deserializes ring elements and reduces the result by the field /// modulus. /// This function MUST NOT be used on secret inputs. -val deserialize_ring_elements_reduced +val deserialize_ring_elements_reduced_out (v_PUBLIC_KEY_SIZE v_K: usize) (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst index e5a39ea4d..9e95712a0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst @@ -3,17 +3,17 @@ module Libcrux_ml_kem.Types open Core open FStar.Mul -let impl_6__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE +let impl_7__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE -let impl_12__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE +let impl_14__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE -let impl_18__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE +let impl_21__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE -let impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value +let impl_7__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value -let impl_12__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value +let impl_14__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value -let impl_18__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value +let impl_21__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value let impl__from (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) @@ -54,7 +54,7 @@ let impl__new let impl__pk (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - = impl_18__as_slice v_PUBLIC_KEY_SIZE self.f_pk + = impl_21__as_slice v_PUBLIC_KEY_SIZE self.f_pk let impl__private_key (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) @@ -69,4 +69,4 @@ let impl__public_key let impl__sk (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - = impl_12__as_slice v_PRIVATE_KEY_SIZE self.f_sk + = impl_14__as_slice v_PRIVATE_KEY_SIZE self.f_sk diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti index 413d737d5..d533a764b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti @@ -4,22 +4,33 @@ open Core open FStar.Mul /// The number of bytes -val impl_6__len: v_SIZE: usize -> Prims.unit +val impl_7__len: v_SIZE: usize -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) /// The number of bytes -val impl_12__len: v_SIZE: usize -> Prims.unit +val impl_14__len: v_SIZE: usize -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) /// The number of bytes -val impl_18__len: v_SIZE: usize -> Prims.unit +val impl_21__len: v_SIZE: usize -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) ///An ML-KEM Ciphertext type t_MlKemCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_1 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) = +let impl_1 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemCiphertext v_SIZE) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_MlKemCiphertext v_SIZE) -> true); + f_default + = + fun (_: Prims.unit) -> + { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemCiphertext v_SIZE + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_2 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) = { f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemCiphertext v_SIZE) (out: t_Slice u8) -> true); @@ -27,7 +38,7 @@ let impl_1 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_ } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = +let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true); @@ -35,7 +46,7 @@ let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = +let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true); @@ -48,7 +59,7 @@ let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) = +let impl_5 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) = { f_from_pre = (fun (value: t_MlKemCiphertext v_SIZE) -> true); f_from_post = (fun (value: t_MlKemCiphertext v_SIZE) (out: t_Array u8 v_SIZE) -> true); @@ -56,14 +67,25 @@ let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCip } /// A reference to the raw byte slice. -val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) +val impl_7__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) ///An ML-KEM Private key type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_7 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = +let impl_8 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPrivateKey v_SIZE) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_MlKemPrivateKey v_SIZE) -> true); + f_default + = + fun (_: Prims.unit) -> + { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPrivateKey v_SIZE + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_9 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = { f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemPrivateKey v_SIZE) (out: t_Slice u8) -> true); @@ -71,7 +93,7 @@ let impl_7 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_ } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true); @@ -79,7 +101,7 @@ let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_11 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true); @@ -92,7 +114,7 @@ let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) = +let impl_12 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) = { f_from_pre = (fun (value: t_MlKemPrivateKey v_SIZE) -> true); f_from_post = (fun (value: t_MlKemPrivateKey v_SIZE) (out: t_Array u8 v_SIZE) -> true); @@ -100,14 +122,25 @@ let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPr } /// A reference to the raw byte slice. -val impl_12__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) +val impl_14__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) ///An ML-KEM Public key type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_13 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) = +let impl_15 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_MlKemPublicKey v_SIZE) -> true); + f_default + = + fun (_: Prims.unit) -> + { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPublicKey v_SIZE + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_16 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) = { f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemPublicKey v_SIZE) (out: t_Slice u8) -> true); @@ -115,7 +148,7 @@ let impl_13 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_ } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_14 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_17 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true); @@ -123,7 +156,7 @@ let impl_14 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_18 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true); @@ -136,7 +169,7 @@ let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) = +let impl_19 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) = { f_from_pre = (fun (value: t_MlKemPublicKey v_SIZE) -> true); f_from_post = (fun (value: t_MlKemPublicKey v_SIZE) (out: t_Array u8 v_SIZE) -> true); @@ -144,11 +177,11 @@ let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPu } /// A reference to the raw byte slice. -val impl_18__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) +val impl_21__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) = +let impl_6 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) = { f_Error = Core.Array.t_TryFromSliceError; f_try_from_pre = (fun (value: t_Slice u8) -> true); @@ -179,7 +212,7 @@ let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) ( } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_11 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = +let impl_13 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = { f_Error = Core.Array.t_TryFromSliceError; f_try_from_pre = (fun (value: t_Slice u8) -> true); @@ -210,7 +243,7 @@ let impl_11 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_17 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) (t_Slice u8) = +let impl_20 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) (t_Slice u8) = { f_Error = Core.Array.t_TryFromSliceError; f_try_from_pre = (fun (value: t_Slice u8) -> true); diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti new file mode 100644 index 000000000..4d6616fd4 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti @@ -0,0 +1,243 @@ +module Libcrux_ml_kem.Variant +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + () + +/// Implements [`Variant`], to perform the ML-KEM-specific actions +/// during encapsulation and decapsulation. +/// Specifically, +/// * during key generation, the seed hash is domain separated (this is a difference from the FIPS 203 IPD and Kyber) +/// * during encapsulation, the initial randomness is used without prior hashing, +/// * the derivation of the shared secret does not include a hash of the ML-KEM ciphertext. +type t_MlKem = | MlKem : t_MlKem + +/// This trait collects differences in specification between ML-KEM +/// (FIPS 203) and the Round 3 CRYSTALS-Kyber submission in the +/// NIST PQ competition. +/// cf. FIPS 203, Appendix C +class t_Variant (v_Self: Type0) = { + f_kdf_pre: + v_K: usize -> + v_CIPHERTEXT_SIZE: usize -> + #v_Hasher: Type0 -> + {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + t_Slice u8 -> + Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE + -> Type0; + f_kdf_post: + v_K: usize -> + v_CIPHERTEXT_SIZE: usize -> + #v_Hasher: Type0 -> + {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + t_Slice u8 -> + Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE -> + t_Array u8 (sz 32) + -> Type0; + f_kdf: + v_K: usize -> + v_CIPHERTEXT_SIZE: usize -> + #v_Hasher: Type0 -> + {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + x0: t_Slice u8 -> + x1: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE + -> Prims.Pure (t_Array u8 (sz 32)) + (f_kdf_pre v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1) + (fun result -> f_kdf_post v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1 result); + f_entropy_preprocess_pre: + v_K: usize -> + #v_Hasher: Type0 -> + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + t_Slice u8 + -> Type0; + f_entropy_preprocess_post: + v_K: usize -> + #v_Hasher: Type0 -> + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + t_Slice u8 -> + t_Array u8 (sz 32) + -> Type0; + f_entropy_preprocess: + v_K: usize -> + #v_Hasher: Type0 -> + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + x0: t_Slice u8 + -> Prims.Pure (t_Array u8 (sz 32)) + (f_entropy_preprocess_pre v_K #v_Hasher #i3 x0) + (fun result -> f_entropy_preprocess_post v_K #v_Hasher #i3 x0 result); + f_cpa_keygen_seed_pre: + v_K: usize -> + #v_Hasher: Type0 -> + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + t_Slice u8 + -> Type0; + f_cpa_keygen_seed_post: + v_K: usize -> + #v_Hasher: Type0 -> + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + t_Slice u8 -> + t_Array u8 (sz 64) + -> Type0; + f_cpa_keygen_seed: + v_K: usize -> + #v_Hasher: Type0 -> + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + x0: t_Slice u8 + -> Prims.Pure (t_Array u8 (sz 64)) + (f_cpa_keygen_seed_pre v_K #v_Hasher #i4 x0) + (fun result -> f_cpa_keygen_seed_post v_K #v_Hasher #i4 x0 result) +} + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl: t_Variant t_MlKem = + { + f_kdf_pre + = + (fun + (v_K: usize) + (v_CIPHERTEXT_SIZE: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (shared_secret: t_Slice u8) + (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + -> + true); + f_kdf_post + = + (fun + (v_K: usize) + (v_CIPHERTEXT_SIZE: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (shared_secret: t_Slice u8) + (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + (out1: t_Array u8 (sz 32)) + -> + true); + f_kdf + = + (fun + (v_K: usize) + (v_CIPHERTEXT_SIZE: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (shared_secret: t_Slice u8) + (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + -> + let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out shared_secret in + out); + f_entropy_preprocess_pre + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (randomness: t_Slice u8) + -> + true); + f_entropy_preprocess_post + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (randomness: t_Slice u8) + (out1: t_Array u8 (sz 32)) + -> + true); + f_entropy_preprocess + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (randomness: t_Slice u8) + -> + let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out randomness in + out); + f_cpa_keygen_seed_pre + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i4: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (key_generation_seed: t_Slice u8) + -> + true); + f_cpa_keygen_seed_post + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i4: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (key_generation_seed: t_Slice u8) + (out: t_Array u8 (sz 64)) + -> + true); + f_cpa_keygen_seed + = + fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i4: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (key_generation_seed: t_Slice u8) + -> + let seed:t_Array u8 (sz 33) = Rust_primitives.Hax.repeat 0uy (sz 33) in + let seed:t_Array u8 (sz 33) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range seed + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice #u8 + (seed.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + key_generation_seed + <: + t_Slice u8) + in + let seed:t_Array u8 (sz 33) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed + Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + (cast (v_K <: usize) <: u8) + in + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (seed <: t_Slice u8) + } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index c7e8f4fdb..3eb5abd35 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -35,17 +35,12 @@ let montgomery_multiply_fe_by_fer (fe fer: i16) = let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun lhs temp_1_ -> + let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in + let _:usize = temp_1_ in + true) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in @@ -71,17 +66,12 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let barrett_reduce (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -111,17 +101,12 @@ let bitwise_and_with_constant (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -144,17 +129,12 @@ let bitwise_and_with_constant let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -199,17 +179,12 @@ let montgomery_multiply_by_constant (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -238,17 +213,12 @@ let montgomery_multiply_by_constant let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -271,17 +241,12 @@ let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Portab let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -306,17 +271,12 @@ let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun lhs temp_1_ -> + let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in + let _:usize = temp_1_ in + true) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst index fc5eed14e..4a470d7d1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst @@ -27,17 +27,12 @@ let compress (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -65,17 +60,12 @@ let compress let compress_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -110,17 +100,12 @@ let decompress_ciphertext_coefficient (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst index 400e0026d..aec49a64f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst @@ -6,17 +6,12 @@ open FStar.Mul let rej_sample (a: t_Slice u8) (result: t_Slice i16) = let sampled:usize = sz 0 in let result, sampled:(t_Slice i16 & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = (Core.Slice.impl__len #u8 a <: usize) /! sz 3 <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + ((Core.Slice.impl__len #u8 a <: usize) /! sz 3 <: usize) + (fun temp_0_ temp_1_ -> + let result, sampled:(t_Slice i16 & usize) = temp_0_ in + let _:usize = temp_1_ in + true) (result, sampled <: (t_Slice i16 & usize)) (fun temp_0_ i -> let result, sampled:(t_Slice i16 & usize) = temp_0_ in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 1c580dafd..9a88facf7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -247,14 +247,12 @@ let serialize_5_int (v: t_Slice i16) = let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let result:t_Array u8 (sz 2) = Rust_primitives.Hax.repeat 0uy (sz 2) in let result:t_Array u8 (sz 2) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 8) + (fun result temp_1_ -> + let result:t_Array u8 (sz 2) = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_Array u8 (sz 2) = result in @@ -272,14 +270,12 @@ let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector t_Array u8 (sz 2)) in let result:t_Array u8 (sz 2) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 8; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 8) + (sz 16) + (fun result temp_1_ -> + let result:t_Array u8 (sz 2) = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_Array u8 (sz 2) = result in @@ -755,14 +751,12 @@ let deserialize_1_ (v: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Vector_type.zero () in let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 8) + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in @@ -782,17 +776,12 @@ let deserialize_1_ (v: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 8) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in From 866aaceaa7138abb43531070c34f9e12c02d52f6 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 16 Sep 2024 13:53:42 +0000 Subject: [PATCH 154/172] remove unpacked job from ci --- .github/workflows/mlkem.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/mlkem.yml b/.github/workflows/mlkem.yml index 575339c5d..aa1767182 100644 --- a/.github/workflows/mlkem.yml +++ b/.github/workflows/mlkem.yml @@ -87,11 +87,6 @@ jobs: rustc --print=cfg cargo build --verbose $RUST_TARGET_FLAG --features pre-verification - - name: 🔨 Build unpacked - run: | - rustc --print=cfg - cargo build --verbose $RUST_TARGET_FLAG --features pre-verification,unpacked - - name: 🔨 Build Release run: cargo build --verbose --release $RUST_TARGET_FLAG --features pre-verification From f06414b2d56e3b24003b43e61604049f52293786 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 16 Sep 2024 14:12:42 +0000 Subject: [PATCH 155/172] work around hax issues --- .../Libcrux_intrinsics.Avx2_extract.fsti | 55 +++++++++++++++++++ .../extraction/Libcrux_ml_kem.Matrix.fst | 7 ++- .../extraction/Libcrux_ml_kem.Serialize.fst | 4 +- libcrux-ml-kem/src/matrix.rs | 6 +- libcrux-ml-kem/src/serialize.rs | 3 +- 5 files changed, 67 insertions(+), 8 deletions(-) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 7af7f302a..5ac496e48 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -3,10 +3,14 @@ module Libcrux_intrinsics.Avx2_extract open Core open FStar.Mul +val mm256_abs_epi32 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_add_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) val mm256_add_epi32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_add_epi64 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_and_si256 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) val mm256_andnot_si256 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) @@ -14,12 +18,24 @@ val mm256_andnot_si256 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_ val mm256_blend_epi16 (v_CONTROL: i32) (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_blend_epi32 (v_CONTROL: i32) (lhs rhs: u8) + : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +val mm256_bsrli_epi128 (v_SHIFT_BY: i32) (x: u8) + : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_castsi128_si256 (vector: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_castsi256_ps (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_castsi256_si128 (vector: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_cmpeq_epi32 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_cmpgt_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_cmpgt_epi32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_cvtepi16_epi32 (vector: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) val mm256_extracti128_si256 (v_CONTROL: i32) (vector: u8) @@ -30,10 +46,16 @@ val mm256_inserti128_si256 (v_CONTROL: i32) (vector vector_i128: u8) val mm256_loadu_si256_i16 (input: t_Slice i16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_loadu_si256_i32 (input: t_Slice i32) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_loadu_si256_u8 (input: t_Slice u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) val mm256_madd_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_movemask_ps (a: u8) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) + +val mm256_mul_epi32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_mul_epu32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) val mm256_mulhi_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) @@ -42,6 +64,8 @@ val mm256_mullo_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims val mm256_mullo_epi32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_or_si256 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_packs_epi32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) val mm256_permute2x128_si256 (v_IMM8: i32) (a b: u8) @@ -67,11 +91,16 @@ val mm256_set_epi16 val mm256_set_epi32 (input7 input6 input5 input4 input3 input2 input1 input0: i32) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_set_epi64x (input3 input2 input1 input0: i64) + : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_set_epi8 (byte31 byte30 byte29 byte28 byte27 byte26 byte25 byte24 byte23 byte22 byte21 byte20 byte19 byte18 byte17 byte16 byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: i8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_set_m128i (hi lo: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_setzero_si256: Prims.unit -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) val mm256_shuffle_epi32 (v_CONTROL: i32) (vector: u8) @@ -79,6 +108,8 @@ val mm256_shuffle_epi32 (v_CONTROL: i32) (vector: u8) val mm256_shuffle_epi8 (vector control: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_sign_epi32 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_slli_epi16 (v_SHIFT_BY: i32) (vector: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) @@ -104,14 +135,25 @@ val mm256_srli_epi32 (v_SHIFT_BY: i32) (vector: u8) val mm256_srli_epi64 (v_SHIFT_BY: i32) (vector: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_srlv_epi32 (vector counts: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +val mm256_srlv_epi64 (vector counts: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_storeu_si256_i16 (output: t_Slice i16) (vector: u8) : Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) +val mm256_storeu_si256_i32 (output: t_Slice i32) (vector: u8) + : Prims.Pure (t_Slice i32) Prims.l_True (fun _ -> Prims.l_True) + val mm256_storeu_si256_u8 (output: t_Slice u8) (vector: u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) val mm256_sub_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_sub_epi32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +val mm256_testz_si256 (lhs rhs: u8) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) + val mm256_unpackhi_epi32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) val mm256_unpackhi_epi64 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) @@ -136,6 +178,9 @@ val mm_packs_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_ val mm_set1_epi16 (constant: i16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm_set_epi32 (input3 input2 input1 input0: i32) + : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm_set_epi8 (byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: u8) @@ -143,10 +188,20 @@ val mm_set_epi8 val mm_shuffle_epi8 (vector control: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm_sllv_epi32 (vector counts: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +val mm_srli_epi64 (v_SHIFT_BY: i32) (vector: u8) + : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm_storeu_bytes_si128 (output: t_Slice u8) (vector: u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) val mm_storeu_si128 (output: t_Slice i16) (vector: u8) : Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) +val mm_storeu_si128_i32 (output: t_Slice i32) (vector: u8) + : Prims.Pure (t_Slice i32) Prims.l_True (fun _ -> Prims.l_True) + val mm_sub_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +val vec256_blendv_epi32 (a b mask: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index 44b51e041..1c0bd1278 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -22,8 +22,7 @@ let compute_As_plus_e (s_as_ntt error_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = - let tt_as_ntt, hax_temp_output:t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Folds.fold_enumerated_slice (matrix_A <: t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) @@ -101,6 +100,7 @@ let compute_As_plus_e in tt_as_ntt) in + let hax_temp_output:Prims.unit = () <: Prims.unit in tt_as_ntt let compute_ring_element_v @@ -301,7 +301,7 @@ let sample_matrix_A (seed: t_Array u8 (sz 34)) (transpose: bool) = - let v_A_transpose, hax_temp_output:t_Array + let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = Rust_primitives.Hax.Folds.fold_range (sz 0) v_K @@ -409,4 +409,5 @@ let sample_matrix_A in v_A_transpose)) in + let hax_temp_output:Prims.unit = () <: Prims.unit in v_A_transpose diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index 705ef5d7a..f90c60055 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -690,8 +690,7 @@ let deserialize_ring_elements_reduced (public_key: t_Slice u8) (deserialized_pk: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = - let deserialized_pk, hax_temp_output:t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT public_key (fun deserialized_pk temp_1_ -> @@ -716,6 +715,7 @@ let deserialize_ring_elements_reduced <: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) in + let hax_temp_output:Prims.unit = () <: Prims.unit in deserialized_pk let deserialize_ring_elements_reduced_out diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs index 3f086e3d4..651ab345b 100644 --- a/libcrux-ml-kem/src/matrix.rs +++ b/libcrux-ml-kem/src/matrix.rs @@ -27,7 +27,8 @@ pub(crate) fn sample_matrix_A( } t_as_ntt[i].add_standard_error_reduce(&error_as_ntt[i]); } - } + }; + () } diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs index db357ccf6..44736b59d 100644 --- a/libcrux-ml-kem/src/serialize.rs +++ b/libcrux-ml-kem/src/serialize.rs @@ -121,7 +121,8 @@ pub(super) fn deserialize_ring_elements_reduced< { deserialized_pk[i] = deserialize_to_reduced_ring_element(ring_element); } - } + }; + () } #[inline(always)] From 521b98d35ed08a3716bdb100ae3844054957a0c1 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 16 Sep 2024 14:47:11 +0000 Subject: [PATCH 156/172] update docker image for C extraction --- .docker/c/ext-tools.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.docker/c/ext-tools.sh b/.docker/c/ext-tools.sh index c6222c913..7ce0eebe3 100644 --- a/.docker/c/ext-tools.sh +++ b/.docker/c/ext-tools.sh @@ -4,23 +4,23 @@ set -v -e -x source $HOME/.profile -curl -L https://github.com/AeneasVerif/charon/archive/b351338f6a84c7a1afc27433eb0ffdc668b3581d.zip \ +curl -L https://github.com/AeneasVerif/charon/archive/28d543bfacc902ba9cc2a734b76baae9583892a4.zip \ --output charon.zip unzip charon.zip rm -rf charon.zip -mv charon-b351338f6a84c7a1afc27433eb0ffdc668b3581d/ charon +mv charon-28d543bfacc902ba9cc2a734b76baae9583892a4/ charon -curl -L https://github.com/FStarLang/karamel/archive/c96fb69d15693284644d6aecaa90afa37e4de8f0.zip \ +curl -L https://github.com/FStarLang/karamel/archive/15d4bce74a2d43e34a64f48f8311b7d9bcb0e152.zip \ --output karamel.zip unzip karamel.zip rm -rf karamel.zip -mv karamel-c96fb69d15693284644d6aecaa90afa37e4de8f0/ karamel +mv karamel-15d4bce74a2d43e34a64f48f8311b7d9bcb0e152/ karamel -curl -L https://github.com/AeneasVerif/eurydice/archive/7efec1624422fd5e94388ef06b9c76dfe7a48d46.zip \ +curl -L https://github.com/AeneasVerif/eurydice/archive/1a65dbf3758fe310833718c645a64266294a29ac.zip \ --output eurydice.zip unzip eurydice.zip rm -rf eurydice.zip -mv eurydice-7efec1624422fd5e94388ef06b9c76dfe7a48d46/ eurydice +mv eurydice-1a65dbf3758fe310833718c645a64266294a29ac/ eurydice echo "export KRML_HOME=$HOME/karamel" >>$HOME/.profile echo "export EURYDICE_HOME=$HOME/eurydice" >>$HOME/.profile From 97f7cefe14dabf275e4671ffea87e032d7779b71 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 16 Sep 2024 14:47:18 +0000 Subject: [PATCH 157/172] fix kyber --- libcrux-ml-kem/src/ind_cca.rs | 3 ++- libcrux-ml-kem/src/ind_cca/instantiations.rs | 1 + libcrux-ml-kem/src/ind_cpa.rs | 7 ++++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 31dc1b563..b905b706f 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -457,6 +457,7 @@ pub(crate) mod unpacked { const ETA1_RANDOMNESS_SIZE: usize, Vector: Operations, Hasher: Hash, + Scheme: Variant, >( randomness: [u8; KEY_GENERATION_SEED_SIZE], out: &mut MlKemKeyPairUnpacked, @@ -464,7 +465,7 @@ pub(crate) mod unpacked { let ind_cpa_keypair_randomness = &randomness[0..CPA_PKE_KEY_GENERATION_SEED_SIZE]; let implicit_rejection_value = &randomness[CPA_PKE_KEY_GENERATION_SEED_SIZE..]; - generate_keypair_unpacked::( + generate_keypair_unpacked::( ind_cpa_keypair_randomness, &mut out.private_key.ind_cpa_private_key, &mut out.public_key.ind_cpa_public_key, diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index 84c25668b..a1b76a978 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -312,6 +312,7 @@ macro_rules! instantiate { ETA1_RANDOMNESS_SIZE, $vector, $hash, + crate::variant::MlKem, >(randomness, out) } diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index da13442ec..5a2367195 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -16,7 +16,7 @@ use crate::{ serialize_uncompressed_ring_element, }, utils::into_padded_array, - variant::{MlKem, Variant}, + variant::Variant, vector::Operations, }; @@ -232,13 +232,14 @@ pub(crate) fn generate_keypair_unpacked< const ETA1_RANDOMNESS_SIZE: usize, Vector: Operations, Hasher: Hash, + Scheme: Variant, >( key_generation_seed: &[u8], private_key: &mut IndCpaPrivateKeyUnpacked, public_key: &mut IndCpaPublicKeyUnpacked, ) { // (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for ML-KEM - let hashed = MlKem::cpa_keygen_seed::(key_generation_seed); + let hashed = Scheme::cpa_keygen_seed::(key_generation_seed); let (seed_for_A, seed_for_secret_and_error) = hashed.split_at(32); sample_matrix_A::(&mut public_key.A, into_padded_array(seed_for_A), true); @@ -288,7 +289,7 @@ pub(crate) fn generate_keypair< let mut private_key = IndCpaPrivateKeyUnpacked::default(); let mut public_key = IndCpaPublicKeyUnpacked::default(); - generate_keypair_unpacked::( + generate_keypair_unpacked::( key_generation_seed, &mut private_key, &mut public_key, From 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 16 Sep 2024 15:19:45 +0000 Subject: [PATCH 158/172] update C extraction --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 38 +- .../c/internal/libcrux_mlkem_avx2.h | 32 +- .../c/internal/libcrux_mlkem_portable.h | 32 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 38 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 32 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 32 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 32 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 32 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 32 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 32 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 1015 ++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 1018 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 16 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 818 +++++++------ .../cg/libcrux_mlkem768_avx2_types.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 814 +++++++------ .../cg/libcrux_mlkem768_portable_types.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 42 files changed, 2150 insertions(+), 1917 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 41794f3c1..1941d5aa3 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 +Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 9d4ec69c2..d63ff8521 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __internal_libcrux_core_H @@ -69,7 +69,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_40_1c1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_40_601( uint8_t value[1568U]); /** @@ -85,7 +85,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_621( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_8b1( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -98,7 +98,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_88_3e1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_88_2d1( uint8_t value[3168U]); /** @@ -110,7 +110,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_40_1c0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_40_600( uint8_t value[1184U]); /** @@ -126,7 +126,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_620( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_8b0( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -139,7 +139,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_88_3e0( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_88_2d0( uint8_t value[2400U]); /** @@ -151,7 +151,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_40_1c( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_40_60( uint8_t value[800U]); /** @@ -167,7 +167,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_62( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_8b( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -180,7 +180,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_88_3e( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_88_2d( uint8_t value[1632U]); /** @@ -194,7 +194,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_e91( +uint8_t *libcrux_ml_kem_types_as_slice_ba_121( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -206,7 +206,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_fc_151( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_fc_361( uint8_t value[1088U]); /** @@ -218,7 +218,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_b61( +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed1( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -243,7 +243,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_e90( +uint8_t *libcrux_ml_kem_types_as_slice_ba_120( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -255,7 +255,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_fc_150( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_fc_360( uint8_t value[768U]); /** @@ -267,7 +267,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_b60( +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed0( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** @@ -292,7 +292,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_e9( +uint8_t *libcrux_ml_kem_types_as_slice_ba_12( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -339,7 +339,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_fc_15( +libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_fc_36( uint8_t value[1568U]); /** @@ -362,7 +362,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_b6( +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed( libcrux_ml_kem_types_MlKemCiphertext_1f *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index dae116343..76a437be1 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -48,7 +48,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_331(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_051(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -65,7 +65,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_701( +bool libcrux_ml_kem_ind_cca_validate_private_key_4d1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); @@ -91,7 +91,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_7a1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_511(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -112,7 +112,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_4a1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9c1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -138,7 +138,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_051( +void libcrux_ml_kem_ind_cca_decapsulate_971( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -157,7 +157,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_330(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_050(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -174,7 +174,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_700( +bool libcrux_ml_kem_ind_cca_validate_private_key_4d0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); @@ -200,7 +200,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_7a0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -221,7 +221,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_4a0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9c0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -247,7 +247,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_050( +void libcrux_ml_kem_ind_cca_decapsulate_970( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); @@ -266,7 +266,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_33(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_05(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -283,7 +283,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_70( +bool libcrux_ml_kem_ind_cca_validate_private_key_4d( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); @@ -308,7 +308,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_7a( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_51( uint8_t randomness[64U]); /** @@ -330,7 +330,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_4a( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9c( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -356,7 +356,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_05( +void libcrux_ml_kem_ind_cca_decapsulate_97( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 2718a9825..dddacb13a 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -53,7 +53,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c31(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_951(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -70,7 +70,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_9d( +bool libcrux_ml_kem_ind_cca_validate_private_key_0f( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); @@ -96,7 +96,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_7d1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_541(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -117,7 +117,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c11( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_b11( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -143,7 +143,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_2b1( +void libcrux_ml_kem_ind_cca_decapsulate_6a1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); @@ -162,7 +162,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c30(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_950(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -179,7 +179,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_df( +bool libcrux_ml_kem_ind_cca_validate_private_key_3d( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); @@ -205,7 +205,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_7d0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -226,7 +226,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c10( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b10( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -252,7 +252,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_2b0( +void libcrux_ml_kem_ind_cca_decapsulate_6a0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -271,7 +271,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c3(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_95(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -288,7 +288,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_49( +bool libcrux_ml_kem_ind_cca_validate_private_key_46( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); @@ -314,7 +314,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_7d(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -335,7 +335,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -361,7 +361,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_2b( +void libcrux_ml_kem_ind_cca_decapsulate_6a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index c112b8994..a816870cb 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index e99d22bd0..2728474cc 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 0bfb8347b..d9873deab 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "internal/libcrux_core.h" @@ -91,7 +91,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_40_1c1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_40_601( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -114,7 +114,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_621( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_8b1( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -130,7 +130,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_88_3e1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_88_2d1( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -149,7 +149,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_40_1c0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_40_600( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -172,7 +172,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_620( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_8b0( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -188,7 +188,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_88_3e0( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_88_2d0( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -207,7 +207,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_40_1c( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_40_60( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -230,7 +230,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_62( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_8b( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -245,7 +245,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_88_3e( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_88_2d( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -266,7 +266,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_e91( +uint8_t *libcrux_ml_kem_types_as_slice_ba_121( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -280,7 +280,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_fc_151( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_fc_361( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -299,7 +299,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_b61( +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed1( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -334,7 +334,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_e90( +uint8_t *libcrux_ml_kem_types_as_slice_ba_120( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -348,7 +348,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_fc_150( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_fc_360( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -367,7 +367,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_b60( +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed0( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } @@ -402,7 +402,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_e9( +uint8_t *libcrux_ml_kem_types_as_slice_ba_12( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -456,7 +456,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_fc_15( +libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_fc_36( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -494,7 +494,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_b6( +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed( libcrux_ml_kem_types_MlKemCiphertext_1f *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 346856746..b6fc94baa 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 9a2dcb13a..b3a6aef7e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 885e07729..ead7903df 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "libcrux_mlkem1024_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_d60( +static void decapsulate_800( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_050(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_970(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_d60( void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - decapsulate_d60(private_key, ciphertext, ret); + decapsulate_800(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_200( +static tuple_21 encapsulate_4d0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_4a0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_9c0(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_200(uu____0, copy_of_randomness); + return encapsulate_4d0(uu____0, copy_of_randomness); } /** @@ -115,12 +115,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_700( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_740( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_7a0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_510(copy_of_randomness); } /** @@ -131,7 +131,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_700(copy_of_randomness); + return generate_keypair_740(copy_of_randomness); } /** @@ -145,10 +145,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_290( +static KRML_MUSTINLINE bool validate_private_key_2d0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_700(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_4d0(private_key, ciphertext); } @@ -160,7 +160,7 @@ static KRML_MUSTINLINE bool validate_private_key_290( bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return validate_private_key_290(private_key, ciphertext); + return validate_private_key_2d0(private_key, ciphertext); } /** @@ -174,8 +174,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_e70(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_330(public_key); +static KRML_MUSTINLINE bool validate_public_key_060(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_050(public_key); } /** @@ -185,5 +185,5 @@ static KRML_MUSTINLINE bool validate_public_key_e70(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_e70(public_key->value); + return validate_public_key_060(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index aec5de25f..0137867e0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 9015a9b24..44f7cd132 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "libcrux_mlkem1024_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_a61( +static void decapsulate_c41( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_2b1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6a1(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_a61( void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - decapsulate_a61(private_key, ciphertext, ret); + decapsulate_c41(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_8a1( +static tuple_21 encapsulate_591( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_c11(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_b11(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_8a1(uu____0, copy_of_randomness); + return encapsulate_591(uu____0, copy_of_randomness); } /** @@ -116,12 +116,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_b31( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6b1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_7d1(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_541(copy_of_randomness); } /** @@ -132,7 +132,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b31(copy_of_randomness); + return generate_keypair_6b1(copy_of_randomness); } /** @@ -146,10 +146,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_221( +static KRML_MUSTINLINE bool validate_private_key_7c1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_9d(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_0f(private_key, ciphertext); } @@ -161,7 +161,7 @@ static KRML_MUSTINLINE bool validate_private_key_221( bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return validate_private_key_221(private_key, ciphertext); + return validate_private_key_7c1(private_key, ciphertext); } /** @@ -175,8 +175,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_091(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_c31(public_key); +static KRML_MUSTINLINE bool validate_public_key_981(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_951(public_key); } /** @@ -186,5 +186,5 @@ static KRML_MUSTINLINE bool validate_public_key_091(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_091(public_key->value); + return validate_public_key_981(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 6445f213d..f90019244 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 7ef378319..c5a45c75e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 83e9daf1b..dbd91535d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "libcrux_mlkem512_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_d6(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_80(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_05(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_97(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_d6(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_d6(private_key, ciphertext, ret); + decapsulate_80(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_20( +static tuple_ec encapsulate_4d( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_4a(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_9c(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_20(uu____0, copy_of_randomness); + return encapsulate_4d(uu____0, copy_of_randomness); } /** @@ -115,12 +115,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_70( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_74( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_7a(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_51(copy_of_randomness); } /** @@ -131,7 +131,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_70(copy_of_randomness); + return generate_keypair_74(copy_of_randomness); } /** @@ -145,10 +145,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_29( +static KRML_MUSTINLINE bool validate_private_key_2d( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_70(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_4d(private_key, ciphertext); } @@ -160,7 +160,7 @@ static KRML_MUSTINLINE bool validate_private_key_29( bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_29(private_key, ciphertext); + return validate_private_key_2d(private_key, ciphertext); } /** @@ -174,8 +174,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_e7(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_33(public_key); +static KRML_MUSTINLINE bool validate_public_key_06(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_05(public_key); } /** @@ -185,5 +185,5 @@ static KRML_MUSTINLINE bool validate_public_key_e7(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_e7(public_key->value); + return validate_public_key_06(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 690bd5e94..52b13f940 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 187424327..1ccf583ba 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "libcrux_mlkem512_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_a60( +static void decapsulate_c40( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_2b0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6a0(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_a60( void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_a60(private_key, ciphertext, ret); + decapsulate_c40(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_8a0( +static tuple_ec encapsulate_590( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_c10(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_b10(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_8a0(uu____0, copy_of_randomness); + return encapsulate_590(uu____0, copy_of_randomness); } /** @@ -116,12 +116,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_b30( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_6b0( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_7d0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_540(copy_of_randomness); } /** @@ -132,7 +132,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b30(copy_of_randomness); + return generate_keypair_6b0(copy_of_randomness); } /** @@ -146,10 +146,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_220( +static KRML_MUSTINLINE bool validate_private_key_7c0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_df(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_3d(private_key, ciphertext); } @@ -161,7 +161,7 @@ static KRML_MUSTINLINE bool validate_private_key_220( bool libcrux_ml_kem_mlkem512_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_220(private_key, ciphertext); + return validate_private_key_7c0(private_key, ciphertext); } /** @@ -175,8 +175,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_090(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_c30(public_key); +static KRML_MUSTINLINE bool validate_public_key_980(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_950(public_key); } /** @@ -186,5 +186,5 @@ static KRML_MUSTINLINE bool validate_public_key_090(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_090(public_key->value); + return validate_public_key_980(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index ea7de228c..1d12a463f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 79c13ed2a..8c310f854 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 1e49c1f00..40d410fc0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "libcrux_mlkem768_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_d61( +static void decapsulate_801( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_051(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_971(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_d61( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_d61(private_key, ciphertext, ret); + decapsulate_801(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_201( +static tuple_3c encapsulate_4d1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_4a1(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_9c1(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_201(uu____0, copy_of_randomness); + return encapsulate_4d1(uu____0, copy_of_randomness); } /** @@ -115,12 +115,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_701( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_741( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_7a1(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_511(copy_of_randomness); } /** @@ -131,7 +131,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_701(copy_of_randomness); + return generate_keypair_741(copy_of_randomness); } /** @@ -145,10 +145,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_291( +static KRML_MUSTINLINE bool validate_private_key_2d1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_701(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_4d1(private_key, ciphertext); } @@ -160,7 +160,7 @@ static KRML_MUSTINLINE bool validate_private_key_291( bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_291(private_key, ciphertext); + return validate_private_key_2d1(private_key, ciphertext); } /** @@ -174,8 +174,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_e71(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_331(public_key); +static KRML_MUSTINLINE bool validate_public_key_061(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_051(public_key); } /** @@ -185,5 +185,5 @@ static KRML_MUSTINLINE bool validate_public_key_e71(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_e71(public_key->value); + return validate_public_key_061(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index d3520a1b9..a2ee6c8d8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 1a7176897..67296e121 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "libcrux_mlkem768_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_a6( +static void decapsulate_c4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_2b(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6a(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_a6( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_a6(private_key, ciphertext, ret); + decapsulate_c4(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_8a( +static tuple_3c encapsulate_59( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_c1(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_b1(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_8a(uu____0, copy_of_randomness); + return encapsulate_59(uu____0, copy_of_randomness); } /** @@ -116,12 +116,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_b3( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_6b( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_7d(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_54(copy_of_randomness); } /** @@ -132,7 +132,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b3(copy_of_randomness); + return generate_keypair_6b(copy_of_randomness); } /** @@ -146,10 +146,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_22( +static KRML_MUSTINLINE bool validate_private_key_7c( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_49(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_46(private_key, ciphertext); } @@ -161,7 +161,7 @@ static KRML_MUSTINLINE bool validate_private_key_22( bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_22(private_key, ciphertext); + return validate_private_key_7c(private_key, ciphertext); } /** @@ -175,8 +175,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_09(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_c3(public_key); +static KRML_MUSTINLINE bool validate_public_key_98(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_95(public_key); } /** @@ -186,5 +186,5 @@ static KRML_MUSTINLINE bool validate_public_key_09(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_09(public_key->value); + return validate_public_key_98(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 1e62a474e..8ba4db78e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 446d84534..21d70b037 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "internal/libcrux_mlkem_avx2.h" @@ -1070,7 +1070,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_5c(Eurydice_slice serialized) { +deserialize_to_reduced_ring_element_1b(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -1094,7 +1094,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c54( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -1108,7 +1108,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c54( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_5c(ring_element); + deserialize_to_reduced_ring_element_1b(ring_element); deserialized_pk[i0] = uu____0; } } @@ -1126,13 +1126,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_551( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_661( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_d6_7d();); - deserialize_ring_elements_reduced_c54(public_key, deserialized_pk); + deserialize_ring_elements_reduced_8c4(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1143,7 +1143,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_d8(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_84(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1156,8 +1156,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_ea_12(__m256i vector) { - return shift_right_d8(vector); +static __m256i shift_right_ea_fc(__m256i vector) { + return shift_right_84(vector); } /** @@ -1166,8 +1166,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_unsigned_representative_32(__m256i a) { - __m256i t = shift_right_ea_12(a); +static __m256i to_unsigned_representative_c0(__m256i a) { + __m256i t = shift_right_ea_fc(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -1179,13 +1179,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_50( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_53( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = to_unsigned_representative_32(re->coefficients[i0]); + __m256i coefficient = to_unsigned_representative_c0(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1206,7 +1206,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_191( +static KRML_MUSTINLINE void serialize_secret_key_5f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1224,7 +1224,7 @@ static KRML_MUSTINLINE void serialize_secret_key_191( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_50(&re, ret0); + serialize_uncompressed_ring_element_53(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -1242,13 +1242,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_mut_ac1( +static KRML_MUSTINLINE void serialize_public_key_mut_c21( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - serialize_secret_key_191(t_as_ntt, ret); + serialize_secret_key_5f1(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -1268,11 +1268,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_371( +static KRML_MUSTINLINE void serialize_public_key_021( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - serialize_public_key_mut_ac1(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_c21(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -1291,15 +1291,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_331(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_051(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_out_551( + deserialize_ring_elements_reduced_out_661( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_371( + serialize_public_key_021( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1336,7 +1336,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_701( +bool libcrux_ml_kem_ind_cca_validate_private_key_4d1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -1448,7 +1448,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_521( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_e11( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -1590,7 +1590,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e03( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_743( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1713,7 +1713,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e04( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_744( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1757,7 +1757,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_d6_34(Eurydice_slice a) { +from_i16_array_d6_14(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1775,9 +1775,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_b71( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e41( int16_t s[272U]) { - return from_i16_array_d6_34( + return from_i16_array_d6_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1787,7 +1787,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_591( +static KRML_MUSTINLINE void sample_from_xof_671( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -1802,7 +1802,7 @@ static KRML_MUSTINLINE void sample_from_xof_591( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e03( + bool done = sample_from_uniform_distribution_next_743( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -1814,7 +1814,7 @@ static KRML_MUSTINLINE void sample_from_xof_591( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e04( + done = sample_from_uniform_distribution_next_744( copy_of_randomness, sampled_coefficients, out); } } @@ -1823,7 +1823,7 @@ static KRML_MUSTINLINE void sample_from_xof_591( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_b71(copy_of_out[i]);); + ret0[i] = closure_e41(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1835,7 +1835,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_591( +static KRML_MUSTINLINE void sample_matrix_A_341( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR3( @@ -1852,7 +1852,7 @@ static KRML_MUSTINLINE void sample_matrix_A_591( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_591(copy_of_seeds, sampled); + sample_from_xof_671(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -1977,7 +1977,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_1b(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_ea(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -2011,7 +2011,7 @@ sample_from_binomial_distribution_2_1b(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_d6_34( + return from_i16_array_d6_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2022,7 +2022,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_e1(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_3c(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -2055,7 +2055,7 @@ sample_from_binomial_distribution_3_e1(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_d6_34( + return from_i16_array_d6_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2066,8 +2066,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_d5(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_1b(randomness); +sample_from_binomial_distribution_af(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_ea(randomness); } /** @@ -2076,7 +2076,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_77( +static KRML_MUSTINLINE void ntt_at_layer_7_ab( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -2101,7 +2101,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i montgomery_multiply_fe_78(__m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_aa(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -2112,8 +2112,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_d7(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_78(b, zeta_r); +ntt_layer_int_vec_step_c2(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_aa(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -2126,7 +2126,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_ba( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_b8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2139,7 +2139,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_ba( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_d7( + ntt_layer_int_vec_step_c2( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2156,7 +2156,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_b7( +static KRML_MUSTINLINE void ntt_at_layer_3_5f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2172,7 +2172,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_20( +static KRML_MUSTINLINE void ntt_at_layer_2_c2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2191,7 +2191,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_91( +static KRML_MUSTINLINE void ntt_at_layer_1_60( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2219,7 +2219,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_d6_a7( +static KRML_MUSTINLINE void poly_barrett_reduce_d6_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2235,17 +2235,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b6( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_77(re); + ntt_at_layer_7_ab(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b7(&zeta_i, re); - ntt_at_layer_2_20(&zeta_i, re); - ntt_at_layer_1_91(&zeta_i, re); - poly_barrett_reduce_d6_a7(re); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_5f(&zeta_i, re); + ntt_at_layer_2_c2(&zeta_i, re); + ntt_at_layer_1_60(&zeta_i, re); + poly_barrett_reduce_d6_2b(re); } /** @@ -2260,7 +2260,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_6e1( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -2277,9 +2277,9 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_6e1( PRFxN_a9_162(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_d5( + re_as_ntt[i0] = sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_b6(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); return domain_separator; } @@ -2302,7 +2302,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_1a1( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_7f1( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -2311,7 +2311,7 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_1a1( uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_6e1(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_ee1(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -2364,7 +2364,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_d6_5f(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_d6_f1(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_d6_7d(); for (size_t i = (size_t)0U; @@ -2402,7 +2402,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_d6_131( +static KRML_MUSTINLINE void add_to_ring_element_d6_b81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2422,7 +2422,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_standard_domain_07(__m256i v) { +static __m256i to_standard_domain_bd(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -2438,14 +2438,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_d6_9a( +static KRML_MUSTINLINE void add_standard_error_reduce_d6_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - to_standard_domain_07(self->coefficients[j]); + to_standard_domain_bd(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &error->coefficients[j])); @@ -2461,7 +2461,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_911( +static KRML_MUSTINLINE void compute_As_plus_e_a21( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -2488,10 +2488,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_911( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_5f(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_131(&t_as_ntt[i0], &product); + ntt_multiply_d6_f1(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_b81(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_9a(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_d6_a7(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -2539,17 +2539,18 @@ static KRML_MUSTINLINE void compute_As_plus_e_911( /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 3 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_a51( +static void generate_keypair_unpacked_811( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_a0 *private_key, IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_521(key_generation_seed, hashed); + cpa_keygen_seed_d8_e11(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -2559,7 +2560,7 @@ static void generate_keypair_unpacked_a51( public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); - sample_matrix_A_591(uu____1, ret, true); + sample_matrix_A_341(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); @@ -2569,17 +2570,17 @@ static void generate_keypair_unpacked_a51( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_6e1(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_ee1(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_1a1(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_7f1(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_911(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_a21(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -2600,18 +2601,18 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_c11( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_2f1( Eurydice_slice key_generation_seed) { IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_191(); IndCpaPublicKeyUnpacked_a0 public_key = default_8d_801(); - generate_keypair_unpacked_a51(key_generation_seed, &private_key, &public_key); + generate_keypair_unpacked_811(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - serialize_public_key_371( + serialize_public_key_021( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_191(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_5f1(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2638,7 +2639,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_901( +static KRML_MUSTINLINE void serialize_kem_secret_key_0a1( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2702,7 +2703,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_7a1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_511(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2711,13 +2712,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_7a1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_c11(ind_cpa_keypair_randomness); + generate_keypair_2f1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_901( + serialize_kem_secret_key_0a1( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2726,13 +2727,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_7a1(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_88_3e0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_620( - uu____2, libcrux_ml_kem_types_from_40_1c0(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b0( + uu____2, libcrux_ml_kem_types_from_40_600(copy_of_public_key)); } /** @@ -2745,7 +2746,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_5d1(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_961(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -2763,7 +2764,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c51( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -2777,7 +2778,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c51( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_5c(ring_element); + deserialize_to_reduced_ring_element_1b(ring_element); deserialized_pk[i0] = uu____0; } } @@ -2794,7 +2795,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_5b1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_c61(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_d6_7d();); @@ -2813,7 +2814,7 @@ sample_ring_element_cbd_5b1(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_d5( + sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -2862,7 +2863,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_a9( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_2b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2886,7 +2887,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_c9( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_6a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2906,7 +2907,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_e8( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_ad( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2924,11 +2925,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_af(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_63(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = montgomery_multiply_fe_78(a_minus_b, zeta_r); + b = montgomery_multiply_fe_aa(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2939,7 +2940,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_4a( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2954,7 +2955,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_4a( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_af( + inv_ntt_layer_int_vec_step_reduce_63( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2971,18 +2972,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_bf1( +static KRML_MUSTINLINE void invert_ntt_montgomery_191( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_a9(&zeta_i, re); - invert_ntt_at_layer_2_c9(&zeta_i, re); - invert_ntt_at_layer_3_e8(&zeta_i, re); - invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_a7(re); + invert_ntt_at_layer_1_2b(&zeta_i, re); + invert_ntt_at_layer_2_6a(&zeta_i, re); + invert_ntt_at_layer_3_ad(&zeta_i, re); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_2b(re); } /** @@ -2996,7 +2997,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_d6_f4( +static KRML_MUSTINLINE void add_error_reduce_d6_89( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3020,7 +3021,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_c61( +static KRML_MUSTINLINE void compute_vector_u_ba1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -3047,11 +3048,11 @@ static KRML_MUSTINLINE void compute_vector_u_c61( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_5f(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_131(&result[i1], &product); + ntt_multiply_d6_f1(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_b81(&result[i1], &product); } - invert_ntt_montgomery_bf1(&result[i1]); - add_error_reduce_d6_f4(&result[i1], &error_1[i1]); + invert_ntt_montgomery_191(&result[i1]); + add_error_reduce_d6_89(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3064,7 +3065,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_a0(__m256i v) { +static __m256i decompress_1_f2(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3078,7 +3079,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_37(uint8_t serialized[32U]) { +deserialize_then_decompress_message_ef(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; @@ -3087,7 +3088,7 @@ deserialize_then_decompress_message_37(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_a0(coefficient_compressed);); + re.coefficients[i0] = decompress_1_f2(coefficient_compressed);); return re; } @@ -3103,7 +3104,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_d6_a6( +add_message_error_reduce_d6_df( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3133,7 +3134,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_d01( +compute_ring_element_v_9f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -3141,10 +3142,10 @@ compute_ring_element_v_d01( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_5f(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_131(&result, &product);); - invert_ntt_montgomery_bf1(&result); - result = add_message_error_reduce_d6_a6(error_2, message, result); + ntt_multiply_d6_f1(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_b81(&result, &product);); + invert_ntt_montgomery_191(&result); + result = add_message_error_reduce_d6_df(error_2, message, result); return result; } @@ -3155,7 +3156,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_fb(__m256i vector) { +compress_ciphertext_coefficient_43(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3202,8 +3203,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_ea_43(__m256i vector) { - return compress_ciphertext_coefficient_fb(vector); +static __m256i compress_ea_ab(__m256i vector) { + return compress_ciphertext_coefficient_43(vector); } /** @@ -3212,14 +3213,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_d20( +static KRML_MUSTINLINE void compress_then_serialize_10_190( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_43(to_unsigned_representative_32(re->coefficients[i0])); + compress_ea_ab(to_unsigned_representative_c0(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3237,7 +3238,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_fb0(__m256i vector) { +compress_ciphertext_coefficient_430(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3284,8 +3285,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_ea_430(__m256i vector) { - return compress_ciphertext_coefficient_fb0(vector); +static __m256i compress_ea_ab0(__m256i vector) { + return compress_ciphertext_coefficient_430(vector); } /** @@ -3295,10 +3296,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_cc0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_880( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_d20(re, uu____0); + compress_then_serialize_10_190(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3314,7 +3315,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_9e1( +static void compress_then_serialize_u_0b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3330,7 +3331,7 @@ static void compress_then_serialize_u_9e1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_cc0(&re, ret); + compress_then_serialize_ring_element_u_880(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3343,7 +3344,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_fb1(__m256i vector) { +compress_ciphertext_coefficient_431(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3390,8 +3391,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_ea_431(__m256i vector) { - return compress_ciphertext_coefficient_fb1(vector); +static __m256i compress_ea_ab1(__m256i vector) { + return compress_ciphertext_coefficient_431(vector); } /** @@ -3400,14 +3401,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_8a( +static KRML_MUSTINLINE void compress_then_serialize_4_f5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_431(to_unsigned_representative_32(re.coefficients[i0])); + compress_ea_ab1(to_unsigned_representative_c0(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); Eurydice_slice_copy( @@ -3424,7 +3425,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_fb2(__m256i vector) { +compress_ciphertext_coefficient_432(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3471,8 +3472,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_ea_432(__m256i vector) { - return compress_ciphertext_coefficient_fb2(vector); +static __m256i compress_ea_ab2(__m256i vector) { + return compress_ciphertext_coefficient_432(vector); } /** @@ -3481,14 +3482,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_f8( +static KRML_MUSTINLINE void compress_then_serialize_5_a4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_ea_432(to_unsigned_representative_32(re.coefficients[i0])); + compress_ea_ab2(to_unsigned_representative_c0(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); Eurydice_slice_copy( @@ -3505,9 +3506,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_bb0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_f30( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_8a(re, out); + compress_then_serialize_4_f5(re, out); } /** @@ -3568,7 +3569,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_5d1(IndCpaPublicKeyUnpacked_a0 *public_key, +static void encrypt_unpacked_be1(IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { @@ -3577,7 +3578,7 @@ static void encrypt_unpacked_5d1(IndCpaPublicKeyUnpacked_a0 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_1a1(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_7f1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -3587,7 +3588,7 @@ static void encrypt_unpacked_5d1(IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_5b1(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_c61(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3598,28 +3599,28 @@ static void encrypt_unpacked_5d1(IndCpaPublicKeyUnpacked_a0 *public_key, PRF_a9_424(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_d5( + sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_c61(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_ba1(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_37(copy_of_message); + deserialize_then_decompress_message_ef(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_d01(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_9f1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_9e1( + compress_then_serialize_u_0b1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_bb0( + compress_then_serialize_ring_element_v_f30( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3642,10 +3643,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0f1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_a41(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_801(); - deserialize_ring_elements_reduced_c51( + deserialize_ring_elements_reduced_8c1( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -3654,13 +3655,13 @@ static void encrypt_0f1(Eurydice_slice public_key, uint8_t message[32U], unpacked_public_key.A; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_591(uu____0, ret0, false); + sample_matrix_A_341(uu____0, ret0, false); IndCpaPublicKeyUnpacked_a0 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_5d1(uu____1, copy_of_message, randomness, ret1); + encrypt_unpacked_be1(uu____1, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -3675,7 +3676,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_951(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_e91(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3702,11 +3703,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_4a1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9c1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_5d1( + entropy_preprocess_d8_961( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -3716,7 +3717,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_4a1( size_t); uint8_t ret[32U]; H_a9_161(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_e91(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -3730,19 +3731,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_4a1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_e91(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_0f1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_a41(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_fc_151(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_361(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_951(shared_secret, shared_secret_array); + kdf_d8_e91(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3761,7 +3762,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_e3(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_71(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -3782,7 +3783,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_131( +static KRML_MUSTINLINE void deserialize_secret_key_c51( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -3799,7 +3800,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_131( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_e3(secret_bytes); + deserialize_to_uncompressed_ring_element_71(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -3814,7 +3815,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_39(__m256i vector) { +decompress_ciphertext_coefficient_87(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3858,8 +3859,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_ea_64(__m256i vector) { - return decompress_ciphertext_coefficient_39(vector); +static __m256i decompress_ciphertext_coefficient_ea_2e(__m256i vector) { + return decompress_ciphertext_coefficient_87(vector); } /** @@ -3869,7 +3870,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_c6(Eurydice_slice serialized) { +deserialize_then_decompress_10_5f(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { @@ -3877,7 +3878,7 @@ deserialize_then_decompress_10_c6(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_64(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_2e(coefficient); } return re; } @@ -3889,7 +3890,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_390(__m256i vector) { +decompress_ciphertext_coefficient_870(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3933,8 +3934,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_ea_640(__m256i vector) { - return decompress_ciphertext_coefficient_390(vector); +static __m256i decompress_ciphertext_coefficient_ea_2e0(__m256i vector) { + return decompress_ciphertext_coefficient_870(vector); } /** @@ -3944,7 +3945,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_1f(Eurydice_slice serialized) { +deserialize_then_decompress_11_9a(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { @@ -3952,7 +3953,7 @@ deserialize_then_decompress_11_1f(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_640(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_2e0(coefficient); } return re; } @@ -3964,8 +3965,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_320(Eurydice_slice serialized) { - return deserialize_then_decompress_10_c6(serialized); +deserialize_then_decompress_ring_element_u_f90(Eurydice_slice serialized) { + return deserialize_then_decompress_10_5f(serialized); } /** @@ -3974,17 +3975,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_4d0( +static KRML_MUSTINLINE void ntt_vector_u_9b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b7(&zeta_i, re); - ntt_at_layer_2_20(&zeta_i, re); - ntt_at_layer_1_91(&zeta_i, re); - poly_barrett_reduce_d6_a7(re); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_5f(&zeta_i, re); + ntt_at_layer_2_c2(&zeta_i, re); + ntt_at_layer_1_60(&zeta_i, re); + poly_barrett_reduce_d6_2b(re); } /** @@ -3999,7 +4000,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_1f1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_9d1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -4022,8 +4023,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1f1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_320(u_bytes); - ntt_vector_u_4d0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f90(u_bytes); + ntt_vector_u_9b0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4037,7 +4038,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_391(__m256i vector) { +decompress_ciphertext_coefficient_871(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4081,8 +4082,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_ea_641(__m256i vector) { - return decompress_ciphertext_coefficient_391(vector); +static __m256i decompress_ciphertext_coefficient_ea_2e1(__m256i vector) { + return decompress_ciphertext_coefficient_871(vector); } /** @@ -4092,7 +4093,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_b1(Eurydice_slice serialized) { +deserialize_then_decompress_4_8d(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { @@ -4100,7 +4101,7 @@ deserialize_then_decompress_4_b1(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_641(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_2e1(coefficient); } return re; } @@ -4112,7 +4113,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_392(__m256i vector) { +decompress_ciphertext_coefficient_872(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4156,8 +4157,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_ea_642(__m256i vector) { - return decompress_ciphertext_coefficient_392(vector); +static __m256i decompress_ciphertext_coefficient_ea_2e2(__m256i vector) { + return decompress_ciphertext_coefficient_872(vector); } /** @@ -4167,7 +4168,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_7e(Eurydice_slice serialized) { +deserialize_then_decompress_5_c1(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { @@ -4176,7 +4177,7 @@ deserialize_then_decompress_5_7e(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_642(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_2e2(re.coefficients[i0]); } return re; } @@ -4188,8 +4189,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_7b0(Eurydice_slice serialized) { - return deserialize_then_decompress_4_b1(serialized); +deserialize_then_decompress_ring_element_v_590(Eurydice_slice serialized) { + return deserialize_then_decompress_4_8d(serialized); } /** @@ -4204,7 +4205,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_d6_a7(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_d6_4a(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4232,17 +4233,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_1b1( +compute_message_6a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_5f(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_131(&result, &product);); - invert_ntt_montgomery_bf1(&result); - result = subtract_reduce_d6_a7(v, result); + ntt_multiply_d6_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_b81(&result, &product);); + invert_ntt_montgomery_191(&result); + result = subtract_reduce_d6_4a(v, result); return result; } @@ -4252,12 +4253,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_0e( +static KRML_MUSTINLINE void compress_then_serialize_message_53( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_representative_32(re.coefficients[i0]); + __m256i coefficient = to_unsigned_representative_c0(re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); uint8_t bytes[2U]; @@ -4304,18 +4305,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e71(IndCpaPrivateKeyUnpacked_a0 *secret_key, +static void decrypt_unpacked_671(IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_1f1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_9d1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_7b0( + deserialize_then_decompress_ring_element_v_590( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_1b1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_6a1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_0e(message, ret0); + compress_then_serialize_message_53(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4329,10 +4330,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_481(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_3d1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_131(secret_key, secret_as_ntt); + deserialize_secret_key_c51(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4343,7 +4344,7 @@ static void decrypt_481(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_e71(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_671(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4395,7 +4396,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_051( +void libcrux_ml_kem_ind_cca_decapsulate_971( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4413,7 +4414,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_051( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_481(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_3d1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -4435,7 +4436,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_051( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_b61(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_423(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4445,17 +4446,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_051( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_0f1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_a41(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_951(Eurydice_array_to_slice( + kdf_d8_e91(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_951(shared_secret0, shared_secret); + kdf_d8_e91(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_b61(ciphertext), + libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4474,7 +4475,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c53( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c3( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -4488,7 +4489,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c53( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_5c(ring_element); + deserialize_to_reduced_ring_element_1b(ring_element); deserialized_pk[i0] = uu____0; } } @@ -4506,13 +4507,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_550( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_660( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_d6_7d();); - deserialize_ring_elements_reduced_c53(public_key, deserialized_pk); + deserialize_ring_elements_reduced_8c3(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -4528,7 +4529,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_19( +static KRML_MUSTINLINE void serialize_secret_key_5f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -4546,7 +4547,7 @@ static KRML_MUSTINLINE void serialize_secret_key_19( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_50(&re, ret0); + serialize_uncompressed_ring_element_53(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4564,13 +4565,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_mut_ac( +static KRML_MUSTINLINE void serialize_public_key_mut_c2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret[1536U]; - serialize_secret_key_19(t_as_ntt, ret); + serialize_secret_key_5f(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4590,11 +4591,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_37( +static KRML_MUSTINLINE void serialize_public_key_02( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - serialize_public_key_mut_ac(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_c2(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -4613,15 +4614,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_330(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_050(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_out_550( + deserialize_ring_elements_reduced_out_660( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_37( + serialize_public_key_02( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -4658,7 +4659,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_700( +bool libcrux_ml_kem_ind_cca_validate_private_key_4d0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { uint8_t t[32U]; @@ -4778,7 +4779,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_52( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_e1( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4923,7 +4924,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e0( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_74( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -5049,7 +5050,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e00( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_740( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -5087,9 +5088,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_b7( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e4( int16_t s[272U]) { - return from_i16_array_d6_34( + return from_i16_array_d6_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5099,7 +5100,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_59( +static KRML_MUSTINLINE void sample_from_xof_67( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -5114,7 +5115,7 @@ static KRML_MUSTINLINE void sample_from_xof_59( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e0( + bool done = sample_from_uniform_distribution_next_74( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -5126,7 +5127,7 @@ static KRML_MUSTINLINE void sample_from_xof_59( uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e00( + done = sample_from_uniform_distribution_next_740( copy_of_randomness, sampled_coefficients, out); } } @@ -5135,7 +5136,7 @@ static KRML_MUSTINLINE void sample_from_xof_59( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_b7(copy_of_out[i]);); + ret0[i] = closure_e4(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -5147,7 +5148,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_59( +static KRML_MUSTINLINE void sample_matrix_A_34( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[4U], uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR4( @@ -5164,7 +5165,7 @@ static KRML_MUSTINLINE void sample_matrix_A_59( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_59(copy_of_seeds, sampled); + sample_from_xof_67(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5248,7 +5249,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_6e( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -5265,9 +5266,9 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_6e( PRFxN_a9_16(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_d5( + re_as_ntt[i0] = sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_b6(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); return domain_separator; } @@ -5290,7 +5291,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_1a( +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_7f( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -5299,7 +5300,7 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_1a( uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_6e(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_ee(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -5328,7 +5329,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_d6_13( +static KRML_MUSTINLINE void add_to_ring_element_d6_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5351,7 +5352,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_91( +static KRML_MUSTINLINE void compute_As_plus_e_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -5378,10 +5379,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_91( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_5f(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_13(&t_as_ntt[i0], &product); + ntt_multiply_d6_f1(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_b8(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_9a(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_d6_a7(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -5429,17 +5430,18 @@ static KRML_MUSTINLINE void compute_As_plus_e_91( /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 4 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_a5( +static void generate_keypair_unpacked_81( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_01 *private_key, IndCpaPublicKeyUnpacked_01 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_52(key_generation_seed, hashed); + cpa_keygen_seed_d8_e1(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5449,7 +5451,7 @@ static void generate_keypair_unpacked_a5( public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); - sample_matrix_A_59(uu____1, ret, true); + sample_matrix_A_34(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); @@ -5459,17 +5461,17 @@ static void generate_keypair_unpacked_a5( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_6e(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_ee(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_1a(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_7f(copy_of_prf_input, domain_separator) .fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_91(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_a2(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -5490,18 +5492,18 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_c10( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_2f0( Eurydice_slice key_generation_seed) { IndCpaPrivateKeyUnpacked_01 private_key = default_1a_19(); IndCpaPublicKeyUnpacked_01 public_key = default_8d_80(); - generate_keypair_unpacked_a5(key_generation_seed, &private_key, &public_key); + generate_keypair_unpacked_81(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; - serialize_public_key_37( + serialize_public_key_02( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_19(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_5f(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -5528,7 +5530,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_900( +static KRML_MUSTINLINE void serialize_kem_secret_key_0a0( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5592,7 +5594,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_7a0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5601,13 +5603,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_7a0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_c10(ind_cpa_keypair_randomness); + generate_keypair_2f0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_900( + serialize_kem_secret_key_0a0( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5616,13 +5618,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_7a0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_88_3e1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_621( - uu____2, libcrux_ml_kem_types_from_40_1c1(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b1( + uu____2, libcrux_ml_kem_types_from_40_601(copy_of_public_key)); } /** @@ -5635,7 +5637,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_5d0(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_960(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5653,7 +5655,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c5( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -5667,7 +5669,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c5( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_5c(ring_element); + deserialize_to_reduced_ring_element_1b(ring_element); deserialized_pk[i0] = uu____0; } } @@ -5684,7 +5686,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_5b(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_c6(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_d6_7d();); @@ -5703,7 +5705,7 @@ sample_ring_element_cbd_5b(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_d5( + sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -5740,18 +5742,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_bf( +static KRML_MUSTINLINE void invert_ntt_montgomery_19( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_a9(&zeta_i, re); - invert_ntt_at_layer_2_c9(&zeta_i, re); - invert_ntt_at_layer_3_e8(&zeta_i, re); - invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_a7(re); + invert_ntt_at_layer_1_2b(&zeta_i, re); + invert_ntt_at_layer_2_6a(&zeta_i, re); + invert_ntt_at_layer_3_ad(&zeta_i, re); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_2b(re); } /** @@ -5763,7 +5765,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_c6( +static KRML_MUSTINLINE void compute_vector_u_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -5790,11 +5792,11 @@ static KRML_MUSTINLINE void compute_vector_u_c6( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_5f(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_13(&result[i1], &product); + ntt_multiply_d6_f1(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_b8(&result[i1], &product); } - invert_ntt_montgomery_bf(&result[i1]); - add_error_reduce_d6_f4(&result[i1], &error_1[i1]); + invert_ntt_montgomery_19(&result[i1]); + add_error_reduce_d6_89(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -5811,7 +5813,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_d0( +compute_ring_element_v_9f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -5819,10 +5821,10 @@ compute_ring_element_v_d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_5f(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_13(&result, &product);); - invert_ntt_montgomery_bf(&result); - result = add_message_error_reduce_d6_a6(error_2, message, result); + ntt_multiply_d6_f1(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_b8(&result, &product);); + invert_ntt_montgomery_19(&result); + result = add_message_error_reduce_d6_df(error_2, message, result); return result; } @@ -5832,14 +5834,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_81( +static KRML_MUSTINLINE void compress_then_serialize_11_88( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_430(to_unsigned_representative_32(re->coefficients[i0])); + compress_ea_ab0(to_unsigned_representative_c0(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5857,10 +5859,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_cc( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_88( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_81(re, uu____0); + compress_then_serialize_11_88(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -5876,7 +5878,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_9e( +static void compress_then_serialize_u_0b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -5892,7 +5894,7 @@ static void compress_then_serialize_u_9e( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_cc(&re, ret); + compress_then_serialize_ring_element_u_88(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5905,9 +5907,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_bb( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_f3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_f8(re, out); + compress_then_serialize_5_a4(re, out); } /** @@ -5968,7 +5970,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_5d(IndCpaPublicKeyUnpacked_01 *public_key, +static void encrypt_unpacked_be(IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -5976,7 +5978,7 @@ static void encrypt_unpacked_5d(IndCpaPublicKeyUnpacked_01 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_1a(copy_of_prf_input0, 0U); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_7f(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -5986,7 +5988,7 @@ static void encrypt_unpacked_5d(IndCpaPublicKeyUnpacked_01 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_5b(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_c6(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -5997,28 +5999,28 @@ static void encrypt_unpacked_5d(IndCpaPublicKeyUnpacked_01 *public_key, PRF_a9_420(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_d5( + sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_c6(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_ba(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_37(copy_of_message); + deserialize_then_decompress_message_ef(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_d0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_9f(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_9e( + compress_then_serialize_u_0b( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_bb( + compress_then_serialize_ring_element_v_f3( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -6041,10 +6043,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0f0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_a40(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_8d_80(); - deserialize_ring_elements_reduced_c5( + deserialize_ring_elements_reduced_8c( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -6053,13 +6055,13 @@ static void encrypt_0f0(Eurydice_slice public_key, uint8_t message[32U], unpacked_public_key.A; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_59(uu____0, ret0, false); + sample_matrix_A_34(uu____0, ret0, false); IndCpaPublicKeyUnpacked_01 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_5d(uu____1, copy_of_message, randomness, ret1); + encrypt_unpacked_be(uu____1, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -6074,7 +6076,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_950(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_e90(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6101,11 +6103,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_4a0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9c0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_5d0( + entropy_preprocess_d8_960( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6115,7 +6117,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_4a0( size_t); uint8_t ret[32U]; H_a9_16(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_e9(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6129,19 +6131,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_4a0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_e9(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_0f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_a40(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = - libcrux_ml_kem_types_from_fc_15(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_36(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_950(shared_secret, shared_secret_array); + kdf_d8_e90(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6162,7 +6164,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_130( +static KRML_MUSTINLINE void deserialize_secret_key_c50( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; @@ -6179,7 +6181,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_130( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_e3(secret_bytes); + deserialize_to_uncompressed_ring_element_71(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6194,8 +6196,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_32(Eurydice_slice serialized) { - return deserialize_then_decompress_11_1f(serialized); +deserialize_then_decompress_ring_element_u_f9(Eurydice_slice serialized) { + return deserialize_then_decompress_11_9a(serialized); } /** @@ -6204,17 +6206,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_4d( +static KRML_MUSTINLINE void ntt_vector_u_9b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b7(&zeta_i, re); - ntt_at_layer_2_20(&zeta_i, re); - ntt_at_layer_1_91(&zeta_i, re); - poly_barrett_reduce_d6_a7(re); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_5f(&zeta_i, re); + ntt_at_layer_2_c2(&zeta_i, re); + ntt_at_layer_1_60(&zeta_i, re); + poly_barrett_reduce_d6_2b(re); } /** @@ -6229,7 +6231,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_1f( +static KRML_MUSTINLINE void deserialize_then_decompress_u_9d( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; @@ -6252,8 +6254,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1f( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_32(u_bytes); - ntt_vector_u_4d(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f9(u_bytes); + ntt_vector_u_9b(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6267,8 +6269,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_7b(Eurydice_slice serialized) { - return deserialize_then_decompress_5_7e(serialized); +deserialize_then_decompress_ring_element_v_59(Eurydice_slice serialized) { + return deserialize_then_decompress_5_c1(serialized); } /** @@ -6284,17 +6286,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_1b( +compute_message_6a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_5f(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_13(&result, &product);); - invert_ntt_montgomery_bf(&result); - result = subtract_reduce_d6_a7(v, result); + ntt_multiply_d6_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_b8(&result, &product);); + invert_ntt_montgomery_19(&result); + result = subtract_reduce_d6_4a(v, result); return result; } @@ -6332,18 +6334,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_e7(IndCpaPrivateKeyUnpacked_01 *secret_key, +static void decrypt_unpacked_67(IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_1f(ciphertext, u_as_ntt); + deserialize_then_decompress_u_9d(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_7b( + deserialize_then_decompress_ring_element_v_59( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_1b(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_6a(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_0e(message, ret0); + compress_then_serialize_message_53(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6357,10 +6359,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_480(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_3d0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_130(secret_key, secret_as_ntt); + deserialize_secret_key_c50(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -6371,7 +6373,7 @@ static void decrypt_480(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_e7(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_67(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6411,7 +6413,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_050( +void libcrux_ml_kem_ind_cca_decapsulate_970( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6429,7 +6431,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_050( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_480(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_3d0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -6451,7 +6453,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_050( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_b6(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_42(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -6461,17 +6463,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_050( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_0f0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_a40(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_950(Eurydice_array_to_slice( + kdf_d8_e90(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_950(shared_secret0, shared_secret); + kdf_d8_e90(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_b6(ciphertext), + libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6490,7 +6492,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c52( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c2( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -6504,7 +6506,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c52( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_5c(ring_element); + deserialize_to_reduced_ring_element_1b(ring_element); deserialized_pk[i0] = uu____0; } } @@ -6522,13 +6524,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_55( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_66( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_d6_7d();); - deserialize_ring_elements_reduced_c52(public_key, deserialized_pk); + deserialize_ring_elements_reduced_8c2(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -6544,7 +6546,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_190( +static KRML_MUSTINLINE void serialize_secret_key_5f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6562,7 +6564,7 @@ static KRML_MUSTINLINE void serialize_secret_key_190( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_50(&re, ret0); + serialize_uncompressed_ring_element_53(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -6580,13 +6582,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_mut_ac0( +static KRML_MUSTINLINE void serialize_public_key_mut_c20( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret[768U]; - serialize_secret_key_190(t_as_ntt, ret); + serialize_secret_key_5f0(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6606,11 +6608,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_370( +static KRML_MUSTINLINE void serialize_public_key_020( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; - serialize_public_key_mut_ac0(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_c20(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -6629,15 +6631,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_33(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_05(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_out_55( + deserialize_ring_elements_reduced_out_66( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_370( + serialize_public_key_020( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -6674,7 +6676,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_70( +bool libcrux_ml_kem_ind_cca_validate_private_key_4d( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; @@ -6780,7 +6782,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_520( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_e10( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -6919,7 +6921,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e01( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_741( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -7039,7 +7041,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e02( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_742( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -7077,9 +7079,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_b70( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e40( int16_t s[272U]) { - return from_i16_array_d6_34( + return from_i16_array_d6_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7089,7 +7091,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_590( +static KRML_MUSTINLINE void sample_from_xof_670( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -7104,7 +7106,7 @@ static KRML_MUSTINLINE void sample_from_xof_590( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e01( + bool done = sample_from_uniform_distribution_next_741( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -7116,7 +7118,7 @@ static KRML_MUSTINLINE void sample_from_xof_590( uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e02( + done = sample_from_uniform_distribution_next_742( copy_of_randomness, sampled_coefficients, out); } } @@ -7125,7 +7127,7 @@ static KRML_MUSTINLINE void sample_from_xof_590( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_b70(copy_of_out[i]);); + ret0[i] = closure_e40(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -7137,7 +7139,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_590( +static KRML_MUSTINLINE void sample_matrix_A_340( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[2U], uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR2( @@ -7154,7 +7156,7 @@ static KRML_MUSTINLINE void sample_matrix_A_590( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_590(copy_of_seeds, sampled); + sample_from_xof_670(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7227,8 +7229,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_d50(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_e1(randomness); +sample_from_binomial_distribution_af0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_3c(randomness); } /** @@ -7243,7 +7245,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_6e0( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -7260,9 +7262,9 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_6e0( PRFxN_a9_160(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_d50( + re_as_ntt[i0] = sample_from_binomial_distribution_af0( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_b6(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); return domain_separator; } @@ -7285,7 +7287,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_1a0( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_7f0( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -7294,7 +7296,7 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_1a0( uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_6e0(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_ee0(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -7323,7 +7325,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_d6_130( +static KRML_MUSTINLINE void add_to_ring_element_d6_b80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -7346,7 +7348,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_910( +static KRML_MUSTINLINE void compute_As_plus_e_a20( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -7373,10 +7375,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_910( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_5f(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_130(&t_as_ntt[i0], &product); + ntt_multiply_d6_f1(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_b80(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_9a(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_d6_a7(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -7424,17 +7426,18 @@ static KRML_MUSTINLINE void compute_As_plus_e_910( /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 2 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void generate_keypair_unpacked_a50( +static void generate_keypair_unpacked_810( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_d6 *private_key, IndCpaPublicKeyUnpacked_d6 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_520(key_generation_seed, hashed); + cpa_keygen_seed_d8_e10(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7444,7 +7447,7 @@ static void generate_keypair_unpacked_a50( public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); - sample_matrix_A_590(uu____1, ret, true); + sample_matrix_A_340(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); @@ -7454,17 +7457,17 @@ static void generate_keypair_unpacked_a50( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_6e0(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_ee0(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_1a0(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_7f0(copy_of_prf_input, domain_separator) .fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_910(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_a20(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -7485,18 +7488,18 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_c1( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_2f( Eurydice_slice key_generation_seed) { IndCpaPrivateKeyUnpacked_d6 private_key = default_1a_190(); IndCpaPublicKeyUnpacked_d6 public_key = default_8d_800(); - generate_keypair_unpacked_a50(key_generation_seed, &private_key, &public_key); + generate_keypair_unpacked_810(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_370( + serialize_public_key_020( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_190(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_5f0(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -7523,7 +7526,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_90( +static KRML_MUSTINLINE void serialize_kem_secret_key_0a( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -7586,7 +7589,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_7a( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_51( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7596,13 +7599,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_7a( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_c1(ind_cpa_keypair_randomness); + generate_keypair_2f(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_90( + serialize_kem_secret_key_0a( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7611,13 +7614,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_7a( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_88_3e(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_62( - uu____2, libcrux_ml_kem_types_from_40_1c(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b( + uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); } /** @@ -7630,7 +7633,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_5d(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_96(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7648,7 +7651,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c50( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -7662,7 +7665,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c50( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_5c(ring_element); + deserialize_to_reduced_ring_element_1b(ring_element); deserialized_pk[i0] = uu____0; } } @@ -7725,7 +7728,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_5b0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_c60(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_d6_7d();); @@ -7744,7 +7747,7 @@ sample_ring_element_cbd_5b0(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_d5( + sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -7781,18 +7784,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_bf0( +static KRML_MUSTINLINE void invert_ntt_montgomery_190( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_a9(&zeta_i, re); - invert_ntt_at_layer_2_c9(&zeta_i, re); - invert_ntt_at_layer_3_e8(&zeta_i, re); - invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_4a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_a7(re); + invert_ntt_at_layer_1_2b(&zeta_i, re); + invert_ntt_at_layer_2_6a(&zeta_i, re); + invert_ntt_at_layer_3_ad(&zeta_i, re); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_2b(re); } /** @@ -7804,7 +7807,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_c60( +static KRML_MUSTINLINE void compute_vector_u_ba0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -7831,11 +7834,11 @@ static KRML_MUSTINLINE void compute_vector_u_c60( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_5f(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_130(&result[i1], &product); + ntt_multiply_d6_f1(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_b80(&result[i1], &product); } - invert_ntt_montgomery_bf0(&result[i1]); - add_error_reduce_d6_f4(&result[i1], &error_1[i1]); + invert_ntt_montgomery_190(&result[i1]); + add_error_reduce_d6_89(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -7852,7 +7855,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_d00( +compute_ring_element_v_9f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -7860,10 +7863,10 @@ compute_ring_element_v_d00( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_5f(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_130(&result, &product);); - invert_ntt_montgomery_bf0(&result); - result = add_message_error_reduce_d6_a6(error_2, message, result); + ntt_multiply_d6_f1(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_b80(&result, &product);); + invert_ntt_montgomery_190(&result); + result = add_message_error_reduce_d6_df(error_2, message, result); return result; } @@ -7879,7 +7882,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_9e0( +static void compress_then_serialize_u_0b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7895,7 +7898,7 @@ static void compress_then_serialize_u_9e0( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_cc0(&re, ret); + compress_then_serialize_ring_element_u_880(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7959,7 +7962,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_5d0(IndCpaPublicKeyUnpacked_d6 *public_key, +static void encrypt_unpacked_be0(IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -7967,7 +7970,7 @@ static void encrypt_unpacked_5d0(IndCpaPublicKeyUnpacked_d6 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_1a0(copy_of_prf_input0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_7f0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -7977,7 +7980,7 @@ static void encrypt_unpacked_5d0(IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_5b0(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_c60(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7988,28 +7991,28 @@ static void encrypt_unpacked_5d0(IndCpaPublicKeyUnpacked_d6 *public_key, PRF_a9_422(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_d5( + sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_c60(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_ba0(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_37(copy_of_message); + deserialize_then_decompress_message_ef(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_d00(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_9f0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_9e0( + compress_then_serialize_u_0b0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_bb0( + compress_then_serialize_ring_element_v_f30( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -8032,10 +8035,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0f(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_a4(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_8d_800(); - deserialize_ring_elements_reduced_c50( + deserialize_ring_elements_reduced_8c0( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -8044,13 +8047,13 @@ static void encrypt_0f(Eurydice_slice public_key, uint8_t message[32U], unpacked_public_key.A; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_590(uu____0, ret0, false); + sample_matrix_A_340(uu____0, ret0, false); IndCpaPublicKeyUnpacked_d6 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_5d0(uu____1, copy_of_message, randomness, ret1); + encrypt_unpacked_be0(uu____1, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -8065,7 +8068,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_95(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_e9(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8092,11 +8095,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_4a( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9c( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_5d( + entropy_preprocess_d8_96( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -8106,7 +8109,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_4a( size_t); uint8_t ret[32U]; H_a9_160(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_ba_e90(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -8120,19 +8123,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_4a( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_ba_e90(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_0f(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_a4(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_fc_150(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_360(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_95(shared_secret, shared_secret_array); + kdf_d8_e9(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8153,7 +8156,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_13( +static KRML_MUSTINLINE void deserialize_secret_key_c5( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; @@ -8170,7 +8173,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_13( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_e3(secret_bytes); + deserialize_to_uncompressed_ring_element_71(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8190,7 +8193,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_1f0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_9d0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; @@ -8213,8 +8216,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1f0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_320(u_bytes); - ntt_vector_u_4d0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f90(u_bytes); + ntt_vector_u_9b0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8234,17 +8237,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_1b0( +compute_message_6a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_5f(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_130(&result, &product);); - invert_ntt_montgomery_bf0(&result); - result = subtract_reduce_d6_a7(v, result); + ntt_multiply_d6_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_b80(&result, &product);); + invert_ntt_montgomery_190(&result); + result = subtract_reduce_d6_4a(v, result); return result; } @@ -8282,18 +8285,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e70(IndCpaPrivateKeyUnpacked_d6 *secret_key, +static void decrypt_unpacked_670(IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_1f0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_9d0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_7b0( + deserialize_then_decompress_ring_element_v_590( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_1b0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_6a0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_0e(message, ret0); + compress_then_serialize_message_53(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8307,10 +8310,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_48(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_3d(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_13(secret_key, secret_as_ntt); + deserialize_secret_key_c5(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -8321,7 +8324,7 @@ static void decrypt_48(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_e70(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_670(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8361,7 +8364,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_05( +void libcrux_ml_kem_ind_cca_decapsulate_97( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8379,7 +8382,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_05( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_48(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_3d(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -8401,7 +8404,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_05( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_b60(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_421(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -8411,16 +8414,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_05( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_0f(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_a4(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_95(Eurydice_array_to_slice((size_t)32U, + kdf_d8_e9(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_95(shared_secret0, shared_secret); + kdf_d8_e9(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_b60(ciphertext), + libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 6224ae299..a8c841e7e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 9c30544c1..479c57de3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "internal/libcrux_mlkem_portable.h" @@ -2276,7 +2276,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_19(Eurydice_slice serialized) { +deserialize_to_reduced_ring_element_f6(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -2302,7 +2302,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_644( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -2316,7 +2316,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_644( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_19(ring_element); + deserialize_to_reduced_ring_element_f6(ring_element); deserialized_pk[i0] = uu____0; } } @@ -2334,13 +2334,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_da1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_6b1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_d6_19();); - deserialize_ring_elements_reduced_644(public_key, deserialized_pk); + deserialize_ring_elements_reduced_1b4(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2352,7 +2352,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_56(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_7d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2371,8 +2371,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_12(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_56(v); +shift_right_0d_46(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_7d(v); } /** @@ -2382,10 +2382,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_80( +to_unsigned_representative_08( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_12(a); + shift_right_0d_46(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2398,14 +2398,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_47( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_16( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_80(re->coefficients[i0]); + to_unsigned_representative_08(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2426,7 +2426,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_d8( +static KRML_MUSTINLINE void serialize_secret_key_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2444,7 +2444,7 @@ static KRML_MUSTINLINE void serialize_secret_key_d8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_47(&re, ret0); + serialize_uncompressed_ring_element_16(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -2462,13 +2462,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_mut_49( +static KRML_MUSTINLINE void serialize_public_key_mut_46( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret[1536U]; - serialize_secret_key_d8(t_as_ntt, ret); + serialize_secret_key_8c(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -2488,11 +2488,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_d3( +static KRML_MUSTINLINE void serialize_public_key_eb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - serialize_public_key_mut_49(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_46(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -2511,15 +2511,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c31(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_951(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_out_da1( + deserialize_ring_elements_reduced_out_6b1( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_d3( + serialize_public_key_eb( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2556,7 +2556,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_9d( +bool libcrux_ml_kem_ind_cca_validate_private_key_0f( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { uint8_t t[32U]; @@ -2676,7 +2676,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_84( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_b7( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -2824,7 +2824,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_60( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2936,7 +2936,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_600( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb0( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2980,7 +2980,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_d6_b3(Eurydice_slice a) { +from_i16_array_d6_bb(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3001,9 +3001,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_55( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba( int16_t s[272U]) { - return from_i16_array_d6_b3( + return from_i16_array_d6_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3014,7 +3014,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_d8( +static KRML_MUSTINLINE void sample_from_xof_49( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -3028,7 +3028,7 @@ static KRML_MUSTINLINE void sample_from_xof_d8( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_60( + bool done = sample_from_uniform_distribution_next_fb( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -3040,7 +3040,7 @@ static KRML_MUSTINLINE void sample_from_xof_d8( uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_600( + done = sample_from_uniform_distribution_next_fb0( copy_of_randomness, sampled_coefficients, out); } } @@ -3049,7 +3049,7 @@ static KRML_MUSTINLINE void sample_from_xof_d8( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_55(copy_of_out[i]);); + ret0[i] = closure_ba(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -3062,7 +3062,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_95( +static KRML_MUSTINLINE void sample_matrix_A_ae( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[4U], uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR4( @@ -3079,7 +3079,7 @@ static KRML_MUSTINLINE void sample_matrix_A_95( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_d8(copy_of_seeds, sampled); + sample_from_xof_49(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3187,7 +3187,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_26(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_d1(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -3221,7 +3221,7 @@ sample_from_binomial_distribution_2_26(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_d6_b3( + return from_i16_array_d6_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3232,7 +3232,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_c3(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_a6(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -3265,7 +3265,7 @@ sample_from_binomial_distribution_3_c3(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_d6_b3( + return from_i16_array_d6_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3276,8 +3276,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_0f(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_26(randomness); +sample_from_binomial_distribution_dd(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_d1(randomness); } /** @@ -3286,7 +3286,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_39( +static KRML_MUSTINLINE void ntt_at_layer_7_98( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3314,7 +3314,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_3b( +montgomery_multiply_fe_2c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3328,12 +3328,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_59( + ntt_layer_int_vec_step_02( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_3b(b, zeta_r); + montgomery_multiply_fe_2c(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3347,7 +3347,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_d5( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_35( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3360,7 +3360,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_d5( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_59( + ntt_layer_int_vec_step_02( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3377,7 +3377,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_ae( +static KRML_MUSTINLINE void ntt_at_layer_3_e9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3395,7 +3395,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_cf( +static KRML_MUSTINLINE void ntt_at_layer_2_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3415,7 +3415,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_01( +static KRML_MUSTINLINE void ntt_at_layer_1_bd( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3444,7 +3444,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_d6_c2( +static KRML_MUSTINLINE void poly_barrett_reduce_d6_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3462,17 +3462,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_4d( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_fb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_39(re); + ntt_at_layer_7_98(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_ae(&zeta_i, re); - ntt_at_layer_2_cf(&zeta_i, re); - ntt_at_layer_1_01(&zeta_i, re); - poly_barrett_reduce_d6_c2(re); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_e9(&zeta_i, re); + ntt_at_layer_2_34(&zeta_i, re); + ntt_at_layer_1_bd(&zeta_i, re); + poly_barrett_reduce_d6_a9(re); } /** @@ -3488,7 +3488,7 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ce( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_83( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -3505,9 +3505,9 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ce( PRFxN_f1_9f(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_0f( + re_as_ntt[i0] = sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_4d(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_fb(&re_as_ntt[i0]);); return domain_separator; } @@ -3531,7 +3531,7 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_25( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_86( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -3540,7 +3540,7 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_25( uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_ce(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_83(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -3593,7 +3593,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_d6_1b(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_d6_27(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_d6_19(); for (size_t i = (size_t)0U; @@ -3633,7 +3633,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_d6_9d( +static KRML_MUSTINLINE void add_to_ring_element_d6_5d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3658,7 +3658,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_38( +to_standard_domain_bd0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3675,14 +3675,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_d6_00( +static KRML_MUSTINLINE void add_standard_error_reduce_d6_aa( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_38(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_bd0(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3700,7 +3700,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_50( +static KRML_MUSTINLINE void compute_As_plus_e_00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -3727,10 +3727,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_1b(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_9d(&t_as_ntt[i0], &product); + ntt_multiply_d6_27(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_5d(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_00(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_d6_aa(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -3778,18 +3778,18 @@ static KRML_MUSTINLINE void compute_As_plus_e_50( /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 4 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_7e( +static void generate_keypair_unpacked_74( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_42 *private_key, IndCpaPublicKeyUnpacked_42 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_84(key_generation_seed, hashed); + cpa_keygen_seed_d8_b7(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3799,7 +3799,7 @@ static void generate_keypair_unpacked_7e( public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); - sample_matrix_A_95(uu____1, ret, true); + sample_matrix_A_ae(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); @@ -3809,17 +3809,17 @@ static void generate_keypair_unpacked_7e( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_ce(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_83(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_25(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_86(copy_of_prf_input, domain_separator) .fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_50(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_00(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -3840,18 +3840,18 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e31( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_521( Eurydice_slice key_generation_seed) { IndCpaPrivateKeyUnpacked_42 private_key = default_1a_a3(); IndCpaPublicKeyUnpacked_42 public_key = default_8d_6b(); - generate_keypair_unpacked_7e(key_generation_seed, &private_key, &public_key); + generate_keypair_unpacked_74(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; - serialize_public_key_d3( + serialize_public_key_eb( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_d8(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_8c(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3878,7 +3878,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_5c( +static KRML_MUSTINLINE void serialize_kem_secret_key_82( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3942,7 +3942,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_7d1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_541(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3951,13 +3951,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_7d1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_e31(ind_cpa_keypair_randomness); + generate_keypair_521(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_5c( + serialize_kem_secret_key_82( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3966,13 +3966,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_7d1(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_88_3e1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_621( - uu____2, libcrux_ml_kem_types_from_40_1c1(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b1( + uu____2, libcrux_ml_kem_types_from_40_601(copy_of_public_key)); } /** @@ -3985,7 +3985,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_9b(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_cd(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4003,7 +4003,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_64( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -4017,7 +4017,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_64( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_19(ring_element); + deserialize_to_reduced_ring_element_f6(ring_element); deserialized_pk[i0] = uu____0; } } @@ -4035,7 +4035,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_d8(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_af(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_d6_19();); @@ -4054,7 +4054,7 @@ sample_ring_element_cbd_d8(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_0f( + sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -4103,7 +4103,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_2a( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_0d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4127,7 +4127,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_56( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_4a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4147,7 +4147,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_81( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_a9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4167,7 +4167,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_3a( + inv_ntt_layer_int_vec_step_reduce_f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4175,7 +4175,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_3b(a_minus_b, zeta_r); + b = montgomery_multiply_fe_2c(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4187,7 +4187,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ba( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_f5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4202,7 +4202,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ba( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_3a( + inv_ntt_layer_int_vec_step_reduce_f1( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4219,18 +4219,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_05( +static KRML_MUSTINLINE void invert_ntt_montgomery_5f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_56(&zeta_i, re); - invert_ntt_at_layer_3_81(&zeta_i, re); - invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_c2(re); + invert_ntt_at_layer_1_0d(&zeta_i, re); + invert_ntt_at_layer_2_4a(&zeta_i, re); + invert_ntt_at_layer_3_a9(&zeta_i, re); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_a9(re); } /** @@ -4244,7 +4244,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_d6_26( +static KRML_MUSTINLINE void add_error_reduce_d6_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4271,7 +4271,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_0d( +static KRML_MUSTINLINE void compute_vector_u_51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -4298,11 +4298,11 @@ static KRML_MUSTINLINE void compute_vector_u_0d( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_1b(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_9d(&result[i1], &product); + ntt_multiply_d6_27(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_5d(&result[i1], &product); } - invert_ntt_montgomery_05(&result[i1]); - add_error_reduce_d6_26(&result[i1], &error_1[i1]); + invert_ntt_montgomery_5f(&result[i1]); + add_error_reduce_d6_a3(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4316,7 +4316,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_ad(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_7e(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4330,7 +4330,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_e4(uint8_t serialized[32U]) { +deserialize_then_decompress_message_40(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; @@ -4341,7 +4341,7 @@ deserialize_then_decompress_message_e4(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_ad(coefficient_compressed); + decompress_1_7e(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4358,7 +4358,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_d6_09( +add_message_error_reduce_d6_4d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4391,7 +4391,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_d2( +compute_ring_element_v_16( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4399,10 +4399,10 @@ compute_ring_element_v_d2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_1b(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_9d(&result, &product);); - invert_ntt_montgomery_05(&result); - result = add_message_error_reduce_d6_09(error_2, message, result); + ntt_multiply_d6_27(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_5d(&result, &product);); + invert_ntt_montgomery_5f(&result); + result = add_message_error_reduce_d6_4d(error_2, message, result); return result; } @@ -4412,7 +4412,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_35(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_20(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4433,9 +4433,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_5f( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_0c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_35(v); + return compress_20(v); } /** @@ -4444,7 +4444,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_350(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_200(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4466,8 +4466,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_5f0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_350(v); +compress_0d_0c0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_200(v); } /** @@ -4476,14 +4476,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_c1( +static KRML_MUSTINLINE void compress_then_serialize_11_9b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_5f0(to_unsigned_representative_80(re->coefficients[i0])); + compress_0d_0c0(to_unsigned_representative_08(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4501,10 +4501,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_90( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_08( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_c1(re, uu____0); + compress_then_serialize_11_9b(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4520,7 +4520,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_e3( +static void compress_then_serialize_u_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4536,7 +4536,7 @@ static void compress_then_serialize_u_e3( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_90(&re, ret); + compress_then_serialize_ring_element_u_08(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4548,7 +4548,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_351(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_201(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4570,8 +4570,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_5f1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_351(v); +compress_0d_0c1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_201(v); } /** @@ -4580,14 +4580,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_27( +static KRML_MUSTINLINE void compress_then_serialize_4_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_5f1(to_unsigned_representative_80(re.coefficients[i0])); + compress_0d_0c1(to_unsigned_representative_08(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4603,7 +4603,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_352(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_202(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4625,8 +4625,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_5f2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_352(v); +compress_0d_0c2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_202(v); } /** @@ -4635,14 +4635,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_59( +static KRML_MUSTINLINE void compress_then_serialize_5_61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_5f2(to_unsigned_representative_80(re.coefficients[i0])); + compress_0d_0c2(to_unsigned_representative_08(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4659,9 +4659,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_c8( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_59(re, out); + compress_then_serialize_5_61(re, out); } /** @@ -4723,7 +4723,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_88(IndCpaPublicKeyUnpacked_42 *public_key, +static void encrypt_unpacked_e7(IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -4731,7 +4731,7 @@ static void encrypt_unpacked_88(IndCpaPublicKeyUnpacked_42 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_25(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_86(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4741,7 +4741,7 @@ static void encrypt_unpacked_88(IndCpaPublicKeyUnpacked_42 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_d8(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_af(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4752,28 +4752,28 @@ static void encrypt_unpacked_88(IndCpaPublicKeyUnpacked_42 *public_key, PRF_f1_9d0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_0f( + sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_0d(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_51(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_e4(copy_of_message); + deserialize_then_decompress_message_40(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_d2(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_16(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_e3( + compress_then_serialize_u_2b( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_c8( + compress_then_serialize_ring_element_v_b9( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4797,10 +4797,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_1e1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_ec1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_8d_6b(); - deserialize_ring_elements_reduced_64( + deserialize_ring_elements_reduced_1b( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -4809,13 +4809,13 @@ static void encrypt_1e1(Eurydice_slice public_key, uint8_t message[32U], unpacked_public_key.A; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_95(uu____0, ret0, false); + sample_matrix_A_ae(uu____0, ret0, false); IndCpaPublicKeyUnpacked_42 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_88(uu____1, copy_of_message, randomness, ret1); + encrypt_unpacked_e7(uu____1, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -4830,7 +4830,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_11(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_89(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4857,11 +4857,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c11( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_b11( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_9b( + entropy_preprocess_d8_cd( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4871,7 +4871,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c11( size_t); uint8_t ret[32U]; H_f1_c6(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_e9(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4885,19 +4885,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c11( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_e9(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_1e1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_ec1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = - libcrux_ml_kem_types_from_fc_15(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_36(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_11(shared_secret, shared_secret_array); + kdf_d8_89(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -4916,7 +4916,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_ce(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_7f(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -4939,7 +4939,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_fc1( +static KRML_MUSTINLINE void deserialize_secret_key_a21( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; @@ -4956,7 +4956,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_fc1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_ce(secret_bytes); + deserialize_to_uncompressed_ring_element_7f(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4971,7 +4971,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_40( +decompress_ciphertext_coefficient_1b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4996,9 +4996,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_17( +decompress_ciphertext_coefficient_0d_7e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_40(v); + return decompress_ciphertext_coefficient_1b(v); } /** @@ -5008,7 +5008,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_28(Eurydice_slice serialized) { +deserialize_then_decompress_10_cb(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { @@ -5018,7 +5018,7 @@ deserialize_then_decompress_10_28(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_17(coefficient); + decompress_ciphertext_coefficient_0d_7e(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5031,7 +5031,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_400( +decompress_ciphertext_coefficient_1b0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5056,9 +5056,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_170( +decompress_ciphertext_coefficient_0d_7e0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_400(v); + return decompress_ciphertext_coefficient_1b0(v); } /** @@ -5068,7 +5068,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_ca(Eurydice_slice serialized) { +deserialize_then_decompress_11_b0(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { @@ -5078,7 +5078,7 @@ deserialize_then_decompress_11_ca(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_170(coefficient); + decompress_ciphertext_coefficient_0d_7e0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5091,8 +5091,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_7a(Eurydice_slice serialized) { - return deserialize_then_decompress_11_ca(serialized); +deserialize_then_decompress_ring_element_u_05(Eurydice_slice serialized) { + return deserialize_then_decompress_11_b0(serialized); } /** @@ -5101,17 +5101,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_6d( +static KRML_MUSTINLINE void ntt_vector_u_58( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_ae(&zeta_i, re); - ntt_at_layer_2_cf(&zeta_i, re); - ntt_at_layer_1_01(&zeta_i, re); - poly_barrett_reduce_d6_c2(re); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_e9(&zeta_i, re); + ntt_at_layer_2_34(&zeta_i, re); + ntt_at_layer_1_bd(&zeta_i, re); + poly_barrett_reduce_d6_a9(re); } /** @@ -5126,7 +5126,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_23( +static KRML_MUSTINLINE void deserialize_then_decompress_u_4d( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; @@ -5149,8 +5149,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_23( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_7a(u_bytes); - ntt_vector_u_6d(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_05(u_bytes); + ntt_vector_u_58(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5164,7 +5164,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_401( +decompress_ciphertext_coefficient_1b1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5189,9 +5189,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_171( +decompress_ciphertext_coefficient_0d_7e1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_401(v); + return decompress_ciphertext_coefficient_1b1(v); } /** @@ -5201,7 +5201,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_da(Eurydice_slice serialized) { +deserialize_then_decompress_4_ad(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { @@ -5211,7 +5211,7 @@ deserialize_then_decompress_4_da(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_171(coefficient); + decompress_ciphertext_coefficient_0d_7e1(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5224,7 +5224,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_402( +decompress_ciphertext_coefficient_1b2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5249,9 +5249,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_172( +decompress_ciphertext_coefficient_0d_7e2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_402(v); + return decompress_ciphertext_coefficient_1b2(v); } /** @@ -5261,7 +5261,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_aa(Eurydice_slice serialized) { +deserialize_then_decompress_5_60(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { @@ -5271,7 +5271,7 @@ deserialize_then_decompress_5_aa(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_172(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_7e2(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5284,8 +5284,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_b6(Eurydice_slice serialized) { - return deserialize_then_decompress_5_aa(serialized); +deserialize_then_decompress_ring_element_v_03(Eurydice_slice serialized) { + return deserialize_then_decompress_5_60(serialized); } /** @@ -5300,7 +5300,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_d6_28(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_d6_81(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5331,17 +5331,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_2b( +compute_message_15( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_1b(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_9d(&result, &product);); - invert_ntt_montgomery_05(&result); - result = subtract_reduce_d6_28(v, result); + ntt_multiply_d6_27(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_5d(&result, &product);); + invert_ntt_montgomery_5f(&result); + result = subtract_reduce_d6_81(v, result); return result; } @@ -5351,13 +5351,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_f3( +static KRML_MUSTINLINE void compress_then_serialize_message_f9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_80(re.coefficients[i0]); + to_unsigned_representative_08(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5405,18 +5405,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_ce(IndCpaPrivateKeyUnpacked_42 *secret_key, +static void decrypt_unpacked_76(IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_23(ciphertext, u_as_ntt); + deserialize_then_decompress_u_4d(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_b6( + deserialize_then_decompress_ring_element_v_03( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_2b(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_15(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_f3(message, ret0); + compress_then_serialize_message_f9(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5430,10 +5430,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_1b1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_031(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_fc1(secret_key, secret_as_ntt); + deserialize_secret_key_a21(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5444,7 +5444,7 @@ static void decrypt_1b1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_ce(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_76(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5496,7 +5496,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_2b1( +void libcrux_ml_kem_ind_cca_decapsulate_6a1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5514,7 +5514,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2b1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_1b1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_031(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5536,7 +5536,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2b1( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_b6(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_9d(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5546,17 +5546,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_2b1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_1e1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_ec1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_11(Eurydice_array_to_slice((size_t)32U, + kdf_d8_89(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_11(shared_secret0, shared_secret); + kdf_d8_89(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_b6(ciphertext), + libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5575,7 +5575,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_643( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b3( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -5589,7 +5589,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_643( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_19(ring_element); + deserialize_to_reduced_ring_element_f6(ring_element); deserialized_pk[i0] = uu____0; } } @@ -5607,13 +5607,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_da0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_6b0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_d6_19();); - deserialize_ring_elements_reduced_643(public_key, deserialized_pk); + deserialize_ring_elements_reduced_1b3(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5629,7 +5629,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_d80( +static KRML_MUSTINLINE void serialize_secret_key_8c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5647,7 +5647,7 @@ static KRML_MUSTINLINE void serialize_secret_key_d80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_47(&re, ret0); + serialize_uncompressed_ring_element_16(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5665,13 +5665,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_mut_490( +static KRML_MUSTINLINE void serialize_public_key_mut_460( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret[768U]; - serialize_secret_key_d80(t_as_ntt, ret); + serialize_secret_key_8c0(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5691,11 +5691,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_d30( +static KRML_MUSTINLINE void serialize_public_key_eb0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; - serialize_public_key_mut_490(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_460(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -5714,15 +5714,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c30(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_950(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_out_da0( + deserialize_ring_elements_reduced_out_6b0( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_d30( + serialize_public_key_eb0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5759,7 +5759,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_df( +bool libcrux_ml_kem_ind_cca_validate_private_key_3d( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; @@ -5865,7 +5865,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_9c( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_07( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -6013,7 +6013,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_601( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb1( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6125,7 +6125,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_602( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb2( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6164,9 +6164,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_550( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba0( int16_t s[272U]) { - return from_i16_array_d6_b3( + return from_i16_array_d6_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6177,7 +6177,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_d80( +static KRML_MUSTINLINE void sample_from_xof_490( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -6191,7 +6191,7 @@ static KRML_MUSTINLINE void sample_from_xof_d80( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_601( + bool done = sample_from_uniform_distribution_next_fb1( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -6203,7 +6203,7 @@ static KRML_MUSTINLINE void sample_from_xof_d80( uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_602( + done = sample_from_uniform_distribution_next_fb2( copy_of_randomness, sampled_coefficients, out); } } @@ -6212,7 +6212,7 @@ static KRML_MUSTINLINE void sample_from_xof_d80( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_550(copy_of_out[i]);); + ret0[i] = closure_ba0(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6225,7 +6225,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_950( +static KRML_MUSTINLINE void sample_matrix_A_ae0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[2U], uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR2( @@ -6242,7 +6242,7 @@ static KRML_MUSTINLINE void sample_matrix_A_950( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_d80(copy_of_seeds, sampled); + sample_from_xof_490(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6301,8 +6301,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_0f0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_c3(randomness); +sample_from_binomial_distribution_dd0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_a6(randomness); } /** @@ -6318,7 +6318,7 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ce0( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_830( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -6335,9 +6335,9 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ce0( PRFxN_f1_9f0(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_0f0( + re_as_ntt[i0] = sample_from_binomial_distribution_dd0( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_4d(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_fb(&re_as_ntt[i0]);); return domain_separator; } @@ -6361,7 +6361,7 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_250( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_860( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -6370,7 +6370,7 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_250( uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_ce0(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_830(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -6399,7 +6399,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_d6_9d0( +static KRML_MUSTINLINE void add_to_ring_element_d6_5d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6426,7 +6426,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_500( +static KRML_MUSTINLINE void compute_As_plus_e_000( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -6453,10 +6453,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_500( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_1b(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_9d0(&t_as_ntt[i0], &product); + ntt_multiply_d6_27(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_5d0(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_00(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_d6_aa(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -6504,18 +6504,18 @@ static KRML_MUSTINLINE void compute_As_plus_e_500( /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 2 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void generate_keypair_unpacked_7e0( +static void generate_keypair_unpacked_740( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_ae *private_key, IndCpaPublicKeyUnpacked_ae *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_9c(key_generation_seed, hashed); + cpa_keygen_seed_d8_07(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6525,7 +6525,7 @@ static void generate_keypair_unpacked_7e0( public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); - sample_matrix_A_950(uu____1, ret, true); + sample_matrix_A_ae0(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); @@ -6535,17 +6535,17 @@ static void generate_keypair_unpacked_7e0( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_ce0(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_830(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_250(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_860(copy_of_prf_input, domain_separator) .fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_500(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_000(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -6566,18 +6566,18 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e30( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_520( Eurydice_slice key_generation_seed) { IndCpaPrivateKeyUnpacked_ae private_key = default_1a_a30(); IndCpaPublicKeyUnpacked_ae public_key = default_8d_6b0(); - generate_keypair_unpacked_7e0(key_generation_seed, &private_key, &public_key); + generate_keypair_unpacked_740(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_d30( + serialize_public_key_eb0( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_d80(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_8c0(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6604,7 +6604,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_5b( +static KRML_MUSTINLINE void serialize_kem_secret_key_83( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6668,7 +6668,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_7d0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6677,13 +6677,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_7d0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_e30(ind_cpa_keypair_randomness); + generate_keypair_520(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_5b( + serialize_kem_secret_key_83( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6692,13 +6692,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_7d0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_88_3e(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_62( - uu____2, libcrux_ml_kem_types_from_40_1c(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b( + uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); } /** @@ -6711,7 +6711,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_90(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_3b(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6729,7 +6729,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_640( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -6743,7 +6743,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_640( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_19(ring_element); + deserialize_to_reduced_ring_element_f6(ring_element); deserialized_pk[i0] = uu____0; } } @@ -6793,7 +6793,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_d80(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_af0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_d6_19();); @@ -6812,7 +6812,7 @@ sample_ring_element_cbd_d80(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_0f( + sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -6849,18 +6849,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_050( +static KRML_MUSTINLINE void invert_ntt_montgomery_5f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_56(&zeta_i, re); - invert_ntt_at_layer_3_81(&zeta_i, re); - invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_c2(re); + invert_ntt_at_layer_1_0d(&zeta_i, re); + invert_ntt_at_layer_2_4a(&zeta_i, re); + invert_ntt_at_layer_3_a9(&zeta_i, re); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_a9(re); } /** @@ -6872,7 +6872,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_0d0( +static KRML_MUSTINLINE void compute_vector_u_510( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -6899,11 +6899,11 @@ static KRML_MUSTINLINE void compute_vector_u_0d0( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_1b(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_9d0(&result[i1], &product); + ntt_multiply_d6_27(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_5d0(&result[i1], &product); } - invert_ntt_montgomery_050(&result[i1]); - add_error_reduce_d6_26(&result[i1], &error_1[i1]); + invert_ntt_montgomery_5f0(&result[i1]); + add_error_reduce_d6_a3(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -6920,7 +6920,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_d20( +compute_ring_element_v_160( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -6928,10 +6928,10 @@ compute_ring_element_v_d20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_1b(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_9d0(&result, &product);); - invert_ntt_montgomery_050(&result); - result = add_message_error_reduce_d6_09(error_2, message, result); + ntt_multiply_d6_27(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_5d0(&result, &product);); + invert_ntt_montgomery_5f0(&result); + result = add_message_error_reduce_d6_4d(error_2, message, result); return result; } @@ -6941,14 +6941,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_820( +static KRML_MUSTINLINE void compress_then_serialize_10_470( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_5f(to_unsigned_representative_80(re->coefficients[i0])); + compress_0d_0c(to_unsigned_representative_08(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6966,10 +6966,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_900( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_080( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_820(re, uu____0); + compress_then_serialize_10_470(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6985,7 +6985,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_e30( +static void compress_then_serialize_u_2b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7001,7 +7001,7 @@ static void compress_then_serialize_u_e30( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_900(&re, ret); + compress_then_serialize_ring_element_u_080(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7014,9 +7014,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_c80( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_b90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_27(re, out); + compress_then_serialize_4_d4(re, out); } /** @@ -7078,7 +7078,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_880(IndCpaPublicKeyUnpacked_ae *public_key, +static void encrypt_unpacked_e70(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -7087,7 +7087,7 @@ static void encrypt_unpacked_880(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____1 = - sample_vector_cbd_then_ntt_out_250(copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_out_860(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -7097,7 +7097,7 @@ static void encrypt_unpacked_880(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_d80(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_af0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7108,28 +7108,28 @@ static void encrypt_unpacked_880(IndCpaPublicKeyUnpacked_ae *public_key, PRF_f1_9d2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_0f( + sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_0d0(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_510(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_e4(copy_of_message); + deserialize_then_decompress_message_40(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_d20(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_160(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_e30( + compress_then_serialize_u_2b0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_c80( + compress_then_serialize_ring_element_v_b90( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7153,10 +7153,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_1e0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_ec0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_8d_6b0(); - deserialize_ring_elements_reduced_640( + deserialize_ring_elements_reduced_1b0( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -7165,13 +7165,13 @@ static void encrypt_1e0(Eurydice_slice public_key, uint8_t message[32U], unpacked_public_key.A; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_950(uu____0, ret0, false); + sample_matrix_A_ae0(uu____0, ret0, false); IndCpaPublicKeyUnpacked_ae *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_880(uu____1, copy_of_message, randomness, ret1); + encrypt_unpacked_e70(uu____1, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -7186,7 +7186,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_01(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_4d(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7213,11 +7213,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c10( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b10( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_90( + entropy_preprocess_d8_3b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -7227,7 +7227,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c10( size_t); uint8_t ret[32U]; H_f1_c60(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_ba_e90(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -7241,19 +7241,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c10( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_ba_e90(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_1e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_ec0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_fc_150(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_360(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_01(shared_secret, shared_secret_array); + kdf_d8_4d(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7274,7 +7274,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_fc0( +static KRML_MUSTINLINE void deserialize_secret_key_a20( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; @@ -7291,7 +7291,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_fc0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_ce(secret_bytes); + deserialize_to_uncompressed_ring_element_7f(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7306,8 +7306,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_7a0(Eurydice_slice serialized) { - return deserialize_then_decompress_10_28(serialized); +deserialize_then_decompress_ring_element_u_050(Eurydice_slice serialized) { + return deserialize_then_decompress_10_cb(serialized); } /** @@ -7316,17 +7316,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_6d0( +static KRML_MUSTINLINE void ntt_vector_u_580( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_ae(&zeta_i, re); - ntt_at_layer_2_cf(&zeta_i, re); - ntt_at_layer_1_01(&zeta_i, re); - poly_barrett_reduce_d6_c2(re); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_e9(&zeta_i, re); + ntt_at_layer_2_34(&zeta_i, re); + ntt_at_layer_1_bd(&zeta_i, re); + poly_barrett_reduce_d6_a9(re); } /** @@ -7341,7 +7341,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_230( +static KRML_MUSTINLINE void deserialize_then_decompress_u_4d0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; @@ -7364,8 +7364,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_230( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_7a0(u_bytes); - ntt_vector_u_6d0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_050(u_bytes); + ntt_vector_u_580(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7379,8 +7379,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_b60(Eurydice_slice serialized) { - return deserialize_then_decompress_4_da(serialized); +deserialize_then_decompress_ring_element_v_030(Eurydice_slice serialized) { + return deserialize_then_decompress_4_ad(serialized); } /** @@ -7396,17 +7396,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_2b0( +compute_message_150( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_1b(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_9d0(&result, &product);); - invert_ntt_montgomery_050(&result); - result = subtract_reduce_d6_28(v, result); + ntt_multiply_d6_27(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_5d0(&result, &product);); + invert_ntt_montgomery_5f0(&result); + result = subtract_reduce_d6_81(v, result); return result; } @@ -7444,18 +7444,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_ce0(IndCpaPrivateKeyUnpacked_ae *secret_key, +static void decrypt_unpacked_760(IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_230(ciphertext, u_as_ntt); + deserialize_then_decompress_u_4d0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_b60( + deserialize_then_decompress_ring_element_v_030( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_2b0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_150(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_f3(message, ret0); + compress_then_serialize_message_f9(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7469,10 +7469,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_1b0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_030(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_fc0(secret_key, secret_as_ntt); + deserialize_secret_key_a20(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7483,7 +7483,7 @@ static void decrypt_1b0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_ce0(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_760(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7523,7 +7523,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_2b0( +void libcrux_ml_kem_ind_cca_decapsulate_6a0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7541,7 +7541,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2b0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_1b0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_030(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7563,7 +7563,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2b0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_b60(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_9d1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7573,17 +7573,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_2b0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_1e0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_ec0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_01(Eurydice_array_to_slice((size_t)32U, + kdf_d8_4d(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_01(shared_secret0, shared_secret); + kdf_d8_4d(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_b60(ciphertext), + libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7602,7 +7602,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_642( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b2( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -7616,7 +7616,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_642( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_19(ring_element); + deserialize_to_reduced_ring_element_f6(ring_element); deserialized_pk[i0] = uu____0; } } @@ -7634,13 +7634,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_da( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_6b( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_d6_19();); - deserialize_ring_elements_reduced_642(public_key, deserialized_pk); + deserialize_ring_elements_reduced_1b2(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7656,7 +7656,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_d81( +static KRML_MUSTINLINE void serialize_secret_key_8c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7674,7 +7674,7 @@ static KRML_MUSTINLINE void serialize_secret_key_d81( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_47(&re, ret0); + serialize_uncompressed_ring_element_16(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -7692,13 +7692,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_mut_491( +static KRML_MUSTINLINE void serialize_public_key_mut_461( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - serialize_secret_key_d81(t_as_ntt, ret); + serialize_secret_key_8c1(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7718,11 +7718,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_d31( +static KRML_MUSTINLINE void serialize_public_key_eb1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - serialize_public_key_mut_491(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_461(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -7741,15 +7741,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c3(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_95(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_out_da( + deserialize_ring_elements_reduced_out_6b( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_d31( + serialize_public_key_eb1( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -7786,7 +7786,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_49( +bool libcrux_ml_kem_ind_cca_validate_private_key_46( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -7898,7 +7898,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_522( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_3b( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -8046,7 +8046,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_603( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb3( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -8158,7 +8158,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_604( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb4( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -8197,9 +8197,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_551( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba1( int16_t s[272U]) { - return from_i16_array_d6_b3( + return from_i16_array_d6_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -8210,7 +8210,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_d81( +static KRML_MUSTINLINE void sample_from_xof_491( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -8224,7 +8224,7 @@ static KRML_MUSTINLINE void sample_from_xof_d81( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_603( + bool done = sample_from_uniform_distribution_next_fb3( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -8236,7 +8236,7 @@ static KRML_MUSTINLINE void sample_from_xof_d81( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_604( + done = sample_from_uniform_distribution_next_fb4( copy_of_randomness, sampled_coefficients, out); } } @@ -8245,7 +8245,7 @@ static KRML_MUSTINLINE void sample_from_xof_d81( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_551(copy_of_out[i]);); + ret0[i] = closure_ba1(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8258,7 +8258,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_951( +static KRML_MUSTINLINE void sample_matrix_A_ae1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR3( @@ -8275,7 +8275,7 @@ static KRML_MUSTINLINE void sample_matrix_A_951( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_d81(copy_of_seeds, sampled); + sample_from_xof_491(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8340,7 +8340,7 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ce1( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_831( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -8357,9 +8357,9 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ce1( PRFxN_f1_9f2(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_0f( + re_as_ntt[i0] = sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_4d(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_fb(&re_as_ntt[i0]);); return domain_separator; } @@ -8383,7 +8383,7 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_251( +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_861( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -8392,7 +8392,7 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_251( uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_ce1(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_831(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -8421,7 +8421,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_d6_9d1( +static KRML_MUSTINLINE void add_to_ring_element_d6_5d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8448,7 +8448,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_501( +static KRML_MUSTINLINE void compute_As_plus_e_001( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -8475,10 +8475,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_501( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_1b(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_9d1(&t_as_ntt[i0], &product); + ntt_multiply_d6_27(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_5d1(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_00(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_d6_aa(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -8526,18 +8526,18 @@ static KRML_MUSTINLINE void compute_As_plus_e_501( /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 3 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_7e1( +static void generate_keypair_unpacked_741( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_f8 *private_key, IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_522(key_generation_seed, hashed); + cpa_keygen_seed_d8_3b(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8547,7 +8547,7 @@ static void generate_keypair_unpacked_7e1( public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); - sample_matrix_A_951(uu____1, ret, true); + sample_matrix_A_ae1(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); @@ -8557,17 +8557,17 @@ static void generate_keypair_unpacked_7e1( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_ce1(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_831(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_251(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_861(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_501(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_001(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -8588,18 +8588,18 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e3( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_52( Eurydice_slice key_generation_seed) { IndCpaPrivateKeyUnpacked_f8 private_key = default_1a_a31(); IndCpaPublicKeyUnpacked_f8 public_key = default_8d_6b1(); - generate_keypair_unpacked_7e1(key_generation_seed, &private_key, &public_key); + generate_keypair_unpacked_741(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - serialize_public_key_d31( + serialize_public_key_eb1( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_d81(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_8c1(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8626,7 +8626,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_0f( +static KRML_MUSTINLINE void serialize_kem_secret_key_61( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8690,7 +8690,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_7d(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8699,13 +8699,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_7d(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_e3(ind_cpa_keypair_randomness); + generate_keypair_52(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_0f( + serialize_kem_secret_key_61( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8714,13 +8714,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_7d(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_88_3e0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_620( - uu____2, libcrux_ml_kem_types_from_40_1c0(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b0( + uu____2, libcrux_ml_kem_types_from_40_600(copy_of_public_key)); } /** @@ -8733,7 +8733,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_07(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_b0(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8751,7 +8751,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_641( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -8765,7 +8765,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_641( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_19(ring_element); + deserialize_to_reduced_ring_element_f6(ring_element); deserialized_pk[i0] = uu____0; } } @@ -8783,7 +8783,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_d81(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_af1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_d6_19();); @@ -8802,7 +8802,7 @@ sample_ring_element_cbd_d81(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_0f( + sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8839,18 +8839,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_051( +static KRML_MUSTINLINE void invert_ntt_montgomery_5f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_56(&zeta_i, re); - invert_ntt_at_layer_3_81(&zeta_i, re); - invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_c2(re); + invert_ntt_at_layer_1_0d(&zeta_i, re); + invert_ntt_at_layer_2_4a(&zeta_i, re); + invert_ntt_at_layer_3_a9(&zeta_i, re); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_a9(re); } /** @@ -8862,7 +8862,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_0d1( +static KRML_MUSTINLINE void compute_vector_u_511( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -8889,11 +8889,11 @@ static KRML_MUSTINLINE void compute_vector_u_0d1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_1b(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_9d1(&result[i1], &product); + ntt_multiply_d6_27(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_5d1(&result[i1], &product); } - invert_ntt_montgomery_051(&result[i1]); - add_error_reduce_d6_26(&result[i1], &error_1[i1]); + invert_ntt_montgomery_5f1(&result[i1]); + add_error_reduce_d6_a3(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -8910,7 +8910,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_d21( +compute_ring_element_v_161( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -8918,10 +8918,10 @@ compute_ring_element_v_d21( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_1b(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_9d1(&result, &product);); - invert_ntt_montgomery_051(&result); - result = add_message_error_reduce_d6_09(error_2, message, result); + ntt_multiply_d6_27(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_5d1(&result, &product);); + invert_ntt_montgomery_5f1(&result); + result = add_message_error_reduce_d6_4d(error_2, message, result); return result; } @@ -8937,7 +8937,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_e31( +static void compress_then_serialize_u_2b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8953,7 +8953,7 @@ static void compress_then_serialize_u_e31( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_900(&re, ret); + compress_then_serialize_ring_element_u_080(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -9018,7 +9018,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_881(IndCpaPublicKeyUnpacked_f8 *public_key, +static void encrypt_unpacked_e71(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { @@ -9028,7 +9028,7 @@ static void encrypt_unpacked_881(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____1 = - sample_vector_cbd_then_ntt_out_251(copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_out_861(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -9038,7 +9038,7 @@ static void encrypt_unpacked_881(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_d81(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_af1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -9049,28 +9049,28 @@ static void encrypt_unpacked_881(IndCpaPublicKeyUnpacked_f8 *public_key, PRF_f1_9d4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_0f( + sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_0d1(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_511(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_e4(copy_of_message); + deserialize_then_decompress_message_40(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_d21(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_161(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_e31( + compress_then_serialize_u_2b1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_c80( + compress_then_serialize_ring_element_v_b90( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -9094,10 +9094,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_1e(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_ec(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_8d_6b1(); - deserialize_ring_elements_reduced_641( + deserialize_ring_elements_reduced_1b1( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -9106,13 +9106,13 @@ static void encrypt_1e(Eurydice_slice public_key, uint8_t message[32U], unpacked_public_key.A; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_951(uu____0, ret0, false); + sample_matrix_A_ae1(uu____0, ret0, false); IndCpaPublicKeyUnpacked_f8 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_881(uu____1, copy_of_message, randomness, ret1); + encrypt_unpacked_e71(uu____1, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -9127,7 +9127,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_f1(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_a7(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -9154,11 +9154,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_07( + entropy_preprocess_d8_b0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -9168,7 +9168,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c1( size_t); uint8_t ret[32U]; H_f1_c61(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_e91(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -9182,19 +9182,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_e91(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_1e(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_ec(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_fc_151(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_361(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_f1(shared_secret, shared_secret_array); + kdf_d8_a7(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -9215,7 +9215,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_fc( +static KRML_MUSTINLINE void deserialize_secret_key_a2( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -9232,7 +9232,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_fc( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_ce(secret_bytes); + deserialize_to_uncompressed_ring_element_7f(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -9252,7 +9252,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_231( +static KRML_MUSTINLINE void deserialize_then_decompress_u_4d1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -9275,8 +9275,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_231( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_7a0(u_bytes); - ntt_vector_u_6d0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_050(u_bytes); + ntt_vector_u_580(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -9296,17 +9296,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_2b1( +compute_message_151( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_1b(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_9d1(&result, &product);); - invert_ntt_montgomery_051(&result); - result = subtract_reduce_d6_28(v, result); + ntt_multiply_d6_27(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_5d1(&result, &product);); + invert_ntt_montgomery_5f1(&result); + result = subtract_reduce_d6_81(v, result); return result; } @@ -9344,18 +9344,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_ce1(IndCpaPrivateKeyUnpacked_f8 *secret_key, +static void decrypt_unpacked_761(IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_231(ciphertext, u_as_ntt); + deserialize_then_decompress_u_4d1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_b60( + deserialize_then_decompress_ring_element_v_030( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_2b1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_151(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_f3(message, ret0); + compress_then_serialize_message_f9(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9369,10 +9369,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_1b(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_03(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_fc(secret_key, secret_as_ntt); + deserialize_secret_key_a2(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -9383,7 +9383,7 @@ static void decrypt_1b(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_ce1(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_761(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9423,7 +9423,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_2b( +void libcrux_ml_kem_ind_cca_decapsulate_6a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -9441,7 +9441,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2b( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_1b(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_03(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -9463,7 +9463,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2b( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_b61(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_9d3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -9473,16 +9473,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_2b( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_1e(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_ec(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_f1(Eurydice_array_to_slice((size_t)32U, + kdf_d8_a7(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_f1(shared_secret0, shared_secret); + kdf_d8_a7(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_b61(ciphertext), + libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index f3c014ca1..6355ccd91 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 17d06bc9d..1977dc044 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 368e6247b..e8b21a2b6 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 92de06016..667db43e5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 05f74ac67..bfee55ebe 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 34cea09db..8cafd81d2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index fe569c74c..cfd01b11c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 41794f3c1..1941d5aa3 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 +Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 1d2043971..91bb8a875 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_core_H @@ -224,7 +224,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_07 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_07_61( +static inline uint8_t *libcrux_ml_kem_types_as_slice_07_4f( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -248,7 +248,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_40_1c(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_40_60(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -285,7 +285,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_62(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_17_8b(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -301,7 +301,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_88_3e(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_88_2d(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -365,7 +365,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_fc_66(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_fc_cd(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -385,7 +385,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_ba_38( +static inline uint8_t *libcrux_ml_kem_types_as_slice_ba_91( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -437,7 +437,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_fd_1c( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_fd_7b( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 30319009a..8b0f6ab72 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 32819a696..14c39eb2d 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem768_avx2_H @@ -1233,7 +1233,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_df(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_03(size_t _) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -1245,7 +1245,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_94( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_31( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1269,7 +1269,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_bd( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_14( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -1287,7 +1287,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_bd( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_94( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_31( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1306,7 +1306,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_f4(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_85(size_t _) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -1318,7 +1318,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a3( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b0( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1370,9 +1370,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4f( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_61( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a3( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b0( vector); } @@ -1384,7 +1384,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_27( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_08( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1395,7 +1395,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_27( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4f( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_61( coefficient); } return re; @@ -1409,7 +1409,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a30( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b00( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1461,9 +1461,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4f0( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_610( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a30( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b00( vector); } @@ -1475,7 +1475,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_dc( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_0e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1486,7 +1486,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_dc( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4f0( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_610( coefficient); } return re; @@ -1500,9 +1500,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f2( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_62( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_27(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_08(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1517,7 +1517,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_78( +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_aa( __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -1530,9 +1530,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7(__m256i a, __m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_c2(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_78(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_aa(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1546,7 +1546,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ba( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1559,7 +1559,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ba( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_c2( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -1577,7 +1577,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_b7( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_5f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1596,7 +1596,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_20( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_c2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1618,7 +1618,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_91( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_60( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1649,7 +1649,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a7( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1666,21 +1666,21 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_4a( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_72( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_b7(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_20(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_91(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a7(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_5f(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_c2(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_60(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_2b(re); } /** @@ -1697,7 +1697,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_93( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -1722,9 +1722,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_93( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f2( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_62( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_4a(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_72(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1739,7 +1739,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a31( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b01( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1791,9 +1791,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4f1( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_611( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a31( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b01( vector); } @@ -1805,7 +1805,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_89( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_e1( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1816,7 +1816,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_89( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4f1( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_611( coefficient); } return re; @@ -1830,7 +1830,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a32( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b02( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1882,9 +1882,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4f2( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_612( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a32( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b02( vector); } @@ -1896,7 +1896,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_19( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_4e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -1907,7 +1907,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_19( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_4f2( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_612( re.coefficients[i0]); } return re; @@ -1921,9 +1921,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_45( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_86( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_89(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_e1(serialized); } /** @@ -1966,7 +1966,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_d6_5f( +libcrux_ml_kem_polynomial_ntt_multiply_d6_f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = @@ -2007,7 +2007,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_13( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2028,7 +2028,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_13( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_f2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2055,7 +2055,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e7( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_96( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2078,7 +2078,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_26( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2099,13 +2099,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_92(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_f1(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_78(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_aa(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2118,7 +2118,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2133,7 +2133,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_92( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_f1( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2151,22 +2151,22 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_44( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_13(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e7(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_3a(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_f2(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_96(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_26(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a7(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_2b(re); } /** @@ -2182,7 +2182,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_d6_98( +libcrux_ml_kem_polynomial_subtract_reduce_d6_c9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2212,7 +2212,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_13( +libcrux_ml_kem_matrix_compute_message_4a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -2221,12 +2221,12 @@ libcrux_ml_kem_matrix_compute_message_13( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_5f(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_d6_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_13(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_d6_98(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_44(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_d6_c9(v, result); return result; } @@ -2237,7 +2237,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_d4(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_7f(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2251,9 +2251,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_17( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_cf( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_d4(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_7f(vector); } /** @@ -2264,8 +2264,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_32(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_17(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_c0(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_cf(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2279,13 +2279,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_51( +libcrux_ml_kem_serialize_compress_then_serialize_message_a4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_32( + libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); @@ -2334,20 +2334,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_08( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_40( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_93(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_45( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_86( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_13(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_4a(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_51(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_a4(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2362,11 +2362,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_b4(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_5e(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_bd(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_14(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2378,7 +2378,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_b4(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_08(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_40(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2478,7 +2478,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_66( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_49( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -2506,7 +2506,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e3( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_75( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -2520,7 +2520,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e3( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_66( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_49( ring_element); deserialized_pk[i0] = uu____0; } @@ -2668,7 +2668,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e0( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_74( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2800,7 +2800,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e00( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_740( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2848,7 +2848,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_d6_34(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_d6_14(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; @@ -2869,8 +2869,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_b7(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_d6_34( +libcrux_ml_kem_sampling_sample_from_xof_closure_e4(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_d6_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2881,7 +2881,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_59( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_67( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -2898,7 +2898,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_59( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e0( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_74( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -2911,7 +2911,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_59( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e00( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_740( copy_of_randomness, sampled_coefficients, out); } } @@ -2921,7 +2921,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_59( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_b7(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_e4(copy_of_out[i]); } memcpy( ret, ret0, @@ -2935,7 +2935,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_59( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_34( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2956,7 +2956,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_59( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_59(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_67(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2997,7 +2997,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_b6(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_61(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -3109,7 +3109,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_1b( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ea( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3144,7 +3144,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_1b( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_d6_34( + return libcrux_ml_kem_polynomial_from_i16_array_d6_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3156,7 +3156,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_e1( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_3c( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3190,7 +3190,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_e1( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_d6_34( + return libcrux_ml_kem_polynomial_from_i16_array_d6_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3202,9 +3202,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_d5( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_af( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_1b( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ea( randomness); } @@ -3215,7 +3215,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_77( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_ab( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3237,20 +3237,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b6( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_77(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_ab(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ba(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_b7(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_20(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_91(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a7(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_5f(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_c2(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_60(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_2b(re); } /** @@ -3267,7 +3267,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ee( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -3287,9 +3287,9 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_d5( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b6(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]); } return domain_separator; } @@ -3304,7 +3304,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_1a( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_7f( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3313,7 +3313,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_1a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e( + domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ee( uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; @@ -3338,7 +3338,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_d0(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_a1(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -3355,7 +3355,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b3(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_61(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3378,7 +3378,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b3(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_d5( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -3433,7 +3433,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_26(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_02(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -3449,7 +3449,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_ba( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3474,7 +3474,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_2a( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_fe( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -3502,12 +3502,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_2a( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_5f(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_13(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_d6_f1(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_d6_ba(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_44(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_d6_b5(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3521,7 +3521,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_15(__m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_17(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3536,7 +3536,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_a6( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_df( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -3547,7 +3547,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_a6( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_15(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_17(coefficient_compressed); } return re; } @@ -3565,7 +3565,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_d6_d9( +libcrux_ml_kem_polynomial_add_message_error_reduce_d6_77( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3596,7 +3596,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_24( +libcrux_ml_kem_matrix_compute_ring_element_v_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -3606,12 +3606,12 @@ libcrux_ml_kem_matrix_compute_ring_element_v_24( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_5f(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_d6_f1(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_13(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_d9( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_44(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_77( error_2, message, result); return result; } @@ -3624,7 +3624,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_23( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3679,9 +3679,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_7e( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_66( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_23( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc( vector); } @@ -3693,14 +3693,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_58( +libcrux_ml_kem_serialize_compress_then_serialize_10_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_7e( - libcrux_ml_kem_vector_traits_to_unsigned_representative_32( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_66( + libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); @@ -3720,7 +3720,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_230( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc0( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3775,9 +3775,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_7e0( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_660( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_230( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc0( vector); } @@ -3789,14 +3789,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_d3( +libcrux_ml_kem_serialize_compress_then_serialize_11_ce( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_7e0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_32( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_660( + libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); @@ -3817,10 +3817,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fb( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_89( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_58(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_ba(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3837,7 +3837,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_03( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3853,7 +3853,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_03( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fb(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_89(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3868,7 +3868,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_231( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc1( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3923,9 +3923,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_7e1( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_661( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_231( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc1( vector); } @@ -3937,14 +3937,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_3a( +libcrux_ml_kem_serialize_compress_then_serialize_4_1e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_7e1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_32( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_661( + libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); @@ -3963,7 +3963,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_232( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc2( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4018,9 +4018,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_7e2( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_662( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_232( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc2( vector); } @@ -4032,14 +4032,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_26( +libcrux_ml_kem_serialize_compress_then_serialize_5_65( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_7e2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_32( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_662( + libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); @@ -4059,9 +4059,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_9f( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_3a(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_1e(re, out); } /** @@ -4123,7 +4123,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_5e( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -4131,7 +4131,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_5e( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_1a( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_7f( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -4141,7 +4141,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_5e( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b3( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_61( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4153,30 +4153,30 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_5e( libcrux_ml_kem_hash_functions_avx2_PRF_a9_420( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_d5( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_2a(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_fe(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_a6( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_df( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_24( + libcrux_ml_kem_matrix_compute_ring_element_v_c1( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_03( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_9f( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_e0( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4200,13 +4200,13 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_0c(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_3b(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e3( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_75( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -4215,14 +4215,14 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_0c(Eurydice_slice public_key, unpacked_public_key.A; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_59(uu____0, ret0, false); + libcrux_ml_kem_matrix_sample_matrix_A_34(uu____0, ret0, false); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_5e(uu____1, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3(uu____1, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -4239,7 +4239,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_95( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_e9( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -4271,7 +4271,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_71( +static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4289,7 +4289,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_71( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b4(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_5e(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4313,7 +4313,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_71( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -4324,18 +4324,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_71( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0c(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_3b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_95( + libcrux_ml_kem_variant_kdf_d8_e9( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_95(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_d8_e9(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), + libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4368,10 +4368,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_90( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_99( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_71(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a6(private_key, ciphertext, ret); } /** @@ -4385,7 +4385,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_90(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_99(private_key, ciphertext, ret); } @@ -4400,7 +4400,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_5d( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_96( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4443,11 +4443,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d3( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_01( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_5d( + libcrux_ml_kem_variant_entropy_preprocess_d8_96( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4458,7 +4458,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d3( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_38(public_key), + libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4473,20 +4473,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d3( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_38(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0c(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_3b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_fc_66(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_95(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_e9(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4518,14 +4518,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_eb( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_57( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_d3(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_01(uu____0, copy_of_randomness); } /** @@ -4543,7 +4543,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_eb( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_57( uu____0, copy_of_randomness); } @@ -4579,7 +4579,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_520( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_e1( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4602,7 +4602,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_07( +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_bd0( __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -4621,14 +4621,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_9a( +libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_07( + libcrux_ml_kem_vector_traits_to_standard_domain_bd0( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, @@ -4646,7 +4646,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_91( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -4674,12 +4674,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_91( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_5f(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_d6_f1(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_13(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_9a( + libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_a7( &t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -4728,18 +4728,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_91( /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 3 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a5( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_81( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_520(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_e1(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4749,7 +4750,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a5( public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A_59(uu____1, ret, true); + libcrux_ml_kem_matrix_sample_matrix_A_34(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); @@ -4759,7 +4760,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a5( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ee( uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4767,11 +4768,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_1a( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_7f( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_matrix_compute_As_plus_e_91( + libcrux_ml_kem_matrix_compute_As_plus_e_a2( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; @@ -4789,14 +4790,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_50( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_53( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_32( + libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); @@ -4819,7 +4820,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_19( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -4837,7 +4838,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_19( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_50(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_53(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4856,13 +4857,13 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ac( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_c2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_19(t_as_ntt, ret); + libcrux_ml_kem_ind_cpa_serialize_secret_key_5f(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4883,11 +4884,11 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_37( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_02( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ac(t_as_ntt, seed_for_a, + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_c2(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -4906,20 +4907,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_c1(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_2f(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a5( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_81( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_37( + libcrux_ml_kem_ind_cpa_serialize_public_key_02( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_19(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_5f(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -4948,7 +4949,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_90( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0a( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5013,7 +5014,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_7a(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_51(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5022,13 +5023,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_7a(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_c1(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_2f(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_90( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0a( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5037,13 +5038,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_7a(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_88_3e(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_62( - uu____2, libcrux_ml_kem_types_from_40_1c(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b( + uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); } /** @@ -5062,12 +5063,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_65( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_3f( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_7a(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_51(copy_of_randomness); } /** @@ -5079,7 +5080,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_65( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_3f( copy_of_randomness); } @@ -5095,7 +5096,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_4e( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_1d( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5106,7 +5107,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_4e( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_07_61(ciphertext), + libcrux_ml_kem_types_as_slice_07_4f(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -5140,7 +5141,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_710( +static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5158,7 +5159,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_710( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b4(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_5e(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5182,7 +5183,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_710( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -5193,18 +5194,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_710( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0c(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_3b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_4e( + libcrux_ml_kem_variant_kdf_33_1d( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_4e(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_33_1d(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), + libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5238,10 +5239,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_23( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_29( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_710(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a60(private_key, ciphertext, ret); } /** @@ -5255,7 +5256,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_23( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_29( private_key, ciphertext, ret); } @@ -5270,7 +5271,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_c1( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_52( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_16(randomness, ret); } @@ -5295,11 +5296,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d30( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_010( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_c1( + libcrux_ml_kem_variant_entropy_preprocess_33_52( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5310,7 +5311,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d30( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_38(public_key), + libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5325,20 +5326,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d30( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_38(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0c(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_3b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_fc_66(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_4e(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_1d(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5373,14 +5374,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ae( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ce( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_d30(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_010(uu____0, copy_of_randomness); } /** @@ -5398,10 +5399,124 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ae( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ce( uu____0, copy_of_randomness); } +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::Kyber)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_33 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_47( + Eurydice_slice key_generation_seed, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G_a9_67(key_generation_seed, ret); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_Kyber +with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_810( + Eurydice_slice key_generation_seed, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { + uint8_t hashed[64U]; + libcrux_ml_kem_variant_cpa_keygen_seed_33_47(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[3U] = + public_key->A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A_34(uu____1, ret, true); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 = + private_key->secret_as_ntt; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t domain_separator = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ee( + uu____2, copy_of_prf_input0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_7f( + copy_of_prf_input, domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_matrix_compute_As_plus_e_a2( + public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, + error_as_ntt); + uint8_t uu____5[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5416,21 +5531,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_c10( +libcrux_ml_kem_ind_cpa_generate_keypair_2f0( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a5( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_810( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_37( + libcrux_ml_kem_ind_cpa_serialize_public_key_02( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_19(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_5f(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5471,7 +5586,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_7a0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5480,13 +5595,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_7a0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_c10(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_2f0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_90( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0a( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5495,13 +5610,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_7a0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_88_3e(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_62( - uu____2, libcrux_ml_kem_types_from_40_1c(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b( + uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); } /** @@ -5518,12 +5633,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_47( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_2d( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_7a0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_510(copy_of_randomness); } /** @@ -5535,7 +5650,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_47( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_2d( copy_of_randomness); } @@ -5555,7 +5670,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_29( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_ea( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -5584,10 +5699,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_3e( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_dc( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_29(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_ea(private_key, ciphertext); } @@ -5600,7 +5715,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_3e( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_dc( private_key, ciphertext); } @@ -5613,7 +5728,7 @@ types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_7c( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_ea( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -5630,7 +5745,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e30( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_750( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -5644,7 +5759,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e30( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_66( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_49( ring_element); deserialized_pk[i0] = uu____0; } @@ -5665,14 +5780,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_10( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a5( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); } - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e30( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_750( public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -5695,16 +5810,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_d3( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_19( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_10( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a5( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_37( + libcrux_ml_kem_ind_cpa_serialize_public_key_02( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -5726,9 +5841,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_73( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_8d( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_d3(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_19(public_key); } /** @@ -5739,7 +5854,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_73( KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_73( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_8d( public_key->value); } @@ -5765,11 +5880,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_14( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_5c( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_08( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_40( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5799,7 +5914,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_14( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -5811,11 +5926,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_14( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_5e( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), + libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5852,10 +5967,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_7b( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_ed( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_14(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_5c(key_pair, ciphertext, ret); } /** @@ -5869,7 +5984,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_7b( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_ed( private_key, ciphertext, ret); } @@ -5892,7 +6007,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_64( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_d6( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5920,7 +6035,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_64( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_5e(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5930,7 +6045,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_64( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_fc_66(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5964,7 +6079,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_70( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_ad( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -5972,7 +6087,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_70( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_64(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_d6(uu____0, copy_of_randomness); } @@ -5993,7 +6108,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_70( + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_ad( uu____0, copy_of_randomness); } @@ -6001,7 +6116,8 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate( A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair.closure.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 @@ -6012,7 +6128,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_06(size_t _j) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_58(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } @@ -6020,7 +6136,8 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_06(size_t _j) { A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 @@ -6030,7 +6147,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_92( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_00( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); @@ -6050,7 +6167,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_17_3f( +libcrux_ml_kem_polynomial_clone_17_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -6066,7 +6183,8 @@ libcrux_ml_kem_polynomial_clone_17_3f( /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 @@ -6076,7 +6194,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_1f( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_05( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -6086,19 +6204,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_1f( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a5( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_81( ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_92(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_00(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_clone_17_3f( + libcrux_ml_kem_polynomial_clone_17_8c( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -6111,7 +6229,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_1f( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_37( + libcrux_ml_kem_ind_cpa_serialize_public_key_02( out->public_key.ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice( (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), @@ -6147,13 +6265,13 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_c4( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_25( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_1f(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_05(copy_of_randomness, out); } /** @@ -6166,7 +6284,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_c4( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_25( copy_of_randomness, key_pair); } @@ -6183,7 +6301,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_default_1c_81(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_5d(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); lit.public_key_hash[0U] = 0U; @@ -6235,7 +6353,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_3c(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_c1(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0; uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); uu____0.implicit_rejection_value[0U] = 0U; @@ -6273,7 +6391,7 @@ static KRML_MUSTINLINE return ( CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_81()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_5d()}); } /** @@ -6282,7 +6400,7 @@ static KRML_MUSTINLINE KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_3c(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_c1(); } /** @@ -6291,7 +6409,7 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_81(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_5d(); } /** @@ -6312,10 +6430,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_ac( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_68( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ac( + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_c2( self->ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, uint8_t), @@ -6340,10 +6458,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_38( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_c0( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_ac( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_68( &self->public_key, serialized); } @@ -6355,7 +6473,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_38(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_c0(key_pair, serialized); } @@ -6372,7 +6490,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_d4( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_6f( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -6409,11 +6527,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_clone_28_52( +libcrux_ml_kem_ind_cca_unpacked_clone_28_d0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_d4(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_6f(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -6438,7 +6556,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * - libcrux_ml_kem_ind_cca_unpacked_public_key_de_7a( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_42( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -6451,8 +6569,8 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_52( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_7a(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_d0( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_42(key_pair)); pk[0U] = uu____0; } @@ -6463,7 +6581,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_ac(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_68(public_key, serialized); } @@ -6481,13 +6599,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_05( +libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_4c( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { Eurydice_slice uu____0 = Eurydice_array_to_subslice_to( (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e3( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_75( uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); uint8_t uu____1[32U]; libcrux_ml_kem_utils_into_padded_array_423( @@ -6503,11 +6621,11 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_05( Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t), ret); - libcrux_ml_kem_matrix_sample_matrix_A_59(uu____2, ret, false); + libcrux_ml_kem_matrix_sample_matrix_A_34(uu____2, ret, false); uint8_t uu____3[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_38(public_key), + libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t), uu____3); memcpy(unpacked_public_key->public_key_hash, uu____3, @@ -6528,11 +6646,11 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_7a( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_f9( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_05(public_key, + libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_4c(public_key, unpacked_public_key); } @@ -6544,7 +6662,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_7a( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_f9( public_key, unpacked_public_key); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index dcd7095f4..f0149381d 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem768_avx2_types_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 0c955904c..c6bba1c8b 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem768_portable_H @@ -2454,7 +2454,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_48( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_90( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -2479,7 +2479,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_f4( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_e1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -2497,7 +2497,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_f4( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_48( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_90( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2515,7 +2515,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_07(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_2f(size_t _) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -2526,7 +2526,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_40( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2551,9 +2551,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_17( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_40( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b( v); } @@ -2564,7 +2564,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_ac( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_d0( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -2576,7 +2576,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_ac( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_17( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e( coefficient); re.coefficients[i0] = uu____0; } @@ -2590,7 +2590,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_400( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2615,9 +2615,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_170( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_400( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b0( v); } @@ -2628,7 +2628,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_8c( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_58( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -2640,7 +2640,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_8c( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_170( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e0( coefficient); re.coefficients[i0] = uu____0; } @@ -2654,9 +2654,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_c2( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5f( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_ac(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_d0(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2671,7 +2671,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_3b( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_2c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2685,12 +2685,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_59( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_02( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_3b(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_2c(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2704,7 +2704,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_d5( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2717,7 +2717,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_d5( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_59( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_02( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2734,7 +2734,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_ae( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_e9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2754,7 +2754,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_cf( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2776,7 +2776,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_01( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_bd( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2807,7 +2807,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_c2( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2825,21 +2825,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_6a( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_ae(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_cf(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_01(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_c2(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_e9(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_34(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_bd(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a9(re); } /** @@ -2855,7 +2855,7 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ae( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_75( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -2880,9 +2880,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ae( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_c2( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5f( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_6a(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_b0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2896,7 +2896,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_401( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2921,9 +2921,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_171( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_401( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b1( v); } @@ -2934,7 +2934,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_28( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_ef( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -2946,7 +2946,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_28( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_171( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e1( coefficient); re.coefficients[i0] = uu____0; } @@ -2960,7 +2960,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_402( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2985,9 +2985,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_172( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_402( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b2( v); } @@ -2998,7 +2998,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_5c( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_5a( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -3010,7 +3010,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_5c( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_172( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e2( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3024,9 +3024,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_08( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_6e( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_28(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_ef(serialized); } /** @@ -3068,7 +3068,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_d6_1b( +libcrux_ml_kem_polynomial_ntt_multiply_d6_27( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = @@ -3110,7 +3110,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_9d( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3134,7 +3134,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_04( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_e0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3160,7 +3160,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_eb( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3182,7 +3182,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_0c( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_29( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3204,7 +3204,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_78( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_35( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3212,7 +3212,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_3b(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_2c(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3225,7 +3225,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d5( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3240,7 +3240,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d5( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_78( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_35( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3257,22 +3257,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d6( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_bc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_04(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_eb(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_0c(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d5(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_e0(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_29(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d5(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d5(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d5(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_c2(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a9(re); } /** @@ -3287,7 +3287,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_d6_38( +libcrux_ml_kem_polynomial_subtract_reduce_d6_5f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3319,7 +3319,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_7a( +libcrux_ml_kem_matrix_compute_message_5b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -3328,12 +3328,12 @@ libcrux_ml_kem_matrix_compute_message_7a( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_1b(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_d6_27(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_9d(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d6(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_d6_38(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_bc(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_d6_5f(v, result); return result; } @@ -3343,7 +3343,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_56( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_7d( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3363,9 +3363,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_12( +libcrux_ml_kem_vector_portable_shift_right_0d_46( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_56(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_7d(v); } /** @@ -3375,10 +3375,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_80( +libcrux_ml_kem_vector_traits_to_unsigned_representative_08( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_12(a); + libcrux_ml_kem_vector_portable_shift_right_0d_46(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3392,13 +3392,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_7c( +libcrux_ml_kem_serialize_compress_then_serialize_message_71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_80( + libcrux_ml_kem_vector_traits_to_unsigned_representative_08( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3448,20 +3448,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_bc( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b6( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ae(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_75(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_08( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_6e( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_7a(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_5b(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_7c(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_71(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3475,11 +3475,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_ab(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_75(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_f4(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_e1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3491,7 +3491,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_ab(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_bc(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_b6(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3586,7 +3586,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_0c( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e4( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -3615,7 +3615,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_10( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e2( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -3629,7 +3629,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_10( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_0c( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e4( ring_element); deserialized_pk[i0] = uu____0; } @@ -3779,7 +3779,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_60( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3900,7 +3900,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_600( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb0( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3947,7 +3947,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_d6_b3(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_d6_bb(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; @@ -3970,8 +3970,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_55(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_d6_b3( +libcrux_ml_kem_sampling_sample_from_xof_closure_ba(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_d6_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3982,7 +3982,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_d8( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_49( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -3999,7 +3999,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_d8( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_60( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -4012,7 +4012,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_d8( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_600( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb0( copy_of_randomness, sampled_coefficients, out); } } @@ -4022,7 +4022,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_55(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_ba(copy_of_out[i]); } memcpy( ret, ret0, @@ -4036,7 +4036,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_95( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ae( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -4057,7 +4057,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_95( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_d8(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_49(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4098,7 +4098,7 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_bf(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_52(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -4191,7 +4191,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_26( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_d1( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4226,7 +4226,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_26( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_d6_b3( + return libcrux_ml_kem_polynomial_from_i16_array_d6_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4237,7 +4237,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_c3( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_a6( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4271,7 +4271,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_c3( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_d6_b3( + return libcrux_ml_kem_polynomial_from_i16_array_d6_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4282,9 +4282,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_0f( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_dd( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_26( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_d1( randomness); } @@ -4294,7 +4294,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_39( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_98( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4317,20 +4317,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_4d( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_fb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_39(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_98(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_d5(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_ae(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_cf(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_01(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_c2(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_e9(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_34(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_bd(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a9(re); } /** @@ -4347,7 +4347,7 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_83( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -4367,9 +4367,9 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_0f( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_4d(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_fb(&re_as_ntt[i0]); } return domain_separator; } @@ -4384,7 +4384,7 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_25( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_86( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4393,7 +4393,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_25( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce( + domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_83( uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; @@ -4418,7 +4418,7 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_c2(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_3a(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -4435,7 +4435,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_9e(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2b(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4458,7 +4458,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_9e(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_0f( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -4510,7 +4510,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_8f(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_e7(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -4525,7 +4525,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_a6( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_0d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4552,7 +4552,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_46( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -4580,12 +4580,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_46( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_1b(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_9d(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_d6_27(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d6(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_d6_a6(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_bc(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_d6_0d(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4599,7 +4599,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_44( +libcrux_ml_kem_vector_traits_decompress_1_94( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4614,7 +4614,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_09( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_4d( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -4627,7 +4627,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_09( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_44(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_94(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4645,7 +4645,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_d6_bf( +libcrux_ml_kem_polynomial_add_message_error_reduce_d6_92( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4678,7 +4678,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_18( +libcrux_ml_kem_matrix_compute_ring_element_v_04( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4688,12 +4688,12 @@ libcrux_ml_kem_matrix_compute_ring_element_v_18( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_1b(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_d6_27(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_9d(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d6(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_bf( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_bc(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_92( error_2, message, result); return result; } @@ -4704,7 +4704,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_35( +libcrux_ml_kem_vector_portable_compress_compress_20( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4727,9 +4727,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_5f( +libcrux_ml_kem_vector_portable_compress_0d_0c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_35(v); + return libcrux_ml_kem_vector_portable_compress_compress_20(v); } /** @@ -4739,15 +4739,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_1a( +libcrux_ml_kem_serialize_compress_then_serialize_10_95( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_5f( - libcrux_ml_kem_vector_traits_to_unsigned_representative_80( + libcrux_ml_kem_vector_portable_compress_0d_0c( + libcrux_ml_kem_vector_traits_to_unsigned_representative_08( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4765,7 +4765,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_350( +libcrux_ml_kem_vector_portable_compress_compress_200( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4788,9 +4788,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_5f0( +libcrux_ml_kem_vector_portable_compress_0d_0c0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_350(v); + return libcrux_ml_kem_vector_portable_compress_compress_200(v); } /** @@ -4800,15 +4800,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_23( +libcrux_ml_kem_serialize_compress_then_serialize_11_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_5f0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_80( + libcrux_ml_kem_vector_portable_compress_0d_0c0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_08( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4828,10 +4828,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b5( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_9c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_1a(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_95(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4847,7 +4847,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_90( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4863,7 +4863,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_90( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b5(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_9c(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4876,7 +4876,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_351( +libcrux_ml_kem_vector_portable_compress_compress_201( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4899,9 +4899,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_5f1( +libcrux_ml_kem_vector_portable_compress_0d_0c1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_351(v); + return libcrux_ml_kem_vector_portable_compress_compress_201(v); } /** @@ -4911,15 +4911,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_48( +libcrux_ml_kem_serialize_compress_then_serialize_4_c5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_5f1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_80( + libcrux_ml_kem_vector_portable_compress_0d_0c1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_08( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4936,7 +4936,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_352( +libcrux_ml_kem_vector_portable_compress_compress_202( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4959,9 +4959,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_5f2( +libcrux_ml_kem_vector_portable_compress_0d_0c2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_352(v); + return libcrux_ml_kem_vector_portable_compress_compress_202(v); } /** @@ -4971,15 +4971,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_67( +libcrux_ml_kem_serialize_compress_then_serialize_5_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_5f2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_80( + libcrux_ml_kem_vector_portable_compress_0d_0c2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_08( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -4998,9 +4998,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_5f( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_48(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_c5(re, out); } /** @@ -5062,7 +5062,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_7f( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -5070,7 +5070,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_7f( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_25( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_86( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -5080,7 +5080,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_7f( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_9e( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2b( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5092,30 +5092,30 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_7f( libcrux_ml_kem_hash_functions_portable_PRF_f1_9d0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_0f( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_46(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_f7(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_09( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_4d( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_18( + libcrux_ml_kem_matrix_compute_ring_element_v_04( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_90( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_5f( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_8b( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5139,13 +5139,13 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_41(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_d1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_10( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e2( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -5154,14 +5154,14 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_41(Eurydice_slice public_key, unpacked_public_key.A; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_95(uu____0, ret0, false); + libcrux_ml_kem_matrix_sample_matrix_A_ae(uu____0, ret0, false); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_7f(uu____1, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3(uu____1, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -5177,7 +5177,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_f1( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_a7( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -5208,7 +5208,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_22( +static inline void libcrux_ml_kem_ind_cca_decapsulate_b6( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5226,7 +5226,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_22( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_ab(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_75(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5250,7 +5250,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_22( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -5261,18 +5261,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_22( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_41(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_d1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_f1( + libcrux_ml_kem_variant_kdf_d8_a7( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_f1(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_d8_a7(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), + libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5305,10 +5305,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_0d( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_22(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b6(private_key, ciphertext, ret); } /** @@ -5321,7 +5321,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_0d( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_0d( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8a( private_key, ciphertext, ret); } @@ -5335,7 +5335,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_07( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_b0( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5376,11 +5376,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_00( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c6( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_07( + libcrux_ml_kem_variant_entropy_preprocess_d8_b0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5391,7 +5391,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_00( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_38(public_key), + libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5406,20 +5406,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_00( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_38(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_41(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_d1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_fc_66(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_f1(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_a7(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5450,14 +5450,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_f5( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_95( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_00(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_c6(uu____0, copy_of_randomness); } /** @@ -5474,7 +5474,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_f5( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_95( uu____0, copy_of_randomness); } @@ -5508,7 +5508,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_52( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_3b( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -5531,7 +5531,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_38( +libcrux_ml_kem_vector_traits_to_standard_domain_bd( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5549,7 +5549,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_00( +libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_aa( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5557,7 +5557,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_00( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_38( + libcrux_ml_kem_vector_traits_to_standard_domain_bd( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5576,7 +5576,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_50( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -5604,12 +5604,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_1b(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_d6_27(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_9d(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_00( + libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_aa( &t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -5658,18 +5658,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_50( /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 3 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_7e( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_74( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_52(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_3b(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5679,7 +5679,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_7e( public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A_95(uu____1, ret, true); + libcrux_ml_kem_matrix_sample_matrix_A_ae(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); @@ -5689,7 +5689,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_7e( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_83( uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -5697,11 +5697,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_25( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_86( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_matrix_compute_As_plus_e_50( + libcrux_ml_kem_matrix_compute_As_plus_e_00( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; @@ -5718,14 +5718,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_47( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_16( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_80( + libcrux_ml_kem_vector_traits_to_unsigned_representative_08( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5747,7 +5747,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_d8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5765,7 +5765,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_d8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_47(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_16(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5783,13 +5783,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_49( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_46( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_d8(t_as_ntt, ret); + libcrux_ml_kem_ind_cpa_serialize_secret_key_8c(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5809,11 +5809,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d3( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_eb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_49(t_as_ntt, seed_for_a, + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_46(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -5831,20 +5831,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_e3(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_52(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_7e( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_74( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d3( + libcrux_ml_kem_ind_cpa_serialize_public_key_eb( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_d8(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_8c(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5872,7 +5872,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0f( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_61( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5936,7 +5936,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_7d(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5945,13 +5945,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_7d(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_e3(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_52(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0f( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_61( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5960,13 +5960,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_7d(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_88_3e(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_62( - uu____2, libcrux_ml_kem_types_from_40_1c(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b( + uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); } /** @@ -5985,12 +5985,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_b3( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_6b( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_7d(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_54(copy_of_randomness); } /** @@ -6001,7 +6001,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_b3( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_6b( copy_of_randomness); } @@ -6016,7 +6016,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_f2( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_e0( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -6027,7 +6027,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_f2( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_07_61(ciphertext), + libcrux_ml_kem_types_as_slice_07_4f(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -6060,7 +6060,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_220( +static inline void libcrux_ml_kem_ind_cca_decapsulate_b60( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6078,7 +6078,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_220( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_ab(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_75(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6102,7 +6102,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_220( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -6113,18 +6113,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_220( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_41(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_d1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_f2( + libcrux_ml_kem_variant_kdf_33_e0( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_f2(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_33_e0(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), + libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6158,10 +6158,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fa( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_64( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_220(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b60(private_key, ciphertext, ret); } /** @@ -6174,7 +6174,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fa( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fa( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_64( private_key, ciphertext, ret); } @@ -6188,7 +6188,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_79( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_c0( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_c6(randomness, ret); } @@ -6212,11 +6212,11 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_000( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c60( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_79( + libcrux_ml_kem_variant_entropy_preprocess_33_c0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6227,7 +6227,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_000( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_38(public_key), + libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6242,20 +6242,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_000( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_38(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_41(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_d1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_fc_66(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_f2(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_e0(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6290,14 +6290,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_ec( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_92( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_000(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_c60(uu____0, copy_of_randomness); } /** @@ -6314,10 +6314,122 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_ec( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_92( uu____0, copy_of_randomness); } +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::Kyber)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_33 +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_c8( + Eurydice_slice key_generation_seed, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_portable_G_f1_07(key_generation_seed, ret); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_Kyber with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_740( + Eurydice_slice key_generation_seed, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { + uint8_t hashed[64U]; + libcrux_ml_kem_variant_cpa_keygen_seed_33_c8(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[3U] = + public_key->A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A_ae(uu____1, ret, true); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 = + private_key->secret_as_ntt; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t domain_separator = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_83( + uu____2, copy_of_prf_input0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_86( + copy_of_prf_input, domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_matrix_compute_As_plus_e_00( + public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, + error_as_ntt); + uint8_t uu____5[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6331,21 +6443,21 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_e30( +libcrux_ml_kem_ind_cpa_generate_keypair_520( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_7e( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_740( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d3( + libcrux_ml_kem_ind_cpa_serialize_public_key_eb( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_d8(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_8c(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6385,7 +6497,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_7d0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6394,13 +6506,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_7d0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_e30(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_520(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0f( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_61( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6409,13 +6521,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_7d0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_88_3e(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_62( - uu____2, libcrux_ml_kem_types_from_40_1c(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b( + uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); } /** @@ -6431,12 +6543,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_0b( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_31( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_7d0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_540(copy_of_randomness); } /** @@ -6448,7 +6560,7 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_0b( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_31( copy_of_randomness); } @@ -6467,7 +6579,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_ef( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_2f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -6495,10 +6607,10 @@ generics - CIPHERTEXT_SIZE= 1088 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_f2( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_77( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_ef(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_2f(private_key, ciphertext); } @@ -6510,7 +6622,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_f2( static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_f2( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_77( private_key, ciphertext); } @@ -6523,7 +6635,7 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_9f( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_5a( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -6539,7 +6651,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_100( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e20( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -6553,7 +6665,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_100( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_0c( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e4( ring_element); deserialized_pk[i0] = uu____0; } @@ -6573,14 +6685,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_2f( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_33( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); } - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_100( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e20( public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -6602,16 +6714,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_fc( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_e3( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_2f( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_33( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d3( + libcrux_ml_kem_ind_cpa_serialize_public_key_eb( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6632,9 +6744,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e5( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_b0( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_fc(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_e3(public_key); } /** @@ -6644,7 +6756,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e5( */ static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e5( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_b0( public_key->value); } @@ -6670,11 +6782,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_40( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_1a( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_bc( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_b6( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6704,7 +6816,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_40( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -6716,11 +6828,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_40( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_7f( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_1c(ciphertext), + libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -6756,10 +6868,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_dd( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_49( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_40(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_1a(key_pair, ciphertext, ret); } /** @@ -6773,7 +6885,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_dd( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_49( private_key, ciphertext, ret); } @@ -6796,7 +6908,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_80( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_28( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6824,7 +6936,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_80( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_7f(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6834,7 +6946,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_80( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_fc_66(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6867,7 +6979,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_09( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_67( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -6875,7 +6987,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_09( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_80(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_28(uu____0, copy_of_randomness); } @@ -6895,7 +7007,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_09( + return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_67( uu____0, copy_of_randomness); } @@ -6903,8 +7015,8 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate( A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair.closure.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 @@ -6914,7 +7026,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_ff(size_t _j) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_12(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_d6_19(); } @@ -6922,8 +7034,8 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_ff(size_t _j) { A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 @@ -6932,7 +7044,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_73( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_41( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); @@ -6951,7 +7063,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_17_55( +libcrux_ml_kem_polynomial_clone_17_19( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6970,8 +7082,8 @@ libcrux_ml_kem_polynomial_clone_17_55( /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 @@ -6980,7 +7092,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f1( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_39( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -6990,19 +7102,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f1( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_7e( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_74( ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_73(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_41(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_clone_17_55( + libcrux_ml_kem_polynomial_clone_17_19( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -7015,7 +7127,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f1( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d3( + libcrux_ml_kem_ind_cpa_serialize_public_key_eb( out->public_key.ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice( (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), @@ -7050,13 +7162,13 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_f2( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_72( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f1(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_39(copy_of_randomness, out); } /** @@ -7069,7 +7181,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_f2( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_72( copy_of_randomness, key_pair); } @@ -7085,7 +7197,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_default_1c_50(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_4f(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); lit.public_key_hash[0U] = 0U; @@ -7136,7 +7248,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_14(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_3d(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0; uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); uu____0.implicit_rejection_value[0U] = 0U; @@ -7174,7 +7286,7 @@ static KRML_MUSTINLINE return (CLITERAL( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_50()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_4f()}); } /** @@ -7182,7 +7294,7 @@ static KRML_MUSTINLINE */ static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_14(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_3d(); } /** @@ -7190,7 +7302,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_50(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_4f(); } /** @@ -7210,10 +7322,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_f4( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_e5( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_49( + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_46( self->ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, uint8_t), @@ -7237,10 +7349,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1d( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1a( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_f4( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_e5( &self->public_key, serialized); } @@ -7251,7 +7363,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1d(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1a(key_pair, serialized); } @@ -7267,7 +7379,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c6( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_78( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -7303,11 +7415,11 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_clone_28_07( +libcrux_ml_kem_ind_cca_unpacked_clone_28_23( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c6(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_78(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -7331,7 +7443,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 * - libcrux_ml_kem_ind_cca_unpacked_public_key_de_d1( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_0a( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; @@ -7344,8 +7456,8 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_07( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_d1(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_23( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_0a(key_pair)); pk[0U] = uu____0; } @@ -7356,7 +7468,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_f4(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_e5(public_key, serialized); } @@ -7379,7 +7491,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( *unpacked_public_key) { Eurydice_slice uu____0 = Eurydice_array_to_subslice_to( (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_10( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e2( uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); uint8_t uu____1[32U]; libcrux_ml_kem_utils_into_padded_array_423( @@ -7395,11 +7507,11 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t), ret); - libcrux_ml_kem_matrix_sample_matrix_A_95(uu____2, ret, false); + libcrux_ml_kem_matrix_sample_matrix_A_ae(uu____2, ret, false); uint8_t uu____3[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_38(public_key), + libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t), uu____3); memcpy(unpacked_public_key->public_key_hash, uu____3, @@ -7419,7 +7531,7 @@ const generics - PUBLIC_KEY_SIZE= 1184 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_a8( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_50( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *unpacked_public_key) { @@ -7435,7 +7547,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_a8( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_50( public_key, unpacked_public_key); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index c78519b81..490df54e6 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem768_portable_types_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 53a9bf770..4ab4f7d8b 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 3926d9d80..09af91339 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 11875059e8bb57c0911968fe33e72cc9851527a6 + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_sha3_portable_H From 89b109dab932935082af2a0c3f69cd4582046c8e Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 16 Sep 2024 18:16:38 +0000 Subject: [PATCH 159/172] update C clang-format --- libcrux-ml-kem/boring.sh | 2 +- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 2 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 9 ++++----- libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 10 ++++------ libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 10 files changed, 16 insertions(+), 19 deletions(-) diff --git a/libcrux-ml-kem/boring.sh b/libcrux-ml-kem/boring.sh index 54c092332..43a9d499a 100755 --- a/libcrux-ml-kem/boring.sh +++ b/libcrux-ml-kem/boring.sh @@ -22,7 +22,7 @@ fi ./c.sh --config cg.yaml --out cg --mlkem768 --kyber768 \ --no-glue --no-unrolling --no-karamel_include --no-karamel_include -clang-format --style=Google -i cg/*.h +clang-format-18 --style=Google -i cg/*.h if [[ -n "$BORINGSSL_HOME" ]]; then echo "Copying the files into $BORINGSSL_HOME/third_party/libcrux/" diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 1941d5aa3..464822a07 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 +Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 91bb8a875..7acff76f1 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 8b0f6ab72..19ba7d8bc 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 14c39eb2d..f31221544 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 */ #ifndef __libcrux_mlkem768_avx2_H @@ -6554,10 +6554,9 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * - libcrux_ml_kem_ind_cca_unpacked_public_key_de_42( - libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { +static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * +libcrux_ml_kem_ind_cca_unpacked_public_key_de_42( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index f0149381d..d612a20b5 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 */ #ifndef __libcrux_mlkem768_avx2_types_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index c6bba1c8b..5cef8c3ea 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 */ #ifndef __libcrux_mlkem768_portable_H @@ -7441,11 +7441,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 * - libcrux_ml_kem_ind_cca_unpacked_public_key_de_0a( - libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked - *self) { +static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 * +libcrux_ml_kem_ind_cca_unpacked_public_key_de_0a( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index 490df54e6..d70f1bc80 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 */ #ifndef __libcrux_mlkem768_portable_types_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 4ab4f7d8b..a65942828 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 09af91339..fa18dd7da 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 */ #ifndef __libcrux_sha3_portable_H From 30f0fb3b758f9f019dc1e9cdec0aa79930eebdd3 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 17 Sep 2024 11:05:34 +0200 Subject: [PATCH 160/172] remove commented code in self.rs --- libcrux-ml-kem/tests/self.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/libcrux-ml-kem/tests/self.rs b/libcrux-ml-kem/tests/self.rs index c2cea8a4b..ebffcc0b2 100644 --- a/libcrux-ml-kem/tests/self.rs +++ b/libcrux-ml-kem/tests/self.rs @@ -36,7 +36,6 @@ macro_rules! impl_consistency { #[cfg(all(feature = "pre-verification",))] macro_rules! impl_consistency_unpacked { - // $key_gen:expr, $encaps:expr, $key_gen_unpacked:expr, $encaps_unpacked:expr, $decaps_unpacked:expr ($name:ident, $modp:path) => { #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)] #[test] From 0c464d95c0300f0304cfa1bd244c755de37d3ef9 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 19 Sep 2024 08:28:33 +0000 Subject: [PATCH 161/172] format and clang-18 --- libcrux-ml-kem/cg/fuzz/Makefile | 6 +-- libcrux-ml-kem/cg/fuzz/dec_fuzz.cc | 67 +++++++++++++++------------- libcrux-ml-kem/cg/fuzz/enc_fuzz.cc | 34 +++++++------- libcrux-ml-kem/cg/fuzz/mkcorpus.c | 23 ++++++---- libcrux-ml-kem/cg/fuzz/valid_fuzz.cc | 30 +++++++------ 5 files changed, 87 insertions(+), 73 deletions(-) diff --git a/libcrux-ml-kem/cg/fuzz/Makefile b/libcrux-ml-kem/cg/fuzz/Makefile index aa6434598..bf98a1b02 100644 --- a/libcrux-ml-kem/cg/fuzz/Makefile +++ b/libcrux-ml-kem/cg/fuzz/Makefile @@ -1,7 +1,7 @@ -CC=clang-16 -CXX=clang++-16 +CC=clang-18 +CXX=clang++-18 FUZZ_FLAGS=-fsanitize=address,undefined,fuzzer -fno-omit-frame-pointer -FUZZ_LIBS=-L/usr/lib/llvm-16/lib -lFuzzer +FUZZ_LIBS=-L/usr/lib/llvm-18/lib -lFuzzer CXXFLAGS=-O2 -g -Wall -Wextra -Wno-unused-parameter -Wno-exceptions -I.. CFLAGS=$(CXXFLAGS) diff --git a/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc b/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc index 9720aa8fa..f6b35097d 100644 --- a/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc +++ b/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc @@ -9,41 +9,44 @@ #include "libcrux_mlkem768_portable.h" -extern "C" { - -void privkeys(libcrux_ml_kem_types_MlKemPrivateKey_55 *zero_sk, - libcrux_ml_kem_types_MlKemPrivateKey_55 *rnd_sk) -{ - uint8_t rnd[64]; - memset(rnd, 0, sizeof(rnd)); - auto kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd); - *zero_sk = kp.sk; - (void)getentropy(rnd, sizeof(rnd)); - kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd); - *rnd_sk = kp.sk; -} - -int LLVMFuzzerTestOneInput(const uint8_t* input, size_t len) +extern "C" { - static bool once; - uint8_t ret[32]; - libcrux_ml_kem_types_MlKemPrivateKey_55 zero_sk, rnd_sk; - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ct; - - if (!once) { - privkeys(&zero_sk, &rnd_sk); - once = true; - } - memset(&ct, 0, sizeof(ct)); - if (len > sizeof(ct.value)) { - len = sizeof(ct.value); + void privkeys(libcrux_ml_kem_types_MlKemPrivateKey_55 *zero_sk, + libcrux_ml_kem_types_MlKemPrivateKey_55 *rnd_sk) + { + uint8_t rnd[64]; + memset(rnd, 0, sizeof(rnd)); + auto kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd); + *zero_sk = kp.sk; + (void)getentropy(rnd, sizeof(rnd)); + kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd); + *rnd_sk = kp.sk; } - memcpy(ct.value, input, len); - libcrux_ml_kem_mlkem768_portable_decapsulate(&zero_sk, &ct, ret); - libcrux_ml_kem_mlkem768_portable_decapsulate(&rnd_sk, &ct, ret); - return 0; -} + int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len) + { + static bool once; + uint8_t ret[32]; + libcrux_ml_kem_types_MlKemPrivateKey_55 zero_sk, rnd_sk; + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ct; + + if (!once) + { + privkeys(&zero_sk, &rnd_sk); + once = true; + } + + memset(&ct, 0, sizeof(ct)); + if (len > sizeof(ct.value)) + { + len = sizeof(ct.value); + } + memcpy(ct.value, input, len); + + libcrux_ml_kem_mlkem768_portable_decapsulate(&zero_sk, &ct, ret); + libcrux_ml_kem_mlkem768_portable_decapsulate(&rnd_sk, &ct, ret); + return 0; + } } // extern diff --git a/libcrux-ml-kem/cg/fuzz/enc_fuzz.cc b/libcrux-ml-kem/cg/fuzz/enc_fuzz.cc index 9a2637cc9..1cf5f9d2c 100644 --- a/libcrux-ml-kem/cg/fuzz/enc_fuzz.cc +++ b/libcrux-ml-kem/cg/fuzz/enc_fuzz.cc @@ -9,24 +9,26 @@ #include "libcrux_mlkem768_portable.h" -extern "C" { - -int LLVMFuzzerTestOneInput(const uint8_t* input, size_t len) +extern "C" { - uint8_t rnd[32]; - libcrux_ml_kem_mlkem768_MlKem768PublicKey pk; - memset(rnd, 0, sizeof(rnd)); - memset(&pk, 0, sizeof(pk)); - if (len > sizeof(pk.value)) { - len = sizeof(pk.value); - } - memcpy(pk.value, input, len); + int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len) + { + uint8_t rnd[32]; + libcrux_ml_kem_mlkem768_MlKem768PublicKey pk; - (void)libcrux_ml_kem_mlkem768_portable_encapsulate(&pk, rnd); - (void)getentropy(rnd, sizeof(rnd)); - (void)libcrux_ml_kem_mlkem768_portable_encapsulate(&pk, rnd); - return 0; -} + memset(rnd, 0, sizeof(rnd)); + memset(&pk, 0, sizeof(pk)); + if (len > sizeof(pk.value)) + { + len = sizeof(pk.value); + } + memcpy(pk.value, input, len); + + (void)libcrux_ml_kem_mlkem768_portable_encapsulate(&pk, rnd); + (void)getentropy(rnd, sizeof(rnd)); + (void)libcrux_ml_kem_mlkem768_portable_encapsulate(&pk, rnd); + return 0; + } } // extern diff --git a/libcrux-ml-kem/cg/fuzz/mkcorpus.c b/libcrux-ml-kem/cg/fuzz/mkcorpus.c index 5d488d429..fdd8d3478 100644 --- a/libcrux-ml-kem/cg/fuzz/mkcorpus.c +++ b/libcrux-ml-kem/cg/fuzz/mkcorpus.c @@ -18,7 +18,7 @@ #define NSEEDS 1000 void write_blob(const char *path, int n, const char *suffix, - const void *p, size_t l) + const void *p, size_t l) { char name[256]; FILE *f; @@ -43,24 +43,31 @@ int main(void) if (mkdir("ciphertext_corpus", 0777) != 0 && errno != EEXIST) err(1, "mkdir ciphertext_corpus"); - for (i = 0; i < NSEEDS; i++) { - if (i == 0) { + for (i = 0; i < NSEEDS; i++) + { + if (i == 0) + { memset(rnd, 0, sizeof(rnd)); - } else { + } + else + { (void)getentropy(rnd, sizeof(rnd)); } kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd); write_blob("pubkey_corpus", i, "pk", - kp.pk.value, sizeof(kp.pk.value)); + kp.pk.value, sizeof(kp.pk.value)); - if (i == 0) { + if (i == 0) + { memset(rnd, 0, sizeof(rnd)); - } else { + } + else + { (void)getentropy(rnd, sizeof(rnd)); } enc = libcrux_ml_kem_mlkem768_portable_encapsulate(&kp.pk, rnd); write_blob("ciphertext_corpus", i, "ct", - enc.fst.value, sizeof(enc.fst.value)); + enc.fst.value, sizeof(enc.fst.value)); } return 0; } diff --git a/libcrux-ml-kem/cg/fuzz/valid_fuzz.cc b/libcrux-ml-kem/cg/fuzz/valid_fuzz.cc index ca9cf2a5a..44c34945b 100644 --- a/libcrux-ml-kem/cg/fuzz/valid_fuzz.cc +++ b/libcrux-ml-kem/cg/fuzz/valid_fuzz.cc @@ -9,22 +9,24 @@ #include "libcrux_mlkem768_portable.h" -extern "C" { - -int LLVMFuzzerTestOneInput(const uint8_t* input, size_t len) +extern "C" { - uint8_t rnd[32]; - libcrux_ml_kem_mlkem768_MlKem768PublicKey pk; - memset(rnd, 0, sizeof(rnd)); - memset(&pk, 0, sizeof(pk)); - if (len > sizeof(pk.value)) { - len = sizeof(pk.value); - } - memcpy(pk.value, input, len); + int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len) + { + uint8_t rnd[32]; + libcrux_ml_kem_mlkem768_MlKem768PublicKey pk; - (void)libcrux_ml_kem_mlkem768_portable_validate_public_key(&pk); - return 0; -} + memset(rnd, 0, sizeof(rnd)); + memset(&pk, 0, sizeof(pk)); + if (len > sizeof(pk.value)) + { + len = sizeof(pk.value); + } + memcpy(pk.value, input, len); + + (void)libcrux_ml_kem_mlkem768_portable_validate_public_key(&pk); + return 0; + } } // extern From 9b25aeb8335450979d5c87529002776d2ace4a39 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 19 Sep 2024 08:29:16 +0000 Subject: [PATCH 162/172] git ignore fuzz build artifacts --- libcrux-ml-kem/cg/fuzz/.gitignore | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 libcrux-ml-kem/cg/fuzz/.gitignore diff --git a/libcrux-ml-kem/cg/fuzz/.gitignore b/libcrux-ml-kem/cg/fuzz/.gitignore new file mode 100644 index 000000000..d28f1baa8 --- /dev/null +++ b/libcrux-ml-kem/cg/fuzz/.gitignore @@ -0,0 +1,5 @@ +dec_fuzz +enc_fuzz +mkcorpus +valid_fuzz +*.o From e2639a98860deff40f5d13efaee7d393ce9e1954 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 19 Sep 2024 08:32:14 +0000 Subject: [PATCH 163/172] formatting and eurydice_glue warning fix --- libcrux-ml-kem/cg/eurydice_glue.h | 56 ++++++++--------- libcrux-ml-kem/cg/fuzz/mkcorpus.c | 100 ++++++++++++++---------------- 2 files changed, 73 insertions(+), 83 deletions(-) diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index bc07ba4b9..c77ff6b1c 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -53,7 +53,7 @@ typedef struct { // (included), and an end index in x (excluded). The argument x must be suitably // cast to something that can decay (see remark above about how pointer // arithmetic works in C), meaning either pointer or array type. -#define EURYDICE_SLICE(x, start, end) \ +#define EURYDICE_SLICE(x, start, end) \ (CLITERAL(Eurydice_slice){.ptr = (void *)(x + start), .len = end - start}) #define EURYDICE_SLICE_LEN(s, _) s.len // This macro is a pain because in case the dereferenced element type is an @@ -62,40 +62,40 @@ typedef struct { // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. #define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _) \ +#define Eurydice_slice_subslice(s, r, t, _) \ EURYDICE_SLICE((t *)s.ptr, r.start, r.end) // Variant for when the start and end indices are statically known (i.e., the // range argument `r` is a literal). -#define Eurydice_slice_subslice2(s, start, end, t) \ +#define Eurydice_slice_subslice2(s, start, end, t) \ EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t) \ - EURYDICE_SLICE(x, 0, \ +#define Eurydice_array_to_slice(end, x, t) \ + EURYDICE_SLICE(x, 0, \ end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ EURYDICE_SLICE((t *)x, r.start, r.end) // Same as above, variant for when start and end are statically known -#define Eurydice_array_to_subslice2(x, start, end, t) \ +#define Eurydice_array_to_subslice2(x, start, end, t) \ EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, r, size) #define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) -#define Eurydice_slice_copy(dst, src, t) \ +#define Eurydice_slice_copy(dst, src, t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) -#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ +#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) -#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ - len, src, dst, elem_type, _ret_t) \ +#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ + len, src, dst, elem_type, _ret_t) \ (memcpy(dst, src, len * sizeof(elem_type))) #define TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _) \ +#define Eurydice_array_eq(sz, a1, a2, t, _) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ sz, a1, a2, t, _, _ret_t) \ @@ -104,21 +104,21 @@ typedef struct { sz, a1, a2, t, _, _ret_t) \ Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _) -#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ +#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ +#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ .len = slice.len - mid}}) // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. // N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ - Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ +#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ + Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok, @@ -162,9 +162,9 @@ static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { // ITERATORS -#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ - (((iter_ptr)->start == (iter_ptr)->end) \ - ? (CLITERAL(ret_t){.tag = None}) \ +#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ + (((iter_ptr)->start == (iter_ptr)->end) \ + ? (CLITERAL(ret_t){.tag = None, .f0 = 0}) \ : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++})) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \ diff --git a/libcrux-ml-kem/cg/fuzz/mkcorpus.c b/libcrux-ml-kem/cg/fuzz/mkcorpus.c index fdd8d3478..452282086 100644 --- a/libcrux-ml-kem/cg/fuzz/mkcorpus.c +++ b/libcrux-ml-kem/cg/fuzz/mkcorpus.c @@ -3,71 +3,61 @@ // Will write to ./pubkey_corpus (for valid_fuzz and enc_fuzz) and // to ./ciphertext_corpus (for dec_fuzz) -#include +#include +#include #include -#include #include +#include #include #include +#include #include -#include -#include #include "libcrux_mlkem768_portable.h" #define NSEEDS 1000 -void write_blob(const char *path, int n, const char *suffix, - const void *p, size_t l) -{ - char name[256]; - FILE *f; - - snprintf(name, sizeof(name), "%s/%06d.%s", path, n, suffix); - if ((f = fopen(name, "wb+")) == NULL) - err(1, "fopen %s", name); - if (fwrite(p, l, 1, f) != 1) - err(1, "write %s", name); - fclose(f); +void write_blob(const char *path, int n, const char *suffix, const void *p, + size_t l) { + char name[256]; + FILE *f; + + snprintf(name, sizeof(name), "%s/%06d.%s", path, n, suffix); + if ((f = fopen(name, "wb+")) == NULL) + err(1, "fopen %s", name); + if (fwrite(p, l, 1, f) != 1) + err(1, "write %s", name); + fclose(f); } -int main(void) -{ - int i; - uint8_t rnd[64]; - libcrux_ml_kem_mlkem768_MlKem768KeyPair kp; - tuple_3c enc; - - if (mkdir("pubkey_corpus", 0777) != 0 && errno != EEXIST) - err(1, "mkdir pubkey_corpus"); - if (mkdir("ciphertext_corpus", 0777) != 0 && errno != EEXIST) - err(1, "mkdir ciphertext_corpus"); - - for (i = 0; i < NSEEDS; i++) - { - if (i == 0) - { - memset(rnd, 0, sizeof(rnd)); - } - else - { - (void)getentropy(rnd, sizeof(rnd)); - } - kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd); - write_blob("pubkey_corpus", i, "pk", - kp.pk.value, sizeof(kp.pk.value)); - - if (i == 0) - { - memset(rnd, 0, sizeof(rnd)); - } - else - { - (void)getentropy(rnd, sizeof(rnd)); - } - enc = libcrux_ml_kem_mlkem768_portable_encapsulate(&kp.pk, rnd); - write_blob("ciphertext_corpus", i, "ct", - enc.fst.value, sizeof(enc.fst.value)); - } - return 0; +int main(void) { + int i; + uint8_t rnd[64]; + libcrux_ml_kem_mlkem768_MlKem768KeyPair kp; + tuple_3c enc; + + if (mkdir("pubkey_corpus", 0777) != 0 && errno != EEXIST) + err(1, "mkdir pubkey_corpus"); + if (mkdir("ciphertext_corpus", 0777) != 0 && errno != EEXIST) + err(1, "mkdir ciphertext_corpus"); + + for (i = 0; i < NSEEDS; i++) { + if (i == 0) { + memset(rnd, 0, sizeof(rnd)); + } else { + (void)getentropy(rnd, sizeof(rnd)); + } + kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd); + write_blob("pubkey_corpus", i, "pk", kp.pk.value, sizeof(kp.pk.value)); + + if (i == 0) { + memset(rnd, 0, sizeof(rnd)); + } else { + (void)getentropy(rnd, sizeof(rnd)); + } + enc = libcrux_ml_kem_mlkem768_portable_encapsulate(&kp.pk, rnd); + write_blob("ciphertext_corpus", i, "ct", enc.fst.value, + sizeof(enc.fst.value)); + } + return 0; } From 72563a3f76edede4a0664ed5f562c83918d6ac7d Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 19 Sep 2024 09:13:02 +0000 Subject: [PATCH 164/172] try to get eurydice_glue formatting right --- libcrux-ml-kem/cg/eurydice_glue.h | 56 +++++++++++++++---------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index c77ff6b1c..cdd27af77 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -53,7 +53,7 @@ typedef struct { // (included), and an end index in x (excluded). The argument x must be suitably // cast to something that can decay (see remark above about how pointer // arithmetic works in C), meaning either pointer or array type. -#define EURYDICE_SLICE(x, start, end) \ +#define EURYDICE_SLICE(x, start, end) \ (CLITERAL(Eurydice_slice){.ptr = (void *)(x + start), .len = end - start}) #define EURYDICE_SLICE_LEN(s, _) s.len // This macro is a pain because in case the dereferenced element type is an @@ -62,40 +62,40 @@ typedef struct { // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. #define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _) \ +#define Eurydice_slice_subslice(s, r, t, _) \ EURYDICE_SLICE((t *)s.ptr, r.start, r.end) // Variant for when the start and end indices are statically known (i.e., the // range argument `r` is a literal). -#define Eurydice_slice_subslice2(s, start, end, t) \ +#define Eurydice_slice_subslice2(s, start, end, t) \ EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t) \ - EURYDICE_SLICE(x, 0, \ +#define Eurydice_array_to_slice(end, x, t) \ + EURYDICE_SLICE(x, 0, \ end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ EURYDICE_SLICE((t *)x, r.start, r.end) // Same as above, variant for when start and end are statically known -#define Eurydice_array_to_subslice2(x, start, end, t) \ +#define Eurydice_array_to_subslice2(x, start, end, t) \ EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, r, size) #define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) -#define Eurydice_slice_copy(dst, src, t) \ +#define Eurydice_slice_copy(dst, src, t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) -#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ +#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) -#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ - len, src, dst, elem_type, _ret_t) \ +#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ + len, src, dst, elem_type, _ret_t) \ (memcpy(dst, src, len * sizeof(elem_type))) #define TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _) \ +#define Eurydice_array_eq(sz, a1, a2, t, _) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ sz, a1, a2, t, _, _ret_t) \ @@ -104,21 +104,21 @@ typedef struct { sz, a1, a2, t, _, _ret_t) \ Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _) -#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ +#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ +#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ .len = slice.len - mid}}) // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. // N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ - Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ +#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ + Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok, @@ -162,9 +162,9 @@ static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { // ITERATORS -#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ - (((iter_ptr)->start == (iter_ptr)->end) \ - ? (CLITERAL(ret_t){.tag = None, .f0 = 0}) \ +#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ + (((iter_ptr)->start == (iter_ptr)->end) \ + ? (CLITERAL(ret_t){.tag = None, .f0 = 0}) \ : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++})) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \ From 8f23a836af4c0ed1da044efc1af0cad732d5c17d Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 19 Sep 2024 10:08:10 +0000 Subject: [PATCH 165/172] maybe make clang-format happy --- libcrux-ml-kem/cg/fuzz/mkcorpus.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/cg/fuzz/mkcorpus.c b/libcrux-ml-kem/cg/fuzz/mkcorpus.c index 452282086..b681e2fb3 100644 --- a/libcrux-ml-kem/cg/fuzz/mkcorpus.c +++ b/libcrux-ml-kem/cg/fuzz/mkcorpus.c @@ -23,10 +23,12 @@ void write_blob(const char *path, int n, const char *suffix, const void *p, FILE *f; snprintf(name, sizeof(name), "%s/%06d.%s", path, n, suffix); - if ((f = fopen(name, "wb+")) == NULL) + if ((f = fopen(name, "wb+")) == NULL) { err(1, "fopen %s", name); - if (fwrite(p, l, 1, f) != 1) + } + if (fwrite(p, l, 1, f) != 1) { err(1, "write %s", name); + } fclose(f); } From a42228974c99b87a4023df643b7c04f91cadc3ad Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 20 Sep 2024 12:26:18 +1000 Subject: [PATCH 166/172] private keys should persist between invocations --- libcrux-ml-kem/cg/fuzz/dec_fuzz.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc b/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc index f6b35097d..8367f779e 100644 --- a/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc +++ b/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc @@ -28,7 +28,7 @@ extern "C" { static bool once; uint8_t ret[32]; - libcrux_ml_kem_types_MlKemPrivateKey_55 zero_sk, rnd_sk; + static libcrux_ml_kem_types_MlKemPrivateKey_55 zero_sk, rnd_sk; libcrux_ml_kem_mlkem768_MlKem768Ciphertext ct; if (!once) From 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sun, 22 Sep 2024 11:49:02 +0000 Subject: [PATCH 167/172] c code refresh --- libcrux-intrinsics/src/avx2_extract.rs | 3 - libcrux-ml-kem/c/code_gen.txt | 6 +- libcrux-ml-kem/c/eurydice_glue.h | 18 - libcrux-ml-kem/c/internal/libcrux_core.h | 414 +- .../c/internal/libcrux_mlkem_avx2.h | 360 +- .../c/internal/libcrux_mlkem_portable.h | 366 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 20 +- .../c/internal/libcrux_sha3_internal.h | 220 +- libcrux-ml-kem/c/libcrux_core.c | 482 +- libcrux-ml-kem/c/libcrux_core.h | 21 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 12 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 255 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 61 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 265 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 61 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 12 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 249 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 59 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 259 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 59 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 12 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 249 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 59 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 255 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 59 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 6284 +++------------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 332 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 6291 +++-------------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 45 +- libcrux-ml-kem/c/libcrux_sha3.h | 36 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 278 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 25 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 1269 +--- libcrux-ml-kem/c/libcrux_sha3_neon.c | 45 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 34 +- libcrux-ml-kem/cg/code_gen.txt | 12 +- libcrux-ml-kem/cg/eurydice_glue.h | 16 +- libcrux-ml-kem/cg/libcrux_core.h | 286 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 12 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 3583 ++-------- .../cg/libcrux_mlkem768_avx2_types.h | 74 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 3592 ++-------- .../cg/libcrux_mlkem768_portable_types.h | 80 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 284 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 1595 +---- 45 files changed, 3102 insertions(+), 24907 deletions(-) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index a9b5ba350..fa918ef6c 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -214,7 +214,6 @@ pub fn mm_add_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() } - #[hax_lib::ensures(|result| fstar!("vec128_as_i16x8 $result == Spec.Utils.map2 (-.) (vec128_as_i16x8 $lhs) (vec128_as_i16x8 $rhs)"))] pub fn mm_sub_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { @@ -255,7 +254,6 @@ pub fn mm256_sub_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } - #[hax_lib::fstar::replace( interface, "unfold let ${mm256_mullo_epi16} = BitVec.Intrinsics.mm256_mullo_epi16 @@ -471,7 +469,6 @@ pub fn mm256_blend_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 unimplemented!() } - #[inline(always)] pub fn mm256_blend_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { debug_assert!(CONTROL >= 0 && CONTROL < 256); diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 60908f570..3f94b9400 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 -Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 +Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d +Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd -Libcrux: 539638ba0fdf7f97157cccd2ebab181a432d0c80 +Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index ad026b9e1..660918c54 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -18,13 +18,6 @@ extern "C" { #include "krml/lowstar_endianness.h" #define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) -#define EURYDICE_ASSERT(test, msg) \ - do { \ - if (!(test)) { \ - fprintf(stderr, "assertion \"%s\" failed: file \"%s\", line %d\n", msg, \ - __FILE__, __LINE__); \ - } \ - } while (0) // SLICES, ARRAYS, ETC. @@ -137,10 +130,6 @@ static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { memcpy(dst, &x, 4); } -static inline void core_num__u32_8__to_le_bytes(uint32_t src, uint8_t dst[4]) { - store32_le(dst, src); -} - static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { return load32_le(buf); } @@ -148,7 +137,6 @@ static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { store64_le(buf, v); } - static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { return load64_le(buf); } @@ -200,9 +188,6 @@ static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } -static inline uint32_t Eurydice_min_u32(uint32_t x, uint32_t y) { - return x < y ? x : y; -} #define core_num_nonzero_private_NonZeroUsizeInner size_t static inline core_num_nonzero_private_NonZeroUsizeInner @@ -225,9 +210,6 @@ core_num_nonzero_private___core__clone__Clone_for_core__num__nonzero__private__N #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ Eurydice_range_iter_next -#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \ - Eurydice_range_iter_next - // See note in karamel/lib/Inlining.ml if you change this #define Eurydice_into_iter(x, t, _ret_t) (x) #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter \ diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index dac1e8851..f8f5af4ba 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __internal_libcrux_core_H @@ -70,414 +62,197 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemPublicKey)#13} +libcrux_ml_kem::types::MlKemPublicKey)#16} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_07 +A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_a91( -======= -libcrux_ml_kem::types::MlKemPublicKey)#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_40 -with const generics -- SIZE= 1568 -*/ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_40_601( ->>>>>>> main +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_c61( uint8_t value[1568U]); -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair#18} +{libcrux_ml_kem::types::MlKemKeyPair#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_64 +A monomorphic instance of libcrux_ml_kem.types.from_3a with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_b11( -======= -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_8b1( ->>>>>>> main +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_8d1( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemPrivateKey)#7} +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_e7 +A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_f11( -======= -libcrux_ml_kem::types::MlKemPrivateKey)#10} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_88 -with const generics -- SIZE= 3168 -*/ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_88_2d1( ->>>>>>> main +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_721( uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemCiphertext)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_15 -with const generics -- SIZE= 1568 -*/ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_e91( - uint8_t value[1568U]); - -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 -with const generics -- SIZE= 1568 -*/ -uint8_t *libcrux_ml_kem_types_as_slice_f6_ae1( - libcrux_ml_kem_types_MlKemPublicKey_1f *self); - -/** -This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_ref_ba -with const generics -- SIZE= 1568 -*/ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff1( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); - -/** - Pad the `slice` with `0`s at the end. -*/ -/** -A monomorphic instance of libcrux_ml_kem.utils.into_padded_array -with const generics -- LEN= 1600 -*/ -void libcrux_ml_kem_utils_into_padded_array_174(Eurydice_slice slice, - uint8_t ret[1600U]); - -/** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#13} +libcrux_ml_kem::types::MlKemPublicKey)#16} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_07 +A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_a90( -======= -libcrux_ml_kem::types::MlKemPublicKey)#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_40 -with const generics -- SIZE= 1184 -*/ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_40_600( ->>>>>>> main +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_c60( uint8_t value[1184U]); -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair#18} +{libcrux_ml_kem::types::MlKemKeyPair#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_64 +A monomorphic instance of libcrux_ml_kem.types.from_3a with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_b10( -======= -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_8b0( ->>>>>>> main +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_8d0( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemPrivateKey)#7} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_e7 -with const generics -- SIZE= 2400 -*/ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_f10( -======= -libcrux_ml_kem::types::MlKemPrivateKey)#10} +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_88 +A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_88_2d0( ->>>>>>> main +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_720( uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemCiphertext)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_15 -with const generics -- SIZE= 1088 -*/ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_e90( - uint8_t value[1088U]); - -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 -with const generics -- SIZE= 1184 -*/ -uint8_t *libcrux_ml_kem_types_as_slice_f6_ae0( - libcrux_ml_kem_types_MlKemPublicKey_15 *self); - -/** -This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_ref_ba -with const generics -- SIZE= 1088 -*/ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); - -/** - Pad the `slice` with `0`s at the end. -*/ -/** -A monomorphic instance of libcrux_ml_kem.utils.into_padded_array -with const generics -- LEN= 1120 -*/ -void libcrux_ml_kem_utils_into_padded_array_173(Eurydice_slice slice, - uint8_t ret[1120U]); - -/** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#13} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_07 -with const generics -- SIZE= 800 -*/ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_a9( -======= -libcrux_ml_kem::types::MlKemPublicKey)#17} +libcrux_ml_kem::types::MlKemPublicKey)#16} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_40 +A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_40_60( ->>>>>>> main +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_c6( uint8_t value[800U]); -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair#18} +{libcrux_ml_kem::types::MlKemKeyPair#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_64 +A monomorphic instance of libcrux_ml_kem.types.from_3a with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_b1( -======= -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_8b( ->>>>>>> main +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_8d( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemPrivateKey)#7} +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_e7 +A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_f1( -======= -libcrux_ml_kem::types::MlKemPrivateKey)#10} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_88 -with const generics -- SIZE= 1632 -*/ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_88_2d( ->>>>>>> main +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_72( uint8_t value[1632U]); /** - A reference to the raw byte slice. +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#20} */ /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_ba +A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_121( +uint8_t *libcrux_ml_kem_types_as_slice_fd_cc1( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemCiphertext)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_15 -======= -libcrux_ml_kem::types::MlKemCiphertext)#3} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_fc +A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_fc_361( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_fc1( uint8_t value[1088U]); /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_fd ->>>>>>> main +A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -<<<<<<< HEAD -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_e9( - uint8_t value[768U]); - -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 -with const generics -- SIZE= 800 -*/ -uint8_t *libcrux_ml_kem_types_as_slice_f6_ae( - libcrux_ml_kem_types_MlKemPublicKey_be *self); - -/** - Pad the `slice` with `0`s at the end. -*/ -/** -======= -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed1( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_471( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** Pad the `slice` with `0`s at the end. */ /** ->>>>>>> main A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -<<<<<<< HEAD -void libcrux_ml_kem_utils_into_padded_array_172(Eurydice_slice slice, - uint8_t ret[33U]); -======= void libcrux_ml_kem_utils_into_padded_array_425(Eurydice_slice slice, uint8_t ret[1120U]); /** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#20} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_ba +A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_120( +uint8_t *libcrux_ml_kem_types_as_slice_fd_cc0( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#3} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_fc +A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_fc_360( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_fc0( uint8_t value[768U]); /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_fd +A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed0( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_470( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** @@ -492,19 +267,15 @@ void libcrux_ml_kem_utils_into_padded_array_424(Eurydice_slice slice, uint8_t ret[800U]); /** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#20} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_ba +A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_12( +uint8_t *libcrux_ml_kem_types_as_slice_fd_cc( libcrux_ml_kem_types_MlKemPublicKey_1f *self); ->>>>>>> main /** A monomorphic instance of core.result.Result @@ -520,19 +291,14 @@ typedef struct core_result_Result_00_s { } core_result_Result_00; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]); -======= -void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]); ->>>>>>> main /** Pad the `slice` with `0`s at the end. @@ -542,37 +308,20 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -<<<<<<< HEAD -void libcrux_ml_kem_utils_into_padded_array_171(Eurydice_slice slice, - uint8_t ret[34U]); - -/** -This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_ref_ba -======= void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, uint8_t ret[34U]); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#3} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_fc ->>>>>>> main +A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -<<<<<<< HEAD -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self); -======= -libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_fc_36( +libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_fc( uint8_t value[1568U]); ->>>>>>> main /** Pad the `slice` with `0`s at the end. @@ -582,25 +331,19 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -<<<<<<< HEAD -void libcrux_ml_kem_utils_into_padded_array_170(Eurydice_slice slice, - uint8_t ret[800U]); - -/** -======= void libcrux_ml_kem_utils_into_padded_array_421(Eurydice_slice slice, uint8_t ret[33U]); /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_fd +A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_47( libcrux_ml_kem_types_MlKemCiphertext_1f *self); /** @@ -615,7 +358,6 @@ void libcrux_ml_kem_utils_into_padded_array_420(Eurydice_slice slice, uint8_t ret[1600U]); /** ->>>>>>> main Pad the `slice` with `0`s at the end. */ /** @@ -623,11 +365,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -<<<<<<< HEAD -void libcrux_ml_kem_utils_into_padded_array_17(Eurydice_slice slice, -======= void libcrux_ml_kem_utils_into_padded_array_42(Eurydice_slice slice, ->>>>>>> main uint8_t ret[64U]); /** @@ -644,19 +382,14 @@ typedef struct core_result_Result_6f_s { } core_result_Result_6f; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]); -======= -void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]); ->>>>>>> main /** A monomorphic instance of core.result.Result @@ -672,19 +405,14 @@ typedef struct core_result_Result_7a_s { } core_result_Result_7a; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]); -======= -void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]); ->>>>>>> main /** A monomorphic instance of core.result.Result @@ -700,19 +428,14 @@ typedef struct core_result_Result_cd_s { } core_result_Result_cd; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]); -======= -void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]); ->>>>>>> main /** A monomorphic instance of core.result.Result @@ -728,19 +451,14 @@ typedef struct core_result_Result_c0_s { } core_result_Result_c0; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]); -======= -void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]); ->>>>>>> main typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { Eurydice_slice fst[4U]; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index c87be8b5e..f147d9e53 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -41,13 +33,6 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { __m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2; -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -56,36 +41,8 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_061(uint8_t *public_key); - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_451( - uint8_t randomness[64U]); -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_051(uint8_t *public_key); - -/** - Validate an ML-KEM private key. ->>>>>>> main +bool libcrux_ml_kem_ind_cca_validate_public_key_951(uint8_t *public_key); - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -94,18 +51,10 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4d1( +bool libcrux_ml_kem_ind_cca_validate_private_key_ca1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -120,33 +69,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_f71(uint8_t randomness[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_251( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]); -======= -libcrux_ml_kem_ind_cca_generate_keypair_511(uint8_t randomness[64U]); ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_2a1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -167,43 +90,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b31( -======= -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9c1( ->>>>>>> main +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c61( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d61( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -/** -======= ->>>>>>> main A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem @@ -225,21 +116,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_e21( -======= -void libcrux_ml_kem_ind_cca_decapsulate_971( ->>>>>>> main +void libcrux_ml_kem_ind_cca_decapsulate_ab1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -248,36 +128,8 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_060(uint8_t *public_key); - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_450( - uint8_t randomness[64U]); -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_050(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_950(uint8_t *public_key); -/** - Validate an ML-KEM private key. ->>>>>>> main - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -286,18 +138,10 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4d0( +bool libcrux_ml_kem_ind_cca_validate_private_key_ca0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -312,33 +156,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_f70(uint8_t randomness[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_250( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]); -======= -libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]); ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_2a0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -359,43 +177,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_b30( -======= -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9c0( ->>>>>>> main +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c60( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d60( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - -/** -======= ->>>>>>> main A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem @@ -417,21 +203,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_e20( -======= -void libcrux_ml_kem_ind_cca_decapsulate_970( ->>>>>>> main +void libcrux_ml_kem_ind_cca_decapsulate_ab0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -440,36 +215,8 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_06(uint8_t *public_key); - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_45( - uint8_t randomness[64U]); -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_05(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_95(uint8_t *public_key); -/** - Validate an ML-KEM private key. ->>>>>>> main - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -478,18 +225,10 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4d( +bool libcrux_ml_kem_ind_cca_validate_private_key_ca( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -503,39 +242,10 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_f7( - uint8_t randomness[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_25( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]); - -/** -======= -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_51( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_2a( uint8_t randomness[64U]); /** ->>>>>>> main A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem @@ -554,43 +264,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b3( -======= -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9c( ->>>>>>> main +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c6( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d6( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); - -/** -======= ->>>>>>> main A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem @@ -612,11 +290,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_e2( -======= -void libcrux_ml_kem_ind_cca_decapsulate_97( ->>>>>>> main +void libcrux_ml_kem_ind_cca_decapsulate_ab( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 60718100b..d42bef246 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __internal_libcrux_mlkem_portable_H @@ -46,13 +38,6 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0; -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -61,37 +46,8 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_821(uint8_t *public_key); - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b21( - uint8_t randomness[64U]); -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_951(uint8_t *public_key); - -/** - Validate an ML-KEM private key. ->>>>>>> main +bool libcrux_ml_kem_ind_cca_validate_public_key_3c1(uint8_t *public_key); - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] @@ -100,18 +56,10 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_0f( +bool libcrux_ml_kem_ind_cca_validate_private_key_53( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -126,34 +74,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_6c1(uint8_t randomness[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f1( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, - uint8_t randomness[32U]); -======= -libcrux_ml_kem_ind_cca_generate_keypair_541(uint8_t randomness[64U]); ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_b21(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -174,44 +95,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_931( -======= -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_b11( ->>>>>>> main +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_131( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f21( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - -/** -======= ->>>>>>> main A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], @@ -233,21 +121,10 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_161( -======= -void libcrux_ml_kem_ind_cca_decapsulate_6a1( ->>>>>>> main +void libcrux_ml_kem_ind_cca_decapsulate_551( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -256,37 +133,8 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_820(uint8_t *public_key); - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b20( - uint8_t randomness[64U]); -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_950(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_3c0(uint8_t *public_key); -/** - Validate an ML-KEM private key. ->>>>>>> main - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] @@ -295,18 +143,10 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_3d( +bool libcrux_ml_kem_ind_cca_validate_private_key_24( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -321,34 +161,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_6c0(uint8_t randomness[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f0( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, - uint8_t randomness[32U]); -======= -libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]); ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_b20(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -369,44 +182,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_930( -======= -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b10( ->>>>>>> main +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_130( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f20( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); - -/** -======= ->>>>>>> main A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], @@ -428,21 +208,10 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_160( -======= -void libcrux_ml_kem_ind_cca_decapsulate_6a0( ->>>>>>> main +void libcrux_ml_kem_ind_cca_decapsulate_550( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -451,37 +220,8 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_82(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_3c(uint8_t *public_key); -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b2( - uint8_t randomness[64U]); -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_95(uint8_t *public_key); - -/** - Validate an ML-KEM private key. ->>>>>>> main - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -490,18 +230,10 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_46( +bool libcrux_ml_kem_ind_cca_validate_private_key_9e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -516,34 +248,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_6c(uint8_t randomness[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]); -======= -libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]); ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_b2(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -564,44 +269,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_93( -======= -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b1( ->>>>>>> main +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_13( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f2( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -/** -======= ->>>>>>> main A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], @@ -623,11 +295,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_16( -======= -void libcrux_ml_kem_ind_cca_decapsulate_6a( ->>>>>>> main +void libcrux_ml_kem_ind_cca_decapsulate_55( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 8c48ddb47..689e36ba6 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __internal_libcrux_sha3_avx2_H @@ -39,11 +31,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -<<<<<<< HEAD -void libcrux_sha3_generic_keccak_absorb_final_80( -======= void libcrux_sha3_generic_keccak_absorb_final_7f( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]); typedef libcrux_sha3_generic_keccak_KeccakState_29 @@ -56,11 +44,7 @@ with const generics - N= 4 - RATE= 168 */ -<<<<<<< HEAD -void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d( -======= void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index bc019cd89..07b17390c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __internal_libcrux_sha3_internal_H @@ -37,11 +29,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { -<<<<<<< HEAD - return libcrux_sha3_generic_keccak_new_1e_ba(); -======= - return libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + return libcrux_sha3_generic_keccak_new_1e_cf(); } /** @@ -51,23 +39,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f3(s, buf); -======= libcrux_sha3_generic_keccak_absorb_final_40(s, buf); } -/** - Squeeze another block -*/ -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, buf); ->>>>>>> main -} - /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks with types uint64_t @@ -76,11 +50,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db( -======= libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -88,24 +58,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_80(s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b(s, o0); ->>>>>>> main Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o2); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o1); libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o2); ->>>>>>> main } /** @@ -115,8 +76,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c(s, buf); } /** @@ -126,10 +86,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, buf); -======= - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c(s, buf); ->>>>>>> main + libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, buf); } #define libcrux_sha3_Sha224 0 @@ -192,11 +149,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de( -======= libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -204,46 +157,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_80(s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b(s, o0); ->>>>>>> main Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o1); ->>>>>>> main Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o2); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o2); ->>>>>>> main Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o4); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o3); libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o4); ->>>>>>> main } /** @@ -253,11 +189,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de(s, buf); -======= libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e(s, buf); ->>>>>>> main } /** @@ -267,11 +199,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f30(s, buf); -======= libcrux_sha3_generic_keccak_absorb_final_400(s, buf); ->>>>>>> main } /** @@ -279,11 +207,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { -<<<<<<< HEAD - return libcrux_sha3_generic_keccak_new_1e_ba(); -======= - return libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + return libcrux_sha3_generic_keccak_new_1e_cf(); } /** @@ -293,11 +217,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_800(s, buf); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b0(s, buf); ->>>>>>> main } /** @@ -307,9 +227,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_870(s, buf); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c20(s, buf); } @@ -341,16 +258,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -375,16 +292,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -392,7 +309,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_8b_15(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_9d_15(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -445,16 +362,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -462,7 +379,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { @@ -491,7 +408,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} static inline void libcrux_sha3_portable_incremental_absorb_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_8b_45(self, buf); + libcrux_sha3_generic_keccak_absorb_9d_45(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_4f @@ -505,17 +422,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -523,7 +440,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -570,7 +487,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_absorb_final_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_8b_b6(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_9d_b6(&self, buf); return self; } @@ -579,16 +496,16 @@ libcrux_sha3_portable_incremental_absorb_final_7d( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( +static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -733,21 +650,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_8b +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_8b_47(void) { +libcrux_sha3_generic_keccak_new_9d_47(void) { libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_8b_5e(ret); + libcrux_sha3_generic_keccak_zero_block_9d_5e(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -764,7 +681,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_8b_47(); + return libcrux_sha3_generic_keccak_new_9d_47(); } /** @@ -795,16 +712,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -829,16 +746,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -846,7 +763,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_8b_150(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_9d_150(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -899,16 +816,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -916,7 +833,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { @@ -942,7 +859,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} static inline void libcrux_sha3_portable_incremental_absorb_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_8b_450(self, buf); + libcrux_sha3_generic_keccak_absorb_9d_450(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_78 @@ -956,17 +873,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -974,7 +891,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -1018,7 +935,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_absorb_final_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_8b_b60(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_9d_b60(&self, buf); return self; } @@ -1027,16 +944,16 @@ libcrux_sha3_portable_incremental_absorb_final_1c( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( +static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -1213,21 +1130,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_8b +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_8b_470(void) { +libcrux_sha3_generic_keccak_new_9d_470(void) { libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_8b_5e0(ret); + libcrux_sha3_generic_keccak_zero_block_9d_5e0(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -1241,7 +1158,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_8b_470(); + return libcrux_sha3_generic_keccak_new_9d_470(); } /** @@ -1288,16 +1205,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -1325,7 +1242,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1360,7 +1277,7 @@ libcrux_sha3::portable::incremental::Shake256Squeeze)#3} static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_8b_ba(self, buf); + libcrux_sha3_generic_keccak_squeeze_9d_ba(self, buf); } /** @@ -1407,16 +1324,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -1444,7 +1361,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1479,8 +1396,7 @@ libcrux_sha3::portable::incremental::Shake128Squeeze)#1} static inline void libcrux_sha3_portable_incremental_squeeze_10( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_8b_ba0(self, buf); ->>>>>>> main + libcrux_sha3_generic_keccak_squeeze_9d_ba0(self, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index e623c5fce..036632ec8 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "internal/libcrux_core.h" @@ -92,25 +84,14 @@ void libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_i /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemPublicKey)#13} +libcrux_ml_kem::types::MlKemPublicKey)#16} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_07 +A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_a91( -======= -libcrux_ml_kem::types::MlKemPublicKey)#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_40 -with const generics -- SIZE= 1568 -*/ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_40_601( ->>>>>>> main +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_c61( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -120,24 +101,17 @@ libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_40_601( return lit; } -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair#18} +{libcrux_ml_kem::types::MlKemKeyPair#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_64 +A monomorphic instance of libcrux_ml_kem.types.from_3a with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_b11( -======= -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_8b1( ->>>>>>> main +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_8d1( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -146,25 +120,14 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_8b1( /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemPrivateKey)#7} +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_e7 +A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_f11( -======= -libcrux_ml_kem::types::MlKemPrivateKey)#10} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_88 -with const generics -- SIZE= 3168 -*/ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_88_2d1( ->>>>>>> main +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_721( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -176,90 +139,14 @@ libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_88_2d1( /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemPublicKey)#16} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_15 -with const generics -- SIZE= 1568 -*/ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_e91( - uint8_t value[1568U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1568U]; - memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 -with const generics -- SIZE= 1568 -*/ -uint8_t *libcrux_ml_kem_types_as_slice_f6_ae1( - libcrux_ml_kem_types_MlKemPublicKey_1f *self) { - return self->value; -} - -/** -This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_ref_ba -with const generics -- SIZE= 1568 -*/ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff1( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); -} - -/** - Pad the `slice` with `0`s at the end. -*/ -/** -A monomorphic instance of libcrux_ml_kem.utils.into_padded_array -with const generics -- LEN= 1600 -*/ -void libcrux_ml_kem_utils_into_padded_array_174(Eurydice_slice slice, - uint8_t ret[1600U]) { - uint8_t out[1600U] = {0U}; - uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); - memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); -} - -/** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#13} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_07 -with const generics -- SIZE= 1184 -*/ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_a90( -======= -libcrux_ml_kem::types::MlKemPublicKey)#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_40 +A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_40_600( ->>>>>>> main +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_c60( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -269,24 +156,17 @@ libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_40_600( return lit; } -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair#18} +{libcrux_ml_kem::types::MlKemKeyPair#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_64 +A monomorphic instance of libcrux_ml_kem.types.from_3a with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_b10( -======= -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_8b0( ->>>>>>> main +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_8d0( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -295,25 +175,14 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_8b0( /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemPrivateKey)#7} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_e7 -with const generics -- SIZE= 2400 -*/ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_f10( -======= -libcrux_ml_kem::types::MlKemPrivateKey)#10} +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_88 +A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_88_2d0( ->>>>>>> main +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_720( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -325,90 +194,14 @@ libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_88_2d0( /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemPublicKey)#16} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_15 -with const generics -- SIZE= 1088 -*/ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_e90( - uint8_t value[1088U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1088U]; - memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 -with const generics -- SIZE= 1184 -*/ -uint8_t *libcrux_ml_kem_types_as_slice_f6_ae0( - libcrux_ml_kem_types_MlKemPublicKey_15 *self) { - return self->value; -} - -/** -This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_ref_ba -with const generics -- SIZE= 1088 -*/ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); -} - -/** - Pad the `slice` with `0`s at the end. -*/ -/** -A monomorphic instance of libcrux_ml_kem.utils.into_padded_array -with const generics -- LEN= 1120 -*/ -void libcrux_ml_kem_utils_into_padded_array_173(Eurydice_slice slice, - uint8_t ret[1120U]) { - uint8_t out[1120U] = {0U}; - uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); - memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); -} - -/** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#13} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_07 -with const generics -- SIZE= 800 -*/ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_a9( -======= -libcrux_ml_kem::types::MlKemPublicKey)#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_40 +A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_40_60( ->>>>>>> main +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_c6( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -418,24 +211,17 @@ libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_40_60( return lit; } -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair#18} +{libcrux_ml_kem::types::MlKemKeyPair#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_64 +A monomorphic instance of libcrux_ml_kem.types.from_3a with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_b1( -======= -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_8b( ->>>>>>> main +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_8d( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -443,25 +229,14 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_8b( /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemPrivateKey)#7} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_e7 -with const generics -- SIZE= 1632 -*/ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_f1( -======= -libcrux_ml_kem::types::MlKemPrivateKey)#10} +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_88 +A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_88_2d( ->>>>>>> main +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_72( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -472,77 +247,47 @@ libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_88_2d( } /** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#20} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_ba +A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_121( +uint8_t *libcrux_ml_kem_types_as_slice_fd_cc1( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemCiphertext)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_15 -======= -libcrux_ml_kem::types::MlKemCiphertext)#3} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_fc ->>>>>>> main +A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -<<<<<<< HEAD -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_e9( - uint8_t value[768U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[768U]; - memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); -======= -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_fc_361( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_fc1( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); ->>>>>>> main return lit; } /** -<<<<<<< HEAD -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 -with const generics -- SIZE= 800 -*/ -uint8_t *libcrux_ml_kem_types_as_slice_f6_ae( -======= This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_fd +A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed1( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_471( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -567,50 +312,28 @@ void libcrux_ml_kem_utils_into_padded_array_425(Eurydice_slice slice, } /** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#20} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_ba +A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_120( ->>>>>>> main +uint8_t *libcrux_ml_kem_types_as_slice_fd_cc0( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } /** -<<<<<<< HEAD - Pad the `slice` with `0`s at the end. -*/ -/** -A monomorphic instance of libcrux_ml_kem.utils.into_padded_array -with const generics -- LEN= 33 -*/ -void libcrux_ml_kem_utils_into_padded_array_172(Eurydice_slice slice, - uint8_t ret[33U]) { - uint8_t out[33U] = {0U}; - uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); - memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); -======= This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#3} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_fc +A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_fc_360( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_fc0( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -618,19 +341,18 @@ libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_fc_360( libcrux_ml_kem_types_MlKemCiphertext_e8 lit; memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); return lit; ->>>>>>> main } /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_fd +A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed0( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_470( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } @@ -655,35 +377,27 @@ void libcrux_ml_kem_utils_into_padded_array_424(Eurydice_slice slice, } /** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#20} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_ba +A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_12( +uint8_t *libcrux_ml_kem_types_as_slice_fd_cc( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]) { -======= -void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]) { ->>>>>>> main if (self.tag == core_result_Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -703,11 +417,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -<<<<<<< HEAD -void libcrux_ml_kem_utils_into_padded_array_171(Eurydice_slice slice, -======= void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, ->>>>>>> main uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -719,28 +429,15 @@ void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, } /** -<<<<<<< HEAD -This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_ref_ba -======= This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#3} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_fc ->>>>>>> main +A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -<<<<<<< HEAD -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); -======= -libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_fc_36( +libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_fc( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -748,7 +445,6 @@ libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_fc_36( libcrux_ml_kem_types_MlKemCiphertext_1f lit; memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; ->>>>>>> main } /** @@ -759,39 +455,27 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -<<<<<<< HEAD -void libcrux_ml_kem_utils_into_padded_array_170(Eurydice_slice slice, - uint8_t ret[800U]) { - uint8_t out[800U] = {0U}; -======= void libcrux_ml_kem_utils_into_padded_array_421(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; ->>>>>>> main uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t), slice, uint8_t); -<<<<<<< HEAD - memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); -} - -/** -======= memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_fd +A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_47( libcrux_ml_kem_types_MlKemCiphertext_1f *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -816,7 +500,6 @@ void libcrux_ml_kem_utils_into_padded_array_420(Eurydice_slice slice, } /** ->>>>>>> main Pad the `slice` with `0`s at the end. */ /** @@ -824,11 +507,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -<<<<<<< HEAD -void libcrux_ml_kem_utils_into_padded_array_17(Eurydice_slice slice, -======= void libcrux_ml_kem_utils_into_padded_array_42(Eurydice_slice slice, ->>>>>>> main uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -840,19 +519,14 @@ void libcrux_ml_kem_utils_into_padded_array_42(Eurydice_slice slice, } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]) { -======= -void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]) { ->>>>>>> main if (self.tag == core_result_Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -865,19 +539,14 @@ void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]) { } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]) { -======= -void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]) { ->>>>>>> main if (self.tag == core_result_Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -890,19 +559,14 @@ void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]) { } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]) { -======= -void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]) { ->>>>>>> main if (self.tag == core_result_Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -915,19 +579,14 @@ void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]) { } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]) { -======= -void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]) { ->>>>>>> main if (self.tag == core_result_Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -940,19 +599,14 @@ void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]) { } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]) { -======= -void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]) { ->>>>>>> main if (self.tag == core_result_Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 129847aa8..38e88f4b5 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_core_H @@ -205,19 +197,14 @@ typedef struct core_result_Result_56_s { } core_result_Result_56; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]); -======= -void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]); ->>>>>>> main typedef struct Eurydice_slice_uint8_t_x2_s { Eurydice_slice fst; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 3281d3cff..1e9c333ae 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 44ca164fd..2baeeeeb6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,28 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "libcrux_mlkem1024_avx2.h" #include "internal/libcrux_mlkem_avx2.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -46,77 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -<<<<<<< HEAD -static void decapsulate_010( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_e20(private_key, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem1024_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - decapsulate_010(private_key, ciphertext, ret); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const -generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -static void decapsulate_unpacked_300( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d60(key_pair, ciphertext, - ret); -} - -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - decapsulate_unpacked_300(private_key, ciphertext, ret); -======= -static void decapsulate_800( +static void decapsulate_1b0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_970(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ab0(private_key, ciphertext, ret); } /** @@ -129,8 +51,7 @@ static void decapsulate_800( void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - decapsulate_800(private_key, ciphertext, ret); ->>>>>>> main + decapsulate_1b0(private_key, ciphertext, ret); } /** @@ -150,22 +71,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_21 encapsulate_d90( -======= -static tuple_21 encapsulate_4d0( ->>>>>>> main +static tuple_21 encapsulate_ac0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_b30(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_9c0(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_c60(uu____0, copy_of_randomness); } /** @@ -182,72 +95,9 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return encapsulate_d90(uu____0, copy_of_randomness); -} - -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const -generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static tuple_21 encapsulate_unpacked_8b0( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_250( - uu____0, copy_of_randomness); -} - -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ -tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_8b0(uu____0, copy_of_randomness); -} - -======= - return encapsulate_4d0(uu____0, copy_of_randomness); + return encapsulate_ac0(uu____0, copy_of_randomness); } -/** - Portable generate key pair. -*/ ->>>>>>> main /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -259,34 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_500( -======= -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_740( ->>>>>>> main +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_630( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_generate_keypair_f70(copy_of_randomness); -} - -/** - Generate ML-KEM 1024 Key Pair -*/ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_500(copy_of_randomness); -} - -/** - Unpacked API -======= - return libcrux_ml_kem_ind_cca_generate_keypair_510(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_2a0(copy_of_randomness); } /** @@ -297,13 +125,9 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_740(copy_of_randomness); + return generate_keypair_630(copy_of_randomness); } -/** - Portable private key validation ->>>>>>> main -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key with const @@ -312,31 +136,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -<<<<<<< HEAD -static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_5a0(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_450( - copy_of_randomness); -} - -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_5a0(copy_of_randomness); -======= -static KRML_MUSTINLINE bool validate_private_key_2d0( +static KRML_MUSTINLINE bool validate_private_key_550( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_4d0(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_ca0(private_key, ciphertext); } @@ -348,13 +151,9 @@ static KRML_MUSTINLINE bool validate_private_key_2d0( bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return validate_private_key_2d0(private_key, ciphertext); ->>>>>>> main + return validate_private_key_550(private_key, ciphertext); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -363,36 +162,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -static bool validate_public_key_ae0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_060(public_key); -======= -static KRML_MUSTINLINE bool validate_public_key_060(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_050(public_key); ->>>>>>> main +static KRML_MUSTINLINE bool validate_public_key_d30(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_950(public_key); } /** Validate a public key. -<<<<<<< HEAD - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { - core_option_Option_99 uu____0; - if (validate_public_key_ae0(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_None}); - } - return uu____0; -======= Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_060(public_key->value); ->>>>>>> main + return validate_public_key_d30(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 43b55aa16..f0e9dd8a6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem1024_avx2_H @@ -40,25 +32,9 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); -/** -<<<<<<< HEAD - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - /** Encapsulate ML-KEM 1024 -======= - Encapsulate ML-KEM 1024 - ->>>>>>> main Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. @@ -68,44 +44,12 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( uint8_t randomness[32U]); /** -<<<<<<< HEAD - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ -tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]); - -/** -======= ->>>>>>> main Generate ML-KEM 1024 Key Pair */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); /** -<<<<<<< HEAD - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]); - -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f public_key); -======= Validate a private key. Returns `true` if valid, and `false` otherwise. @@ -121,7 +65,6 @@ bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( */ bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key); ->>>>>>> main #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 1d5cf6d63..331428cc2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,28 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "libcrux_mlkem1024_portable.h" #include "internal/libcrux_mlkem_portable.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -46,77 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -<<<<<<< HEAD -static void decapsulate_b31( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_161(private_key, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem1024_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - decapsulate_b31(private_key, ciphertext, ret); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const -generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -static void decapsulate_unpacked_171( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f21(key_pair, ciphertext, - ret); -} - -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - decapsulate_unpacked_171(private_key, ciphertext, ret); -======= -static void decapsulate_c41( +static void decapsulate_861( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_6a1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_551(private_key, ciphertext, ret); } /** @@ -129,8 +51,7 @@ static void decapsulate_c41( void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - decapsulate_c41(private_key, ciphertext, ret); ->>>>>>> main + decapsulate_861(private_key, ciphertext, ret); } /** @@ -150,22 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_21 encapsulate_cd1( -======= -static tuple_21 encapsulate_591( ->>>>>>> main +static tuple_21 encapsulate_6f1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_931(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_b11(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_131(uu____0, copy_of_randomness); } /** @@ -182,72 +95,9 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return encapsulate_cd1(uu____0, copy_of_randomness); -} - -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const -generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static tuple_21 encapsulate_unpacked_571( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f1( - uu____0, copy_of_randomness); + return encapsulate_6f1(uu____0, copy_of_randomness); } -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ -tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_571(uu____0, copy_of_randomness); -} - -======= - return encapsulate_591(uu____0, copy_of_randomness); -} - -/** - Portable generate key pair. -*/ ->>>>>>> main /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -260,17 +110,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_ff1( -======= -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6b1( ->>>>>>> main +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_7f1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_generate_keypair_6c1(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_b21(copy_of_randomness); } /** @@ -281,61 +126,9 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ff1(copy_of_randomness); + return generate_keypair_7f1(copy_of_randomness); } -/** - Unpacked API -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with -const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_c61(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b21( - copy_of_randomness); -} - -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c61(copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_generate_keypair_541(copy_of_randomness); -} - -/** - Generate ML-KEM 1024 Key Pair -*/ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6b1(copy_of_randomness); -} - -/** - Portable private key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const @@ -344,12 +137,11 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_7c1( +static KRML_MUSTINLINE bool validate_private_key_1e1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_0f(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_53(private_key, ciphertext); ->>>>>>> main } /** @@ -360,12 +152,9 @@ static KRML_MUSTINLINE bool validate_private_key_7c1( bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return validate_private_key_7c1(private_key, ciphertext); + return validate_private_key_1e1(private_key, ciphertext); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -374,36 +163,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -static bool validate_public_key_091(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_821(public_key); -======= -static KRML_MUSTINLINE bool validate_public_key_981(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_951(public_key); ->>>>>>> main +static KRML_MUSTINLINE bool validate_public_key_f91(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_3c1(public_key); } /** Validate a public key. -<<<<<<< HEAD - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { - core_option_Option_99 uu____0; - if (validate_public_key_091(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_None}); - } - return uu____0; -======= Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_981(public_key->value); ->>>>>>> main + return validate_public_key_f91(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 8421097cc..e525f91c8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem1024_portable_H @@ -40,25 +32,9 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); -/** -<<<<<<< HEAD - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - /** Encapsulate ML-KEM 1024 -======= - Encapsulate ML-KEM 1024 - ->>>>>>> main Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. @@ -68,44 +44,12 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( uint8_t randomness[32U]); /** -<<<<<<< HEAD - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ -tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, - uint8_t randomness[32U]); - -/** -======= ->>>>>>> main Generate ML-KEM 1024 Key Pair */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); /** -<<<<<<< HEAD - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( - uint8_t randomness[64U]); - -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f public_key); -======= Validate a private key. Returns `true` if valid, and `false` otherwise. @@ -121,7 +65,6 @@ bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( */ bool libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key); ->>>>>>> main #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index abca7cc65..69da40f05 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index eb8d01333..7d6dc8938 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,28 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "libcrux_mlkem512_avx2.h" #include "internal/libcrux_mlkem_avx2.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -46,73 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -<<<<<<< HEAD -static void decapsulate_01(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_e2(private_key, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem512_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_01(private_key, ciphertext, ret); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const -generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -static void decapsulate_unpacked_30( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d6(key_pair, ciphertext, - ret); -} - -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_30(private_key, ciphertext, ret); -======= -static void decapsulate_80(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_1b(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_97(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ab(private_key, ciphertext, ret); } /** @@ -125,8 +51,7 @@ static void decapsulate_80(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_80(private_key, ciphertext, ret); ->>>>>>> main + decapsulate_1b(private_key, ciphertext, ret); } /** @@ -146,22 +71,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_ec encapsulate_d9( -======= -static tuple_ec encapsulate_4d( ->>>>>>> main +static tuple_ec encapsulate_ac( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_b3(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_9c(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_c6(uu____0, copy_of_randomness); } /** @@ -178,70 +95,9 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return encapsulate_d9(uu____0, copy_of_randomness); + return encapsulate_ac(uu____0, copy_of_randomness); } -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const -generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static tuple_ec encapsulate_unpacked_8b( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_25( - uu____0, copy_of_randomness); -} - -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_8b(uu____0, copy_of_randomness); -} - -======= - return encapsulate_4d(uu____0, copy_of_randomness); -} - -/** - Portable generate key pair. -*/ ->>>>>>> main /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -253,17 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_50( -======= -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_74( ->>>>>>> main +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_63( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_generate_keypair_f7(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_2a(copy_of_randomness); } /** @@ -274,30 +125,9 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_50(copy_of_randomness); + return generate_keypair_63(copy_of_randomness); } -/** - Unpacked API -======= - return libcrux_ml_kem_ind_cca_generate_keypair_51(copy_of_randomness); -} - -/** - Generate ML-KEM 512 Key Pair -*/ -libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_74(copy_of_randomness); -} - -/** - Portable private key validation ->>>>>>> main -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key with const @@ -306,31 +136,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -<<<<<<< HEAD -static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_5a(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_45( - copy_of_randomness); -} - -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_5a(copy_of_randomness); -======= -static KRML_MUSTINLINE bool validate_private_key_2d( +static KRML_MUSTINLINE bool validate_private_key_55( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_4d(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_ca(private_key, ciphertext); } @@ -342,13 +151,9 @@ static KRML_MUSTINLINE bool validate_private_key_2d( bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_2d(private_key, ciphertext); ->>>>>>> main + return validate_private_key_55(private_key, ciphertext); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -357,36 +162,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -static bool validate_public_key_ae(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_06(public_key); -======= -static KRML_MUSTINLINE bool validate_public_key_06(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_05(public_key); ->>>>>>> main +static KRML_MUSTINLINE bool validate_public_key_d3(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_95(public_key); } /** Validate a public key. -<<<<<<< HEAD - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be public_key) { - core_option_Option_04 uu____0; - if (validate_public_key_ae(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_None}); - } - return uu____0; -======= Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_06(public_key->value); ->>>>>>> main + return validate_public_key_d3(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 77fd6c007..c01cba19e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem512_avx2_H @@ -41,24 +33,8 @@ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); /** -<<<<<<< HEAD - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); - -/** - Encapsulate ML-KEM 512 - -======= Encapsulate ML-KEM 512 ->>>>>>> main Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. @@ -68,42 +44,12 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( uint8_t randomness[32U]); /** -<<<<<<< HEAD - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]); - -/** -======= ->>>>>>> main Generate ML-KEM 512 Key Pair */ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); /** -<<<<<<< HEAD - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]); - -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be public_key); -======= Validate a private key. Returns `true` if valid, and `false` otherwise. @@ -119,7 +65,6 @@ bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( */ bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key); ->>>>>>> main #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 364650a08..c6d9cc60a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,28 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "libcrux_mlkem512_portable.h" #include "internal/libcrux_mlkem_portable.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -46,11 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -<<<<<<< HEAD -static void decapsulate_b30( +static void decapsulate_860( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_160(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_550(private_key, ciphertext, ret); } /** @@ -63,70 +51,7 @@ static void decapsulate_b30( void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_b30(private_key, ciphertext, ret); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const -generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -static void decapsulate_unpacked_170( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f20(key_pair, ciphertext, - ret); -} - -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_170(private_key, ciphertext, ret); -======= -static void decapsulate_c40( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_6a0(private_key, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem512_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_c40(private_key, ciphertext, ret); ->>>>>>> main + decapsulate_860(private_key, ciphertext, ret); } /** @@ -146,22 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_ec encapsulate_cd0( -======= -static tuple_ec encapsulate_590( ->>>>>>> main +static tuple_ec encapsulate_6f0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_930(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_b10(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_130(uu____0, copy_of_randomness); } /** @@ -178,70 +95,9 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return encapsulate_cd0(uu____0, copy_of_randomness); + return encapsulate_6f0(uu____0, copy_of_randomness); } -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const -generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static tuple_ec encapsulate_unpacked_570( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f0( - uu____0, copy_of_randomness); -} - -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_570(uu____0, copy_of_randomness); -} - -======= - return encapsulate_590(uu____0, copy_of_randomness); -} - -/** - Portable generate key pair. -*/ ->>>>>>> main /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -254,66 +110,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_ff0( -======= -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_6b0( ->>>>>>> main - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_generate_keypair_6c0(copy_of_randomness); -} - -/** - Generate ML-KEM 512 Key Pair -*/ -libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ff0(copy_of_randomness); -} - -/** - Unpacked API -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with -const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_c60(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b20( - copy_of_randomness); -} - -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_7f0( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c60(copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_generate_keypair_540(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_b20(copy_of_randomness); } /** @@ -324,12 +126,9 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6b0(copy_of_randomness); + return generate_keypair_7f0(copy_of_randomness); } -/** - Portable private key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const @@ -338,12 +137,11 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_7c0( +static KRML_MUSTINLINE bool validate_private_key_1e0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_3d(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_24(private_key, ciphertext); ->>>>>>> main } /** @@ -354,12 +152,9 @@ static KRML_MUSTINLINE bool validate_private_key_7c0( bool libcrux_ml_kem_mlkem512_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_7c0(private_key, ciphertext); + return validate_private_key_1e0(private_key, ciphertext); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -368,36 +163,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -static bool validate_public_key_090(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_820(public_key); -======= -static KRML_MUSTINLINE bool validate_public_key_980(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_950(public_key); ->>>>>>> main +static KRML_MUSTINLINE bool validate_public_key_f90(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_3c0(public_key); } /** Validate a public key. -<<<<<<< HEAD - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be public_key) { - core_option_Option_04 uu____0; - if (validate_public_key_090(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_None}); - } - return uu____0; -======= Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_980(public_key->value); ->>>>>>> main + return validate_public_key_f90(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index f199ea4e8..51eb9d7bf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem512_portable_H @@ -41,24 +33,8 @@ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); /** -<<<<<<< HEAD - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); - -/** - Encapsulate ML-KEM 512 - -======= Encapsulate ML-KEM 512 ->>>>>>> main Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. @@ -68,42 +44,12 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( uint8_t randomness[32U]); /** -<<<<<<< HEAD - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, - uint8_t randomness[32U]); - -/** -======= ->>>>>>> main Generate ML-KEM 512 Key Pair */ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); /** -<<<<<<< HEAD - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( - uint8_t randomness[64U]); - -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be public_key); -======= Validate a private key. Returns `true` if valid, and `false` otherwise. @@ -119,7 +65,6 @@ bool libcrux_ml_kem_mlkem512_portable_validate_private_key( */ bool libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key); ->>>>>>> main #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index ad9864c6b..50ffc92a0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index a6d37295a..15e7950f8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,28 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "libcrux_mlkem768_avx2.h" #include "internal/libcrux_mlkem_avx2.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -46,73 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -<<<<<<< HEAD -static void decapsulate_011( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_e21(private_key, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem768_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_011(private_key, ciphertext, ret); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static void decapsulate_unpacked_301( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d61(key_pair, ciphertext, - ret); -} - -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_301(private_key, ciphertext, ret); -======= -static void decapsulate_801( +static void decapsulate_1b1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_971(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ab1(private_key, ciphertext, ret); } /** @@ -125,8 +51,7 @@ static void decapsulate_801( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_801(private_key, ciphertext, ret); ->>>>>>> main + decapsulate_1b1(private_key, ciphertext, ret); } /** @@ -146,22 +71,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_3c encapsulate_d91( -======= -static tuple_3c encapsulate_4d1( ->>>>>>> main +static tuple_3c encapsulate_ac1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_b31(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_9c1(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_c61(uu____0, copy_of_randomness); } /** @@ -178,70 +95,9 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return encapsulate_d91(uu____0, copy_of_randomness); + return encapsulate_ac1(uu____0, copy_of_randomness); } -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static tuple_3c encapsulate_unpacked_8b1( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_251( - uu____0, copy_of_randomness); -} - -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_8b1(uu____0, copy_of_randomness); -} - -======= - return encapsulate_4d1(uu____0, copy_of_randomness); -} - -/** - Portable generate key pair. -*/ ->>>>>>> main /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -253,17 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_501( -======= -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_741( ->>>>>>> main +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_631( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_generate_keypair_f71(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_2a1(copy_of_randomness); } /** @@ -274,30 +125,9 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_501(copy_of_randomness); + return generate_keypair_631(copy_of_randomness); } -/** - Unpacked API -======= - return libcrux_ml_kem_ind_cca_generate_keypair_511(copy_of_randomness); -} - -/** - Generate ML-KEM 768 Key Pair -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_741(copy_of_randomness); -} - -/** - Portable private key validation ->>>>>>> main -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key with const @@ -306,31 +136,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -<<<<<<< HEAD -static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_5a1(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_451( - copy_of_randomness); -} - -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_5a1(copy_of_randomness); -======= -static KRML_MUSTINLINE bool validate_private_key_2d1( +static KRML_MUSTINLINE bool validate_private_key_551( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_4d1(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_ca1(private_key, ciphertext); } @@ -342,13 +151,9 @@ static KRML_MUSTINLINE bool validate_private_key_2d1( bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_2d1(private_key, ciphertext); ->>>>>>> main + return validate_private_key_551(private_key, ciphertext); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -357,36 +162,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -static bool validate_public_key_ae1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_061(public_key); -======= -static KRML_MUSTINLINE bool validate_public_key_061(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_051(public_key); ->>>>>>> main +static KRML_MUSTINLINE bool validate_public_key_d31(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_951(public_key); } /** Validate a public key. -<<<<<<< HEAD - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (validate_public_key_ae1(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); - } - return uu____0; -======= Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_061(public_key->value); ->>>>>>> main + return validate_public_key_d31(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 72abc0266..d43dc5b54 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem768_avx2_H @@ -41,24 +33,8 @@ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); /** -<<<<<<< HEAD - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -/** - Encapsulate ML-KEM 768 - -======= Encapsulate ML-KEM 768 ->>>>>>> main Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. @@ -68,42 +44,12 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( uint8_t randomness[32U]); /** -<<<<<<< HEAD - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]); - -/** -======= ->>>>>>> main Generate ML-KEM 768 Key Pair */ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); /** -<<<<<<< HEAD - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]); - -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key); -======= Validate a private key. Returns `true` if valid, and `false` otherwise. @@ -119,7 +65,6 @@ bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( */ bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key); ->>>>>>> main #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 515033113..0527bf446 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,28 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "libcrux_mlkem768_portable.h" #include "internal/libcrux_mlkem_portable.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -46,11 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -<<<<<<< HEAD -static void decapsulate_b3( +static void decapsulate_86( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_16(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_55(private_key, ciphertext, ret); } /** @@ -63,70 +51,7 @@ static void decapsulate_b3( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_b3(private_key, ciphertext, ret); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static void decapsulate_unpacked_17( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f2(key_pair, ciphertext, - ret); -} - -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_17(private_key, ciphertext, ret); -======= -static void decapsulate_c4( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_6a(private_key, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem768_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_c4(private_key, ciphertext, ret); ->>>>>>> main + decapsulate_86(private_key, ciphertext, ret); } /** @@ -146,22 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_3c encapsulate_cd( -======= -static tuple_3c encapsulate_59( ->>>>>>> main +static tuple_3c encapsulate_6f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_93(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_b1(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_13(uu____0, copy_of_randomness); } /** @@ -178,70 +95,9 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return encapsulate_cd(uu____0, copy_of_randomness); + return encapsulate_6f(uu____0, copy_of_randomness); } -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static tuple_3c encapsulate_unpacked_57( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f( - uu____0, copy_of_randomness); -} - -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_57(uu____0, copy_of_randomness); -} - -======= - return encapsulate_59(uu____0, copy_of_randomness); -} - -/** - Portable generate key pair. -*/ ->>>>>>> main /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -254,62 +110,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_6b( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_generate_keypair_6c(copy_of_randomness); -} - -/** - Generate ML-KEM 768 Key Pair -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ff(copy_of_randomness); -} - -/** - Unpacked API -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with -const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_c6(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b2( - copy_of_randomness); -} - -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_7f( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c6(copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_generate_keypair_54(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_b2(copy_of_randomness); } /** @@ -320,12 +126,9 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6b(copy_of_randomness); + return generate_keypair_7f(copy_of_randomness); } -/** - Portable private key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const @@ -334,12 +137,11 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_7c( +static KRML_MUSTINLINE bool validate_private_key_1e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_46(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_9e(private_key, ciphertext); ->>>>>>> main } /** @@ -350,12 +152,9 @@ static KRML_MUSTINLINE bool validate_private_key_7c( bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_7c(private_key, ciphertext); + return validate_private_key_1e(private_key, ciphertext); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -364,36 +163,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -static bool validate_public_key_09(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_82(public_key); -======= -static KRML_MUSTINLINE bool validate_public_key_98(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_95(public_key); ->>>>>>> main +static KRML_MUSTINLINE bool validate_public_key_f9(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_3c(public_key); } /** Validate a public key. -<<<<<<< HEAD - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (validate_public_key_09(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); - } - return uu____0; -======= Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_98(public_key->value); ->>>>>>> main + return validate_public_key_f9(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 991caef3d..c86540cb9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem768_portable_H @@ -41,24 +33,8 @@ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); /** -<<<<<<< HEAD - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -/** - Encapsulate ML-KEM 768 - -======= Encapsulate ML-KEM 768 ->>>>>>> main Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. @@ -68,42 +44,12 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( uint8_t randomness[32U]); /** -<<<<<<< HEAD - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]); - -/** -======= ->>>>>>> main Generate ML-KEM 768 Key Pair */ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); /** -<<<<<<< HEAD - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( - uint8_t randomness[64U]); - -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key); -======= Validate a private key. Returns `true` if valid, and `false` otherwise. @@ -119,7 +65,6 @@ bool libcrux_ml_kem_mlkem768_portable_validate_private_key( */ bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key); ->>>>>>> main #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index e54fd7cdc..b3cae06b5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "internal/libcrux_mlkem_avx2.h" @@ -41,11 +33,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -<<<<<<< HEAD KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_vec_zero(void) { -======= -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { ->>>>>>> main return mm256_setzero_si256(); } @@ -53,21 +41,12 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ZERO_09(void) { return libcrux_ml_kem_vector_avx2_vec_zero(); } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_vec_from_i16_array(Eurydice_slice array) { -======= -__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { - return libcrux_ml_kem_vector_avx2_zero(); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { ->>>>>>> main return mm256_loadu_si256_i16(array); } @@ -75,7 +54,6 @@ libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_from_i16_array_09(Eurydice_slice array) { return libcrux_ml_kem_vector_avx2_vec_from_i16_array(array); } @@ -88,31 +66,14 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_vec_to_i16_array( int16_t result[16U]; memcpy(result, output, (size_t)16U * sizeof(int16_t)); memcpy(ret, result, (size_t)16U * sizeof(int16_t)); -======= -__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { - return libcrux_ml_kem_vector_avx2_from_i16_array(array); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, - int16_t ret[16U]) { - int16_t output[16U] = {0U}; - mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, output, int16_t), - v); - memcpy(ret, output, (size_t)16U * sizeof(int16_t)); ->>>>>>> main } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_to_i16_array_09(__m256i x, int16_t ret[16U]) { libcrux_ml_kem_vector_avx2_vec_to_i16_array(x, ret); -======= -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]) { - libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); ->>>>>>> main } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, @@ -124,11 +85,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_add_09(__m256i lhs, __m256i *rhs) { -======= -__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); } @@ -141,60 +98,38 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_sub_09(__m256i lhs, __m256i *rhs) { -======= -__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, int16_t constant) { -<<<<<<< HEAD __m256i cv = mm256_set1_epi16(constant); return mm256_mullo_epi16(vector, cv); -======= - return mm256_mullo_epi16(vector, mm256_set1_epi16(constant)); ->>>>>>> main } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09(__m256i vec, int16_t c) { return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(vec, c); -======= -__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, - int16_t c) { - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); ->>>>>>> main } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( __m256i vector, int16_t constant) { -<<<<<<< HEAD __m256i cv = mm256_set1_epi16(constant); return mm256_and_si256(vector, cv); -======= - return mm256_and_si256(vector, mm256_set1_epi16(constant)); ->>>>>>> main } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( -======= -__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( ->>>>>>> main __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( vector, constant); @@ -216,11 +151,7 @@ libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(__m256i vector) { -======= -__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); } @@ -230,19 +161,11 @@ __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector) { */ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { -<<<<<<< HEAD __m256i t0 = mm256_mulhi_epi16( vector, mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); __m256i t1 = mm256_add_epi16(t0, mm256_set1_epi16((int16_t)512)); __m256i quotient = mm256_srai_epi16((int32_t)10, t1, __m256i); -======= - __m256i t = mm256_mulhi_epi16( - vector, mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t0 = mm256_add_epi16(t, mm256_set1_epi16((int16_t)512)); - __m256i quotient = mm256_srai_epi16((int32_t)10, t0, __m256i); ->>>>>>> main __m256i quotient_times_field_modulus = mm256_mullo_epi16( quotient, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); return mm256_sub_epi16(vector, quotient_times_field_modulus); @@ -252,39 +175,24 @@ libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_barrett_reduce_09(__m256i vector) { -======= -__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( __m256i vector, int16_t constant) { -<<<<<<< HEAD __m256i vec_constant = mm256_set1_epi16(constant); __m256i value_low = mm256_mullo_epi16(vector, vec_constant); -======= - __m256i constant0 = mm256_set1_epi16(constant); - __m256i value_low = mm256_mullo_epi16(vector, constant0); ->>>>>>> main __m256i k = mm256_mullo_epi16( value_low, mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); -<<<<<<< HEAD __m256i modulus = mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i k_times_modulus = mm256_mulhi_epi16(k, modulus); __m256i value_high = mm256_mulhi_epi16(vector, vec_constant); -======= - __m256i k_times_modulus = mm256_mulhi_epi16( - k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = mm256_mulhi_epi16(vector, constant0); ->>>>>>> main return mm256_sub_epi16(value_high, k_times_modulus); } @@ -292,11 +200,7 @@ libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( -======= -__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( ->>>>>>> main __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( vector, constant); @@ -321,11 +225,7 @@ libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_compress_1_09(__m256i vector) { -======= -__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( vector); } @@ -342,28 +242,17 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( -<<<<<<< HEAD __m256i vec, __m256i constants) { __m256i value_low = mm256_mullo_epi16(vec, constants); -======= - __m256i v, __m256i c) { - __m256i value_low = mm256_mullo_epi16(v, c); ->>>>>>> main __m256i k = mm256_mullo_epi16( value_low, mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); -<<<<<<< HEAD __m256i modulus = mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i k_times_modulus = mm256_mulhi_epi16(k, modulus); __m256i value_high = mm256_mulhi_epi16(vec, constants); -======= - __m256i k_times_modulus = mm256_mulhi_epi16( - k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = mm256_mulhi_epi16(v, c); ->>>>>>> main return mm256_sub_epi16(value_high, k_times_modulus); } @@ -385,11 +274,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09(__m256i vector, -======= -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea(__m256i vector, ->>>>>>> main int16_t zeta0, int16_t zeta1, int16_t zeta2, @@ -415,11 +300,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09(__m256i vector, -======= -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, ->>>>>>> main int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); @@ -427,27 +308,16 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, KRML_MUSTINLINE __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( -<<<<<<< HEAD __m128i vec, __m128i constants) { __m128i value_low = mm_mullo_epi16(vec, constants); -======= - __m128i v, __m128i c) { - __m128i value_low = mm_mullo_epi16(v, c); ->>>>>>> main __m128i k = mm_mullo_epi16( value_low, mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); -<<<<<<< HEAD __m128i modulus = mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m128i k_times_modulus = mm_mulhi_epi16(k, modulus); __m128i value_high = mm_mulhi_epi16(vec, constants); -======= - __m128i k_times_modulus = mm_mulhi_epi16( - k, mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m128i value_high = mm_mulhi_epi16(v, c); ->>>>>>> main return mm_sub_epi16(value_high, k_times_modulus); } @@ -469,11 +339,7 @@ libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09(__m256i vector, -======= -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, ->>>>>>> main int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); } @@ -503,11 +369,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09(__m256i vector, -======= -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea(__m256i vector, ->>>>>>> main int16_t zeta0, int16_t zeta1, int16_t zeta2, @@ -539,11 +401,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09(__m256i vector, -======= -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, ->>>>>>> main int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, @@ -568,35 +426,21 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09(__m256i vector, -======= -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, ->>>>>>> main int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); } KRML_MUSTINLINE __m256i -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i vec) { __m256i k = mm256_mullo_epi16( vec, -======= -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { - __m256i k = mm256_mullo_epi16( - v, ->>>>>>> main mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); __m256i k_times_modulus = mm256_mulhi_epi16( k, mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); -<<<<<<< HEAD __m256i value_high = mm256_srli_epi32((int32_t)16, vec, __m256i); -======= - __m256i value_high = mm256_srli_epi32((int32_t)16, v, __m256i); ->>>>>>> main __m256i result = mm256_sub_epi16(value_high, k_times_modulus); __m256i result0 = mm256_slli_epi32((int32_t)16, result, __m256i); return mm256_srai_epi32((int32_t)16, result0, __m256i); @@ -663,11 +507,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09(__m256i *lhs, __m256i *rhs, -======= -__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, ->>>>>>> main int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { @@ -682,26 +522,15 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( __m128i high_msbs = mm256_extracti128_si256((int32_t)1, lsb_to_msb, __m128i); __m128i msbs = mm_packs_epi16(low_msbs, high_msbs); int32_t bits_packed = mm_movemask_epi8(msbs); -<<<<<<< HEAD ret[0U] = (uint8_t)bits_packed; ret[1U] = (uint8_t)(bits_packed >> 8U); -======= - uint8_t serialized[2U] = {0U}; - serialized[0U] = (uint8_t)bits_packed; - serialized[1U] = (uint8_t)(bits_packed >> 8U); - memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); ->>>>>>> main } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_1_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, ->>>>>>> main uint8_t ret[2U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); } @@ -739,11 +568,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_1_09(Eurydice_slice bytes) { -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } @@ -778,11 +603,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD core_result_unwrap_41_0e(dst, ret0); -======= - core_result_unwrap_26_0e(dst, ret0); ->>>>>>> main memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -790,11 +611,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_4_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, ->>>>>>> main uint8_t ret[8U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); } @@ -835,11 +652,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_4_09(Eurydice_slice bytes) { -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); } @@ -881,11 +694,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); -<<<<<<< HEAD core_result_unwrap_41_07(dst, ret0); -======= - core_result_unwrap_26_07(dst, ret0); ->>>>>>> main memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -893,11 +702,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_5_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, ->>>>>>> main uint8_t ret[10U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } @@ -948,11 +753,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_5_09(Eurydice_slice bytes) { -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } @@ -996,11 +797,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); -<<<<<<< HEAD core_result_unwrap_41_ea(dst, ret0); -======= - core_result_unwrap_26_ea(dst, ret0); ->>>>>>> main memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1008,11 +805,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_10_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, ->>>>>>> main uint8_t ret[20U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); } @@ -1047,11 +840,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_10_09(Eurydice_slice bytes) { -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); } @@ -1072,11 +861,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_11_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, ->>>>>>> main uint8_t ret[22U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); } @@ -1095,11 +880,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_11_09(Eurydice_slice bytes) { -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); } @@ -1143,11 +924,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); -<<<<<<< HEAD core_result_unwrap_41_76(dst, ret0); -======= - core_result_unwrap_26_76(dst, ret0); ->>>>>>> main memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1155,11 +932,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_12_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, ->>>>>>> main uint8_t ret[24U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); } @@ -1194,11 +967,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_12_09(Eurydice_slice bytes) { -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); } @@ -1256,37 +1025,21 @@ size_t libcrux_ml_kem_vector_avx2_rej_sample_09(Eurydice_slice input, This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -<<<<<<< HEAD inline __m256i libcrux_ml_kem_vector_avx2_clone_78(__m256i *self) { -======= -inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { ->>>>>>> main return self[0U]; } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_1b(void) { -======= -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_d6_7d(void) { ->>>>>>> main +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_7d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1307,12 +1060,6 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_d6_7d(void) { return lit; } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -1320,50 +1067,29 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_to_reduced_ring_element_55(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); -======= -deserialize_to_reduced_ring_element_1b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); ->>>>>>> main +deserialize_to_reduced_ring_element_ec(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes); -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); ->>>>>>> main re.coefficients[i0] = libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(coefficient); } return re; } -/** - See [deserialize_ring_elements_reduced_out]. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_301( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_1b();); -======= -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_3d1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1375,35 +1101,24 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c4( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = -<<<<<<< HEAD - deserialize_to_reduced_ring_element_55(ring_element); -======= - deserialize_to_reduced_ring_element_1b(ring_element); ->>>>>>> main + deserialize_to_reduced_ring_element_ec(ring_element); deserialized_pk[i0] = uu____0; } } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_661( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_851( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_d6_7d();); - deserialize_ring_elements_reduced_8c4(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_20_7d();); + deserialize_ring_elements_reduced_3d1(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1414,11 +1129,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -<<<<<<< HEAD -static KRML_MUSTINLINE __m256i shift_right_f5(__m256i vector) { -======= -static KRML_MUSTINLINE __m256i shift_right_84(__m256i vector) { ->>>>>>> main +static KRML_MUSTINLINE __m256i shift_right_d1(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1431,13 +1142,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09 with const generics - SHIFT_BY= 15 */ -<<<<<<< HEAD -static __m256i shift_right_09_22(__m256i vector) { - return shift_right_f5(vector); -======= -static __m256i shift_right_ea_fc(__m256i vector) { - return shift_right_84(vector); ->>>>>>> main +static __m256i shift_right_09_bb(__m256i vector) { + return shift_right_d1(vector); } /** @@ -1446,19 +1152,11 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static __m256i to_unsigned_representative_4f(__m256i a) { - __m256i t = shift_right_09_22(a); +static __m256i to_unsigned_representative_b5(__m256i a) { + __m256i t = shift_right_09_bb(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); -======= -static __m256i to_unsigned_representative_c0(__m256i a) { - __m256i t = shift_right_ea_fc(a); - __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); ->>>>>>> main } /** @@ -1467,21 +1165,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_5c( -======= -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_53( ->>>>>>> main +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_88( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; -<<<<<<< HEAD - __m256i coefficient = to_unsigned_representative_4f(re->coefficients[i0]); -======= - __m256i coefficient = to_unsigned_representative_c0(re->coefficients[i0]); ->>>>>>> main + __m256i coefficient = to_unsigned_representative_b5(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1492,9 +1182,6 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_53( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1502,11 +1189,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_secret_key_501( -======= -static KRML_MUSTINLINE void serialize_secret_key_5f1( ->>>>>>> main +static KRML_MUSTINLINE void serialize_secret_key_721( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1524,20 +1207,13 @@ static KRML_MUSTINLINE void serialize_secret_key_5f1( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; -<<<<<<< HEAD - serialize_uncompressed_ring_element_5c(&re, ret0); -======= - serialize_uncompressed_ring_element_53(&re, ret0); ->>>>>>> main + serialize_uncompressed_ring_element_88(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1546,13 +1222,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_mut_c21( +static KRML_MUSTINLINE void serialize_public_key_mut_821( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - serialize_secret_key_5f1(t_as_ntt, ret); + serialize_secret_key_721(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -1561,9 +1237,6 @@ static KRML_MUSTINLINE void serialize_public_key_mut_c21( seed_for_a, uint8_t); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1572,41 +1245,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_public_key_511( +static KRML_MUSTINLINE void serialize_public_key_391( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); - uint8_t ret0[1152U]; - serialize_secret_key_501(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), - seed_for_a, uint8_t); + serialize_public_key_mut_821(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void serialize_public_key_021( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - serialize_public_key_mut_c21(t_as_ntt, seed_for_a, public_key_serialized); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); ->>>>>>> main } -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1615,25 +1263,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_061(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_301( -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_051(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_951(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_out_661( ->>>>>>> main + deserialize_ring_elements_reduced_out_851( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; -<<<<<<< HEAD - serialize_public_key_511( -======= - serialize_public_key_021( ->>>>>>> main + serialize_public_key_391( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1655,13 +1293,6 @@ static KRML_MUSTINLINE void H_a9_161(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } -/** - Validate an ML-KEM private key. - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -1670,7 +1301,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4d1( +bool libcrux_ml_kem_ind_cca_validate_private_key_ca1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -1698,19 +1329,19 @@ typedef struct IndCpaPrivateKeyUnpacked_a0_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static IndCpaPrivateKeyUnpacked_a0 default_1a_191(void) { +static IndCpaPrivateKeyUnpacked_a0 default_f6_191(void) { IndCpaPrivateKeyUnpacked_a0 lit; - lit.secret_as_ntt[0U] = ZERO_d6_7d(); - lit.secret_as_ntt[1U] = ZERO_d6_7d(); - lit.secret_as_ntt[2U] = ZERO_d6_7d(); + lit.secret_as_ntt[0U] = ZERO_20_7d(); + lit.secret_as_ntt[1U] = ZERO_20_7d(); + lit.secret_as_ntt[2U] = ZERO_20_7d(); return lit; } @@ -1729,33 +1360,33 @@ typedef struct IndCpaPublicKeyUnpacked_a0_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static IndCpaPublicKeyUnpacked_a0 default_8d_801(void) { +static IndCpaPublicKeyUnpacked_a0 default_85_801(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - uu____0[i] = ZERO_d6_7d();); + uu____0[i] = ZERO_20_7d();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_a0 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_d6_7d(); - lit.A[0U][1U] = ZERO_d6_7d(); - lit.A[0U][2U] = ZERO_d6_7d(); - lit.A[1U][0U] = ZERO_d6_7d(); - lit.A[1U][1U] = ZERO_d6_7d(); - lit.A[1U][2U] = ZERO_d6_7d(); - lit.A[2U][0U] = ZERO_d6_7d(); - lit.A[2U][1U] = ZERO_d6_7d(); - lit.A[2U][2U] = ZERO_d6_7d(); + lit.A[0U][0U] = ZERO_20_7d(); + lit.A[0U][1U] = ZERO_20_7d(); + lit.A[0U][2U] = ZERO_20_7d(); + lit.A[1U][0U] = ZERO_20_7d(); + lit.A[1U][1U] = ZERO_20_7d(); + lit.A[1U][2U] = ZERO_20_7d(); + lit.A[2U][0U] = ZERO_20_7d(); + lit.A[2U][1U] = ZERO_20_7d(); + lit.A[2U][2U] = ZERO_20_7d(); return lit; } @@ -1768,11 +1399,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void G_a9_ab1(Eurydice_slice input, uint8_t ret[64U]) { -======= static KRML_MUSTINLINE void G_a9_671(Eurydice_slice input, uint8_t ret[64U]) { ->>>>>>> main libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -1786,13 +1413,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -<<<<<<< HEAD -static void closure_ba1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_1b();); -======= -static KRML_MUSTINLINE void cpa_keygen_seed_d8_e11( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_7e1( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -1805,7 +1426,6 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_e11( uint8_t ret0[64U]; G_a9_671(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -1815,11 +1435,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -<<<<<<< HEAD -shake128_init_absorb_final_501(uint8_t input[3U][34U]) { -======= -shake128_init_absorb_2a1(uint8_t input[3U][34U]) { ->>>>>>> main +shake128_init_absorb_final_2a1(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -1841,19 +1457,11 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -<<<<<<< HEAD -shake128_init_absorb_final_a9_3f1(uint8_t input[3U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[3U][34U]; - memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_501(copy_of_input); -======= -shake128_init_absorb_a9_1c1(uint8_t input[3U][34U]) { +shake128_init_absorb_final_a9_1c1(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_2a1(copy_of_input); ->>>>>>> main + return shake128_init_absorb_final_2a1(copy_of_input); } /** @@ -1862,11 +1470,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_001( -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c1( ->>>>>>> main +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_0c1( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -1900,15 +1504,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_941( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_2e1( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_001(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e1( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_0c1(self, ret); ->>>>>>> main + shake128_squeeze_first_three_blocks_0c1(self, ret); } /** @@ -1959,11 +1557,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_613( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_743( ->>>>>>> main uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1975,11 +1569,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_743( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( -======= - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( ->>>>>>> main uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t)); @@ -2005,11 +1595,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_dd1( -======= -static KRML_MUSTINLINE void shake128_squeeze_block_4a1( ->>>>>>> main +static KRML_MUSTINLINE void shake128_squeeze_next_block_4a1( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -2043,15 +1629,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_bf1( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_dd1(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_1d1( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_4a1(self, ret); ->>>>>>> main + shake128_squeeze_next_block_4a1(self, ret); } /** @@ -2102,11 +1682,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_614( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_744( ->>>>>>> main uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -2118,11 +1694,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_744( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( -======= - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( ->>>>>>> main uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t)); @@ -2144,39 +1716,22 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_744( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -from_i16_array_20_82(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); -======= -from_i16_array_d6_14(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); ->>>>>>> main +from_i16_array_20_14(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; result.coefficients[i0] = -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_from_i16_array_09(Eurydice_slice_subslice2( -======= - libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( ->>>>>>> main a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t)); } return result; @@ -2188,15 +1743,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -<<<<<<< HEAD -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_8a1( - int16_t s[272U]) { - return from_i16_array_20_82( -======= static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e41( int16_t s[272U]) { - return from_i16_array_d6_14( ->>>>>>> main + return from_i16_array_20_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2206,11 +1755,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_from_xof_c11( -======= static KRML_MUSTINLINE void sample_from_xof_671( ->>>>>>> main uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -2219,43 +1764,25 @@ static KRML_MUSTINLINE void sample_from_xof_671( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = -<<<<<<< HEAD - shake128_init_absorb_final_a9_3f1(copy_of_seeds); - uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_a9_941(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[3U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_613( -======= - shake128_init_absorb_a9_1c1(copy_of_seeds); + shake128_init_absorb_final_a9_1c1(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_a9_2e1(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_2e1(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_743( ->>>>>>> main copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; -<<<<<<< HEAD - shake128_squeeze_next_block_a9_bf1(&xof_state, randomness); -======= - shake128_squeeze_block_a9_1d1(&xof_state, randomness); ->>>>>>> main + shake128_squeeze_next_block_a9_1d1(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); -<<<<<<< HEAD - done = sample_from_uniform_distribution_next_614( -======= done = sample_from_uniform_distribution_next_744( ->>>>>>> main copy_of_randomness, sampled_coefficients, out); } } @@ -2264,11 +1791,7 @@ static KRML_MUSTINLINE void sample_from_xof_671( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, -<<<<<<< HEAD - ret0[i] = closure_8a1(copy_of_out[i]);); -======= ret0[i] = closure_e41(copy_of_out[i]);); ->>>>>>> main memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -2280,18 +1803,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_matrix_A_ff1( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_ba1(A_transpose[i]);); -======= static KRML_MUSTINLINE void sample_matrix_A_341( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { ->>>>>>> main KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -2306,11 +1820,7 @@ static KRML_MUSTINLINE void sample_matrix_A_341( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; -<<<<<<< HEAD - sample_from_xof_c11(copy_of_seeds, sampled); -======= sample_from_xof_671(copy_of_seeds, sampled); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2328,16 +1838,6 @@ static KRML_MUSTINLINE void sample_matrix_A_341( } ); -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U][3U]; - memcpy(result, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ret, result, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); -======= ->>>>>>> main } /** @@ -2346,11 +1846,7 @@ with const generics - K= 3 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_ef2(uint8_t (*input)[33U], -======= static KRML_MUSTINLINE void PRFxN_082(uint8_t (*input)[33U], ->>>>>>> main uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -2388,66 +1884,11 @@ with const generics - K= 3 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_a9_412(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_ef2(input, ret); -======= static KRML_MUSTINLINE void PRFxN_a9_162(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { PRFxN_082(input, ret); ->>>>>>> main } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -2455,11 +1896,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -sample_from_binomial_distribution_2_6a(Eurydice_slice randomness) { -======= -sample_from_binomial_distribution_2_ea(Eurydice_slice randomness) { ->>>>>>> main +sample_from_binomial_distribution_2_80(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -2493,11 +1930,7 @@ sample_from_binomial_distribution_2_ea(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } -<<<<<<< HEAD - return from_i16_array_20_82( -======= - return from_i16_array_d6_14( ->>>>>>> main + return from_i16_array_20_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2508,11 +1941,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -sample_from_binomial_distribution_3_5f(Eurydice_slice randomness) { -======= -sample_from_binomial_distribution_3_3c(Eurydice_slice randomness) { ->>>>>>> main +sample_from_binomial_distribution_3_05(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -2545,11 +1974,7 @@ sample_from_binomial_distribution_3_3c(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } -<<<<<<< HEAD - return from_i16_array_20_82( -======= - return from_i16_array_d6_14( ->>>>>>> main + return from_i16_array_20_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2560,13 +1985,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -sample_from_binomial_distribution_8e0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_6a(randomness); -======= -sample_from_binomial_distribution_af(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_ea(randomness); ->>>>>>> main +sample_from_binomial_distribution_73(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_80(randomness); } /** @@ -2575,20 +1995,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_at_layer_7_ea( -======= -static KRML_MUSTINLINE void ntt_at_layer_7_ab( ->>>>>>> main +static KRML_MUSTINLINE void ntt_at_layer_7_64( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; -<<<<<<< HEAD __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_09( -======= - __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( ->>>>>>> main re->coefficients[j + step], (int16_t)-1600); re->coefficients[j + step] = libcrux_ml_kem_vector_avx2_sub_09(re->coefficients[j], &t); @@ -2608,13 +2020,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static __m256i montgomery_multiply_fe_25(__m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_a2(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); -======= -static __m256i montgomery_multiply_fe_aa(__m256i v, int16_t fer) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); ->>>>>>> main } /** @@ -2624,17 +2031,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -<<<<<<< HEAD -ntt_layer_int_vec_step_0a(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_25(b, zeta_r); +ntt_layer_int_vec_step_5d(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_a2(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); -======= -ntt_layer_int_vec_step_c2(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_aa(b, zeta_r); - b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); - a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); ->>>>>>> main return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2645,11 +2045,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_at_layer_4_plus_0d( -======= -static KRML_MUSTINLINE void ntt_at_layer_4_plus_b8( ->>>>>>> main +static KRML_MUSTINLINE void ntt_at_layer_4_plus_1d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2662,15 +2058,9 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_b8( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = -<<<<<<< HEAD - ntt_layer_int_vec_step_0a( + ntt_layer_int_vec_step_5d( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); -======= - ntt_layer_int_vec_step_c2( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); ->>>>>>> main __m256i x = uu____0.fst; __m256i y = uu____0.snd; re->coefficients[j] = x; @@ -2685,11 +2075,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_at_layer_3_db( -======= -static KRML_MUSTINLINE void ntt_at_layer_3_5f( ->>>>>>> main +static KRML_MUSTINLINE void ntt_at_layer_3_ae( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2705,11 +2091,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_at_layer_2_10( -======= -static KRML_MUSTINLINE void ntt_at_layer_2_c2( ->>>>>>> main +static KRML_MUSTINLINE void ntt_at_layer_2_53( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2727,11 +2109,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_at_layer_1_6e( -======= -static KRML_MUSTINLINE void ntt_at_layer_1_60( ->>>>>>> main +static KRML_MUSTINLINE void ntt_at_layer_1_09( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2747,27 +2125,15 @@ static KRML_MUSTINLINE void ntt_at_layer_1_60( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void poly_barrett_reduce_20_85( -======= -static KRML_MUSTINLINE void poly_barrett_reduce_d6_2b( ->>>>>>> main +static KRML_MUSTINLINE void poly_barrett_reduce_20_09( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2783,37 +2149,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_0d( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_ea(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_db(&zeta_i, re); - ntt_at_layer_2_10(&zeta_i, re); - ntt_at_layer_1_6e(&zeta_i, re); - poly_barrett_reduce_20_85(re); -======= -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d5( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_5c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_ab(re); + ntt_at_layer_7_64(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_5f(&zeta_i, re); - ntt_at_layer_2_c2(&zeta_i, re); - ntt_at_layer_1_60(&zeta_i, re); - poly_barrett_reduce_d6_2b(re); ->>>>>>> main + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_ae(&zeta_i, re); + ntt_at_layer_2_53(&zeta_i, re); + ntt_at_layer_1_09(&zeta_i, re); + poly_barrett_reduce_20_09(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2822,17 +2170,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_e41( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_1b();); -======= -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee1( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_071( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2844,20 +2184,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee1( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; -<<<<<<< HEAD - PRFxN_a9_412(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_8e0( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_0d(&re_as_ntt[i0]);); -======= PRFxN_a9_162(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_af( + re_as_ntt[i0] = sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_5c(&re_as_ntt[i0]);); return domain_separator; } @@ -2880,92 +2212,43 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_7f1( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_d71( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_d6_7d();); + re_as_ntt[i] = ZERO_20_7d();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_ee1(uu____0, uu____1, domain_separator); ->>>>>>> main + sample_vector_cbd_then_ntt_071(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -<<<<<<< HEAD - tuple_b00 result; + tuple_b0 result; memcpy( result.fst, copy_of_re_as_ntt, -======= - tuple_b0 lit; - memcpy( - lit.fst, copy_of_re_as_ntt, ->>>>>>> main (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); result.snd = domain_separator; return result; } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 -======= - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -ntt_multiply_20_f1(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_20_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_1b(); -======= -ntt_multiply_d6_f1(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_d6_7d(); ->>>>>>> main + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2983,33 +2266,16 @@ ntt_multiply_d6_f1(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -======= - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_to_ring_element_20_471( -======= -static KRML_MUSTINLINE void add_to_ring_element_d6_b81( ->>>>>>> main +static KRML_MUSTINLINE void add_to_ring_element_20_311( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -3029,110 +2295,42 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static __m256i to_standard_domain_f5(__m256i v) { +static __m256i to_standard_domain_c1(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( -======= -static __m256i to_standard_domain_bd(__m256i v) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( ->>>>>>> main v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_standard_error_reduce_20_f6( -======= -static KRML_MUSTINLINE void add_standard_error_reduce_d6_a7( ->>>>>>> main +static KRML_MUSTINLINE void add_standard_error_reduce_20_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = -<<<<<<< HEAD - to_standard_domain_f5(self->coefficients[j]); + to_standard_domain_c1(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, -======= - to_standard_domain_bd(self->coefficients[j]); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, ->>>>>>> main &error->coefficients[j])); } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_As_plus_e_ef1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_1b();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_f1(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_471(&result0[i1], &product); - } - add_standard_error_reduce_20_f6(&result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -======= -static KRML_MUSTINLINE void compute_As_plus_e_a21( +static KRML_MUSTINLINE void compute_As_plus_e_671( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -3146,7 +2344,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_a21( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_d6_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_20_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -3159,55 +2357,13 @@ static KRML_MUSTINLINE void compute_As_plus_e_a21( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_b81(&t_as_ntt[i0], &product); + ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_311(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_a7(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_20_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } ->>>>>>> main } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3217,47 +2373,20 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_9b0 generate_keypair_unpacked_471( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_ab1(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; -======= -static void generate_keypair_unpacked_811( +static void generate_keypair_unpacked_4a1( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_a0 *private_key, IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_e11(key_generation_seed, hashed); + cpa_keygen_seed_d8_7e1(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; ->>>>>>> main Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[3U] = public_key->A; uint8_t ret[34U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_ff1(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_e41(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; -======= libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); sample_matrix_A_341(uu____1, ret, true); uint8_t prf_input[33U]; @@ -3269,280 +2398,73 @@ static void generate_keypair_unpacked_811( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_ee1(uu____2, copy_of_prf_input0, 0U); ->>>>>>> main + sample_vector_cbd_then_ntt_071(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, -<<<<<<< HEAD - sample_vector_cbd_then_ntt_e41(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_out_d71(copy_of_prf_input, domain_separator) + .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_ef1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; + compute_As_plus_e_671(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); + uint8_t uu____5[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } /** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 +- PRIVATE_KEY_SIZE= 1152 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_1c1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_1b();); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_3a_33( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - __m256i ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, __m256i, void *); - memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); - return lit; +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_1c1( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_a0 private_key = default_f6_191(); + IndCpaPublicKeyUnpacked_a0 public_key = default_85_801(); + generate_keypair_unpacked_4a1(key_generation_seed, &private_key, &public_key); + uint8_t public_key_serialized[1184U]; + serialize_public_key_391( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key_721(private_key.secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 result; + memcpy(result.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + return result; } /** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 +- SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void H_a9_311(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_451( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_9b0 uu____0 = generate_keypair_unpacked_471(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_1c1(A[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_33(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t pk_serialized[1184U]; - serialize_public_key_511( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_311(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -======= - sample_vector_cbd_then_ntt_out_7f1(copy_of_prf_input, domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_a21(public_key->t_as_ntt, public_key->A, - private_key->secret_as_ntt, error_as_ntt); - uint8_t uu____5[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); - memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem -with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -<<<<<<< HEAD -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_931( - Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_471(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - serialize_public_key_511( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_501(sk.secret_as_ntt, secret_key_serialized); -======= -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_2f1( - Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_191(); - IndCpaPublicKeyUnpacked_a0 public_key = default_8d_801(); - generate_keypair_unpacked_811(key_generation_seed, &private_key, &public_key); - uint8_t public_key_serialized[1184U]; - serialize_public_key_021( - public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_5f1(private_key.secret_as_ntt, secret_key_serialized); ->>>>>>> main - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1152U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1184U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); -<<<<<<< HEAD - libcrux_ml_kem_utils_extraction_helper_Keypair768 result; - memcpy(result.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(result.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return result; -======= - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return lit; ->>>>>>> main -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_kem_secret_key_eb1( -======= -static KRML_MUSTINLINE void serialize_kem_secret_key_0a1( ->>>>>>> main +static KRML_MUSTINLINE void serialize_kem_secret_key_281( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -3568,11 +2490,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_0a1( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; -<<<<<<< HEAD - H_a9_311(public_key, ret0); -======= H_a9_161(public_key, ret0); ->>>>>>> main Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -3588,14 +2506,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_0a1( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3610,11 +2520,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_f71(uint8_t randomness[64U]) { -======= -libcrux_ml_kem_ind_cca_generate_keypair_511(uint8_t randomness[64U]) { ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_2a1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3623,21 +2529,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_511(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = -<<<<<<< HEAD - generate_keypair_931(ind_cpa_keypair_randomness); -======= - generate_keypair_2f1(ind_cpa_keypair_randomness); ->>>>>>> main + generate_keypair_1c1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; -<<<<<<< HEAD - serialize_kem_secret_key_eb1( -======= - serialize_kem_secret_key_0a1( ->>>>>>> main + serialize_kem_secret_key_281( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3646,22 +2544,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_511(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = -<<<<<<< HEAD - libcrux_ml_kem_types_from_e7_f10(copy_of_secret_key_serialized); -======= - libcrux_ml_kem_types_from_88_2d0(copy_of_secret_key_serialized); ->>>>>>> main + libcrux_ml_kem_types_from_7f_720(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_types_from_64_b10( - uu____2, libcrux_ml_kem_types_from_07_a90(copy_of_public_key)); -======= - return libcrux_ml_kem_types_from_17_8b0( - uu____2, libcrux_ml_kem_types_from_40_600(copy_of_public_key)); ->>>>>>> main + return libcrux_ml_kem_types_from_3a_8d0( + uu____2, libcrux_ml_kem_types_from_5a_c60(copy_of_public_key)); } /** @@ -3674,7 +2563,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_961(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_7b1(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3682,38 +2571,6 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_961(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - See [deserialize_ring_elements_reduced_out]. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c1( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_1b(ring_element); - deserialized_pk[i0] = uu____0; - } -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3722,19 +2579,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_e71(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_1b();); -======= static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_c61(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_461(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_d6_7d();); ->>>>>>> main + error_1[i] = ZERO_20_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3746,19 +2595,11 @@ sample_ring_element_cbd_c61(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; -<<<<<<< HEAD - PRFxN_a9_412(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_8e0( -======= PRFxN_a9_162(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_af( ->>>>>>> main + sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -3766,15 +2607,9 @@ sample_ring_element_cbd_c61(uint8_t prf_input[33U], uint8_t domain_separator) { memcpy( copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -<<<<<<< HEAD - tuple_b00 result; + tuple_b0 result; memcpy( result.fst, copy_of_error_1, -======= - tuple_b0 lit; - memcpy( - lit.fst, copy_of_error_1, ->>>>>>> main (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); result.snd = domain_separator; return result; @@ -3785,11 +2620,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_c90(Eurydice_slice input, uint8_t ret[128U]) { -======= static KRML_MUSTINLINE void PRF_d10(Eurydice_slice input, uint8_t ret[128U]) { ->>>>>>> main uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -3806,15 +2637,9 @@ with const generics - K= 3 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_a9_264(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_c90(input, ret); -======= static KRML_MUSTINLINE void PRF_a9_424(Eurydice_slice input, uint8_t ret[128U]) { PRF_d10(input, ret); ->>>>>>> main } /** @@ -3823,11 +2648,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_at_layer_1_16( -======= -static KRML_MUSTINLINE void invert_ntt_at_layer_1_2b( ->>>>>>> main +static KRML_MUSTINLINE void invert_ntt_at_layer_1_f8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3848,11 +2669,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_at_layer_2_88( -======= -static KRML_MUSTINLINE void invert_ntt_at_layer_2_6a( ->>>>>>> main +static KRML_MUSTINLINE void invert_ntt_at_layer_2_de( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3871,11 +2688,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_at_layer_3_f7( -======= -static KRML_MUSTINLINE void invert_ntt_at_layer_3_ad( ->>>>>>> main +static KRML_MUSTINLINE void invert_ntt_at_layer_3_0f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16(i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; @@ -3892,19 +2705,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -<<<<<<< HEAD -inv_ntt_layer_int_vec_step_reduce_e0(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_cb(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = montgomery_multiply_fe_25(a_minus_b, zeta_r); -======= -inv_ntt_layer_int_vec_step_reduce_63(__m256i a, __m256i b, int16_t zeta_r) { - __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); - a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = montgomery_multiply_fe_aa(a_minus_b, zeta_r); ->>>>>>> main + b = montgomery_multiply_fe_a2(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -3915,11 +2720,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_84( -======= -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8f( ->>>>>>> main +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3934,15 +2735,9 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8f( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = -<<<<<<< HEAD - inv_ntt_layer_int_vec_step_reduce_e0( + inv_ntt_layer_int_vec_step_reduce_cb( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); -======= - inv_ntt_layer_int_vec_step_reduce_63( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); ->>>>>>> main __m256i x = uu____0.fst; __m256i y = uu____0.snd; re->coefficients[j] = x; @@ -3957,69 +2752,38 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_montgomery_971( +static KRML_MUSTINLINE void invert_ntt_montgomery_4a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_16(&zeta_i, re); - invert_ntt_at_layer_2_88(&zeta_i, re); - invert_ntt_at_layer_3_f7(&zeta_i, re); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_85(re); -======= -static KRML_MUSTINLINE void invert_ntt_montgomery_191( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2b(&zeta_i, re); - invert_ntt_at_layer_2_6a(&zeta_i, re); - invert_ntt_at_layer_3_ad(&zeta_i, re); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_2b(re); ->>>>>>> main + invert_ntt_at_layer_1_f8(&zeta_i, re); + invert_ntt_at_layer_2_de(&zeta_i, re); + invert_ntt_at_layer_3_0f(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_09(re); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_error_reduce_20_1f( -======= -static KRML_MUSTINLINE void add_error_reduce_d6_89( ->>>>>>> main +static KRML_MUSTINLINE void add_error_reduce_20_84( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( -======= - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( ->>>>>>> main self->coefficients[j], (int16_t)1441); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, @@ -4027,31 +2791,20 @@ static KRML_MUSTINLINE void add_error_reduce_d6_89( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_vector_u_e31( -======= -static KRML_MUSTINLINE void compute_vector_u_ba1( ->>>>>>> main +static KRML_MUSTINLINE void compute_vector_u_a91( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, -<<<<<<< HEAD - result0[i] = ZERO_20_1b();); -======= - result[i] = ZERO_d6_7d();); ->>>>>>> main + result0[i] = ZERO_20_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4071,19 +2824,11 @@ static KRML_MUSTINLINE void compute_vector_u_ba1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = -<<<<<<< HEAD - ntt_multiply_20_f1(a_element, &r_as_ntt[j]); - add_to_ring_element_20_471(&result0[i1], &product); - } - invert_ntt_montgomery_971(&result0[i1]); - add_error_reduce_20_1f(&result0[i1], &error_1[i1]); -======= - ntt_multiply_d6_f1(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_b81(&result[i1], &product); + ntt_multiply_20_63(a_element, &r_as_ntt[j]); + add_to_ring_element_20_311(&result0[i1], &product); } - invert_ntt_montgomery_191(&result[i1]); - add_error_reduce_d6_89(&result[i1], &error_1[i1]); ->>>>>>> main + invert_ntt_montgomery_4a1(&result0[i1]); + add_error_reduce_20_84(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -4100,19 +2845,11 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static __m256i decompress_1_34(__m256i vec) { +static __m256i decompress_1_14(__m256i vec) { __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09(); __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec); return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s, (int16_t)1665); -======= -static __m256i decompress_1_f2(__m256i v) { - return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), - &v), - (int16_t)1665); ->>>>>>> main } /** @@ -4122,9 +2859,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_then_decompress_message_e3(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); +deserialize_then_decompress_message_a6(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -4132,46 +2868,22 @@ deserialize_then_decompress_message_e3(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_34(coefficient_compressed);); -======= -deserialize_then_decompress_message_ef(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, - uint8_t)); - re.coefficients[i0] = decompress_1_f2(coefficient_compressed);); ->>>>>>> main + re.coefficients[i0] = decompress_1_14(coefficient_compressed);); return re; } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -add_message_error_reduce_20_69( -======= -add_message_error_reduce_d6_df( ->>>>>>> main +add_message_error_reduce_20_b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -4179,30 +2891,18 @@ add_message_error_reduce_d6_df( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient_normal_form = -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( result.coefficients[i0], (int16_t)1441); __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(self->coefficients[i0], &message->coefficients[i0]); __m256i tmp0 = libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &tmp); -======= - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - result.coefficients[i0], (int16_t)1441); - __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea(self->coefficients[i0], - &message->coefficients[i0]); - __m256i tmp0 = - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); ->>>>>>> main result.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(tmp0); } return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4210,32 +2910,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -compute_ring_element_v_e71( -======= -compute_ring_element_v_9f1( ->>>>>>> main +compute_ring_element_v_e61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_f1(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_471(&result, &product);); - invert_ntt_montgomery_971(&result); - result = add_message_error_reduce_20_69(error_2, message, result); -======= - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_b81(&result, &product);); - invert_ntt_montgomery_191(&result); - result = add_message_error_reduce_d6_df(error_2, message, result); ->>>>>>> main + ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_311(&result, &product);); + invert_ntt_montgomery_4a1(&result); + result = add_message_error_reduce_20_b0(error_2, message, result); return result; } @@ -4246,11 +2932,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -compress_ciphertext_coefficient_fd(__m256i vector) { -======= -compress_ciphertext_coefficient_43(__m256i vector) { ->>>>>>> main +compress_ciphertext_coefficient_57(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -4297,13 +2979,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 10 */ -<<<<<<< HEAD -static __m256i compress_09_76(__m256i vector) { - return compress_ciphertext_coefficient_fd(vector); -======= -static __m256i compress_ea_ab(__m256i vector) { - return compress_ciphertext_coefficient_43(vector); ->>>>>>> main +static __m256i compress_09_a1(__m256i vector) { + return compress_ciphertext_coefficient_57(vector); } /** @@ -4312,22 +2989,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_10_bf( -======= -static KRML_MUSTINLINE void compress_then_serialize_10_190( ->>>>>>> main +static KRML_MUSTINLINE void compress_then_serialize_10_0a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = -<<<<<<< HEAD - compress_09_76(to_unsigned_representative_4f(re->coefficients[i0])); -======= - compress_ea_ab(to_unsigned_representative_c0(re->coefficients[i0])); ->>>>>>> main + compress_09_a1(to_unsigned_representative_b5(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4345,11 +3014,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -compress_ciphertext_coefficient_fd0(__m256i vector) { -======= -compress_ciphertext_coefficient_430(__m256i vector) { ->>>>>>> main +compress_ciphertext_coefficient_570(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -4396,13 +3061,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 11 */ -<<<<<<< HEAD -static __m256i compress_09_760(__m256i vector) { - return compress_ciphertext_coefficient_fd0(vector); -======= -static __m256i compress_ea_ab0(__m256i vector) { - return compress_ciphertext_coefficient_430(vector); ->>>>>>> main +static __m256i compress_09_a10(__m256i vector) { + return compress_ciphertext_coefficient_570(vector); } /** @@ -4412,23 +3072,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_81( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10_bf(re, uu____0); -======= -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_880( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_130( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_190(re, uu____0); ->>>>>>> main + compress_then_serialize_10_0a0(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4438,11 +3088,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -<<<<<<< HEAD -static void compress_then_serialize_u_9f1( -======= -static void compress_then_serialize_u_0b1( ->>>>>>> main +static void compress_then_serialize_u_491( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4458,11 +3104,7 @@ static void compress_then_serialize_u_0b1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; -<<<<<<< HEAD - compress_then_serialize_ring_element_u_81(&re, ret); -======= - compress_then_serialize_ring_element_u_880(&re, ret); ->>>>>>> main + compress_then_serialize_ring_element_u_130(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -4475,11 +3117,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -compress_ciphertext_coefficient_fd1(__m256i vector) { -======= -compress_ciphertext_coefficient_431(__m256i vector) { ->>>>>>> main +compress_ciphertext_coefficient_571(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -4526,13 +3164,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 4 */ -<<<<<<< HEAD -static __m256i compress_09_761(__m256i vector) { - return compress_ciphertext_coefficient_fd1(vector); -======= -static __m256i compress_ea_ab1(__m256i vector) { - return compress_ciphertext_coefficient_431(vector); ->>>>>>> main +static __m256i compress_09_a11(__m256i vector) { + return compress_ciphertext_coefficient_571(vector); } /** @@ -4541,11 +3174,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_4_c0( -======= -static KRML_MUSTINLINE void compress_then_serialize_4_f5( ->>>>>>> main +static KRML_MUSTINLINE void compress_then_serialize_4_22( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4554,15 +3183,9 @@ static KRML_MUSTINLINE void compress_then_serialize_4_f5( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = -<<<<<<< HEAD - compress_09_761(to_unsigned_representative_4f(re.coefficients[i0])); + compress_09_a11(to_unsigned_representative_b5(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); -======= - compress_ea_ab1(to_unsigned_representative_c0(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); ->>>>>>> main Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), @@ -4577,11 +3200,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -compress_ciphertext_coefficient_fd2(__m256i vector) { -======= -compress_ciphertext_coefficient_432(__m256i vector) { ->>>>>>> main +compress_ciphertext_coefficient_572(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -4628,13 +3247,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 5 */ -<<<<<<< HEAD -static __m256i compress_09_762(__m256i vector) { - return compress_ciphertext_coefficient_fd2(vector); -======= -static __m256i compress_ea_ab2(__m256i vector) { - return compress_ciphertext_coefficient_432(vector); ->>>>>>> main +static __m256i compress_09_a12(__m256i vector) { + return compress_ciphertext_coefficient_572(vector); } /** @@ -4643,11 +3257,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_5_2c( -======= -static KRML_MUSTINLINE void compress_then_serialize_5_a4( ->>>>>>> main +static KRML_MUSTINLINE void compress_then_serialize_5_10( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4656,15 +3266,9 @@ static KRML_MUSTINLINE void compress_then_serialize_5_a4( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = -<<<<<<< HEAD - compress_09_762(to_unsigned_representative_4f(re.coefficients[i0])); + compress_09_a12(to_unsigned_representative_b5(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); -======= - compress_ea_ab2(to_unsigned_representative_c0(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); ->>>>>>> main Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, (size_t)10U * i0 + (size_t)10U, uint8_t), @@ -4679,58 +3283,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_0c( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_c0(re, out); -======= -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_f30( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_460( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_f5(re, out); ->>>>>>> main + compress_then_serialize_4_22(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -4748,18 +3305,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static void encrypt_unpacked_061( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_e41(copy_of_prf_input0, 0U); -======= -static void encrypt_unpacked_be1(IndCpaPublicKeyUnpacked_a0 *public_key, +static void encrypt_unpacked_671(IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { @@ -4768,8 +3314,7 @@ static void encrypt_unpacked_be1(IndCpaPublicKeyUnpacked_a0 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_7f1(copy_of_prf_input0, 0U); ->>>>>>> main + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_d71(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -4778,13 +3323,8 @@ static void encrypt_unpacked_be1(IndCpaPublicKeyUnpacked_a0 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); -<<<<<<< HEAD - tuple_b00 uu____3 = - sample_ring_element_cbd_e71(copy_of_prf_input, domain_separator0); -======= tuple_b0 uu____3 = - sample_ring_element_cbd_c61(copy_of_prf_input, domain_separator0); ->>>>>>> main + sample_ring_element_cbd_461(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -4792,373 +3332,164 @@ static void encrypt_unpacked_be1(IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; -<<<<<<< HEAD - PRF_a9_264(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_8e0( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_e31(public_key->A, r_as_ntt, error_1, u); -======= PRF_a9_424(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_af( + sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_ba1(public_key->A, r_as_ntt, error_1, u); ->>>>>>> main + compute_vector_u_a91(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = -<<<<<<< HEAD - deserialize_then_decompress_message_e3(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_e71(public_key->t_as_ntt, r_as_ntt, &error_2, -======= - deserialize_then_decompress_message_ef(copy_of_message); + deserialize_then_decompress_message_a6(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_9f1(public_key->t_as_ntt, r_as_ntt, &error_2, ->>>>>>> main + compute_ring_element_v_e61(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -<<<<<<< HEAD - compress_then_serialize_u_9f1( + compress_then_serialize_u_491( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_0c( -======= - compress_then_serialize_u_0b1( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_f30( ->>>>>>> main + compress_then_serialize_ring_element_v_460( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_601(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_85_801(); + deserialize_ring_elements_reduced_3d1( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[3U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); + sample_matrix_A_341(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_a0 *uu____1 = &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t result[1088U]; + encrypt_unpacked_671(uu____1, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE void kdf_d8_5a1(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 - PUBLIC_KEY_SIZE= 1184 - T_AS_NTT_ENCODED_SIZE= 1152 - C1_SIZE= 960 - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_251( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c61( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_d8_7b1( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_42( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + uint8_t ret[32U]; + H_a9_161(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cc1(public_key), + uint8_t), + ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_671(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = - &public_key->ind_cpa_public_key; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cc1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_061(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); + encrypt_601(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_e90(copy_of_ciphertext); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_fc1(copy_of_ciphertext); + uint8_t shared_secret_array[32U]; + kdf_d8_5a1(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_151(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -} - -/** -======= ->>>>>>> main -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -<<<<<<< HEAD -static void encrypt_501(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_301( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_ff1(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[1088U]; - encrypt_unpacked_061(uu____3, copy_of_message, randomness, result); - memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); -======= -static void encrypt_a41(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_801(); - deserialize_ring_elements_reduced_8c1( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - unpacked_public_key.t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[3U] = - unpacked_public_key.A; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_341(uu____0, ret0, false); - IndCpaPublicKeyUnpacked_a0 *uu____1 = &unpacked_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_be1(uu____1, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); ->>>>>>> main -} - -/** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -<<<<<<< HEAD -static KRML_MUSTINLINE void kdf_af_6e1(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void kdf_d8_e91(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -<<<<<<< HEAD -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b31( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_151( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9c1( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_d8_961( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - uint8_t ret[32U]; -<<<<<<< HEAD - H_a9_311(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae0(public_key), -======= - H_a9_161(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), ->>>>>>> main - uint8_t), - ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); - uint8_t hashed[64U]; -<<<<<<< HEAD - G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); -======= - G_a9_671(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); ->>>>>>> main - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae0(public_key), uint8_t); -======= - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), uint8_t); ->>>>>>> main - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; -<<<<<<< HEAD - encrypt_501(uu____2, copy_of_randomness, pseudorandomness, ciphertext); -======= - encrypt_a41(uu____2, copy_of_randomness, pseudorandomness, ciphertext); ->>>>>>> main - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = -<<<<<<< HEAD - libcrux_ml_kem_types_from_15_e90(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_af_6e1(shared_secret, shared_secret_array); -======= - libcrux_ml_kem_types_from_fc_361(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_d8_e91(shared_secret, shared_secret_array); ->>>>>>> main - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_3c result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } /** @@ -5168,33 +3499,30 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_71(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); +deserialize_to_uncompressed_ring_element_d1(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes); } return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_c51( +static KRML_MUSTINLINE void deserialize_secret_key_941( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_d6_7d();); + secret_as_ntt[i] = ZERO_20_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5206,11 +3534,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_c51( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_71(secret_bytes); + deserialize_to_uncompressed_ring_element_d1(secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( - ret, secret_as_ntt, + result, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -5221,11 +3553,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -decompress_ciphertext_coefficient_2d(__m256i vector) { -======= -decompress_ciphertext_coefficient_87(__m256i vector) { ->>>>>>> main +decompress_ciphertext_coefficient_c7(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -5269,13 +3597,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 10 */ -<<<<<<< HEAD -static __m256i decompress_ciphertext_coefficient_09_ac(__m256i vector) { - return decompress_ciphertext_coefficient_2d(vector); -======= -static __m256i decompress_ciphertext_coefficient_ea_2e(__m256i vector) { - return decompress_ciphertext_coefficient_87(vector); ->>>>>>> main +static __m256i decompress_ciphertext_coefficient_09_79(__m256i vector) { + return decompress_ciphertext_coefficient_c7(vector); } /** @@ -5285,30 +3608,20 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_then_decompress_10_56(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); +deserialize_then_decompress_10_2d(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), __m256i), size_t, void *); -======= -deserialize_then_decompress_10_5f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); -<<<<<<< HEAD __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_ac(coefficient); -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_2e(coefficient); ->>>>>>> main + re.coefficients[i0] = decompress_ciphertext_coefficient_09_79(coefficient); } return re; } @@ -5320,11 +3633,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -decompress_ciphertext_coefficient_2d0(__m256i vector) { -======= -decompress_ciphertext_coefficient_870(__m256i vector) { ->>>>>>> main +decompress_ciphertext_coefficient_c70(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -5368,13 +3677,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 11 */ -<<<<<<< HEAD -static __m256i decompress_ciphertext_coefficient_09_ac0(__m256i vector) { - return decompress_ciphertext_coefficient_2d0(vector); -======= -static __m256i decompress_ciphertext_coefficient_ea_2e0(__m256i vector) { - return decompress_ciphertext_coefficient_870(vector); ->>>>>>> main +static __m256i decompress_ciphertext_coefficient_09_790(__m256i vector) { + return decompress_ciphertext_coefficient_c70(vector); } /** @@ -5384,25 +3688,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_then_decompress_11_42(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); -======= -deserialize_then_decompress_11_9a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); ->>>>>>> main +deserialize_then_decompress_11_57(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); -<<<<<<< HEAD __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_ac0(coefficient); -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_2e0(coefficient); ->>>>>>> main + re.coefficients[i0] = decompress_ciphertext_coefficient_09_790(coefficient); } return re; } @@ -5414,13 +3708,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_then_decompress_ring_element_u_d5(Eurydice_slice serialized) { - return deserialize_then_decompress_10_56(serialized); -======= -deserialize_then_decompress_ring_element_u_f90(Eurydice_slice serialized) { - return deserialize_then_decompress_10_5f(serialized); ->>>>>>> main +deserialize_then_decompress_ring_element_u_cc0(Eurydice_slice serialized) { + return deserialize_then_decompress_10_2d(serialized); } /** @@ -5429,37 +3718,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_vector_u_27( +static KRML_MUSTINLINE void ntt_vector_u_600( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_db(&zeta_i, re); - ntt_at_layer_2_10(&zeta_i, re); - ntt_at_layer_1_6e(&zeta_i, re); - poly_barrett_reduce_20_85(re); -======= -static KRML_MUSTINLINE void ntt_vector_u_9b0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_5f(&zeta_i, re); - ntt_at_layer_2_c2(&zeta_i, re); - ntt_at_layer_1_60(&zeta_i, re); - poly_barrett_reduce_d6_2b(re); ->>>>>>> main + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_ae(&zeta_i, re); + ntt_at_layer_2_53(&zeta_i, re); + ntt_at_layer_1_09(&zeta_i, re); + poly_barrett_reduce_20_09(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5468,20 +3739,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_then_decompress_u_4a1( -======= -static KRML_MUSTINLINE void deserialize_then_decompress_u_9d1( ->>>>>>> main +static KRML_MUSTINLINE void deserialize_then_decompress_u_841( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, -<<<<<<< HEAD - u_as_ntt[i] = ZERO_20_1b();); -======= - u_as_ntt[i] = ZERO_d6_7d();); ->>>>>>> main + u_as_ntt[i] = ZERO_20_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -5499,13 +3762,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_9d1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); -<<<<<<< HEAD - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d5(u_bytes); - ntt_vector_u_27(&u_as_ntt[i0]); -======= - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f90(u_bytes); - ntt_vector_u_9b0(&u_as_ntt[i0]); ->>>>>>> main + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cc0(u_bytes); + ntt_vector_u_600(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5519,11 +3777,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -decompress_ciphertext_coefficient_2d1(__m256i vector) { -======= -decompress_ciphertext_coefficient_871(__m256i vector) { ->>>>>>> main +decompress_ciphertext_coefficient_c71(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -5567,13 +3821,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 4 */ -<<<<<<< HEAD -static __m256i decompress_ciphertext_coefficient_09_ac1(__m256i vector) { - return decompress_ciphertext_coefficient_2d1(vector); -======= -static __m256i decompress_ciphertext_coefficient_ea_2e1(__m256i vector) { - return decompress_ciphertext_coefficient_871(vector); ->>>>>>> main +static __m256i decompress_ciphertext_coefficient_09_791(__m256i vector) { + return decompress_ciphertext_coefficient_c71(vector); } /** @@ -5583,25 +3832,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_then_decompress_4_44(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); -======= -deserialize_then_decompress_4_8d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); ->>>>>>> main +deserialize_then_decompress_4_39(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); -<<<<<<< HEAD __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_ac1(coefficient); -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_2e1(coefficient); ->>>>>>> main + re.coefficients[i0] = decompress_ciphertext_coefficient_09_791(coefficient); } return re; } @@ -5613,11 +3852,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -decompress_ciphertext_coefficient_2d2(__m256i vector) { -======= -decompress_ciphertext_coefficient_872(__m256i vector) { ->>>>>>> main +decompress_ciphertext_coefficient_c72(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -5661,13 +3896,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 5 */ -<<<<<<< HEAD -static __m256i decompress_ciphertext_coefficient_09_ac2(__m256i vector) { - return decompress_ciphertext_coefficient_2d2(vector); -======= -static __m256i decompress_ciphertext_coefficient_ea_2e2(__m256i vector) { - return decompress_ciphertext_coefficient_872(vector); ->>>>>>> main +static __m256i decompress_ciphertext_coefficient_09_792(__m256i vector) { + return decompress_ciphertext_coefficient_c72(vector); } /** @@ -5677,27 +3907,16 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_then_decompress_5_f0(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); -======= -deserialize_then_decompress_5_c1(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); ->>>>>>> main +deserialize_then_decompress_5_7b(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); -<<<<<<< HEAD re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_09_ac2(re.coefficients[i0]); -======= - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); - re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_2e2(re.coefficients[i0]); ->>>>>>> main + decompress_ciphertext_coefficient_09_792(re.coefficients[i0]); } return re; } @@ -5709,49 +3928,28 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_then_decompress_ring_element_v_08(Eurydice_slice serialized) { - return deserialize_then_decompress_4_44(serialized); -======= -deserialize_then_decompress_ring_element_v_590(Eurydice_slice serialized) { - return deserialize_then_decompress_4_8d(serialized); ->>>>>>> main +deserialize_then_decompress_ring_element_v_800(Eurydice_slice serialized) { + return deserialize_then_decompress_4_39(serialized); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -subtract_reduce_20_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, -======= -subtract_reduce_d6_4a(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, ->>>>>>> main +subtract_reduce_20_79(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient_normal_form = -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( -======= - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( ->>>>>>> main b.coefficients[i0], (int16_t)1441); b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_sub_09(self->coefficients[i0], @@ -5760,12 +3958,6 @@ subtract_reduce_d6_4a(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5773,31 +3965,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -compute_message_3f1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_471(&result, &product);); - invert_ntt_montgomery_971(&result); - result = subtract_reduce_20_8c(v, result); -======= -compute_message_6a1( +compute_message_781( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_b81(&result, &product);); - invert_ntt_montgomery_191(&result); - result = subtract_reduce_d6_4a(v, result); ->>>>>>> main + ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_311(&result, &product);); + invert_ntt_montgomery_4a1(&result); + result = subtract_reduce_20_79(v, result); return result; } @@ -5807,24 +3985,14 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_message_2d( -======= -static KRML_MUSTINLINE void compress_then_serialize_message_53( ->>>>>>> main +static KRML_MUSTINLINE void compress_then_serialize_message_e4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; -<<<<<<< HEAD - __m256i coefficient = to_unsigned_representative_4f(re.coefficients[i0]); + __m256i coefficient = to_unsigned_representative_b5(re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); -======= - __m256i coefficient = to_unsigned_representative_c0(re.coefficients[i0]); - __m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); ->>>>>>> main uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_09(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5835,30 +4003,6 @@ static KRML_MUSTINLINE void compress_then_serialize_message_53( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5869,33 +4013,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -<<<<<<< HEAD -static void decrypt_unpacked_4c1( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_4a1(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_08( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_3f1(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_2d(message, ret0); -======= -static void decrypt_unpacked_671(IndCpaPrivateKeyUnpacked_a0 *secret_key, +static void decrypt_unpacked_cb1(IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_9d1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_841(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_590( + deserialize_then_decompress_ring_element_v_800( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_6a1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_781(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_53(message, ret0); + compress_then_serialize_message_e4(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5909,10 +4038,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_3d1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_b81(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_c51(secret_key, secret_as_ntt); + deserialize_secret_key_941(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -5922,10 +4051,9 @@ static void decrypt_3d1(Eurydice_slice secret_key, uint8_t *ciphertext, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_671(&secret_key_unpacked, ciphertext, ret0); ->>>>>>> main - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + decrypt_unpacked_cb1(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -5933,11 +4061,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_c9(Eurydice_slice input, uint8_t ret[32U]) { -======= static KRML_MUSTINLINE void PRF_d1(Eurydice_slice input, uint8_t ret[32U]) { ->>>>>>> main uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -5954,15 +4078,15 @@ with const generics - K= 3 - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_a9_263(Eurydice_slice input, uint8_t ret[32U]) { - PRF_c9(input, ret); +static KRML_MUSTINLINE void PRF_a9_423(Eurydice_slice input, uint8_t ret[32U]) { + PRF_d1(input, ret); } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 3 - SECRET_KEY_SIZE= 2400 - CPA_SECRET_KEY_SIZE= 1152 @@ -5980,309 +4104,84 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d61( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, +void libcrux_ml_kem_ind_cca_decapsulate_ab1( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_unpacked_4c1(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); + decrypt_b81(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + G_a9_671(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_173( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + libcrux_ml_kem_utils_into_padded_array_425(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_471(ciphertext), uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_263(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_423(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_061(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, + encrypt_601(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_d8_5a1(Eurydice_array_to_slice( + (size_t)32U, implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_d8_5a1(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_471(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - +- K= 4 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_ae(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes); - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_881( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_1b();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_ae(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - memcpy( - result, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_d21(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_881(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t result[32U]; - decrypt_unpacked_4c1(&secret_key_unpacked, ciphertext, result); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void PRF_a9_423(Eurydice_slice input, uint8_t ret[32U]) { - PRF_d1(input, ret); ->>>>>>> main -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_e21( -======= -void libcrux_ml_kem_ind_cca_decapsulate_971( ->>>>>>> main - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; -<<<<<<< HEAD - decrypt_d21(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - decrypt_3d1(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); - uint8_t hashed[64U]; -<<<<<<< HEAD - G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); -======= - G_a9_671(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); ->>>>>>> main - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_173(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_263(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), -======= - libcrux_ml_kem_utils_into_padded_array_425(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_423(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), ->>>>>>> main - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; -<<<<<<< HEAD - encrypt_501(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_6e1(Eurydice_array_to_slice( - (size_t)32U, implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_6e1(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - encrypt_a41(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_e91(Eurydice_array_to_slice( - (size_t)32U, implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_d8_e91(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main -} - -/** - See [deserialize_ring_elements_reduced_out]. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 4 -*/ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_300( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_1b();); -======= -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c3( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_3d( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6294,43 +4193,29 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c3( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = -<<<<<<< HEAD - deserialize_to_reduced_ring_element_55(ring_element); -======= - deserialize_to_reduced_ring_element_1b(ring_element); ->>>>>>> main + deserialize_to_reduced_ring_element_ec(ring_element); deserialized_pk[i0] = uu____0; } } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_660( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_850( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_d6_7d();); - deserialize_ring_elements_reduced_8c3(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_20_7d();); + deserialize_ring_elements_reduced_3d(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6338,11 +4223,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_secret_key_500( -======= -static KRML_MUSTINLINE void serialize_secret_key_5f( ->>>>>>> main +static KRML_MUSTINLINE void serialize_secret_key_72( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -6360,20 +4241,13 @@ static KRML_MUSTINLINE void serialize_secret_key_5f( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; -<<<<<<< HEAD - serialize_uncompressed_ring_element_5c(&re, ret0); -======= - serialize_uncompressed_ring_element_53(&re, ret0); ->>>>>>> main + serialize_uncompressed_ring_element_88(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6382,13 +4256,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_mut_c2( +static KRML_MUSTINLINE void serialize_public_key_mut_82( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret[1536U]; - serialize_secret_key_5f(t_as_ntt, ret); + serialize_secret_key_72(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6397,9 +4271,6 @@ static KRML_MUSTINLINE void serialize_public_key_mut_c2( seed_for_a, uint8_t); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6408,41 +4279,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_public_key_510( +static KRML_MUSTINLINE void serialize_public_key_39( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); - uint8_t ret0[1536U]; - serialize_secret_key_500(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t), - seed_for_a, uint8_t); + serialize_public_key_mut_82(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1568U]; memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void serialize_public_key_02( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - serialize_public_key_mut_c2(t_as_ntt, seed_for_a, public_key_serialized); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); ->>>>>>> main } -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6451,25 +4297,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_060(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_300( -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_050(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_950(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_out_660( ->>>>>>> main + deserialize_ring_elements_reduced_out_850( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; -<<<<<<< HEAD - serialize_public_key_510( -======= - serialize_public_key_02( ->>>>>>> main + serialize_public_key_39( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -6491,13 +4327,6 @@ static KRML_MUSTINLINE void H_a9_16(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } -/** - Validate an ML-KEM private key. - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -6506,7 +4335,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4d0( +bool libcrux_ml_kem_ind_cca_validate_private_key_ca0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { uint8_t t[32U]; @@ -6534,20 +4363,20 @@ typedef struct IndCpaPrivateKeyUnpacked_01_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static IndCpaPrivateKeyUnpacked_01 default_1a_19(void) { +static IndCpaPrivateKeyUnpacked_01 default_f6_19(void) { IndCpaPrivateKeyUnpacked_01 lit; - lit.secret_as_ntt[0U] = ZERO_d6_7d(); - lit.secret_as_ntt[1U] = ZERO_d6_7d(); - lit.secret_as_ntt[2U] = ZERO_d6_7d(); - lit.secret_as_ntt[3U] = ZERO_d6_7d(); + lit.secret_as_ntt[0U] = ZERO_20_7d(); + lit.secret_as_ntt[1U] = ZERO_20_7d(); + lit.secret_as_ntt[2U] = ZERO_20_7d(); + lit.secret_as_ntt[3U] = ZERO_20_7d(); return lit; } @@ -6566,40 +4395,40 @@ typedef struct IndCpaPublicKeyUnpacked_01_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static IndCpaPublicKeyUnpacked_01 default_8d_80(void) { +static IndCpaPublicKeyUnpacked_01 default_85_80(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - uu____0[i] = ZERO_d6_7d();); + uu____0[i] = ZERO_20_7d();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_01 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_d6_7d(); - lit.A[0U][1U] = ZERO_d6_7d(); - lit.A[0U][2U] = ZERO_d6_7d(); - lit.A[0U][3U] = ZERO_d6_7d(); - lit.A[1U][0U] = ZERO_d6_7d(); - lit.A[1U][1U] = ZERO_d6_7d(); - lit.A[1U][2U] = ZERO_d6_7d(); - lit.A[1U][3U] = ZERO_d6_7d(); - lit.A[2U][0U] = ZERO_d6_7d(); - lit.A[2U][1U] = ZERO_d6_7d(); - lit.A[2U][2U] = ZERO_d6_7d(); - lit.A[2U][3U] = ZERO_d6_7d(); - lit.A[3U][0U] = ZERO_d6_7d(); - lit.A[3U][1U] = ZERO_d6_7d(); - lit.A[3U][2U] = ZERO_d6_7d(); - lit.A[3U][3U] = ZERO_d6_7d(); + lit.A[0U][0U] = ZERO_20_7d(); + lit.A[0U][1U] = ZERO_20_7d(); + lit.A[0U][2U] = ZERO_20_7d(); + lit.A[0U][3U] = ZERO_20_7d(); + lit.A[1U][0U] = ZERO_20_7d(); + lit.A[1U][1U] = ZERO_20_7d(); + lit.A[1U][2U] = ZERO_20_7d(); + lit.A[1U][3U] = ZERO_20_7d(); + lit.A[2U][0U] = ZERO_20_7d(); + lit.A[2U][1U] = ZERO_20_7d(); + lit.A[2U][2U] = ZERO_20_7d(); + lit.A[2U][3U] = ZERO_20_7d(); + lit.A[3U][0U] = ZERO_20_7d(); + lit.A[3U][1U] = ZERO_20_7d(); + lit.A[3U][2U] = ZERO_20_7d(); + lit.A[3U][3U] = ZERO_20_7d(); return lit; } @@ -6612,11 +4441,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void G_a9_ab0(Eurydice_slice input, uint8_t ret[64U]) { -======= static KRML_MUSTINLINE void G_a9_67(Eurydice_slice input, uint8_t ret[64U]) { ->>>>>>> main libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -6630,13 +4455,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -<<<<<<< HEAD -static void closure_ba0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_1b();); -======= -static KRML_MUSTINLINE void cpa_keygen_seed_d8_e1( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_7e( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -6649,7 +4468,6 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_e1( uint8_t ret0[64U]; G_a9_67(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -6659,11 +4477,7 @@ generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -<<<<<<< HEAD -shake128_init_absorb_final_500(uint8_t input[4U][34U]) { -======= -shake128_init_absorb_2a(uint8_t input[4U][34U]) { ->>>>>>> main +shake128_init_absorb_final_2a(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -6685,19 +4499,11 @@ generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -<<<<<<< HEAD -shake128_init_absorb_final_a9_3f0(uint8_t input[4U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[4U][34U]; - memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_500(copy_of_input); -======= -shake128_init_absorb_a9_1c(uint8_t input[4U][34U]) { +shake128_init_absorb_final_a9_1c(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_2a(copy_of_input); ->>>>>>> main + return shake128_init_absorb_final_2a(copy_of_input); } /** @@ -6706,11 +4512,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_000( -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c( ->>>>>>> main +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_0c( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -6747,15 +4549,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_940( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_2e( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_000(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_0c(self, ret); ->>>>>>> main + shake128_squeeze_first_three_blocks_0c(self, ret); } /** @@ -6806,11 +4602,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_611( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_74( ->>>>>>> main uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -6822,11 +4614,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_74( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( -======= - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( ->>>>>>> main uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t)); @@ -6852,11 +4640,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_dd0( -======= -static KRML_MUSTINLINE void shake128_squeeze_block_4a( ->>>>>>> main +static KRML_MUSTINLINE void shake128_squeeze_next_block_4a( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -6893,15 +4677,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_bf0( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_dd0(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_1d( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_4a(self, ret); ->>>>>>> main + shake128_squeeze_next_block_4a(self, ret); } /** @@ -6952,11 +4730,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_612( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_740( ->>>>>>> main uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -6968,11 +4742,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_740( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( -======= - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( ->>>>>>> main uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t)); @@ -6998,15 +4768,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -<<<<<<< HEAD -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_8a0( - int16_t s[272U]) { - return from_i16_array_20_82( -======= static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e4( int16_t s[272U]) { - return from_i16_array_d6_14( ->>>>>>> main + return from_i16_array_20_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7016,11 +4780,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_from_xof_c10( -======= static KRML_MUSTINLINE void sample_from_xof_67( ->>>>>>> main uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -7029,43 +4789,25 @@ static KRML_MUSTINLINE void sample_from_xof_67( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = -<<<<<<< HEAD - shake128_init_absorb_final_a9_3f0(copy_of_seeds); - uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_a9_940(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[4U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_611( -======= - shake128_init_absorb_a9_1c(copy_of_seeds); + shake128_init_absorb_final_a9_1c(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_a9_2e(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_2e(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_74( ->>>>>>> main copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; -<<<<<<< HEAD - shake128_squeeze_next_block_a9_bf0(&xof_state, randomness); -======= - shake128_squeeze_block_a9_1d(&xof_state, randomness); ->>>>>>> main + shake128_squeeze_next_block_a9_1d(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); -<<<<<<< HEAD - done = sample_from_uniform_distribution_next_612( -======= done = sample_from_uniform_distribution_next_740( ->>>>>>> main copy_of_randomness, sampled_coefficients, out); } } @@ -7074,11 +4816,7 @@ static KRML_MUSTINLINE void sample_from_xof_67( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, -<<<<<<< HEAD - ret0[i] = closure_8a0(copy_of_out[i]);); -======= ret0[i] = closure_e4(copy_of_out[i]);); ->>>>>>> main memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -7090,18 +4828,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_matrix_A_ff0( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_ba0(A_transpose[i]);); -======= static KRML_MUSTINLINE void sample_matrix_A_34( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[4U], uint8_t seed[34U], bool transpose) { ->>>>>>> main KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -7116,11 +4845,7 @@ static KRML_MUSTINLINE void sample_matrix_A_34( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; -<<<<<<< HEAD - sample_from_xof_c10(copy_of_seeds, sampled); -======= sample_from_xof_67(copy_of_seeds, sampled); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7138,16 +4863,6 @@ static KRML_MUSTINLINE void sample_matrix_A_34( } ); -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U][4U]; - memcpy(result, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - memcpy(ret, result, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); -======= ->>>>>>> main } /** @@ -7156,13 +4871,8 @@ with const generics - K= 4 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_ef1(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { -======= static KRML_MUSTINLINE void PRFxN_08(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { ->>>>>>> main uint8_t out[4U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; uint8_t out1[128U] = {0U}; @@ -7202,21 +4912,11 @@ with const generics - K= 4 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_a9_411(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_ef1(input, ret); -======= static KRML_MUSTINLINE void PRFxN_a9_16(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { PRFxN_08(input, ret); ->>>>>>> main } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7225,17 +4925,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_e40( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_1b();); -======= -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_07( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7247,20 +4939,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; -<<<<<<< HEAD - PRFxN_a9_411(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_8e0( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_0d(&re_as_ntt[i0]);); -======= PRFxN_a9_16(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_af( + re_as_ntt[i0] = sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_5c(&re_as_ntt[i0]);); return domain_separator; } @@ -7283,17 +4967,16 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_7f( +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_d6_7d();); + re_as_ntt[i] = ZERO_20_7d();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_ee(uu____0, uu____1, domain_separator); ->>>>>>> main + sample_vector_cbd_then_ntt_07(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -7301,44 +4984,23 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_7f( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_71 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_re_as_ntt, -======= - lit.fst, copy_of_re_as_ntt, ->>>>>>> main (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); result.snd = domain_separator; return result; } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -======= - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_to_ring_element_20_470( -======= -static KRML_MUSTINLINE void add_to_ring_element_d6_b8( ->>>>>>> main +static KRML_MUSTINLINE void add_to_ring_element_20_31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -7352,59 +5014,14 @@ static KRML_MUSTINLINE void add_to_ring_element_d6_b8( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_As_plus_e_ef0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_1b();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_f1(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_470(&result0[i1], &product); - } - add_standard_error_reduce_20_f6(&result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - memcpy( - result, result0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -======= -static KRML_MUSTINLINE void compute_As_plus_e_a2( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, +static KRML_MUSTINLINE void compute_As_plus_e_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt) { @@ -7417,7 +5034,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_a2( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_d6_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_20_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -7430,55 +5047,13 @@ static KRML_MUSTINLINE void compute_As_plus_e_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_b8(&t_as_ntt[i0], &product); + ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_31(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_a7(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_20_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } ->>>>>>> main } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7488,47 +5063,20 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_54 generate_keypair_unpacked_470( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_ab0(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; -======= -static void generate_keypair_unpacked_81( +static void generate_keypair_unpacked_4a( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_01 *private_key, IndCpaPublicKeyUnpacked_01 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_e1(key_generation_seed, hashed); + cpa_keygen_seed_d8_7e(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; ->>>>>>> main Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[4U] = public_key->A; uint8_t ret[34U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_ff0(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_e40(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; -======= libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); sample_matrix_A_34(uu____1, ret, true); uint8_t prf_input[33U]; @@ -7540,180 +5088,23 @@ static void generate_keypair_unpacked_81( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_ee(uu____2, copy_of_prf_input0, 0U); ->>>>>>> main + sample_vector_cbd_then_ntt_07(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, -<<<<<<< HEAD - sample_vector_cbd_then_ntt_e40(copy_of_prf_input, domain_separator).fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_ef0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[4U] - [4U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_1c0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_1b();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_a9_310(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_450( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_54 uu____0 = generate_keypair_unpacked_470(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_1c0(A[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_33(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; - memcpy(uu____2, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t pk_serialized[1568U]; - serialize_public_key_510( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_310(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -======= - sample_vector_cbd_then_ntt_out_7f(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_d7(copy_of_prf_input, domain_separator) .fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_a2(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_67(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -7728,32 +5119,18 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_930( - Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_470(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; - uint8_t public_key_serialized[1568U]; - serialize_public_key_510( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_500(sk.secret_as_ntt, secret_key_serialized); -======= -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_2f0( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_1c0( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_01 private_key = default_1a_19(); - IndCpaPublicKeyUnpacked_01 public_key = default_8d_80(); - generate_keypair_unpacked_81(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_01 private_key = default_f6_19(); + IndCpaPublicKeyUnpacked_01 public_key = default_85_80(); + generate_keypair_unpacked_4a(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; - serialize_public_key_02( + serialize_public_key_39( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_5f(private_key.secret_as_ntt, secret_key_serialized); ->>>>>>> main + serialize_secret_key_72(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -7762,26 +5139,14 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_2f0( uint8_t copy_of_public_key_serialized[1568U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_utils_extraction_helper_Keypair1024 result; memcpy(result.fst, copy_of_secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); memcpy(result.snd, copy_of_public_key_serialized, (size_t)1568U * sizeof(uint8_t)); return result; -======= - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -7789,11 +5154,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_kem_secret_key_eb0( -======= -static KRML_MUSTINLINE void serialize_kem_secret_key_0a0( ->>>>>>> main +static KRML_MUSTINLINE void serialize_kem_secret_key_280( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -7819,11 +5180,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_0a0( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; -<<<<<<< HEAD - H_a9_310(public_key, ret0); -======= H_a9_16(public_key, ret0); ->>>>>>> main Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -7839,14 +5196,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_0a0( memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7861,11 +5210,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_f70(uint8_t randomness[64U]) { -======= -libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]) { ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_2a0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -7874,21 +5219,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = -<<<<<<< HEAD - generate_keypair_930(ind_cpa_keypair_randomness); -======= - generate_keypair_2f0(ind_cpa_keypair_randomness); ->>>>>>> main + generate_keypair_1c0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; -<<<<<<< HEAD - serialize_kem_secret_key_eb0( -======= - serialize_kem_secret_key_0a0( ->>>>>>> main + serialize_kem_secret_key_280( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7897,22 +5234,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = -<<<<<<< HEAD - libcrux_ml_kem_types_from_e7_f11(copy_of_secret_key_serialized); -======= - libcrux_ml_kem_types_from_88_2d1(copy_of_secret_key_serialized); ->>>>>>> main + libcrux_ml_kem_types_from_7f_721(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_types_from_64_b11( - uu____2, libcrux_ml_kem_types_from_07_a91(copy_of_public_key)); -======= - return libcrux_ml_kem_types_from_17_8b1( - uu____2, libcrux_ml_kem_types_from_40_601(copy_of_public_key)); ->>>>>>> main + return libcrux_ml_kem_types_from_3a_8d1( + uu____2, libcrux_ml_kem_types_from_5a_c61(copy_of_public_key)); } /** @@ -7925,7 +5253,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_960(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_7b0(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7933,38 +5261,6 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_960(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - See [deserialize_ring_elements_reduced_out]. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_1b(ring_element); - deserialized_pk[i0] = uu____0; - } -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7974,17 +5270,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -<<<<<<< HEAD -sample_ring_element_cbd_e70(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_46(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_1b();); -======= -sample_ring_element_cbd_c6(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_d6_7d();); ->>>>>>> main + error_1[i] = ZERO_20_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7996,19 +5285,11 @@ sample_ring_element_cbd_c6(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; -<<<<<<< HEAD - PRFxN_a9_411(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_8e0( -======= PRFxN_a9_16(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_af( ->>>>>>> main + sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8018,11 +5299,7 @@ sample_ring_element_cbd_c6(uint8_t prf_input[33U], uint8_t domain_separator) { (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_71 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_error_1, -======= - lit.fst, copy_of_error_1, ->>>>>>> main (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); result.snd = domain_separator; return result; @@ -8038,15 +5315,9 @@ with const generics - K= 4 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_a9_262(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_c90(input, ret); -======= static KRML_MUSTINLINE void PRF_a9_420(Eurydice_slice input, uint8_t ret[128U]) { PRF_d10(input, ret); ->>>>>>> main } /** @@ -8055,60 +5326,34 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_montgomery_970( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_16(&zeta_i, re); - invert_ntt_at_layer_2_88(&zeta_i, re); - invert_ntt_at_layer_3_f7(&zeta_i, re); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_85(re); -======= -static KRML_MUSTINLINE void invert_ntt_montgomery_19( +static KRML_MUSTINLINE void invert_ntt_montgomery_4a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2b(&zeta_i, re); - invert_ntt_at_layer_2_6a(&zeta_i, re); - invert_ntt_at_layer_3_ad(&zeta_i, re); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_2b(re); ->>>>>>> main + invert_ntt_at_layer_1_f8(&zeta_i, re); + invert_ntt_at_layer_2_de(&zeta_i, re); + invert_ntt_at_layer_3_0f(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_09(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_vector_u_e30( -======= -static KRML_MUSTINLINE void compute_vector_u_ba( ->>>>>>> main +static KRML_MUSTINLINE void compute_vector_u_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, -<<<<<<< HEAD - result0[i] = ZERO_20_1b();); -======= - result[i] = ZERO_d6_7d();); ->>>>>>> main + result0[i] = ZERO_20_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8128,19 +5373,11 @@ static KRML_MUSTINLINE void compute_vector_u_ba( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = -<<<<<<< HEAD - ntt_multiply_20_f1(a_element, &r_as_ntt[j]); - add_to_ring_element_20_470(&result0[i1], &product); - } - invert_ntt_montgomery_970(&result0[i1]); - add_error_reduce_20_1f(&result0[i1], &error_1[i1]); -======= - ntt_multiply_d6_f1(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_b8(&result[i1], &product); + ntt_multiply_20_63(a_element, &r_as_ntt[j]); + add_to_ring_element_20_31(&result0[i1], &product); } - invert_ntt_montgomery_19(&result[i1]); - add_error_reduce_d6_89(&result[i1], &error_1[i1]); ->>>>>>> main + invert_ntt_montgomery_4a(&result0[i1]); + add_error_reduce_20_84(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -8151,9 +5388,6 @@ static KRML_MUSTINLINE void compute_vector_u_ba( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8161,32 +5395,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -compute_ring_element_v_e70( -======= -compute_ring_element_v_9f( ->>>>>>> main +compute_ring_element_v_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_f1(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_470(&result, &product);); - invert_ntt_montgomery_970(&result); - result = add_message_error_reduce_20_69(error_2, message, result); -======= - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_b8(&result, &product);); - invert_ntt_montgomery_19(&result); - result = add_message_error_reduce_d6_df(error_2, message, result); ->>>>>>> main + ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_31(&result, &product);); + invert_ntt_montgomery_4a(&result); + result = add_message_error_reduce_20_b0(error_2, message, result); return result; } @@ -8196,22 +5416,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_11_770( -======= -static KRML_MUSTINLINE void compress_then_serialize_11_88( ->>>>>>> main +static KRML_MUSTINLINE void compress_then_serialize_11_78( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = -<<<<<<< HEAD - compress_09_760(to_unsigned_representative_4f(re->coefficients[i0])); -======= - compress_ea_ab0(to_unsigned_representative_c0(re->coefficients[i0])); ->>>>>>> main + compress_09_a10(to_unsigned_representative_b5(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -8229,23 +5441,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_810( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_13( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_770(re, uu____0); -======= -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_88( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11_88(re, uu____0); ->>>>>>> main + compress_then_serialize_11_78(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8255,11 +5457,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -<<<<<<< HEAD -static void compress_then_serialize_u_9f0( -======= -static void compress_then_serialize_u_0b( ->>>>>>> main +static void compress_then_serialize_u_49( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8275,11 +5473,7 @@ static void compress_then_serialize_u_0b( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; -<<<<<<< HEAD - compress_then_serialize_ring_element_u_810(&re, ret); -======= - compress_then_serialize_ring_element_u_88(&re, ret); ->>>>>>> main + compress_then_serialize_ring_element_u_13(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -8292,58 +5486,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_0c0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_46( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_2c(re, out); -======= -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_f3( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_a4(re, out); ->>>>>>> main + compress_then_serialize_5_10(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -8361,18 +5508,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static void encrypt_unpacked_060( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_e40(copy_of_prf_input0, 0U); -======= -static void encrypt_unpacked_be(IndCpaPublicKeyUnpacked_01 *public_key, +static void encrypt_unpacked_67(IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -8380,8 +5516,7 @@ static void encrypt_unpacked_be(IndCpaPublicKeyUnpacked_01 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_7f(copy_of_prf_input0, 0U); ->>>>>>> main + tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_d7(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -8391,11 +5526,7 @@ static void encrypt_unpacked_be(IndCpaPublicKeyUnpacked_01 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = -<<<<<<< HEAD - sample_ring_element_cbd_e70(copy_of_prf_input, domain_separator0); -======= - sample_ring_element_cbd_c6(copy_of_prf_input, domain_separator0); ->>>>>>> main + sample_ring_element_cbd_46(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -8403,265 +5534,96 @@ static void encrypt_unpacked_be(IndCpaPublicKeyUnpacked_01 *public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; -<<<<<<< HEAD - PRF_a9_262(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_8e0( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_e30(public_key->A, r_as_ntt, error_1, u); -======= PRF_a9_420(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_af( + sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_ba(public_key->A, r_as_ntt, error_1, u); ->>>>>>> main + compute_vector_u_a9(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = -<<<<<<< HEAD - deserialize_then_decompress_message_e3(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_e70(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); -======= - deserialize_then_decompress_message_ef(copy_of_message); + deserialize_then_decompress_message_a6(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_9f(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_e6(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); ->>>>>>> main uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -<<<<<<< HEAD - compress_then_serialize_u_9f0( + compress_then_serialize_u_49( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_0c0( -======= - compress_then_serialize_u_0b( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, - (size_t)1408U, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_f3( ->>>>>>> main + compress_then_serialize_ring_element_v_46( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 - T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_250( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_unpacked_060(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_e91(copy_of_ciphertext); +static void encrypt_600(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_85_80(); + deserialize_ring_elements_reduced_3d( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[4U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); + sample_matrix_A_34(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_01 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t result[1568U]; + encrypt_unpacked_67(uu____1, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 +- CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void entropy_preprocess_af_150(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); +static KRML_MUSTINLINE void kdf_d8_5a0(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } /** -======= ->>>>>>> main -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -<<<<<<< HEAD -static void encrypt_500(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_300( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_ff0(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[4U][4U]; - memcpy(copy_of_A, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[1568U]; - encrypt_unpacked_060(uu____3, copy_of_message, randomness, result); - memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); -======= -static void encrypt_a40(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_8d_80(); - deserialize_ring_elements_reduced_8c( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), - unpacked_public_key.t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[4U] = - unpacked_public_key.A; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_34(uu____0, ret0, false); - IndCpaPublicKeyUnpacked_01 *uu____1 = &unpacked_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_be(uu____1, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); ->>>>>>> main -} - -/** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -*/ -<<<<<<< HEAD -static KRML_MUSTINLINE void kdf_af_6e0(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void kdf_d8_e90(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics @@ -8679,49 +5641,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_b30( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c60( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_150( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9c0( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_d8_960( + entropy_preprocess_d8_7b0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; -<<<<<<< HEAD - H_a9_310(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_ae1(public_key), - uint8_t), - ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); - uint8_t hashed[64U]; - G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); -======= H_a9_16(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cc(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; G_a9_67(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); ->>>>>>> main Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8729,69 +5669,43 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9c0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_ae1(public_key), uint8_t); -======= - (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), uint8_t); ->>>>>>> main + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cc(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; -<<<<<<< HEAD - encrypt_500(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_e91(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_af_6e0(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; -======= - encrypt_a40(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_600(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = - libcrux_ml_kem_types_from_fc_36(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_fc(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_e90(shared_secret, shared_secret_array); + kdf_d8_5a0(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_21 result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_c50( +static KRML_MUSTINLINE void deserialize_secret_key_940( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_d6_7d();); + secret_as_ntt[i] = ZERO_20_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8803,11 +5717,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_c50( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_71(secret_bytes); + deserialize_to_uncompressed_ring_element_d1(secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + memcpy( + result, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( - ret, secret_as_ntt, + ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -8818,13 +5736,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_then_decompress_ring_element_u_d50(Eurydice_slice serialized) { - return deserialize_then_decompress_11_42(serialized); -======= -deserialize_then_decompress_ring_element_u_f9(Eurydice_slice serialized) { - return deserialize_then_decompress_11_9a(serialized); ->>>>>>> main +deserialize_then_decompress_ring_element_u_cc(Eurydice_slice serialized) { + return deserialize_then_decompress_11_57(serialized); } /** @@ -8833,37 +5746,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_vector_u_270( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_db(&zeta_i, re); - ntt_at_layer_2_10(&zeta_i, re); - ntt_at_layer_1_6e(&zeta_i, re); - poly_barrett_reduce_20_85(re); -======= -static KRML_MUSTINLINE void ntt_vector_u_9b( +static KRML_MUSTINLINE void ntt_vector_u_60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_5f(&zeta_i, re); - ntt_at_layer_2_c2(&zeta_i, re); - ntt_at_layer_1_60(&zeta_i, re); - poly_barrett_reduce_d6_2b(re); ->>>>>>> main + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_ae(&zeta_i, re); + ntt_at_layer_2_53(&zeta_i, re); + ntt_at_layer_1_09(&zeta_i, re); + poly_barrett_reduce_20_09(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8872,20 +5767,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_then_decompress_u_4a0( -======= -static KRML_MUSTINLINE void deserialize_then_decompress_u_9d( ->>>>>>> main +static KRML_MUSTINLINE void deserialize_then_decompress_u_84( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, -<<<<<<< HEAD - u_as_ntt[i] = ZERO_20_1b();); -======= - u_as_ntt[i] = ZERO_d6_7d();); ->>>>>>> main + u_as_ntt[i] = ZERO_20_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -8903,13 +5790,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_9d( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); -<<<<<<< HEAD - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d50(u_bytes); - ntt_vector_u_270(&u_as_ntt[i0]); -======= - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f9(u_bytes); - ntt_vector_u_9b(&u_as_ntt[i0]); ->>>>>>> main + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cc(u_bytes); + ntt_vector_u_60(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8923,21 +5805,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_then_decompress_ring_element_v_080(Eurydice_slice serialized) { - return deserialize_then_decompress_5_f0(serialized); -======= -deserialize_then_decompress_ring_element_v_59(Eurydice_slice serialized) { - return deserialize_then_decompress_5_c1(serialized); ->>>>>>> main +deserialize_then_decompress_ring_element_v_80(Eurydice_slice serialized) { + return deserialize_then_decompress_5_7b(serialized); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8945,58 +5816,20 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -compute_message_3f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_470(&result, &product);); - invert_ntt_montgomery_970(&result); - result = subtract_reduce_20_8c(v, result); -======= -compute_message_6a( +compute_message_78( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_b8(&result, &product);); - invert_ntt_montgomery_19(&result); - result = subtract_reduce_d6_4a(v, result); ->>>>>>> main + ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_31(&result, &product);); + invert_ntt_montgomery_4a(&result); + result = subtract_reduce_20_79(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -9007,33 +5840,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -<<<<<<< HEAD -static void decrypt_unpacked_4c0( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_4a0(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_080( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_3f0(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_2d(message, ret0); -======= -static void decrypt_unpacked_67(IndCpaPrivateKeyUnpacked_01 *secret_key, +static void decrypt_unpacked_cb(IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_9d(ciphertext, u_as_ntt); + deserialize_then_decompress_u_84(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_59( + deserialize_then_decompress_ring_element_v_80( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_6a(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_78(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_53(message, ret0); + compress_then_serialize_message_e4(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9047,10 +5865,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_3d0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_b80(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_c50(secret_key, secret_as_ntt); + deserialize_secret_key_940(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -9060,10 +5878,9 @@ static void decrypt_3d0(Eurydice_slice secret_key, uint8_t *ciphertext, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_67(&secret_key_unpacked, ciphertext, ret0); ->>>>>>> main - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + decrypt_unpacked_cb(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -9076,158 +5893,8 @@ with const generics - K= 4 - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_a9_261(Eurydice_slice input, uint8_t ret[32U]) { - PRF_c9(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d60( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_4c0(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_174( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_261(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_060(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_880( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_1b();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_ae(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - memcpy( - result, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_d20(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_880(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t result[32U]; - decrypt_unpacked_4c0(&secret_key_unpacked, ciphertext, result); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -======= static KRML_MUSTINLINE void PRF_a9_42(Eurydice_slice input, uint8_t ret[32U]) { PRF_d1(input, ret); ->>>>>>> main } /** @@ -9252,16 +5919,9 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_e20( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { -======= -void libcrux_ml_kem_ind_cca_decapsulate_970( +void libcrux_ml_kem_ind_cca_decapsulate_ab0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { ->>>>>>> main Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -9277,15 +5937,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_970( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; -<<<<<<< HEAD - decrypt_d20(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - decrypt_3d0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_b80(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -9293,11 +5947,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_970( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); -======= G_a9_67(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); ->>>>>>> main Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -9305,92 +5955,48 @@ void libcrux_ml_kem_ind_cca_decapsulate_970( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_174(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_261(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret0); -======= libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_42(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); ->>>>>>> main Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; -<<<<<<< HEAD - encrypt_500(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_600(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_6e0(Eurydice_array_to_slice( + kdf_d8_5a0(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_6e0(shared_secret0, shared_secret1); + kdf_d8_5a0(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), + libcrux_ml_kem_types_as_ref_00_47(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - encrypt_a40(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_e90(Eurydice_array_to_slice( - (size_t)32U, implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_d8_e90(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } -/** - See [deserialize_ring_elements_reduced_out]. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_30( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_1b();); -======= -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_3d0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9402,43 +6008,29 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c2( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = -<<<<<<< HEAD - deserialize_to_reduced_ring_element_55(ring_element); -======= - deserialize_to_reduced_ring_element_1b(ring_element); ->>>>>>> main + deserialize_to_reduced_ring_element_ec(ring_element); deserialized_pk[i0] = uu____0; } } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_66( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_85( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_d6_7d();); - deserialize_ring_elements_reduced_8c2(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_20_7d();); + deserialize_ring_elements_reduced_3d0(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -9446,11 +6038,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_secret_key_50( -======= -static KRML_MUSTINLINE void serialize_secret_key_5f0( ->>>>>>> main +static KRML_MUSTINLINE void serialize_secret_key_720( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -9468,20 +6056,13 @@ static KRML_MUSTINLINE void serialize_secret_key_5f0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; -<<<<<<< HEAD - serialize_uncompressed_ring_element_5c(&re, ret0); -======= - serialize_uncompressed_ring_element_53(&re, ret0); ->>>>>>> main + serialize_uncompressed_ring_element_88(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -9490,13 +6071,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_mut_c20( +static KRML_MUSTINLINE void serialize_public_key_mut_820( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret[768U]; - serialize_secret_key_5f0(t_as_ntt, ret); + serialize_secret_key_720(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -9505,9 +6086,6 @@ static KRML_MUSTINLINE void serialize_public_key_mut_c20( seed_for_a, uint8_t); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -9516,41 +6094,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_public_key_51( +static KRML_MUSTINLINE void serialize_public_key_390( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); - uint8_t ret0[768U]; - serialize_secret_key_50(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t), - seed_for_a, uint8_t); + serialize_public_key_mut_820(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[800U]; memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void serialize_public_key_020( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - serialize_public_key_mut_c20(t_as_ntt, seed_for_a, public_key_serialized); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); ->>>>>>> main } -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -9559,25 +6112,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_06(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_95(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_30( -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_05(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_out_66( ->>>>>>> main + deserialize_ring_elements_reduced_out_85( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; -<<<<<<< HEAD - serialize_public_key_51( -======= - serialize_public_key_020( ->>>>>>> main + serialize_public_key_390( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -9599,13 +6142,6 @@ static KRML_MUSTINLINE void H_a9_160(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } -/** - Validate an ML-KEM private key. - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -9614,7 +6150,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4d( +bool libcrux_ml_kem_ind_cca_validate_private_key_ca( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; @@ -9642,18 +6178,18 @@ typedef struct IndCpaPrivateKeyUnpacked_d6_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static IndCpaPrivateKeyUnpacked_d6 default_1a_190(void) { +static IndCpaPrivateKeyUnpacked_d6 default_f6_190(void) { IndCpaPrivateKeyUnpacked_d6 lit; - lit.secret_as_ntt[0U] = ZERO_d6_7d(); - lit.secret_as_ntt[1U] = ZERO_d6_7d(); + lit.secret_as_ntt[0U] = ZERO_20_7d(); + lit.secret_as_ntt[1U] = ZERO_20_7d(); return lit; } @@ -9672,28 +6208,28 @@ typedef struct IndCpaPublicKeyUnpacked_d6_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static IndCpaPublicKeyUnpacked_d6 default_8d_800(void) { +static IndCpaPublicKeyUnpacked_d6 default_85_800(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - uu____0[i] = ZERO_d6_7d();); + uu____0[i] = ZERO_20_7d();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_d6 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_d6_7d(); - lit.A[0U][1U] = ZERO_d6_7d(); - lit.A[1U][0U] = ZERO_d6_7d(); - lit.A[1U][1U] = ZERO_d6_7d(); + lit.A[0U][0U] = ZERO_20_7d(); + lit.A[0U][1U] = ZERO_20_7d(); + lit.A[1U][0U] = ZERO_20_7d(); + lit.A[1U][1U] = ZERO_20_7d(); return lit; } @@ -9706,11 +6242,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void G_a9_ab(Eurydice_slice input, uint8_t ret[64U]) { -======= static KRML_MUSTINLINE void G_a9_670(Eurydice_slice input, uint8_t ret[64U]) { ->>>>>>> main libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -9724,13 +6256,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -<<<<<<< HEAD -static void closure_ba( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_1b();); -======= -static KRML_MUSTINLINE void cpa_keygen_seed_d8_e10( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_7e0( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -9743,7 +6269,6 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_e10( uint8_t ret0[64U]; G_a9_670(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -9753,11 +6278,7 @@ generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -<<<<<<< HEAD -shake128_init_absorb_final_50(uint8_t input[2U][34U]) { -======= -shake128_init_absorb_2a0(uint8_t input[2U][34U]) { ->>>>>>> main +shake128_init_absorb_final_2a0(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -9779,19 +6300,11 @@ generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -<<<<<<< HEAD -shake128_init_absorb_final_a9_3f(uint8_t input[2U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[2U][34U]; - memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_50(copy_of_input); -======= -shake128_init_absorb_a9_1c0(uint8_t input[2U][34U]) { +shake128_init_absorb_final_a9_1c0(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_2a0(copy_of_input); ->>>>>>> main + return shake128_init_absorb_final_2a0(copy_of_input); } /** @@ -9800,11 +6313,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_00( -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c0( ->>>>>>> main +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_0c0( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -9835,15 +6344,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_94( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_00(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_2e0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_0c0(self, ret); ->>>>>>> main + shake128_squeeze_first_three_blocks_0c0(self, ret); } /** @@ -9894,11 +6397,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_61( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_741( ->>>>>>> main uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -9910,11 +6409,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_741( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( -======= - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( ->>>>>>> main uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t)); @@ -9940,11 +6435,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_dd( -======= -static KRML_MUSTINLINE void shake128_squeeze_block_4a0( ->>>>>>> main +static KRML_MUSTINLINE void shake128_squeeze_next_block_4a0( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -9975,15 +6466,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_bf( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_1d0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_dd(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d0( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_4a0(self, ret); ->>>>>>> main + shake128_squeeze_next_block_4a0(self, ret); } /** @@ -10034,11 +6519,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_610( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_742( ->>>>>>> main uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -10050,11 +6531,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_742( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( -======= - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( ->>>>>>> main uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t)); @@ -10080,15 +6557,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -<<<<<<< HEAD -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_8a( - int16_t s[272U]) { - return from_i16_array_20_82( -======= static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e40( int16_t s[272U]) { - return from_i16_array_d6_14( ->>>>>>> main + return from_i16_array_20_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -10098,11 +6569,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_from_xof_c1( -======= static KRML_MUSTINLINE void sample_from_xof_670( ->>>>>>> main uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -10111,43 +6578,25 @@ static KRML_MUSTINLINE void sample_from_xof_670( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = -<<<<<<< HEAD - shake128_init_absorb_final_a9_3f(copy_of_seeds); - uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_a9_94(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[2U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_61( -======= - shake128_init_absorb_a9_1c0(copy_of_seeds); + shake128_init_absorb_final_a9_1c0(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_a9_2e0(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_2e0(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_741( ->>>>>>> main copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; -<<<<<<< HEAD - shake128_squeeze_next_block_a9_bf(&xof_state, randomness); -======= - shake128_squeeze_block_a9_1d0(&xof_state, randomness); ->>>>>>> main + shake128_squeeze_next_block_a9_1d0(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); -<<<<<<< HEAD - done = sample_from_uniform_distribution_next_610( -======= done = sample_from_uniform_distribution_next_742( ->>>>>>> main copy_of_randomness, sampled_coefficients, out); } } @@ -10156,11 +6605,7 @@ static KRML_MUSTINLINE void sample_from_xof_670( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, -<<<<<<< HEAD - ret0[i] = closure_8a(copy_of_out[i]);); -======= ret0[i] = closure_e40(copy_of_out[i]);); ->>>>>>> main memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -10172,18 +6617,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_matrix_A_ff( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_ba(A_transpose[i]);); -======= static KRML_MUSTINLINE void sample_matrix_A_340( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[2U], uint8_t seed[34U], bool transpose) { ->>>>>>> main KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -10198,11 +6634,7 @@ static KRML_MUSTINLINE void sample_matrix_A_340( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; -<<<<<<< HEAD - sample_from_xof_c1(copy_of_seeds, sampled); -======= sample_from_xof_670(copy_of_seeds, sampled); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -10220,16 +6652,6 @@ static KRML_MUSTINLINE void sample_matrix_A_340( } ); -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U][2U]; - memcpy(result, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - memcpy(ret, result, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); -======= ->>>>>>> main } /** @@ -10238,13 +6660,8 @@ with const generics - K= 2 - LEN= 192 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_ef(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { -======= static KRML_MUSTINLINE void PRFxN_080(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { ->>>>>>> main uint8_t out[2U][192U] = {{0U}}; uint8_t out0[192U] = {0U}; uint8_t out1[192U] = {0U}; @@ -10278,15 +6695,9 @@ with const generics - K= 2 - LEN= 192 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_a9_41(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_ef(input, ret); -======= static KRML_MUSTINLINE void PRFxN_a9_160(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { PRFxN_080(input, ret); ->>>>>>> main } /** @@ -10296,19 +6707,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -sample_from_binomial_distribution_8e(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_5f(randomness); -======= -sample_from_binomial_distribution_af0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_3c(randomness); ->>>>>>> main +sample_from_binomial_distribution_730(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_05(randomness); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -10317,17 +6719,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_e4( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_1b();); -======= -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee0( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_070( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -10339,20 +6733,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee0( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; -<<<<<<< HEAD - PRFxN_a9_41(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_8e( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_0d(&re_as_ntt[i0]);); -======= PRFxN_a9_160(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_af0( + re_as_ntt[i0] = sample_from_binomial_distribution_730( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_5c(&re_as_ntt[i0]);); return domain_separator; } @@ -10375,17 +6761,16 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_7f0( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_d70( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_d6_7d();); + re_as_ntt[i] = ZERO_20_7d();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_ee0(uu____0, uu____1, domain_separator); ->>>>>>> main + sample_vector_cbd_then_ntt_070(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -10393,44 +6778,23 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_7f0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_74 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_re_as_ntt, -======= - lit.fst, copy_of_re_as_ntt, ->>>>>>> main (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); result.snd = domain_separator; return result; } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -======= - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_to_ring_element_20_47( -======= -static KRML_MUSTINLINE void add_to_ring_element_d6_b80( ->>>>>>> main +static KRML_MUSTINLINE void add_to_ring_element_20_310( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -10444,58 +6808,13 @@ static KRML_MUSTINLINE void add_to_ring_element_d6_b80( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_As_plus_e_ef( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_1b();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_f1(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_47(&result0[i1], &product); - } - add_standard_error_reduce_20_f6(&result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - memcpy( - result, result0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -======= -static KRML_MUSTINLINE void compute_As_plus_e_a20( +static KRML_MUSTINLINE void compute_As_plus_e_670( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -10509,7 +6828,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_a20( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_d6_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_20_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -10522,55 +6841,13 @@ static KRML_MUSTINLINE void compute_As_plus_e_a20( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_b80(&t_as_ntt[i0], &product); + ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_310(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_a7(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_20_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } ->>>>>>> main } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -10580,47 +6857,20 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -static tuple_4c generate_keypair_unpacked_47( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_ab(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; -======= -static void generate_keypair_unpacked_810( +static void generate_keypair_unpacked_4a0( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_d6 *private_key, IndCpaPublicKeyUnpacked_d6 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_e10(key_generation_seed, hashed); + cpa_keygen_seed_d8_7e0(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; ->>>>>>> main Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[2U] = public_key->A; uint8_t ret[34U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_ff(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_e4(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; -======= libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); sample_matrix_A_340(uu____1, ret, true); uint8_t prf_input[33U]; @@ -10632,180 +6882,23 @@ static void generate_keypair_unpacked_810( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_ee0(uu____2, copy_of_prf_input0, 0U); ->>>>>>> main + sample_vector_cbd_then_ntt_070(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, -<<<<<<< HEAD - sample_vector_cbd_then_ntt_e4(copy_of_prf_input, domain_separator).fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_ef(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[2U] - [2U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static void closure_1c( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_1b();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_a9_31(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_45( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_4c uu____0 = generate_keypair_unpacked_47(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_1c(A[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_33(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; - memcpy(uu____2, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t pk_serialized[800U]; - serialize_public_key_51( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_31(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -======= - sample_vector_cbd_then_ntt_out_7f0(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_d70(copy_of_prf_input, domain_separator) .fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_a20(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_670(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -10820,32 +6913,18 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_93( - Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_47(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; - uint8_t public_key_serialized[800U]; - serialize_public_key_51( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[768U]; - serialize_secret_key_50(sk.secret_as_ntt, secret_key_serialized); -======= -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_2f( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_1c( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_d6 private_key = default_1a_190(); - IndCpaPublicKeyUnpacked_d6 public_key = default_8d_800(); - generate_keypair_unpacked_810(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_d6 private_key = default_f6_190(); + IndCpaPublicKeyUnpacked_d6 public_key = default_85_800(); + generate_keypair_unpacked_4a0(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_020( + serialize_public_key_390( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_5f0(private_key.secret_as_ntt, secret_key_serialized); ->>>>>>> main + serialize_secret_key_720(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -10854,26 +6933,14 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_2f( uint8_t copy_of_public_key_serialized[800U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)800U * sizeof(uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_utils_extraction_helper_Keypair512 result; memcpy(result.fst, copy_of_secret_key_serialized, (size_t)768U * sizeof(uint8_t)); memcpy(result.snd, copy_of_public_key_serialized, (size_t)800U * sizeof(uint8_t)); return result; -======= - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)800U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -10881,11 +6948,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_kem_secret_key_eb( -======= -static KRML_MUSTINLINE void serialize_kem_secret_key_0a( ->>>>>>> main +static KRML_MUSTINLINE void serialize_kem_secret_key_28( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -10911,11 +6974,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_0a( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; -<<<<<<< HEAD - H_a9_31(public_key, ret0); -======= H_a9_160(public_key, ret0); ->>>>>>> main Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -10931,14 +6990,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_0a( memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -10952,11 +7003,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_f7( -======= -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_51( ->>>>>>> main +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_2a( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -10966,21 +7013,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_51( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = -<<<<<<< HEAD - generate_keypair_93(ind_cpa_keypair_randomness); -======= - generate_keypair_2f(ind_cpa_keypair_randomness); ->>>>>>> main + generate_keypair_1c(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; -<<<<<<< HEAD - serialize_kem_secret_key_eb( -======= - serialize_kem_secret_key_0a( ->>>>>>> main + serialize_kem_secret_key_28( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -10989,21 +7028,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_51( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = -<<<<<<< HEAD - libcrux_ml_kem_types_from_e7_f1(copy_of_secret_key_serialized); -======= - libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); ->>>>>>> main + libcrux_ml_kem_types_from_7f_72(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_types_from_64_b1( - uu____2, libcrux_ml_kem_types_from_07_a9(copy_of_public_key)); -======= - return libcrux_ml_kem_types_from_17_8b( - uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_8d( + uu____2, libcrux_ml_kem_types_from_5a_c6(copy_of_public_key)); } /** @@ -11016,7 +7047,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_96(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_7b(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -11024,47 +7055,13 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_96(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - See [deserialize_ring_elements_reduced_out]. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 768 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c0( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_1b(ring_element); - deserialized_pk[i0] = uu____0; - } ->>>>>>> main -} - /** A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN with const generics - K= 2 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_ef0(uint8_t (*input)[33U], -======= static KRML_MUSTINLINE void PRFxN_081(uint8_t (*input)[33U], ->>>>>>> main uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -11099,20 +7096,11 @@ with const generics - K= 2 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_a9_410(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - PRFxN_ef0(input, ret); -======= static KRML_MUSTINLINE void PRFxN_a9_161(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { PRFxN_081(input, ret); ->>>>>>> main } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -11122,17 +7110,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -<<<<<<< HEAD -sample_ring_element_cbd_e7(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_1b();); -======= -sample_ring_element_cbd_c60(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_460(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_d6_7d();); ->>>>>>> main + error_1[i] = ZERO_20_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -11144,19 +7125,11 @@ sample_ring_element_cbd_c60(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; -<<<<<<< HEAD - PRFxN_a9_410(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_8e0( -======= PRFxN_a9_161(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_af( ->>>>>>> main + sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -11166,11 +7139,7 @@ sample_ring_element_cbd_c60(uint8_t prf_input[33U], uint8_t domain_separator) { (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_74 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_error_1, -======= - lit.fst, copy_of_error_1, ->>>>>>> main (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); result.snd = domain_separator; return result; @@ -11186,15 +7155,9 @@ with const generics - K= 2 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_a9_260(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_c90(input, ret); -======= static KRML_MUSTINLINE void PRF_a9_422(Eurydice_slice input, uint8_t ret[128U]) { PRF_d10(input, ret); ->>>>>>> main } /** @@ -11203,60 +7166,34 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_montgomery_97( +static KRML_MUSTINLINE void invert_ntt_montgomery_4a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_16(&zeta_i, re); - invert_ntt_at_layer_2_88(&zeta_i, re); - invert_ntt_at_layer_3_f7(&zeta_i, re); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_85(re); -======= -static KRML_MUSTINLINE void invert_ntt_montgomery_190( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2b(&zeta_i, re); - invert_ntt_at_layer_2_6a(&zeta_i, re); - invert_ntt_at_layer_3_ad(&zeta_i, re); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_2b(re); ->>>>>>> main + invert_ntt_at_layer_1_f8(&zeta_i, re); + invert_ntt_at_layer_2_de(&zeta_i, re); + invert_ntt_at_layer_3_0f(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_09(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_vector_u_e3( -======= -static KRML_MUSTINLINE void compute_vector_u_ba0( ->>>>>>> main +static KRML_MUSTINLINE void compute_vector_u_a90( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, -<<<<<<< HEAD - result0[i] = ZERO_20_1b();); -======= - result[i] = ZERO_d6_7d();); ->>>>>>> main + result0[i] = ZERO_20_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -11276,19 +7213,11 @@ static KRML_MUSTINLINE void compute_vector_u_ba0( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = -<<<<<<< HEAD - ntt_multiply_20_f1(a_element, &r_as_ntt[j]); - add_to_ring_element_20_47(&result0[i1], &product); - } - invert_ntt_montgomery_97(&result0[i1]); - add_error_reduce_20_1f(&result0[i1], &error_1[i1]); -======= - ntt_multiply_d6_f1(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_b80(&result[i1], &product); + ntt_multiply_20_63(a_element, &r_as_ntt[j]); + add_to_ring_element_20_310(&result0[i1], &product); } - invert_ntt_montgomery_190(&result[i1]); - add_error_reduce_d6_89(&result[i1], &error_1[i1]); ->>>>>>> main + invert_ntt_montgomery_4a0(&result0[i1]); + add_error_reduce_20_84(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -11299,9 +7228,6 @@ static KRML_MUSTINLINE void compute_vector_u_ba0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -11309,38 +7235,21 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -compute_ring_element_v_e7( -======= -compute_ring_element_v_9f0( ->>>>>>> main +compute_ring_element_v_e60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_f1(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_47(&result, &product);); - invert_ntt_montgomery_97(&result); - result = add_message_error_reduce_20_69(error_2, message, result); -======= - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_b80(&result, &product);); - invert_ntt_montgomery_190(&result); - result = add_message_error_reduce_d6_df(error_2, message, result); ->>>>>>> main + ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_310(&result, &product);); + invert_ntt_montgomery_4a0(&result); + result = add_message_error_reduce_20_b0(error_2, message, result); return result; } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -11350,11 +7259,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -<<<<<<< HEAD -static void compress_then_serialize_u_9f( -======= -static void compress_then_serialize_u_0b0( ->>>>>>> main +static void compress_then_serialize_u_490( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -11370,57 +7275,12 @@ static void compress_then_serialize_u_0b0( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; -<<<<<<< HEAD - compress_then_serialize_ring_element_u_81(&re, ret); -======= - compress_then_serialize_ring_element_u_880(&re, ret); ->>>>>>> main + compress_then_serialize_ring_element_u_130(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -11438,18 +7298,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static void encrypt_unpacked_06( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_e4(copy_of_prf_input0, 0U); -======= -static void encrypt_unpacked_be0(IndCpaPublicKeyUnpacked_d6 *public_key, +static void encrypt_unpacked_670(IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -11457,8 +7306,7 @@ static void encrypt_unpacked_be0(IndCpaPublicKeyUnpacked_d6 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_7f0(copy_of_prf_input0, 0U); ->>>>>>> main + tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_d70(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -11468,11 +7316,7 @@ static void encrypt_unpacked_be0(IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = -<<<<<<< HEAD - sample_ring_element_cbd_e7(copy_of_prf_input, domain_separator0); -======= - sample_ring_element_cbd_c60(copy_of_prf_input, domain_separator0); ->>>>>>> main + sample_ring_element_cbd_460(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -11480,148 +7324,37 @@ static void encrypt_unpacked_be0(IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; -<<<<<<< HEAD - PRF_a9_260(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_8e0( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_e3(public_key->A, r_as_ntt, error_1, u); -======= PRF_a9_422(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_af( + sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_ba0(public_key->A, r_as_ntt, error_1, u); ->>>>>>> main + compute_vector_u_a90(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = -<<<<<<< HEAD - deserialize_then_decompress_message_e3(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_e7(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); -======= - deserialize_then_decompress_message_ef(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_a6(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_9f0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_e60(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); ->>>>>>> main uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -<<<<<<< HEAD - compress_then_serialize_u_9f( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_0c( -======= - compress_then_serialize_u_0b0( + compress_then_serialize_u_490( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_f30( ->>>>>>> main + compress_then_serialize_ring_element_v_460( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_25( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_unpacked_06(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_15(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -} - -/** -======= ->>>>>>> main A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics @@ -11638,59 +7371,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static void encrypt_50(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_30( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_ff(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[2U][2U]; - memcpy(copy_of_A, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[768U]; - encrypt_unpacked_06(uu____3, copy_of_message, randomness, result); - memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); -======= -static void encrypt_a4(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_60(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_8d_800(); - deserialize_ring_elements_reduced_8c0( + IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_85_800(); + deserialize_ring_elements_reduced_3d0( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -11704,10 +7388,9 @@ static void encrypt_a4(Eurydice_slice public_key, uint8_t message[32U], /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_be0(uu____1, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); ->>>>>>> main + uint8_t result[768U]; + encrypt_unpacked_670(uu____1, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } /** @@ -11721,20 +7404,12 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void kdf_af_6e(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void kdf_d8_e9(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_5a(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -11756,49 +7431,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b3( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_15( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9c( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c6( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_96( + entropy_preprocess_d8_7b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; -<<<<<<< HEAD - H_a9_31(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), - uint8_t), - ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); - uint8_t hashed[64U]; - G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); -======= H_a9_160(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cc0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; G_a9_670(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); ->>>>>>> main Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -11806,67 +7459,43 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9c( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); -======= - (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), uint8_t); ->>>>>>> main + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cc0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; -<<<<<<< HEAD - encrypt_50(uu____2, copy_of_randomness, pseudorandomness, ciphertext); -======= - encrypt_a4(uu____2, copy_of_randomness, pseudorandomness, ciphertext); ->>>>>>> main + encrypt_60(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = -<<<<<<< HEAD - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_fc0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_6e(shared_secret, shared_secret_array); -======= - libcrux_ml_kem_types_from_fc_360(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_d8_e9(shared_secret, shared_secret_array); ->>>>>>> main + kdf_d8_5a(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_ec result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_c5( +static KRML_MUSTINLINE void deserialize_secret_key_94( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_d6_7d();); + secret_as_ntt[i] = ZERO_20_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -11878,18 +7507,18 @@ static KRML_MUSTINLINE void deserialize_secret_key_c5( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_71(secret_bytes); + deserialize_to_uncompressed_ring_element_d1(secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + memcpy( + result, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( - ret, secret_as_ntt, + ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -11898,20 +7527,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_then_decompress_u_4a( -======= -static KRML_MUSTINLINE void deserialize_then_decompress_u_9d0( ->>>>>>> main +static KRML_MUSTINLINE void deserialize_then_decompress_u_840( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, -<<<<<<< HEAD - u_as_ntt[i] = ZERO_20_1b();); -======= - u_as_ntt[i] = ZERO_d6_7d();); ->>>>>>> main + u_as_ntt[i] = ZERO_20_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -11929,25 +7550,14 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_9d0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); -<<<<<<< HEAD - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d5(u_bytes); - ntt_vector_u_27(&u_as_ntt[i0]); -======= - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f90(u_bytes); - ntt_vector_u_9b0(&u_as_ntt[i0]); ->>>>>>> main + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cc0(u_bytes); + ntt_vector_u_600(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -11955,58 +7565,20 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -compute_message_3f( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_47(&result, &product);); - invert_ntt_montgomery_97(&result); - result = subtract_reduce_20_8c(v, result); -======= -compute_message_6a0( +compute_message_780( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_b80(&result, &product);); - invert_ntt_montgomery_190(&result); - result = subtract_reduce_d6_4a(v, result); ->>>>>>> main + ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_310(&result, &product);); + invert_ntt_montgomery_4a0(&result); + result = subtract_reduce_20_79(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -12017,33 +7589,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -<<<<<<< HEAD -static void decrypt_unpacked_4c( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_4a(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_08( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_3f(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_2d(message, ret0); -======= -static void decrypt_unpacked_670(IndCpaPrivateKeyUnpacked_d6 *secret_key, +static void decrypt_unpacked_cb0(IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_9d0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_840(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_590( + deserialize_then_decompress_ring_element_v_800( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_6a0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_780(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_53(message, ret0); + compress_then_serialize_message_e4(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -12057,10 +7614,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_3d(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_b8(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_c5(secret_key, secret_as_ntt); + deserialize_secret_key_94(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -12070,10 +7627,9 @@ static void decrypt_3d(Eurydice_slice secret_key, uint8_t *ciphertext, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_670(&secret_key_unpacked, ciphertext, ret0); ->>>>>>> main - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + decrypt_unpacked_cb0(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -12086,157 +7642,8 @@ with const generics - K= 2 - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_a9_26(Eurydice_slice input, uint8_t ret[32U]) { - PRF_c9(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d6( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_4c(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_170( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_26(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_unpacked_06(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_88( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_1b();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_ae(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - memcpy( - result, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_d2(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_88(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t result[32U]; - decrypt_unpacked_4c(&secret_key_unpacked, ciphertext, result); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -======= static KRML_MUSTINLINE void PRF_a9_421(Eurydice_slice input, uint8_t ret[32U]) { PRF_d1(input, ret); ->>>>>>> main } /** @@ -12261,11 +7668,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_e2( -======= -void libcrux_ml_kem_ind_cca_decapsulate_97( ->>>>>>> main +void libcrux_ml_kem_ind_cca_decapsulate_ab( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -12283,15 +7686,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_97( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; -<<<<<<< HEAD - decrypt_d2(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - decrypt_3d(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_b8(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -12299,11 +7696,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_97( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); -======= G_a9_670(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); ->>>>>>> main Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -12311,65 +7704,34 @@ void libcrux_ml_kem_ind_cca_decapsulate_97( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_26(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret0); -======= libcrux_ml_kem_utils_into_padded_array_424(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_470(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_421(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret0); ->>>>>>> main Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; -<<<<<<< HEAD - encrypt_50(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_60(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_6e(Eurydice_array_to_slice((size_t)32U, + kdf_d8_5a(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_6e(shared_secret0, shared_secret1); + kdf_d8_5a(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), + libcrux_ml_kem_types_as_ref_00_470(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - encrypt_a4(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_e9(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_d8_e9(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 6d0df9ee1..c59cb8009 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem_avx2_H @@ -38,49 +30,29 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_vec_zero(void); -======= -__m256i libcrux_ml_kem_vector_avx2_zero(void); ->>>>>>> main /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_ZERO_09(void); __m256i libcrux_ml_kem_vector_avx2_vec_from_i16_array(Eurydice_slice array); -======= -__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); - -__m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); ->>>>>>> main /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_from_i16_array_09(Eurydice_slice array); void libcrux_ml_kem_vector_avx2_vec_to_i16_array(__m256i v, int16_t ret[16U]); -======= -__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array); - -void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, int16_t ret[16U]); ->>>>>>> main /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_to_i16_array_09(__m256i x, int16_t ret[16U]); -======= -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs); @@ -88,11 +60,7 @@ __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs); This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_add_09(__m256i lhs, __m256i *rhs); -======= -__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs); @@ -100,11 +68,7 @@ __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs); This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_sub_09(__m256i lhs, __m256i *rhs); -======= -__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( __m256i vector, int16_t constant); @@ -113,11 +77,7 @@ __m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09(__m256i vec, -======= -__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, ->>>>>>> main int16_t c); __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( @@ -127,11 +87,7 @@ __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( -======= -__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( ->>>>>>> main __m256i vector, int16_t constant); __m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( @@ -141,11 +97,7 @@ __m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(__m256i vector); -======= -__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector); ->>>>>>> main #define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ ((int16_t)20159) @@ -160,11 +112,7 @@ __m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector); This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_barrett_reduce_09(__m256i vector); -======= -__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( __m256i vector, int16_t constant); @@ -173,11 +121,7 @@ __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( -======= -__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( ->>>>>>> main __m256i vector, int16_t constant); __m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( @@ -187,21 +131,13 @@ __m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_compress_1_09(__m256i vector); -======= -__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, __m256i rhs); __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( -<<<<<<< HEAD __m256i vec, __m256i constants); -======= - __m256i v, __m256i c); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); @@ -210,11 +146,7 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09( -======= -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( ->>>>>>> main __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(__m256i vector, @@ -225,21 +157,13 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09(__m256i vector, -======= -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, ->>>>>>> main int16_t zeta0, int16_t zeta1); __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( -<<<<<<< HEAD __m128i vec, __m128i constants); -======= - __m128i v, __m128i c); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta); @@ -248,11 +172,7 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09(__m256i vector, -======= -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, ->>>>>>> main int16_t zeta); __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( @@ -262,11 +182,7 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09( -======= -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( ->>>>>>> main __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector, @@ -277,11 +193,7 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09(__m256i vector, -======= -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, ->>>>>>> main int16_t zeta0, int16_t zeta1); @@ -292,18 +204,11 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09(__m256i vector, int16_t zeta); __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( __m256i vec); -======= -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, - int16_t zeta); - -__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(__m256i lhs, __m256i rhs, int16_t zeta0, @@ -315,11 +220,7 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(__m256i lhs, __m256i rhs, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09(__m256i *lhs, __m256i *rhs, -======= -__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, ->>>>>>> main int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); @@ -331,11 +232,7 @@ void libcrux_ml_kem_vector_avx2_serialize_serialize_1(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_1_09(__m256i vector, uint8_t ret[2U]); -======= -void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, uint8_t ret[2U]); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( Eurydice_slice bytes); @@ -344,11 +241,7 @@ __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_1_09(Eurydice_slice bytes); -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes); ->>>>>>> main void libcrux_ml_kem_vector_avx2_serialize_serialize_4(__m256i vector, uint8_t ret[8U]); @@ -357,11 +250,7 @@ void libcrux_ml_kem_vector_avx2_serialize_serialize_4(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_4_09(__m256i vector, uint8_t ret[8U]); -======= -void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, uint8_t ret[8U]); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( Eurydice_slice bytes); @@ -370,11 +259,7 @@ __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_4_09(Eurydice_slice bytes); -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes); ->>>>>>> main void libcrux_ml_kem_vector_avx2_serialize_serialize_5(__m256i vector, uint8_t ret[10U]); @@ -383,11 +268,7 @@ void libcrux_ml_kem_vector_avx2_serialize_serialize_5(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_5_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, ->>>>>>> main uint8_t ret[10U]); __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( @@ -397,11 +278,7 @@ __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_5_09(Eurydice_slice bytes); -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes); ->>>>>>> main void libcrux_ml_kem_vector_avx2_serialize_serialize_10(__m256i vector, uint8_t ret[20U]); @@ -410,11 +287,7 @@ void libcrux_ml_kem_vector_avx2_serialize_serialize_10(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_10_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, ->>>>>>> main uint8_t ret[20U]); __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( @@ -424,11 +297,7 @@ __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_10_09(Eurydice_slice bytes); -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes); ->>>>>>> main void libcrux_ml_kem_vector_avx2_serialize_serialize_11(__m256i vector, uint8_t ret[22U]); @@ -437,11 +306,7 @@ void libcrux_ml_kem_vector_avx2_serialize_serialize_11(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_11_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, ->>>>>>> main uint8_t ret[22U]); __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( @@ -451,11 +316,7 @@ __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_11_09(Eurydice_slice bytes); -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes); ->>>>>>> main void libcrux_ml_kem_vector_avx2_serialize_serialize_12(__m256i vector, uint8_t ret[24U]); @@ -464,11 +325,7 @@ void libcrux_ml_kem_vector_avx2_serialize_serialize_12(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_12_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, ->>>>>>> main uint8_t ret[24U]); __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( @@ -478,11 +335,7 @@ __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_12_09(Eurydice_slice bytes); -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes); ->>>>>>> main size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( Eurydice_slice input, Eurydice_slice output); @@ -498,189 +351,8 @@ size_t libcrux_ml_kem_vector_avx2_rej_sample_09(Eurydice_slice input, This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_clone_78(__m256i *self); -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - __m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6; -======= -__m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self); ->>>>>>> main - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 4abcc363c..f41d3f0c9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "internal/libcrux_mlkem_portable.h" @@ -87,11 +79,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); -<<<<<<< HEAD core_result_unwrap_41_30(dst, ret); -======= - core_result_unwrap_26_30(dst, ret); ->>>>>>> main memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -187,7 +175,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = r0_10.fst; ret[1U] = r0_10.snd; ret[2U] = r0_10.thd; @@ -210,32 +197,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( ret[19U] = r11_21.f8; ret[20U] = r11_21.f9; ret[21U] = r11_21.f10; -======= - uint8_t result[22U] = {0U}; - result[0U] = r0_10.fst; - result[1U] = r0_10.snd; - result[2U] = r0_10.thd; - result[3U] = r0_10.f3; - result[4U] = r0_10.f4; - result[5U] = r0_10.f5; - result[6U] = r0_10.f6; - result[7U] = r0_10.f7; - result[8U] = r0_10.f8; - result[9U] = r0_10.f9; - result[10U] = r0_10.f10; - result[11U] = r11_21.fst; - result[12U] = r11_21.snd; - result[13U] = r11_21.thd; - result[14U] = r11_21.f3; - result[15U] = r11_21.f4; - result[16U] = r11_21.f5; - result[17U] = r11_21.f6; - result[18U] = r11_21.f7; - result[19U] = r11_21.f8; - result[20U] = r11_21.f9; - result[21U] = r11_21.f10; - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -318,7 +279,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_7.fst; lit.elements[1U] = v0_7.snd; @@ -337,27 +297,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { lit.elements[14U] = v8_15.f6; lit.elements[15U] = v8_15.f7; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; ->>>>>>> main } /** @@ -1026,7 +965,6 @@ libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -1034,27 +972,6 @@ libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( if (vec.elements[i0] >= (int16_t)3329) { size_t uu____0 = i0; vec.elements[uu____0] = vec.elements[uu____0] - (int16_t)3329; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - core_option_Option_b3 uu____0 = - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( - &iter, size_t, core_option_Option_b3); - if (uu____0.tag == core_option_None) { - return v; - } else { - size_t i = uu____0.f0; - if (v.elements[i] >= (int16_t)3329) { - size_t uu____1 = i; - v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; - } ->>>>>>> main } } return vec; @@ -1081,13 +998,9 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) -<<<<<<< HEAD Note: The input bound is 28296 to prevent overflow in the multiplication of quotient by FIELD_MODULUS -======= - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. ->>>>>>> main */ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { @@ -1132,19 +1045,12 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - the absolute value of `o` is bound as follows: -<<<<<<< HEAD `|result| ≤ ceil(|value| / MONTGOMERY_R) + 1665 In particular, if `|value| ≤ FIELD_MODULUS-1 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS-1`. And, if `|value| ≤ pow2 16 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS + 1664 -======= - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) - - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. ->>>>>>> main */ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { @@ -1506,28 +1412,6 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, @@ -1635,7 +1519,6 @@ void libcrux_ml_kem_vector_portable_serialize_1_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { -<<<<<<< HEAD int16_t result0 = (int16_t)((uint32_t)Eurydice_slice_index( v, (size_t)0U, uint8_t, uint8_t *) & 1U); @@ -1716,25 +1599,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { lit.elements[14U] = result14; lit.elements[15U] = result15; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_portable_vector_type_zero(); - KRML_MAYBE_FOR8( - i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)0U, uint8_t, uint8_t *) >> - (uint32_t)i0 & - 1U);); - for (size_t i = (size_t)8U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)1U, uint8_t, uint8_t *) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); - } - return result; ->>>>>>> main } /** @@ -1783,7 +1647,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = result0_3.fst; ret[1U] = result0_3.snd; ret[2U] = result0_3.thd; @@ -1792,18 +1655,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( ret[5U] = result4_7.snd; ret[6U] = result4_7.thd; ret[7U] = result4_7.f3; -======= - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -1863,7 +1714,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_7.fst; lit.elements[1U] = v0_7.snd; @@ -1882,27 +1732,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { lit.elements[14U] = v8_15.f6; lit.elements[15U] = v8_15.f7; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; ->>>>>>> main } /** @@ -1947,7 +1776,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = r0_4.fst; ret[1U] = r0_4.snd; ret[2U] = r0_4.thd; @@ -1958,20 +1786,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( ret[7U] = r5_9.thd; ret[8U] = r5_9.f3; ret[9U] = r5_9.f4; -======= - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -2042,7 +1856,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_7.fst; lit.elements[1U] = v0_7.snd; @@ -2061,27 +1874,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { lit.elements[14U] = v8_15.f6; lit.elements[15U] = v8_15.f7; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; ->>>>>>> main } /** @@ -2142,7 +1934,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = r0_4.fst; ret[1U] = r0_4.snd; ret[2U] = r0_4.thd; @@ -2163,30 +1954,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( ret[17U] = r15_19.thd; ret[18U] = r15_19.f3; ret[19U] = r15_19.f4; -======= - uint8_t result[20U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - result[10U] = r10_14.fst; - result[11U] = r10_14.snd; - result[12U] = r10_14.thd; - result[13U] = r10_14.f3; - result[14U] = r10_14.f4; - result[15U] = r15_19.fst; - result[16U] = r15_19.snd; - result[17U] = r15_19.thd; - result[18U] = r15_19.f3; - result[19U] = r15_19.f4; - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -2265,7 +2032,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_7.fst; lit.elements[1U] = v0_7.snd; @@ -2284,27 +2050,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { lit.elements[14U] = v8_15.f6; lit.elements[15U] = v8_15.f7; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; ->>>>>>> main } /** @@ -2355,7 +2100,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12( uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = r0_2.fst; ret[1U] = r0_2.snd; ret[2U] = r0_2.thd; @@ -2380,34 +2124,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12( ret[21U] = r21_23.fst; ret[22U] = r21_23.snd; ret[23U] = r21_23.thd; -======= - uint8_t result[24U] = {0U}; - result[0U] = r0_2.fst; - result[1U] = r0_2.snd; - result[2U] = r0_2.thd; - result[3U] = r3_5.fst; - result[4U] = r3_5.snd; - result[5U] = r3_5.thd; - result[6U] = r6_8.fst; - result[7U] = r6_8.snd; - result[8U] = r6_8.thd; - result[9U] = r9_11.fst; - result[10U] = r9_11.snd; - result[11U] = r9_11.thd; - result[12U] = r12_14.fst; - result[13U] = r12_14.snd; - result[14U] = r12_14.thd; - result[15U] = r15_17.fst; - result[16U] = r15_17.snd; - result[17U] = r15_17.thd; - result[18U] = r18_20.fst; - result[19U] = r18_20.snd; - result[20U] = r18_20.thd; - result[21U] = r21_23.fst; - result[22U] = r21_23.snd; - result[23U] = r21_23.thd; - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -2455,7 +2171,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_1.fst; lit.elements[1U] = v0_1.snd; @@ -2474,27 +2189,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { lit.elements[14U] = v14_15.fst; lit.elements[15U] = v14_15.snd; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector re = - libcrux_ml_kem_vector_portable_vector_type_zero(); - re.elements[0U] = v0_1.fst; - re.elements[1U] = v0_1.snd; - re.elements[2U] = v2_3.fst; - re.elements[3U] = v2_3.snd; - re.elements[4U] = v4_5.fst; - re.elements[5U] = v4_5.snd; - re.elements[6U] = v6_7.fst; - re.elements[7U] = v6_7.snd; - re.elements[8U] = v8_9.fst; - re.elements[9U] = v8_9.snd; - re.elements[10U] = v10_11.fst; - re.elements[11U] = v10_11.snd; - re.elements[12U] = v12_13.fst; - re.elements[13U] = v12_13.snd; - re.elements[14U] = v14_15.fst; - re.elements[15U] = v14_15.snd; - return re; ->>>>>>> main } /** @@ -2587,27 +2281,15 @@ libcrux_ml_kem_vector_portable_vector_type_clone_3b( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_1c(void) { -======= -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_d6_19(void) { ->>>>>>> main +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_19(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2628,12 +2310,6 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_d6_19(void) { return lit; } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -2641,13 +2317,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_to_reduced_ring_element_62(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); -======= -deserialize_to_reduced_ring_element_f6(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); ->>>>>>> main +deserialize_to_reduced_ring_element_d3(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2662,27 +2333,15 @@ deserialize_to_reduced_ring_element_f6(Eurydice_slice serialized) { return re; } -/** - See [deserialize_ring_elements_reduced_out]. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_071( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_1c();); -======= -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8b( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2694,35 +2353,24 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b4( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = -<<<<<<< HEAD - deserialize_to_reduced_ring_element_62(ring_element); -======= - deserialize_to_reduced_ring_element_f6(ring_element); ->>>>>>> main + deserialize_to_reduced_ring_element_d3(ring_element); deserialized_pk[i0] = uu____0; } } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_6b1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_581( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_d6_19();); - deserialize_ring_elements_reduced_1b4(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_20_19();); + deserialize_ring_elements_reduced_8b(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2734,11 +2382,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -shift_right_58(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { -======= -shift_right_7d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { ->>>>>>> main +shift_right_95(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2757,13 +2401,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -shift_right_0d_f1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_58(v); -======= -shift_right_0d_46(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_7d(v); ->>>>>>> main +shift_right_0d_64(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_95(v); } /** @@ -2773,17 +2412,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -to_unsigned_representative_87( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_f1(a); -======= -to_unsigned_representative_08( +to_unsigned_representative_9f( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_46(a); ->>>>>>> main + shift_right_0d_64(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2796,22 +2428,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_64( -======= -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_16( ->>>>>>> main +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_c4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - to_unsigned_representative_87(re->coefficients[i0]); -======= - to_unsigned_representative_08(re->coefficients[i0]); ->>>>>>> main + to_unsigned_representative_9f(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2822,9 +2446,6 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_16( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2832,11 +2453,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_secret_key_cd1( -======= -static KRML_MUSTINLINE void serialize_secret_key_8c( ->>>>>>> main +static KRML_MUSTINLINE void serialize_secret_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2854,20 +2471,13 @@ static KRML_MUSTINLINE void serialize_secret_key_8c( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; -<<<<<<< HEAD - serialize_uncompressed_ring_element_64(&re, ret0); -======= - serialize_uncompressed_ring_element_16(&re, ret0); ->>>>>>> main + serialize_uncompressed_ring_element_c4(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2876,13 +2486,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_mut_46( +static KRML_MUSTINLINE void serialize_public_key_mut_1d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret[1536U]; - serialize_secret_key_8c(t_as_ntt, ret); + serialize_secret_key_80(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -2891,9 +2501,6 @@ static KRML_MUSTINLINE void serialize_public_key_mut_46( seed_for_a, uint8_t); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2902,41 +2509,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_public_key_771( +static KRML_MUSTINLINE void serialize_public_key_96( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); - uint8_t ret0[1536U]; - serialize_secret_key_cd1(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t), - seed_for_a, uint8_t); + serialize_public_key_mut_1d(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1568U]; memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void serialize_public_key_eb( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - serialize_public_key_mut_46(t_as_ntt, seed_for_a, public_key_serialized); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); ->>>>>>> main } -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2945,25 +2527,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_821(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_3c1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_071( -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_951(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_out_6b1( ->>>>>>> main + deserialize_ring_elements_reduced_out_581( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; -<<<<<<< HEAD - serialize_public_key_771( -======= - serialize_public_key_eb( ->>>>>>> main + serialize_public_key_96( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2985,13 +2557,6 @@ static KRML_MUSTINLINE void H_f1_c6(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } -/** - Validate an ML-KEM private key. - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] @@ -3000,7 +2565,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_0f( +bool libcrux_ml_kem_ind_cca_validate_private_key_53( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { uint8_t t[32U]; @@ -3028,20 +2593,20 @@ typedef struct IndCpaPrivateKeyUnpacked_42_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static IndCpaPrivateKeyUnpacked_42 default_1a_a3(void) { +static IndCpaPrivateKeyUnpacked_42 default_f6_a3(void) { IndCpaPrivateKeyUnpacked_42 lit; - lit.secret_as_ntt[0U] = ZERO_d6_19(); - lit.secret_as_ntt[1U] = ZERO_d6_19(); - lit.secret_as_ntt[2U] = ZERO_d6_19(); - lit.secret_as_ntt[3U] = ZERO_d6_19(); + lit.secret_as_ntt[0U] = ZERO_20_19(); + lit.secret_as_ntt[1U] = ZERO_20_19(); + lit.secret_as_ntt[2U] = ZERO_20_19(); + lit.secret_as_ntt[3U] = ZERO_20_19(); return lit; } @@ -3060,40 +2625,40 @@ typedef struct IndCpaPublicKeyUnpacked_42_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static IndCpaPublicKeyUnpacked_42 default_8d_6b(void) { +static IndCpaPublicKeyUnpacked_42 default_85_6b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - uu____0[i] = ZERO_d6_19();); + uu____0[i] = ZERO_20_19();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_42 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_d6_19(); - lit.A[0U][1U] = ZERO_d6_19(); - lit.A[0U][2U] = ZERO_d6_19(); - lit.A[0U][3U] = ZERO_d6_19(); - lit.A[1U][0U] = ZERO_d6_19(); - lit.A[1U][1U] = ZERO_d6_19(); - lit.A[1U][2U] = ZERO_d6_19(); - lit.A[1U][3U] = ZERO_d6_19(); - lit.A[2U][0U] = ZERO_d6_19(); - lit.A[2U][1U] = ZERO_d6_19(); - lit.A[2U][2U] = ZERO_d6_19(); - lit.A[2U][3U] = ZERO_d6_19(); - lit.A[3U][0U] = ZERO_d6_19(); - lit.A[3U][1U] = ZERO_d6_19(); - lit.A[3U][2U] = ZERO_d6_19(); - lit.A[3U][3U] = ZERO_d6_19(); + lit.A[0U][0U] = ZERO_20_19(); + lit.A[0U][1U] = ZERO_20_19(); + lit.A[0U][2U] = ZERO_20_19(); + lit.A[0U][3U] = ZERO_20_19(); + lit.A[1U][0U] = ZERO_20_19(); + lit.A[1U][1U] = ZERO_20_19(); + lit.A[1U][2U] = ZERO_20_19(); + lit.A[1U][3U] = ZERO_20_19(); + lit.A[2U][0U] = ZERO_20_19(); + lit.A[2U][1U] = ZERO_20_19(); + lit.A[2U][2U] = ZERO_20_19(); + lit.A[2U][3U] = ZERO_20_19(); + lit.A[3U][0U] = ZERO_20_19(); + lit.A[3U][1U] = ZERO_20_19(); + lit.A[3U][2U] = ZERO_20_19(); + lit.A[3U][3U] = ZERO_20_19(); return lit; } @@ -3106,11 +2671,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void G_f1_d01(Eurydice_slice input, uint8_t ret[64U]) { -======= static KRML_MUSTINLINE void G_f1_07(Eurydice_slice input, uint8_t ret[64U]) { ->>>>>>> main libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -3124,13 +2685,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -<<<<<<< HEAD -static void closure_a31( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_1c();); -======= -static KRML_MUSTINLINE void cpa_keygen_seed_d8_b7( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_61( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -3143,7 +2698,6 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_b7( uint8_t ret0[64U]; G_f1_07(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -3162,11 +2716,7 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -<<<<<<< HEAD -shake128_init_absorb_final_401(uint8_t input[4U][34U]) { -======= -shake128_init_absorb_37(uint8_t input[4U][34U]) { ->>>>>>> main +shake128_init_absorb_final_37(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -3197,19 +2747,11 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -<<<<<<< HEAD -shake128_init_absorb_final_f1_831(uint8_t input[4U][34U]) { +shake128_init_absorb_final_f1_17(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_401(copy_of_input); -======= -shake128_init_absorb_f1_17(uint8_t input[4U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[4U][34U]; - memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_37(copy_of_input); ->>>>>>> main + return shake128_init_absorb_final_37(copy_of_input); } /** @@ -3218,11 +2760,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_9a1( -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_72( ->>>>>>> main +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_72( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -3243,15 +2781,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_201( - PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_9a1(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_75( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_75( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_72(self, ret); ->>>>>>> main + shake128_squeeze_first_three_blocks_72(self, ret); } /** @@ -3302,11 +2834,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_893( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb( ->>>>>>> main uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -3344,13 +2872,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_ea1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_e6( PortableHash_d1 *st, uint8_t ret[4U][168U]) { -======= -static KRML_MUSTINLINE void shake128_squeeze_block_e6(PortableHash_d1 *st, - uint8_t ret[4U][168U]) { ->>>>>>> main uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -3370,15 +2893,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_041( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_48( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_ea1(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_block_f1_48( - PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_e6(self, ret); ->>>>>>> main + shake128_squeeze_next_block_e6(self, ret); } /** @@ -3429,11 +2946,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_894( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb0( ->>>>>>> main uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -3467,30 +2980,17 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb0( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -from_i16_array_20_d3(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); -======= -from_i16_array_d6_bb(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); ->>>>>>> main +from_i16_array_20_bb(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3510,15 +3010,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -<<<<<<< HEAD -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c1( - int16_t s[272U]) { - return from_i16_array_20_d3( -======= static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba( int16_t s[272U]) { - return from_i16_array_d6_bb( ->>>>>>> main + return from_i16_array_20_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3529,11 +3023,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_from_xof_1b1( -======= static KRML_MUSTINLINE void sample_from_xof_49( ->>>>>>> main uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -3541,43 +3031,25 @@ static KRML_MUSTINLINE void sample_from_xof_49( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); -<<<<<<< HEAD - PortableHash_d1 xof_state = shake128_init_absorb_final_f1_831(copy_of_seeds); - uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_f1_201(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[4U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_893( -======= - PortableHash_d1 xof_state = shake128_init_absorb_f1_17(copy_of_seeds); + PortableHash_d1 xof_state = shake128_init_absorb_final_f1_17(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_f1_75(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_75(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_fb( ->>>>>>> main copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; -<<<<<<< HEAD - shake128_squeeze_next_block_f1_041(&xof_state, randomness); -======= - shake128_squeeze_block_f1_48(&xof_state, randomness); ->>>>>>> main + shake128_squeeze_next_block_f1_48(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); -<<<<<<< HEAD - done = sample_from_uniform_distribution_next_894( -======= done = sample_from_uniform_distribution_next_fb0( ->>>>>>> main copy_of_randomness, sampled_coefficients, out); } } @@ -3586,11 +3058,7 @@ static KRML_MUSTINLINE void sample_from_xof_49( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, -<<<<<<< HEAD - ret0[i] = closure_2c1(copy_of_out[i]);); -======= ret0[i] = closure_ba(copy_of_out[i]);); ->>>>>>> main memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -3603,18 +3071,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_matrix_A_0b1( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_a31(A_transpose[i]);); -======= static KRML_MUSTINLINE void sample_matrix_A_ae( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[4U], uint8_t seed[34U], bool transpose) { ->>>>>>> main KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -3629,11 +3088,7 @@ static KRML_MUSTINLINE void sample_matrix_A_ae( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; -<<<<<<< HEAD - sample_from_xof_1b1(copy_of_seeds, sampled); -======= sample_from_xof_49(copy_of_seeds, sampled); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3651,16 +3106,6 @@ static KRML_MUSTINLINE void sample_matrix_A_ae( } ); -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U][4U]; - memcpy(result, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - memcpy(ret, result, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); -======= ->>>>>>> main } /** @@ -3669,13 +3114,8 @@ with const generics - K= 4 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_d32(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { -======= static KRML_MUSTINLINE void PRFxN_d5(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { ->>>>>>> main uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -3695,66 +3135,11 @@ with const generics - K= 4 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_f1_bf2(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_d32(input, ret); -======= static KRML_MUSTINLINE void PRFxN_f1_9f(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { PRFxN_d5(input, ret); ->>>>>>> main } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -3762,11 +3147,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -sample_from_binomial_distribution_2_d9(Eurydice_slice randomness) { -======= -sample_from_binomial_distribution_2_d1(Eurydice_slice randomness) { ->>>>>>> main +sample_from_binomial_distribution_2_1b(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -3800,11 +3181,7 @@ sample_from_binomial_distribution_2_d1(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } -<<<<<<< HEAD - return from_i16_array_20_d3( -======= - return from_i16_array_d6_bb( ->>>>>>> main + return from_i16_array_20_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3815,11 +3192,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -sample_from_binomial_distribution_3_af(Eurydice_slice randomness) { -======= -sample_from_binomial_distribution_3_a6(Eurydice_slice randomness) { ->>>>>>> main +sample_from_binomial_distribution_3_ee(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -3852,11 +3225,7 @@ sample_from_binomial_distribution_3_a6(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } -<<<<<<< HEAD - return from_i16_array_20_d3( -======= - return from_i16_array_d6_bb( ->>>>>>> main + return from_i16_array_20_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3867,13 +3236,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -sample_from_binomial_distribution_d8(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_d9(randomness); -======= -sample_from_binomial_distribution_dd(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_d1(randomness); ->>>>>>> main +sample_from_binomial_distribution_ce(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_1b(randomness); } /** @@ -3882,11 +3246,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_at_layer_7_99( -======= -static KRML_MUSTINLINE void ntt_at_layer_7_98( ->>>>>>> main +static KRML_MUSTINLINE void ntt_at_layer_7_73( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3914,11 +3274,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -montgomery_multiply_fe_77( -======= -montgomery_multiply_fe_2c( ->>>>>>> main +montgomery_multiply_fe_5e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3932,20 +3288,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 -<<<<<<< HEAD - ntt_layer_int_vec_step_67( -======= - ntt_layer_int_vec_step_02( ->>>>>>> main + ntt_layer_int_vec_step_d1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = -<<<<<<< HEAD - montgomery_multiply_fe_77(b, zeta_r); -======= - montgomery_multiply_fe_2c(b, zeta_r); ->>>>>>> main + montgomery_multiply_fe_5e(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3959,11 +3307,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_at_layer_4_plus_06( -======= -static KRML_MUSTINLINE void ntt_at_layer_4_plus_35( ->>>>>>> main +static KRML_MUSTINLINE void ntt_at_layer_4_plus_18( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3976,11 +3320,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_35( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = -<<<<<<< HEAD - ntt_layer_int_vec_step_67( -======= - ntt_layer_int_vec_step_02( ->>>>>>> main + ntt_layer_int_vec_step_d1( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3997,11 +3337,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_at_layer_3_82( -======= -static KRML_MUSTINLINE void ntt_at_layer_3_e9( ->>>>>>> main +static KRML_MUSTINLINE void ntt_at_layer_3_1b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4019,11 +3355,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_at_layer_2_8a( -======= -static KRML_MUSTINLINE void ntt_at_layer_2_34( ->>>>>>> main +static KRML_MUSTINLINE void ntt_at_layer_2_ea( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4031,14 +3363,8 @@ static KRML_MUSTINLINE void ntt_at_layer_2_34( re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], -<<<<<<< HEAD libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U)); -======= - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); ->>>>>>> main zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } @@ -4048,7 +3374,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_bd( +static KRML_MUSTINLINE void ntt_at_layer_1_21( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4056,46 +3382,24 @@ static KRML_MUSTINLINE void ntt_at_layer_1_bd( re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], -<<<<<<< HEAD libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)2U), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)3U)); -======= - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); ->>>>>>> main zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void poly_barrett_reduce_20_6b( -======= -static KRML_MUSTINLINE void poly_barrett_reduce_d6_a9( ->>>>>>> main +static KRML_MUSTINLINE void poly_barrett_reduce_20_0a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4113,37 +3417,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_a0( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_99(re); + ntt_at_layer_7_73(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_82(&zeta_i, re); - ntt_at_layer_2_8a(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_20_6b(re); -======= -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_fb( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_98(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_e9(&zeta_i, re); - ntt_at_layer_2_34(&zeta_i, re); - ntt_at_layer_1_bd(&zeta_i, re); - poly_barrett_reduce_d6_a9(re); ->>>>>>> main + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_1b(&zeta_i, re); + ntt_at_layer_2_ea(&zeta_i, re); + ntt_at_layer_1_21(&zeta_i, re); + poly_barrett_reduce_20_0a(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4153,17 +3439,9 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_061( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_1c();); -======= -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_83( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4175,20 +3453,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_83( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; -<<<<<<< HEAD - PRFxN_f1_bf2(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_d8( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_a0(&re_as_ntt[i0]);); -======= PRFxN_f1_9f(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_dd( + re_as_ntt[i0] = sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_fb(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_b3(&re_as_ntt[i0]);); return domain_separator; } @@ -4212,17 +3482,16 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_86( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_44( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_d6_19();); + re_as_ntt[i] = ZERO_20_19();); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_83(uu____0, uu____1, domain_separator); ->>>>>>> main + sample_vector_cbd_then_ntt_3c(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -4230,72 +3499,26 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_86( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_re_as_ntt, -======= - lit.fst, copy_of_re_as_ntt, ->>>>>>> main (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 -======= - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -ntt_multiply_20_23(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_20_76(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_1c(); -======= -ntt_multiply_d6_27(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_d6_19(); ->>>>>>> main + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -4315,33 +3538,16 @@ ntt_multiply_d6_27(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -======= - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_to_ring_element_20_fc1( -======= -static KRML_MUSTINLINE void add_to_ring_element_d6_5d( ->>>>>>> main +static KRML_MUSTINLINE void add_to_ring_element_20_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -4366,11 +3572,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -to_standard_domain_22( -======= -to_standard_domain_bd0( ->>>>>>> main +to_standard_domain_73( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -4378,38 +3580,22 @@ to_standard_domain_bd0( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_standard_error_reduce_20_39( -======= -static KRML_MUSTINLINE void add_standard_error_reduce_d6_aa( ->>>>>>> main +static KRML_MUSTINLINE void add_standard_error_reduce_20_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD - coefficient_normal_form = to_standard_domain_22(self->coefficients[j]); -======= - coefficient_normal_form = to_standard_domain_bd0(self->coefficients[j]); ->>>>>>> main + coefficient_normal_form = to_standard_domain_73(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -4418,58 +3604,13 @@ static KRML_MUSTINLINE void add_standard_error_reduce_d6_aa( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_As_plus_e_3c1( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_1c();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_23(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_fc1(&result0[i1], &product); - } - add_standard_error_reduce_20_39(&result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; - memcpy( - result, result0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -======= -static KRML_MUSTINLINE void compute_As_plus_e_00( +static KRML_MUSTINLINE void compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -4483,7 +3624,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_00( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_d6_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_20_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -4496,55 +3637,13 @@ static KRML_MUSTINLINE void compute_As_plus_e_00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_5d(&t_as_ntt[i0], &product); + ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_3a(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_aa(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_20_69(&t_as_ntt[i0], &error_as_ntt[i0]); } ->>>>>>> main } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4554,47 +3653,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_540 generate_keypair_unpacked_831( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_f1_d01(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; -======= -static void generate_keypair_unpacked_74( +static void generate_keypair_unpacked_86( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_42 *private_key, IndCpaPublicKeyUnpacked_42 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_b7(key_generation_seed, hashed); + cpa_keygen_seed_d8_61(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; ->>>>>>> main Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[4U] = public_key->A; uint8_t ret[34U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_0b1(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_061(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; -======= libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); sample_matrix_A_ae(uu____1, ret, true); uint8_t prf_input[33U]; @@ -4606,285 +3678,73 @@ static void generate_keypair_unpacked_74( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_83(uu____2, copy_of_prf_input0, 0U); ->>>>>>> main + sample_vector_cbd_then_ntt_3c(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, -<<<<<<< HEAD - sample_vector_cbd_then_ntt_061(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_out_44(copy_of_prf_input, domain_separator) + .fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_3c1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; + compute_As_plus_e_f0(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); + uint8_t uu____5[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[4U] - [4U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_540){.fst = sk, .snd = pk}); + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } /** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 +- PRIVATE_KEY_SIZE= 1536 - PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_d61( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_1c();); +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ea1( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_42 private_key = default_f6_a3(); + IndCpaPublicKeyUnpacked_42 public_key = default_85_6b(); + generate_keypair_unpacked_86(key_generation_seed, &private_key, &public_key); + uint8_t public_key_serialized[1568U]; + serialize_public_key_96( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), + public_key_serialized); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key_80(private_key.secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1536U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1568U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 result; + memcpy(result.fst, copy_of_secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); + return result; } /** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_d9( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; - libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * - sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_f1_fd1(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b21( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_540 uu____0 = generate_keypair_unpacked_831(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_d61(A[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_d9(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; - memcpy(uu____2, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - uint8_t pk_serialized[1568U]; - serialize_public_key_771( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_f1_fd1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_42 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -======= - sample_vector_cbd_then_ntt_out_86(copy_of_prf_input, domain_separator) - .fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_00(public_key->t_as_ntt, public_key->A, - private_key->secret_as_ntt, error_as_ntt); - uint8_t uu____5[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); - memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], -libcrux_ml_kem_variant_MlKem with const generics -- K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -<<<<<<< HEAD -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_fc1( - Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_831(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; - uint8_t public_key_serialized[1568U]; - serialize_public_key_771( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_cd1(sk.secret_as_ntt, secret_key_serialized); -======= -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_521( - Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_42 private_key = default_1a_a3(); - IndCpaPublicKeyUnpacked_42 public_key = default_8d_6b(); - generate_keypair_unpacked_74(key_generation_seed, &private_key, &public_key); - uint8_t public_key_serialized[1568U]; - serialize_public_key_eb( - public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_8c(private_key.secret_as_ntt, secret_key_serialized); ->>>>>>> main - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1536U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1568U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); -<<<<<<< HEAD - libcrux_ml_kem_utils_extraction_helper_Keypair1024 result; - memcpy(result.fst, copy_of_secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - memcpy(result.snd, copy_of_public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); - return result; -======= - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); - return lit; ->>>>>>> main -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_kem_secret_key_d5( -======= -static KRML_MUSTINLINE void serialize_kem_secret_key_82( ->>>>>>> main +static KRML_MUSTINLINE void serialize_kem_secret_key_bb( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -4910,11 +3770,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_82( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; -<<<<<<< HEAD - H_f1_fd1(public_key, ret0); -======= H_f1_c6(public_key, ret0); ->>>>>>> main Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -4930,14 +3786,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_82( memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4952,11 +3800,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_6c1(uint8_t randomness[64U]) { -======= -libcrux_ml_kem_ind_cca_generate_keypair_541(uint8_t randomness[64U]) { ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_b21(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -4965,21 +3809,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_541(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = -<<<<<<< HEAD - generate_keypair_fc1(ind_cpa_keypair_randomness); -======= - generate_keypair_521(ind_cpa_keypair_randomness); ->>>>>>> main + generate_keypair_ea1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; -<<<<<<< HEAD - serialize_kem_secret_key_d5( -======= - serialize_kem_secret_key_82( ->>>>>>> main + serialize_kem_secret_key_bb( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -4988,22 +3824,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_541(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = -<<<<<<< HEAD - libcrux_ml_kem_types_from_e7_f11(copy_of_secret_key_serialized); -======= - libcrux_ml_kem_types_from_88_2d1(copy_of_secret_key_serialized); ->>>>>>> main + libcrux_ml_kem_types_from_7f_721(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_types_from_64_b11( - uu____2, libcrux_ml_kem_types_from_07_a91(copy_of_public_key)); -======= - return libcrux_ml_kem_types_from_17_8b1( - uu____2, libcrux_ml_kem_types_from_40_601(copy_of_public_key)); ->>>>>>> main + return libcrux_ml_kem_types_from_3a_8d1( + uu____2, libcrux_ml_kem_types_from_5a_c61(copy_of_public_key)); } /** @@ -5016,7 +3843,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_cd(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_f3(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5024,38 +3851,6 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_cd(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - See [deserialize_ring_elements_reduced_out]. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_f6(ring_element); - deserialized_pk[i0] = uu____0; - } -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5066,17 +3861,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -<<<<<<< HEAD -sample_ring_element_cbd_a21(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_1c();); -======= -sample_ring_element_cbd_af(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_72(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_d6_19();); ->>>>>>> main + error_1[i] = ZERO_20_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5088,19 +3876,11 @@ sample_ring_element_cbd_af(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; -<<<<<<< HEAD - PRFxN_f1_bf2(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_d8( -======= PRFxN_f1_9f(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_dd( ->>>>>>> main + sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -5110,11 +3890,7 @@ sample_ring_element_cbd_af(uint8_t prf_input[33U], uint8_t domain_separator) { (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_error_1, -======= - lit.fst, copy_of_error_1, ->>>>>>> main (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -5125,11 +3901,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_030(Eurydice_slice input, uint8_t ret[128U]) { -======= static KRML_MUSTINLINE void PRF_440(Eurydice_slice input, uint8_t ret[128U]) { ->>>>>>> main uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -5146,15 +3918,9 @@ with const generics - K= 4 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_f1_c84(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_030(input, ret); -======= static KRML_MUSTINLINE void PRF_f1_9d0(Eurydice_slice input, uint8_t ret[128U]) { PRF_440(input, ret); ->>>>>>> main } /** @@ -5163,11 +3929,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_at_layer_1_e7( -======= -static KRML_MUSTINLINE void invert_ntt_at_layer_1_0d( ->>>>>>> main +static KRML_MUSTINLINE void invert_ntt_at_layer_1_2e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -5175,20 +3937,10 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_0d( re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], -<<<<<<< HEAD libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)2U), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)3U)); -======= - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); ->>>>>>> main zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } @@ -5198,11 +3950,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_at_layer_2_e9( -======= -static KRML_MUSTINLINE void invert_ntt_at_layer_2_4a( ->>>>>>> main +static KRML_MUSTINLINE void invert_ntt_at_layer_2_42( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -5210,14 +3958,8 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_2_4a( re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], -<<<<<<< HEAD libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U)); -======= - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); ->>>>>>> main zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } @@ -5227,11 +3969,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_at_layer_3_2b( -======= -static KRML_MUSTINLINE void invert_ntt_at_layer_3_a9( ->>>>>>> main +static KRML_MUSTINLINE void invert_ntt_at_layer_3_0c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -5251,11 +3989,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 -<<<<<<< HEAD - inv_ntt_layer_int_vec_step_reduce_42( -======= - inv_ntt_layer_int_vec_step_reduce_f1( ->>>>>>> main + inv_ntt_layer_int_vec_step_reduce_1b( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -5263,11 +3997,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); -<<<<<<< HEAD - b = montgomery_multiply_fe_77(a_minus_b, zeta_r); -======= - b = montgomery_multiply_fe_2c(a_minus_b, zeta_r); ->>>>>>> main + b = montgomery_multiply_fe_5e(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -5279,11 +4009,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_5a( -======= -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_f5( ->>>>>>> main +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_6a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -5298,11 +4024,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_f5( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = -<<<<<<< HEAD - inv_ntt_layer_int_vec_step_reduce_42( -======= - inv_ntt_layer_int_vec_step_reduce_f1( ->>>>>>> main + inv_ntt_layer_int_vec_step_reduce_1b( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -5319,58 +4041,31 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_montgomery_311( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_e7(&zeta_i, re); - invert_ntt_at_layer_2_e9(&zeta_i, re); - invert_ntt_at_layer_3_2b(&zeta_i, re); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_6b(re); -======= -static KRML_MUSTINLINE void invert_ntt_montgomery_5f( +static KRML_MUSTINLINE void invert_ntt_montgomery_04( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_0d(&zeta_i, re); - invert_ntt_at_layer_2_4a(&zeta_i, re); - invert_ntt_at_layer_3_a9(&zeta_i, re); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_a9(re); ->>>>>>> main + invert_ntt_at_layer_1_2e(&zeta_i, re); + invert_ntt_at_layer_2_42(&zeta_i, re); + invert_ntt_at_layer_3_0c(&zeta_i, re); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_0a(re); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_error_reduce_20_06( -======= -static KRML_MUSTINLINE void add_error_reduce_d6_a3( ->>>>>>> main +static KRML_MUSTINLINE void add_error_reduce_20_15( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5388,31 +4083,20 @@ static KRML_MUSTINLINE void add_error_reduce_d6_a3( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_vector_u_4b1( -======= -static KRML_MUSTINLINE void compute_vector_u_51( ->>>>>>> main +static KRML_MUSTINLINE void compute_vector_u_02( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, -<<<<<<< HEAD - result0[i] = ZERO_20_1c();); -======= - result[i] = ZERO_d6_19();); ->>>>>>> main + result0[i] = ZERO_20_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5432,19 +4116,11 @@ static KRML_MUSTINLINE void compute_vector_u_51( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = -<<<<<<< HEAD - ntt_multiply_20_23(a_element, &r_as_ntt[j]); - add_to_ring_element_20_fc1(&result0[i1], &product); + ntt_multiply_20_76(a_element, &r_as_ntt[j]); + add_to_ring_element_20_3a(&result0[i1], &product); } - invert_ntt_montgomery_311(&result0[i1]); - add_error_reduce_20_06(&result0[i1], &error_1[i1]); -======= - ntt_multiply_d6_27(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_5d(&result[i1], &product); - } - invert_ntt_montgomery_5f(&result[i1]); - add_error_reduce_d6_a3(&result[i1], &error_1[i1]); ->>>>>>> main + invert_ntt_montgomery_04(&result0[i1]); + add_error_reduce_20_15(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -5462,13 +4138,8 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -decompress_1_4c(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { +decompress_1_a4(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { libcrux_ml_kem_vector_portable_vector_type_PortableVector z = -======= -decompress_1_7e(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = ->>>>>>> main libcrux_ml_kem_vector_portable_ZERO_0d(); libcrux_ml_kem_vector_portable_vector_type_PortableVector s = libcrux_ml_kem_vector_portable_sub_0d(z, &vec); @@ -5485,13 +4156,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_then_decompress_message_52(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); -======= -deserialize_then_decompress_message_40(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); ->>>>>>> main +deserialize_then_decompress_message_c9(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5501,39 +4167,23 @@ deserialize_then_decompress_message_40(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = -<<<<<<< HEAD - decompress_1_4c(coefficient_compressed); -======= - decompress_1_7e(coefficient_compressed); ->>>>>>> main + decompress_1_a4(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -add_message_error_reduce_20_8c( -======= -add_message_error_reduce_d6_4d( ->>>>>>> main +add_message_error_reduce_20_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -5556,9 +4206,6 @@ add_message_error_reduce_d6_4d( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5566,32 +4213,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -compute_ring_element_v_661( -======= -compute_ring_element_v_16( ->>>>>>> main +compute_ring_element_v_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_23(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_fc1(&result, &product);); - invert_ntt_montgomery_311(&result); - result = add_message_error_reduce_20_8c(error_2, message, result); -======= - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_5d(&result, &product);); - invert_ntt_montgomery_5f(&result); - result = add_message_error_reduce_d6_4d(error_2, message, result); ->>>>>>> main + ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_3a(&result, &product);); + invert_ntt_montgomery_04(&result); + result = add_message_error_reduce_20_f0(error_2, message, result); return result; } @@ -5601,11 +4234,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -compress_0c(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { -======= -compress_20(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { ->>>>>>> main +compress_6c(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -5626,15 +4255,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -<<<<<<< HEAD -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_9a( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_0c(v); -======= -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_0c( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_20( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_20(v); ->>>>>>> main + return compress_6c(v); } /** @@ -5643,11 +4266,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -compress_0c0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { -======= -compress_200(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { ->>>>>>> main +compress_6c0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -5669,13 +4288,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -compress_0d_9a0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_0c0(v); -======= -compress_0d_0c0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_200(v); ->>>>>>> main +compress_0d_200(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_6c0(v); } /** @@ -5684,22 +4298,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_11_e20( -======= -static KRML_MUSTINLINE void compress_then_serialize_11_9b( ->>>>>>> main +static KRML_MUSTINLINE void compress_then_serialize_11_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - compress_0d_9a0(to_unsigned_representative_87(re->coefficients[i0])); -======= - compress_0d_0c0(to_unsigned_representative_08(re->coefficients[i0])); ->>>>>>> main + compress_0d_200(to_unsigned_representative_9f(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5717,23 +4323,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_310( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11_e20(re, uu____0); -======= -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_08( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_ed( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_9b(re, uu____0); ->>>>>>> main + compress_then_serialize_11_ba(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5743,11 +4339,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -<<<<<<< HEAD -static void compress_then_serialize_u_ed1( -======= -static void compress_then_serialize_u_2b( ->>>>>>> main +static void compress_then_serialize_u_bf( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -5763,11 +4355,7 @@ static void compress_then_serialize_u_2b( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; -<<<<<<< HEAD - compress_then_serialize_ring_element_u_310(&re, ret); -======= - compress_then_serialize_ring_element_u_08(&re, ret); ->>>>>>> main + compress_then_serialize_ring_element_u_ed(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5779,11 +4367,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -compress_0c1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { -======= -compress_201(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { ->>>>>>> main +compress_6c1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -5805,13 +4389,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -compress_0d_9a1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_0c1(v); -======= -compress_0d_0c1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_201(v); ->>>>>>> main +compress_0d_201(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_6c1(v); } /** @@ -5820,11 +4399,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_4_55( -======= -static KRML_MUSTINLINE void compress_then_serialize_4_d4( ->>>>>>> main +static KRML_MUSTINLINE void compress_then_serialize_4_b7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -5833,11 +4408,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_d4( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - compress_0d_9a1(to_unsigned_representative_87(re.coefficients[i0])); -======= - compress_0d_0c1(to_unsigned_representative_08(re.coefficients[i0])); ->>>>>>> main + compress_0d_201(to_unsigned_representative_9f(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -5853,11 +4424,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -compress_0c2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { -======= -compress_202(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { ->>>>>>> main +compress_6c2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -5879,13 +4446,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -compress_0d_9a2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_0c2(v); -======= -compress_0d_0c2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_202(v); ->>>>>>> main +compress_0d_202(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_6c2(v); } /** @@ -5894,7 +4456,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_61( +static KRML_MUSTINLINE void compress_then_serialize_5_96( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -5903,11 +4465,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_61( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = -<<<<<<< HEAD - compress_0d_9a2(to_unsigned_representative_87(re.coefficients[i0])); -======= - compress_0d_0c2(to_unsigned_representative_08(re.coefficients[i0])); ->>>>>>> main + compress_0d_202(to_unsigned_representative_9f(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -5924,56 +4482,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_2d0( -======= -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_b9( ->>>>>>> main +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_de( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_61(re, out); + compress_then_serialize_5_96(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5992,18 +4505,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static void encrypt_unpacked_d71( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_061(copy_of_prf_input0, 0U); -======= -static void encrypt_unpacked_e7(IndCpaPublicKeyUnpacked_42 *public_key, +static void encrypt_unpacked_0d(IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -6011,8 +4513,7 @@ static void encrypt_unpacked_e7(IndCpaPublicKeyUnpacked_42 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_86(copy_of_prf_input0, 0U); ->>>>>>> main + tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_44(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -6022,11 +4523,7 @@ static void encrypt_unpacked_e7(IndCpaPublicKeyUnpacked_42 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = -<<<<<<< HEAD - sample_ring_element_cbd_a21(copy_of_prf_input, domain_separator0); -======= - sample_ring_element_cbd_af(copy_of_prf_input, domain_separator0); ->>>>>>> main + sample_ring_element_cbd_72(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -6034,380 +4531,165 @@ static void encrypt_unpacked_e7(IndCpaPublicKeyUnpacked_42 *public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; -<<<<<<< HEAD - PRF_f1_c84(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_d8( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_4b1(public_key->A, r_as_ntt, error_1, u); -======= PRF_f1_9d0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_dd( + sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_51(public_key->A, r_as_ntt, error_1, u); ->>>>>>> main + compute_vector_u_02(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = -<<<<<<< HEAD - deserialize_then_decompress_message_52(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_661(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); -======= - deserialize_then_decompress_message_40(copy_of_message); + deserialize_then_decompress_message_c9(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_16(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c7(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); ->>>>>>> main uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -<<<<<<< HEAD - compress_then_serialize_u_ed1( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, - (size_t)1408U, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_2d0( -======= - compress_then_serialize_u_2b( + compress_then_serialize_u_bf( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_b9( ->>>>>>> main + compress_then_serialize_ring_element_v_de( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_5f1(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_85_6b(); + deserialize_ring_elements_reduced_8b( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[4U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); + sample_matrix_A_ae(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_42 *uu____1 = &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t result[1568U]; + encrypt_unpacked_0d(uu____1, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE void kdf_d8_cf(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 - PUBLIC_KEY_SIZE= 1568 - T_AS_NTT_ENCODED_SIZE= 1536 - C1_SIZE= 1408 - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_BLOCK_SIZE= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f1( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_131( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_d8_f3( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_42( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + uint8_t ret[32U]; + H_f1_c6(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cc(public_key), + uint8_t), + ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____2 = - &public_key->ind_cpa_public_key; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cc(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_d71(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); + encrypt_5f1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_e91(copy_of_ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = + libcrux_ml_kem_types_from_01_fc(copy_of_ciphertext); + uint8_t shared_secret_array[32U]; + kdf_d8_cf(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_da(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -} - -/** -======= ->>>>>>> main -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -<<<<<<< HEAD -static void encrypt_951(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_071( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_0b1(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[4U][4U]; - memcpy(copy_of_A, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[1568U]; - encrypt_unpacked_d71(uu____3, copy_of_message, randomness, result); - memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); -======= -static void encrypt_ec1(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_8d_6b(); - deserialize_ring_elements_reduced_1b( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), - unpacked_public_key.t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[4U] = - unpacked_public_key.A; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_ae(uu____0, ret0, false); - IndCpaPublicKeyUnpacked_42 *uu____1 = &unpacked_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_e7(uu____1, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); ->>>>>>> main -} - -/** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -*/ -<<<<<<< HEAD -static KRML_MUSTINLINE void kdf_af_3b(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void kdf_d8_89(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], -libcrux_ml_kem_variant_MlKem with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -<<<<<<< HEAD -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_931( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_da( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_b11( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_d8_cd( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - uint8_t ret[32U]; -<<<<<<< HEAD - H_f1_fd1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_ae1(public_key), - uint8_t), - ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); - uint8_t hashed[64U]; - G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); -======= - H_f1_c6(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), - uint8_t), - ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); - uint8_t hashed[64U]; - G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); ->>>>>>> main - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_ae1(public_key), uint8_t); -======= - (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), uint8_t); ->>>>>>> main - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; -<<<<<<< HEAD - encrypt_951(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_e91(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_af_3b(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; -======= - encrypt_ec1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = - libcrux_ml_kem_types_from_fc_36(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_d8_89(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; ->>>>>>> main - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_21 result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } /** @@ -6417,8 +4699,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_7f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); +deserialize_to_uncompressed_ring_element_0b(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -6431,21 +4713,18 @@ deserialize_to_uncompressed_ring_element_7f(Eurydice_slice serialized) { return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_a21( +static KRML_MUSTINLINE void deserialize_secret_key_e71( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_d6_19();); + secret_as_ntt[i] = ZERO_20_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6457,11 +4736,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_a21( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_7f(secret_bytes); + deserialize_to_uncompressed_ring_element_0b(secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; + memcpy( + result, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( - ret, secret_as_ntt, + ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -6472,11 +4755,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -decompress_ciphertext_coefficient_df( -======= -decompress_ciphertext_coefficient_1b( ->>>>>>> main +decompress_ciphertext_coefficient_be( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -6501,15 +4780,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -decompress_ciphertext_coefficient_0d_8f( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_df(v); -======= -decompress_ciphertext_coefficient_0d_7e( +decompress_ciphertext_coefficient_0d_4f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_1b(v); ->>>>>>> main + return decompress_ciphertext_coefficient_be(v); } /** @@ -6519,9 +4792,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_then_decompress_10_0e(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); +deserialize_then_decompress_10_c9(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -6529,10 +4801,6 @@ deserialize_then_decompress_10_0e(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector), libcrux_ml_kem_vector_portable_vector_type_PortableVector), size_t, void *); -======= -deserialize_then_decompress_10_cb(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -6541,11 +4809,7 @@ deserialize_then_decompress_10_cb(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = -<<<<<<< HEAD - decompress_ciphertext_coefficient_0d_8f(coefficient); -======= - decompress_ciphertext_coefficient_0d_7e(coefficient); ->>>>>>> main + decompress_ciphertext_coefficient_0d_4f(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -6558,11 +4822,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -decompress_ciphertext_coefficient_df0( -======= -decompress_ciphertext_coefficient_1b0( ->>>>>>> main +decompress_ciphertext_coefficient_be0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -6587,15 +4847,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -decompress_ciphertext_coefficient_0d_8f0( +decompress_ciphertext_coefficient_0d_4f0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_df0(v); -======= -decompress_ciphertext_coefficient_0d_7e0( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_1b0(v); ->>>>>>> main + return decompress_ciphertext_coefficient_be0(v); } /** @@ -6605,13 +4859,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_then_decompress_11_73(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); -======= -deserialize_then_decompress_11_b0(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); ->>>>>>> main +deserialize_then_decompress_11_fe(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -6620,11 +4869,7 @@ deserialize_then_decompress_11_b0(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = -<<<<<<< HEAD - decompress_ciphertext_coefficient_0d_8f0(coefficient); -======= - decompress_ciphertext_coefficient_0d_7e0(coefficient); ->>>>>>> main + decompress_ciphertext_coefficient_0d_4f0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -6637,13 +4882,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_then_decompress_ring_element_u_990(Eurydice_slice serialized) { - return deserialize_then_decompress_11_73(serialized); -======= -deserialize_then_decompress_ring_element_u_05(Eurydice_slice serialized) { - return deserialize_then_decompress_11_b0(serialized); ->>>>>>> main +deserialize_then_decompress_ring_element_u_17(Eurydice_slice serialized) { + return deserialize_then_decompress_11_fe(serialized); } /** @@ -6652,37 +4892,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_vector_u_740( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_82(&zeta_i, re); - ntt_at_layer_2_8a(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_20_6b(re); -======= -static KRML_MUSTINLINE void ntt_vector_u_58( +static KRML_MUSTINLINE void ntt_vector_u_2a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_e9(&zeta_i, re); - ntt_at_layer_2_34(&zeta_i, re); - ntt_at_layer_1_bd(&zeta_i, re); - poly_barrett_reduce_d6_a9(re); ->>>>>>> main + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_1b(&zeta_i, re); + ntt_at_layer_2_ea(&zeta_i, re); + ntt_at_layer_1_21(&zeta_i, re); + poly_barrett_reduce_20_0a(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6691,20 +4913,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_then_decompress_u_b81( -======= -static KRML_MUSTINLINE void deserialize_then_decompress_u_4d( ->>>>>>> main +static KRML_MUSTINLINE void deserialize_then_decompress_u_7c( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, -<<<<<<< HEAD - u_as_ntt[i] = ZERO_20_1c();); -======= - u_as_ntt[i] = ZERO_d6_19();); ->>>>>>> main + u_as_ntt[i] = ZERO_20_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -6722,13 +4936,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_4d( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); -<<<<<<< HEAD - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_990(u_bytes); - ntt_vector_u_740(&u_as_ntt[i0]); -======= - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_05(u_bytes); - ntt_vector_u_58(&u_as_ntt[i0]); ->>>>>>> main + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_17(u_bytes); + ntt_vector_u_2a(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6742,11 +4951,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -decompress_ciphertext_coefficient_df1( -======= -decompress_ciphertext_coefficient_1b1( ->>>>>>> main +decompress_ciphertext_coefficient_be1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -6771,15 +4976,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -decompress_ciphertext_coefficient_0d_8f1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_df1(v); -======= -decompress_ciphertext_coefficient_0d_7e1( +decompress_ciphertext_coefficient_0d_4f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_1b1(v); ->>>>>>> main + return decompress_ciphertext_coefficient_be1(v); } /** @@ -6789,13 +4988,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_then_decompress_4_33(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); -======= -deserialize_then_decompress_4_ad(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); ->>>>>>> main +deserialize_then_decompress_4_c2(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -6804,11 +4998,7 @@ deserialize_then_decompress_4_ad(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = -<<<<<<< HEAD - decompress_ciphertext_coefficient_0d_8f1(coefficient); -======= - decompress_ciphertext_coefficient_0d_7e1(coefficient); ->>>>>>> main + decompress_ciphertext_coefficient_0d_4f1(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -6821,11 +5011,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -decompress_ciphertext_coefficient_df2( -======= -decompress_ciphertext_coefficient_1b2( ->>>>>>> main +decompress_ciphertext_coefficient_be2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -6850,15 +5036,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -decompress_ciphertext_coefficient_0d_8f2( +decompress_ciphertext_coefficient_0d_4f2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_df2(v); -======= -decompress_ciphertext_coefficient_0d_7e2( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_1b2(v); ->>>>>>> main + return decompress_ciphertext_coefficient_be2(v); } /** @@ -6868,13 +5048,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_then_decompress_5_df(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); -======= -deserialize_then_decompress_5_60(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); ->>>>>>> main +deserialize_then_decompress_5_a7(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -6883,11 +5058,7 @@ deserialize_then_decompress_5_60(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = -<<<<<<< HEAD - decompress_ciphertext_coefficient_0d_8f2(re.coefficients[i0]); -======= - decompress_ciphertext_coefficient_0d_7e2(re.coefficients[i0]); ->>>>>>> main + decompress_ciphertext_coefficient_0d_4f2(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -6900,39 +5071,22 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_then_decompress_ring_element_v_bf0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_df(serialized); -======= -deserialize_then_decompress_ring_element_v_03(Eurydice_slice serialized) { - return deserialize_then_decompress_5_60(serialized); ->>>>>>> main +deserialize_then_decompress_ring_element_v_41(Eurydice_slice serialized) { + return deserialize_then_decompress_5_a7(serialized); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -subtract_reduce_20_78(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, -======= -subtract_reduce_d6_81(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, ->>>>>>> main +subtract_reduce_20_1e(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -6950,12 +5104,6 @@ subtract_reduce_d6_81(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6963,31 +5111,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -compute_message_3b1( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_23(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_fc1(&result, &product);); - invert_ntt_montgomery_311(&result); - result = subtract_reduce_20_78(v, result); -======= -compute_message_15( +compute_message_b7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_5d(&result, &product);); - invert_ntt_montgomery_5f(&result); - result = subtract_reduce_d6_81(v, result); ->>>>>>> main + ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_3a(&result, &product);); + invert_ntt_montgomery_04(&result); + result = subtract_reduce_20_1e(v, result); return result; } @@ -6997,21 +5131,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD static KRML_MUSTINLINE void compress_then_serialize_message_2c( -======= -static KRML_MUSTINLINE void compress_then_serialize_message_f9( ->>>>>>> main libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - to_unsigned_representative_87(re.coefficients[i0]); -======= - to_unsigned_representative_08(re.coefficients[i0]); ->>>>>>> main + to_unsigned_representative_9f(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -7025,30 +5151,6 @@ static KRML_MUSTINLINE void compress_then_serialize_message_f9( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7059,33 +5161,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -<<<<<<< HEAD -static void decrypt_unpacked_871( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_b81(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_bf0( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_3b1(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_2c(message, ret0); -======= -static void decrypt_unpacked_76(IndCpaPrivateKeyUnpacked_42 *secret_key, +static void decrypt_unpacked_ed(IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_4d(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7c(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_03( + deserialize_then_decompress_ring_element_v_41( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_15(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_b7(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_f9(message, ret0); + compress_then_serialize_message_2c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7099,10 +5186,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_031(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_1f1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_a21(secret_key, secret_as_ntt); + deserialize_secret_key_e71(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -7112,10 +5199,9 @@ static void decrypt_031(Eurydice_slice secret_key, uint8_t *ciphertext, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t ret0[32U]; - decrypt_unpacked_76(&secret_key_unpacked, ciphertext, ret0); ->>>>>>> main - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + decrypt_unpacked_ed(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -7123,11 +5209,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_03(Eurydice_slice input, uint8_t ret[32U]) { -======= static KRML_MUSTINLINE void PRF_44(Eurydice_slice input, uint8_t ret[32U]) { ->>>>>>> main uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -7144,16 +5226,15 @@ with const generics - K= 4 - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_f1_c83(Eurydice_slice input, uint8_t ret[32U]) { - PRF_03(input, ret); +static KRML_MUSTINLINE void PRF_f1_9d(Eurydice_slice input, uint8_t ret[32U]) { + PRF_44(input, ret); } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 4 - SECRET_KEY_SIZE= 3168 - CPA_SECRET_KEY_SIZE= 1536 @@ -7171,316 +5252,84 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f21( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { +void libcrux_ml_kem_ind_cca_decapsulate_551( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), + (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_unpacked_871(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); + decrypt_1f1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_174( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_c83(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_f1_9d(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_d71(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_7b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_751( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_1c();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_7b(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; - memcpy( - result, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_c31(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_751(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t result[32U]; - decrypt_unpacked_871(&secret_key_unpacked, ciphertext, result); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void PRF_f1_9d(Eurydice_slice input, uint8_t ret[32U]) { - PRF_44(input, ret); ->>>>>>> main -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], -libcrux_ml_kem_variant_MlKem with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_161( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { -======= -void libcrux_ml_kem_ind_cca_decapsulate_6a1( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { ->>>>>>> main - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), - (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; -<<<<<<< HEAD - decrypt_c31(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - decrypt_031(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); - uint8_t hashed[64U]; -<<<<<<< HEAD - G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); -======= - G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); ->>>>>>> main - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_174(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_c83(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret0); -======= - libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_9d(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret0); ->>>>>>> main - Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; -<<<<<<< HEAD - encrypt_951(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_5f1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_3b(Eurydice_array_to_slice((size_t)32U, + kdf_d8_cf(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_3b(shared_secret0, shared_secret1); + kdf_d8_cf(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), + libcrux_ml_kem_types_as_ref_00_47(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - encrypt_ec1(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_89(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_d8_89(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } -/** - See [deserialize_ring_elements_reduced_out]. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_070( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_1c();); -======= -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b3( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8b0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7492,43 +5341,29 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b3( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = -<<<<<<< HEAD - deserialize_to_reduced_ring_element_62(ring_element); -======= - deserialize_to_reduced_ring_element_f6(ring_element); ->>>>>>> main + deserialize_to_reduced_ring_element_d3(ring_element); deserialized_pk[i0] = uu____0; } } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_6b0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_580( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_d6_19();); - deserialize_ring_elements_reduced_1b3(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_20_19();); + deserialize_ring_elements_reduced_8b0(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7536,11 +5371,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_secret_key_cd0( -======= -static KRML_MUSTINLINE void serialize_secret_key_8c0( ->>>>>>> main +static KRML_MUSTINLINE void serialize_secret_key_800( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -7558,20 +5389,13 @@ static KRML_MUSTINLINE void serialize_secret_key_8c0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; -<<<<<<< HEAD - serialize_uncompressed_ring_element_64(&re, ret0); -======= - serialize_uncompressed_ring_element_16(&re, ret0); ->>>>>>> main + serialize_uncompressed_ring_element_c4(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7580,13 +5404,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_mut_460( +static KRML_MUSTINLINE void serialize_public_key_mut_1d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret[768U]; - serialize_secret_key_8c0(t_as_ntt, ret); + serialize_secret_key_800(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7595,9 +5419,6 @@ static KRML_MUSTINLINE void serialize_public_key_mut_460( seed_for_a, uint8_t); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7606,41 +5427,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_public_key_770( +static KRML_MUSTINLINE void serialize_public_key_960( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); - uint8_t ret0[768U]; - serialize_secret_key_cd0(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t), - seed_for_a, uint8_t); + serialize_public_key_mut_1d0(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[800U]; memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void serialize_public_key_eb0( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - serialize_public_key_mut_460(t_as_ntt, seed_for_a, public_key_serialized); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); ->>>>>>> main } -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7649,25 +5445,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_820(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_070( -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_950(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_3c0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_out_6b0( ->>>>>>> main + deserialize_ring_elements_reduced_out_580( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; -<<<<<<< HEAD - serialize_public_key_770( -======= - serialize_public_key_eb0( ->>>>>>> main + serialize_public_key_960( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -7689,13 +5475,6 @@ static KRML_MUSTINLINE void H_f1_c60(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } -/** - Validate an ML-KEM private key. - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] @@ -7704,7 +5483,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_3d( +bool libcrux_ml_kem_ind_cca_validate_private_key_24( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; @@ -7732,18 +5511,18 @@ typedef struct IndCpaPrivateKeyUnpacked_ae_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static IndCpaPrivateKeyUnpacked_ae default_1a_a30(void) { +static IndCpaPrivateKeyUnpacked_ae default_f6_a30(void) { IndCpaPrivateKeyUnpacked_ae lit; - lit.secret_as_ntt[0U] = ZERO_d6_19(); - lit.secret_as_ntt[1U] = ZERO_d6_19(); + lit.secret_as_ntt[0U] = ZERO_20_19(); + lit.secret_as_ntt[1U] = ZERO_20_19(); return lit; } @@ -7762,28 +5541,28 @@ typedef struct IndCpaPublicKeyUnpacked_ae_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static IndCpaPublicKeyUnpacked_ae default_8d_6b0(void) { +static IndCpaPublicKeyUnpacked_ae default_85_6b0(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - uu____0[i] = ZERO_d6_19();); + uu____0[i] = ZERO_20_19();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_ae lit; memcpy( lit.t_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_d6_19(); - lit.A[0U][1U] = ZERO_d6_19(); - lit.A[1U][0U] = ZERO_d6_19(); - lit.A[1U][1U] = ZERO_d6_19(); + lit.A[0U][0U] = ZERO_20_19(); + lit.A[0U][1U] = ZERO_20_19(); + lit.A[1U][0U] = ZERO_20_19(); + lit.A[1U][1U] = ZERO_20_19(); return lit; } @@ -7796,11 +5575,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void G_f1_d00(Eurydice_slice input, uint8_t ret[64U]) { -======= static KRML_MUSTINLINE void G_f1_070(Eurydice_slice input, uint8_t ret[64U]) { ->>>>>>> main libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7814,13 +5589,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -<<<<<<< HEAD -static void closure_a30( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_1c();); -======= -static KRML_MUSTINLINE void cpa_keygen_seed_d8_07( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_c9( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -7833,7 +5602,6 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_07( uint8_t ret0[64U]; G_f1_070(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -7852,11 +5620,7 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -<<<<<<< HEAD -shake128_init_absorb_final_400(uint8_t input[2U][34U]) { -======= -shake128_init_absorb_370(uint8_t input[2U][34U]) { ->>>>>>> main +shake128_init_absorb_final_370(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -7887,19 +5651,11 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -<<<<<<< HEAD -shake128_init_absorb_final_f1_830(uint8_t input[2U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[2U][34U]; - memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_400(copy_of_input); -======= -shake128_init_absorb_f1_170(uint8_t input[2U][34U]) { +shake128_init_absorb_final_f1_170(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_370(copy_of_input); ->>>>>>> main + return shake128_init_absorb_final_370(copy_of_input); } /** @@ -7908,11 +5664,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_9a0( -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_720( ->>>>>>> main +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_720( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -7933,15 +5685,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_200( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_750( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_9a0(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_750( - PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_720(self, ret); ->>>>>>> main + shake128_squeeze_first_three_blocks_720(self, ret); } /** @@ -7992,11 +5738,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_891( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb1( ->>>>>>> main uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -8034,13 +5776,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_ea0( +static KRML_MUSTINLINE void shake128_squeeze_next_block_e60( PortableHash_8b *st, uint8_t ret[2U][168U]) { -======= -static KRML_MUSTINLINE void shake128_squeeze_block_e60(PortableHash_8b *st, - uint8_t ret[2U][168U]) { ->>>>>>> main uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -8060,15 +5797,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_040( - PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_ea0(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_block_f1_480( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_480( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_e60(self, ret); ->>>>>>> main + shake128_squeeze_next_block_e60(self, ret); } /** @@ -8119,11 +5850,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_892( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb2( ->>>>>>> main uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -8162,15 +5889,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -<<<<<<< HEAD -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c0( - int16_t s[272U]) { - return from_i16_array_20_d3( -======= static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba0( int16_t s[272U]) { - return from_i16_array_d6_bb( ->>>>>>> main + return from_i16_array_20_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -8181,11 +5902,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_from_xof_1b0( -======= static KRML_MUSTINLINE void sample_from_xof_490( ->>>>>>> main uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -8193,43 +5910,25 @@ static KRML_MUSTINLINE void sample_from_xof_490( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); -<<<<<<< HEAD - PortableHash_8b xof_state = shake128_init_absorb_final_f1_830(copy_of_seeds); - uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_f1_200(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[2U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_891( -======= - PortableHash_8b xof_state = shake128_init_absorb_f1_170(copy_of_seeds); + PortableHash_8b xof_state = shake128_init_absorb_final_f1_170(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_f1_750(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_750(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_fb1( ->>>>>>> main copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; -<<<<<<< HEAD - shake128_squeeze_next_block_f1_040(&xof_state, randomness); -======= - shake128_squeeze_block_f1_480(&xof_state, randomness); ->>>>>>> main + shake128_squeeze_next_block_f1_480(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); -<<<<<<< HEAD - done = sample_from_uniform_distribution_next_892( -======= done = sample_from_uniform_distribution_next_fb2( ->>>>>>> main copy_of_randomness, sampled_coefficients, out); } } @@ -8238,11 +5937,7 @@ static KRML_MUSTINLINE void sample_from_xof_490( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, -<<<<<<< HEAD - ret0[i] = closure_2c0(copy_of_out[i]);); -======= ret0[i] = closure_ba0(copy_of_out[i]);); ->>>>>>> main memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8255,18 +5950,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_matrix_A_0b0( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_a30(A_transpose[i]);); -======= static KRML_MUSTINLINE void sample_matrix_A_ae0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[2U], uint8_t seed[34U], bool transpose) { ->>>>>>> main KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -8281,11 +5967,7 @@ static KRML_MUSTINLINE void sample_matrix_A_ae0( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; -<<<<<<< HEAD - sample_from_xof_1b0(copy_of_seeds, sampled); -======= sample_from_xof_490(copy_of_seeds, sampled); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8303,15 +5985,6 @@ static KRML_MUSTINLINE void sample_matrix_A_ae0( } ); -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U][2U]; - memcpy(result, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - memcpy(ret, result, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); -======= } /** @@ -8353,14 +6026,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_dd0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_a6(randomness); +sample_from_binomial_distribution_ce0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_ee(randomness); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8370,7 +6039,7 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_830( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -8387,11 +6056,10 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_830( PRFxN_f1_9f0(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_dd0( + re_as_ntt[i0] = sample_from_binomial_distribution_ce0( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_fb(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_b3(&re_as_ntt[i0]);); return domain_separator; ->>>>>>> main } /** @@ -8406,54 +6074,7 @@ typedef struct tuple_740_s { } tuple_740; /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_d30(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN_f1 -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_f1_bf0(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_d30(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- ETA= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_d80(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_af(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -======= A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics @@ -8461,41 +6082,16 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_060( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_440( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_1c();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN_f1_bf0(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_d80( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_a0(&re_as_ntt[i0]);); -======= -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_860( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_d6_19();); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - domain_separator = - sample_vector_cbd_then_ntt_830(uu____0, uu____1, domain_separator); ->>>>>>> main + re_as_ntt[i] = ZERO_20_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + domain_separator = + sample_vector_cbd_then_ntt_3c0(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -8503,44 +6099,23 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_860( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_740 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_re_as_ntt, -======= - lit.fst, copy_of_re_as_ntt, ->>>>>>> main (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -======= - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_to_ring_element_20_fc0( -======= -static KRML_MUSTINLINE void add_to_ring_element_d6_5d0( ->>>>>>> main +static KRML_MUSTINLINE void add_to_ring_element_20_3a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8558,58 +6133,13 @@ static KRML_MUSTINLINE void add_to_ring_element_d6_5d0( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_As_plus_e_3c0( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_1c();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_23(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_fc0(&result0[i1], &product); - } - add_standard_error_reduce_20_39(&result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; - memcpy( - result, result0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -======= -static KRML_MUSTINLINE void compute_As_plus_e_000( +static KRML_MUSTINLINE void compute_As_plus_e_f00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -8623,7 +6153,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_000( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_d6_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_20_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -8636,55 +6166,13 @@ static KRML_MUSTINLINE void compute_As_plus_e_000( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_5d0(&t_as_ntt[i0], &product); + ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_3a0(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_aa(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_20_69(&t_as_ntt[i0], &error_as_ntt[i0]); } ->>>>>>> main } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8694,47 +6182,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -static tuple_4c0 generate_keypair_unpacked_830( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_f1_d00(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; -======= -static void generate_keypair_unpacked_740( +static void generate_keypair_unpacked_860( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_ae *private_key, IndCpaPublicKeyUnpacked_ae *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_07(key_generation_seed, hashed); + cpa_keygen_seed_d8_c9(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; ->>>>>>> main Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[2U] = public_key->A; uint8_t ret[34U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_0b0(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_060(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; -======= libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); sample_matrix_A_ae0(uu____1, ret, true); uint8_t prf_input[33U]; @@ -8746,182 +6207,23 @@ static void generate_keypair_unpacked_740( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_830(uu____2, copy_of_prf_input0, 0U); ->>>>>>> main + sample_vector_cbd_then_ntt_3c0(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, -<<<<<<< HEAD - sample_vector_cbd_then_ntt_060(copy_of_prf_input, domain_separator).fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_3c0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[2U] - [2U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static void closure_d60( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_1c();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_f1_fd0(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b20( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_4c0 uu____0 = generate_keypair_unpacked_830(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_d60(A[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_d9(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; - memcpy(uu____2, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - uint8_t pk_serialized[800U]; - serialize_public_key_770( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_f1_fd0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_ae uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -======= - sample_vector_cbd_then_ntt_out_860(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_440(copy_of_prf_input, domain_separator) .fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_000(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_f00(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -8936,32 +6238,18 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_fc0( - Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_830(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; - uint8_t public_key_serialized[800U]; - serialize_public_key_770( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[768U]; - serialize_secret_key_cd0(sk.secret_as_ntt, secret_key_serialized); -======= -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_520( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ea0( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_ae private_key = default_1a_a30(); - IndCpaPublicKeyUnpacked_ae public_key = default_8d_6b0(); - generate_keypair_unpacked_740(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_ae private_key = default_f6_a30(); + IndCpaPublicKeyUnpacked_ae public_key = default_85_6b0(); + generate_keypair_unpacked_860(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_eb0( + serialize_public_key_960( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_8c0(private_key.secret_as_ntt, secret_key_serialized); ->>>>>>> main + serialize_secret_key_800(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8970,26 +6258,14 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_520( uint8_t copy_of_public_key_serialized[800U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)800U * sizeof(uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_utils_extraction_helper_Keypair512 result; memcpy(result.fst, copy_of_secret_key_serialized, (size_t)768U * sizeof(uint8_t)); memcpy(result.snd, copy_of_public_key_serialized, (size_t)800U * sizeof(uint8_t)); return result; -======= - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)800U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] @@ -8997,11 +6273,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_kem_secret_key_9d( -======= -static KRML_MUSTINLINE void serialize_kem_secret_key_83( ->>>>>>> main +static KRML_MUSTINLINE void serialize_kem_secret_key_ad( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -9027,11 +6299,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_83( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; -<<<<<<< HEAD - H_f1_fd0(public_key, ret0); -======= H_f1_c60(public_key, ret0); ->>>>>>> main Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -9047,14 +6315,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_83( memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -9069,11 +6329,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_6c0(uint8_t randomness[64U]) { -======= -libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]) { ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_b20(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -9082,21 +6338,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = -<<<<<<< HEAD - generate_keypair_fc0(ind_cpa_keypair_randomness); -======= - generate_keypair_520(ind_cpa_keypair_randomness); ->>>>>>> main + generate_keypair_ea0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; -<<<<<<< HEAD - serialize_kem_secret_key_9d( -======= - serialize_kem_secret_key_83( ->>>>>>> main + serialize_kem_secret_key_ad( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -9105,21 +6353,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = -<<<<<<< HEAD - libcrux_ml_kem_types_from_e7_f1(copy_of_secret_key_serialized); -======= - libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); ->>>>>>> main + libcrux_ml_kem_types_from_7f_72(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_types_from_64_b1( - uu____2, libcrux_ml_kem_types_from_07_a9(copy_of_public_key)); -======= - return libcrux_ml_kem_types_from_17_8b( - uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_8d( + uu____2, libcrux_ml_kem_types_from_5a_c6(copy_of_public_key)); } /** @@ -9132,7 +6372,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_3b(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_64(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -9140,47 +6380,13 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_3b(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - See [deserialize_ring_elements_reduced_out]. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 768 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b0( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_f6(ring_element); - deserialized_pk[i0] = uu____0; - } ->>>>>>> main -} - /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN with const generics - K= 2 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_d31(uint8_t (*input)[33U], -======= static KRML_MUSTINLINE void PRFxN_d51(uint8_t (*input)[33U], ->>>>>>> main uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2( @@ -9201,20 +6407,11 @@ with const generics - K= 2 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_f1_bf1(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - PRFxN_d31(input, ret); -======= static KRML_MUSTINLINE void PRFxN_f1_9f1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { PRFxN_d51(input, ret); ->>>>>>> main } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -9225,17 +6422,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -<<<<<<< HEAD -sample_ring_element_cbd_a20(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_1c();); -======= -sample_ring_element_cbd_af0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_720(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_d6_19();); ->>>>>>> main + error_1[i] = ZERO_20_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -9247,19 +6437,11 @@ sample_ring_element_cbd_af0(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; -<<<<<<< HEAD - PRFxN_f1_bf1(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_d8( -======= PRFxN_f1_9f1(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_dd( ->>>>>>> main + sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -9269,11 +6451,7 @@ sample_ring_element_cbd_af0(uint8_t prf_input[33U], uint8_t domain_separator) { (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_740 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_error_1, -======= - lit.fst, copy_of_error_1, ->>>>>>> main (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -9289,15 +6467,9 @@ with const generics - K= 2 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_f1_c82(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_030(input, ret); -======= static KRML_MUSTINLINE void PRF_f1_9d2(Eurydice_slice input, uint8_t ret[128U]) { PRF_440(input, ret); ->>>>>>> main } /** @@ -9306,60 +6478,34 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_montgomery_310( +static KRML_MUSTINLINE void invert_ntt_montgomery_040( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_e7(&zeta_i, re); - invert_ntt_at_layer_2_e9(&zeta_i, re); - invert_ntt_at_layer_3_2b(&zeta_i, re); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_6b(re); -======= -static KRML_MUSTINLINE void invert_ntt_montgomery_5f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_0d(&zeta_i, re); - invert_ntt_at_layer_2_4a(&zeta_i, re); - invert_ntt_at_layer_3_a9(&zeta_i, re); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_a9(re); ->>>>>>> main + invert_ntt_at_layer_1_2e(&zeta_i, re); + invert_ntt_at_layer_2_42(&zeta_i, re); + invert_ntt_at_layer_3_0c(&zeta_i, re); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_0a(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_vector_u_4b0( -======= -static KRML_MUSTINLINE void compute_vector_u_510( ->>>>>>> main +static KRML_MUSTINLINE void compute_vector_u_020( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, -<<<<<<< HEAD - result0[i] = ZERO_20_1c();); -======= - result[i] = ZERO_d6_19();); ->>>>>>> main + result0[i] = ZERO_20_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -9379,19 +6525,11 @@ static KRML_MUSTINLINE void compute_vector_u_510( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = -<<<<<<< HEAD - ntt_multiply_20_23(a_element, &r_as_ntt[j]); - add_to_ring_element_20_fc0(&result0[i1], &product); - } - invert_ntt_montgomery_310(&result0[i1]); - add_error_reduce_20_06(&result0[i1], &error_1[i1]); -======= - ntt_multiply_d6_27(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_5d0(&result[i1], &product); + ntt_multiply_20_76(a_element, &r_as_ntt[j]); + add_to_ring_element_20_3a0(&result0[i1], &product); } - invert_ntt_montgomery_5f0(&result[i1]); - add_error_reduce_d6_a3(&result[i1], &error_1[i1]); ->>>>>>> main + invert_ntt_montgomery_040(&result0[i1]); + add_error_reduce_20_15(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -9402,9 +6540,6 @@ static KRML_MUSTINLINE void compute_vector_u_510( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9412,32 +6547,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -compute_ring_element_v_660( -======= -compute_ring_element_v_160( ->>>>>>> main +compute_ring_element_v_c70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_23(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_fc0(&result, &product);); - invert_ntt_montgomery_310(&result); - result = add_message_error_reduce_20_8c(error_2, message, result); -======= - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_5d0(&result, &product);); - invert_ntt_montgomery_5f0(&result); - result = add_message_error_reduce_d6_4d(error_2, message, result); ->>>>>>> main + ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_3a0(&result, &product);); + invert_ntt_montgomery_040(&result); + result = add_message_error_reduce_20_f0(error_2, message, result); return result; } @@ -9447,22 +6568,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_10_a9( -======= -static KRML_MUSTINLINE void compress_then_serialize_10_470( ->>>>>>> main +static KRML_MUSTINLINE void compress_then_serialize_10_7e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - compress_0d_9a(to_unsigned_representative_87(re->coefficients[i0])); -======= - compress_0d_0c(to_unsigned_representative_08(re->coefficients[i0])); ->>>>>>> main + compress_0d_20(to_unsigned_representative_9f(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -9480,23 +6593,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_31( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10_a9(re, uu____0); -======= -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_080( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_ed0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_470(re, uu____0); ->>>>>>> main + compress_then_serialize_10_7e0(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9506,11 +6609,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -<<<<<<< HEAD -static void compress_then_serialize_u_ed0( -======= -static void compress_then_serialize_u_2b0( ->>>>>>> main +static void compress_then_serialize_u_bf0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -9526,11 +6625,7 @@ static void compress_then_serialize_u_2b0( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; -<<<<<<< HEAD - compress_then_serialize_ring_element_u_31(&re, ret); -======= - compress_then_serialize_ring_element_u_080(&re, ret); ->>>>>>> main + compress_then_serialize_ring_element_u_ed0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -9543,58 +6638,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_2d( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_de0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_55(re, out); -======= -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_b90( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_d4(re, out); ->>>>>>> main + compress_then_serialize_4_b7(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -9613,18 +6661,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static void encrypt_unpacked_d70( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_060(copy_of_prf_input0, 0U); -======= -static void encrypt_unpacked_e70(IndCpaPublicKeyUnpacked_ae *public_key, +static void encrypt_unpacked_0d0(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -9633,8 +6670,7 @@ static void encrypt_unpacked_e70(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____1 = - sample_vector_cbd_then_ntt_out_860(copy_of_prf_input0, 0U); ->>>>>>> main + sample_vector_cbd_then_ntt_out_440(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -9644,11 +6680,7 @@ static void encrypt_unpacked_e70(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = -<<<<<<< HEAD - sample_ring_element_cbd_a20(copy_of_prf_input, domain_separator0); -======= - sample_ring_element_cbd_af0(copy_of_prf_input, domain_separator0); ->>>>>>> main + sample_ring_element_cbd_720(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -9656,218 +6688,58 @@ static void encrypt_unpacked_e70(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; -<<<<<<< HEAD - PRF_f1_c82(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_d8( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_4b0(public_key->A, r_as_ntt, error_1, u); -======= PRF_f1_9d2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_dd( + sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_510(public_key->A, r_as_ntt, error_1, u); ->>>>>>> main + compute_vector_u_020(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = -<<<<<<< HEAD - deserialize_then_decompress_message_52(copy_of_message); + deserialize_then_decompress_message_c9(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_660(public_key->t_as_ntt, r_as_ntt, &error_2, -======= - deserialize_then_decompress_message_40(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_160(public_key->t_as_ntt, r_as_ntt, &error_2, ->>>>>>> main + compute_ring_element_v_c70(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -<<<<<<< HEAD - compress_then_serialize_u_ed0( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_2d( -======= - compress_then_serialize_u_2b0( + compress_then_serialize_u_bf0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_b90( ->>>>>>> main + compress_then_serialize_ring_element_v_de0( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 - CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 - T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f0( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_unpacked_d70(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_e3(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -} - -/** -======= ->>>>>>> main -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -<<<<<<< HEAD -static void encrypt_950(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_070( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_0b0(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[2U][2U]; - memcpy(copy_of_A, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[768U]; - encrypt_unpacked_d70(uu____3, copy_of_message, randomness, result); - memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); -======= -static void encrypt_ec0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_5f0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_8d_6b0(); - deserialize_ring_elements_reduced_1b0( + IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_85_6b0(); + deserialize_ring_elements_reduced_8b0( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -9881,10 +6753,9 @@ static void encrypt_ec0(Eurydice_slice public_key, uint8_t message[32U], /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_e70(uu____1, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); ->>>>>>> main + uint8_t result[768U]; + encrypt_unpacked_0d0(uu____1, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } /** @@ -9898,20 +6769,12 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void kdf_af_56(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void kdf_d8_4d(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_c2(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -9933,47 +6796,27 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_930( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_e3( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b10( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_130( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_3b( + entropy_preprocess_d8_64( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; -<<<<<<< HEAD - H_f1_fd0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), -======= H_f1_c60(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), ->>>>>>> main + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cc0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); -======= G_f1_070(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); ->>>>>>> main Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -9981,67 +6824,43 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b10( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); -======= - (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), uint8_t); ->>>>>>> main + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cc0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; -<<<<<<< HEAD - encrypt_950(uu____2, copy_of_randomness, pseudorandomness, ciphertext); -======= - encrypt_ec0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); ->>>>>>> main + encrypt_5f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = -<<<<<<< HEAD - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_fc0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_56(shared_secret, shared_secret_array); -======= - libcrux_ml_kem_types_from_fc_360(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_d8_4d(shared_secret, shared_secret_array); ->>>>>>> main + kdf_d8_c2(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_ec result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_a20( +static KRML_MUSTINLINE void deserialize_secret_key_e70( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_d6_19();); + secret_as_ntt[i] = ZERO_20_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -10053,11 +6872,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_a20( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_7f(secret_bytes); + deserialize_to_uncompressed_ring_element_0b(secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; + memcpy( + result, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( - ret, secret_as_ntt, + ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -10068,13 +6891,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_then_decompress_ring_element_u_99(Eurydice_slice serialized) { - return deserialize_then_decompress_10_0e(serialized); -======= -deserialize_then_decompress_ring_element_u_050(Eurydice_slice serialized) { - return deserialize_then_decompress_10_cb(serialized); ->>>>>>> main +deserialize_then_decompress_ring_element_u_170(Eurydice_slice serialized) { + return deserialize_then_decompress_10_c9(serialized); } /** @@ -10083,37 +6901,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_vector_u_74( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_82(&zeta_i, re); - ntt_at_layer_2_8a(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_20_6b(re); -======= -static KRML_MUSTINLINE void ntt_vector_u_580( +static KRML_MUSTINLINE void ntt_vector_u_2a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_e9(&zeta_i, re); - ntt_at_layer_2_34(&zeta_i, re); - ntt_at_layer_1_bd(&zeta_i, re); - poly_barrett_reduce_d6_a9(re); ->>>>>>> main + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_1b(&zeta_i, re); + ntt_at_layer_2_ea(&zeta_i, re); + ntt_at_layer_1_21(&zeta_i, re); + poly_barrett_reduce_20_0a(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10122,20 +6922,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_then_decompress_u_b80( -======= -static KRML_MUSTINLINE void deserialize_then_decompress_u_4d0( ->>>>>>> main +static KRML_MUSTINLINE void deserialize_then_decompress_u_7c0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, -<<<<<<< HEAD - u_as_ntt[i] = ZERO_20_1c();); -======= - u_as_ntt[i] = ZERO_d6_19();); ->>>>>>> main + u_as_ntt[i] = ZERO_20_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -10153,13 +6945,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_4d0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); -<<<<<<< HEAD - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_99(u_bytes); - ntt_vector_u_74(&u_as_ntt[i0]); -======= - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_050(u_bytes); - ntt_vector_u_580(&u_as_ntt[i0]); ->>>>>>> main + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_170(u_bytes); + ntt_vector_u_2a0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -10173,21 +6960,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_then_decompress_ring_element_v_bf(Eurydice_slice serialized) { - return deserialize_then_decompress_4_33(serialized); -======= -deserialize_then_decompress_ring_element_v_030(Eurydice_slice serialized) { - return deserialize_then_decompress_4_ad(serialized); ->>>>>>> main +deserialize_then_decompress_ring_element_v_410(Eurydice_slice serialized) { + return deserialize_then_decompress_4_c2(serialized); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10195,58 +6971,20 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -compute_message_3b0( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_23(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_fc0(&result, &product);); - invert_ntt_montgomery_310(&result); - result = subtract_reduce_20_78(v, result); -======= -compute_message_150( +compute_message_b70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_5d0(&result, &product);); - invert_ntt_montgomery_5f0(&result); - result = subtract_reduce_d6_81(v, result); ->>>>>>> main + ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_3a0(&result, &product);); + invert_ntt_montgomery_040(&result); + result = subtract_reduce_20_1e(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10257,33 +6995,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -<<<<<<< HEAD -static void decrypt_unpacked_870( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_b80(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_bf( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_3b0(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_2c(message, ret0); -======= -static void decrypt_unpacked_760(IndCpaPrivateKeyUnpacked_ae *secret_key, +static void decrypt_unpacked_ed0(IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_4d0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7c0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_030( + deserialize_then_decompress_ring_element_v_410( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_150(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_b70(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_f9(message, ret0); + compress_then_serialize_message_2c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -10297,10 +7020,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_030(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_1f0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_a20(secret_key, secret_as_ntt); + deserialize_secret_key_e70(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -10310,10 +7033,9 @@ static void decrypt_030(Eurydice_slice secret_key, uint8_t *ciphertext, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t ret0[32U]; - decrypt_unpacked_760(&secret_key_unpacked, ciphertext, ret0); ->>>>>>> main - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + decrypt_unpacked_ed0(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -10326,158 +7048,8 @@ with const generics - K= 2 - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_f1_c81(Eurydice_slice input, uint8_t ret[32U]) { - PRF_03(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f20( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_870(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_170( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_c81(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_unpacked_d70(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_750( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_1c();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_7b(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; - memcpy( - result, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_c30(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_750(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t result[32U]; - decrypt_unpacked_870(&secret_key_unpacked, ciphertext, result); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -======= static KRML_MUSTINLINE void PRF_f1_9d1(Eurydice_slice input, uint8_t ret[32U]) { PRF_44(input, ret); ->>>>>>> main } /** @@ -10502,11 +7074,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_160( -======= -void libcrux_ml_kem_ind_cca_decapsulate_6a0( ->>>>>>> main +void libcrux_ml_kem_ind_cca_decapsulate_550( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -10524,15 +7092,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; -<<<<<<< HEAD - decrypt_c30(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - decrypt_030(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_1f0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -10540,11 +7102,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a0( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); -======= G_f1_070(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); ->>>>>>> main Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -10552,91 +7110,48 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_c81(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), -======= libcrux_ml_kem_utils_into_padded_array_424(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_470(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_9d1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), ->>>>>>> main implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; -<<<<<<< HEAD - encrypt_950(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_5f0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_56(Eurydice_array_to_slice((size_t)32U, + kdf_d8_c2(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_56(shared_secret0, shared_secret1); + kdf_d8_c2(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), + libcrux_ml_kem_types_as_ref_00_470(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - encrypt_ec0(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_4d(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_d8_4d(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } -/** - See [deserialize_ring_elements_reduced_out]. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_07( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_1c();); -======= -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8b1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -10648,43 +7163,29 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b2( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = -<<<<<<< HEAD - deserialize_to_reduced_ring_element_62(ring_element); -======= - deserialize_to_reduced_ring_element_f6(ring_element); ->>>>>>> main + deserialize_to_reduced_ring_element_d3(ring_element); deserialized_pk[i0] = uu____0; } } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_6b( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_58( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_d6_19();); - deserialize_ring_elements_reduced_1b2(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_20_19();); + deserialize_ring_elements_reduced_8b1(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10692,11 +7193,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_secret_key_cd( -======= -static KRML_MUSTINLINE void serialize_secret_key_8c1( ->>>>>>> main +static KRML_MUSTINLINE void serialize_secret_key_801( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -10714,20 +7211,13 @@ static KRML_MUSTINLINE void serialize_secret_key_8c1( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; -<<<<<<< HEAD - serialize_uncompressed_ring_element_64(&re, ret0); -======= - serialize_uncompressed_ring_element_16(&re, ret0); ->>>>>>> main + serialize_uncompressed_ring_element_c4(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10736,13 +7226,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_mut_461( +static KRML_MUSTINLINE void serialize_public_key_mut_1d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - serialize_secret_key_8c1(t_as_ntt, ret); + serialize_secret_key_801(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -10751,9 +7241,6 @@ static KRML_MUSTINLINE void serialize_public_key_mut_461( seed_for_a, uint8_t); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10762,41 +7249,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_public_key_77( +static KRML_MUSTINLINE void serialize_public_key_961( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); - uint8_t ret0[1152U]; - serialize_secret_key_cd(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), - seed_for_a, uint8_t); + serialize_public_key_mut_1d1(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void serialize_public_key_eb1( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - serialize_public_key_mut_461(t_as_ntt, seed_for_a, public_key_serialized); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); ->>>>>>> main } -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10805,25 +7267,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_82(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_07( -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_95(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_3c(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_out_6b( ->>>>>>> main + deserialize_ring_elements_reduced_out_58( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; -<<<<<<< HEAD - serialize_public_key_77( -======= - serialize_public_key_eb1( ->>>>>>> main + serialize_public_key_961( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -10845,13 +7297,6 @@ static KRML_MUSTINLINE void H_f1_c61(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } -/** - Validate an ML-KEM private key. - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -10860,7 +7305,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_46( +bool libcrux_ml_kem_ind_cca_validate_private_key_9e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -10888,19 +7333,19 @@ typedef struct IndCpaPrivateKeyUnpacked_f8_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static IndCpaPrivateKeyUnpacked_f8 default_1a_a31(void) { +static IndCpaPrivateKeyUnpacked_f8 default_f6_a31(void) { IndCpaPrivateKeyUnpacked_f8 lit; - lit.secret_as_ntt[0U] = ZERO_d6_19(); - lit.secret_as_ntt[1U] = ZERO_d6_19(); - lit.secret_as_ntt[2U] = ZERO_d6_19(); + lit.secret_as_ntt[0U] = ZERO_20_19(); + lit.secret_as_ntt[1U] = ZERO_20_19(); + lit.secret_as_ntt[2U] = ZERO_20_19(); return lit; } @@ -10919,33 +7364,33 @@ typedef struct IndCpaPublicKeyUnpacked_f8_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static IndCpaPublicKeyUnpacked_f8 default_8d_6b1(void) { +static IndCpaPublicKeyUnpacked_f8 default_85_6b1(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - uu____0[i] = ZERO_d6_19();); + uu____0[i] = ZERO_20_19();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_f8 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_d6_19(); - lit.A[0U][1U] = ZERO_d6_19(); - lit.A[0U][2U] = ZERO_d6_19(); - lit.A[1U][0U] = ZERO_d6_19(); - lit.A[1U][1U] = ZERO_d6_19(); - lit.A[1U][2U] = ZERO_d6_19(); - lit.A[2U][0U] = ZERO_d6_19(); - lit.A[2U][1U] = ZERO_d6_19(); - lit.A[2U][2U] = ZERO_d6_19(); + lit.A[0U][0U] = ZERO_20_19(); + lit.A[0U][1U] = ZERO_20_19(); + lit.A[0U][2U] = ZERO_20_19(); + lit.A[1U][0U] = ZERO_20_19(); + lit.A[1U][1U] = ZERO_20_19(); + lit.A[1U][2U] = ZERO_20_19(); + lit.A[2U][0U] = ZERO_20_19(); + lit.A[2U][1U] = ZERO_20_19(); + lit.A[2U][2U] = ZERO_20_19(); return lit; } @@ -10958,11 +7403,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void G_f1_d0(Eurydice_slice input, uint8_t ret[64U]) { -======= static KRML_MUSTINLINE void G_f1_071(Eurydice_slice input, uint8_t ret[64U]) { ->>>>>>> main libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -10976,13 +7417,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -<<<<<<< HEAD -static void closure_a3( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_1c();); -======= -static KRML_MUSTINLINE void cpa_keygen_seed_d8_3b( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_26( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -10995,7 +7430,6 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_3b( uint8_t ret0[64U]; G_f1_071(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -11014,11 +7448,7 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -<<<<<<< HEAD -shake128_init_absorb_final_40(uint8_t input[3U][34U]) { -======= -shake128_init_absorb_371(uint8_t input[3U][34U]) { ->>>>>>> main +shake128_init_absorb_final_371(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -11049,19 +7479,11 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -<<<<<<< HEAD -shake128_init_absorb_final_f1_83(uint8_t input[3U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[3U][34U]; - memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_40(copy_of_input); -======= -shake128_init_absorb_f1_171(uint8_t input[3U][34U]) { +shake128_init_absorb_final_f1_171(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_371(copy_of_input); ->>>>>>> main + return shake128_init_absorb_final_371(copy_of_input); } /** @@ -11070,11 +7492,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_9a( -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_721( ->>>>>>> main +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_721( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -11095,15 +7513,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_20( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_751( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_9a(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_751( - PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_721(self, ret); ->>>>>>> main + shake128_squeeze_first_three_blocks_721(self, ret); } /** @@ -11154,11 +7566,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_89( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb3( ->>>>>>> main uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -11196,13 +7604,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_ea( +static KRML_MUSTINLINE void shake128_squeeze_next_block_e61( PortableHash_58 *st, uint8_t ret[3U][168U]) { -======= -static KRML_MUSTINLINE void shake128_squeeze_block_e61(PortableHash_58 *st, - uint8_t ret[3U][168U]) { ->>>>>>> main uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -11222,15 +7625,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_04( - PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_ea(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_block_f1_481( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_481( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_e61(self, ret); ->>>>>>> main + shake128_squeeze_next_block_e61(self, ret); } /** @@ -11281,11 +7678,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_890( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb4( ->>>>>>> main uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -11324,15 +7717,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -<<<<<<< HEAD -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c( - int16_t s[272U]) { - return from_i16_array_20_d3( -======= static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba1( int16_t s[272U]) { - return from_i16_array_d6_bb( ->>>>>>> main + return from_i16_array_20_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -11343,11 +7730,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_from_xof_1b( -======= static KRML_MUSTINLINE void sample_from_xof_491( ->>>>>>> main uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -11355,43 +7738,25 @@ static KRML_MUSTINLINE void sample_from_xof_491( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); -<<<<<<< HEAD - PortableHash_58 xof_state = shake128_init_absorb_final_f1_83(copy_of_seeds); - uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_f1_20(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[3U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_89( -======= - PortableHash_58 xof_state = shake128_init_absorb_f1_171(copy_of_seeds); + PortableHash_58 xof_state = shake128_init_absorb_final_f1_171(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_f1_751(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_751(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_fb3( ->>>>>>> main copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; -<<<<<<< HEAD - shake128_squeeze_next_block_f1_04(&xof_state, randomness); -======= - shake128_squeeze_block_f1_481(&xof_state, randomness); ->>>>>>> main + shake128_squeeze_next_block_f1_481(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); -<<<<<<< HEAD - done = sample_from_uniform_distribution_next_890( -======= done = sample_from_uniform_distribution_next_fb4( ->>>>>>> main copy_of_randomness, sampled_coefficients, out); } } @@ -11400,11 +7765,7 @@ static KRML_MUSTINLINE void sample_from_xof_491( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, -<<<<<<< HEAD - ret0[i] = closure_2c(copy_of_out[i]);); -======= ret0[i] = closure_ba1(copy_of_out[i]);); ->>>>>>> main memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -11417,18 +7778,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_matrix_A_0b( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_a3(A_transpose[i]);); -======= static KRML_MUSTINLINE void sample_matrix_A_ae1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { ->>>>>>> main KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -11443,11 +7795,7 @@ static KRML_MUSTINLINE void sample_matrix_A_ae1( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; -<<<<<<< HEAD - sample_from_xof_1b(copy_of_seeds, sampled); -======= sample_from_xof_491(copy_of_seeds, sampled); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -11465,16 +7813,6 @@ static KRML_MUSTINLINE void sample_matrix_A_ae1( } ); -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U][3U]; - memcpy(result, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - memcpy(ret, result, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); -======= ->>>>>>> main } /** @@ -11483,13 +7821,8 @@ with const generics - K= 3 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_d3(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { -======= static KRML_MUSTINLINE void PRFxN_d52(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { ->>>>>>> main uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -11509,21 +7842,11 @@ with const generics - K= 3 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_f1_bf(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_d3(input, ret); -======= static KRML_MUSTINLINE void PRFxN_f1_9f2(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { PRFxN_d52(input, ret); ->>>>>>> main } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -11533,17 +7856,9 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_06( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_1c();); -======= -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_831( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -11555,20 +7870,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_831( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; -<<<<<<< HEAD - PRFxN_f1_bf(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_d8( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_a0(&re_as_ntt[i0]);); -======= PRFxN_f1_9f2(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_dd( + re_as_ntt[i0] = sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_fb(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_b3(&re_as_ntt[i0]);); return domain_separator; } @@ -11592,64 +7899,40 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_861( +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_441( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_d6_19();); + re_as_ntt[i] = ZERO_20_19();); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_831(uu____0, uu____1, domain_separator); ->>>>>>> main + sample_vector_cbd_then_ntt_3c1(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -<<<<<<< HEAD - tuple_b0 result; + tuple_b00 result; memcpy( result.fst, copy_of_re_as_ntt, -======= - tuple_b00 lit; - memcpy( - lit.fst, copy_of_re_as_ntt, ->>>>>>> main (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -======= - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_to_ring_element_20_fc( -======= -static KRML_MUSTINLINE void add_to_ring_element_d6_5d1( ->>>>>>> main +static KRML_MUSTINLINE void add_to_ring_element_20_3a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -11667,58 +7950,13 @@ static KRML_MUSTINLINE void add_to_ring_element_d6_5d1( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_As_plus_e_3c( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_1c();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_23(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_fc(&result0[i1], &product); - } - add_standard_error_reduce_20_39(&result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -======= -static KRML_MUSTINLINE void compute_As_plus_e_001( +static KRML_MUSTINLINE void compute_As_plus_e_f01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -11732,7 +7970,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_001( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_d6_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_20_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -11745,55 +7983,13 @@ static KRML_MUSTINLINE void compute_As_plus_e_001( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_5d1(&t_as_ntt[i0], &product); + ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_3a1(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_aa(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_20_69(&t_as_ntt[i0], &error_as_ntt[i0]); } ->>>>>>> main } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -11803,47 +7999,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_9b generate_keypair_unpacked_83( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_f1_d0(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; -======= -static void generate_keypair_unpacked_741( +static void generate_keypair_unpacked_861( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_f8 *private_key, IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_3b(key_generation_seed, hashed); + cpa_keygen_seed_d8_26(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; ->>>>>>> main Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[3U] = public_key->A; uint8_t ret[34U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_0b(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_06(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; -======= libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); sample_matrix_A_ae1(uu____1, ret, true); uint8_t prf_input[33U]; @@ -11855,182 +8024,23 @@ static void generate_keypair_unpacked_741( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_831(uu____2, copy_of_prf_input0, 0U); ->>>>>>> main + sample_vector_cbd_then_ntt_3c1(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, -<<<<<<< HEAD - sample_vector_cbd_then_ntt_06(copy_of_prf_input, domain_separator).fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_3c(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_d6( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_1c();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_f1_fd(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b2( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_9b uu____0 = generate_keypair_unpacked_83(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_d6(A[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_d9(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t pk_serialized[1184U]; - serialize_public_key_77( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_f1_fd(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -======= - sample_vector_cbd_then_ntt_out_861(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_441(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_001(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_f01(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -12045,32 +8055,18 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_fc( - Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_83(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - serialize_public_key_77( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_cd(sk.secret_as_ntt, secret_key_serialized); -======= -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_52( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ea( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_f8 private_key = default_1a_a31(); - IndCpaPublicKeyUnpacked_f8 public_key = default_8d_6b1(); - generate_keypair_unpacked_741(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_f8 private_key = default_f6_a31(); + IndCpaPublicKeyUnpacked_f8 public_key = default_85_6b1(); + generate_keypair_unpacked_861(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - serialize_public_key_eb1( + serialize_public_key_961( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_8c1(private_key.secret_as_ntt, secret_key_serialized); ->>>>>>> main + serialize_secret_key_801(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -12079,26 +8075,14 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_52( uint8_t copy_of_public_key_serialized[1184U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_utils_extraction_helper_Keypair768 result; memcpy(result.fst, copy_of_secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); memcpy(result.snd, copy_of_public_key_serialized, (size_t)1184U * sizeof(uint8_t)); return result; -======= - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -12106,11 +8090,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_kem_secret_key_d7( -======= -static KRML_MUSTINLINE void serialize_kem_secret_key_61( ->>>>>>> main +static KRML_MUSTINLINE void serialize_kem_secret_key_59( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -12136,11 +8116,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_61( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; -<<<<<<< HEAD - H_f1_fd(public_key, ret0); -======= H_f1_c61(public_key, ret0); ->>>>>>> main Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -12156,14 +8132,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_61( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -12178,11 +8146,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_6c(uint8_t randomness[64U]) { -======= -libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]) { ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_b2(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -12191,21 +8155,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = -<<<<<<< HEAD - generate_keypair_fc(ind_cpa_keypair_randomness); -======= - generate_keypair_52(ind_cpa_keypair_randomness); ->>>>>>> main + generate_keypair_ea(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; -<<<<<<< HEAD - serialize_kem_secret_key_d7( -======= - serialize_kem_secret_key_61( ->>>>>>> main + serialize_kem_secret_key_59( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -12214,22 +8170,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = -<<<<<<< HEAD - libcrux_ml_kem_types_from_e7_f10(copy_of_secret_key_serialized); -======= - libcrux_ml_kem_types_from_88_2d0(copy_of_secret_key_serialized); ->>>>>>> main + libcrux_ml_kem_types_from_7f_720(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_types_from_64_b10( - uu____2, libcrux_ml_kem_types_from_07_a90(copy_of_public_key)); -======= - return libcrux_ml_kem_types_from_17_8b0( - uu____2, libcrux_ml_kem_types_from_40_600(copy_of_public_key)); ->>>>>>> main + return libcrux_ml_kem_types_from_3a_8d0( + uu____2, libcrux_ml_kem_types_from_5a_c60(copy_of_public_key)); } /** @@ -12242,7 +8189,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_b0(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_b7(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -12250,38 +8197,6 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_b0(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - See [deserialize_ring_elements_reduced_out]. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b1( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_f6(ring_element); - deserialized_pk[i0] = uu____0; - } -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -12291,19 +8206,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_a2(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_1c();); -======= static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_af1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_721(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_d6_19();); ->>>>>>> main + error_1[i] = ZERO_20_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -12315,19 +8222,11 @@ sample_ring_element_cbd_af1(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; -<<<<<<< HEAD - PRFxN_f1_bf(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_d8( -======= PRFxN_f1_9f2(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_dd( ->>>>>>> main + sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -12335,15 +8234,9 @@ sample_ring_element_cbd_af1(uint8_t prf_input[33U], uint8_t domain_separator) { memcpy( copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -<<<<<<< HEAD - tuple_b0 result; + tuple_b00 result; memcpy( result.fst, copy_of_error_1, -======= - tuple_b00 lit; - memcpy( - lit.fst, copy_of_error_1, ->>>>>>> main (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -12359,15 +8252,9 @@ with const generics - K= 3 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_f1_c80(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_030(input, ret); -======= static KRML_MUSTINLINE void PRF_f1_9d4(Eurydice_slice input, uint8_t ret[128U]) { PRF_440(input, ret); ->>>>>>> main } /** @@ -12376,60 +8263,34 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_montgomery_31( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_e7(&zeta_i, re); - invert_ntt_at_layer_2_e9(&zeta_i, re); - invert_ntt_at_layer_3_2b(&zeta_i, re); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_6b(re); -======= -static KRML_MUSTINLINE void invert_ntt_montgomery_5f1( +static KRML_MUSTINLINE void invert_ntt_montgomery_041( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_0d(&zeta_i, re); - invert_ntt_at_layer_2_4a(&zeta_i, re); - invert_ntt_at_layer_3_a9(&zeta_i, re); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_a9(re); ->>>>>>> main + invert_ntt_at_layer_1_2e(&zeta_i, re); + invert_ntt_at_layer_2_42(&zeta_i, re); + invert_ntt_at_layer_3_0c(&zeta_i, re); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_0a(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_vector_u_4b( -======= -static KRML_MUSTINLINE void compute_vector_u_511( ->>>>>>> main +static KRML_MUSTINLINE void compute_vector_u_021( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, -<<<<<<< HEAD - result0[i] = ZERO_20_1c();); -======= - result[i] = ZERO_d6_19();); ->>>>>>> main + result0[i] = ZERO_20_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -12449,19 +8310,11 @@ static KRML_MUSTINLINE void compute_vector_u_511( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = -<<<<<<< HEAD - ntt_multiply_20_23(a_element, &r_as_ntt[j]); - add_to_ring_element_20_fc(&result0[i1], &product); + ntt_multiply_20_76(a_element, &r_as_ntt[j]); + add_to_ring_element_20_3a1(&result0[i1], &product); } - invert_ntt_montgomery_31(&result0[i1]); - add_error_reduce_20_06(&result0[i1], &error_1[i1]); -======= - ntt_multiply_d6_27(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_5d1(&result[i1], &product); - } - invert_ntt_montgomery_5f1(&result[i1]); - add_error_reduce_d6_a3(&result[i1], &error_1[i1]); ->>>>>>> main + invert_ntt_montgomery_041(&result0[i1]); + add_error_reduce_20_15(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -12472,9 +8325,6 @@ static KRML_MUSTINLINE void compute_vector_u_511( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -12482,38 +8332,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -compute_ring_element_v_66( -======= -compute_ring_element_v_161( ->>>>>>> main +compute_ring_element_v_c71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_23(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_fc(&result, &product);); - invert_ntt_montgomery_31(&result); - result = add_message_error_reduce_20_8c(error_2, message, result); -======= - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_5d1(&result, &product);); - invert_ntt_montgomery_5f1(&result); - result = add_message_error_reduce_d6_4d(error_2, message, result); ->>>>>>> main + ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_3a1(&result, &product);); + invert_ntt_montgomery_041(&result); + result = add_message_error_reduce_20_f0(error_2, message, result); return result; } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -12523,11 +8356,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -<<<<<<< HEAD -static void compress_then_serialize_u_ed( -======= -static void compress_then_serialize_u_2b1( ->>>>>>> main +static void compress_then_serialize_u_bf1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -12543,57 +8372,12 @@ static void compress_then_serialize_u_2b1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; -<<<<<<< HEAD - compress_then_serialize_ring_element_u_31(&re, ret); -======= - compress_then_serialize_ring_element_u_080(&re, ret); ->>>>>>> main + compress_then_serialize_ring_element_u_ed0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -12612,18 +8396,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static void encrypt_unpacked_d7( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_06(copy_of_prf_input0, 0U); -======= -static void encrypt_unpacked_e71(IndCpaPublicKeyUnpacked_f8 *public_key, +static void encrypt_unpacked_0d1(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { @@ -12633,8 +8406,7 @@ static void encrypt_unpacked_e71(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____1 = - sample_vector_cbd_then_ntt_out_861(copy_of_prf_input0, 0U); ->>>>>>> main + sample_vector_cbd_then_ntt_out_441(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -12643,13 +8415,8 @@ static void encrypt_unpacked_e71(IndCpaPublicKeyUnpacked_f8 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); -<<<<<<< HEAD - tuple_b0 uu____3 = - sample_ring_element_cbd_a2(copy_of_prf_input, domain_separator0); -======= tuple_b00 uu____3 = - sample_ring_element_cbd_af1(copy_of_prf_input, domain_separator0); ->>>>>>> main + sample_ring_element_cbd_721(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -12657,149 +8424,37 @@ static void encrypt_unpacked_e71(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; -<<<<<<< HEAD - PRF_f1_c80(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_d8( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_4b(public_key->A, r_as_ntt, error_1, u); -======= PRF_f1_9d4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_dd( + sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_511(public_key->A, r_as_ntt, error_1, u); ->>>>>>> main + compute_vector_u_021(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = -<<<<<<< HEAD - deserialize_then_decompress_message_52(copy_of_message); + deserialize_then_decompress_message_c9(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_66(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); -======= - deserialize_then_decompress_message_40(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_161(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c71(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); ->>>>>>> main uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -<<<<<<< HEAD - compress_then_serialize_u_ed( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_2d( -======= - compress_then_serialize_u_2b1( + compress_then_serialize_u_bf1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_b90( ->>>>>>> main + compress_then_serialize_ring_element_v_de0( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_unpacked_d7(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_e90(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_a0(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -} - -/** -======= ->>>>>>> main A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const @@ -12817,59 +8472,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static void encrypt_95(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_5f(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_07( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_0b(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[1088U]; - encrypt_unpacked_d7(uu____3, copy_of_message, randomness, result); - memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); -======= -static void encrypt_ec(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_8d_6b1(); - deserialize_ring_elements_reduced_1b1( + IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_85_6b1(); + deserialize_ring_elements_reduced_8b1( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -12883,10 +8489,9 @@ static void encrypt_ec(Eurydice_slice public_key, uint8_t message[32U], /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_e71(uu____1, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); ->>>>>>> main + uint8_t result[1088U]; + encrypt_unpacked_0d1(uu____1, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } /** @@ -12900,20 +8505,12 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void kdf_af_a2(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void kdf_d8_a7(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_1a(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -12935,49 +8532,27 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_93( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_a0( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_13( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_b0( + entropy_preprocess_d8_b7( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; -<<<<<<< HEAD - H_f1_fd(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae0(public_key), - uint8_t), - ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); - uint8_t hashed[64U]; - G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); -======= H_f1_c61(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cc1(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; G_f1_071(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); ->>>>>>> main Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -12985,67 +8560,43 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae0(public_key), uint8_t); -======= - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), uint8_t); ->>>>>>> main + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cc1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; -<<<<<<< HEAD - encrypt_95(uu____2, copy_of_randomness, pseudorandomness, ciphertext); -======= - encrypt_ec(uu____2, copy_of_randomness, pseudorandomness, ciphertext); ->>>>>>> main + encrypt_5f(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = -<<<<<<< HEAD - libcrux_ml_kem_types_from_15_e90(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_af_a2(shared_secret, shared_secret_array); -======= - libcrux_ml_kem_types_from_fc_361(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_fc1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_a7(shared_secret, shared_secret_array); ->>>>>>> main + kdf_d8_1a(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_3c result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_a2( +static KRML_MUSTINLINE void deserialize_secret_key_e7( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_d6_19();); + secret_as_ntt[i] = ZERO_20_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -13057,18 +8608,18 @@ static KRML_MUSTINLINE void deserialize_secret_key_a2( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_7f(secret_bytes); + deserialize_to_uncompressed_ring_element_0b(secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; + memcpy( + result, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( - ret, secret_as_ntt, + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -13077,20 +8628,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_then_decompress_u_b8( -======= -static KRML_MUSTINLINE void deserialize_then_decompress_u_4d1( ->>>>>>> main +static KRML_MUSTINLINE void deserialize_then_decompress_u_7c1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, -<<<<<<< HEAD - u_as_ntt[i] = ZERO_20_1c();); -======= - u_as_ntt[i] = ZERO_d6_19();); ->>>>>>> main + u_as_ntt[i] = ZERO_20_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -13108,25 +8651,14 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_4d1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); -<<<<<<< HEAD - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_99(u_bytes); - ntt_vector_u_74(&u_as_ntt[i0]); -======= - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_050(u_bytes); - ntt_vector_u_580(&u_as_ntt[i0]); ->>>>>>> main + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_170(u_bytes); + ntt_vector_u_2a0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -13134,58 +8666,20 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -compute_message_3b( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_23(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_fc(&result, &product);); - invert_ntt_montgomery_31(&result); - result = subtract_reduce_20_78(v, result); -======= -compute_message_151( +compute_message_b71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_5d1(&result, &product);); - invert_ntt_montgomery_5f1(&result); - result = subtract_reduce_d6_81(v, result); ->>>>>>> main + ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_3a1(&result, &product);); + invert_ntt_montgomery_041(&result); + result = subtract_reduce_20_1e(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -13196,33 +8690,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -<<<<<<< HEAD -static void decrypt_unpacked_87( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_b8(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_bf( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_3b(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_2c(message, ret0); -======= -static void decrypt_unpacked_761(IndCpaPrivateKeyUnpacked_f8 *secret_key, +static void decrypt_unpacked_ed1(IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_4d1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7c1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_030( + deserialize_then_decompress_ring_element_v_410( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_151(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_b71(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_f9(message, ret0); + compress_then_serialize_message_2c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -13236,10 +8715,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_03(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_1f(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_a2(secret_key, secret_as_ntt); + deserialize_secret_key_e7(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -13249,10 +8728,9 @@ static void decrypt_03(Eurydice_slice secret_key, uint8_t *ciphertext, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t ret0[32U]; - decrypt_unpacked_761(&secret_key_unpacked, ciphertext, ret0); ->>>>>>> main - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + decrypt_unpacked_ed1(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -13265,158 +8743,8 @@ with const generics - K= 3 - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_f1_c8(Eurydice_slice input, uint8_t ret[32U]) { - PRF_03(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f2( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_87(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_173( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_c8(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_d7(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_75( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_1c();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_7b(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; - memcpy( - result, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_c3(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_75(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t result[32U]; - decrypt_unpacked_87(&secret_key_unpacked, ciphertext, result); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -======= static KRML_MUSTINLINE void PRF_f1_9d3(Eurydice_slice input, uint8_t ret[32U]) { PRF_44(input, ret); ->>>>>>> main } /** @@ -13441,11 +8769,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_16( -======= -void libcrux_ml_kem_ind_cca_decapsulate_6a( ->>>>>>> main +void libcrux_ml_kem_ind_cca_decapsulate_55( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -13463,15 +8787,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; -<<<<<<< HEAD - decrypt_c3(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - decrypt_03(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_1f(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -13479,11 +8797,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); -======= G_f1_071(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); ->>>>>>> main Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -13491,65 +8805,34 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_173(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_c8(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret0); -======= libcrux_ml_kem_utils_into_padded_array_425(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_471(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_9d3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); ->>>>>>> main Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; -<<<<<<< HEAD - encrypt_95(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_5f(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_a2(Eurydice_array_to_slice((size_t)32U, + kdf_d8_1a(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_a2(shared_secret0, shared_secret1); + kdf_d8_1a(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), + libcrux_ml_kem_types_as_ref_00_471(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - encrypt_ec(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_a7(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_d8_a7(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index b787b4792..6fff48a70 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem_portable_H @@ -223,13 +215,9 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) -<<<<<<< HEAD Note: The input bound is 28296 to prevent overflow in the multiplication of quotient by FIELD_MODULUS -======= - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. ->>>>>>> main */ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value); @@ -261,19 +249,12 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - the absolute value of `o` is bound as follows: -<<<<<<< HEAD `|result| ≤ ceil(|value| / MONTGOMERY_R) + 1665 In particular, if `|value| ≤ FIELD_MODULUS-1 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS-1`. And, if `|value| ≤ pow2 16 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS + 1664 -======= - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) - - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. ->>>>>>> main */ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value); @@ -437,28 +418,6 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 6de959095..7163ceade 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_sha3_H @@ -37,11 +29,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_97(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e4(buf0, buf); ->>>>>>> main } /** @@ -51,11 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_970(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e40(buf0, buf); ->>>>>>> main } /** @@ -65,11 +49,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_971(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e41(buf0, buf); ->>>>>>> main } /** @@ -79,11 +59,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_972(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e42(buf0, buf); ->>>>>>> main } /** @@ -93,11 +69,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_973(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e43(buf0, buf); ->>>>>>> main } /** @@ -186,11 +158,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_974(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e44(buf0, buf); ->>>>>>> main } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index f5813a4be..5db24bab4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "internal/libcrux_sha3_avx2.h" @@ -172,30 +164,19 @@ split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { /** Create a new Shake128 x4 state. -<<<<<<< HEAD */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -======= ->>>>>>> main */ /** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_89 +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e with types core_core_arch_x86___m256i with const generics - N= 4 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -<<<<<<< HEAD -new_1e_fa(void) { -======= -new_89_71(void) { ->>>>>>> main +new_1e_71(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = zero_ef(); lit.st[0U][1U] = zero_ef(); @@ -350,11 +331,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void load_block_ef_16(__m256i (*a)[5U], -======= static KRML_MUSTINLINE void load_block_ef_d4(__m256i (*a)[5U], ->>>>>>> main Eurydice_slice b[4U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ @@ -1222,11 +1199,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void theta_rho_3f( -======= static KRML_MUSTINLINE void theta_rho_1b( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i c[5U] = {xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]), @@ -1288,11 +1261,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void pi_d8( -======= static KRML_MUSTINLINE void pi_70( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1328,11 +1297,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void chi_95( -======= static KRML_MUSTINLINE void chi_12( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1350,11 +1315,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void iota_c9( -======= static KRML_MUSTINLINE void iota_fe( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { s->st[0U][0U] = xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1366,16 +1327,6 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void keccakf1600_4e( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho_3f(s); - pi_d8(s); - chi_95(s); - iota_c9(s, i0); -======= static KRML_MUSTINLINE void keccakf1600_cd( libcrux_sha3_generic_keccak_KeccakState_29 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { @@ -1384,7 +1335,6 @@ static KRML_MUSTINLINE void keccakf1600_cd( pi_70(s); chi_12(s); iota_fe(s, i0); ->>>>>>> main } } @@ -1395,22 +1345,13 @@ with const generics - N= 4 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void absorb_block_26( -======= static KRML_MUSTINLINE void absorb_block_32( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - load_block_ef_16(uu____0, uu____1); - keccakf1600_4e(s); -======= load_block_ef_d4(uu____0, uu____1); keccakf1600_cd(s); ->>>>>>> main } /** @@ -1437,11 +1378,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void load_block_full_ef_40(__m256i (*a)[5U], -======= static KRML_MUSTINLINE void load_block_full_ef_e6(__m256i (*a)[5U], ->>>>>>> main uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ @@ -1458,11 +1395,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -<<<<<<< HEAD -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80( -======= KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1478,13 +1411,8 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - load_block_full_ef_40(uu____3, uu____4); - keccakf1600_4e(s); -======= load_block_full_ef_e6(uu____3, uu____4); keccakf1600_cd(s); ->>>>>>> main } /** @@ -1652,11 +1580,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void store_block_full_ef_83(__m256i (*a)[5U], -======= static KRML_MUSTINLINE void store_block_full_ef_d1(__m256i (*a)[5U], ->>>>>>> main uint8_t ret[4U][200U]) { store_block_full_61(a, ret); } @@ -1668,17 +1592,10 @@ with const generics - N= 4 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void squeeze_first_and_last_ac( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - uint8_t b[4U][200U]; - store_block_full_ef_83(s->st, b); -======= static KRML_MUSTINLINE void squeeze_first_and_last_a8( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; store_block_full_ef_d1(s->st, b); ->>>>>>> main KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -1699,11 +1616,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void store_block_ef_aa(__m256i (*a)[5U], -======= static KRML_MUSTINLINE void store_block_ef_e3(__m256i (*a)[5U], ->>>>>>> main Eurydice_slice b[4U]) { store_block_78(a, b); } @@ -1715,15 +1628,9 @@ with const generics - N= 4 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void squeeze_first_block_b7( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_aa(s->st, out); -======= static KRML_MUSTINLINE void squeeze_first_block_ca( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { store_block_ef_e3(s->st, out); ->>>>>>> main } /** @@ -1733,17 +1640,10 @@ with const generics - N= 4 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void squeeze_next_block_ff( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_4e(s); - store_block_ef_aa(s->st, out); -======= static KRML_MUSTINLINE void squeeze_next_block_66( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { keccakf1600_cd(s); store_block_ef_e3(s->st, out); ->>>>>>> main } /** @@ -1753,19 +1653,11 @@ with const generics - N= 4 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void squeeze_last_0a( - libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - keccakf1600_4e(&s); - uint8_t b[4U][200U]; - store_block_full_ef_83(s.st, b); -======= static KRML_MUSTINLINE void squeeze_last_fe( libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { keccakf1600_cd(&s); uint8_t b[4U][200U]; store_block_full_ef_d1(s.st, b); ->>>>>>> main KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -1785,15 +1677,9 @@ with const generics - RATE= 136 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void keccak_9b(Eurydice_slice data[4U], - Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_fa(); -======= static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_89_71(); ->>>>>>> main + libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_71(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1803,11 +1689,7 @@ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); -<<<<<<< HEAD - absorb_block_26(uu____0, ret); -======= absorb_block_32(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; @@ -1817,20 +1699,12 @@ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], Eurydice_slice ret[4U]; slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_80(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_7f(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - squeeze_first_and_last_ac(&s, out); -======= squeeze_first_and_last_a8(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = split_at_mut_n_ef(out, (size_t)136U); @@ -1838,18 +1712,14 @@ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - squeeze_first_block_b7(&s, o0); -======= squeeze_first_block_ca(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1860,20 +1730,12 @@ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - squeeze_next_block_ff(&s, o); -======= squeeze_next_block_66(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - squeeze_last_0a(s, o1); -======= squeeze_last_fe(s, o1); ->>>>>>> main } } } @@ -1887,11 +1749,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - keccak_9b(buf0, buf); -======= keccak_b9(buf0, buf); ->>>>>>> main } /** @@ -1899,11 +1757,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, */ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { -<<<<<<< HEAD - return new_1e_fa(); -======= - return new_89_71(); ->>>>>>> main + return new_1e_71(); } /** @@ -2046,11 +1900,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void load_block_full_ef_400(__m256i (*a)[5U], -======= static KRML_MUSTINLINE void load_block_full_ef_e60(__m256i (*a)[5U], ->>>>>>> main uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ @@ -2067,11 +1917,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void absorb_final_800( -======= static KRML_MUSTINLINE void absorb_final_7f0( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -2087,13 +1933,8 @@ static KRML_MUSTINLINE void absorb_final_7f0( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - load_block_full_ef_400(uu____3, uu____4); - keccakf1600_4e(s); -======= load_block_full_ef_e60(uu____3, uu____4); keccakf1600_cd(s); ->>>>>>> main } /** @@ -2103,11 +1944,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; -<<<<<<< HEAD - absorb_final_800(s, buf); -======= absorb_final_7f0(s, buf); ->>>>>>> main } /** @@ -2241,40 +2078,11 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void store_block_ef_aa0(__m256i (*a)[5U], - Eurydice_slice b[4U]) { - store_block_780(a, b); -======= static KRML_MUSTINLINE void store_block_ef_e30(__m256i (*a)[5U], Eurydice_slice b[4U]) { store_block_780(a, b); } -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_next_block_660( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_cd(s); - store_block_ef_e30(s->st, out); -} - -/** - Squeeze another block -*/ -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, - Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_660(s, buf); ->>>>>>> main -} - /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block with types core_core_arch_x86___m256i @@ -2282,10 +2090,9 @@ with const generics - N= 4 - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void squeeze_first_block_b70( +static KRML_MUSTINLINE void squeeze_first_block_ca0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_aa0(s->st, out); + store_block_ef_e30(s->st, out); } /** @@ -2295,15 +2102,10 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_next_block_ff0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_4e(s); - store_block_ef_aa0(s->st, out); -======= -static KRML_MUSTINLINE void squeeze_first_block_ca0( +static KRML_MUSTINLINE void squeeze_next_block_660( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + keccakf1600_cd(s); store_block_ef_e30(s->st, out); ->>>>>>> main } /** @@ -2313,11 +2115,7 @@ with const generics - N= 4 - RATE= 168 */ -<<<<<<< HEAD -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d( -======= KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2325,24 +2123,15 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - squeeze_first_block_b70(s, o0); -======= squeeze_first_block_ca0(s, o0); ->>>>>>> main Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - squeeze_next_block_ff0(s, o1); - squeeze_next_block_ff0(s, o2); -======= squeeze_next_block_660(s, o1); squeeze_next_block_660(s, o2); ->>>>>>> main } /** @@ -2352,8 +2141,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(s, buf); } /** @@ -2363,10 +2151,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_ff0(s, buf); -======= - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(s, buf); ->>>>>>> main + squeeze_next_block_660(s, buf); } /** @@ -2376,11 +2161,7 @@ with const generics - N= 4 - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void squeeze_first_five_blocks_58( -======= static KRML_MUSTINLINE void squeeze_first_five_blocks_0b( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2388,46 +2169,29 @@ static KRML_MUSTINLINE void squeeze_first_five_blocks_0b( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - squeeze_first_block_b70(s, o0); -======= squeeze_first_block_ca0(s, o0); ->>>>>>> main Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - squeeze_next_block_ff0(s, o1); -======= squeeze_next_block_660(s, o1); ->>>>>>> main Eurydice_slice_uint8_t_4size_t__x2 uu____2 = split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - squeeze_next_block_ff0(s, o2); -======= squeeze_next_block_660(s, o2); ->>>>>>> main Eurydice_slice_uint8_t_4size_t__x2 uu____3 = split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - squeeze_next_block_ff0(s, o3); - squeeze_next_block_ff0(s, o4); -======= squeeze_next_block_660(s, o3); squeeze_next_block_660(s, o4); ->>>>>>> main } /** @@ -2438,11 +2202,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - squeeze_first_five_blocks_58(s, buf); -======= squeeze_first_five_blocks_0b(s, buf); ->>>>>>> main } /** @@ -2452,11 +2212,7 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_80(s, buf); -======= libcrux_sha3_generic_keccak_absorb_final_7f(s, buf); ->>>>>>> main } /** @@ -2467,11 +2223,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - squeeze_first_block_b7(s, buf); -======= squeeze_first_block_ca(s, buf); ->>>>>>> main } /** @@ -2482,9 +2234,5 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - squeeze_next_block_ff(s, buf); -======= squeeze_next_block_66(s, buf); ->>>>>>> main } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index a5e92ad89..6530e87bc 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_sha3_avx2_H @@ -63,16 +55,6 @@ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); /** -<<<<<<< HEAD -======= - Squeeze another block -*/ -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, - Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); - -/** ->>>>>>> main Squeeze three blocks */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( @@ -80,7 +62,6 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** -<<<<<<< HEAD Squeeze another block */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( @@ -88,8 +69,6 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** -======= ->>>>>>> main Squeeze five blocks */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index fe0a603bb..0eadd5bb5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_sha3_internal_H @@ -87,22 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d6(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; -<<<<<<< HEAD - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_fc(b); -======= return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_d6(b); ->>>>>>> main } /** @@ -205,30 +189,19 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { /** Create a new Shake128 x4 state. -<<<<<<< HEAD */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -======= ->>>>>>> main */ /** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_89 +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -<<<<<<< HEAD -libcrux_sha3_generic_keccak_new_1e_ba(void) { -======= -libcrux_sha3_generic_keccak_new_89_cf(void) { ->>>>>>> main +libcrux_sha3_generic_keccak_new_1e_cf(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -263,11 +236,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_28( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -278,11 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD core_result_unwrap_41_0e(dst, uu____0); -======= - core_result_unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -295,19 +260,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_86( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_28(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d4( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_65(s, buf); ->>>>>>> main } /** @@ -319,21 +276,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_05( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_86(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d4(uu____0, copy_of_b); ->>>>>>> main } /** @@ -343,11 +292,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc0(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d60(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -358,15 +303,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc0(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_74(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d60(ab); ->>>>>>> main } /** @@ -380,13 +319,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_03(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_74(a, b); ->>>>>>> main } /** @@ -396,11 +330,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc1(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d61(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -411,15 +341,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac0(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc1(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_740(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d61(ab); ->>>>>>> main } /** @@ -433,13 +357,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac0(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_030(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_740(a, b); ->>>>>>> main } /** @@ -449,11 +368,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc2(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d62(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -464,15 +379,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac1(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc2(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_741(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d62(ab); ->>>>>>> main } /** @@ -486,13 +395,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac1(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_031(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_741(a, b); ->>>>>>> main } /** @@ -502,11 +406,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc3(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d63(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -517,15 +417,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac2(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc3(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_742(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d63(ab); ->>>>>>> main } /** @@ -539,13 +433,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac2(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_032(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_742(a, b); ->>>>>>> main } /** @@ -555,15 +444,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac3(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_743(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d6(ab); ->>>>>>> main } /** @@ -577,13 +460,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac3(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_033(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_743(a, b); ->>>>>>> main } /** @@ -593,11 +471,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc4(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d64(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -608,15 +482,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac4(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc4(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_744(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d64(ab); ->>>>>>> main } /** @@ -630,13 +498,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac4(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_034(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_744(a, b); ->>>>>>> main } /** @@ -646,11 +509,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc5(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d65(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -661,15 +520,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac5(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc5(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_745(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d65(ab); ->>>>>>> main } /** @@ -683,13 +536,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac5(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_035(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_745(a, b); ->>>>>>> main } /** @@ -699,11 +547,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc6(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d66(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -714,15 +558,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac6(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc6(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_746(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d66(ab); ->>>>>>> main } /** @@ -736,13 +574,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac6(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_036(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_746(a, b); ->>>>>>> main } /** @@ -752,11 +585,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc7(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d67(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -767,15 +596,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac7(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc7(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_747(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d67(ab); ->>>>>>> main } /** @@ -789,13 +612,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac7(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_037(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_747(a, b); ->>>>>>> main } /** @@ -805,11 +623,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc8(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d68(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -820,15 +634,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac8(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc8(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_748(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d68(ab); ->>>>>>> main } /** @@ -842,13 +650,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac8(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_038(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_748(a, b); ->>>>>>> main } /** @@ -858,11 +661,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc9(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d69(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -873,15 +672,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac9(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc9(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_749(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d69(ab); ->>>>>>> main } /** @@ -895,13 +688,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac9(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_039(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_749(a, b); ->>>>>>> main } /** @@ -911,11 +699,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc10(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d610(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -926,15 +710,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac10(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc10(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7410(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d610(ab); ->>>>>>> main } /** @@ -948,13 +726,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac10(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0310(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7410(a, b); ->>>>>>> main } /** @@ -964,11 +737,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc11(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d611(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -979,15 +748,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac11(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc11(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7411(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d611(ab); ->>>>>>> main } /** @@ -1001,13 +764,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac11(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0311(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7411(a, b); ->>>>>>> main } /** @@ -1017,11 +775,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc12(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d612(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -1032,15 +786,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac12(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc12(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7412(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d612(ab); ->>>>>>> main } /** @@ -1054,13 +802,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac12(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0312(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7412(a, b); ->>>>>>> main } /** @@ -1070,11 +813,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc13(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d613(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -1085,15 +824,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac13(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc13(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7413(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d613(ab); ->>>>>>> main } /** @@ -1107,13 +840,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac13(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0313(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7413(a, b); ->>>>>>> main } /** @@ -1123,11 +851,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc14(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d614(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -1138,15 +862,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac14(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc14(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7414(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d614(ab); ->>>>>>> main } /** @@ -1160,13 +878,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac14(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0314(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7414(a, b); ->>>>>>> main } /** @@ -1176,11 +889,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc15(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d615(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -1191,15 +900,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac15(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc15(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7415(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d615(ab); ->>>>>>> main } /** @@ -1213,13 +916,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac15(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0315(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7415(a, b); ->>>>>>> main } /** @@ -1229,11 +927,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc16(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d616(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -1244,15 +938,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac16(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc16(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7416(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d616(ab); ->>>>>>> main } /** @@ -1266,13 +954,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac16(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0316(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7416(a, b); ->>>>>>> main } /** @@ -1282,11 +965,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc17(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d617(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -1297,15 +976,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac17(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc17(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7417(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d617(ab); ->>>>>>> main } /** @@ -1319,13 +992,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac17(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0317(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7417(a, b); ->>>>>>> main } /** @@ -1335,11 +1003,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc18(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d618(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1350,15 +1014,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac18(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc18(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7418(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d618(ab); ->>>>>>> main } /** @@ -1372,13 +1030,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac18(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0318(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7418(a, b); ->>>>>>> main } /** @@ -1388,11 +1041,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc19(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d619(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1403,15 +1052,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac19(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc19(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7419(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d619(ab); ->>>>>>> main } /** @@ -1425,13 +1068,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac19(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0319(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7419(a, b); ->>>>>>> main } /** @@ -1441,11 +1079,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc20(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d620(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1456,15 +1090,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac20(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc20(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7420(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d620(ab); ->>>>>>> main } /** @@ -1478,13 +1106,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac20(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0320(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7420(a, b); ->>>>>>> main } /** @@ -1494,11 +1117,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc21(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d621(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1509,15 +1128,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac21(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc21(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7421(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d621(ab); ->>>>>>> main } /** @@ -1531,13 +1144,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac21(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0321(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7421(a, b); ->>>>>>> main } /** @@ -1547,11 +1155,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc22(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d622(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1562,15 +1166,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac22(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc22(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7422(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d622(ab); ->>>>>>> main } /** @@ -1584,13 +1182,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac22(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0322(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7422(a, b); ->>>>>>> main } /** @@ -1599,11 +1192,7 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_0d( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1639,55 +1228,6 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = -<<<<<<< HEAD - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(s->st[1U][0U], t[0U]); - s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(s->st[2U][0U], t[0U]); - s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(s->st[3U][0U], t[0U]); - s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(s->st[4U][0U], t[0U]); - s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(s->st[0U][1U], t[1U]); - s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(s->st[1U][1U], t[1U]); - s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(s->st[2U][1U], t[1U]); - s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(s->st[3U][1U], t[1U]); - s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(s->st[4U][1U], t[1U]); - s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(s->st[0U][2U], t[2U]); - s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(s->st[1U][2U], t[2U]); - s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(s->st[2U][2U], t[2U]); - s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(s->st[3U][2U], t[2U]); - s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(s->st[4U][2U], t[2U]); - s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(s->st[0U][3U], t[3U]); - s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(s->st[1U][3U], t[3U]); - s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(s->st[2U][3U], t[3U]); - s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(s->st[3U][3U], t[3U]); - s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(s->st[4U][3U], t[3U]); - s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(s->st[0U][4U], t[4U]); - s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(s->st[1U][4U], t[4U]); - s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(s->st[2U][4U], t[4U]); - s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(s->st[3U][4U], t[4U]); - uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(s->st[4U][4U], t[4U]); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_03(s->st[1U][0U], t[0U]); s->st[2U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_030(s->st[2U][0U], t[0U]); @@ -1735,7 +1275,6 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7( libcrux_sha3_portable_keccak_xor_and_rotate_5a_0321(s->st[3U][4U], t[4U]); uint64_t uu____27 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_0322(s->st[4U][4U], t[4U]); ->>>>>>> main s->st[4U][4U] = uu____27; } @@ -1745,11 +1284,7 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_f0( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_d5( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1785,11 +1320,7 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_e2( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_3e( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1807,11 +1338,7 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_ae( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_00( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1823,16 +1350,6 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_7e( - libcrux_sha3_generic_keccak_KeccakState_48 *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_0d(s); - libcrux_sha3_generic_keccak_pi_f0(s); - libcrux_sha3_generic_keccak_chi_e2(s); - libcrux_sha3_generic_keccak_iota_ae(s, i0); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_b8( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { @@ -1841,7 +1358,6 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_b8( libcrux_sha3_generic_keccak_pi_d5(s); libcrux_sha3_generic_keccak_chi_3e(s); libcrux_sha3_generic_keccak_iota_00(s, i0); ->>>>>>> main } } @@ -1853,11 +1369,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f3( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_40( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1876,13 +1388,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_40( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_05(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -1890,11 +1397,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -1916,30 +1419,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_49( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b(a, b); } -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c2( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_b8(s); - libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out); ->>>>>>> main -} - /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block with types uint64_t @@ -1947,10 +1431,9 @@ with const generics - N= 1 - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_80( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out); } /** @@ -1960,15 +1443,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_87( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); -======= -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out); ->>>>>>> main } /** @@ -1976,11 +1454,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_280( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1991,11 +1465,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD core_result_unwrap_41_0e(dst, uu____0); -======= - core_result_unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2008,19 +1478,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_860( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_280(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d40( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_650(s, buf); ->>>>>>> main } /** @@ -2032,21 +1494,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c0( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_050( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_860(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d40(uu____0, copy_of_b); ->>>>>>> main } /** @@ -2057,11 +1511,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f30( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_400( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2080,13 +1530,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_400( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -2094,11 +1539,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d0( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b0( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -2120,15 +1561,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d0( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d0(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_490( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b0(a, b); ->>>>>>> main } /** @@ -2138,15 +1573,9 @@ with const generics - N= 1 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_800( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_portable_keccak_store_block_5a_490(s->st, out); ->>>>>>> main } /** @@ -2156,17 +1585,10 @@ with const generics - N= 1 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_870( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c20( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_490(s->st, out); ->>>>>>> main } /** @@ -2178,19 +1600,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_153( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_35( ->>>>>>> main uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_28(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_650(uu____0, copy_of_b); } @@ -2210,7 +1625,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_350( Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block_65(uu____0, copy_of_b); ->>>>>>> main } /** @@ -2220,22 +1634,13 @@ with const generics - N= 1 - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_283( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_403( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_153(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_350(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -2243,20 +1648,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_853( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e3( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2273,15 +1670,9 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_portable_keccak_store_block_full_5a_1e3(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_853(a, ret); -======= libcrux_sha3_portable_keccak_store_block_full_5a_273(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e3(a, ret); ->>>>>>> main } /** @@ -2292,17 +1683,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d93( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_883( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_273(s->st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2325,19 +1709,11 @@ with const generics - N= 1 - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c93( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca3( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_273(s.st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2361,17 +1737,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -2382,11 +1751,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_283(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_403(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2396,20 +1761,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f3(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_40(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d93(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_883(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -2417,18 +1774,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_80(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2439,20 +1792,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_87(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c2(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c93(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca3(s, o1); ->>>>>>> main } } } @@ -2463,20 +1808,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_974( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e44( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_924(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_064(copy_of_data, out); ->>>>>>> main } /** @@ -2484,11 +1821,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_283( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -2499,11 +1832,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD core_result_unwrap_41_0e(dst, uu____0); -======= - core_result_unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2520,21 +1849,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_152( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_353( ->>>>>>> main uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_283(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_653(uu____0, copy_of_b); ->>>>>>> main } /** @@ -2544,22 +1865,13 @@ with const generics - N= 1 - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_282( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_402( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_152(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_353(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -2567,19 +1879,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_863( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_283(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d43( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_653(s, buf); ->>>>>>> main } /** @@ -2591,21 +1895,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c3( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_053( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_863(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d43(uu____0, copy_of_b); ->>>>>>> main } /** @@ -2616,11 +1912,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f34( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_404( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2639,13 +1931,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_404( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c3(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_053(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -2653,11 +1940,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d3( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b3( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -2675,20 +1958,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_852( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e2( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d3(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b3(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2705,15 +1980,9 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_portable_keccak_store_block_full_5a_1e2(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_852(a, ret); -======= libcrux_sha3_portable_keccak_store_block_full_5a_272(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e2(a, ret); ->>>>>>> main } /** @@ -2724,17 +1993,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d92( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_882( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_272(s->st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2759,15 +2021,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d3( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d3(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_493( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b3(a, b); ->>>>>>> main } /** @@ -2777,15 +2033,9 @@ with const generics - N= 1 - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_803( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_portable_keccak_store_block_5a_493(s->st, out); ->>>>>>> main } /** @@ -2795,17 +2045,10 @@ with const generics - N= 1 - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_873( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c23( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_493(s->st, out); ->>>>>>> main } /** @@ -2815,19 +2058,11 @@ with const generics - N= 1 - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c92( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca2( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_272(s.st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2851,17 +2086,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -2872,11 +2100,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_282(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_402(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2886,20 +2110,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f34(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_404(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d92(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_882(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2907,18 +2123,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_803(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b3(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2929,20 +2141,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_873(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c23(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c92(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca2(s, o1); ->>>>>>> main } } } @@ -2953,20 +2157,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_973( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e43( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_923(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_063(copy_of_data, out); ->>>>>>> main } /** @@ -2974,11 +2170,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_282( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2989,11 +2181,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD core_result_unwrap_41_0e(dst, uu____0); -======= - core_result_unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3010,21 +2198,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_151( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_352( ->>>>>>> main uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_282(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_652(uu____0, copy_of_b); ->>>>>>> main } /** @@ -3034,22 +2214,13 @@ with const generics - N= 1 - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_281( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_401( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_151(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_352(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -3057,19 +2228,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_862( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_282(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d42( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_652(s, buf); ->>>>>>> main } /** @@ -3081,21 +2244,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c2( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_052( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_862(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d42(uu____0, copy_of_b); ->>>>>>> main } /** @@ -3106,11 +2261,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f33( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_403( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -3129,13 +2280,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_403( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_052(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -3143,11 +2289,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d2( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b2( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -3165,20 +2307,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_851( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e1( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d2(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b2(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -3195,15 +2329,9 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_portable_keccak_store_block_full_5a_1e1(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_851(a, ret); -======= libcrux_sha3_portable_keccak_store_block_full_5a_271(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e1(a, ret); ->>>>>>> main } /** @@ -3214,17 +2342,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d91( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_881( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_271(s->st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3249,15 +2370,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d2( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d2(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_492( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b2(a, b); ->>>>>>> main } /** @@ -3267,15 +2382,9 @@ with const generics - N= 1 - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_802( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_portable_keccak_store_block_5a_492(s->st, out); ->>>>>>> main } /** @@ -3285,17 +2394,10 @@ with const generics - N= 1 - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_872( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c22( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_492(s->st, out); ->>>>>>> main } /** @@ -3305,19 +2407,11 @@ with const generics - N= 1 - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c91( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca1( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_271(s.st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3341,17 +2435,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -3362,11 +2449,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_281(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_401(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3376,20 +2459,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f33(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_403(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d91(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_881(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -3397,18 +2472,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_802(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b2(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -3419,20 +2490,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_872(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c22(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c91(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca1(s, o1); ->>>>>>> main } } } @@ -3443,38 +2506,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_972( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e42( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_922(copy_of_data, out); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_150( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_280(uu____0, copy_of_b); -======= libcrux_sha3_generic_keccak_keccak_062(copy_of_data, out); ->>>>>>> main } /** @@ -3484,22 +2521,13 @@ with const generics - N= 1 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_280( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_400( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_150(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_35(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -3507,20 +2535,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_850( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e0( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d0(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b0(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -3537,15 +2557,9 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_portable_keccak_store_block_full_5a_1e0(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_850(a, ret); -======= libcrux_sha3_portable_keccak_store_block_full_5a_270(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e0(a, ret); ->>>>>>> main } /** @@ -3556,17 +2570,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d90( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_880( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_270(s->st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3589,19 +2596,11 @@ with const generics - N= 1 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c90( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca0( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_270(s.st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3625,17 +2624,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -3646,11 +2638,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_400(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3660,20 +2648,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f30(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_400(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_880(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -3681,18 +2661,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b0(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -3703,20 +2679,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c20(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca0(s, o1); ->>>>>>> main } } } @@ -3727,20 +2695,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_971( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e41( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_921(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_061(copy_of_data, out); ->>>>>>> main } /** @@ -3751,11 +2711,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f32( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_402( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -3774,13 +2730,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_402( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -3791,17 +2742,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -3812,11 +2756,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_400(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3826,20 +2766,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f32(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_402(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_880(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -3847,18 +2779,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b0(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -3869,20 +2797,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c20(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca0(s, o1); ->>>>>>> main } } } @@ -3893,20 +2813,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_970( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e40( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_920(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_060(copy_of_data, out); ->>>>>>> main } /** @@ -3914,11 +2826,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_281( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -3929,11 +2837,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD core_result_unwrap_41_0e(dst, uu____0); -======= - core_result_unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3950,21 +2854,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_15( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_351( ->>>>>>> main uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_281(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_651(uu____0, copy_of_b); ->>>>>>> main } /** @@ -3974,22 +2870,13 @@ with const generics - N= 1 - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_28( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_40( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_15(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_351(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -3997,19 +2884,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_861( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_281(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d41( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_651(s, buf); ->>>>>>> main } /** @@ -4021,21 +2900,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c1( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_051( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_861(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d41(uu____0, copy_of_b); ->>>>>>> main } /** @@ -4046,11 +2917,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f31( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_401( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -4069,13 +2936,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_401( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c1(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_051(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -4083,11 +2945,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d1( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b1( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -4105,20 +2963,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_85( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d1(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b1(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -4134,15 +2984,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_1e( - uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_85(a, ret); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_27( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e(a, ret); ->>>>>>> main } /** @@ -4153,17 +2997,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d9( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_88( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_27(s->st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -4188,15 +3025,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d1( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d1(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_491( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b1(a, b); ->>>>>>> main } /** @@ -4206,15 +3037,9 @@ with const generics - N= 1 - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_801( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out); ->>>>>>> main } /** @@ -4224,17 +3049,10 @@ with const generics - N= 1 - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_871( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c21( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out); ->>>>>>> main } /** @@ -4244,19 +3062,11 @@ with const generics - N= 1 - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c9( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_27(s.st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -4280,17 +3090,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -4301,11 +3104,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_28(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_40(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -4315,20 +3114,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f31(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_401(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d9(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_88(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -4336,18 +3127,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_801(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b1(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -4358,20 +3145,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_871(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c21(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c9(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca(s, o1); ->>>>>>> main } } } @@ -4382,20 +3161,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_97( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e4( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_92(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_06(copy_of_data, out); ->>>>>>> main } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index e73f42895..2841710c3 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,34 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "libcrux_sha3_neon.h" /** -<<<<<<< HEAD - A portable SHA3 512 implementation. -*/ -void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { -======= A portable SHA3 224 implementation. */ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { ->>>>>>> main KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -40,20 +26,14 @@ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, /** A portable SHA3 256 implementation. */ -<<<<<<< HEAD -void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { -======= KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { ->>>>>>> main KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } /** -<<<<<<< HEAD -======= A portable SHA3 384 implementation. */ KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, @@ -74,7 +54,6 @@ KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, } /** ->>>>>>> main Run SHAKE256 on both inputs in parallel. Writes the two results into `out0` and `out1` @@ -130,31 +109,12 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { -<<<<<<< HEAD - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - A portable SHA3 224 implementation. -*/ -KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, - Eurydice_slice data) { -======= ->>>>>>> main KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } /** -<<<<<<< HEAD - A portable SHA3 384 implementation. -*/ -KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, - Eurydice_slice data) { -======= Squeeze five blocks */ KRML_MUSTINLINE void @@ -196,7 +156,6 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake256_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { ->>>>>>> main KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index dbd230829..6b269f09b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_sha3_neon_H @@ -31,15 +23,9 @@ extern "C" { #include "libcrux_sha3_internal.h" /** -<<<<<<< HEAD - A portable SHA3 512 implementation. -*/ -void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); -======= A portable SHA3 224 implementation. */ void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); ->>>>>>> main /** A portable SHA3 256 implementation. @@ -47,8 +33,6 @@ void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); /** -<<<<<<< HEAD -======= A portable SHA3 384 implementation. */ void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); @@ -59,7 +43,6 @@ void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); /** ->>>>>>> main Run SHAKE256 on both inputs in parallel. Writes the two results into `out0` and `out1` @@ -99,18 +82,6 @@ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); -<<<<<<< HEAD - -/** - A portable SHA3 224 implementation. -*/ -void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); - -/** - A portable SHA3 384 implementation. -*/ -void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); -======= /** Squeeze five blocks @@ -139,7 +110,6 @@ void libcrux_sha3_neon_x2_incremental_shake256_squeeze_first_block( void libcrux_sha3_neon_x2_incremental_shake256_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); ->>>>>>> main #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 01ad47af7..3f94b9400 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,14 +1,6 @@ This code was generated with the following revisions: -<<<<<<< HEAD Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 -F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= -Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 -Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac -Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 -F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 ->>>>>>> main +F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd +Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 431c4ad59..6aeb59968 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -104,7 +104,7 @@ typedef struct { ======= #define Eurydice_array_eq(sz, a1, a2, t, _) \ >>>>>>> main - (memcmp(a1, a2, sz * sizeof(t)) == 0) + (memcmp(a1, a2, sz * sizeof(t)) == 0) #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ sz, a1, a2, t, _, _ret_t) \ Eurydice_array_eq(sz, a1, a2, t, _) @@ -129,8 +129,10 @@ typedef struct { Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) -static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok, - Eurydice_slice src, size_t sz) { + static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, + char *dst_ok, + Eurydice_slice src, + size_t sz) { *dst_tag = 0; memcpy(dst_ok, src.ptr, sz); } @@ -192,15 +194,15 @@ static inline uint16_t core_num__i16_1__wrapping_mul(int16_t x, int16_t y) { : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++})) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \ - Eurydice_range_iter_next + Eurydice_range_iter_next -// See note in karamel/lib/Inlining.ml if you change this + // See note in karamel/lib/Inlining.ml if you change this #define Eurydice_into_iter(x, t, _ret_t) (x) #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter \ - Eurydice_into_iter + Eurydice_into_iter #define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) #if defined(__cplusplus) -} + } #endif diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index af834b8c1..e29636144 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_core_H @@ -38,11 +30,6 @@ typedef struct core_ops_range_Range_b3_s { size_t end; } core_ops_range_Range_b3; -<<<<<<< HEAD -#define None 0 -#define Some 1 - -======= #define Ok 0 #define Err 1 @@ -51,7 +38,6 @@ typedef uint8_t Result_86_tags; #define None 0 #define Some 1 ->>>>>>> main typedef uint8_t Option_ef_tags; /** @@ -97,25 +83,13 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t snd[1184U]; } libcrux_ml_kem_utils_extraction_helper_Keypair768; -<<<<<<< HEAD -#define Ok 0 -#define Err 1 - -typedef uint8_t Result_6f_tags; - -======= ->>>>>>> main /** A monomorphic instance of core.result.Result with types uint8_t[24size_t], core_array_TryFromSliceError */ typedef struct Result_6f_s { -<<<<<<< HEAD - Result_6f_tags tag; -======= Result_86_tags tag; ->>>>>>> main union { uint8_t case_Ok[24U]; TryFromSliceError case_Err; @@ -123,19 +97,14 @@ typedef struct Result_6f_s { } Result_6f; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD static inline void unwrap_41_76(Result_6f self, uint8_t ret[24U]) { -======= -static inline void unwrap_26_76(Result_6f self, uint8_t ret[24U]) { ->>>>>>> main if (self.tag == Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -153,11 +122,7 @@ with types uint8_t[20size_t], core_array_TryFromSliceError */ typedef struct Result_7a_s { -<<<<<<< HEAD - Result_6f_tags tag; -======= Result_86_tags tag; ->>>>>>> main union { uint8_t case_Ok[20U]; TryFromSliceError case_Err; @@ -165,19 +130,14 @@ typedef struct Result_7a_s { } Result_7a; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD static inline void unwrap_41_ea(Result_7a self, uint8_t ret[20U]) { -======= -static inline void unwrap_26_ea(Result_7a self, uint8_t ret[20U]) { ->>>>>>> main if (self.tag == Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -195,11 +155,7 @@ with types uint8_t[10size_t], core_array_TryFromSliceError */ typedef struct Result_cd_s { -<<<<<<< HEAD - Result_6f_tags tag; -======= Result_86_tags tag; ->>>>>>> main union { uint8_t case_Ok[10U]; TryFromSliceError case_Err; @@ -207,19 +163,14 @@ typedef struct Result_cd_s { } Result_cd; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD static inline void unwrap_41_07(Result_cd self, uint8_t ret[10U]) { -======= -static inline void unwrap_26_07(Result_cd self, uint8_t ret[10U]) { ->>>>>>> main if (self.tag == Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -260,17 +211,14 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; /** - A reference to the raw byte slice. +This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#6} */ /** -This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#7} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_07 +A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_07_4f( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_4c( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -285,55 +233,16 @@ typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { } libcrux_ml_kem_types_MlKemPublicKey_15; /** -<<<<<<< HEAD -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$1184size_t]] - -*/ -typedef struct Option_92_s { - Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_15 f0; -} Option_92; - -typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { - uint8_t value[1088U]; -} libcrux_ml_kem_mlkem768_MlKem768Ciphertext; - -/** -This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#5} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_a8 -with const generics -- SIZE= 1088 -*/ -static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_44( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return self->value; -} - -/** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#13} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_07 -======= This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#17} +libcrux_ml_kem::types::MlKemPublicKey)#16} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_40 ->>>>>>> main +A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -<<<<<<< HEAD -libcrux_ml_kem_types_from_07_a9(uint8_t value[1184U]) { -======= -libcrux_ml_kem_types_from_40_60(uint8_t value[1184U]) { ->>>>>>> main +libcrux_ml_kem_types_from_5a_c6(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -356,25 +265,18 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { libcrux_ml_kem_types_MlKemPublicKey_15 pk; } libcrux_ml_kem_mlkem768_MlKem768KeyPair; -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair#18} +{libcrux_ml_kem::types::MlKemKeyPair#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_64 +A monomorphic instance of libcrux_ml_kem.types.from_3a with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -<<<<<<< HEAD -libcrux_ml_kem_types_from_64_b1(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, -======= -libcrux_ml_kem_types_from_17_8b(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, ->>>>>>> main +libcrux_ml_kem_types_from_3a_8d(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -382,26 +284,15 @@ libcrux_ml_kem_types_from_17_8b(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemPrivateKey)#7} +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_e7 -======= -libcrux_ml_kem::types::MlKemPrivateKey)#10} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_88 ->>>>>>> main +A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -<<<<<<< HEAD -libcrux_ml_kem_types_from_e7_f1(uint8_t value[2400U]) { -======= -libcrux_ml_kem_types_from_88_2d(uint8_t value[2400U]) { ->>>>>>> main +libcrux_ml_kem_types_from_7f_72(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -424,15 +315,14 @@ typedef struct Result_00_s { } Result_00; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -static inline void unwrap_26_33(Result_00 self, uint8_t ret[32U]) { +static inline void unwrap_41_33(Result_00 self, uint8_t ret[32U]) { if (self.tag == Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -457,26 +347,15 @@ typedef struct tuple_3c_s { /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemCiphertext)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_15 -======= -libcrux_ml_kem::types::MlKemCiphertext)#3} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_fc ->>>>>>> main +A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -<<<<<<< HEAD -libcrux_ml_kem_types_from_15_e9(uint8_t value[1088U]) { -======= -libcrux_ml_kem_types_from_fc_cd(uint8_t value[1088U]) { ->>>>>>> main +libcrux_ml_kem_types_from_01_c4(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -486,28 +365,14 @@ libcrux_ml_kem_types_from_fc_cd(uint8_t value[1088U]) { } /** -<<<<<<< HEAD -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#20} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 +A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_ae( -======= - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_ba -with const generics -- SIZE= 1184 -*/ -static inline uint8_t *libcrux_ml_kem_types_as_slice_ba_91( ->>>>>>> main +static inline uint8_t *libcrux_ml_kem_types_as_slice_fd_e0( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -520,11 +385,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_172( -======= static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_422( ->>>>>>> main Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -535,40 +396,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_422( memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } -/** - Pad the `slice` with `0`s at the end. -*/ -<<<<<<< HEAD -typedef struct Result_00_s { - Result_6f_tags tag; - union { - uint8_t case_Ok[32U]; - TryFromSliceError case_Err; - } val; -} Result_00; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[32size_t], core_array_TryFromSliceError - -*/ -static inline void unwrap_41_33(Result_00 self, uint8_t ret[32U]) { - if (self.tag == Ok) { - uint8_t f0[32U]; - memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)32U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -======= ->>>>>>> main /** Pad the `slice` with `0`s at the end. */ @@ -577,11 +404,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_171( -======= static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_421( ->>>>>>> main Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -594,25 +417,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_421( /** This function found in impl {(core::convert::AsRef<@Slice> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemCiphertext)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_ref_ba -with const generics -- SIZE= 1088 -*/ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_27( -======= -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_fd +A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_fd_7b( ->>>>>>> main +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_d9( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -625,11 +437,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_170( -======= static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_420( ->>>>>>> main Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -648,11 +456,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_17( -======= static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -669,11 +473,7 @@ with types int16_t[16size_t], core_array_TryFromSliceError */ typedef struct Result_c0_s { -<<<<<<< HEAD - Result_6f_tags tag; -======= Result_86_tags tag; ->>>>>>> main union { int16_t case_Ok[16U]; TryFromSliceError case_Err; @@ -681,19 +481,14 @@ typedef struct Result_c0_s { } Result_c0; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD static inline void unwrap_41_30(Result_c0 self, int16_t ret[16U]) { -======= -static inline void unwrap_26_30(Result_c0 self, int16_t ret[16U]) { ->>>>>>> main if (self.tag == Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -711,11 +506,7 @@ with types uint8_t[8size_t], core_array_TryFromSliceError */ typedef struct Result_56_s { -<<<<<<< HEAD - Result_6f_tags tag; -======= Result_86_tags tag; ->>>>>>> main union { uint8_t case_Ok[8U]; TryFromSliceError case_Err; @@ -723,19 +514,14 @@ typedef struct Result_56_s { } Result_56; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD static inline void unwrap_41_0e(Result_56 self, uint8_t ret[8U]) { -======= -static inline void unwrap_26_0e(Result_56 self, uint8_t ret[8U]) { ->>>>>>> main if (self.tag == Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 8b85052c3..304d4f8d0 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index d35da9d9e..c108a5889 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem768_avx2_H @@ -54,15 +46,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H( memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -<<<<<<< HEAD -typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; - KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_vec_zero(void) { -======= -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { ->>>>>>> main return libcrux_intrinsics_avx2_mm256_setzero_si256(); } @@ -71,22 +56,13 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ZERO_09(void) { return libcrux_ml_kem_vector_avx2_vec_zero(); -======= -static inline __m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { - return libcrux_ml_kem_vector_avx2_zero(); ->>>>>>> main } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_vec_from_i16_array(Eurydice_slice array) { -======= -libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { ->>>>>>> main return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); } @@ -95,7 +71,6 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_from_i16_array_09( Eurydice_slice array) { return libcrux_ml_kem_vector_avx2_vec_from_i16_array(array); @@ -103,26 +78,13 @@ static inline __m256i libcrux_ml_kem_vector_avx2_from_i16_array_09( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_vec_to_i16_array( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( - Eurydice_slice array) { - return libcrux_ml_kem_vector_avx2_from_i16_array(array); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( ->>>>>>> main __m256i v, int16_t ret[16U]) { int16_t output[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( Eurydice_array_to_slice((size_t)16U, output, int16_t), v); -<<<<<<< HEAD int16_t result[16U]; memcpy(result, output, (size_t)16U * sizeof(int16_t)); memcpy(ret, result, (size_t)16U * sizeof(int16_t)); -======= - memcpy(ret, output, (size_t)16U * sizeof(int16_t)); ->>>>>>> main } /** @@ -130,15 +92,9 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline void libcrux_ml_kem_vector_avx2_to_i16_array_09( __m256i x, int16_t ret[16U]) { libcrux_ml_kem_vector_avx2_vec_to_i16_array(x, ret); -======= -static inline void libcrux_ml_kem_vector_avx2_to_i16_array_ea( - __m256i x, int16_t ret[16U]) { - libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); ->>>>>>> main } KRML_ATTRIBUTE_TARGET("avx2") @@ -152,11 +108,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_add_09(__m256i lhs, -======= -static inline __m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, ->>>>>>> main __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); } @@ -172,11 +124,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_sub_09(__m256i lhs, -======= -static inline __m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, ->>>>>>> main __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); } @@ -185,13 +133,8 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, int16_t constant) { -<<<<<<< HEAD __m256i cv = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); return libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, cv); -======= - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); ->>>>>>> main } /** @@ -199,28 +142,17 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09( __m256i vec, int16_t c) { return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(vec, c); -======= -static inline __m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - __m256i v, int16_t c) { - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); ->>>>>>> main } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( __m256i vector, int16_t constant) { -<<<<<<< HEAD __m256i cv = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); return libcrux_intrinsics_avx2_mm256_and_si256(vector, cv); -======= - return libcrux_intrinsics_avx2_mm256_and_si256( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); ->>>>>>> main } /** @@ -228,11 +160,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( ->>>>>>> main __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( vector, constant); @@ -258,11 +186,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( ->>>>>>> main __m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); } @@ -277,7 +201,6 @@ static inline __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { -<<<<<<< HEAD __m256i t0 = libcrux_intrinsics_avx2_mm256_mulhi_epi16( vector, libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); @@ -285,15 +208,6 @@ libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { t0, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); __m256i quotient = libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t1, __m256i); -======= - __m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - __m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, __m256i); ->>>>>>> main __m256i quotient_times_field_modulus = libcrux_intrinsics_avx2_mm256_mullo_epi16( quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( @@ -307,11 +221,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_barrett_reduce_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( ->>>>>>> main __m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); } @@ -320,34 +230,20 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( __m256i vector, int16_t constant) { -<<<<<<< HEAD __m256i vec_constant = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, vec_constant); -======= - __m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - __m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); ->>>>>>> main __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); -<<<<<<< HEAD __m256i modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16(k, modulus); __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, vec_constant); -======= - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); ->>>>>>> main return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } @@ -357,11 +253,7 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( -======= -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( ->>>>>>> main __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( vector, constant); @@ -393,11 +285,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_compress_1_09(__m256i vector) { -======= -static inline __m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( vector); } @@ -418,31 +306,19 @@ libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( -<<<<<<< HEAD __m256i vec, __m256i constants) { __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(vec, constants); -======= - __m256i v, __m256i c) { - __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); ->>>>>>> main __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); -<<<<<<< HEAD __m256i modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16(k, modulus); __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(vec, constants); -======= - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); ->>>>>>> main return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } @@ -468,11 +344,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( ->>>>>>> main __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, @@ -500,11 +372,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( ->>>>>>> main __m256i vector, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); } @@ -512,29 +380,17 @@ static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( -<<<<<<< HEAD __m128i vec, __m128i constants) { __m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(vec, constants); -======= - __m128i v, __m128i c) { - __m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); ->>>>>>> main __m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); -<<<<<<< HEAD __m128i modulus = libcrux_intrinsics_avx2_mm_set1_epi16( LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m128i k_times_modulus = libcrux_intrinsics_avx2_mm_mulhi_epi16(k, modulus); __m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(vec, constants); -======= - __m128i k_times_modulus = libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); ->>>>>>> main return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); } @@ -560,11 +416,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( ->>>>>>> main __m256i vector, int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); } @@ -603,11 +455,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( ->>>>>>> main __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( @@ -645,11 +493,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( ->>>>>>> main __m256i vector, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); @@ -678,26 +522,16 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( ->>>>>>> main __m256i vector, int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i vec) { __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( vec, -======= -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { - __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - v, ->>>>>>> main libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); @@ -705,11 +539,7 @@ libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { k, libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); __m256i value_high = -<<<<<<< HEAD libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, vec, __m256i); -======= - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, __m256i); ->>>>>>> main __m256i result = libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); __m256i result0 = @@ -789,11 +619,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( ->>>>>>> main __m256i *lhs, __m256i *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, @@ -819,11 +645,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline void libcrux_ml_kem_vector_avx2_serialize_1_09(__m256i vector, -======= -static inline void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, ->>>>>>> main uint8_t ret[2U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); } @@ -864,11 +686,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_1_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( ->>>>>>> main Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } @@ -905,11 +723,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD unwrap_41_0e(dst, ret0); -======= - unwrap_26_0e(dst, ret0); ->>>>>>> main memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -918,11 +732,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline void libcrux_ml_kem_vector_avx2_serialize_4_09(__m256i vector, -======= -static inline void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, ->>>>>>> main uint8_t ret[8U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); } @@ -966,11 +776,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_4_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( ->>>>>>> main Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); } @@ -1017,11 +823,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); -<<<<<<< HEAD unwrap_41_07(dst, ret0); -======= - unwrap_26_07(dst, ret0); ->>>>>>> main memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -1030,11 +832,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline void libcrux_ml_kem_vector_avx2_serialize_5_09(__m256i vector, -======= -static inline void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, ->>>>>>> main uint8_t ret[10U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } @@ -1089,11 +887,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_5_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( ->>>>>>> main Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } @@ -1142,11 +936,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); -<<<<<<< HEAD unwrap_41_ea(dst, ret0); -======= - unwrap_26_ea(dst, ret0); ->>>>>>> main memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1155,11 +945,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline void libcrux_ml_kem_vector_avx2_serialize_10_09( -======= -static inline void libcrux_ml_kem_vector_avx2_serialize_10_ea( ->>>>>>> main __m256i vector, uint8_t ret[20U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); } @@ -1202,11 +988,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_10_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( ->>>>>>> main Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); } @@ -1230,11 +1012,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline void libcrux_ml_kem_vector_avx2_serialize_11_09( -======= -static inline void libcrux_ml_kem_vector_avx2_serialize_11_ea( ->>>>>>> main __m256i vector, uint8_t ret[22U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); } @@ -1255,11 +1033,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_11_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( ->>>>>>> main Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); } @@ -1307,11 +1081,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); -<<<<<<< HEAD unwrap_41_76(dst, ret0); -======= - unwrap_26_76(dst, ret0); ->>>>>>> main memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1320,11 +1090,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline void libcrux_ml_kem_vector_avx2_serialize_12_09( -======= -static inline void libcrux_ml_kem_vector_avx2_serialize_12_ea( ->>>>>>> main __m256i vector, uint8_t ret[24U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); } @@ -1367,11 +1133,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_12_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( ->>>>>>> main Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); } @@ -1432,41 +1194,19 @@ static inline size_t libcrux_ml_kem_vector_avx2_rej_sample_09( return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); } -/** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - __m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; - /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 -======= -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_ZERO_20_1b(void) { -======= -libcrux_ml_kem_polynomial_ZERO_d6_7d(void) { ->>>>>>> main +libcrux_ml_kem_polynomial_ZERO_20_7d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1495,13 +1235,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_ac(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_03(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_3a(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } /** @@ -1512,34 +1247,20 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_62( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_81( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_31( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes); -======= - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); ->>>>>>> main } return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1547,20 +1268,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_4a( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_14( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_06( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { -<<<<<<< HEAD - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1573,11 +1286,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_14( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_62( -======= - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_31( ->>>>>>> main + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_81( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1600,13 +1309,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_e8(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_85(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_56(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } /** @@ -1617,11 +1321,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_85( -======= -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b0( ->>>>>>> main +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_88( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1673,15 +1373,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_44( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e6( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_85( -======= -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_61( - __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b0( ->>>>>>> main + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_88( vector); } @@ -1693,36 +1387,23 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_10_6b( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_1c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_1b(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), __m256i), size_t, void *); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_10_08( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); -<<<<<<< HEAD __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_44( -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_61( ->>>>>>> main + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e6( coefficient); } return re; @@ -1736,11 +1417,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_850( -======= -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b00( ->>>>>>> main +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_880( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1792,15 +1469,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_440( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e60( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_850( -======= -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_610( - __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b00( ->>>>>>> main + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_880( vector); } @@ -1812,31 +1483,18 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_11_dc( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_11_0e( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_6e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); -<<<<<<< HEAD __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_440( -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_610( ->>>>>>> main + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e60( coefficient); } return re; @@ -1850,15 +1508,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_17( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f1( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_6b(serialized); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_62( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_08(serialized); ->>>>>>> main + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_1c(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1873,15 +1525,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_25( +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a2( __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); -======= -static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_aa( - __m256i v, int16_t fer) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); ->>>>>>> main } /** @@ -1892,19 +1538,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -<<<<<<< HEAD -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0a(__m256i a, __m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_5d(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_25(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a2(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); -======= -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_c2(__m256i a, __m256i b, - int16_t zeta_r) { - __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_aa(b, zeta_r); - b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); - a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); ->>>>>>> main return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -1916,11 +1554,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1933,15 +1567,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0a( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_5d( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); -======= - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_c2( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); ->>>>>>> main __m256i x = uu____0.fst; __m256i y = uu____0.snd; re->coefficients[j] = x; @@ -1957,11 +1585,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_db( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_5f( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_ae( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1980,11 +1604,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_10( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_c2( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_53( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2004,11 +1624,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_6e( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_60( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_09( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2025,28 +1641,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_60( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_85( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_2b( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2063,48 +1667,26 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_99( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)6U, (size_t)2U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)5U, (size_t)3U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)4U, (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_db(&zeta_i, re, (size_t)3U, + libcrux_ml_kem_ntt_ntt_at_layer_3_ae(&zeta_i, re, (size_t)3U, (size_t)5U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_10(&zeta_i, re, (size_t)2U, + libcrux_ml_kem_ntt_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U, (size_t)6U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_6e(&zeta_i, re, (size_t)1U, + libcrux_ml_kem_ntt_ntt_at_layer_1_09(&zeta_i, re, (size_t)1U, (size_t)7U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_85(re); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_72( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_5f(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_c2(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_60(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_2b(re); ->>>>>>> main + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2115,20 +1697,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_2f( -======= -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c( ->>>>>>> main +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_84( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { -<<<<<<< HEAD - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2148,15 +1722,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = -<<<<<<< HEAD - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_17( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f1( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_99(&u_as_ntt[i0]); -======= - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_62( - u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_72(&u_as_ntt[i0]); ->>>>>>> main + libcrux_ml_kem_ntt_ntt_vector_u_61(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2171,11 +1739,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_851( -======= -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b01( ->>>>>>> main +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_881( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2227,15 +1791,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_441( - __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_851( -======= -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_611( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e61( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b01( ->>>>>>> main + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_881( vector); } @@ -2247,31 +1805,18 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_4_1d( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_44( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_4_e1( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); -<<<<<<< HEAD __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_441( -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_611( ->>>>>>> main + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e61( coefficient); } return re; @@ -2285,11 +1830,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_852( -======= -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b02( ->>>>>>> main +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_882( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2341,15 +1882,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_442( - __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_852( -======= -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_612( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e62( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b02( ->>>>>>> main + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_882( vector); } @@ -2361,31 +1896,18 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_5_6e( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_c7( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_5_4e( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); -<<<<<<< HEAD re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_442( -======= - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_612( ->>>>>>> main + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e62( re.coefficients[i0]); } return re; @@ -2399,10 +1921,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_60( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_da( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_1d(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_44(serialized); } /** @@ -2411,66 +1932,17 @@ This function found in impl */ /** A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_86( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_e1(serialized); -} - -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_ntt_multiply_20_f1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_polynomial_ntt_multiply_d6_f1( +libcrux_ml_kem_polynomial_ntt_multiply_20_63( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2488,34 +1960,17 @@ libcrux_ml_kem_polynomial_ntt_multiply_d6_f1( } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -======= - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_47( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2536,11 +1991,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_16( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_f2( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_02( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2564,11 +2015,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_88( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_96( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_28( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2590,11 +2037,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_f7( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_26( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_b8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2615,23 +2058,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -<<<<<<< HEAD -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e0(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_60(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_25(a_minus_b, zeta_r); -======= -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_f1(__m256i a, - __m256i b, - int16_t zeta_r) { - __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); - a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_aa(a_minus_b, zeta_r); ->>>>>>> main + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a2(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2644,11 +2077,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84( -======= -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb( ->>>>>>> main +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2663,15 +2092,9 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e0( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_60( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); -======= - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_f1( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); ->>>>>>> main __m256i x = uu____0.fst; __m256i y = uu____0.snd; re->coefficients[j] = x; @@ -2687,79 +2110,44 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_97( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_16(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_88(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_f7(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84(&zeta_i, re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84(&zeta_i, re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84(&zeta_i, re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84(&zeta_i, re, - (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_85(re); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_44( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_f2(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_96(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_26(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_02(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_28(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_b8(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_2b(re); ->>>>>>> main + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09(re); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_subtract_reduce_20_71( -======= -libcrux_ml_kem_polynomial_subtract_reduce_d6_c9( ->>>>>>> main +libcrux_ml_kem_polynomial_subtract_reduce_20_70( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient_normal_form = -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( -======= - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( ->>>>>>> main b.coefficients[i0], (int16_t)1441); b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_sub_09(self->coefficients[i0], @@ -2768,12 +2156,6 @@ libcrux_ml_kem_polynomial_subtract_reduce_d6_c9( return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2782,38 +2164,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_matrix_compute_message_75( -======= -libcrux_ml_kem_matrix_compute_message_4a( ->>>>>>> main +libcrux_ml_kem_matrix_compute_message_52( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = -<<<<<<< HEAD - libcrux_ml_kem_polynomial_ZERO_20_1b(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_f1(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_47(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_97(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_71(v, result); -======= - libcrux_ml_kem_polynomial_ZERO_d6_7d(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_f1(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_44(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_d6_c9(v, result); ->>>>>>> main + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_70(v, result); return result; } @@ -2824,11 +2189,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f4(__m256i vector) { -======= -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_7f(__m256i vector) { ->>>>>>> main +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_aa(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2842,15 +2203,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_86( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_dc( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f4(vector); -======= -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_cf( - __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_7f(vector); ->>>>>>> main + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_aa(vector); } /** @@ -2861,19 +2216,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_traits_to_unsigned_representative_4f(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_86(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_b5(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_dc(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); -======= -libcrux_ml_kem_vector_traits_to_unsigned_representative_c0(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_cf(a); - __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); ->>>>>>> main } /** @@ -2884,27 +2231,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_message_5e( -======= -libcrux_ml_kem_serialize_compress_then_serialize_message_a4( ->>>>>>> main +libcrux_ml_kem_serialize_compress_then_serialize_message_da( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient = -<<<<<<< HEAD - libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( + libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); -======= - libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( - re.coefficients[i0]); - __m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); ->>>>>>> main uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_09(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2915,30 +2251,6 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_a4( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2950,37 +2262,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_d4( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_2f(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_60( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_75(&v, secret_key->secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_5e(message, ret0); -======= -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_40( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_88( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_84(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_86( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_da( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_4a(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_52(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_a4(message, ret0); ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_message_da(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2995,19 +2290,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_decrypt_04(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_b7(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_4a(secret_key, secret_as_ntt); -======= -static inline void libcrux_ml_kem_ind_cpa_decrypt_5e(Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_14(secret_key, secret_as_ntt); ->>>>>>> main + libcrux_ml_kem_ind_cpa_deserialize_secret_key_06(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -3018,17 +2305,10 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_5e(Eurydice_slice secret_key, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -<<<<<<< HEAD uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_d4(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_88(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -======= - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_40(&secret_key_unpacked, ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -3041,11 +2321,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_ab( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_67( ->>>>>>> main Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -3056,11 +2332,7 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_c9( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_d1( ->>>>>>> main Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -3079,24 +2351,6 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( - Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_c9(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_8b( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_PRF_d1(input, ret); @@ -3105,20 +2359,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_85_80(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - uu____0[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } uint8_t uu____1[32U] = {0U}; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; @@ -3126,25 +2380,18 @@ libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(void) { lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); return lit; ->>>>>>> main } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -3153,36 +2400,22 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_55( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_49( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_26( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes); -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); ->>>>>>> main re.coefficients[i0] = libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(coefficient); } return re; } -/** - See [deserialize_ring_elements_reduced_out]. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -3191,19 +2424,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); - } -======= -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_75( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_4f( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3215,46 +2438,10 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_75( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_55( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_32(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_1b(); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_ba( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); - } -======= - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_49( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_26( ring_element); deserialized_pk[i0] = uu____0; } ->>>>>>> main } typedef libcrux_sha3_avx2_x4_incremental_KeccakState @@ -3268,11 +2455,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_50( -======= -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_2a( ->>>>>>> main +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_2a( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); @@ -3290,38 +2473,18 @@ libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} */ /** A monomorphic instance of -<<<<<<< HEAD libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const -======= -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_1c( - uint8_t input[3U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[3U][34U]; - memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_2a( - copy_of_input); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const ->>>>>>> main generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_3f( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_1c( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_50( + return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_2a( copy_of_input); } @@ -3333,11 +2496,7 @@ const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_00( -======= -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_0c( ->>>>>>> main +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_0c( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -3373,17 +2532,10 @@ const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_94( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_2e( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_00( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_0c( self, ret); -======= -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_2e( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_0c(self, - ret); ->>>>>>> main } /** @@ -3436,11 +2588,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_61( -======= libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_74( ->>>>>>> main uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3452,11 +2600,7 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_74( Eurydice_slice uu____0 = Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( -======= - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( ->>>>>>> main uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t)); @@ -3487,11 +2631,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_dd( -======= -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_4a( ->>>>>>> main +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_4a( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -3527,15 +2667,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_bf( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_1d( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_dd(self, ret); -======= -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_1d( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_4a(self, ret); ->>>>>>> main + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_4a(self, ret); } /** @@ -3588,11 +2722,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_610( -======= libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_740( ->>>>>>> main uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3604,11 +2734,7 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_740( Eurydice_slice uu____0 = Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( -======= - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( ->>>>>>> main uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t)); @@ -3633,42 +2759,24 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_740( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_from_i16_array_20_82(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_polynomial_from_i16_array_d6_14(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_14(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; result.coefficients[i0] = -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_from_i16_array_09(Eurydice_slice_subslice2( -======= - libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( ->>>>>>> main a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t)); } return result; @@ -3682,13 +2790,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_xof_closure_8a(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_82( -======= libcrux_ml_kem_sampling_sample_from_xof_closure_e4(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_d6_14( ->>>>>>> main + return libcrux_ml_kem_polynomial_from_i16_array_20_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3699,11 +2802,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_c1( -======= static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_67( ->>>>>>> main uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -3712,47 +2811,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_67( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_3f( + libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_1c( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_94( -======= - libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_1c( - copy_of_seeds); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_2e( ->>>>>>> main + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_2e( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); -<<<<<<< HEAD - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_61( -======= bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_74( ->>>>>>> main copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_bf( -======= - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_1d( ->>>>>>> main + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_1d( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); -<<<<<<< HEAD - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_610( -======= done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_740( ->>>>>>> main copy_of_randomness, sampled_coefficients, out); } } @@ -3762,11 +2842,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = -<<<<<<< HEAD - libcrux_ml_kem_sampling_sample_from_xof_closure_8a(copy_of_out[i]); -======= libcrux_ml_kem_sampling_sample_from_xof_closure_e4(copy_of_out[i]); ->>>>>>> main } memcpy( ret, ret0, @@ -3780,19 +2856,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ff( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_ba(i, A_transpose[i]); - } -======= static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_34( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { ->>>>>>> main for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -3811,11 +2877,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_34( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; -<<<<<<< HEAD - libcrux_ml_kem_sampling_sample_from_xof_c1(copy_of_seeds, sampled); -======= libcrux_ml_kem_sampling_sample_from_xof_67(copy_of_seeds, sampled); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3832,16 +2894,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_34( } } } -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U][3U]; - memcpy(result, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ret, result, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); -======= ->>>>>>> main } /** @@ -3866,13 +2918,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_95(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_61(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_2d(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } /** @@ -3882,11 +2929,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_ef( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_08( ->>>>>>> main uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -3925,66 +2968,11 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41( - uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_avx2_PRFxN_ef(input, ret); -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_16( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { libcrux_ml_kem_hash_functions_avx2_PRFxN_08(input, ret); ->>>>>>> main } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -3993,11 +2981,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_6a( -======= -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ea( ->>>>>>> main +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_80( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4032,11 +3016,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ea( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } -<<<<<<< HEAD - return libcrux_ml_kem_polynomial_from_i16_array_20_82( -======= - return libcrux_ml_kem_polynomial_from_i16_array_d6_14( ->>>>>>> main + return libcrux_ml_kem_polynomial_from_i16_array_20_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4048,11 +3028,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_5f( -======= -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_3c( ->>>>>>> main +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_05( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4086,11 +3062,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_3c( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } -<<<<<<< HEAD - return libcrux_ml_kem_polynomial_from_i16_array_20_82( -======= - return libcrux_ml_kem_polynomial_from_i16_array_d6_14( ->>>>>>> main + return libcrux_ml_kem_polynomial_from_i16_array_20_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4102,15 +3074,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_binomial_distribution_8e( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_6a( -======= -libcrux_ml_kem_sampling_sample_from_binomial_distribution_af( - Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ea( ->>>>>>> main + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_80( randomness); } @@ -4121,20 +3087,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_ea( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_ab( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_64( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; -<<<<<<< HEAD __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_09( -======= - __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( ->>>>>>> main re->coefficients[j + step], (int16_t)-1600); re->coefficients[j + step] = libcrux_ml_kem_vector_avx2_sub_09(re->coefficients[j], &t); @@ -4151,46 +3109,25 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0d( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_5c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_ea(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_64(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)6U, (size_t)11207U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)5U, (size_t)11207U + (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d( + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d( &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_db( + libcrux_ml_kem_ntt_ntt_at_layer_3_ae( &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_10( + libcrux_ml_kem_ntt_ntt_at_layer_2_53( &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_6e( + libcrux_ml_kem_ntt_ntt_at_layer_1_09( &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_85(re); -======= -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_ab(re); - size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_5f(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_c2(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_60(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_2b(re); ->>>>>>> main + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -4200,20 +3137,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_e4(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); - } -======= static KRML_MUSTINLINE uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ee( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_07( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4227,23 +3154,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ee( domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_8e( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0d(&re_as_ntt[i0]); - } -======= libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_16(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_af( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_5c(&re_as_ntt[i0]); } return domain_separator; } @@ -4258,18 +3175,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_7f( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ee( + domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_07( uu____0, uu____1, domain_separator); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -4277,11 +3193,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_7f( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_re_as_ntt, -======= - lit.fst, copy_of_re_as_ntt, ->>>>>>> main (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); result.snd = domain_separator; return result; @@ -4297,18 +3209,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_5d(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_a1(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_d4(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -4319,19 +3223,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e7(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_61(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_8c(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4346,19 +3242,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_61(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_8e( -======= libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_16(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_af( ->>>>>>> main + libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -4369,11 +3257,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_61(uint8_t prf_input[33U], (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_error_1, -======= - lit.fst, copy_of_error_1, ->>>>>>> main (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); result.snd = domain_separator; return result; @@ -4385,11 +3269,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_c90( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_d10( ->>>>>>> main Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -4408,15 +3288,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_260( - Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_c90(input, ret); -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_420( Eurydice_slice input, uint8_t ret[128U]) { libcrux_ml_kem_hash_functions_avx2_PRF_d10(input, ret); ->>>>>>> main } /** @@ -4427,50 +3301,29 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_matrix_compute_vector_u_closure_ad(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_matrix_compute_vector_u_closure_02(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main +libcrux_ml_kem_matrix_compute_vector_u_closure_4e(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_1f( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_b5( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_cf( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( -======= - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( ->>>>>>> main self->coefficients[j], (int16_t)1441); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, @@ -4478,9 +3331,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_b5( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4488,22 +3338,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_e3( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_fe( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_52( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { -<<<<<<< HEAD - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= - result[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4524,22 +3366,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_fe( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = -<<<<<<< HEAD - libcrux_ml_kem_polynomial_ntt_multiply_20_f1(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_47(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_63(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_97(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_1f(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_cf(&result0[i1], &error_1[i1]); -======= - libcrux_ml_kem_polynomial_ntt_multiply_d6_f1(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_44(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_d6_b5(&result[i1], &error_1[i1]); ->>>>>>> main } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -4557,20 +3390,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_34( +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_28( __m256i vec) { __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09(); __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec); return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s, (int16_t)1665); -======= -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_17(__m256i v) { - return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), - &v), - (int16_t)1665); ->>>>>>> main } /** @@ -4581,11 +3406,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_message_e3( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_b0( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_1b(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = @@ -4593,50 +3417,24 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_e3( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_34(coefficient_compressed); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_message_df( - uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t i0 = i; - __m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_17(coefficient_compressed); ->>>>>>> main + libcrux_ml_kem_vector_traits_decompress_1_28(coefficient_compressed); } return re; } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_add_message_error_reduce_20_69( -======= -libcrux_ml_kem_polynomial_add_message_error_reduce_d6_77( ->>>>>>> main +libcrux_ml_kem_polynomial_add_message_error_reduce_20_62( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -4644,30 +3442,18 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_d6_77( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient_normal_form = -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( result.coefficients[i0], (int16_t)1441); __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(self->coefficients[i0], &message->coefficients[i0]); __m256i tmp0 = libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &tmp); -======= - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - result.coefficients[i0], (int16_t)1441); - __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea(self->coefficients[i0], - &message->coefficients[i0]); - __m256i tmp0 = - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); ->>>>>>> main result.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(tmp0); } return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4676,39 +3462,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_matrix_compute_ring_element_v_e7( -======= -libcrux_ml_kem_matrix_compute_ring_element_v_c1( ->>>>>>> main +libcrux_ml_kem_matrix_compute_ring_element_v_c3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = -<<<<<<< HEAD - libcrux_ml_kem_polynomial_ZERO_20_1b(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_f1(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_47(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_97(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_69( -======= - libcrux_ml_kem_polynomial_ZERO_d6_7d(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_f1(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_44(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_77( ->>>>>>> main + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_62( error_2, message, result); return result; } @@ -4721,11 +3490,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b( -======= -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc( ->>>>>>> main +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4780,15 +3545,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_49( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_dc( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_66( - __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc( ->>>>>>> main + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf( vector); } @@ -4800,23 +3559,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_10_bf( -======= -libcrux_ml_kem_serialize_compress_then_serialize_10_ba( ->>>>>>> main +libcrux_ml_kem_serialize_compress_then_serialize_10_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; -<<<<<<< HEAD - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_49( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_66( - libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( ->>>>>>> main + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_dc( + libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); @@ -4836,11 +3586,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b0( -======= -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc0( ->>>>>>> main +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf0( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4895,15 +3641,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_490( - __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b0( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_660( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_dc0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc0( ->>>>>>> main + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf0( vector); } @@ -4915,23 +3655,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_11_77( -======= -libcrux_ml_kem_serialize_compress_then_serialize_11_ce( ->>>>>>> main +libcrux_ml_kem_serialize_compress_then_serialize_11_86( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; -<<<<<<< HEAD - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_490( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_660( - libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( ->>>>>>> main + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_dc0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); @@ -4952,23 +3683,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_81( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_bf(re, uu____0); -======= -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_89( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_ba(re, uu____0); ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_10_2b(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4979,11 +3700,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_9f( -======= -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e1( ->>>>>>> main +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_83( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4999,11 +3716,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; -<<<<<<< HEAD - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_81(&re, -======= - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_89(&re, ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4d(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -5018,11 +3731,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b1( -======= -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc1( ->>>>>>> main +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf1( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -5077,15 +3786,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_491( - __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b1( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_661( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_dc1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc1( ->>>>>>> main + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf1( vector); } @@ -5097,11 +3800,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_4_c0( -======= -libcrux_ml_kem_serialize_compress_then_serialize_4_1e( ->>>>>>> main +libcrux_ml_kem_serialize_compress_then_serialize_4_fd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -5109,19 +3808,11 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_1e( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; -<<<<<<< HEAD - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_491( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_dc1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_661( - libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( - re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); ->>>>>>> main Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), @@ -5137,11 +3828,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b2( -======= -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc2( ->>>>>>> main +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf2( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -5196,15 +3883,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_492( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_dc2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b2( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_662( - __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc2( ->>>>>>> main + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf2( vector); } @@ -5216,11 +3897,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_5_2c( -======= -libcrux_ml_kem_serialize_compress_then_serialize_5_65( ->>>>>>> main +libcrux_ml_kem_serialize_compress_then_serialize_5_60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -5228,19 +3905,11 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_65( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; -<<<<<<< HEAD - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_492( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_dc2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); -======= - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_662( - libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( - re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); ->>>>>>> main Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, (size_t)10U * i0 + (size_t)10U, uint8_t), @@ -5257,58 +3926,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_0c( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_c0(re, out); -======= -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_e0( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_1e(re, out); ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_4_fd(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5327,18 +3949,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_06( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_e4( -======= -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_25( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -5346,8 +3957,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_7f( ->>>>>>> main + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -5357,11 +3967,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); -<<<<<<< HEAD - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e7( -======= - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_61( ->>>>>>> main + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_8c( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -5370,58 +3976,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_PRF_a9_260( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_8e( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_e3(public_key->A, r_as_ntt, error_1, -======= libcrux_ml_kem_hash_functions_avx2_PRF_a9_420( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_af( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_fe(public_key->A, r_as_ntt, error_1, ->>>>>>> main + libcrux_ml_kem_matrix_compute_vector_u_52(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = -<<<<<<< HEAD - libcrux_ml_kem_serialize_deserialize_then_decompress_message_e3( - copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_e7( -======= - libcrux_ml_kem_serialize_deserialize_then_decompress_message_df( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_b0( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_c1( ->>>>>>> main + libcrux_ml_kem_matrix_compute_ring_element_v_c3( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_9f( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_0c( -======= - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e1( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_83( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_e0( ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3c( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5445,65 +4026,13 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_encrypt_50(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_ff(ret0, false, A); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_06(uu____3, copy_of_message, - randomness, result); - memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); -======= -static inline void libcrux_ml_kem_ind_cpa_encrypt_3b(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_88(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_75( + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_4f( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -5518,11 +4047,10 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_3b(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3(uu____1, copy_of_message, - randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); ->>>>>>> main + uint8_t result[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_25(uu____1, copy_of_message, + randomness, result); + memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } /** @@ -5537,22 +4065,13 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_ac( - Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, - uint8_t ret[32U]) { - Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_e9( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_5a( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -5578,11 +4097,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cca_decapsulate_a9( -======= -static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( ->>>>>>> main +static inline void libcrux_ml_kem_ind_cca_decapsulate_c5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5600,17 +4115,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_decrypt_04(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - libcrux_ml_kem_ind_cpa_decrypt_5e(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_b7(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5618,11 +4126,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_G_a9_ab( -======= libcrux_ml_kem_hash_functions_avx2_G_a9_67( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5631,25 +4135,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( -======= libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d9(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( ->>>>>>> main Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5657,49 +4150,26 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_encrypt_50(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_88(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_ac( -======= - libcrux_ml_kem_ind_cpa_encrypt_3b(uu____5, copy_of_decrypted, - pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_e9( ->>>>>>> main + libcrux_ml_kem_variant_kdf_d8_5a( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_ac(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_d8_5a(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; -<<<<<<< HEAD libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_27(ciphertext), + libcrux_ml_kem_types_as_ref_00_d9(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - libcrux_ml_kem_variant_kdf_d8_e9(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -5721,17 +4191,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_9e( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a9(private_key, ciphertext, ret); -======= -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_99( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_0d( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a6(private_key, ciphertext, ret); ->>>>>>> main + libcrux_ml_kem_ind_cca_decapsulate_c5(private_key, ciphertext, ret); } /** @@ -5745,187 +4208,13 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { -<<<<<<< HEAD - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_9e(private_key, -======= - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_99(private_key, ->>>>>>> main + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_0d(private_key, ciphertext, ret); } /** -<<<<<<< HEAD -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_28( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_d4( - &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_ab( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_170( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_06( - uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_27(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_32( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_28(key_pair, ciphertext, - ret); -} - -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_32( - private_key, ciphertext, ret); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} -======= This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)#1} ->>>>>>> main */ /** A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 @@ -5934,20 +4223,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ca( - Eurydice_slice randomness, uint8_t ret[32U]) { - Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_96( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_7b( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -5960,11 +4241,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_31( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_16( ->>>>>>> main Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -5989,49 +4266,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b3( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_02( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_ca( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_01( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_96( + libcrux_ml_kem_variant_entropy_preprocess_d8_7b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_H_a9_31( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_ae(public_key), -======= libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_91(public_key), ->>>>>>> main + libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_G_a9_ab( -======= libcrux_ml_kem_hash_functions_avx2_G_a9_67( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -6040,52 +4296,31 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_01( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); -======= - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t); ->>>>>>> main + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_encrypt_50(uu____2, copy_of_randomness, -======= - libcrux_ml_kem_ind_cpa_encrypt_3b(uu____2, copy_of_randomness, ->>>>>>> main + libcrux_ml_kem_ind_cpa_encrypt_88(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = -<<<<<<< HEAD - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_c4(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_ac(shared_secret, &ciphertext0, -======= - libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_e9(shared_secret, &ciphertext0, ->>>>>>> main + libcrux_ml_kem_variant_kdf_d8_5a(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_3c result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } /** @@ -6107,22 +4342,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_e6( -======= -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_57( ->>>>>>> main +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_ad( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_b3(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_01(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_02(uu____0, copy_of_randomness); } /** @@ -6140,178 +4367,28 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_e6( -======= - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_57( ->>>>>>> main - uu____0, copy_of_randomness); -} - -/** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a0( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_ab( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_06(uu____2, copy_of_randomness, - pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_8f( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a0( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_ad( uu____0, copy_of_randomness); } /** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_8f( - uu____0, copy_of_randomness); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; -} tuple_9b0; - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure -======= This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a ->>>>>>> main +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_ba(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(void) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 lit; - lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); return lit; } @@ -6326,7 +4403,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_e1( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_7e( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -6340,7 +4417,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_e1( libcrux_ml_kem_hash_functions_avx2_G_a9_67( Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -6350,54 +4426,32 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_f5( +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_c1( __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( -======= -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_bd0( - __m256i v) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( ->>>>>>> main v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_f6( -======= -libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_a7( ->>>>>>> main +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = -<<<<<<< HEAD - libcrux_ml_kem_vector_traits_to_standard_domain_f5( -======= - libcrux_ml_kem_vector_traits_to_standard_domain_bd0( ->>>>>>> main + libcrux_ml_kem_vector_traits_to_standard_domain_c1( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, @@ -6405,9 +4459,6 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_a7( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6415,53 +4466,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_ef( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); - } - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_f1(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_47(&result0[i1], - &product); - } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_f6( - &result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a2( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -6476,7 +4481,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a2( size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -6489,58 +4494,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_f1(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_a7( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_ba( &t_as_ntt[i0], &error_as_ntt[i0]); } ->>>>>>> main } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -6551,48 +4514,20 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_47( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_ab(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; -======= -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_81( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_e1(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_7e(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; ->>>>>>> main Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[3U] = public_key->A; uint8_t ret[34U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_ff(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_e4( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; -======= libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); libcrux_ml_kem_matrix_sample_matrix_A_34(uu____1, ret, true); uint8_t prf_input[33U]; @@ -6604,73 +4539,26 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_81( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ee( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_07( uu____2, copy_of_prf_input0, 0U); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_e4(copy_of_prf_input, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_ef(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -======= - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_7f( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_matrix_compute_As_plus_e_a2( + libcrux_ml_kem_matrix_compute_As_plus_e_67( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____5); + unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -6681,22 +4569,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5c( -======= -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_53( ->>>>>>> main +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_88( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = -<<<<<<< HEAD - libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( -======= - libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( ->>>>>>> main + libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); @@ -6708,9 +4588,6 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_53( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6719,11 +4596,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_50( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5f( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_72( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -6741,20 +4614,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5f( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; -<<<<<<< HEAD - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5c(&re, ret0); -======= - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_53(&re, ret0); ->>>>>>> main + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_88(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6764,13 +4630,13 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_c2( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_82( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5f(t_as_ntt, ret); + libcrux_ml_kem_ind_cpa_serialize_secret_key_72(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6779,9 +4645,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_c2( seed_for_a, uint8_t); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6791,33 +4654,15 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_51( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_39( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_50(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), - seed_for_a, uint8_t); + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_82(t_as_ntt, seed_for_a, + public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_02( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_c2(t_as_ntt, seed_for_a, - public_key_serialized); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -6833,35 +4678,21 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_generate_keypair_93(Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_47(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_51( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_50(sk.secret_as_ntt, -======= -libcrux_ml_kem_ind_cpa_generate_keypair_2f(Eurydice_slice key_generation_seed) { +static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 +libcrux_ml_kem_ind_cpa_generate_keypair_1c(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); + libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_81( + libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_02( + libcrux_ml_kem_ind_cpa_serialize_public_key_39( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5f(private_key.secret_as_ntt, ->>>>>>> main + libcrux_ml_kem_ind_cpa_serialize_secret_key_72(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6871,26 +4702,14 @@ libcrux_ml_kem_ind_cpa_generate_keypair_2f(Eurydice_slice key_generation_seed) { uint8_t copy_of_public_key_serialized[1184U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_utils_extraction_helper_Keypair768 result; memcpy(result.fst, copy_of_secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); memcpy(result.snd, copy_of_public_key_serialized, (size_t)1184U * sizeof(uint8_t)); return result; -======= - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -6899,11 +4718,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_eb( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0a( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_28( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -6929,11 +4744,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0a( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_H_a9_31(public_key, ret0); -======= libcrux_ml_kem_hash_functions_avx2_H_a9_16(public_key, ret0); ->>>>>>> main Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -6949,14 +4760,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0a( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -6972,11 +4775,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_f7(uint8_t randomness[64U]) { -======= -libcrux_ml_kem_ind_cca_generate_keypair_51(uint8_t randomness[64U]) { ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_2a(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6985,21 +4784,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_51(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_generate_keypair_93(ind_cpa_keypair_randomness); -======= - libcrux_ml_kem_ind_cpa_generate_keypair_2f(ind_cpa_keypair_randomness); ->>>>>>> main + libcrux_ml_kem_ind_cpa_generate_keypair_1c(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_eb( -======= - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0a( ->>>>>>> main + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_28( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7008,27 +4799,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_51(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = -<<<<<<< HEAD - libcrux_ml_kem_types_from_e7_f1(copy_of_secret_key_serialized); -======= - libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); ->>>>>>> main + libcrux_ml_kem_types_from_7f_72(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_types_from_64_b1( - uu____2, libcrux_ml_kem_types_from_07_a9(copy_of_public_key)); -======= - return libcrux_ml_kem_types_from_17_8b( - uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); ->>>>>>> main + return libcrux_ml_kem_types_from_3a_8d( + uu____2, libcrux_ml_kem_types_from_5a_c6(copy_of_public_key)); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -7042,20 +4821,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_ea( -======= -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_3f( ->>>>>>> main +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_96( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_generate_keypair_f7(copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_generate_keypair_51(copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_generate_keypair_2a(copy_of_randomness); } /** @@ -7067,264 +4838,40 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_ea( -======= - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_3f( ->>>>>>> main - copy_of_randomness); -} - -/** -<<<<<<< HEAD -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure.closure with -types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_cf( - size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_1b(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_8a( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); - } -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_3a_3f( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - __m256i ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, __m256i, void *); - memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_dc( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_47( - ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_8a(i, - A[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_3f(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1; - } - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_51( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_31( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - unwrap_41_33(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** - Unpacked API -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_6d( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_dc( - copy_of_randomness); -} - -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_6d( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_96( copy_of_randomness); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c -======= This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::Kyber)} */ /** A monomorphic instance of libcrux_ml_kem.variant.kdf_33 ->>>>>>> main with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_99( - Eurydice_slice shared_secret, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_17(shared_secret, kdf_input); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_1d( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_08( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; libcrux_ml_kem_utils_into_padded_array_42(shared_secret, kdf_input); ->>>>>>> main Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret0[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_H_a9_31( - Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_44(ciphertext), -======= libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_07_4f(ciphertext), ->>>>>>> main + libcrux_ml_kem_types_as_slice_d4_4c(ciphertext), uint8_t), ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( -======= libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -7352,11 +4899,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cca_decapsulate_a90( -======= -static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( ->>>>>>> main +static inline void libcrux_ml_kem_ind_cca_decapsulate_c50( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7374,17 +4917,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_decrypt_04(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - libcrux_ml_kem_ind_cpa_decrypt_5e(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_b7(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -7392,11 +4928,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_G_a9_ab( -======= libcrux_ml_kem_hash_functions_avx2_G_a9_67( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -7405,25 +4937,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( -======= libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d9(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( ->>>>>>> main Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -7431,44 +4952,24 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_encrypt_50(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_88(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_99( -======= - libcrux_ml_kem_ind_cpa_encrypt_3b(uu____5, copy_of_decrypted, - pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_1d( ->>>>>>> main + libcrux_ml_kem_variant_kdf_33_08( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_99(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_33_08(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; -<<<<<<< HEAD libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_27(ciphertext), + libcrux_ml_kem_types_as_ref_00_d9(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - libcrux_ml_kem_variant_kdf_33_1d(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -7496,17 +4997,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_ea( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a90(private_key, ciphertext, ret); -======= -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_29( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_9f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a60(private_key, ciphertext, ret); ->>>>>>> main + libcrux_ml_kem_ind_cca_decapsulate_c50(private_key, ciphertext, ret); } /** @@ -7520,11 +5014,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { -<<<<<<< HEAD - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_ea( -======= - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_29( ->>>>>>> main + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_9f( private_key, ciphertext, ret); } @@ -7539,15 +5029,9 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_6b( - Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H_a9_31(randomness, ret); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_52( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_44( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_16(randomness, ret); ->>>>>>> main } /** @@ -7570,49 +5054,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b30( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_6b( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_010( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_020( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_52( + libcrux_ml_kem_variant_entropy_preprocess_33_44( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_H_a9_31( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_ae(public_key), -======= libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_91(public_key), ->>>>>>> main + libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_G_a9_ab( -======= libcrux_ml_kem_hash_functions_avx2_G_a9_67( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -7621,52 +5084,31 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_010( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); -======= - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t); ->>>>>>> main + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_encrypt_50(uu____2, copy_of_randomness, -======= - libcrux_ml_kem_ind_cpa_encrypt_3b(uu____2, copy_of_randomness, ->>>>>>> main + libcrux_ml_kem_ind_cpa_encrypt_88(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = -<<<<<<< HEAD - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_c4(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_99(shared_secret, &ciphertext0, -======= - libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_1d(shared_secret, &ciphertext0, ->>>>>>> main + libcrux_ml_kem_variant_kdf_33_08(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_3c result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } /** @@ -7691,22 +5133,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_60( -======= -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ce( ->>>>>>> main +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_b30(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_010(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_020(uu____0, copy_of_randomness); } /** @@ -7724,11 +5158,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_60( - uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ce( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e1( uu____0, copy_of_randomness); } @@ -7743,52 +5173,11 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_47( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_63( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G_a9_67(key_generation_seed, ret); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7799,12 +5188,12 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_810( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_47(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_63(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7824,7 +5213,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_810( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ee( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_07( uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -7832,17 +5221,17 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_810( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_7f( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_matrix_compute_As_plus_e_a2( + libcrux_ml_kem_matrix_compute_As_plus_e_67( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____5); + unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -7860,21 +5249,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_2f0( +libcrux_ml_kem_ind_cpa_generate_keypair_1c0( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); + libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_810( + libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_02( + libcrux_ml_kem_ind_cpa_serialize_public_key_39( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5f(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_72(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -7884,22 +5273,14 @@ libcrux_ml_kem_ind_cpa_generate_keypair_2f0( uint8_t copy_of_public_key_serialized[1184U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, + libcrux_ml_kem_utils_extraction_helper_Keypair768 result; + memcpy(result.fst, copy_of_secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, + memcpy(result.snd, copy_of_public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - return lit; + return result; } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7909,13 +5290,13 @@ with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_2a0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -7924,13 +5305,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_2f0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_1c0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0a( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_28( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7939,13 +5320,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_72(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_8b( - uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_8d( + uu____2, libcrux_ml_kem_types_from_5a_c6(copy_of_public_key)); } /** @@ -7962,12 +5343,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_2d( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_0a( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_510(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_2a0(copy_of_randomness); } /** @@ -7979,17 +5360,10 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_2d( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_0a( copy_of_randomness); } -/** - Validate an ML-KEM private key. - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -7999,7 +5373,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_ea( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_5e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -8015,9 +5389,6 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_ea( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } -/** - Portable private key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key with const @@ -8028,10 +5399,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_dc( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_72( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_ea(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_5e(private_key, ciphertext); } @@ -8044,7 +5415,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_dc( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_72( private_key, ciphertext); } @@ -8052,85 +5423,37 @@ static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_ea( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_a7( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_7d(); -} - -/** - See [deserialize_ring_elements_reduced_out]. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_750( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_49( - ring_element); - deserialized_pk[i0] = uu____0; - } + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a5( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_40( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_750( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_4f( public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); ->>>>>>> main } -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8140,27 +5463,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_06( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30( -======= -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_19( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_c9( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a5( ->>>>>>> main + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_40( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_serialize_public_key_51( -======= - libcrux_ml_kem_ind_cpa_serialize_public_key_02( ->>>>>>> main + libcrux_ml_kem_ind_cpa_serialize_public_key_39( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -8169,9 +5481,6 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_19( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -8181,41 +5490,21 @@ generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a6( - uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_06(public_key); -======= static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_8d( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_fc( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_19(public_key); ->>>>>>> main + return libcrux_ml_kem_ind_cca_validate_public_key_c9(public_key); } /** Validate a public key. -<<<<<<< HEAD - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a6( - public_key.value)) { - uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); - } else { - uu____0 = (CLITERAL(Option_92){.tag = None}); -======= Returns `true` if valid, and `false` otherwise. */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_8d( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_fc( public_key->value); } @@ -8241,11 +5530,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_5c( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_c2( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_40( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_88( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -8275,7 +5564,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_5c( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_d9(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -8287,11 +5576,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_5c( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_25( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + libcrux_ml_kem_types_as_ref_00_d9(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -8328,10 +5617,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_ed( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_0c( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_5c(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_c2(key_pair, ciphertext, ret); } /** @@ -8345,7 +5634,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_ed( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_0c( private_key, ciphertext, ret); } @@ -8368,7 +5657,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_d6( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_e2( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -8396,7 +5685,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_d6( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_25(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -8406,7 +5695,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_d6( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_c4(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -8440,7 +5729,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_ad( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_5c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -8448,7 +5737,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_ad( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_d6(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_e2(uu____0, copy_of_randomness); } @@ -8469,7 +5758,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_ad( + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_5c( uu____0, copy_of_randomness); } @@ -8489,8 +5778,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_58(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_d6_7d(); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_b0(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } /** @@ -8508,28 +5797,26 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_00( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_81( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@2])#1} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_17 +A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_17_8c( +libcrux_ml_kem_polynomial_clone_3a_c2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -8556,7 +5843,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_05( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -8566,19 +5853,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_05( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_81( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_00(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_81(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_clone_17_8c( + libcrux_ml_kem_polynomial_clone_3a_c2( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -8591,7 +5878,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_05( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_02( + libcrux_ml_kem_ind_cpa_serialize_public_key_39( out->public_key.ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice( (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), @@ -8605,7 +5892,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_05( Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____3); + unwrap_41_33(dst, uu____3); memcpy(out->private_key.implicit_rejection_value, uu____3, (size_t)32U * sizeof(uint8_t)); } @@ -8627,13 +5914,13 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_25( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_56( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_05(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15(copy_of_randomness, out); } /** @@ -8646,26 +5933,26 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_25( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_56( copy_of_randomness, key_pair); } /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_1c +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6c with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_default_1c_5d(void) { +libcrux_ml_kem_ind_cca_unpacked_default_6c_31(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; - lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); + lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); lit.public_key_hash[0U] = 0U; lit.public_key_hash[1U] = 0U; lit.public_key_hash[2U] = 0U; @@ -8704,10 +5991,10 @@ libcrux_ml_kem_ind_cca_unpacked_default_1c_5d(void) { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1])#3} +K>[TraitClause@0])#3} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_07 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6f with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 @@ -8715,9 +6002,9 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_c1(void) { + libcrux_ml_kem_ind_cca_unpacked_default_6f_0e(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0; - uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); + uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(); uu____0.implicit_rejection_value[0U] = 0U; uu____0.implicit_rejection_value[1U] = 0U; uu____0.implicit_rejection_value[2U] = 0U; @@ -8753,7 +6040,7 @@ static KRML_MUSTINLINE return ( CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_5d()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_6c_31()}); } /** @@ -8762,7 +6049,7 @@ static KRML_MUSTINLINE KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_c1(); + return libcrux_ml_kem_ind_cca_unpacked_default_6f_0e(); } /** @@ -8771,7 +6058,7 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_5d(); + return libcrux_ml_kem_ind_cca_unpacked_default_6c_31(); } /** @@ -8780,11 +6067,11 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1]} +K>[TraitClause@0]} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_a6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 @@ -8792,10 +6079,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_68( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_05( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_c2( + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_82( self->ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, uint8_t), @@ -8808,11 +6095,11 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_68( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +K>[TraitClause@0]#2} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_de with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_05 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 @@ -8820,10 +6107,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_c0( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_84( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_68( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_05( &self->public_key, serialized); } @@ -8835,24 +6122,24 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_c0(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_84(key_pair, serialized); } /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#2} +K>[TraitClause@1])#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_6f( +libcrux_ml_kem_ind_cpa_unpacked_clone_d6_c1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -8879,21 +6166,21 @@ libcrux_ml_kem_ind_cpa_unpacked_clone_ef_6f( /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@2])#4} +K>[TraitClause@1])#4} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_c7 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_clone_28_d0( +libcrux_ml_kem_ind_cca_unpacked_clone_c7_a6( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_6f(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_d6_c1(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -8907,17 +6194,17 @@ libcrux_ml_kem_ind_cca_unpacked_clone_28_d0( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +K>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_de +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_05 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * -libcrux_ml_kem_ind_cca_unpacked_public_key_de_42( +libcrux_ml_kem_ind_cca_unpacked_public_key_05_7a( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -8930,8 +6217,8 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_d0( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_42(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_c7_a6( + libcrux_ml_kem_ind_cca_unpacked_public_key_05_7a(key_pair)); pk[0U] = uu____0; } @@ -8942,7 +6229,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_68(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_05(public_key, serialized); } @@ -8960,13 +6247,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_4c( +libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_fe( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { Eurydice_slice uu____0 = Eurydice_array_to_subslice_to( (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_75( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_4f( uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); uint8_t uu____1[32U]; libcrux_ml_kem_utils_into_padded_array_423( @@ -8986,7 +6273,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_4c( uint8_t uu____3[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_91(public_key), + libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t), uu____3); memcpy(unpacked_public_key->public_key_hash, uu____3, @@ -9007,11 +6294,11 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_f9( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_f1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_4c(public_key, + libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_fe(public_key, unpacked_public_key); } @@ -9023,7 +6310,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_f9( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_f1( public_key, unpacked_public_key); } @@ -9032,11 +6319,7 @@ This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_clone_78(__m256i *self) { -======= -static inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { ->>>>>>> main return self[0U]; } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index d612a20b5..27d97ab36 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem768_avx2_types_H @@ -20,16 +20,36 @@ extern "C" { #include "eurydice_glue.h" -typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked; + +typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked; /** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t */ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - __m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; /** A monomorphic instance of @@ -43,20 +63,6 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 - libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked; - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types @@ -68,21 +74,15 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; /** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_avx2_SIMD256Vector + */ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + __m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; -typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked; +typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 89dfbaa23..5e1f37607 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem768_portable_H @@ -37,29 +29,6 @@ extern "C" { #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_THREE_BLOCKS \ (LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE * (size_t)3U) -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G( - Eurydice_slice input, uint8_t ret[64U]) { - uint8_t digest[64U] = {0U}; - libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); - memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H( - Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -typedef struct libcrux_ml_kem_hash_functions_neon_Simd128Hash_s { - libcrux_sha3_neon_x2_incremental_KeccakState shake128_state[2U]; -} libcrux_ml_kem_hash_functions_neon_Simd128Hash; - -======= ->>>>>>> main static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; @@ -83,12 +52,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( (LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + \ LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) -typedef struct libcrux_ml_kem_ind_cca_Kyber_s { -} libcrux_ml_kem_ind_cca_Kyber; - -typedef struct libcrux_ml_kem_ind_cca_MlKem_s { -} libcrux_ml_kem_ind_cca_MlKem; - typedef uint8_t libcrux_ml_kem_ind_cca_MlKemSharedSecret[32U]; static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = @@ -152,11 +115,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); -<<<<<<< HEAD unwrap_41_30(dst, ret); -======= - unwrap_26_30(dst, ret); ->>>>>>> main memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -267,7 +226,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = r0_10.fst; ret[1U] = r0_10.snd; ret[2U] = r0_10.thd; @@ -290,32 +248,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_11( ret[19U] = r11_21.f8; ret[20U] = r11_21.f9; ret[21U] = r11_21.f10; -======= - uint8_t result[22U] = {0U}; - result[0U] = r0_10.fst; - result[1U] = r0_10.snd; - result[2U] = r0_10.thd; - result[3U] = r0_10.f3; - result[4U] = r0_10.f4; - result[5U] = r0_10.f5; - result[6U] = r0_10.f6; - result[7U] = r0_10.f7; - result[8U] = r0_10.f8; - result[9U] = r0_10.f9; - result[10U] = r0_10.f10; - result[11U] = r11_21.fst; - result[12U] = r11_21.snd; - result[13U] = r11_21.thd; - result[14U] = r11_21.f3; - result[15U] = r11_21.f4; - result[16U] = r11_21.f5; - result[17U] = r11_21.f6; - result[18U] = r11_21.f7; - result[19U] = r11_21.f8; - result[20U] = r11_21.f9; - result[21U] = r11_21.f10; - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -409,7 +341,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_7.fst; lit.elements[1U] = v0_7.snd; @@ -428,27 +359,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { lit.elements[14U] = v8_15.f6; lit.elements[15U] = v8_15.f7; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; ->>>>>>> main } /** @@ -1118,7 +1028,6 @@ libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -1126,27 +1035,6 @@ libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( if (vec.elements[i0] >= (int16_t)3329) { size_t uu____0 = i0; vec.elements[uu____0] = vec.elements[uu____0] - (int16_t)3329; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - Option_b3 uu____0 = - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( - &iter, size_t, Option_b3); - if (uu____0.tag == None) { - return v; - } else { - size_t i = uu____0.f0; - if (v.elements[i] >= (int16_t)3329) { - size_t uu____1 = i; - v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; - } ->>>>>>> main } } return vec; @@ -1181,13 +1069,9 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) -<<<<<<< HEAD Note: The input bound is 28296 to prevent overflow in the multiplication of quotient by FIELD_MODULUS -======= - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. ->>>>>>> main */ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( @@ -1239,19 +1123,12 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - the absolute value of `o` is bound as follows: -<<<<<<< HEAD `|result| ≤ ceil(|value| / MONTGOMERY_R) + 1665 In particular, if `|value| ≤ FIELD_MODULUS-1 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS-1`. And, if `|value| ≤ pow2 16 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS + 1664 -======= - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) - - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. ->>>>>>> main */ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( @@ -1616,28 +1493,6 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, @@ -1747,7 +1602,6 @@ static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { -<<<<<<< HEAD int16_t result0 = (int16_t)((uint32_t)Eurydice_slice_index( v, (size_t)0U, uint8_t, uint8_t *) & 1U); @@ -1828,26 +1682,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { lit.elements[14U] = result14; lit.elements[15U] = result15; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_portable_vector_type_zero(); - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)0U, uint8_t, uint8_t *) >> - (uint32_t)i0 & - 1U); - } - for (size_t i = (size_t)8U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)1U, uint8_t, uint8_t *) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); - } - return result; ->>>>>>> main } /** @@ -1904,7 +1738,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_4( libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = result0_3.fst; ret[1U] = result0_3.snd; ret[2U] = result0_3.thd; @@ -1913,18 +1746,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_4( ret[5U] = result4_7.snd; ret[6U] = result4_7.thd; ret[7U] = result4_7.f3; -======= - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -1984,7 +1805,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_7.fst; lit.elements[1U] = v0_7.snd; @@ -2003,27 +1823,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { lit.elements[14U] = v8_15.f6; lit.elements[15U] = v8_15.f7; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; ->>>>>>> main } /** @@ -2077,7 +1876,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_5( uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = r0_4.fst; ret[1U] = r0_4.snd; ret[2U] = r0_4.thd; @@ -2088,20 +1886,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_5( ret[7U] = r5_9.thd; ret[8U] = r5_9.f3; ret[9U] = r5_9.f4; -======= - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -2172,7 +1956,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_7.fst; lit.elements[1U] = v0_7.snd; @@ -2191,27 +1974,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { lit.elements[14U] = v8_15.f6; lit.elements[15U] = v8_15.f7; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; ->>>>>>> main } /** @@ -2273,7 +2035,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_10( uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = r0_4.fst; ret[1U] = r0_4.snd; ret[2U] = r0_4.thd; @@ -2294,30 +2055,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_10( ret[17U] = r15_19.thd; ret[18U] = r15_19.f3; ret[19U] = r15_19.f4; -======= - uint8_t result[20U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - result[10U] = r10_14.fst; - result[11U] = r10_14.snd; - result[12U] = r10_14.thd; - result[13U] = r10_14.f3; - result[14U] = r10_14.f4; - result[15U] = r15_19.fst; - result[16U] = r15_19.snd; - result[17U] = r15_19.thd; - result[18U] = r15_19.f3; - result[19U] = r15_19.f4; - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -2396,7 +2133,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_7.fst; lit.elements[1U] = v0_7.snd; @@ -2415,27 +2151,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { lit.elements[14U] = v8_15.f6; lit.elements[15U] = v8_15.f7; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; ->>>>>>> main } /** @@ -2493,7 +2208,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_12( uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = r0_2.fst; ret[1U] = r0_2.snd; ret[2U] = r0_2.thd; @@ -2518,34 +2232,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_12( ret[21U] = r21_23.fst; ret[22U] = r21_23.snd; ret[23U] = r21_23.thd; -======= - uint8_t result[24U] = {0U}; - result[0U] = r0_2.fst; - result[1U] = r0_2.snd; - result[2U] = r0_2.thd; - result[3U] = r3_5.fst; - result[4U] = r3_5.snd; - result[5U] = r3_5.thd; - result[6U] = r6_8.fst; - result[7U] = r6_8.snd; - result[8U] = r6_8.thd; - result[9U] = r9_11.fst; - result[10U] = r9_11.snd; - result[11U] = r9_11.thd; - result[12U] = r12_14.fst; - result[13U] = r12_14.snd; - result[14U] = r12_14.thd; - result[15U] = r15_17.fst; - result[16U] = r15_17.snd; - result[17U] = r15_17.thd; - result[18U] = r18_20.fst; - result[19U] = r18_20.snd; - result[20U] = r18_20.thd; - result[21U] = r21_23.fst; - result[22U] = r21_23.snd; - result[23U] = r21_23.thd; - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -2598,7 +2284,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_1.fst; lit.elements[1U] = v0_1.snd; @@ -2617,27 +2302,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { lit.elements[14U] = v14_15.fst; lit.elements[15U] = v14_15.snd; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector re = - libcrux_ml_kem_vector_portable_vector_type_zero(); - re.elements[0U] = v0_1.fst; - re.elements[1U] = v0_1.snd; - re.elements[2U] = v2_3.fst; - re.elements[3U] = v2_3.snd; - re.elements[4U] = v4_5.fst; - re.elements[5U] = v4_5.snd; - re.elements[6U] = v6_7.fst; - re.elements[7U] = v6_7.snd; - re.elements[8U] = v8_9.fst; - re.elements[9U] = v8_9.snd; - re.elements[10U] = v10_11.fst; - re.elements[11U] = v10_11.snd; - re.elements[12U] = v12_13.fst; - re.elements[13U] = v12_13.snd; - re.elements[14U] = v14_15.fst; - re.elements[15U] = v14_15.snd; - return re; ->>>>>>> main } /** @@ -2784,28 +2448,16 @@ typedef libcrux_ml_kem_types_MlKemPublicKey_15 /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_ZERO_20_1c(void) { -======= -libcrux_ml_kem_polynomial_ZERO_d6_19(void) { ->>>>>>> main +libcrux_ml_kem_polynomial_ZERO_20_19(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2833,13 +2485,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_0f(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_12(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_a5(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_19(); } /** @@ -2849,17 +2496,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a9( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_90( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_50( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2872,29 +2512,18 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_90( return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_92( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_e1( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_55( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { -<<<<<<< HEAD - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2907,11 +2536,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_e1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a9( -======= - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_90( ->>>>>>> main + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_50( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2933,13 +2558,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_99(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_2f(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_e3(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_19(); } /** @@ -2949,11 +2569,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df( -======= -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b( ->>>>>>> main +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2978,15 +2594,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df( -======= -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b( ->>>>>>> main + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be( v); } @@ -2997,11 +2607,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_10_40( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_c8( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_1c(); + libcrux_ml_kem_polynomial_ZERO_20_19(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -3009,12 +2618,6 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_40( libcrux_ml_kem_vector_portable_vector_type_PortableVector), libcrux_ml_kem_vector_portable_vector_type_PortableVector), size_t, void *); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_10_d0( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -3023,11 +2626,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_d0( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f( -======= - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e( ->>>>>>> main + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f( coefficient); re.coefficients[i0] = uu____0; } @@ -3041,11 +2640,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df0( -======= -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b0( ->>>>>>> main +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3070,15 +2665,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f0( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df0( -======= -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e0( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b0( ->>>>>>> main + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be0( v); } @@ -3089,17 +2678,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_11_c9( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_11_58( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_c6( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -3108,11 +2690,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_58( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f0( -======= - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e0( ->>>>>>> main + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f0( coefficient); re.coefficients[i0] = uu____0; } @@ -3126,15 +2704,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_86( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_40(serialized); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5f( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_a4( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_d0(serialized); ->>>>>>> main + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_c8(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -3149,11 +2721,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_77( -======= -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_2c( ->>>>>>> main +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3167,20 +2735,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 -<<<<<<< HEAD - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_67( -======= - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_02( ->>>>>>> main + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = -<<<<<<< HEAD - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_77(b, zeta_r); -======= - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_2c(b, zeta_r); ->>>>>>> main + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5e(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3194,11 +2754,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3211,11 +2767,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_67( -======= - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_02( ->>>>>>> main + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d1( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3232,11 +2784,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_82( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_e9( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_1b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3256,11 +2804,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_8a( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_34( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_ea( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3269,14 +2813,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_34( re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], -<<<<<<< HEAD libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U)); -======= - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); ->>>>>>> main zeta_i[0U] = zeta_i[0U] + (size_t)1U; } } @@ -3287,7 +2825,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_bd( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_21( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3296,47 +2834,25 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_bd( re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], -<<<<<<< HEAD libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)2U), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)3U)); -======= - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); ->>>>>>> main zeta_i[0U] = zeta_i[0U] + (size_t)3U; } } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_6b( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a9( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3354,48 +2870,26 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_70( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_ec( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U, (size_t)2U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U, (size_t)3U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U, (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_82(&zeta_i, re, (size_t)3U, + libcrux_ml_kem_ntt_ntt_at_layer_3_1b(&zeta_i, re, (size_t)3U, (size_t)5U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_8a(&zeta_i, re, (size_t)2U, + libcrux_ml_kem_ntt_ntt_at_layer_2_ea(&zeta_i, re, (size_t)2U, (size_t)6U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, + libcrux_ml_kem_ntt_ntt_at_layer_1_21(&zeta_i, re, (size_t)1U, (size_t)7U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_6b(re); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_b0( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_e9(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_34(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_bd(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a9(re); ->>>>>>> main + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3405,20 +2899,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8b( -======= -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_75( ->>>>>>> main +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_70( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { -<<<<<<< HEAD - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -3438,15 +2924,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_75( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = -<<<<<<< HEAD - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_86( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_a4( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_70(&u_as_ntt[i0]); -======= - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5f( - u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_b0(&u_as_ntt[i0]); ->>>>>>> main + libcrux_ml_kem_ntt_ntt_vector_u_ec(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3460,11 +2940,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df1( -======= -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b1( ->>>>>>> main +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3489,15 +2965,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df1( -======= -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e1( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b1( ->>>>>>> main + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be1( v); } @@ -3508,17 +2978,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_4_51( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_c5( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_4_ef( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -3527,11 +2990,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_ef( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f1( -======= - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e1( ->>>>>>> main + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f1( coefficient); re.coefficients[i0] = uu____0; } @@ -3545,11 +3004,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df2( -======= -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b2( ->>>>>>> main +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3574,15 +3029,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f2( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df2( -======= -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e2( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b2( ->>>>>>> main + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be2( v); } @@ -3593,17 +3042,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_5_c6( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_5_5a( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_20( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3612,11 +3054,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_5a( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = -<<<<<<< HEAD - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f2( -======= - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e2( ->>>>>>> main + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f2( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3630,10 +3068,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e2( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_7c( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_51(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_c5(serialized); } /** @@ -3642,65 +3079,16 @@ This function found in impl */ /** A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_6e( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_ef(serialized); -} - -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_ntt_multiply_20_23( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_polynomial_ntt_multiply_d6_27( +libcrux_ml_kem_polynomial_ntt_multiply_20_76( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3720,33 +3108,16 @@ libcrux_ml_kem_polynomial_ntt_multiply_d6_27( } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -======= - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_fc( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3770,11 +3141,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_e7( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_e0( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_fe( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3783,20 +3150,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_e0( re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], -<<<<<<< HEAD libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)2U), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)3U)); -======= - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); ->>>>>>> main zeta_i[0U] = zeta_i[0U] - (size_t)3U; } } @@ -3807,11 +3164,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e9( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_7c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3820,14 +3173,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53( re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], -<<<<<<< HEAD libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U)); -======= - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); ->>>>>>> main zeta_i[0U] = zeta_i[0U] - (size_t)1U; } } @@ -3838,11 +3185,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_2b( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_29( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_23( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3864,11 +3207,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 -<<<<<<< HEAD - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_42( -======= - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_35( ->>>>>>> main + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ca( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3876,11 +3215,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); -<<<<<<< HEAD - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_77(a_minus_b, zeta_r); -======= - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_2c(a_minus_b, zeta_r); ->>>>>>> main + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5e(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3893,11 +3228,7 @@ with const generics */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a( -======= -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13( ->>>>>>> main +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3912,11 +3243,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_42( -======= - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_35( ->>>>>>> main + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ca( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3933,67 +3260,36 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_31( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_e7(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e9(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_2b(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a(&zeta_i, re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a(&zeta_i, re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a(&zeta_i, re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a(&zeta_i, re, - (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_6b(re); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_bc( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_e0(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_29(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_fe(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_23(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a9(re); ->>>>>>> main + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a(re); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_subtract_reduce_20_f5( -======= -libcrux_ml_kem_polynomial_subtract_reduce_d6_5f( ->>>>>>> main +libcrux_ml_kem_polynomial_subtract_reduce_20_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -4012,12 +3308,6 @@ libcrux_ml_kem_polynomial_subtract_reduce_d6_5f( return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4025,38 +3315,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_matrix_compute_message_a9( -======= -libcrux_ml_kem_matrix_compute_message_5b( ->>>>>>> main +libcrux_ml_kem_matrix_compute_message_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = -<<<<<<< HEAD - libcrux_ml_kem_polynomial_ZERO_20_1c(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_23(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_fc(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_31(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_f5(v, result); -======= - libcrux_ml_kem_polynomial_ZERO_d6_19(); + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_27(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_bc(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_d6_5f(v, result); ->>>>>>> main + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_7e(v, result); return result; } @@ -4066,13 +3339,8 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_arithmetic_shift_right_58( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_95( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { -======= -libcrux_ml_kem_vector_portable_arithmetic_shift_right_7d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { ->>>>>>> main for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4091,15 +3359,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_shift_right_0d_f1( +libcrux_ml_kem_vector_portable_shift_right_0d_64( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_58(v); -======= -libcrux_ml_kem_vector_portable_shift_right_0d_46( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_7d(v); ->>>>>>> main + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_95(v); } /** @@ -4109,17 +3371,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_traits_to_unsigned_representative_87( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_f1(a); -======= -libcrux_ml_kem_vector_traits_to_unsigned_representative_08( +libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_46(a); ->>>>>>> main + libcrux_ml_kem_vector_portable_shift_right_0d_64(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4133,21 +3388,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_message_f1( -======= -libcrux_ml_kem_serialize_compress_then_serialize_message_71( ->>>>>>> main +libcrux_ml_kem_serialize_compress_then_serialize_message_39( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - libcrux_ml_kem_vector_traits_to_unsigned_representative_87( -======= - libcrux_ml_kem_vector_traits_to_unsigned_representative_08( ->>>>>>> main + libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -4163,30 +3410,6 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_71( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4197,37 +3420,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_eb( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8b(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e2( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_a9(&v, secret_key->secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_f1(message, ret0); -======= -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b6( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_15( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_75(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_70(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_6e( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_7c( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_5b(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_60(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_71(message, ret0); ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_message_39(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4241,19 +3447,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_decrypt_30(Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_92(secret_key, secret_as_ntt); -======= -static inline void libcrux_ml_kem_ind_cpa_decrypt_75(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_80(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_e1(secret_key, secret_as_ntt); ->>>>>>> main + libcrux_ml_kem_ind_cpa_deserialize_secret_key_55(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -4264,17 +3462,10 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_75(Eurydice_slice secret_key, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -<<<<<<< HEAD uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_eb(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_15(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -======= - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_b6(&secret_key_unpacked, ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -4286,11 +3477,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_d0( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_07( ->>>>>>> main Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -4300,11 +3487,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_03( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_44( ->>>>>>> main Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -4322,23 +3505,6 @@ with const generics - K= 3 - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( - Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_03(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_2e( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_PRF_44(input, ret); @@ -4347,19 +3513,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - uu____0[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } uint8_t uu____1[32U] = {0U}; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 lit; @@ -4367,25 +3533,18 @@ libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(void) { lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); return lit; ->>>>>>> main } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -4393,17 +3552,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_62( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e4( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b2( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4418,9 +3570,6 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e4( return re; } -/** - See [deserialize_ring_elements_reduced_out]. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4428,19 +3577,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_07( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); - } -======= -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e2( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_22( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4452,46 +3591,10 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e2( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_62( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_4d(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_1c(); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -*/ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_a3( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); - } -======= - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e4( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b2( ring_element); deserialized_pk[i0] = uu____0; } ->>>>>>> main } /** @@ -4510,11 +3613,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_40( -======= -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_37( ->>>>>>> main +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_37( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4547,20 +3646,12 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_83( -======= -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_17( ->>>>>>> main +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_17( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); -<<<<<<< HEAD - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_40( -======= - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_37( ->>>>>>> main + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_37( copy_of_input); } @@ -4571,11 +3662,7 @@ const generics - K= 3 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_9a( -======= -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_72( ->>>>>>> main +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_72( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; @@ -4599,19 +3686,11 @@ with const generics - K= 3 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_20( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_75( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_9a( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_72( self, ret); -======= -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_75( - libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, - uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_72(self, - ret); ->>>>>>> main } /** @@ -4663,11 +3742,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89( -======= libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb( ->>>>>>> main uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -4709,11 +3784,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ea( -======= -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_e6( ->>>>>>> main +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_e6( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; @@ -4737,18 +3808,11 @@ generics - K= 3 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_04( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_48( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ea(self, + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_e6(self, ret); -======= -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_48( - libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, - uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_e6(self, ret); ->>>>>>> main } /** @@ -4800,11 +3864,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890( -======= libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb0( ->>>>>>> main uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -4841,32 +3901,18 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb0( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_from_i16_array_20_d3(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_bb(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_polynomial_from_i16_array_d6_bb(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -4887,13 +3933,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_xof_closure_2c(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_d3( -======= libcrux_ml_kem_sampling_sample_from_xof_closure_ba(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_d6_bb( ->>>>>>> main + return libcrux_ml_kem_polynomial_from_i16_array_20_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4904,11 +3945,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_1b( -======= static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_49( ->>>>>>> main uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -4917,47 +3954,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_49( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_83( - copy_of_seeds); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_20( -======= - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_17( + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_17( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_75( ->>>>>>> main + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_75( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); -<<<<<<< HEAD - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89( -======= bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb( ->>>>>>> main copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_04( -======= - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_48( ->>>>>>> main + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_48( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); -<<<<<<< HEAD - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890( -======= done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb0( ->>>>>>> main copy_of_randomness, sampled_coefficients, out); } } @@ -4967,11 +3985,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_49( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = -<<<<<<< HEAD - libcrux_ml_kem_sampling_sample_from_xof_closure_2c(copy_of_out[i]); -======= libcrux_ml_kem_sampling_sample_from_xof_closure_ba(copy_of_out[i]); ->>>>>>> main } memcpy( ret, ret0, @@ -4985,19 +3999,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_0b( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_a3(i, A_transpose[i]); - } -======= static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ae( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { ->>>>>>> main for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5016,11 +4020,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ae( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; -<<<<<<< HEAD - libcrux_ml_kem_sampling_sample_from_xof_1b(copy_of_seeds, sampled); -======= libcrux_ml_kem_sampling_sample_from_xof_49(copy_of_seeds, sampled); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5037,16 +4037,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ae( } } } -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U][3U]; - memcpy(result, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - memcpy(ret, result, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); -======= ->>>>>>> main } /** @@ -5071,13 +4061,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_06(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_52(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_25(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_19(); } /** @@ -5086,11 +4071,7 @@ with const generics - K= 3 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_d3( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_d5( ->>>>>>> main uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -5112,66 +4093,11 @@ with const generics - K= 3 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_bf( - uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_d3(input, ret); -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_9f( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { libcrux_ml_kem_hash_functions_portable_PRFxN_d5(input, ret); ->>>>>>> main } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -5179,11 +4105,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_d9( -======= -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_d1( ->>>>>>> main +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_1b( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -5218,11 +4140,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_d1( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } -<<<<<<< HEAD - return libcrux_ml_kem_polynomial_from_i16_array_20_d3( -======= - return libcrux_ml_kem_polynomial_from_i16_array_d6_bb( ->>>>>>> main + return libcrux_ml_kem_polynomial_from_i16_array_20_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -5233,11 +4151,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_af( -======= -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_a6( ->>>>>>> main +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_ee( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -5271,11 +4185,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_a6( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } -<<<<<<< HEAD - return libcrux_ml_kem_polynomial_from_i16_array_20_d3( -======= - return libcrux_ml_kem_polynomial_from_i16_array_d6_bb( ->>>>>>> main + return libcrux_ml_kem_polynomial_from_i16_array_20_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -5286,15 +4196,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_binomial_distribution_d8( - Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_d9( -======= -libcrux_ml_kem_sampling_sample_from_binomial_distribution_dd( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_ce( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_d1( ->>>>>>> main + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_1b( randomness); } @@ -5304,11 +4208,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_99( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_98( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_73( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -5331,46 +4231,25 @@ with const generics */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_a0( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_99(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_73(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U, (size_t)11207U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U, (size_t)11207U + (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06( + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18( &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_82( + libcrux_ml_kem_ntt_ntt_at_layer_3_1b( &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_8a( + libcrux_ml_kem_ntt_ntt_at_layer_2_ea( &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f( + libcrux_ml_kem_ntt_ntt_at_layer_1_21( &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_6b(re); -======= -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_fb( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_98(re); - size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_e9(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_34(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_bd(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a9(re); ->>>>>>> main + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5380,20 +4259,10 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_06(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); - } -======= static KRML_MUSTINLINE uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_83( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5407,23 +4276,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_83( domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_bf(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_d8( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_a0(&re_as_ntt[i0]); - } -======= libcrux_ml_kem_hash_functions_portable_PRFxN_f1_9f(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_dd( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_fb(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b3(&re_as_ntt[i0]); } return domain_separator; } @@ -5438,18 +4297,17 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_86( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_83( + domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3c( uu____0, uu____1, domain_separator); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -5457,11 +4315,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_86( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_re_as_ntt, -======= - lit.fst, copy_of_re_as_ntt, ->>>>>>> main (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -5477,18 +4331,10 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_20(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_3a(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_3e(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_19(); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5499,19 +4345,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_a2(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2b(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -5526,19 +4364,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2b(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_bf(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_d8( -======= libcrux_ml_kem_hash_functions_portable_PRFxN_f1_9f(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_dd( ->>>>>>> main + libcrux_ml_kem_sampling_sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -5549,11 +4379,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2b(uint8_t prf_input[33U], (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_error_1, -======= - lit.fst, copy_of_error_1, ->>>>>>> main (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -5564,11 +4390,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_030( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_440( ->>>>>>> main Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -5586,15 +4408,9 @@ with const generics - K= 3 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_c80( - Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_030(input, ret); -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9d0( Eurydice_slice input, uint8_t ret[128U]) { libcrux_ml_kem_hash_functions_portable_PRF_440(input, ret); ->>>>>>> main } /** @@ -5604,38 +4420,21 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_matrix_compute_vector_u_closure_52(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_matrix_compute_vector_u_closure_e7(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main +libcrux_ml_kem_matrix_compute_vector_u_closure_76(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_19(); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_06( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_0d( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_9d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5653,31 +4452,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_0d( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_4b( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_f7( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_42( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { -<<<<<<< HEAD - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= - result[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5698,22 +4486,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_f7( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = -<<<<<<< HEAD - libcrux_ml_kem_polynomial_ntt_multiply_20_23(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_fc(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_76(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_31(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_06(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_9d(&result0[i1], &error_1[i1]); -======= - libcrux_ml_kem_polynomial_ntt_multiply_d6_27(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_bc(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_d6_0d(&result[i1], &error_1[i1]); ->>>>>>> main } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -5731,15 +4510,9 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_traits_decompress_1_4c( +libcrux_ml_kem_vector_traits_decompress_1_f7( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { libcrux_ml_kem_vector_portable_vector_type_PortableVector z = -======= -libcrux_ml_kem_vector_traits_decompress_1_94( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = ->>>>>>> main libcrux_ml_kem_vector_portable_ZERO_0d(); libcrux_ml_kem_vector_portable_vector_type_PortableVector s = libcrux_ml_kem_vector_portable_sub_0d(z, &vec); @@ -5756,17 +4529,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_message_52( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_f0( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_message_4d( - uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5776,11 +4542,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_4d( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_vector_traits_decompress_1_4c(coefficient_compressed); -======= - libcrux_ml_kem_vector_traits_decompress_1_94(coefficient_compressed); ->>>>>>> main + libcrux_ml_kem_vector_traits_decompress_1_f7(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -5788,28 +4550,16 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_4d( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_add_message_error_reduce_20_8c( -======= -libcrux_ml_kem_polynomial_add_message_error_reduce_d6_92( ->>>>>>> main +libcrux_ml_kem_polynomial_add_message_error_reduce_20_e4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -5832,9 +4582,6 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_d6_92( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5842,39 +4589,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_matrix_compute_ring_element_v_66( -======= -libcrux_ml_kem_matrix_compute_ring_element_v_04( ->>>>>>> main +libcrux_ml_kem_matrix_compute_ring_element_v_58( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = -<<<<<<< HEAD - libcrux_ml_kem_polynomial_ZERO_20_1c(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_23(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_fc(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_31(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_8c( -======= - libcrux_ml_kem_polynomial_ZERO_d6_19(); + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_27(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_bc(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_92( ->>>>>>> main + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_e4( error_2, message, result); return result; } @@ -5885,11 +4615,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_compress_0c( -======= -libcrux_ml_kem_vector_portable_compress_compress_20( ->>>>>>> main +libcrux_ml_kem_vector_portable_compress_compress_6c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5912,15 +4638,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_0d_9a( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_0c(v); -======= -libcrux_ml_kem_vector_portable_compress_0d_0c( +libcrux_ml_kem_vector_portable_compress_0d_20( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_20(v); ->>>>>>> main + return libcrux_ml_kem_vector_portable_compress_compress_6c(v); } /** @@ -5930,24 +4650,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_10_a9( -======= -libcrux_ml_kem_serialize_compress_then_serialize_10_95( ->>>>>>> main +libcrux_ml_kem_serialize_compress_then_serialize_10_04( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - libcrux_ml_kem_vector_portable_compress_0d_9a( - libcrux_ml_kem_vector_traits_to_unsigned_representative_87( -======= - libcrux_ml_kem_vector_portable_compress_0d_0c( - libcrux_ml_kem_vector_traits_to_unsigned_representative_08( ->>>>>>> main + libcrux_ml_kem_vector_portable_compress_0d_20( + libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -5965,11 +4676,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_compress_0c0( -======= -libcrux_ml_kem_vector_portable_compress_compress_200( ->>>>>>> main +libcrux_ml_kem_vector_portable_compress_compress_6c0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5992,15 +4699,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_0d_9a0( +libcrux_ml_kem_vector_portable_compress_0d_200( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_0c0(v); -======= -libcrux_ml_kem_vector_portable_compress_0d_0c0( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_200(v); ->>>>>>> main + return libcrux_ml_kem_vector_portable_compress_compress_6c0(v); } /** @@ -6010,24 +4711,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_11_e2( -======= -libcrux_ml_kem_serialize_compress_then_serialize_11_c1( ->>>>>>> main +libcrux_ml_kem_serialize_compress_then_serialize_11_41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - libcrux_ml_kem_vector_portable_compress_0d_9a0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_87( -======= - libcrux_ml_kem_vector_portable_compress_0d_0c0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_08( ->>>>>>> main + libcrux_ml_kem_vector_portable_compress_0d_200( + libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -6047,23 +4739,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_31( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_a9(re, uu____0); -======= -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_9c( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_ae( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_95(re, uu____0); ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_10_04(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6073,11 +4755,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_ed( -======= -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c0( ->>>>>>> main +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_48( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6093,11 +4771,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c0( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; -<<<<<<< HEAD - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_31(&re, -======= - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_9c(&re, ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_ae(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -6110,11 +4784,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_compress_0c1( -======= -libcrux_ml_kem_vector_portable_compress_compress_201( ->>>>>>> main +libcrux_ml_kem_vector_portable_compress_compress_6c1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -6137,15 +4807,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_0d_9a1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_0c1(v); -======= -libcrux_ml_kem_vector_portable_compress_0d_0c1( +libcrux_ml_kem_vector_portable_compress_0d_201( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_201(v); ->>>>>>> main + return libcrux_ml_kem_vector_portable_compress_compress_6c1(v); } /** @@ -6155,11 +4819,7 @@ with const generics */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_4_55( -======= -libcrux_ml_kem_serialize_compress_then_serialize_4_c5( ->>>>>>> main +libcrux_ml_kem_serialize_compress_then_serialize_4_b6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -6168,13 +4828,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_c5( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - libcrux_ml_kem_vector_portable_compress_0d_9a1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_87( -======= - libcrux_ml_kem_vector_portable_compress_0d_0c1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_08( ->>>>>>> main + libcrux_ml_kem_vector_portable_compress_0d_201( + libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -6191,11 +4846,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_compress_0c2( -======= -libcrux_ml_kem_vector_portable_compress_compress_202( ->>>>>>> main +libcrux_ml_kem_vector_portable_compress_compress_6c2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -6218,15 +4869,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_0d_9a2( +libcrux_ml_kem_vector_portable_compress_0d_202( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_0c2(v); -======= -libcrux_ml_kem_vector_portable_compress_0d_0c2( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_202(v); ->>>>>>> main + return libcrux_ml_kem_vector_portable_compress_compress_6c2(v); } /** @@ -6236,7 +4881,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_b5( +libcrux_ml_kem_serialize_compress_then_serialize_5_a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -6245,13 +4890,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_b5( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = -<<<<<<< HEAD - libcrux_ml_kem_vector_portable_compress_0d_9a2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_87( -======= - libcrux_ml_kem_vector_portable_compress_0d_0c2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_08( ->>>>>>> main + libcrux_ml_kem_vector_portable_compress_0d_202( + libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -6270,58 +4910,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_2d( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_55(re, out); -======= -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_8b( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_c5(re, out); ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_4_b6(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6340,18 +4933,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_d7( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_06( -======= -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_02( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -6359,8 +4941,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_86( ->>>>>>> main + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -6370,11 +4951,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); -<<<<<<< HEAD - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_a2( -======= - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2b( ->>>>>>> main + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -6383,58 +4960,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_PRF_f1_c80( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_d8( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_4b(public_key->A, r_as_ntt, error_1, -======= libcrux_ml_kem_hash_functions_portable_PRF_f1_9d0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_dd( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_f7(public_key->A, r_as_ntt, error_1, ->>>>>>> main + libcrux_ml_kem_matrix_compute_vector_u_42(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = -<<<<<<< HEAD - libcrux_ml_kem_serialize_deserialize_then_decompress_message_52( - copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_66( -======= - libcrux_ml_kem_serialize_deserialize_then_decompress_message_4d( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_f0( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_04( ->>>>>>> main + libcrux_ml_kem_matrix_compute_ring_element_v_58( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_ed( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_48( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_2d( -======= - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c0( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_8b( ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_79( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -6458,65 +5010,13 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_encrypt_95(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_ca(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_07( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_0b(ret0, false, A); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_d7(uu____3, copy_of_message, - randomness, result); - memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); -======= -static inline void libcrux_ml_kem_ind_cpa_encrypt_d1(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e2( + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_22( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -6531,11 +5031,10 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_d1(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3(uu____1, copy_of_message, - randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); ->>>>>>> main + uint8_t result[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_02(uu____1, copy_of_message, + randomness, result); + memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } /** @@ -6549,22 +5048,13 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_85( - Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, - uint8_t ret[32U]) { - Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_a7( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_1a( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -6589,11 +5079,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cca_decapsulate_b2( -======= -static inline void libcrux_ml_kem_ind_cca_decapsulate_b6( ->>>>>>> main +static inline void libcrux_ml_kem_ind_cca_decapsulate_68( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6611,17 +5097,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b6( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_decrypt_30(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - libcrux_ml_kem_ind_cpa_decrypt_75(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_80(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -6629,11 +5108,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b6( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_G_f1_d0( -======= libcrux_ml_kem_hash_functions_portable_G_f1_07( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -6642,25 +5117,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b6( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( -======= libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d9(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( ->>>>>>> main Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -6668,49 +5132,26 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b6( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_encrypt_95(uu____5, copy_of_decrypted, - pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_85( -======= - libcrux_ml_kem_ind_cpa_encrypt_d1(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_ca(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_a7( ->>>>>>> main + libcrux_ml_kem_variant_kdf_d8_1a( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_85(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_d8_1a(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; -<<<<<<< HEAD libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_27(ciphertext), + libcrux_ml_kem_types_as_ref_00_d9(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - libcrux_ml_kem_variant_kdf_d8_a7(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -6732,17 +5173,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b1( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b2(private_key, ciphertext, ret); -======= -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8a( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_85( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b6(private_key, ciphertext, ret); ->>>>>>> main + libcrux_ml_kem_ind_cca_decapsulate_68(private_key, ciphertext, ret); } /** @@ -6755,185 +5189,13 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8a( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { -<<<<<<< HEAD - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b1( -======= - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8a( ->>>>>>> main + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_85( private_key, ciphertext, ret); } /** -<<<<<<< HEAD -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_33( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_eb( - &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_d0( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_170( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_d7( - uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_27(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_ed( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_33(key_pair, ciphertext, - ret); -} - -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ -static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_ed( - private_key, ciphertext, ret); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} -======= This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)#1} ->>>>>>> main */ /** A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 @@ -6941,20 +5203,12 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_63( - Eurydice_slice randomness, uint8_t ret[32U]) { - Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_b0( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_b7( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -6966,11 +5220,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_fd( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_c6( ->>>>>>> main Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -6994,49 +5244,28 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_93( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_63( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c6( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_b0( + libcrux_ml_kem_variant_entropy_preprocess_d8_b7( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_H_f1_fd( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_ae(public_key), -======= libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_91(public_key), ->>>>>>> main + libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_G_f1_d0( -======= libcrux_ml_kem_hash_functions_portable_G_f1_07( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -7045,52 +5274,31 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c6( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); -======= - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t); ->>>>>>> main + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_encrypt_95(uu____2, copy_of_randomness, -======= - libcrux_ml_kem_ind_cpa_encrypt_d1(uu____2, copy_of_randomness, ->>>>>>> main + libcrux_ml_kem_ind_cpa_encrypt_ca(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = -<<<<<<< HEAD - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_85(shared_secret, &ciphertext0, -======= - libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_c4(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_a7(shared_secret, &ciphertext0, ->>>>>>> main + libcrux_ml_kem_variant_kdf_d8_1a(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_3c result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } /** @@ -7111,22 +5319,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_47( -======= -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_95( ->>>>>>> main +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_16( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_93(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_c6(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_8a(uu____0, copy_of_randomness); } /** @@ -7143,175 +5343,27 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_47( -======= - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_95( ->>>>>>> main - uu____0, copy_of_randomness); -} - -/** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_9b( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_d0( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_d7(uu____2, copy_of_randomness, - pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ea( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_9b( - uu____0, copy_of_randomness); -} - -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ea( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_16( uu____0, copy_of_randomness); } /** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]] - -*/ -typedef struct tuple_9b_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 snd; -} tuple_9b; - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure -======= This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a ->>>>>>> main +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_39(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(void) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 lit; - lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); return lit; } @@ -7325,7 +5377,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_3b( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_26( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -7339,7 +5391,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_3b( libcrux_ml_kem_hash_functions_portable_G_f1_07( Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -7349,11 +5400,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_traits_to_standard_domain_22( -======= -libcrux_ml_kem_vector_traits_to_standard_domain_bd( ->>>>>>> main +libcrux_ml_kem_vector_traits_to_standard_domain_73( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -7361,28 +5408,16 @@ libcrux_ml_kem_vector_traits_to_standard_domain_bd( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_39( -======= -libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_aa( ->>>>>>> main +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -7390,11 +5425,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_aa( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = -<<<<<<< HEAD - libcrux_ml_kem_vector_traits_to_standard_domain_22( -======= - libcrux_ml_kem_vector_traits_to_standard_domain_bd( ->>>>>>> main + libcrux_ml_kem_vector_traits_to_standard_domain_73( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -7404,62 +5435,13 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_aa( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_3c( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); - } - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_23(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_fc(&result0[i1], - &product); - } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_39( - &result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_00( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -7474,7 +5456,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_00( size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_ZERO_d6_19(); + libcrux_ml_kem_polynomial_ZERO_20_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -7487,58 +5469,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_27(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_aa( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_69( &t_as_ntt[i0], &error_as_ntt[i0]); } ->>>>>>> main } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -7548,48 +5488,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_83( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_d0(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; -======= -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_74( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_3b(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_26(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; ->>>>>>> main Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[3U] = public_key->A; uint8_t ret[34U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_0b(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_06( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; -======= libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); libcrux_ml_kem_matrix_sample_matrix_A_ae(uu____1, ret, true); uint8_t prf_input[33U]; @@ -7601,73 +5513,26 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_74( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_83( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3c( uu____2, copy_of_prf_input0, 0U); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_06(copy_of_prf_input, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_3c(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); -======= - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_86( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_matrix_compute_As_plus_e_00( + libcrux_ml_kem_matrix_compute_As_plus_e_f0( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____5); + unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -7677,22 +5542,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_64( -======= -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_16( ->>>>>>> main +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - libcrux_ml_kem_vector_traits_to_unsigned_representative_87( -======= - libcrux_ml_kem_vector_traits_to_unsigned_representative_08( ->>>>>>> main + libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -7704,9 +5561,6 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_16( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7714,11 +5568,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_cd( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_8c( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7736,20 +5586,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_8c( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; -<<<<<<< HEAD - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_64(&re, ret0); -======= - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_16(&re, ret0); ->>>>>>> main + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c4(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7758,13 +5601,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_46( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_1d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_8c(t_as_ntt, ret); + libcrux_ml_kem_ind_cpa_serialize_secret_key_80(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7773,9 +5616,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_46( seed_for_a, uint8_t); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7784,33 +5624,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_77( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_96( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_cd(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), - seed_for_a, uint8_t); + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_1d(t_as_ntt, seed_for_a, + public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_eb( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_46(t_as_ntt, seed_for_a, - public_key_serialized); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); ->>>>>>> main + memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); } /** @@ -7826,34 +5648,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_generate_keypair_fc(Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_83(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_77( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_cd(sk.secret_as_ntt, -======= -libcrux_ml_kem_ind_cpa_generate_keypair_52(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_ea(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); + libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_74( + libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_eb( + libcrux_ml_kem_ind_cpa_serialize_public_key_96( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_8c(private_key.secret_as_ntt, ->>>>>>> main + libcrux_ml_kem_ind_cpa_serialize_secret_key_80(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -7863,26 +5671,14 @@ libcrux_ml_kem_ind_cpa_generate_keypair_52(Eurydice_slice key_generation_seed) { uint8_t copy_of_public_key_serialized[1184U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_utils_extraction_helper_Keypair768 result; memcpy(result.fst, copy_of_secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); memcpy(result.snd, copy_of_public_key_serialized, (size_t)1184U * sizeof(uint8_t)); return result; -======= - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -7890,11 +5686,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d7( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_61( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_59( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -7920,11 +5712,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_61( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_H_f1_fd(public_key, ret0); -======= libcrux_ml_kem_hash_functions_portable_H_f1_c6(public_key, ret0); ->>>>>>> main Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -7940,14 +5728,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_61( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -7962,11 +5742,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_6c(uint8_t randomness[64U]) { -======= -libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]) { ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_b2(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -7975,21 +5751,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_generate_keypair_fc(ind_cpa_keypair_randomness); -======= - libcrux_ml_kem_ind_cpa_generate_keypair_52(ind_cpa_keypair_randomness); ->>>>>>> main + libcrux_ml_kem_ind_cpa_generate_keypair_ea(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d7( -======= - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_61( ->>>>>>> main + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_59( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7998,27 +5766,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = -<<<<<<< HEAD - libcrux_ml_kem_types_from_e7_f1(copy_of_secret_key_serialized); -======= - libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); ->>>>>>> main + libcrux_ml_kem_types_from_7f_72(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_types_from_64_b1( - uu____2, libcrux_ml_kem_types_from_07_a9(copy_of_public_key)); -======= - return libcrux_ml_kem_types_from_17_8b( - uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); ->>>>>>> main + return libcrux_ml_kem_types_from_3a_8d( + uu____2, libcrux_ml_kem_types_from_5a_c6(copy_of_public_key)); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -8032,16 +5788,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_6b( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_7f( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_generate_keypair_6c(copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_generate_keypair_54(copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_generate_keypair_b2(copy_of_randomness); } /** @@ -8052,263 +5804,39 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( -======= - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_6b( ->>>>>>> main - copy_of_randomness); -} - -/** -<<<<<<< HEAD -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure.closure with -types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_53( - size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_1c(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_fa( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); - } -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_3a_cc( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; - libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * - sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_17( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_83( - ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_fa(i, - A[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_cc(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1; - } - } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_77( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_fd( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - unwrap_41_33(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** - Unpacked API -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with -const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_28( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_17( - copy_of_randomness); -} - -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_28( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_7f( copy_of_randomness); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c -======= This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::Kyber)} */ /** A monomorphic instance of libcrux_ml_kem.variant.kdf_33 ->>>>>>> main with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_00( - Eurydice_slice shared_secret, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_17(shared_secret, kdf_input); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_e0( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_23( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; libcrux_ml_kem_utils_into_padded_array_42(shared_secret, kdf_input); ->>>>>>> main Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret0[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_H_f1_fd( - Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_44(ciphertext), -======= libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_07_4f(ciphertext), ->>>>>>> main + libcrux_ml_kem_types_as_slice_d4_4c(ciphertext), uint8_t), ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( -======= libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -8335,11 +5863,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cca_decapsulate_b20( -======= -static inline void libcrux_ml_kem_ind_cca_decapsulate_b60( ->>>>>>> main +static inline void libcrux_ml_kem_ind_cca_decapsulate_680( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8357,17 +5881,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b60( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_decrypt_30(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - libcrux_ml_kem_ind_cpa_decrypt_75(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_80(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -8375,11 +5892,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b60( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_G_f1_d0( -======= libcrux_ml_kem_hash_functions_portable_G_f1_07( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -8388,25 +5901,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b60( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( -======= libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d9(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( ->>>>>>> main Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -8414,44 +5916,24 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b60( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_encrypt_95(uu____5, copy_of_decrypted, - pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_00( -======= - libcrux_ml_kem_ind_cpa_encrypt_d1(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_ca(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_e0( ->>>>>>> main + libcrux_ml_kem_variant_kdf_33_23( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_00(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_33_23(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; -<<<<<<< HEAD libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_27(ciphertext), + libcrux_ml_kem_types_as_ref_00_d9(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - libcrux_ml_kem_variant_kdf_33_e0(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -8479,17 +5961,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_a2( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_1b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b20(private_key, ciphertext, ret); -======= -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_64( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b60(private_key, ciphertext, ret); ->>>>>>> main + libcrux_ml_kem_ind_cca_decapsulate_680(private_key, ciphertext, ret); } /** @@ -8502,11 +5977,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_64( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { -<<<<<<< HEAD - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_a2( -======= - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_64( ->>>>>>> main + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_1b( private_key, ciphertext, ret); } @@ -8520,15 +5991,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_8b( - Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_fd(randomness, ret); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_c0( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_3b( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_c6(randomness, ret); ->>>>>>> main } /** @@ -8550,49 +6015,28 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_930( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_8b( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c60( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_c0( + libcrux_ml_kem_variant_entropy_preprocess_33_3b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_H_f1_fd( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_ae(public_key), -======= libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_91(public_key), ->>>>>>> main + libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_G_f1_d0( -======= libcrux_ml_kem_hash_functions_portable_G_f1_07( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -8601,52 +6045,31 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c60( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); -======= - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t); ->>>>>>> main + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_encrypt_95(uu____2, copy_of_randomness, -======= - libcrux_ml_kem_ind_cpa_encrypt_d1(uu____2, copy_of_randomness, ->>>>>>> main + libcrux_ml_kem_ind_cpa_encrypt_ca(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = -<<<<<<< HEAD - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_00(shared_secret, &ciphertext0, -======= - libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_c4(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_e0(shared_secret, &ciphertext0, ->>>>>>> main + libcrux_ml_kem_variant_kdf_33_23(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_3c result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } /** @@ -8671,22 +6094,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_b1( -======= -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_92( ->>>>>>> main +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_32( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_930(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_c60(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_8a0(uu____0, copy_of_randomness); } /** @@ -8703,11 +6118,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_b1( - uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_92( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_32( uu____0, copy_of_randomness); } @@ -8721,52 +6132,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_c8( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_22( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G_f1_07(key_generation_seed, ret); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8776,12 +6146,12 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_740( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_c8(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_22(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8801,7 +6171,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_740( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_83( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3c( uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -8809,17 +6179,17 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_740( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_86( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_matrix_compute_As_plus_e_00( + libcrux_ml_kem_matrix_compute_As_plus_e_f0( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____5); + unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -8836,21 +6206,21 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_520( +libcrux_ml_kem_ind_cpa_generate_keypair_ea0( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); + libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_740( + libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_eb( + libcrux_ml_kem_ind_cpa_serialize_public_key_96( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_8c(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_80(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -8860,22 +6230,14 @@ libcrux_ml_kem_ind_cpa_generate_keypair_520( uint8_t copy_of_public_key_serialized[1184U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, + libcrux_ml_kem_utils_extraction_helper_Keypair768 result; + memcpy(result.fst, copy_of_secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, + memcpy(result.snd, copy_of_public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - return lit; + return result; } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8885,12 +6247,12 @@ libcrux_ml_kem_variant_Kyber with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_b20(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8899,13 +6261,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_520(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_ea0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_61( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_59( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8914,13 +6276,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_72(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_8b( - uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_8d( + uu____2, libcrux_ml_kem_types_from_5a_c6(copy_of_public_key)); } /** @@ -8936,12 +6298,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_31( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_08( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_540(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_b20(copy_of_randomness); } /** @@ -8953,17 +6315,10 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_31( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_08( copy_of_randomness); } -/** - Validate an ML-KEM private key. - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -8972,7 +6327,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_2f( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_a9( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -8988,9 +6343,6 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_2f( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } -/** - Portable private key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const @@ -9000,10 +6352,10 @@ generics - CIPHERTEXT_SIZE= 1088 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_77( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_4d( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_2f(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_a9(private_key, ciphertext); } @@ -9015,7 +6367,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_77( static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_77( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_4d( private_key, ciphertext); } @@ -9024,82 +6376,35 @@ A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1184 - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_5a( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_a3( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_19(); -} - -/** - See [deserialize_ring_elements_reduced_out]. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e20( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e4( - ring_element); - deserialized_pk[i0] = uu____0; - } + return libcrux_ml_kem_polynomial_ZERO_20_19(); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1184 - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_33( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_21( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e20( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_22( public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); ->>>>>>> main } -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9108,27 +6413,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_82( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_07( -======= -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_e3( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_be( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_33( ->>>>>>> main + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_21( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_serialize_public_key_77( -======= - libcrux_ml_kem_ind_cpa_serialize_public_key_eb( ->>>>>>> main + libcrux_ml_kem_ind_cpa_serialize_public_key_96( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -9137,9 +6431,6 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_e3( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -9148,39 +6439,20 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_09( - uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_82(public_key); -======= static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_b0( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_34( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_e3(public_key); ->>>>>>> main + return libcrux_ml_kem_ind_cca_validate_public_key_be(public_key); } /** Validate a public key. -<<<<<<< HEAD - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -static inline Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_09( - public_key.value)) { - uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); - } else { - uu____0 = (CLITERAL(Option_92){.tag = None}); -======= Returns `true` if valid, and `false` otherwise. */ static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_b0( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_34( public_key->value); } @@ -9206,11 +6478,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_1a( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_d6( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_b6( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_15( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -9240,7 +6512,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_1a( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_d9(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -9252,11 +6524,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_1a( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_02( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + libcrux_ml_kem_types_as_ref_00_d9(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -9292,10 +6564,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_49( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_8e( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_1a(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_d6(key_pair, ciphertext, ret); } /** @@ -9309,7 +6581,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_49( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_8e( private_key, ciphertext, ret); } @@ -9332,7 +6604,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_28( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_a4( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -9360,7 +6632,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_28( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_02(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -9370,7 +6642,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_28( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_c4(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -9403,7 +6675,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_67( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_c0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -9411,7 +6683,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_67( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_28(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_a4(uu____0, copy_of_randomness); } @@ -9431,7 +6703,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_67( + return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_c0( uu____0, copy_of_randomness); } @@ -9450,8 +6722,8 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_12(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_d6_19(); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_6d(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_20_19(); } /** @@ -9468,27 +6740,25 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_41( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8e( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@2])#1} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_17 +A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_17_19( +libcrux_ml_kem_polynomial_clone_3a_a6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -9517,7 +6787,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_39( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_3b( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -9527,19 +6797,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_39( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_74( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_41(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8e(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_clone_17_19( + libcrux_ml_kem_polynomial_clone_3a_a6( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -9552,7 +6822,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_39( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_eb( + libcrux_ml_kem_ind_cpa_serialize_public_key_96( out->public_key.ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice( (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), @@ -9566,7 +6836,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_39( Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____3); + unwrap_41_33(dst, uu____3); memcpy(out->private_key.implicit_rejection_value, uu____3, (size_t)32U * sizeof(uint8_t)); } @@ -9587,13 +6857,13 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_72( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_08( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_39(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_3b(copy_of_randomness, out); } /** @@ -9606,25 +6876,25 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_72( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_08( copy_of_randomness, key_pair); } /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_1c +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6c with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_default_1c_4f(void) { +libcrux_ml_kem_ind_cca_unpacked_default_6c_fe(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; - lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); + lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); lit.public_key_hash[0U] = 0U; lit.public_key_hash[1U] = 0U; lit.public_key_hash[2U] = 0U; @@ -9663,19 +6933,19 @@ libcrux_ml_kem_ind_cca_unpacked_default_1c_4f(void) { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1])#3} +K>[TraitClause@0])#3} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_07 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6f with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_3d(void) { + libcrux_ml_kem_ind_cca_unpacked_default_6f_27(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0; - uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); + uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(); uu____0.implicit_rejection_value[0U] = 0U; uu____0.implicit_rejection_value[1U] = 0U; uu____0.implicit_rejection_value[2U] = 0U; @@ -9711,7 +6981,7 @@ static KRML_MUSTINLINE return (CLITERAL( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_4f()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_6c_fe()}); } /** @@ -9719,7 +6989,7 @@ static KRML_MUSTINLINE */ static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_3d(); + return libcrux_ml_kem_ind_cca_unpacked_default_6f_27(); } /** @@ -9727,7 +6997,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_4f(); + return libcrux_ml_kem_ind_cca_unpacked_default_6c_fe(); } /** @@ -9736,21 +7006,21 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1]} +K>[TraitClause@0]} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_a6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_e5( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_c8( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_46( + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_1d( self->ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, uint8_t), @@ -9763,21 +7033,21 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_e5( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +K>[TraitClause@0]#2} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_de with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_05 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1a( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_a6( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_e5( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_c8( &self->public_key, serialized); } @@ -9788,23 +7058,23 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1a(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_a6(key_pair, serialized); } /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#2} +K>[TraitClause@1])#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_78( +libcrux_ml_kem_ind_cpa_unpacked_clone_d6_99( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -9831,20 +7101,20 @@ libcrux_ml_kem_ind_cpa_unpacked_clone_ef_78( /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@2])#4} +K>[TraitClause@1])#4} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_c7 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_clone_28_23( +libcrux_ml_kem_ind_cca_unpacked_clone_c7_b4( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_78(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_d6_99(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -9858,16 +7128,16 @@ libcrux_ml_kem_ind_cca_unpacked_clone_28_23( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +K>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_de +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_05 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 * -libcrux_ml_kem_ind_cca_unpacked_public_key_de_0a( +libcrux_ml_kem_ind_cca_unpacked_public_key_05_52( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -9879,8 +7149,8 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_23( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_0a(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_c7_b4( + libcrux_ml_kem_ind_cca_unpacked_public_key_05_52(key_pair)); pk[0U] = uu____0; } @@ -9891,7 +7161,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_e5(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_c8(public_key, serialized); } @@ -9914,7 +7184,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( *unpacked_public_key) { Eurydice_slice uu____0 = Eurydice_array_to_subslice_to( (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e2( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_22( uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); uint8_t uu____1[32U]; libcrux_ml_kem_utils_into_padded_array_423( @@ -9934,7 +7204,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( uint8_t uu____3[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_91(public_key), + libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t), uu____3); memcpy(unpacked_public_key->public_key_hash, uu____3, @@ -9954,7 +7224,7 @@ const generics - PUBLIC_KEY_SIZE= 1184 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_50( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_fa( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *unpacked_public_key) { @@ -9970,7 +7240,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_50( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_fa( public_key, unpacked_public_key); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index d70f1bc80..63dd9e1f0 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem768_portable_types_H @@ -20,18 +20,37 @@ extern "C" { #include "eurydice_glue.h" -typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { - int16_t elements[16U]; -} libcrux_ml_kem_vector_portable_vector_type_PortableVector; +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; + +typedef struct + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; +} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; /** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t */ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { - libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; /** A monomorphic instance of @@ -45,20 +64,6 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8; -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; - -typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 - libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types @@ -70,22 +75,17 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8_s { } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8; /** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector + */ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; -typedef struct - libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; -} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; +typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_portable_vector_type_PortableVector; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index fc8768589..b0f8eb656 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_sha3_avx2_H @@ -217,31 +209,20 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { /** Create a new Shake128 x4 state. -<<<<<<< HEAD */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -======= ->>>>>>> main */ /** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_89 +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e with types core_core_arch_x86___m256i with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -<<<<<<< HEAD -libcrux_sha3_generic_keccak_new_1e_fa(void) { -======= -libcrux_sha3_generic_keccak_new_89_71(void) { ->>>>>>> main +libcrux_sha3_generic_keccak_new_1e_71(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); @@ -407,11 +388,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_16( -======= static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_d4( ->>>>>>> main __m256i (*a)[5U], Eurydice_slice b[4U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ @@ -1445,11 +1422,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_3f( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_1b( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i c[5U] = {libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], @@ -1541,11 +1514,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_d8( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_70( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1582,11 +1551,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_95( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_12( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1608,11 +1573,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_c9( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_fe( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1625,16 +1586,6 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_4e( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_3f(s); - libcrux_sha3_generic_keccak_pi_d8(s); - libcrux_sha3_generic_keccak_chi_95(s); - libcrux_sha3_generic_keccak_iota_c9(s, i0); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_cd( libcrux_sha3_generic_keccak_KeccakState_29 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { @@ -1643,7 +1594,6 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_cd( libcrux_sha3_generic_keccak_pi_70(s); libcrux_sha3_generic_keccak_chi_12(s); libcrux_sha3_generic_keccak_iota_fe(s, i0); ->>>>>>> main } } @@ -1655,22 +1605,13 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_26( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_32( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_simd_avx2_load_block_ef_16(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_4e(s); -======= libcrux_sha3_simd_avx2_load_block_ef_d4(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_cd(s); ->>>>>>> main } /** @@ -1699,11 +1640,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_40( -======= static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_e6( ->>>>>>> main __m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ @@ -1721,11 +1658,7 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1744,13 +1677,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_simd_avx2_load_block_full_ef_40(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_4e(s); -======= libcrux_sha3_simd_avx2_load_block_full_ef_e6(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_cd(s); ->>>>>>> main } /** @@ -1921,11 +1849,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_83( -======= static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_d1( ->>>>>>> main __m256i (*a)[5U], uint8_t ret[4U][200U]) { libcrux_sha3_simd_avx2_store_block_full_61(a, ret); } @@ -1939,17 +1863,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_ac( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_83(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_a8( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; libcrux_sha3_simd_avx2_store_block_full_ef_d1(s->st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1975,11 +1892,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_aa( -======= static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_e3( ->>>>>>> main __m256i (*a)[5U], Eurydice_slice b[4U]) { libcrux_sha3_simd_avx2_store_block_78(a, b); } @@ -1992,15 +1905,9 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_b7( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_aa(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_ca( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { libcrux_sha3_simd_avx2_store_block_ef_e3(s->st, out); ->>>>>>> main } /** @@ -2011,17 +1918,10 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_ff( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_4e(s); - libcrux_sha3_simd_avx2_store_block_ef_aa(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_66( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_keccakf1600_cd(s); libcrux_sha3_simd_avx2_store_block_ef_e3(s->st, out); ->>>>>>> main } /** @@ -2032,19 +1932,11 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_0a( - libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_4e(&s); - uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_83(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_fe( libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_keccakf1600_cd(&s); uint8_t b[4U][200U]; libcrux_sha3_simd_avx2_store_block_full_ef_d1(s.st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2069,17 +1961,10 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9b( - Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_1e_fa(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_89_71(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_71(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2090,11 +1975,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_26(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_32(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; @@ -2104,20 +1985,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_80(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_7f(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_ac(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_a8(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)136U); @@ -2125,22 +1998,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_b7(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_ca(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { -<<<<<<< HEAD if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( -======= - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( ->>>>>>> main &iter, size_t, Option_b3) .tag == None) { break; @@ -2151,20 +2016,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_ff(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_66(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_0a(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_fe(s, o1); ->>>>>>> main } } } @@ -2179,11 +2036,7 @@ static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_9b(buf0, buf); -======= libcrux_sha3_generic_keccak_keccak_b9(buf0, buf); ->>>>>>> main } typedef libcrux_sha3_generic_keccak_KeccakState_29 @@ -2195,11 +2048,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_29 KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { -<<<<<<< HEAD - return libcrux_sha3_generic_keccak_new_1e_fa(); -======= - return libcrux_sha3_generic_keccak_new_89_71(); ->>>>>>> main + return libcrux_sha3_generic_keccak_new_1e_71(); } /** @@ -2354,11 +2203,7 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_400( -======= static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_e60( ->>>>>>> main __m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ @@ -2376,11 +2221,7 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_800( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f0( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -2399,13 +2240,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f0( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_simd_avx2_load_block_full_ef_400(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_4e(s); -======= libcrux_sha3_simd_avx2_load_block_full_ef_e60(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_cd(s); ->>>>>>> main } /** @@ -2417,11 +2253,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_800(s, buf); -======= libcrux_sha3_generic_keccak_absorb_final_7f0(s, buf); ->>>>>>> main } /** @@ -2557,43 +2389,11 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_aa0( - __m256i (*a)[5U], Eurydice_slice b[4U]) { - libcrux_sha3_simd_avx2_store_block_780(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_e30( __m256i (*a)[5U], Eurydice_slice b[4U]) { libcrux_sha3_simd_avx2_store_block_780(a, b); } -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_660( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_cd(s); - libcrux_sha3_simd_avx2_store_block_ef_e30(s->st, out); -} - -/** - Squeeze another block -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, - Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_660(s, buf); ->>>>>>> main -} - /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block with types core_core_arch_x86___m256i @@ -2602,10 +2402,9 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_b70( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_ca0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_aa0(s->st, out); + libcrux_sha3_simd_avx2_store_block_ef_e30(s->st, out); } /** @@ -2616,15 +2415,10 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_ff0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_4e(s); - libcrux_sha3_simd_avx2_store_block_ef_aa0(s->st, out); -======= -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_ca0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_660( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_keccakf1600_cd(s); libcrux_sha3_simd_avx2_store_block_ef_e30(s->st, out); ->>>>>>> main } /** @@ -2636,11 +2430,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d( -======= libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2648,24 +2438,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_b70(s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_ca0(s, o0); ->>>>>>> main Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o2); -======= libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o1); libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o2); ->>>>>>> main } /** @@ -2677,8 +2458,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(s, buf); } /** @@ -2690,10 +2470,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, buf); -======= - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(s, buf); ->>>>>>> main + libcrux_sha3_generic_keccak_squeeze_next_block_660(s, buf); } /** @@ -2705,11 +2482,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_58( -======= libcrux_sha3_generic_keccak_squeeze_first_five_blocks_0b( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2717,46 +2490,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_0b( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_b70(s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_ca0(s, o0); ->>>>>>> main Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o1); ->>>>>>> main Eurydice_slice_uint8_t_4size_t__x2 uu____2 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o2); -======= libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o2); ->>>>>>> main Eurydice_slice_uint8_t_4size_t__x2 uu____3 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o4); -======= libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o3); libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o4); ->>>>>>> main } /** @@ -2768,11 +2524,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_58(s, buf); -======= libcrux_sha3_generic_keccak_squeeze_first_five_blocks_0b(s, buf); ->>>>>>> main } /** @@ -2784,11 +2536,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_80(s, buf); -======= libcrux_sha3_generic_keccak_absorb_final_7f(s, buf); ->>>>>>> main } /** @@ -2800,11 +2548,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_b7(s, buf); -======= libcrux_sha3_generic_keccak_squeeze_first_block_ca(s, buf); ->>>>>>> main } /** @@ -2816,11 +2560,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_ff(s, buf); -======= libcrux_sha3_generic_keccak_squeeze_next_block_66(s, buf); ->>>>>>> main } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 7e314c617..8922e606b 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_sha3_portable_H @@ -87,22 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d6(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; -<<<<<<< HEAD - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_fc(b); -======= return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_d6(b); ->>>>>>> main } /** @@ -205,30 +189,19 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { /** Create a new Shake128 x4 state. -<<<<<<< HEAD */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -======= ->>>>>>> main */ /** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_89 +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -<<<<<<< HEAD -libcrux_sha3_generic_keccak_new_1e_ba(void) { -======= -libcrux_sha3_generic_keccak_new_89_cf(void) { ->>>>>>> main +libcrux_sha3_generic_keccak_new_1e_cf(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -263,11 +236,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_28( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -278,11 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD unwrap_41_0e(dst, uu____0); -======= - unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -299,21 +264,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_15( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_35( ->>>>>>> main uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_28(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_65(uu____0, copy_of_b); ->>>>>>> main } /** @@ -323,11 +280,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc0(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d60(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -338,15 +291,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc0(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_74(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d60(ab); ->>>>>>> main } /** @@ -360,13 +307,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_03(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_74(a, b); ->>>>>>> main } /** @@ -376,11 +318,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc1(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d61(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -391,15 +329,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac0(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc1(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_740(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d61(ab); ->>>>>>> main } /** @@ -413,13 +345,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac0(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_030(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_740(a, b); ->>>>>>> main } /** @@ -429,11 +356,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc2(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d62(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -444,15 +367,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac1(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc2(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_741(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d62(ab); ->>>>>>> main } /** @@ -466,13 +383,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac1(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_031(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_741(a, b); ->>>>>>> main } /** @@ -482,11 +394,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc3(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d63(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -497,15 +405,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac2(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc3(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_742(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d63(ab); ->>>>>>> main } /** @@ -519,13 +421,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac2(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_032(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_742(a, b); ->>>>>>> main } /** @@ -535,15 +432,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac3(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_743(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d6(ab); ->>>>>>> main } /** @@ -557,13 +448,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac3(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_033(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_743(a, b); ->>>>>>> main } /** @@ -573,11 +459,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc4(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d64(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -588,15 +470,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac4(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc4(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_744(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d64(ab); ->>>>>>> main } /** @@ -610,13 +486,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac4(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_034(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_744(a, b); ->>>>>>> main } /** @@ -626,11 +497,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc5(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d65(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -641,15 +508,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac5(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc5(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_745(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d65(ab); ->>>>>>> main } /** @@ -663,13 +524,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac5(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_035(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_745(a, b); ->>>>>>> main } /** @@ -679,11 +535,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc6(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d66(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -694,15 +546,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac6(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc6(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_746(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d66(ab); ->>>>>>> main } /** @@ -716,13 +562,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac6(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_036(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_746(a, b); ->>>>>>> main } /** @@ -732,11 +573,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc7(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d67(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -747,15 +584,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac7(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc7(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_747(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d67(ab); ->>>>>>> main } /** @@ -769,13 +600,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac7(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_037(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_747(a, b); ->>>>>>> main } /** @@ -785,11 +611,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc8(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d68(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -800,15 +622,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac8(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc8(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_748(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d68(ab); ->>>>>>> main } /** @@ -822,13 +638,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac8(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_038(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_748(a, b); ->>>>>>> main } /** @@ -838,11 +649,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc9(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d69(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -853,15 +660,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac9(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc9(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_749(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d69(ab); ->>>>>>> main } /** @@ -875,13 +676,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac9(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_039(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_749(a, b); ->>>>>>> main } /** @@ -891,11 +687,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc10(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d610(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -906,15 +698,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac10(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc10(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7410(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d610(ab); ->>>>>>> main } /** @@ -928,13 +714,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac10(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0310(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7410(a, b); ->>>>>>> main } /** @@ -944,11 +725,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc11(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d611(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -959,15 +736,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac11(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc11(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7411(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d611(ab); ->>>>>>> main } /** @@ -981,13 +752,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac11(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0311(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7411(a, b); ->>>>>>> main } /** @@ -997,11 +763,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc12(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d612(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -1012,15 +774,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac12(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc12(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7412(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d612(ab); ->>>>>>> main } /** @@ -1034,13 +790,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac12(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0312(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7412(a, b); ->>>>>>> main } /** @@ -1050,11 +801,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc13(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d613(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -1065,15 +812,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac13(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc13(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7413(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d613(ab); ->>>>>>> main } /** @@ -1087,13 +828,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac13(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0313(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7413(a, b); ->>>>>>> main } /** @@ -1103,11 +839,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc14(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d614(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -1118,15 +850,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac14(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc14(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7414(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d614(ab); ->>>>>>> main } /** @@ -1140,13 +866,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac14(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0314(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7414(a, b); ->>>>>>> main } /** @@ -1156,11 +877,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc15(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d615(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -1171,15 +888,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac15(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc15(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7415(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d615(ab); ->>>>>>> main } /** @@ -1193,13 +904,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac15(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0315(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7415(a, b); ->>>>>>> main } /** @@ -1209,11 +915,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc16(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d616(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -1224,15 +926,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac16(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc16(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7416(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d616(ab); ->>>>>>> main } /** @@ -1246,13 +942,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac16(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0316(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7416(a, b); ->>>>>>> main } /** @@ -1262,11 +953,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc17(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d617(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -1277,15 +964,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac17(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc17(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7417(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d617(ab); ->>>>>>> main } /** @@ -1299,13 +980,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac17(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0317(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7417(a, b); ->>>>>>> main } /** @@ -1315,11 +991,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc18(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d618(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1330,15 +1002,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac18(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc18(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7418(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d618(ab); ->>>>>>> main } /** @@ -1352,13 +1018,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac18(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0318(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7418(a, b); ->>>>>>> main } /** @@ -1368,11 +1029,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc19(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d619(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1383,15 +1040,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac19(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc19(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7419(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d619(ab); ->>>>>>> main } /** @@ -1405,13 +1056,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac19(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0319(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7419(a, b); ->>>>>>> main } /** @@ -1421,11 +1067,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc20(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d620(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1436,15 +1078,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac20(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc20(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7420(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d620(ab); ->>>>>>> main } /** @@ -1458,13 +1094,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac20(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0320(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7420(a, b); ->>>>>>> main } /** @@ -1474,11 +1105,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc21(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d621(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1489,15 +1116,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac21(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc21(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7421(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d621(ab); ->>>>>>> main } /** @@ -1511,13 +1132,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac21(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0321(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7421(a, b); ->>>>>>> main } /** @@ -1527,11 +1143,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc22(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d622(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1542,15 +1154,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac22(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc22(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7422(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d622(ab); ->>>>>>> main } /** @@ -1564,13 +1170,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac22(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0322(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7422(a, b); ->>>>>>> main } /** @@ -1579,11 +1180,7 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_0d( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1619,55 +1216,6 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = -<<<<<<< HEAD - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(s->st[1U][0U], t[0U]); - s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(s->st[2U][0U], t[0U]); - s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(s->st[3U][0U], t[0U]); - s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(s->st[4U][0U], t[0U]); - s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(s->st[0U][1U], t[1U]); - s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(s->st[1U][1U], t[1U]); - s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(s->st[2U][1U], t[1U]); - s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(s->st[3U][1U], t[1U]); - s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(s->st[4U][1U], t[1U]); - s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(s->st[0U][2U], t[2U]); - s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(s->st[1U][2U], t[2U]); - s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(s->st[2U][2U], t[2U]); - s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(s->st[3U][2U], t[2U]); - s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(s->st[4U][2U], t[2U]); - s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(s->st[0U][3U], t[3U]); - s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(s->st[1U][3U], t[3U]); - s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(s->st[2U][3U], t[3U]); - s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(s->st[3U][3U], t[3U]); - s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(s->st[4U][3U], t[3U]); - s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(s->st[0U][4U], t[4U]); - s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(s->st[1U][4U], t[4U]); - s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(s->st[2U][4U], t[4U]); - s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(s->st[3U][4U], t[4U]); - uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(s->st[4U][4U], t[4U]); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_03(s->st[1U][0U], t[0U]); s->st[2U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_030(s->st[2U][0U], t[0U]); @@ -1715,7 +1263,6 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7( libcrux_sha3_portable_keccak_xor_and_rotate_5a_0321(s->st[3U][4U], t[4U]); uint64_t uu____27 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_0322(s->st[4U][4U], t[4U]); ->>>>>>> main s->st[4U][4U] = uu____27; } @@ -1725,11 +1272,7 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_f0( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_d5( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1765,11 +1308,7 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_e2( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_3e( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1790,11 +1329,7 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_ae( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_00( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1806,16 +1341,6 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_7e( - libcrux_sha3_generic_keccak_KeccakState_48 *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_0d(s); - libcrux_sha3_generic_keccak_pi_f0(s); - libcrux_sha3_generic_keccak_chi_e2(s); - libcrux_sha3_generic_keccak_iota_ae(s, i0); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_b8( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { @@ -1824,7 +1349,6 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_b8( libcrux_sha3_generic_keccak_pi_d5(s); libcrux_sha3_generic_keccak_chi_3e(s); libcrux_sha3_generic_keccak_iota_00(s, i0); ->>>>>>> main } } @@ -1835,22 +1359,13 @@ with const generics - N= 1 - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_28( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_40( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_15(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_35(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -1858,19 +1373,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_86( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_28(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d4( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_65(s, buf); ->>>>>>> main } /** @@ -1882,21 +1389,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_05( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_86(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d4(uu____0, copy_of_b); ->>>>>>> main } /** @@ -1907,11 +1406,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f3( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_40( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1930,13 +1425,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_40( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_05(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -1944,11 +1434,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -1966,20 +1452,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_85( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1995,15 +1473,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_1e( - uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_85(a, ret); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_27( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e(a, ret); ->>>>>>> main } /** @@ -2014,17 +1486,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d9( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_88( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_27(s->st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2049,15 +1514,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_49( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b(a, b); ->>>>>>> main } /** @@ -2067,15 +1526,9 @@ with const generics - N= 1 - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_80( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out); ->>>>>>> main } /** @@ -2085,17 +1538,10 @@ with const generics - N= 1 - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_87( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out); ->>>>>>> main } /** @@ -2105,19 +1551,11 @@ with const generics - N= 1 - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c9( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_27(s.st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2141,17 +1579,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -2162,11 +1593,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_28(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_40(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2176,20 +1603,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f3(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_40(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d9(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_88(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -2197,22 +1616,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_80(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { -<<<<<<< HEAD if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( -======= - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( ->>>>>>> main &iter, size_t, Option_b3) .tag == None) { break; @@ -2223,20 +1634,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_87(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c2(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c9(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca(s, o1); ->>>>>>> main } } } @@ -2247,20 +1650,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_97( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e4( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_92(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_06(copy_of_data, out); ->>>>>>> main } /** @@ -2270,11 +1665,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_97(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e4(buf0, buf); ->>>>>>> main } /** @@ -2282,11 +1673,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_280( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -2297,11 +1684,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD unwrap_41_0e(dst, uu____0); -======= - unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2318,21 +1701,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_150( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_350( ->>>>>>> main uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_280(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_650(uu____0, copy_of_b); ->>>>>>> main } /** @@ -2342,22 +1717,13 @@ with const generics - N= 1 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_280( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_400( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_150(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_350(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -2365,19 +1731,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_860( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_280(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d40( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_650(s, buf); ->>>>>>> main } /** @@ -2389,21 +1747,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c0( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_050( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_860(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d40(uu____0, copy_of_b); ->>>>>>> main } /** @@ -2414,11 +1764,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f30( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_400( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2437,13 +1783,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_400( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -2451,11 +1792,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d0( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b0( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -2473,20 +1810,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_850( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e0( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d0(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b0(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2503,15 +1832,9 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_portable_keccak_store_block_full_5a_1e0(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_850(a, ret); -======= libcrux_sha3_portable_keccak_store_block_full_5a_270(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e0(a, ret); ->>>>>>> main } /** @@ -2522,17 +1845,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d90( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_880( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_270(s->st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2557,15 +1873,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d0( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d0(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_490( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b0(a, b); ->>>>>>> main } /** @@ -2575,15 +1885,9 @@ with const generics - N= 1 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_800( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_portable_keccak_store_block_5a_490(s->st, out); ->>>>>>> main } /** @@ -2593,17 +1897,10 @@ with const generics - N= 1 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_870( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c20( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_490(s->st, out); ->>>>>>> main } /** @@ -2613,19 +1910,11 @@ with const generics - N= 1 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c90( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca0( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_270(s.st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2649,17 +1938,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2670,11 +1952,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_400(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2684,20 +1962,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f30(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_400(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_880(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2705,22 +1975,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b0(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { -<<<<<<< HEAD if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( -======= - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( ->>>>>>> main &iter, size_t, Option_b3) .tag == None) { break; @@ -2731,20 +1993,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c20(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca0(s, o1); ->>>>>>> main } } } @@ -2755,20 +2009,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_970( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e40( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_920(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_060(copy_of_data, out); ->>>>>>> main } /** @@ -2778,11 +2024,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_970(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e40(buf0, buf); ->>>>>>> main } /** @@ -2793,11 +2035,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f31( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_401( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2816,13 +2054,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_401( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -2833,17 +2066,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2854,11 +2080,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_400(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2868,20 +2090,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f31(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_401(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_880(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2889,22 +2103,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b0(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { -<<<<<<< HEAD if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( -======= - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( ->>>>>>> main &iter, size_t, Option_b3) .tag == None) { break; @@ -2915,20 +2121,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c20(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca0(s, o1); ->>>>>>> main } } } @@ -2939,20 +2137,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_971( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e41( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_921(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_061(copy_of_data, out); ->>>>>>> main } /** @@ -2962,115 +2152,18 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_971(buf0, buf); -} - -/** - A portable SHA3 512 implementation. -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - A portable SHA3 256 implementation. -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - Run SHAKE256 on both inputs in parallel. - - Writes the two results into `out0` and `out1` -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -======= libcrux_sha3_portable_keccakx1_e41(buf0, buf); ->>>>>>> main } typedef libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_KeccakState; -<<<<<<< HEAD -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; -} libcrux_sha3_neon_x2_incremental_KeccakState; - -/** - Initialise the `KeccakState2`. -*/ -static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState -libcrux_sha3_neon_x2_incremental_shake128_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. -*/ -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, - Eurydice_slice data1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - Squeeze 2 times the first three blocks in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - Squeeze 2 times the next block in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -======= ->>>>>>> main /** Create a new SHAKE-128 state object. */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { -<<<<<<< HEAD - return libcrux_sha3_generic_keccak_new_1e_ba(); -======= - return libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + return libcrux_sha3_generic_keccak_new_1e_cf(); } /** @@ -3078,11 +2171,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_281( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -3093,11 +2182,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD unwrap_41_0e(dst, uu____0); -======= - unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3110,19 +2195,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_861( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_281(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d41( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_651(s, buf); ->>>>>>> main } /** @@ -3134,21 +2211,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c1( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_051( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_861(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d41(uu____0, copy_of_b); ->>>>>>> main } /** @@ -3159,11 +2228,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f32( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_402( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -3182,13 +2247,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_402( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c1(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_051(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -3198,11 +2258,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f32(s, buf); -======= libcrux_sha3_generic_keccak_absorb_final_402(s, buf); ->>>>>>> main } /** @@ -3210,11 +2266,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d1( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b1( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -3236,40 +2288,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d1( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d1(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_491( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b1(a, b); } -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c21( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_b8(s); - libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out); -} - -/** - Squeeze another block -*/ -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, buf); ->>>>>>> main -} - /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block with types uint64_t @@ -3277,10 +2300,9 @@ with const generics - N= 1 - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_801( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out); } /** @@ -3290,15 +2312,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_871( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); -======= -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c21( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out); ->>>>>>> main } /** @@ -3309,11 +2326,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db( -======= libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3321,24 +2334,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_801(s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b1(s, o0); ->>>>>>> main Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o2); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o1); libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o2); ->>>>>>> main } /** @@ -3348,8 +2352,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c(s, buf); } /** @@ -3359,10 +2362,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, buf); -======= - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c(s, buf); ->>>>>>> main + libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, buf); } #define libcrux_sha3_Sha224 0 @@ -3408,11 +2408,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_282( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -3423,11 +2419,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD unwrap_41_0e(dst, uu____0); -======= - unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3444,21 +2436,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_151( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_351( ->>>>>>> main uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_282(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_652(uu____0, copy_of_b); ->>>>>>> main } /** @@ -3468,22 +2452,13 @@ with const generics - N= 1 - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_281( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_401( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_151(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_351(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -3491,19 +2466,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_862( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_282(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d42( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_652(s, buf); ->>>>>>> main } /** @@ -3515,21 +2482,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c2( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_052( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_862(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d42(uu____0, copy_of_b); ->>>>>>> main } /** @@ -3540,11 +2499,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f33( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_403( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -3563,13 +2518,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_403( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_052(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -3577,11 +2527,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d2( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b2( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -3599,20 +2545,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_851( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e1( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d2(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b2(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -3629,15 +2567,9 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_portable_keccak_store_block_full_5a_1e1(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_851(a, ret); -======= libcrux_sha3_portable_keccak_store_block_full_5a_271(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e1(a, ret); ->>>>>>> main } /** @@ -3648,17 +2580,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d91( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_881( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_271(s->st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3683,15 +2608,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d2( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d2(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_492( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b2(a, b); ->>>>>>> main } /** @@ -3701,15 +2620,9 @@ with const generics - N= 1 - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_802( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_portable_keccak_store_block_5a_492(s->st, out); ->>>>>>> main } /** @@ -3719,17 +2632,10 @@ with const generics - N= 1 - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_872( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c22( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_492(s->st, out); ->>>>>>> main } /** @@ -3739,19 +2645,11 @@ with const generics - N= 1 - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c91( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca1( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_271(s.st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3775,17 +2673,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -3796,11 +2687,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_281(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_401(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3810,20 +2697,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f33(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_403(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d91(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_881(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -3831,22 +2710,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_802(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b2(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { -<<<<<<< HEAD if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( -======= - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( ->>>>>>> main &iter, size_t, Option_b3) .tag == None) { break; @@ -3857,20 +2728,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_872(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c22(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c91(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca1(s, o1); ->>>>>>> main } } } @@ -3881,20 +2744,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_972( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e42( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_922(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_062(copy_of_data, out); ->>>>>>> main } /** @@ -3904,11 +2759,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_972(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e42(buf0, buf); ->>>>>>> main } /** @@ -3916,11 +2767,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_283( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -3931,11 +2778,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD unwrap_41_0e(dst, uu____0); -======= - unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3952,21 +2795,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_152( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_352( ->>>>>>> main uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_283(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_653(uu____0, copy_of_b); ->>>>>>> main } /** @@ -3976,22 +2811,13 @@ with const generics - N= 1 - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_282( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_402( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_152(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_352(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -3999,19 +2825,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_863( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_283(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d43( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_653(s, buf); ->>>>>>> main } /** @@ -4023,21 +2841,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c3( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_053( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_863(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d43(uu____0, copy_of_b); ->>>>>>> main } /** @@ -4048,11 +2858,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f34( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_404( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -4071,13 +2877,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_404( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c3(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_053(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -4085,11 +2886,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d3( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b3( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -4107,20 +2904,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_852( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e2( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d3(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b3(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -4137,15 +2926,9 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_portable_keccak_store_block_full_5a_1e2(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_852(a, ret); -======= libcrux_sha3_portable_keccak_store_block_full_5a_272(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e2(a, ret); ->>>>>>> main } /** @@ -4156,17 +2939,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d92( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_882( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_272(s->st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -4191,15 +2967,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d3( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d3(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_493( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b3(a, b); ->>>>>>> main } /** @@ -4209,15 +2979,9 @@ with const generics - N= 1 - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_803( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_portable_keccak_store_block_5a_493(s->st, out); ->>>>>>> main } /** @@ -4227,17 +2991,10 @@ with const generics - N= 1 - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_873( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c23( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_493(s->st, out); ->>>>>>> main } /** @@ -4247,19 +3004,11 @@ with const generics - N= 1 - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c92( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca2( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_272(s.st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -4283,17 +3032,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -4304,11 +3046,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_282(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_402(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -4318,20 +3056,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f34(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_404(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d92(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_882(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -4339,22 +3069,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_803(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b3(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { -<<<<<<< HEAD if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( -======= - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( ->>>>>>> main &iter, size_t, Option_b3) .tag == None) { break; @@ -4365,20 +3087,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_873(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c23(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c92(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca2(s, o1); ->>>>>>> main } } } @@ -4389,20 +3103,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_973( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e43( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_923(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_063(copy_of_data, out); ->>>>>>> main } /** @@ -4412,11 +3118,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_973(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e43(buf0, buf); ->>>>>>> main } /** @@ -4507,21 +3209,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_153( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_353( ->>>>>>> main uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_281(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_651(uu____0, copy_of_b); ->>>>>>> main } /** @@ -4531,22 +3225,13 @@ with const generics - N= 1 - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_283( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_403( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_153(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_353(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -4554,20 +3239,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_853( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e3( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d1(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b1(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -4584,15 +3261,9 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_portable_keccak_store_block_full_5a_1e3(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_853(a, ret); -======= libcrux_sha3_portable_keccak_store_block_full_5a_273(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e3(a, ret); ->>>>>>> main } /** @@ -4603,17 +3274,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d93( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_883( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_273(s->st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -4636,19 +3300,11 @@ with const generics - N= 1 - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c93( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca3( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_273(s.st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -4672,17 +3328,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -4693,11 +3342,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_283(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_403(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -4707,20 +3352,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f32(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_402(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d93(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_883(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -4728,22 +3365,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_801(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b1(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { -<<<<<<< HEAD if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( -======= - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( ->>>>>>> main &iter, size_t, Option_b3) .tag == None) { break; @@ -4754,20 +3383,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_871(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c21(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c93(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca3(s, o1); ->>>>>>> main } } } @@ -4778,20 +3399,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_974( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e44( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_924(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_064(copy_of_data, out); ->>>>>>> main } /** @@ -4801,11 +3414,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_974(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e44(buf0, buf); ->>>>>>> main } /** @@ -4853,8 +3462,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, } /** -<<<<<<< HEAD -======= A portable SHA3 256 implementation. */ static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, @@ -4865,7 +3472,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, } /** ->>>>>>> main A portable SHA3 384 implementation. */ static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, @@ -5007,11 +3613,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de( -======= libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -5019,46 +3621,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_801(s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b1(s, o0); ->>>>>>> main Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o1); ->>>>>>> main Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o2); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o2); ->>>>>>> main Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o4); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o3); libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o4); ->>>>>>> main } /** @@ -5068,11 +3653,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de(s, buf); -======= libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e(s, buf); ->>>>>>> main } /** @@ -5082,11 +3663,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f31(s, buf); -======= libcrux_sha3_generic_keccak_absorb_final_401(s, buf); ->>>>>>> main } /** @@ -5094,11 +3671,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { -<<<<<<< HEAD - return libcrux_sha3_generic_keccak_new_1e_ba(); -======= - return libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + return libcrux_sha3_generic_keccak_new_1e_cf(); } /** @@ -5108,11 +3681,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_800(s, buf); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b0(s, buf); ->>>>>>> main } /** @@ -5122,9 +3691,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_870(s, buf); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c20(s, buf); } @@ -5156,16 +3722,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -5190,16 +3756,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -5207,7 +3773,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_8b_15(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_9d_15(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -5260,16 +3826,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -5277,7 +3843,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -5306,7 +3872,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} static inline void libcrux_sha3_portable_incremental_absorb_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_8b_45(self, buf); + libcrux_sha3_generic_keccak_absorb_9d_45(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_4f @@ -5320,17 +3886,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -5338,7 +3904,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -5385,7 +3951,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_absorb_final_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_8b_b6(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_9d_b6(&self, buf); return self; } @@ -5394,16 +3960,16 @@ libcrux_sha3_portable_incremental_absorb_final_7d( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( +static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -5548,21 +4114,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_8b +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_8b_47(void) { +libcrux_sha3_generic_keccak_new_9d_47(void) { libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_8b_5e(ret); + libcrux_sha3_generic_keccak_zero_block_9d_5e(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -5579,7 +4145,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_8b_47(); + return libcrux_sha3_generic_keccak_new_9d_47(); } /** @@ -5610,16 +4176,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -5644,16 +4210,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -5661,7 +4227,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_8b_150(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_9d_150(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -5714,16 +4280,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -5731,7 +4297,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -5757,7 +4323,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} static inline void libcrux_sha3_portable_incremental_absorb_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_8b_450(self, buf); + libcrux_sha3_generic_keccak_absorb_9d_450(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_78 @@ -5771,17 +4337,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -5789,7 +4355,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -5833,7 +4399,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_absorb_final_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_8b_b60(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_9d_b60(&self, buf); return self; } @@ -5842,16 +4408,16 @@ libcrux_sha3_portable_incremental_absorb_final_1c( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( +static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -6028,21 +4594,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_8b +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_8b_470(void) { +libcrux_sha3_generic_keccak_new_9d_470(void) { libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_8b_5e0(ret); + libcrux_sha3_generic_keccak_zero_block_9d_5e0(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -6056,7 +4622,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_8b_470(); + return libcrux_sha3_generic_keccak_new_9d_470(); } /** @@ -6103,16 +4669,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -6140,7 +4706,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -6175,7 +4741,7 @@ libcrux_sha3::portable::incremental::Shake256Squeeze)#3} static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_8b_ba(self, buf); + libcrux_sha3_generic_keccak_squeeze_9d_ba(self, buf); } /** @@ -6222,16 +4788,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -6259,7 +4825,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -6294,8 +4860,7 @@ libcrux_sha3::portable::incremental::Shake128Squeeze)#1} static inline void libcrux_sha3_portable_incremental_squeeze_10( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_8b_ba0(self, buf); ->>>>>>> main + libcrux_sha3_generic_keccak_squeeze_9d_ba0(self, buf); } /** From 2cc5d08dc51d9011b73e45fa933da711162d0d01 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sun, 22 Sep 2024 12:07:20 +0000 Subject: [PATCH 168/172] boring C not working --- libcrux-ml-kem/c/benches/sha3.cc | 12 --- .../c/internal/libcrux_mlkem_neon.h | 8 -- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 87 +++---------------- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 8 -- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 87 +++---------------- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 8 -- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 87 +++---------------- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 8 -- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 8 -- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 8 -- libcrux-ml-kem/cg/benches/sha3.cc | 10 --- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/eurydice_glue.h | 44 ++-------- libcrux-ml-kem/cg/libcrux_core.h | 2 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 2 +- .../cg/libcrux_mlkem768_avx2_types.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 2 +- .../cg/libcrux_mlkem768_portable_types.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 21 files changed, 59 insertions(+), 334 deletions(-) diff --git a/libcrux-ml-kem/c/benches/sha3.cc b/libcrux-ml-kem/c/benches/sha3.cc index 221a557d7..a2bfadfce 100644 --- a/libcrux-ml-kem/c/benches/sha3.cc +++ b/libcrux-ml-kem/c/benches/sha3.cc @@ -70,17 +70,6 @@ shake128_34_504(benchmark::State &state) Eurydice_slice last[4] = {EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34)}; Eurydice_slice out[4] = {EURYDICE_SLICE(digest0, 0, 504), EURYDICE_SLICE(digest1, 0, 504), EURYDICE_SLICE(digest2, 0, 504), EURYDICE_SLICE(digest3, 0, 504)}; -<<<<<<< HEAD - libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_80(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(&st, out); - - for (auto _ : state) - { - libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_80(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(&st, out); -======= auto st = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_generic_keccak_absorb_final_7f(&st, last); libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(&st, out); @@ -90,7 +79,6 @@ shake128_34_504(benchmark::State &state) auto st = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_generic_keccak_absorb_final_7f(&st, last); libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(&st, out); ->>>>>>> main } } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index 5c7bf744c..f88ca141f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc -======= - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 ->>>>>>> main */ #ifndef __internal_libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index b3eb85bd0..c95f9f673 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc -======= * Charon: 53530427db2941ce784201e64086766504bc5642 * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 ->>>>>>> main */ #include "libcrux_mlkem1024_neon.h" @@ -46,11 +38,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_fa( +static void decapsulate_f8( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_9c(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_82(private_key, ciphertext, ret); } /** @@ -64,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_fa(private_key, ciphertext, ret); + decapsulate_f8(private_key, ciphertext, ret); } /** @@ -91,12 +83,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_ed( +static void decapsulate_unpacked_c2( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_dc(key_pair, ciphertext, - ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec(key_pair, ciphertext, ret); } /** @@ -110,7 +101,7 @@ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_ed(private_key, ciphertext, ret); + decapsulate_unpacked_c2(private_key, ciphertext, ret); } /** @@ -124,26 +115,20 @@ with const generics - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 +- VECTOR_U_BLOCK_LEN= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_2b( +static tuple_21 encapsulate_6b( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_ff(uu____0, uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -157,16 +142,10 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_2b(uu____0, uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_6b(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -190,23 +169,16 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_c6( +static tuple_21 encapsulate_unpacked_1c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_cf(uu____0, - uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -224,16 +196,10 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_c6(uu____0, uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_unpacked_1c(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -246,22 +212,16 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_1a( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( uint8_t randomness[64U]) { -<<<<<<< HEAD - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_ec(uu____0); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_72(copy_of_randomness); ->>>>>>> main } /** @@ -269,16 +229,10 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_1a( */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { -<<<<<<< HEAD - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1a(uu____0); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_91(copy_of_randomness); ->>>>>>> main } /** @@ -297,19 +251,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c -<<<<<<< HEAD -generate_keypair_unpacked_0f(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a5(uu____0); -======= generate_keypair_unpacked_87(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4( copy_of_randomness); ->>>>>>> main } /** @@ -318,16 +265,10 @@ generate_keypair_unpacked_87(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { -<<<<<<< HEAD - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_0f(uu____0); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_unpacked_87(copy_of_randomness); ->>>>>>> main } /** @@ -341,8 +282,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_2c(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); +static bool validate_public_key_a3(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_7e(public_key); } /** @@ -353,7 +294,7 @@ static bool validate_public_key_2c(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_2c(public_key.value)) { + if (validate_public_key_a3(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index 5ce895698..1ed96ad65 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc -======= * Charon: 53530427db2941ce784201e64086766504bc5642 * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 ->>>>>>> main */ #ifndef __libcrux_mlkem1024_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index fa3c3947d..5b9b0ad47 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc -======= * Charon: 53530427db2941ce784201e64086766504bc5642 * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 ->>>>>>> main */ #include "libcrux_mlkem512_neon.h" @@ -46,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_b6(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_55(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_9c1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_821(private_key, ciphertext, ret); } /** @@ -62,7 +54,7 @@ static void decapsulate_b6(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_b6(private_key, ciphertext, ret); + decapsulate_55(private_key, ciphertext, ret); } /** @@ -89,11 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_ee( +static void decapsulate_unpacked_53( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_dc1(key_pair, ciphertext, - ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1(key_pair, ciphertext, ret); } /** @@ -106,7 +97,7 @@ static void decapsulate_unpacked_ee( void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_ee(private_key, ciphertext, ret); + decapsulate_unpacked_53(private_key, ciphertext, ret); } /** @@ -120,26 +111,20 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 +- VECTOR_U_BLOCK_LEN= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_e7( +static tuple_ec encapsulate_f8( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_ff1(uu____0, uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -153,16 +138,10 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_e7(uu____0, uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_f8(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -186,23 +165,16 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_ec( +static tuple_ec encapsulate_unpacked_ce( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_cf1(uu____0, - uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -218,16 +190,10 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ec(uu____0, uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_unpacked_ce(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -240,22 +206,16 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 +- BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_25( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( uint8_t randomness[64U]) { -<<<<<<< HEAD - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_ec1(uu____0); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_721(copy_of_randomness); ->>>>>>> main } /** @@ -263,16 +223,10 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_25( */ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { -<<<<<<< HEAD - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_25(uu____0); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_1a(copy_of_randomness); ->>>>>>> main } /** @@ -291,19 +245,12 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 -<<<<<<< HEAD -generate_keypair_unpacked_29(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a51(uu____0); -======= generate_keypair_unpacked_38(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41( copy_of_randomness); ->>>>>>> main } /** @@ -312,16 +259,10 @@ generate_keypair_unpacked_38(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { -<<<<<<< HEAD - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_29(uu____0); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_unpacked_38(copy_of_randomness); ->>>>>>> main } /** @@ -335,8 +276,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_2c1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_991(public_key); +static bool validate_public_key_a31(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_7e1(public_key); } /** @@ -347,7 +288,7 @@ static bool validate_public_key_2c1(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_2c1(public_key.value)) { + if (validate_public_key_a31(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index e75d47b0c..211c714fc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc -======= * Charon: 53530427db2941ce784201e64086766504bc5642 * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 ->>>>>>> main */ #ifndef __libcrux_mlkem512_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index 04571732e..c252832a1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc -======= * Charon: 53530427db2941ce784201e64086766504bc5642 * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 ->>>>>>> main */ #include "libcrux_mlkem768_neon.h" @@ -46,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_35( +static void decapsulate_67( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_9c0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_820(private_key, ciphertext, ret); } /** @@ -62,7 +54,7 @@ static void decapsulate_35( void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_35(private_key, ciphertext, ret); + decapsulate_67(private_key, ciphertext, ret); } /** @@ -89,11 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_eb( +static void decapsulate_unpacked_70( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_dc0(key_pair, ciphertext, - ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0(key_pair, ciphertext, ret); } /** @@ -106,7 +97,7 @@ static void decapsulate_unpacked_eb( void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_eb(private_key, ciphertext, ret); + decapsulate_unpacked_70(private_key, ciphertext, ret); } /** @@ -120,26 +111,20 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 +- VECTOR_U_BLOCK_LEN= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_b1( +static tuple_3c encapsulate_ea( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_ff0(uu____0, uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -153,16 +138,10 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_b1(uu____0, uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_ea(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -186,23 +165,16 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_24( +static tuple_3c encapsulate_unpacked_29( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_cf0(uu____0, - uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -218,16 +190,10 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_24(uu____0, uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_unpacked_29(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -240,22 +206,16 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_4e( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( uint8_t randomness[64U]) { -<<<<<<< HEAD - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_ec0(uu____0); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_720(copy_of_randomness); ->>>>>>> main } /** @@ -263,16 +223,10 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_4e( */ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { -<<<<<<< HEAD - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_4e(uu____0); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_1b(copy_of_randomness); ->>>>>>> main } /** @@ -291,19 +245,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -<<<<<<< HEAD -generate_keypair_unpacked_4a(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a50(uu____0); -======= generate_keypair_unpacked_42(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40( copy_of_randomness); ->>>>>>> main } /** @@ -312,16 +259,10 @@ generate_keypair_unpacked_42(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { -<<<<<<< HEAD - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_4a(uu____0); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_unpacked_42(copy_of_randomness); ->>>>>>> main } /** @@ -335,8 +276,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_2c0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_990(public_key); +static bool validate_public_key_a30(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_7e0(public_key); } /** @@ -347,7 +288,7 @@ static bool validate_public_key_2c0(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_2c0(public_key.value)) { + if (validate_public_key_a30(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index 173c6b6b9..aaf2756d9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc -======= * Charon: 53530427db2941ce784201e64086766504bc5642 * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 ->>>>>>> main */ #ifndef __libcrux_mlkem768_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 9a61a13b6..68997c944 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d ->>>>>>> main */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 3fe657545..aee7d70ec 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d ->>>>>>> main */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/cg/benches/sha3.cc b/libcrux-ml-kem/cg/benches/sha3.cc index faf3b8351..7212fc4ed 100644 --- a/libcrux-ml-kem/cg/benches/sha3.cc +++ b/libcrux-ml-kem/cg/benches/sha3.cc @@ -69,24 +69,14 @@ shake128_34_504(benchmark::State &state) Eurydice_slice last[4] = {EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34)}; Eurydice_slice out[4] = {EURYDICE_SLICE(digest0, 0, 504), EURYDICE_SLICE(digest1, 0, 504), EURYDICE_SLICE(digest2, 0, 504), EURYDICE_SLICE(digest3, 0, 504)}; libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_80(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(&st, out); -======= libcrux_sha3_generic_keccak_absorb_final_7f(&st, last); libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(&st, out); ->>>>>>> main for (auto _ : state) { libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_80(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(&st, out); -======= libcrux_sha3_generic_keccak_absorb_final_7f(&st, last); libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(&st, out); ->>>>>>> main } } diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 3f94b9400..066ecdc86 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd -Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b +Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 6aeb59968..cdd27af77 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -2,11 +2,7 @@ * SPDX-FileCopyrightText: 2024 Eurydice Contributors * SPDX-FileCopyrightText: 2024 Cryspen Sarl * -<<<<<<< HEAD - * SPDX-License-Identifier: Apache-2.0 -======= * SPDX-License-Identifier: MIT or Apache-2.0 ->>>>>>> main */ #pragma once @@ -99,12 +95,8 @@ typedef struct { (memcpy(dst, src, len * sizeof(elem_type))) #define TryFromSliceError uint8_t -<<<<<<< HEAD -#define Eurydice_array_eq(sz, a1, a2, t, _a, _b) \ -======= #define Eurydice_array_eq(sz, a1, a2, t, _) \ ->>>>>>> main - (memcmp(a1, a2, sz * sizeof(t)) == 0) + (memcmp(a1, a2, sz * sizeof(t)) == 0) #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ sz, a1, a2, t, _, _ret_t) \ Eurydice_array_eq(sz, a1, a2, t, _) @@ -129,10 +121,8 @@ typedef struct { Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) - static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, - char *dst_ok, - Eurydice_slice src, - size_t sz) { +static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok, + Eurydice_slice src, size_t sz) { *dst_tag = 0; memcpy(dst_ok, src.ptr, sz); } @@ -162,7 +152,7 @@ static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { #endif } -// wraparound semantics in C +// unsigned overflow wraparound semantics in C static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { return x + y; } @@ -170,39 +160,21 @@ static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } -static inline uint16_t core_num__i16_1__wrapping_add(int16_t x, int16_t y) { - return x + y; -} - -static inline uint16_t core_num__i16_1__wrapping_sub(int16_t x, int16_t y) { - return x - y; -} - -static inline uint16_t core_num__i16_1__wrapping_mul(int16_t x, int16_t y) { - return x * y; -} - // ITERATORS #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ (((iter_ptr)->start == (iter_ptr)->end) \ -<<<<<<< HEAD - ? (CLITERAL(ret_t){.tag = None}) \ -======= ? (CLITERAL(ret_t){.tag = None, .f0 = 0}) \ ->>>>>>> main : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++})) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \ - Eurydice_range_iter_next + Eurydice_range_iter_next - // See note in karamel/lib/Inlining.ml if you change this +// See note in karamel/lib/Inlining.ml if you change this #define Eurydice_into_iter(x, t, _ret_t) (x) #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter \ - Eurydice_into_iter - -#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) + Eurydice_into_iter #if defined(__cplusplus) - } +} #endif diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index e29636144..f90749b11 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 304d4f8d0..a3ab78f37 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index c108a5889..ec7a09505 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index 27d97ab36..a11530661 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 */ #ifndef __libcrux_mlkem768_avx2_types_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 5e1f37607..0687e1bdf 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index 63dd9e1f0..2b39497d4 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 */ #ifndef __libcrux_mlkem768_portable_types_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index b0f8eb656..4e5eb5c5d 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 8922e606b..c09062f0f 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 */ #ifndef __libcrux_sha3_portable_H From 57abb85fdce169f551d14aa281e644ad9b42c600 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 23 Sep 2024 08:56:29 +0000 Subject: [PATCH 169/172] update C code --- libcrux-ml-kem/c/code_gen.txt | 10 +- libcrux-ml-kem/c/eurydice_glue.h | 18 + libcrux-ml-kem/c/internal/libcrux_core.h | 45 +- .../c/internal/libcrux_mlkem_avx2.h | 10 +- .../c/internal/libcrux_mlkem_portable.h | 10 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 10 +- .../c/internal/libcrux_sha3_internal.h | 138 +++--- libcrux-ml-kem/c/libcrux_core.c | 52 ++- libcrux-ml-kem/c/libcrux_core.h | 17 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 403 +++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 397 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 10 +- libcrux-ml-kem/c/libcrux_sha3.h | 10 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 22 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 50 +-- libcrux-ml-kem/c/libcrux_sha3_neon.c | 10 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 10 +- libcrux-ml-kem/cg/code_gen.txt | 10 +- libcrux-ml-kem/cg/eurydice_glue.h | 3 + libcrux-ml-kem/cg/libcrux_core.h | 52 ++- libcrux-ml-kem/cg/libcrux_ct_ops.h | 10 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 296 ++++++------- .../cg/libcrux_mlkem768_avx2_types.h | 74 ++-- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 290 +++++++------ .../cg/libcrux_mlkem768_portable_types.h | 80 ++-- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 22 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 178 ++++---- 44 files changed, 1244 insertions(+), 1163 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 3f94b9400..12d9d454e 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d -Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 -Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 -F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd -Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b +Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 +Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac +Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 +F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty +Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 660918c54..ad026b9e1 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -18,6 +18,13 @@ extern "C" { #include "krml/lowstar_endianness.h" #define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) +#define EURYDICE_ASSERT(test, msg) \ + do { \ + if (!(test)) { \ + fprintf(stderr, "assertion \"%s\" failed: file \"%s\", line %d\n", msg, \ + __FILE__, __LINE__); \ + } \ + } while (0) // SLICES, ARRAYS, ETC. @@ -130,6 +137,10 @@ static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { memcpy(dst, &x, 4); } +static inline void core_num__u32_8__to_le_bytes(uint32_t src, uint8_t dst[4]) { + store32_le(dst, src); +} + static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { return load32_le(buf); } @@ -137,6 +148,7 @@ static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { store64_le(buf, v); } + static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { return load64_le(buf); } @@ -188,6 +200,9 @@ static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } +static inline uint32_t Eurydice_min_u32(uint32_t x, uint32_t y) { + return x < y ? x : y; +} #define core_num_nonzero_private_NonZeroUsizeInner size_t static inline core_num_nonzero_private_NonZeroUsizeInner @@ -210,6 +225,9 @@ core_num_nonzero_private___core__clone__Clone_for_core__num__nonzero__private__N #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ Eurydice_range_iter_next +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \ + Eurydice_range_iter_next + // See note in karamel/lib/Inlining.ml if you change this #define Eurydice_into_iter(x, t, _ret_t) (x) #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter \ diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index f8f5af4ba..eaff82347 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __internal_libcrux_core_H @@ -291,14 +291,15 @@ typedef struct core_result_Result_00_s { } core_result_Result_00; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]); +void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]); /** Pad the `slice` with `0`s at the end. @@ -382,14 +383,15 @@ typedef struct core_result_Result_6f_s { } core_result_Result_6f; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]); +void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]); /** A monomorphic instance of core.result.Result @@ -405,14 +407,15 @@ typedef struct core_result_Result_7a_s { } core_result_Result_7a; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]); +void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]); /** A monomorphic instance of core.result.Result @@ -428,14 +431,15 @@ typedef struct core_result_Result_cd_s { } core_result_Result_cd; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]); +void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result @@ -451,14 +455,15 @@ typedef struct core_result_Result_c0_s { } core_result_Result_c0; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]); +void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]); typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { Eurydice_slice fst[4U]; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index f147d9e53..49e1f29a2 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index d42bef246..f3a967c5f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 689e36ba6..ff78ba53c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 07b17390c..063a10640 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __internal_libcrux_sha3_internal_H @@ -29,7 +29,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -207,7 +207,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -258,16 +258,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -292,16 +292,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -309,7 +309,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_15(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_15(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -362,16 +362,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -379,7 +379,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { @@ -408,7 +408,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} static inline void libcrux_sha3_portable_incremental_absorb_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_45(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_45(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_4f @@ -422,17 +422,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -440,7 +440,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -487,7 +487,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_absorb_final_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b6(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b6(&self, buf); return self; } @@ -496,16 +496,16 @@ libcrux_sha3_portable_incremental_absorb_final_7d( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -650,21 +650,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_9d_47(void) { +libcrux_sha3_generic_keccak_new_8b_47(void) { libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -681,7 +681,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_9d_47(); + return libcrux_sha3_generic_keccak_new_8b_47(); } /** @@ -712,16 +712,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -746,16 +746,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -763,7 +763,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_150(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_150(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -816,16 +816,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -833,7 +833,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { @@ -859,7 +859,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} static inline void libcrux_sha3_portable_incremental_absorb_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_450(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_450(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_78 @@ -873,17 +873,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -891,7 +891,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -935,7 +935,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_absorb_final_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b60(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b60(&self, buf); return self; } @@ -944,16 +944,16 @@ libcrux_sha3_portable_incremental_absorb_final_1c( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -1130,21 +1130,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_9d_470(void) { +libcrux_sha3_generic_keccak_new_8b_470(void) { libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e0(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e0(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -1158,7 +1158,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_9d_470(); + return libcrux_sha3_generic_keccak_new_8b_470(); } /** @@ -1205,16 +1205,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -1242,7 +1242,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1277,7 +1277,7 @@ libcrux_sha3::portable::incremental::Shake256Squeeze)#3} static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba(self, buf); } /** @@ -1324,16 +1324,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -1361,7 +1361,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1396,7 +1396,7 @@ libcrux_sha3::portable::incremental::Shake128Squeeze)#1} static inline void libcrux_sha3_portable_incremental_squeeze_10( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba0(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba0(self, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 036632ec8..9b9cd41ce 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "internal/libcrux_core.h" @@ -390,14 +390,15 @@ uint8_t *libcrux_ml_kem_types_as_slice_fd_cc( } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]) { +void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]) { if (self.tag == core_result_Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -519,14 +520,15 @@ void libcrux_ml_kem_utils_into_padded_array_42(Eurydice_slice slice, } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]) { +void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]) { if (self.tag == core_result_Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -539,14 +541,15 @@ void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]) { +void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]) { if (self.tag == core_result_Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -559,14 +562,15 @@ void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]) { +void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]) { if (self.tag == core_result_Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -579,14 +583,15 @@ void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]) { +void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]) { if (self.tag == core_result_Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -599,14 +604,15 @@ void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]) { +void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]) { if (self.tag == core_result_Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 38e88f4b5..9d39b6164 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_core_H @@ -197,14 +197,15 @@ typedef struct core_result_Result_56_s { } core_result_Result_56; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]); +void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]); typedef struct Eurydice_slice_uint8_t_x2_s { Eurydice_slice fst; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 1e9c333ae..4f564c146 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 2baeeeeb6..65f4818c6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index f0e9dd8a6..5552a8b63 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 331428cc2..01b6def3f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index e525f91c8..da249a492 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 69da40f05..75bb82159 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 7d6dc8938..9e27b56f2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index c01cba19e..4b8af1f2a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index c6d9cc60a..39e4b67b9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 51eb9d7bf..3f156c570 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 50ffc92a0..172185891 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 15e7950f8..1033e69a1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index d43dc5b54..4d8d496ac 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 0527bf446..4f102ff81 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index c86540cb9..a3cebbef2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index b3cae06b5..18db095f7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "internal/libcrux_mlkem_avx2.h" @@ -603,7 +603,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, ret0); + core_result_unwrap_26_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -694,7 +694,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - core_result_unwrap_41_07(dst, ret0); + core_result_unwrap_26_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -797,7 +797,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - core_result_unwrap_41_ea(dst, ret0); + core_result_unwrap_26_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -924,7 +924,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - core_result_unwrap_41_76(dst, ret0); + core_result_unwrap_26_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1031,15 +1031,16 @@ inline __m256i libcrux_ml_kem_vector_avx2_clone_78(__m256i *self) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_7d(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_ef_7d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1068,7 +1069,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_to_reduced_ring_element_ec(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1117,7 +1118,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_851( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_7d();); + deserialized_pk[i] = ZERO_ef_7d();); deserialize_ring_elements_reduced_3d1(public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -1329,19 +1330,19 @@ typedef struct IndCpaPrivateKeyUnpacked_a0_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static IndCpaPrivateKeyUnpacked_a0 default_f6_191(void) { +static IndCpaPrivateKeyUnpacked_a0 default_1a_191(void) { IndCpaPrivateKeyUnpacked_a0 lit; - lit.secret_as_ntt[0U] = ZERO_20_7d(); - lit.secret_as_ntt[1U] = ZERO_20_7d(); - lit.secret_as_ntt[2U] = ZERO_20_7d(); + lit.secret_as_ntt[0U] = ZERO_ef_7d(); + lit.secret_as_ntt[1U] = ZERO_ef_7d(); + lit.secret_as_ntt[2U] = ZERO_ef_7d(); return lit; } @@ -1360,33 +1361,33 @@ typedef struct IndCpaPublicKeyUnpacked_a0_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static IndCpaPublicKeyUnpacked_a0 default_85_801(void) { +static IndCpaPublicKeyUnpacked_a0 default_8d_801(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - uu____0[i] = ZERO_20_7d();); + uu____0[i] = ZERO_ef_7d();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_a0 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_20_7d(); - lit.A[0U][1U] = ZERO_20_7d(); - lit.A[0U][2U] = ZERO_20_7d(); - lit.A[1U][0U] = ZERO_20_7d(); - lit.A[1U][1U] = ZERO_20_7d(); - lit.A[1U][2U] = ZERO_20_7d(); - lit.A[2U][0U] = ZERO_20_7d(); - lit.A[2U][1U] = ZERO_20_7d(); - lit.A[2U][2U] = ZERO_20_7d(); + lit.A[0U][0U] = ZERO_ef_7d(); + lit.A[0U][1U] = ZERO_ef_7d(); + lit.A[0U][2U] = ZERO_ef_7d(); + lit.A[1U][0U] = ZERO_ef_7d(); + lit.A[1U][1U] = ZERO_ef_7d(); + lit.A[1U][2U] = ZERO_ef_7d(); + lit.A[2U][0U] = ZERO_ef_7d(); + lit.A[2U][1U] = ZERO_ef_7d(); + lit.A[2U][2U] = ZERO_ef_7d(); return lit; } @@ -1716,17 +1717,18 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_744( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_20_14(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); +from_i16_array_ef_14(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1745,7 +1747,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e41( int16_t s[272U]) { - return from_i16_array_20_14( + return from_i16_array_ef_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1930,7 +1932,7 @@ sample_from_binomial_distribution_2_80(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_14( + return from_i16_array_ef_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1974,7 +1976,7 @@ sample_from_binomial_distribution_3_05(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_14( + return from_i16_array_ef_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2125,15 +2127,16 @@ static KRML_MUSTINLINE void ntt_at_layer_1_09( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_09( +static KRML_MUSTINLINE void poly_barrett_reduce_ef_09( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2159,7 +2162,7 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_5c( ntt_at_layer_3_ae(&zeta_i, re); ntt_at_layer_2_53(&zeta_i, re); ntt_at_layer_1_09(&zeta_i, re); - poly_barrett_reduce_20_09(re); + poly_barrett_reduce_ef_09(re); } /** @@ -2216,7 +2219,7 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_d71( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_7d();); + re_as_ntt[i] = ZERO_ef_7d();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2237,18 +2240,19 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_d71( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_20_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_ef_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2267,15 +2271,16 @@ ntt_multiply_20_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_311( +static KRML_MUSTINLINE void add_to_ring_element_ef_311( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2302,15 +2307,16 @@ static __m256i to_standard_domain_c1(__m256i v) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_ba( +static KRML_MUSTINLINE void add_standard_error_reduce_ef_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2344,7 +2350,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_671( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -2357,10 +2363,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_671( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_311(&t_as_ntt[i0], &product); + ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_311(&t_as_ntt[i0], &product); } - add_standard_error_reduce_20_ba(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -2413,7 +2419,7 @@ static void generate_keypair_unpacked_4a1( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, uu____5); + core_result_unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -2431,8 +2437,8 @@ with const generics */ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_1c1( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_a0 private_key = default_f6_191(); - IndCpaPublicKeyUnpacked_a0 public_key = default_85_801(); + IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_191(); + IndCpaPublicKeyUnpacked_a0 public_key = default_8d_801(); generate_keypair_unpacked_4a1(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; serialize_public_key_391( @@ -2583,7 +2589,7 @@ static KRML_MUSTINLINE tuple_b0 sample_ring_element_cbd_461(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_7d();); + error_1[i] = ZERO_ef_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2763,20 +2769,21 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_4a1( invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_09(re); + poly_barrett_reduce_ef_09(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_84( +static KRML_MUSTINLINE void add_error_reduce_ef_84( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2804,7 +2811,7 @@ static KRML_MUSTINLINE void compute_vector_u_a91( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_7d();); + result0[i] = ZERO_ef_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2824,11 +2831,11 @@ static KRML_MUSTINLINE void compute_vector_u_a91( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(a_element, &r_as_ntt[j]); - add_to_ring_element_20_311(&result0[i1], &product); + ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_311(&result0[i1], &product); } invert_ntt_montgomery_4a1(&result0[i1]); - add_error_reduce_20_84(&result0[i1], &error_1[i1]); + add_error_reduce_ef_84(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2860,7 +2867,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_message_a6(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -2874,16 +2881,17 @@ deserialize_then_decompress_message_a6(uint8_t serialized[32U]) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_20_b0( +add_message_error_reduce_ef_b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2915,13 +2923,13 @@ compute_ring_element_v_e61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_311(&result, &product);); + ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_311(&result, &product);); invert_ntt_montgomery_4a1(&result); - result = add_message_error_reduce_20_b0(error_2, message, result); + result = add_message_error_reduce_ef_b0(error_2, message, result); return result; } @@ -3381,7 +3389,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static void encrypt_601(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_85_801(); + IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_801(); deserialize_ring_elements_reduced_3d1( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -3500,7 +3508,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_to_uncompressed_ring_element_d1(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3522,7 +3530,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_941( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_7d();); + secret_as_ntt[i] = ZERO_ef_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3609,7 +3617,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_10_2d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -3689,7 +3697,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_11_57(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -3728,7 +3736,7 @@ static KRML_MUSTINLINE void ntt_vector_u_600( ntt_at_layer_3_ae(&zeta_i, re); ntt_at_layer_2_53(&zeta_i, re); ntt_at_layer_1_09(&zeta_i, re); - poly_barrett_reduce_20_09(re); + poly_barrett_reduce_ef_09(re); } /** @@ -3744,7 +3752,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_841( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_7d();); + u_as_ntt[i] = ZERO_ef_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -3833,7 +3841,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_4_39(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -3908,7 +3916,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_5_7b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3934,16 +3942,17 @@ deserialize_then_decompress_ring_element_v_800(Eurydice_slice serialized) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_20_79(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_ef_79(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3969,13 +3978,13 @@ compute_message_781( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_311(&result, &product);); + ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_311(&result, &product);); invert_ntt_montgomery_4a1(&result); - result = subtract_reduce_20_79(v, result); + result = subtract_reduce_ef_79(v, result); return result; } @@ -4209,7 +4218,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_850( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_7d();); + deserialized_pk[i] = ZERO_ef_7d();); deserialize_ring_elements_reduced_3d(public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -4363,20 +4372,20 @@ typedef struct IndCpaPrivateKeyUnpacked_01_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static IndCpaPrivateKeyUnpacked_01 default_f6_19(void) { +static IndCpaPrivateKeyUnpacked_01 default_1a_19(void) { IndCpaPrivateKeyUnpacked_01 lit; - lit.secret_as_ntt[0U] = ZERO_20_7d(); - lit.secret_as_ntt[1U] = ZERO_20_7d(); - lit.secret_as_ntt[2U] = ZERO_20_7d(); - lit.secret_as_ntt[3U] = ZERO_20_7d(); + lit.secret_as_ntt[0U] = ZERO_ef_7d(); + lit.secret_as_ntt[1U] = ZERO_ef_7d(); + lit.secret_as_ntt[2U] = ZERO_ef_7d(); + lit.secret_as_ntt[3U] = ZERO_ef_7d(); return lit; } @@ -4395,40 +4404,40 @@ typedef struct IndCpaPublicKeyUnpacked_01_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static IndCpaPublicKeyUnpacked_01 default_85_80(void) { +static IndCpaPublicKeyUnpacked_01 default_8d_80(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - uu____0[i] = ZERO_20_7d();); + uu____0[i] = ZERO_ef_7d();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_01 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_20_7d(); - lit.A[0U][1U] = ZERO_20_7d(); - lit.A[0U][2U] = ZERO_20_7d(); - lit.A[0U][3U] = ZERO_20_7d(); - lit.A[1U][0U] = ZERO_20_7d(); - lit.A[1U][1U] = ZERO_20_7d(); - lit.A[1U][2U] = ZERO_20_7d(); - lit.A[1U][3U] = ZERO_20_7d(); - lit.A[2U][0U] = ZERO_20_7d(); - lit.A[2U][1U] = ZERO_20_7d(); - lit.A[2U][2U] = ZERO_20_7d(); - lit.A[2U][3U] = ZERO_20_7d(); - lit.A[3U][0U] = ZERO_20_7d(); - lit.A[3U][1U] = ZERO_20_7d(); - lit.A[3U][2U] = ZERO_20_7d(); - lit.A[3U][3U] = ZERO_20_7d(); + lit.A[0U][0U] = ZERO_ef_7d(); + lit.A[0U][1U] = ZERO_ef_7d(); + lit.A[0U][2U] = ZERO_ef_7d(); + lit.A[0U][3U] = ZERO_ef_7d(); + lit.A[1U][0U] = ZERO_ef_7d(); + lit.A[1U][1U] = ZERO_ef_7d(); + lit.A[1U][2U] = ZERO_ef_7d(); + lit.A[1U][3U] = ZERO_ef_7d(); + lit.A[2U][0U] = ZERO_ef_7d(); + lit.A[2U][1U] = ZERO_ef_7d(); + lit.A[2U][2U] = ZERO_ef_7d(); + lit.A[2U][3U] = ZERO_ef_7d(); + lit.A[3U][0U] = ZERO_ef_7d(); + lit.A[3U][1U] = ZERO_ef_7d(); + lit.A[3U][2U] = ZERO_ef_7d(); + lit.A[3U][3U] = ZERO_ef_7d(); return lit; } @@ -4770,7 +4779,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e4( int16_t s[272U]) { - return from_i16_array_20_14( + return from_i16_array_ef_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4971,7 +4980,7 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_7d();); + re_as_ntt[i] = ZERO_ef_7d();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4992,15 +5001,16 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_d7( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_31( +static KRML_MUSTINLINE void add_to_ring_element_ef_31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5034,7 +5044,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_67( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -5047,10 +5057,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_31(&t_as_ntt[i0], &product); + ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_31(&t_as_ntt[i0], &product); } - add_standard_error_reduce_20_ba(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -5103,7 +5113,7 @@ static void generate_keypair_unpacked_4a( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, uu____5); + core_result_unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -5121,8 +5131,8 @@ with const generics */ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_1c0( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_01 private_key = default_f6_19(); - IndCpaPublicKeyUnpacked_01 public_key = default_85_80(); + IndCpaPrivateKeyUnpacked_01 private_key = default_1a_19(); + IndCpaPublicKeyUnpacked_01 public_key = default_8d_80(); generate_keypair_unpacked_4a(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; serialize_public_key_39( @@ -5273,7 +5283,7 @@ static KRML_MUSTINLINE tuple_71 sample_ring_element_cbd_46(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_7d();); + error_1[i] = ZERO_ef_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5337,7 +5347,7 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_4a( invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_09(re); + poly_barrett_reduce_ef_09(re); } /** @@ -5353,7 +5363,7 @@ static KRML_MUSTINLINE void compute_vector_u_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_7d();); + result0[i] = ZERO_ef_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5373,11 +5383,11 @@ static KRML_MUSTINLINE void compute_vector_u_a9( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(a_element, &r_as_ntt[j]); - add_to_ring_element_20_31(&result0[i1], &product); + ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_31(&result0[i1], &product); } invert_ntt_montgomery_4a(&result0[i1]); - add_error_reduce_20_84(&result0[i1], &error_1[i1]); + add_error_reduce_ef_84(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5400,13 +5410,13 @@ compute_ring_element_v_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_31(&result, &product);); + ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_31(&result, &product);); invert_ntt_montgomery_4a(&result); - result = add_message_error_reduce_20_b0(error_2, message, result); + result = add_message_error_reduce_ef_b0(error_2, message, result); return result; } @@ -5583,7 +5593,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static void encrypt_600(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_85_80(); + IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_8d_80(); deserialize_ring_elements_reduced_3d( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -5705,7 +5715,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_940( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_7d();); + secret_as_ntt[i] = ZERO_ef_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5756,7 +5766,7 @@ static KRML_MUSTINLINE void ntt_vector_u_60( ntt_at_layer_3_ae(&zeta_i, re); ntt_at_layer_2_53(&zeta_i, re); ntt_at_layer_1_09(&zeta_i, re); - poly_barrett_reduce_20_09(re); + poly_barrett_reduce_ef_09(re); } /** @@ -5772,7 +5782,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_84( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_7d();); + u_as_ntt[i] = ZERO_ef_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -5820,13 +5830,13 @@ compute_message_78( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_31(&result, &product);); + ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_31(&result, &product);); invert_ntt_montgomery_4a(&result); - result = subtract_reduce_20_79(v, result); + result = subtract_reduce_ef_79(v, result); return result; } @@ -6024,7 +6034,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_85( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_7d();); + deserialized_pk[i] = ZERO_ef_7d();); deserialize_ring_elements_reduced_3d0(public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -6178,18 +6188,18 @@ typedef struct IndCpaPrivateKeyUnpacked_d6_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static IndCpaPrivateKeyUnpacked_d6 default_f6_190(void) { +static IndCpaPrivateKeyUnpacked_d6 default_1a_190(void) { IndCpaPrivateKeyUnpacked_d6 lit; - lit.secret_as_ntt[0U] = ZERO_20_7d(); - lit.secret_as_ntt[1U] = ZERO_20_7d(); + lit.secret_as_ntt[0U] = ZERO_ef_7d(); + lit.secret_as_ntt[1U] = ZERO_ef_7d(); return lit; } @@ -6208,28 +6218,28 @@ typedef struct IndCpaPublicKeyUnpacked_d6_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static IndCpaPublicKeyUnpacked_d6 default_85_800(void) { +static IndCpaPublicKeyUnpacked_d6 default_8d_800(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - uu____0[i] = ZERO_20_7d();); + uu____0[i] = ZERO_ef_7d();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_d6 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_20_7d(); - lit.A[0U][1U] = ZERO_20_7d(); - lit.A[1U][0U] = ZERO_20_7d(); - lit.A[1U][1U] = ZERO_20_7d(); + lit.A[0U][0U] = ZERO_ef_7d(); + lit.A[0U][1U] = ZERO_ef_7d(); + lit.A[1U][0U] = ZERO_ef_7d(); + lit.A[1U][1U] = ZERO_ef_7d(); return lit; } @@ -6559,7 +6569,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e40( int16_t s[272U]) { - return from_i16_array_20_14( + return from_i16_array_ef_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6765,7 +6775,7 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_d70( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_7d();); + re_as_ntt[i] = ZERO_ef_7d();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6786,15 +6796,16 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_d70( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_310( +static KRML_MUSTINLINE void add_to_ring_element_ef_310( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -6828,7 +6839,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_670( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -6841,10 +6852,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_670( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_310(&t_as_ntt[i0], &product); + ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_310(&t_as_ntt[i0], &product); } - add_standard_error_reduce_20_ba(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -6897,7 +6908,7 @@ static void generate_keypair_unpacked_4a0( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, uu____5); + core_result_unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -6915,8 +6926,8 @@ with const generics */ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_1c( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_d6 private_key = default_f6_190(); - IndCpaPublicKeyUnpacked_d6 public_key = default_85_800(); + IndCpaPrivateKeyUnpacked_d6 private_key = default_1a_190(); + IndCpaPublicKeyUnpacked_d6 public_key = default_8d_800(); generate_keypair_unpacked_4a0(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; serialize_public_key_390( @@ -7113,7 +7124,7 @@ static KRML_MUSTINLINE tuple_74 sample_ring_element_cbd_460(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_7d();); + error_1[i] = ZERO_ef_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7177,7 +7188,7 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_4a0( invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_09(re); + poly_barrett_reduce_ef_09(re); } /** @@ -7193,7 +7204,7 @@ static KRML_MUSTINLINE void compute_vector_u_a90( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_7d();); + result0[i] = ZERO_ef_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7213,11 +7224,11 @@ static KRML_MUSTINLINE void compute_vector_u_a90( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(a_element, &r_as_ntt[j]); - add_to_ring_element_20_310(&result0[i1], &product); + ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_310(&result0[i1], &product); } invert_ntt_montgomery_4a0(&result0[i1]); - add_error_reduce_20_84(&result0[i1], &error_1[i1]); + add_error_reduce_ef_84(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7240,13 +7251,13 @@ compute_ring_element_v_e60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_310(&result, &product);); + ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_310(&result, &product);); invert_ntt_montgomery_4a0(&result); - result = add_message_error_reduce_20_b0(error_2, message, result); + result = add_message_error_reduce_ef_b0(error_2, message, result); return result; } @@ -7373,7 +7384,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static void encrypt_60(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_85_800(); + IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_8d_800(); deserialize_ring_elements_reduced_3d0( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -7495,7 +7506,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_94( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_7d();); + secret_as_ntt[i] = ZERO_ef_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7532,7 +7543,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_840( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_7d();); + u_as_ntt[i] = ZERO_ef_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7569,13 +7580,13 @@ compute_message_780( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_310(&result, &product);); + ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_310(&result, &product);); invert_ntt_montgomery_4a0(&result); - result = subtract_reduce_20_79(v, result); + result = subtract_reduce_ef_79(v, result); return result; } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index c59cb8009..679ea6f82 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index f41d3f0c9..ccc6f3b26 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "internal/libcrux_mlkem_portable.h" @@ -79,7 +79,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - core_result_unwrap_41_30(dst, ret); + core_result_unwrap_26_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -2281,15 +2281,16 @@ libcrux_ml_kem_vector_portable_vector_type_clone_3b( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_19(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_ef_19(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2318,7 +2319,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_to_reduced_ring_element_d3(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2369,7 +2370,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_581( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_19();); + deserialized_pk[i] = ZERO_ef_19();); deserialize_ring_elements_reduced_8b(public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -2593,20 +2594,20 @@ typedef struct IndCpaPrivateKeyUnpacked_42_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static IndCpaPrivateKeyUnpacked_42 default_f6_a3(void) { +static IndCpaPrivateKeyUnpacked_42 default_1a_a3(void) { IndCpaPrivateKeyUnpacked_42 lit; - lit.secret_as_ntt[0U] = ZERO_20_19(); - lit.secret_as_ntt[1U] = ZERO_20_19(); - lit.secret_as_ntt[2U] = ZERO_20_19(); - lit.secret_as_ntt[3U] = ZERO_20_19(); + lit.secret_as_ntt[0U] = ZERO_ef_19(); + lit.secret_as_ntt[1U] = ZERO_ef_19(); + lit.secret_as_ntt[2U] = ZERO_ef_19(); + lit.secret_as_ntt[3U] = ZERO_ef_19(); return lit; } @@ -2625,40 +2626,40 @@ typedef struct IndCpaPublicKeyUnpacked_42_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static IndCpaPublicKeyUnpacked_42 default_85_6b(void) { +static IndCpaPublicKeyUnpacked_42 default_8d_6b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - uu____0[i] = ZERO_20_19();); + uu____0[i] = ZERO_ef_19();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_42 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_20_19(); - lit.A[0U][1U] = ZERO_20_19(); - lit.A[0U][2U] = ZERO_20_19(); - lit.A[0U][3U] = ZERO_20_19(); - lit.A[1U][0U] = ZERO_20_19(); - lit.A[1U][1U] = ZERO_20_19(); - lit.A[1U][2U] = ZERO_20_19(); - lit.A[1U][3U] = ZERO_20_19(); - lit.A[2U][0U] = ZERO_20_19(); - lit.A[2U][1U] = ZERO_20_19(); - lit.A[2U][2U] = ZERO_20_19(); - lit.A[2U][3U] = ZERO_20_19(); - lit.A[3U][0U] = ZERO_20_19(); - lit.A[3U][1U] = ZERO_20_19(); - lit.A[3U][2U] = ZERO_20_19(); - lit.A[3U][3U] = ZERO_20_19(); + lit.A[0U][0U] = ZERO_ef_19(); + lit.A[0U][1U] = ZERO_ef_19(); + lit.A[0U][2U] = ZERO_ef_19(); + lit.A[0U][3U] = ZERO_ef_19(); + lit.A[1U][0U] = ZERO_ef_19(); + lit.A[1U][1U] = ZERO_ef_19(); + lit.A[1U][2U] = ZERO_ef_19(); + lit.A[1U][3U] = ZERO_ef_19(); + lit.A[2U][0U] = ZERO_ef_19(); + lit.A[2U][1U] = ZERO_ef_19(); + lit.A[2U][2U] = ZERO_ef_19(); + lit.A[2U][3U] = ZERO_ef_19(); + lit.A[3U][0U] = ZERO_ef_19(); + lit.A[3U][1U] = ZERO_ef_19(); + lit.A[3U][2U] = ZERO_ef_19(); + lit.A[3U][3U] = ZERO_ef_19(); return lit; } @@ -2980,17 +2981,18 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_20_bb(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); +from_i16_array_ef_bb(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3012,7 +3014,7 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba( int16_t s[272U]) { - return from_i16_array_20_bb( + return from_i16_array_ef_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3181,7 +3183,7 @@ sample_from_binomial_distribution_2_1b(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_bb( + return from_i16_array_ef_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3225,7 +3227,7 @@ sample_from_binomial_distribution_3_ee(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_bb( + return from_i16_array_ef_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3391,15 +3393,16 @@ static KRML_MUSTINLINE void ntt_at_layer_1_21( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_0a( +static KRML_MUSTINLINE void poly_barrett_reduce_ef_0a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3427,7 +3430,7 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b3( ntt_at_layer_3_1b(&zeta_i, re); ntt_at_layer_2_ea(&zeta_i, re); ntt_at_layer_1_21(&zeta_i, re); - poly_barrett_reduce_20_0a(re); + poly_barrett_reduce_ef_0a(re); } /** @@ -3486,7 +3489,7 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_44( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_19();); + re_as_ntt[i] = ZERO_ef_19();); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3507,18 +3510,19 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_44( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_20_76(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_ef_76(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_ef_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3539,15 +3543,16 @@ ntt_multiply_20_76(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_3a( +static KRML_MUSTINLINE void add_to_ring_element_ef_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3580,15 +3585,16 @@ to_standard_domain_73( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_69( +static KRML_MUSTINLINE void add_standard_error_reduce_ef_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -3624,7 +3630,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -3637,10 +3643,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_3a(&t_as_ntt[i0], &product); + ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_3a(&t_as_ntt[i0], &product); } - add_standard_error_reduce_20_69(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -3693,7 +3699,7 @@ static void generate_keypair_unpacked_86( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, uu____5); + core_result_unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -3711,8 +3717,8 @@ libcrux_ml_kem_variant_MlKem with const generics */ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ea1( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_42 private_key = default_f6_a3(); - IndCpaPublicKeyUnpacked_42 public_key = default_85_6b(); + IndCpaPrivateKeyUnpacked_42 private_key = default_1a_a3(); + IndCpaPublicKeyUnpacked_42 public_key = default_8d_6b(); generate_keypair_unpacked_86(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; serialize_public_key_96( @@ -3864,7 +3870,7 @@ static KRML_MUSTINLINE tuple_710 sample_ring_element_cbd_72(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_19();); + error_1[i] = ZERO_ef_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4052,20 +4058,21 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_04( invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_0a(re); + poly_barrett_reduce_ef_0a(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_15( +static KRML_MUSTINLINE void add_error_reduce_ef_15( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4096,7 +4103,7 @@ static KRML_MUSTINLINE void compute_vector_u_02( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_19();); + result0[i] = ZERO_ef_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4116,11 +4123,11 @@ static KRML_MUSTINLINE void compute_vector_u_02( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(a_element, &r_as_ntt[j]); - add_to_ring_element_20_3a(&result0[i1], &product); + ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_3a(&result0[i1], &product); } invert_ntt_montgomery_04(&result0[i1]); - add_error_reduce_20_15(&result0[i1], &error_1[i1]); + add_error_reduce_ef_15(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -4157,7 +4164,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_message_c9(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4174,16 +4181,17 @@ deserialize_then_decompress_message_c9(uint8_t serialized[32U]) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_20_f0( +add_message_error_reduce_ef_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4218,13 +4226,13 @@ compute_ring_element_v_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_3a(&result, &product);); + ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_3a(&result, &product);); invert_ntt_montgomery_04(&result); - result = add_message_error_reduce_20_f0(error_2, message, result); + result = add_message_error_reduce_ef_f0(error_2, message, result); return result; } @@ -4581,7 +4589,7 @@ generics */ static void encrypt_5f1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_85_6b(); + IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_8d_6b(); deserialize_ring_elements_reduced_8b( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -4700,7 +4708,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_to_uncompressed_ring_element_0b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4724,7 +4732,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_e71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_19();); + secret_as_ntt[i] = ZERO_ef_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4793,7 +4801,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_10_c9(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -4860,7 +4868,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_11_fe(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4902,7 +4910,7 @@ static KRML_MUSTINLINE void ntt_vector_u_2a( ntt_at_layer_3_1b(&zeta_i, re); ntt_at_layer_2_ea(&zeta_i, re); ntt_at_layer_1_21(&zeta_i, re); - poly_barrett_reduce_20_0a(re); + poly_barrett_reduce_ef_0a(re); } /** @@ -4918,7 +4926,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_19();); + u_as_ntt[i] = ZERO_ef_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -4989,7 +4997,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_4_c2(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -5049,7 +5057,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_5_a7(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5077,16 +5085,17 @@ deserialize_then_decompress_ring_element_v_41(Eurydice_slice serialized) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_20_1e(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_ef_1e(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5115,13 +5124,13 @@ compute_message_b7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_3a(&result, &product);); + ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_3a(&result, &product);); invert_ntt_montgomery_04(&result); - result = subtract_reduce_20_1e(v, result); + result = subtract_reduce_ef_1e(v, result); return result; } @@ -5357,7 +5366,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_580( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_19();); + deserialized_pk[i] = ZERO_ef_19();); deserialize_ring_elements_reduced_8b0(public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -5511,18 +5520,18 @@ typedef struct IndCpaPrivateKeyUnpacked_ae_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static IndCpaPrivateKeyUnpacked_ae default_f6_a30(void) { +static IndCpaPrivateKeyUnpacked_ae default_1a_a30(void) { IndCpaPrivateKeyUnpacked_ae lit; - lit.secret_as_ntt[0U] = ZERO_20_19(); - lit.secret_as_ntt[1U] = ZERO_20_19(); + lit.secret_as_ntt[0U] = ZERO_ef_19(); + lit.secret_as_ntt[1U] = ZERO_ef_19(); return lit; } @@ -5541,28 +5550,28 @@ typedef struct IndCpaPublicKeyUnpacked_ae_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static IndCpaPublicKeyUnpacked_ae default_85_6b0(void) { +static IndCpaPublicKeyUnpacked_ae default_8d_6b0(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - uu____0[i] = ZERO_20_19();); + uu____0[i] = ZERO_ef_19();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_ae lit; memcpy( lit.t_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_20_19(); - lit.A[0U][1U] = ZERO_20_19(); - lit.A[1U][0U] = ZERO_20_19(); - lit.A[1U][1U] = ZERO_20_19(); + lit.A[0U][0U] = ZERO_ef_19(); + lit.A[0U][1U] = ZERO_ef_19(); + lit.A[1U][0U] = ZERO_ef_19(); + lit.A[1U][1U] = ZERO_ef_19(); return lit; } @@ -5891,7 +5900,7 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba0( int16_t s[272U]) { - return from_i16_array_20_bb( + return from_i16_array_ef_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6086,7 +6095,7 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_440( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_19();); + re_as_ntt[i] = ZERO_ef_19();); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6107,15 +6116,16 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_440( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_3a0( +static KRML_MUSTINLINE void add_to_ring_element_ef_3a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6153,7 +6163,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -6166,10 +6176,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_3a0(&t_as_ntt[i0], &product); + ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_3a0(&t_as_ntt[i0], &product); } - add_standard_error_reduce_20_69(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -6222,7 +6232,7 @@ static void generate_keypair_unpacked_860( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, uu____5); + core_result_unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -6240,8 +6250,8 @@ libcrux_ml_kem_variant_MlKem with const generics */ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ea0( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_ae private_key = default_f6_a30(); - IndCpaPublicKeyUnpacked_ae public_key = default_85_6b0(); + IndCpaPrivateKeyUnpacked_ae private_key = default_1a_a30(); + IndCpaPublicKeyUnpacked_ae public_key = default_8d_6b0(); generate_keypair_unpacked_860(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; serialize_public_key_960( @@ -6425,7 +6435,7 @@ static KRML_MUSTINLINE tuple_740 sample_ring_element_cbd_720(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_19();); + error_1[i] = ZERO_ef_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6489,7 +6499,7 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_040( invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_0a(re); + poly_barrett_reduce_ef_0a(re); } /** @@ -6505,7 +6515,7 @@ static KRML_MUSTINLINE void compute_vector_u_020( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_19();); + result0[i] = ZERO_ef_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6525,11 +6535,11 @@ static KRML_MUSTINLINE void compute_vector_u_020( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(a_element, &r_as_ntt[j]); - add_to_ring_element_20_3a0(&result0[i1], &product); + ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_3a0(&result0[i1], &product); } invert_ntt_montgomery_040(&result0[i1]); - add_error_reduce_20_15(&result0[i1], &error_1[i1]); + add_error_reduce_ef_15(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6552,13 +6562,13 @@ compute_ring_element_v_c70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_3a0(&result, &product);); + ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_3a0(&result, &product);); invert_ntt_montgomery_040(&result); - result = add_message_error_reduce_20_f0(error_2, message, result); + result = add_message_error_reduce_ef_f0(error_2, message, result); return result; } @@ -6738,7 +6748,7 @@ generics */ static void encrypt_5f0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_85_6b0(); + IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_8d_6b0(); deserialize_ring_elements_reduced_8b0( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -6860,7 +6870,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_e70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_19();); + secret_as_ntt[i] = ZERO_ef_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6911,7 +6921,7 @@ static KRML_MUSTINLINE void ntt_vector_u_2a0( ntt_at_layer_3_1b(&zeta_i, re); ntt_at_layer_2_ea(&zeta_i, re); ntt_at_layer_1_21(&zeta_i, re); - poly_barrett_reduce_20_0a(re); + poly_barrett_reduce_ef_0a(re); } /** @@ -6927,7 +6937,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_19();); + u_as_ntt[i] = ZERO_ef_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -6975,13 +6985,13 @@ compute_message_b70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_3a0(&result, &product);); + ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_3a0(&result, &product);); invert_ntt_montgomery_040(&result); - result = subtract_reduce_20_1e(v, result); + result = subtract_reduce_ef_1e(v, result); return result; } @@ -7179,7 +7189,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_58( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_19();); + deserialized_pk[i] = ZERO_ef_19();); deserialize_ring_elements_reduced_8b1(public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -7333,19 +7343,19 @@ typedef struct IndCpaPrivateKeyUnpacked_f8_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static IndCpaPrivateKeyUnpacked_f8 default_f6_a31(void) { +static IndCpaPrivateKeyUnpacked_f8 default_1a_a31(void) { IndCpaPrivateKeyUnpacked_f8 lit; - lit.secret_as_ntt[0U] = ZERO_20_19(); - lit.secret_as_ntt[1U] = ZERO_20_19(); - lit.secret_as_ntt[2U] = ZERO_20_19(); + lit.secret_as_ntt[0U] = ZERO_ef_19(); + lit.secret_as_ntt[1U] = ZERO_ef_19(); + lit.secret_as_ntt[2U] = ZERO_ef_19(); return lit; } @@ -7364,33 +7374,33 @@ typedef struct IndCpaPublicKeyUnpacked_f8_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static IndCpaPublicKeyUnpacked_f8 default_85_6b1(void) { +static IndCpaPublicKeyUnpacked_f8 default_8d_6b1(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - uu____0[i] = ZERO_20_19();); + uu____0[i] = ZERO_ef_19();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_f8 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_20_19(); - lit.A[0U][1U] = ZERO_20_19(); - lit.A[0U][2U] = ZERO_20_19(); - lit.A[1U][0U] = ZERO_20_19(); - lit.A[1U][1U] = ZERO_20_19(); - lit.A[1U][2U] = ZERO_20_19(); - lit.A[2U][0U] = ZERO_20_19(); - lit.A[2U][1U] = ZERO_20_19(); - lit.A[2U][2U] = ZERO_20_19(); + lit.A[0U][0U] = ZERO_ef_19(); + lit.A[0U][1U] = ZERO_ef_19(); + lit.A[0U][2U] = ZERO_ef_19(); + lit.A[1U][0U] = ZERO_ef_19(); + lit.A[1U][1U] = ZERO_ef_19(); + lit.A[1U][2U] = ZERO_ef_19(); + lit.A[2U][0U] = ZERO_ef_19(); + lit.A[2U][1U] = ZERO_ef_19(); + lit.A[2U][2U] = ZERO_ef_19(); return lit; } @@ -7719,7 +7729,7 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba1( int16_t s[272U]) { - return from_i16_array_20_bb( + return from_i16_array_ef_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7903,7 +7913,7 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_441( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_19();); + re_as_ntt[i] = ZERO_ef_19();); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7924,15 +7934,16 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_441( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_3a1( +static KRML_MUSTINLINE void add_to_ring_element_ef_3a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -7970,7 +7981,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -7983,10 +7994,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_3a1(&t_as_ntt[i0], &product); + ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_3a1(&t_as_ntt[i0], &product); } - add_standard_error_reduce_20_69(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -8039,7 +8050,7 @@ static void generate_keypair_unpacked_861( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, uu____5); + core_result_unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -8057,8 +8068,8 @@ libcrux_ml_kem_variant_MlKem with const generics */ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ea( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_f8 private_key = default_f6_a31(); - IndCpaPublicKeyUnpacked_f8 public_key = default_85_6b1(); + IndCpaPrivateKeyUnpacked_f8 private_key = default_1a_a31(); + IndCpaPublicKeyUnpacked_f8 public_key = default_8d_6b1(); generate_keypair_unpacked_861(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; serialize_public_key_961( @@ -8210,7 +8221,7 @@ static KRML_MUSTINLINE tuple_b00 sample_ring_element_cbd_721(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_19();); + error_1[i] = ZERO_ef_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8274,7 +8285,7 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_041( invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_0a(re); + poly_barrett_reduce_ef_0a(re); } /** @@ -8290,7 +8301,7 @@ static KRML_MUSTINLINE void compute_vector_u_021( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_19();); + result0[i] = ZERO_ef_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8310,11 +8321,11 @@ static KRML_MUSTINLINE void compute_vector_u_021( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(a_element, &r_as_ntt[j]); - add_to_ring_element_20_3a1(&result0[i1], &product); + ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_3a1(&result0[i1], &product); } invert_ntt_montgomery_041(&result0[i1]); - add_error_reduce_20_15(&result0[i1], &error_1[i1]); + add_error_reduce_ef_15(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8337,13 +8348,13 @@ compute_ring_element_v_c71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_3a1(&result, &product);); + ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_3a1(&result, &product);); invert_ntt_montgomery_041(&result); - result = add_message_error_reduce_20_f0(error_2, message, result); + result = add_message_error_reduce_ef_f0(error_2, message, result); return result; } @@ -8474,7 +8485,7 @@ generics */ static void encrypt_5f(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_85_6b1(); + IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_8d_6b1(); deserialize_ring_elements_reduced_8b1( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -8596,7 +8607,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_e7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_19();); + secret_as_ntt[i] = ZERO_ef_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8633,7 +8644,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_19();); + u_as_ntt[i] = ZERO_ef_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -8670,13 +8681,13 @@ compute_message_b71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_3a1(&result, &product);); + ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_3a1(&result, &product);); invert_ntt_montgomery_041(&result); - result = subtract_reduce_20_1e(v, result); + result = subtract_reduce_ef_1e(v, result); return result; } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 6fff48a70..626edaff4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 7163ceade..3ae00514c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 5db24bab4..467def628 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "internal/libcrux_sha3_avx2.h" @@ -167,16 +167,16 @@ split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types core_core_arch_x86___m256i with const generics - N= 4 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_1e_71(void) { +new_89_71(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = zero_ef(); lit.st[0U][1U] = zero_ef(); @@ -1679,7 +1679,7 @@ with const generics */ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_71(); + libcrux_sha3_generic_keccak_KeccakState_29 s = new_89_71(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1719,7 +1719,7 @@ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1757,7 +1757,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, */ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return new_1e_71(); + return new_89_71(); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 6530e87bc..47d070cdc 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 0eadd5bb5..3678325cd 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_sha3_internal_H @@ -192,16 +192,16 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_cf(void) { +libcrux_sha3_generic_keccak_new_89_cf(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1465,7 +1465,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1740,7 +1740,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -1781,7 +1781,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1832,7 +1832,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2089,7 +2089,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -2130,7 +2130,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2181,7 +2181,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2438,7 +2438,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2479,7 +2479,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2627,7 +2627,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2668,7 +2668,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2745,7 +2745,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2786,7 +2786,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2837,7 +2837,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3093,7 +3093,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -3134,7 +3134,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 2841710c3..f0331c49a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 6b269f09b..ec5a84fa2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 066ecdc86..12d9d454e 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d -Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 -Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 -F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd -Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 +Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 +Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac +Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 +F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty +Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index cdd27af77..30a7c281d 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -19,6 +19,9 @@ extern "C" { #include "karamel/target.h" +// Ignore an expression. +#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) + // SLICES, ARRAYS, ETC. // The MSVC C++ compiler does not support compound literals. diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index f90749b11..ad3b32845 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_core_H @@ -97,14 +97,15 @@ typedef struct Result_6f_s { } Result_6f; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_76(Result_6f self, uint8_t ret[24U]) { +static inline void unwrap_26_76(Result_6f self, uint8_t ret[24U]) { if (self.tag == Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -130,14 +131,15 @@ typedef struct Result_7a_s { } Result_7a; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_ea(Result_7a self, uint8_t ret[20U]) { +static inline void unwrap_26_ea(Result_7a self, uint8_t ret[20U]) { if (self.tag == Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -163,14 +165,15 @@ typedef struct Result_cd_s { } Result_cd; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_07(Result_cd self, uint8_t ret[10U]) { +static inline void unwrap_26_07(Result_cd self, uint8_t ret[10U]) { if (self.tag == Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -315,14 +318,15 @@ typedef struct Result_00_s { } Result_00; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_33(Result_00 self, uint8_t ret[32U]) { +static inline void unwrap_26_33(Result_00 self, uint8_t ret[32U]) { if (self.tag == Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -481,14 +485,15 @@ typedef struct Result_c0_s { } Result_c0; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_30(Result_c0 self, int16_t ret[16U]) { +static inline void unwrap_26_30(Result_c0 self, int16_t ret[16U]) { if (self.tag == Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -514,14 +519,15 @@ typedef struct Result_56_s { } Result_56; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_0e(Result_56 self, uint8_t ret[8U]) { +static inline void unwrap_26_0e(Result_56 self, uint8_t ret[8U]) { if (self.tag == Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index a3ab78f37..f3a831536 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index ec7a09505..674633a41 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem768_avx2_H @@ -723,7 +723,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, ret0); + unwrap_26_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -823,7 +823,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - unwrap_41_07(dst, ret0); + unwrap_26_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -936,7 +936,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - unwrap_41_ea(dst, ret0); + unwrap_26_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1081,7 +1081,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - unwrap_41_76(dst, ret0); + unwrap_26_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1196,17 +1196,18 @@ static inline size_t libcrux_ml_kem_vector_avx2_rej_sample_09( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_20_7d(void) { +libcrux_ml_kem_polynomial_ZERO_ef_7d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1236,7 +1237,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_3a(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** @@ -1250,7 +1251,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_81( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1273,7 +1274,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_06( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1310,7 +1311,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_56(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** @@ -1390,7 +1391,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_10_1c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -1486,7 +1487,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_11_6e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -1641,16 +1642,17 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_09( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1684,7 +1686,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_61( (size_t)6U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_09(&zeta_i, re, (size_t)1U, (size_t)7U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09(re); } /** @@ -1702,7 +1704,7 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_84( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1808,7 +1810,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_4_44( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -1899,7 +1901,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_5_c7( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -1928,21 +1930,22 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_da( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_20_63( +libcrux_ml_kem_polynomial_ntt_multiply_ef_63( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1961,16 +1964,17 @@ libcrux_ml_kem_polynomial_ntt_multiply_20_63( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_31( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2125,22 +2129,23 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2( (size_t)6U); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_20_70( +libcrux_ml_kem_polynomial_subtract_reduce_ef_70( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2169,16 +2174,16 @@ libcrux_ml_kem_matrix_compute_message_52( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_63(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_70(v, result); + result = libcrux_ml_kem_polynomial_subtract_reduce_ef_70(v, result); return result; } @@ -2359,20 +2364,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_default_85_80(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - uu____0[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } uint8_t uu____1[32U] = {0U}; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; @@ -2380,15 +2385,15 @@ libcrux_ml_kem_ind_cpa_unpacked_default_85_80(void) { lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); return lit; } @@ -2403,7 +2408,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_26( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2759,19 +2764,20 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_740( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_20_14(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_ef_14(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2791,7 +2797,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_sampling_sample_from_xof_closure_e4(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_14( + return libcrux_ml_kem_polynomial_from_i16_array_ef_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2919,7 +2925,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_2d(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** @@ -3016,7 +3022,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_80( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_14( + return libcrux_ml_kem_polynomial_from_i16_array_ef_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3062,7 +3068,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_05( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_14( + return libcrux_ml_kem_polynomial_from_i16_array_ef_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3125,7 +3131,7 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_5c( &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_09( &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09(re); } /** @@ -3179,7 +3185,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; @@ -3210,7 +3216,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_d4(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** @@ -3227,7 +3233,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_8c(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3302,21 +3308,22 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_matrix_compute_vector_u_closure_4e(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_cf( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_cf( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3345,7 +3352,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_52( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3366,12 +3373,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_52( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_63(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result0[i1], &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_cf(&result0[i1], + libcrux_ml_kem_polynomial_add_error_reduce_ef_cf(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -3409,7 +3416,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_message_b0( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = @@ -3424,17 +3431,18 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_b0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_62( +libcrux_ml_kem_polynomial_add_message_error_reduce_ef_62( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3468,16 +3476,16 @@ libcrux_ml_kem_matrix_compute_ring_element_v_c3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_63(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_62( + result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_62( error_2, message, result); return result; } @@ -4031,7 +4039,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_88(Eurydice_slice public_key, Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_4f( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -4374,21 +4382,21 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(void) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 lit; - lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); return lit; } @@ -4434,17 +4442,18 @@ static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_c1( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_ba( +libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -4481,7 +4490,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_67( size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -4494,12 +4503,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_63(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_ba( + libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_ba( &t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -4557,7 +4566,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, uu____5); + unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -4681,9 +4690,9 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 libcrux_ml_kem_ind_cpa_generate_keypair_1c(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(); + libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); + libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; @@ -5231,7 +5240,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, uu____5); + unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -5252,9 +5261,9 @@ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 libcrux_ml_kem_ind_cpa_generate_keypair_1c0( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(); + libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); + libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; @@ -5429,7 +5438,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_a7( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** @@ -5445,7 +5454,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_4f( public_key, deserialized_pk); @@ -5779,7 +5788,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_b0(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** @@ -5800,23 +5809,24 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_81( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@2])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a +A monomorphic instance of libcrux_ml_kem.polynomial.clone_8d with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_3a_c2( +libcrux_ml_kem_polynomial_clone_8d_c2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5865,7 +5875,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_clone_3a_c2( + libcrux_ml_kem_polynomial_clone_8d_c2( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -5892,7 +5902,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15( Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, uu____3); + unwrap_26_33(dst, uu____3); memcpy(out->private_key.implicit_rejection_value, uu____3, (size_t)32U * sizeof(uint8_t)); } @@ -5940,19 +5950,19 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6c +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_1c with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_default_6c_31(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_31(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; - lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); + lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); lit.public_key_hash[0U] = 0U; lit.public_key_hash[1U] = 0U; lit.public_key_hash[2U] = 0U; @@ -5991,10 +6001,10 @@ libcrux_ml_kem_ind_cca_unpacked_default_6c_31(void) { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0])#3} +K>[TraitClause@0, TraitClause@1])#3} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6f +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_07 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 @@ -6002,9 +6012,9 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_6f_0e(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_0e(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0; - uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(); + uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); uu____0.implicit_rejection_value[0U] = 0U; uu____0.implicit_rejection_value[1U] = 0U; uu____0.implicit_rejection_value[2U] = 0U; @@ -6040,7 +6050,7 @@ static KRML_MUSTINLINE return ( CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_6c_31()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_31()}); } /** @@ -6049,7 +6059,7 @@ static KRML_MUSTINLINE KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_6f_0e(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_0e(); } /** @@ -6058,7 +6068,7 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_6c_31(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_31(); } /** @@ -6067,11 +6077,11 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0]} +K>[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_a6 with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 @@ -6079,7 +6089,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_05( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_05( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { libcrux_ml_kem_ind_cpa_serialize_public_key_mut_82( @@ -6095,11 +6105,11 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_05( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0]#2} +K>[TraitClause@0, TraitClause@1]#2} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_05 with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_de with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 @@ -6107,10 +6117,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_84( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_84( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_05( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_05( &self->public_key, serialized); } @@ -6122,24 +6132,24 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_84(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_84(key_pair, serialized); } /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@1])#2} +K>[TraitClause@0, TraitClause@2])#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_d6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_clone_d6_c1( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -6166,21 +6176,21 @@ libcrux_ml_kem_ind_cpa_unpacked_clone_d6_c1( /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@1])#4} +K>[TraitClause@0, TraitClause@2])#4} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_c7 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_clone_c7_a6( +libcrux_ml_kem_ind_cca_unpacked_clone_28_a6( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_d6_c1(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c1(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -6194,17 +6204,17 @@ libcrux_ml_kem_ind_cca_unpacked_clone_c7_a6( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0]#2} +K>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_05 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_de with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * -libcrux_ml_kem_ind_cca_unpacked_public_key_05_7a( +libcrux_ml_kem_ind_cca_unpacked_public_key_de_7a( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -6217,8 +6227,8 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_c7_a6( - libcrux_ml_kem_ind_cca_unpacked_public_key_05_7a(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_a6( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_7a(key_pair)); pk[0U] = uu____0; } @@ -6229,7 +6239,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_05(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_05(public_key, serialized); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index a11530661..34a008cc6 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem768_avx2_types_H @@ -20,36 +20,16 @@ extern "C" { #include "eurydice_glue.h" -typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 - libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked; - -typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked; +typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t */ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + __m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; /** A monomorphic instance of @@ -63,6 +43,20 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; + +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked; + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types @@ -74,15 +68,21 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; /** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t */ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - __m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; -typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; +typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 0687e1bdf..0e3e07dc6 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem768_portable_H @@ -115,7 +115,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - unwrap_41_30(dst, ret); + unwrap_26_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -2448,16 +2448,17 @@ typedef libcrux_ml_kem_types_MlKemPublicKey_15 /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_20_19(void) { +libcrux_ml_kem_polynomial_ZERO_ef_19(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2486,7 +2487,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_a5(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** @@ -2499,7 +2500,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_50( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2523,7 +2524,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2559,7 +2560,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_e3(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** @@ -2610,7 +2611,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_10_c8( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -2681,7 +2682,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_11_c6( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2844,15 +2845,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_21( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2887,7 +2889,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_ec( (size_t)6U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_21(&zeta_i, re, (size_t)1U, (size_t)7U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a(re); } /** @@ -2904,7 +2906,7 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2981,7 +2983,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_4_c5( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -3045,7 +3047,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_5_20( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3075,20 +3077,21 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_7c( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_20_76( +libcrux_ml_kem_polynomial_ntt_multiply_ef_76( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3109,15 +3112,16 @@ libcrux_ml_kem_polynomial_ntt_multiply_20_76( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3275,21 +3279,22 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e( (size_t)6U); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_20_7e( +libcrux_ml_kem_polynomial_subtract_reduce_ef_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3320,16 +3325,16 @@ libcrux_ml_kem_matrix_compute_message_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_76(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_7e(v, result); + result = libcrux_ml_kem_polynomial_subtract_reduce_ef_7e(v, result); return result; } @@ -3513,19 +3518,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - uu____0[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } uint8_t uu____1[32U] = {0U}; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 lit; @@ -3533,15 +3538,15 @@ libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(void) { lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); return lit; } @@ -3555,7 +3560,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b2( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3901,18 +3906,19 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_20_bb(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_ef_bb(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3934,7 +3940,7 @@ generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_sampling_sample_from_xof_closure_ba(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_bb( + return libcrux_ml_kem_polynomial_from_i16_array_ef_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4062,7 +4068,7 @@ generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_25(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** @@ -4140,7 +4146,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_1b( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_bb( + return libcrux_ml_kem_polynomial_from_i16_array_ef_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4185,7 +4191,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_ee( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_bb( + return libcrux_ml_kem_polynomial_from_i16_array_ef_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4247,7 +4253,7 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b3( &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_21( &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a(re); } /** @@ -4301,7 +4307,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; @@ -4332,7 +4338,7 @@ generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_3e(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** @@ -4349,7 +4355,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4421,20 +4427,21 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_matrix_compute_vector_u_closure_76(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_9d( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_9d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4465,7 +4472,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_42( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4486,12 +4493,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_42( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_76(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result0[i1], &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_9d(&result0[i1], + libcrux_ml_kem_polynomial_add_error_reduce_ef_9d(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -4532,7 +4539,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_message_f0( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4550,16 +4557,17 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_e4( +libcrux_ml_kem_polynomial_add_message_error_reduce_ef_e4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4595,16 +4603,16 @@ libcrux_ml_kem_matrix_compute_ring_element_v_58( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_76(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_e4( + result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_e4( error_2, message, result); return result; } @@ -5015,7 +5023,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_ca(Eurydice_slice public_key, Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_22( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -5350,20 +5358,20 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(void) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 lit; - lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); return lit; } @@ -5408,16 +5416,17 @@ libcrux_ml_kem_vector_traits_to_standard_domain_73( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_69( +libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5456,7 +5465,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -5469,12 +5478,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_76(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_69( + libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69( &t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -5531,7 +5540,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, uu____5); + unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -5650,9 +5659,9 @@ libcrux_ml_kem_variant_MlKem with const generics static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 libcrux_ml_kem_ind_cpa_generate_keypair_ea(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(); + libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); + libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; @@ -6189,7 +6198,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, uu____5); + unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -6209,9 +6218,9 @@ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 libcrux_ml_kem_ind_cpa_generate_keypair_ea0( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(); + libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); + libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; @@ -6381,7 +6390,7 @@ generics static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_a3( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** @@ -6396,7 +6405,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_21( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_22( public_key, deserialized_pk); @@ -6723,7 +6732,7 @@ libcrux_ml_kem_variant_MlKem with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_6d(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** @@ -6743,22 +6752,23 @@ libcrux_ml_kem_variant_MlKem with const generics static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8e( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@2])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a +A monomorphic instance of libcrux_ml_kem.polynomial.clone_8d with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_3a_a6( +libcrux_ml_kem_polynomial_clone_8d_a6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6809,7 +6819,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_3b( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_clone_3a_a6( + libcrux_ml_kem_polynomial_clone_8d_a6( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -6836,7 +6846,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_3b( Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, uu____3); + unwrap_26_33(dst, uu____3); memcpy(out->private_key.implicit_rejection_value, uu____3, (size_t)32U * sizeof(uint8_t)); } @@ -6883,18 +6893,18 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6c +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_1c with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_default_6c_fe(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_fe(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; - lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); + lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); lit.public_key_hash[0U] = 0U; lit.public_key_hash[1U] = 0U; lit.public_key_hash[2U] = 0U; @@ -6933,19 +6943,19 @@ libcrux_ml_kem_ind_cca_unpacked_default_6c_fe(void) { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0])#3} +K>[TraitClause@0, TraitClause@1])#3} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6f +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_07 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_6f_27(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_27(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0; - uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(); + uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); uu____0.implicit_rejection_value[0U] = 0U; uu____0.implicit_rejection_value[1U] = 0U; uu____0.implicit_rejection_value[2U] = 0U; @@ -6981,7 +6991,7 @@ static KRML_MUSTINLINE return (CLITERAL( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_6c_fe()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_fe()}); } /** @@ -6989,7 +6999,7 @@ static KRML_MUSTINLINE */ static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_6f_27(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_27(); } /** @@ -6997,7 +7007,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_6c_fe(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_fe(); } /** @@ -7006,18 +7016,18 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0]} +K>[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_a6 with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_c8( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_c8( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { libcrux_ml_kem_ind_cpa_serialize_public_key_mut_1d( @@ -7033,21 +7043,21 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_c8( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0]#2} +K>[TraitClause@0, TraitClause@1]#2} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_05 with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_de with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_a6( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a6( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_c8( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_c8( &self->public_key, serialized); } @@ -7058,23 +7068,23 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_a6(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a6(key_pair, serialized); } /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@1])#2} +K>[TraitClause@0, TraitClause@2])#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_d6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_clone_d6_99( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_99( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -7101,20 +7111,20 @@ libcrux_ml_kem_ind_cpa_unpacked_clone_d6_99( /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@1])#4} +K>[TraitClause@0, TraitClause@2])#4} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_c7 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_clone_c7_b4( +libcrux_ml_kem_ind_cca_unpacked_clone_28_b4( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_d6_99(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_99(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -7128,16 +7138,16 @@ libcrux_ml_kem_ind_cca_unpacked_clone_c7_b4( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0]#2} +K>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_05 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_de with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 * -libcrux_ml_kem_ind_cca_unpacked_public_key_05_52( +libcrux_ml_kem_ind_cca_unpacked_public_key_de_52( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -7149,8 +7159,8 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_c7_b4( - libcrux_ml_kem_ind_cca_unpacked_public_key_05_52(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_b4( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_52(key_pair)); pk[0U] = uu____0; } @@ -7161,7 +7171,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_c8(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_c8(public_key, serialized); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index 2b39497d4..0ae3513dd 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem768_portable_types_H @@ -20,37 +20,18 @@ extern "C" { #include "eurydice_glue.h" -typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 - libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; - -typedef struct - libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; -} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; +typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_portable_vector_type_PortableVector; /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t */ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; /** A monomorphic instance of @@ -64,6 +45,20 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8; +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; + +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types @@ -75,17 +70,22 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8_s { } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8; /** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector - +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t */ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { - libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; -typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { - int16_t elements[16U]; -} libcrux_ml_kem_vector_portable_vector_type_PortableVector; +typedef struct + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; +} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 4e5eb5c5d..7c68c3394 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_sha3_avx2_H @@ -212,17 +212,17 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types core_core_arch_x86___m256i with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -libcrux_sha3_generic_keccak_new_1e_71(void) { +libcrux_sha3_generic_keccak_new_89_71(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); @@ -1964,7 +1964,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_1e_71(); + libcrux_sha3_generic_keccak_new_89_71(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2005,7 +2005,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2048,7 +2048,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_29 KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return libcrux_sha3_generic_keccak_new_1e_71(); + return libcrux_sha3_generic_keccak_new_89_71(); } /** diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index c09062f0f..52282e41f 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_sha3_portable_H @@ -192,16 +192,16 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_cf(void) { +libcrux_sha3_generic_keccak_new_89_cf(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1582,7 +1582,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -1623,7 +1623,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -1684,7 +1684,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1941,7 +1941,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1982,7 +1982,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2069,7 +2069,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2110,7 +2110,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2163,7 +2163,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -2182,7 +2182,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2419,7 +2419,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2676,7 +2676,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2717,7 +2717,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2778,7 +2778,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3035,7 +3035,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -3076,7 +3076,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -3331,7 +3331,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -3372,7 +3372,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -3671,7 +3671,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -3722,16 +3722,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -3756,16 +3756,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3773,7 +3773,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_15(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_15(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3826,16 +3826,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3843,7 +3843,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3872,7 +3872,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} static inline void libcrux_sha3_portable_incremental_absorb_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_45(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_45(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_4f @@ -3886,17 +3886,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3904,7 +3904,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3951,7 +3951,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_absorb_final_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b6(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b6(&self, buf); return self; } @@ -3960,16 +3960,16 @@ libcrux_sha3_portable_incremental_absorb_final_7d( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -4114,21 +4114,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_9d_47(void) { +libcrux_sha3_generic_keccak_new_8b_47(void) { libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -4145,7 +4145,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_9d_47(); + return libcrux_sha3_generic_keccak_new_8b_47(); } /** @@ -4176,16 +4176,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -4210,16 +4210,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4227,7 +4227,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_150(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_150(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4280,16 +4280,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4297,7 +4297,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4323,7 +4323,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} static inline void libcrux_sha3_portable_incremental_absorb_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_450(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_450(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_78 @@ -4337,17 +4337,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4355,7 +4355,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4399,7 +4399,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_absorb_final_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b60(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b60(&self, buf); return self; } @@ -4408,16 +4408,16 @@ libcrux_sha3_portable_incremental_absorb_final_1c( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -4594,21 +4594,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_9d_470(void) { +libcrux_sha3_generic_keccak_new_8b_470(void) { libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e0(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e0(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -4622,7 +4622,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_9d_470(); + return libcrux_sha3_generic_keccak_new_8b_470(); } /** @@ -4669,16 +4669,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -4706,7 +4706,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -4741,7 +4741,7 @@ libcrux_sha3::portable::incremental::Shake256Squeeze)#3} static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba(self, buf); } /** @@ -4788,16 +4788,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -4825,7 +4825,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -4860,7 +4860,7 @@ libcrux_sha3::portable::incremental::Shake128Squeeze)#1} static inline void libcrux_sha3_portable_incremental_squeeze_10( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba0(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba0(self, buf); } /** From 3631be66363899bc6fd65542f46c83ce852075f6 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 23 Sep 2024 11:17:53 +0200 Subject: [PATCH 170/172] removed typeclass _super constraint --- .../Libcrux_ml_kem.Vector.Traits.fst | 14 ++++---------- .../Libcrux_ml_kem.Vector.Traits.fsti | 8 ++++---- libcrux-ml-kem/src/vector/traits.rs | 18 +++++++++--------- 3 files changed, 17 insertions(+), 23 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst index 1c6967d6d..485013065 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -11,25 +11,19 @@ let decompress_1_ (vec: v_T) = let z:v_T = f_ZERO #v_T #FStar.Tactics.Typeclasses.solve () in - let _:Prims.unit = - assert (forall i. Seq.index (i1._super_8706949974463268012.f_repr z) i == 0s) - in + let _:Prims.unit = assert (forall i. Seq.index (i1.f_repr z) i == 0s) in let _:Prims.unit = assert (forall i. - let x = Seq.index (i1._super_8706949974463268012.f_repr vec) i in + let x = Seq.index (i1.f_repr vec) i in ((0 - v x) == 0 \/ (0 - v x) == - 1)) in let _:Prims.unit = assert (forall i. - i < 16 ==> - Spec.Utils.is_intb (pow2 15 - 1) - (0 - v (Seq.index (i1._super_8706949974463268012.f_repr vec) i))) + i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (0 - v (Seq.index (i1.f_repr vec) i))) in let s:v_T = f_sub #v_T #FStar.Tactics.Typeclasses.solve z vec in let _:Prims.unit = - assert (forall i. - Seq.index (i1._super_8706949974463268012.f_repr s) i == 0s \/ - Seq.index (i1._super_8706949974463268012.f_repr s) i == (-1s)) + assert (forall i. Seq.index (i1.f_repr s) i == 0s \/ Seq.index (i1.f_repr s) i == (-1s)) in let _:Prims.unit = assert (i1.f_bitwise_and_with_constant_pre s 1665s) in f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve s 1665s diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index e5599b2b3..0a54ddd5f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -399,7 +399,7 @@ val decompress_1_ (#v_T: Type0) {| i1: t_Operations v_T |} (vec: v_T) : Prims.Pure v_T (requires forall i. - let x = Seq.index (i1._super_8706949974463268012.f_repr vec) i in + let x = Seq.index (i1.f_repr vec) i in (x == 0s \/ x == 1s)) (fun _ -> Prims.l_True) @@ -411,11 +411,11 @@ val to_standard_domain (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) val to_unsigned_representative (#v_T: Type0) {| i1: t_Operations v_T |} (a: v_T) : Prims.Pure v_T - (requires Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)) + (requires Spec.Utils.is_i16b_array 3328 (i1.f_repr a)) (ensures fun result -> let result:v_T = result in forall i. - (let x = Seq.index (i1._super_8706949974463268012.f_repr a) i in - let y = Seq.index (i1._super_8706949974463268012.f_repr result) i in + (let x = Seq.index (i1.f_repr a) i in + let y = Seq.index (i1.f_repr result) i in (v y >= 0 /\ v y <= 3328 /\ (v y % 3329 == v x % 3329)))) diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index aa0434e85..6cff1d585 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -214,10 +214,10 @@ pub fn to_standard_domain(v: T) -> T { #[hax_lib::fstar::verification_status(lax)] #[hax_lib::fstar::options("--z3rlimit 100")] -#[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)"))] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (i1.f_repr a)"))] #[hax_lib::ensures(|result| fstar!("forall i. - (let x = Seq.index (i1._super_8706949974463268012.f_repr ${a}) i in - let y = Seq.index (i1._super_8706949974463268012.f_repr ${result}) i in + (let x = Seq.index (i1.f_repr ${a}) i in + let y = Seq.index (i1.f_repr ${result}) i in (v y >= 0 /\\ v y <= 3328 /\\ (v y % 3329 == v x % 3329)))"))] pub fn to_unsigned_representative(a: T) -> T { let t = T::shift_right::<15>(a); @@ -226,20 +226,20 @@ pub fn to_unsigned_representative(a: T) -> T { } #[hax_lib::fstar::options("--z3rlimit 100")] -#[hax_lib::requires(fstar!("forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in +#[hax_lib::requires(fstar!("forall i. let x = Seq.index (i1.f_repr ${vec}) i in (x == 0s \\/ x == 1s)"))] pub fn decompress_1(vec: T) -> T { let z = T::ZERO(); - hax_lib::fstar!("assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${z}) i == 0s)"); - hax_lib::fstar!("assert(forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in + hax_lib::fstar!("assert(forall i. Seq.index (i1.f_repr ${z}) i == 0s)"); + hax_lib::fstar!("assert(forall i. let x = Seq.index (i1.f_repr ${vec}) i in ((0 - v x) == 0 \\/ (0 - v x) == -1))"); hax_lib::fstar!("assert(forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) - (0 - v (Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i)))"); + (0 - v (Seq.index (i1.f_repr ${vec}) i)))"); let s = T::sub(z, &vec); - hax_lib::fstar!("assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == 0s \\/ - Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == -1s)"); + hax_lib::fstar!("assert(forall i. Seq.index (i1.f_repr ${s}) i == 0s \\/ + Seq.index (i1.f_repr ${s}) i == -1s)"); hax_lib::fstar!("assert (i1.f_bitwise_and_with_constant_pre ${s} 1665s)"); let res = T::bitwise_and_with_constant(s, 1665); res From ab29fdcdb78f5f848aa11f0be7204991d368f832 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 23 Sep 2024 20:30:08 +0200 Subject: [PATCH 171/172] traits --- libcrux-ml-kem/src/vector/traits.rs | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 6cff1d585..aa0434e85 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -214,10 +214,10 @@ pub fn to_standard_domain(v: T) -> T { #[hax_lib::fstar::verification_status(lax)] #[hax_lib::fstar::options("--z3rlimit 100")] -#[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (i1.f_repr a)"))] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)"))] #[hax_lib::ensures(|result| fstar!("forall i. - (let x = Seq.index (i1.f_repr ${a}) i in - let y = Seq.index (i1.f_repr ${result}) i in + (let x = Seq.index (i1._super_8706949974463268012.f_repr ${a}) i in + let y = Seq.index (i1._super_8706949974463268012.f_repr ${result}) i in (v y >= 0 /\\ v y <= 3328 /\\ (v y % 3329 == v x % 3329)))"))] pub fn to_unsigned_representative(a: T) -> T { let t = T::shift_right::<15>(a); @@ -226,20 +226,20 @@ pub fn to_unsigned_representative(a: T) -> T { } #[hax_lib::fstar::options("--z3rlimit 100")] -#[hax_lib::requires(fstar!("forall i. let x = Seq.index (i1.f_repr ${vec}) i in +#[hax_lib::requires(fstar!("forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in (x == 0s \\/ x == 1s)"))] pub fn decompress_1(vec: T) -> T { let z = T::ZERO(); - hax_lib::fstar!("assert(forall i. Seq.index (i1.f_repr ${z}) i == 0s)"); - hax_lib::fstar!("assert(forall i. let x = Seq.index (i1.f_repr ${vec}) i in + hax_lib::fstar!("assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${z}) i == 0s)"); + hax_lib::fstar!("assert(forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in ((0 - v x) == 0 \\/ (0 - v x) == -1))"); hax_lib::fstar!("assert(forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) - (0 - v (Seq.index (i1.f_repr ${vec}) i)))"); + (0 - v (Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i)))"); let s = T::sub(z, &vec); - hax_lib::fstar!("assert(forall i. Seq.index (i1.f_repr ${s}) i == 0s \\/ - Seq.index (i1.f_repr ${s}) i == -1s)"); + hax_lib::fstar!("assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == 0s \\/ + Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == -1s)"); hax_lib::fstar!("assert (i1.f_bitwise_and_with_constant_pre ${s} 1665s)"); let res = T::bitwise_and_with_constant(s, 1665); res From 946816270f3cf4d2a1cdc8079c35935f54b00353 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Mon, 23 Sep 2024 19:41:20 +0000 Subject: [PATCH 172/172] hax passes --- Cargo.lock | 10 +- .../Libcrux_intrinsics.Avx2_extract.fsti | 48 ++-- ...rux_ml_kem.Ind_cca.Instantiations.Avx2.fst | 20 +- ...ux_ml_kem.Ind_cca.Instantiations.Avx2.fsti | 22 +- ...rux_ml_kem.Ind_cca.Instantiations.Neon.fst | 20 +- ...ux_ml_kem.Ind_cca.Instantiations.Neon.fsti | 22 +- ...ml_kem.Ind_cca.Instantiations.Portable.fst | 20 +- ...l_kem.Ind_cca.Instantiations.Portable.fsti | 22 +- .../Libcrux_ml_kem.Mlkem1024.Avx2.fst | 12 +- .../Libcrux_ml_kem.Mlkem1024.Avx2.fsti | 10 +- .../Libcrux_ml_kem.Mlkem1024.Neon.fst | 12 +- .../Libcrux_ml_kem.Mlkem1024.Neon.fsti | 10 +- .../Libcrux_ml_kem.Mlkem1024.Portable.fst | 12 +- .../Libcrux_ml_kem.Mlkem1024.Portable.fsti | 10 +- .../Libcrux_ml_kem.Mlkem512.Avx2.fst | 12 +- .../Libcrux_ml_kem.Mlkem512.Avx2.fsti | 10 +- .../Libcrux_ml_kem.Mlkem512.Neon.fst | 12 +- .../Libcrux_ml_kem.Mlkem512.Neon.fsti | 10 +- .../Libcrux_ml_kem.Mlkem512.Portable.fst | 12 +- .../Libcrux_ml_kem.Mlkem512.Portable.fsti | 10 +- .../Libcrux_ml_kem.Mlkem768.Avx2.fst | 12 +- .../Libcrux_ml_kem.Mlkem768.Avx2.fsti | 10 +- .../Libcrux_ml_kem.Mlkem768.Neon.fst | 12 +- .../Libcrux_ml_kem.Mlkem768.Neon.fsti | 10 +- .../Libcrux_ml_kem.Mlkem768.Portable.fst | 12 +- .../Libcrux_ml_kem.Mlkem768.Portable.fsti | 10 +- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 242 +++++++++--------- ...crux_ml_kem.Vector.Portable.Serialize.fsti | 32 +-- .../Libcrux_ml_kem.Vector.Traits.fst | 14 +- .../Libcrux_ml_kem.Vector.Traits.fsti | 8 +- 30 files changed, 342 insertions(+), 336 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 37c652c35..75a660c64 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#288f77f086bbbd28a953ac66f77281750dbf8138" +source = "git+https://github.com/hacspec/hax/?branch=main#dc2725b99a689f85331d108c0b8057eb7bf9b8dc" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,7 +712,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#288f77f086bbbd28a953ac66f77281750dbf8138" +source = "git+https://github.com/hacspec/hax/?branch=main#dc2725b99a689f85331d108c0b8057eb7bf9b8dc" dependencies = [ "hax-lib-macros-types", "paste", @@ -725,7 +725,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#288f77f086bbbd28a953ac66f77281750dbf8138" +source = "git+https://github.com/hacspec/hax/?branch=main#dc2725b99a689f85331d108c0b8057eb7bf9b8dc" dependencies = [ "proc-macro2", "quote", @@ -1259,9 +1259,9 @@ dependencies = [ [[package]] name = "pkg-config" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" +checksum = "953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2" [[package]] name = "plotters" diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index b83e598ef..83942f87d 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -55,8 +55,6 @@ val mm256_castsi128_si256 (vector: t_Vec128) val mm256_castsi256_ps (a: t_Vec256) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm256_castsi256_si128 = BitVec.Intrinsics.mm256_castsi256_si128 - val mm256_cmpeq_epi32 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_cmpgt_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -66,8 +64,6 @@ val mm256_cmpgt_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fu val mm256_cvtepi16_epi32 (vector: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm256_extracti128_si256 = BitVec.Intrinsics.mm256_extracti128_si256 - val mm256_inserti128_si256 (v_CONTROL: i32) (vector: t_Vec256) (vector_i128: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -97,12 +93,6 @@ val mm256_mulhi_epi16 (lhs rhs: t_Vec256) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs)) -unfold let mm256_mullo_epi16 = BitVec.Intrinsics.mm256_mullo_epi16 - let lemma_mm256_mullo_epi16 v1 v2 : - Lemma (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2) == - Spec.Utils.map2 mul_mod (vec256_as_i16x16 v1) (vec256_as_i16x16 v2)) - [SMTPat (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2))] = admit() - val mm256_mullo_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_or_si256 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -130,12 +120,6 @@ val mm256_set1_epi32 (constant: i32) : Prims.Pure t_Vec256 Prims.l_True (fun _ - val mm256_set1_epi64x (a: i64) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm256_set_epi16 = BitVec.Intrinsics.mm256_set_epi16 -let lemma_mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 : - Lemma (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0) == - Spec.Utils.create16 v0 v1 v2 v3 v4 v5 v6 v7 v8 v9 v10 v11 v12 v13 v14 v15) - [SMTPat (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0))] = admit() - val mm256_set_epi32 (input7 input6 input5 input4 input3 input2 input1 input0: i32) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -159,8 +143,6 @@ val mm256_shuffle_epi8 (vector control: t_Vec256) val mm256_sign_epi32 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm256_slli_epi16 = BitVec.Intrinsics.mm256_slli_epi16 - val mm256_slli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -182,8 +164,6 @@ val mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: t_Vec256) val mm256_srai_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm256_srli_epi16 = BitVec.Intrinsics.mm256_srli_epi16 - val mm256_srli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -248,8 +228,6 @@ val mm_add_epi16 (lhs rhs: t_Vec128) val mm_loadu_si128 (input: t_Slice u8) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm_movemask_epi8 = BitVec.Intrinsics.mm_movemask_epi8 - val mm_mulhi_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True @@ -270,8 +248,6 @@ val mm_mullo_epi16 (lhs rhs: t_Vec128) vec128_as_i16x8 result == Spec.Utils.map2 mul_mod (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) -unfold let mm_packs_epi16 = BitVec.Intrinsics.mm_packs_epi16 - val mm_set1_epi16 (constant: i16) : Prims.Pure t_Vec128 Prims.l_True @@ -317,3 +293,27 @@ val mm_sub_epi16 (lhs rhs: t_Vec128) val vec256_blendv_epi32 (a b mask: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + +unfold let mm256_castsi256_si128 = BitVec.Intrinsics.mm256_castsi256_si128 + +unfold let mm256_extracti128_si256 = BitVec.Intrinsics.mm256_extracti128_si256 + +unfold let mm256_mullo_epi16 = BitVec.Intrinsics.mm256_mullo_epi16 + let lemma_mm256_mullo_epi16 v1 v2 : + Lemma (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2) == + Spec.Utils.map2 mul_mod (vec256_as_i16x16 v1) (vec256_as_i16x16 v2)) + [SMTPat (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2))] = admit() + +unfold let mm256_set_epi16 = BitVec.Intrinsics.mm256_set_epi16 +let lemma_mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 : + Lemma (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0) == + Spec.Utils.create16 v0 v1 v2 v3 v4 v5 v6 v7 v8 v9 v10 v11 v12 v13 v14 v15) + [SMTPat (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0))] = admit() + +unfold let mm256_slli_epi16 = BitVec.Intrinsics.mm256_slli_epi16 + +unfold let mm256_srli_epi16 = BitVec.Intrinsics.mm256_srli_epi16 + +unfold let mm_movemask_epi8 = BitVec.Intrinsics.mm_movemask_epi8 + +unfold let mm_packs_epi16 = BitVec.Intrinsics.mm_packs_epi16 diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst index 5b6e2821a..aa7ed17dd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -23,16 +23,6 @@ let validate_private_key private_key ciphertext -let validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - = - Libcrux_ml_kem.Ind_cca.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - public_key - let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -67,3 +57,13 @@ let generate_keypair v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash #Libcrux_ml_kem.Variant.t_MlKem randomness + +let validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + public_key diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti index 5b0fce20c..e9318afb7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -22,17 +22,6 @@ val validate_private_key v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K) (fun _ -> Prims.l_True) -/// Portable public key validation -val validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool - (requires - Spec.MLKEM.is_rank v_K /\ - v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) - (fun _ -> Prims.l_True) - /// Portable decapsulate val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: @@ -89,3 +78,14 @@ val generate_keypair v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) + +/// Portable public key validation +val validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst index 7fef2a90d..c3b934ab1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst @@ -23,16 +23,6 @@ let validate_private_key private_key ciphertext -let validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - = - Libcrux_ml_kem.Ind_cca.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - public_key - let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -69,3 +59,13 @@ let generate_keypair v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Variant.t_MlKem randomness + +let validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + public_key diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti index 7c867302a..cb0a837dd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti @@ -22,17 +22,6 @@ val validate_private_key v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K) (fun _ -> Prims.l_True) -/// Portable public key validation -val validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool - (requires - Spec.MLKEM.is_rank v_K /\ - v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) - (fun _ -> Prims.l_True) - /// Portable decapsulate val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: @@ -89,3 +78,14 @@ val generate_keypair v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) + +/// Portable public key validation +val validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst index 72dc038fd..0b6792e08 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -23,16 +23,6 @@ let validate_private_key private_key ciphertext -let validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - = - Libcrux_ml_kem.Ind_cca.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - public_key - let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -70,3 +60,13 @@ let generate_keypair #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Variant.t_MlKem randomness + +let validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + public_key diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti index b6eebff7d..38a2b4ebf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -22,17 +22,6 @@ val validate_private_key v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K) (fun _ -> Prims.l_True) -/// Portable public key validation -val validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool - (requires - Spec.MLKEM.is_rank v_K /\ - v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) - (fun _ -> Prims.l_True) - /// Portable decapsulate val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: @@ -89,3 +78,14 @@ val generate_keypair v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) + +/// Portable public key validation +val validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst index fa5fe72ac..1ed6cc3c1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst @@ -13,12 +13,6 @@ let validate_private_key private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) @@ -43,3 +37,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 2) (sz 128) randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti index bcc5175d7..4f57bcb17 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti @@ -10,11 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. @@ -39,3 +34,8 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst index 71bd9a6b9..8cab7c870 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst @@ -13,12 +13,6 @@ let validate_private_key private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) @@ -43,3 +37,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 2) (sz 128) randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti index f67065c23..d71f032a7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti @@ -10,11 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. @@ -39,3 +34,8 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst index 05e5c2210..60a05dcc1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst @@ -13,12 +13,6 @@ let validate_private_key private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) @@ -43,3 +37,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 2) (sz 128) randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti index c9e22f2f1..9ce6a597e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti @@ -10,11 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. @@ -39,3 +34,8 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst index bf5136891..d84c15890 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst @@ -13,12 +13,6 @@ let validate_private_key private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) @@ -43,3 +37,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 3) (sz 192) randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti index d0826d519..79530147b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti @@ -10,11 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. @@ -39,3 +34,8 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst index 500adf645..58b2f0dc4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst @@ -13,12 +13,6 @@ let validate_private_key private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) @@ -43,3 +37,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 3) (sz 192) randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti index f2209a462..3d846ac51 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti @@ -10,11 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. @@ -39,3 +34,8 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst index 5643a8778..97dccb937 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst @@ -13,12 +13,6 @@ let validate_private_key private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) @@ -43,3 +37,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 3) (sz 192) randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti index 5e99ac5c1..eee7fb43d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti @@ -10,11 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. @@ -39,3 +34,8 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst index 46d55d183..3ec064b3f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst @@ -13,12 +13,6 @@ let validate_private_key private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) @@ -43,3 +37,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 2) (sz 128) randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti index 01f0318c5..0b2855263 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti @@ -10,11 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. @@ -39,3 +34,8 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst index 8c34ac785..4608a3923 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst @@ -13,12 +13,6 @@ let validate_private_key private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) @@ -43,3 +37,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 2) (sz 128) randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti index 5dd4322ff..1b4e3414d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti @@ -10,11 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. @@ -39,3 +34,8 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst index e2f719aef..d98e44837 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst @@ -13,12 +13,6 @@ let validate_private_key private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) @@ -43,3 +37,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 2) (sz 128) randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti index de32d7d0d..c14954e5d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti @@ -10,11 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. @@ -39,3 +34,8 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index eed6ec9d6..b676b472e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -244,6 +244,127 @@ let serialize_5_int (v: t_Slice i16) = in r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) +let deserialize_11_ (bytes: t_Slice u8) = + let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; + v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + +let deserialize_5_ (bytes: t_Slice u8) = + let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 5 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 5; Core.Ops.Range.f_end = sz 10 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; + v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + +let serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let r0_10_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = + serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 8 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + in + let r11_21_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = + serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { + Core.Ops.Range.f_start = sz 8; + Core.Ops.Range.f_end = sz 16 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + in + let list = + [ + r0_10_._1; r0_10_._2; r0_10_._3; r0_10_._4; r0_10_._5; r0_10_._6; r0_10_._7; r0_10_._8; + r0_10_._9; r0_10_._10; r0_10_._11; r11_21_._1; r11_21_._2; r11_21_._3; r11_21_._4; r11_21_._5; + r11_21_._6; r11_21_._7; r11_21_._8; r11_21_._9; r11_21_._10; r11_21_._11 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 22); + Rust_primitives.Hax.array_of_list 22 list + +let serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let r0_4_:(u8 & u8 & u8 & u8 & u8) = + serialize_5_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 8 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + in + let r5_9_:(u8 & u8 & u8 & u8 & u8) = + serialize_5_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { + Core.Ops.Range.f_start = sz 8; + Core.Ops.Range.f_end = sz 16 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + in + let list = + [ + r0_4_._1; r0_4_._2; r0_4_._3; r0_4_._4; r0_4_._5; r5_9_._1; r5_9_._2; r5_9_._3; r5_9_._4; + r5_9_._5 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 10); + Rust_primitives.Hax.array_of_list 10 list + let deserialize_1_ (v: t_Slice u8) = let result0:i16 = cast ((v.[ sz 0 ] <: u8) &. 1uy <: u8) <: i16 in let result1:i16 = cast (((v.[ sz 0 ] <: u8) >>! 1l <: u8) &. 1uy <: u8) <: i16 in @@ -348,36 +469,6 @@ let deserialize_10_lemma inputs = #pop-options -let deserialize_11_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - { - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - let list = - [ - v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; - v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - let deserialize_12_ (bytes: t_Slice u8) = let v0_1_:(i16 & i16) = deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 3 } @@ -522,36 +613,6 @@ let deserialize_4_lemma inputs = #pop-options -let deserialize_5_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 5 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 5; Core.Ops.Range.f_end = sz 10 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - { - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - let list = - [ - v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; - v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let result0:u8 = (((((((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ sz 0 ] <: i16) <: u8) |. @@ -742,37 +803,6 @@ let serialize_10_lemma inputs = #pop-options -let serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let r0_10_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 8 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let r11_21_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = sz 16 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let list = - [ - r0_10_._1; r0_10_._2; r0_10_._3; r0_10_._4; r0_10_._5; r0_10_._6; r0_10_._7; r0_10_._8; - r0_10_._9; r0_10_._10; r0_10_._11; r11_21_._1; r11_21_._2; r11_21_._3; r11_21_._4; r11_21_._5; - r11_21_._6; r11_21_._7; r11_21_._8; r11_21_._9; r11_21_._10; r11_21_._11 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 22); - Rust_primitives.Hax.array_of_list 22 list - let serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let r0_2_:(u8 & u8 & u8) = serialize_12_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { @@ -943,33 +973,3 @@ let serialize_4_lemma inputs = (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 4)) #pop-options - -let serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let r0_4_:(u8 & u8 & u8 & u8 & u8) = - serialize_5_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 8 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let r5_9_:(u8 & u8 & u8 & u8 & u8) = - serialize_5_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = sz 16 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let list = - [ - r0_4_._1; r0_4_._2; r0_4_._3; r0_4_._4; r0_4_._5; r5_9_._1; r5_9_._2; r5_9_._3; r5_9_._4; - r5_9_._5 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 10); - Rust_primitives.Hax.array_of_list 10 list diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti index 16fd7000e..856f8399d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti @@ -53,6 +53,22 @@ val serialize_5_int (v: t_Slice i16) (requires Core.Slice.impl__len #i16 v =. sz 8) (fun _ -> Prims.l_True) +val deserialize_11_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires Core.Slice.impl__len #u8 bytes =. sz 22) + (fun _ -> Prims.l_True) + +val deserialize_5_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires Core.Slice.impl__len #u8 bytes =. sz 10) + (fun _ -> Prims.l_True) + +val serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) + val deserialize_1_ (v: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 v =. sz 2) @@ -69,11 +85,6 @@ val deserialize_10_ (bytes: t_Slice u8) val deserialize_10_lemma (inputs: t_Array u8 (sz 20)) : Lemma (ensures bit_vec_of_int_t_array (deserialize_10_ inputs).f_elements 10 == bit_vec_of_int_t_array inputs 8) -val deserialize_11_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires Core.Slice.impl__len #u8 bytes =. sz 22) - (fun _ -> Prims.l_True) - val deserialize_12_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 bytes =. sz 24) @@ -90,11 +101,6 @@ val deserialize_4_ (bytes: t_Slice u8) val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma (ensures bit_vec_of_int_t_array (deserialize_4_ inputs).f_elements 4 == bit_vec_of_int_t_array inputs 8) -val deserialize_5_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires Core.Slice.impl__len #u8 bytes =. sz 10) - (fun _ -> Prims.l_True) - val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) @@ -109,9 +115,6 @@ val serialize_10_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Por (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 10)) (ensures bit_vec_of_int_t_array (serialize_10_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 10) -val serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) - val serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) @@ -125,6 +128,3 @@ val serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector val serialize_4_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 4)) (ensures bit_vec_of_int_t_array (serialize_4_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 4) - -val serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst index 485013065..1c6967d6d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -11,19 +11,25 @@ let decompress_1_ (vec: v_T) = let z:v_T = f_ZERO #v_T #FStar.Tactics.Typeclasses.solve () in - let _:Prims.unit = assert (forall i. Seq.index (i1.f_repr z) i == 0s) in + let _:Prims.unit = + assert (forall i. Seq.index (i1._super_8706949974463268012.f_repr z) i == 0s) + in let _:Prims.unit = assert (forall i. - let x = Seq.index (i1.f_repr vec) i in + let x = Seq.index (i1._super_8706949974463268012.f_repr vec) i in ((0 - v x) == 0 \/ (0 - v x) == - 1)) in let _:Prims.unit = assert (forall i. - i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (0 - v (Seq.index (i1.f_repr vec) i))) + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (0 - v (Seq.index (i1._super_8706949974463268012.f_repr vec) i))) in let s:v_T = f_sub #v_T #FStar.Tactics.Typeclasses.solve z vec in let _:Prims.unit = - assert (forall i. Seq.index (i1.f_repr s) i == 0s \/ Seq.index (i1.f_repr s) i == (-1s)) + assert (forall i. + Seq.index (i1._super_8706949974463268012.f_repr s) i == 0s \/ + Seq.index (i1._super_8706949974463268012.f_repr s) i == (-1s)) in let _:Prims.unit = assert (i1.f_bitwise_and_with_constant_pre s 1665s) in f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve s 1665s diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index 0a54ddd5f..e5599b2b3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -399,7 +399,7 @@ val decompress_1_ (#v_T: Type0) {| i1: t_Operations v_T |} (vec: v_T) : Prims.Pure v_T (requires forall i. - let x = Seq.index (i1.f_repr vec) i in + let x = Seq.index (i1._super_8706949974463268012.f_repr vec) i in (x == 0s \/ x == 1s)) (fun _ -> Prims.l_True) @@ -411,11 +411,11 @@ val to_standard_domain (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) val to_unsigned_representative (#v_T: Type0) {| i1: t_Operations v_T |} (a: v_T) : Prims.Pure v_T - (requires Spec.Utils.is_i16b_array 3328 (i1.f_repr a)) + (requires Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)) (ensures fun result -> let result:v_T = result in forall i. - (let x = Seq.index (i1.f_repr a) i in - let y = Seq.index (i1.f_repr result) i in + (let x = Seq.index (i1._super_8706949974463268012.f_repr a) i in + let y = Seq.index (i1._super_8706949974463268012.f_repr result) i in (v y >= 0 /\ v y <= 3328 /\ (v y % 3329 == v x % 3329))))